From 6b66c0774cc8506c537771008ac225f75ae48db3 Mon Sep 17 00:00:00 2001 From: pbssubhash Date: Sun, 22 Aug 2021 10:10:12 +0530 Subject: [PATCH 01/17] Changing service to sysmon --- rules/windows/file_event/sysmon_detect_powerup_dllhijacking.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/windows/file_event/sysmon_detect_powerup_dllhijacking.yml b/rules/windows/file_event/sysmon_detect_powerup_dllhijacking.yml index 702dcf29c..bbb1219f0 100644 --- a/rules/windows/file_event/sysmon_detect_powerup_dllhijacking.yml +++ b/rules/windows/file_event/sysmon_detect_powerup_dllhijacking.yml @@ -15,7 +15,7 @@ tags: - attack.defense_evasion - attack.t1574.001 logsource: - category: file_event + service: sysmon product: windows detection: selection: From 6019871a7873f0cb03ee3f23ce6ee06d3b32987a Mon Sep 17 00:00:00 2001 From: pbssubhash Date: Wed, 25 Aug 2021 20:14:36 +0530 Subject: [PATCH 02/17] Adding Rules - Web 2010 --- rules/web/web_cve_CVE-2010-0943.yaml | 25 +++++++++++++++++++++++++ rules/web/web_cve_CVE-2010-0944.yaml | 25 +++++++++++++++++++++++++ rules/web/web_cve_CVE-2010-1314.yaml | 23 +++++++++++++++++++++++ rules/web/web_cve_CVE-2010-1345.yaml | 23 +++++++++++++++++++++++ rules/web/web_cve_CVE-2010-1353.yaml | 25 +++++++++++++++++++++++++ rules/web/web_cve_CVE-2010-1474.yaml | 26 ++++++++++++++++++++++++++ rules/web/web_cve_CVE-2010-1475.yaml | 25 +++++++++++++++++++++++++ rules/web/web_cve_CVE-2010-1495.yaml | 25 +++++++++++++++++++++++++ rules/web/web_cve_CVE-2010-1532.yaml | 24 ++++++++++++++++++++++++ rules/web/web_cve_CVE-2010-1533.yaml | 23 +++++++++++++++++++++++ rules/web/web_cve_CVE-2010-1535.yaml | 24 ++++++++++++++++++++++++ rules/web/web_cve_CVE-2010-1602.yaml | 26 ++++++++++++++++++++++++++ rules/web/web_cve_CVE-2010-1657.yaml | 25 +++++++++++++++++++++++++ rules/web/web_cve_CVE-2010-1718.yaml | 24 ++++++++++++++++++++++++ rules/web/web_cve_CVE-2010-1722.yaml | 25 +++++++++++++++++++++++++ rules/web/web_cve_CVE-2010-1875.yaml | 26 ++++++++++++++++++++++++++ rules/web/web_cve_CVE-2010-1953.yaml | 25 +++++++++++++++++++++++++ rules/web/web_cve_CVE-2010-1955.yaml | 25 +++++++++++++++++++++++++ rules/web/web_cve_CVE-2010-1979.yaml | 25 +++++++++++++++++++++++++ rules/web/web_cve_CVE-2010-1983.yaml | 25 +++++++++++++++++++++++++ rules/web/web_cve_CVE-2010-2033.yaml | 26 ++++++++++++++++++++++++++ rules/web/web_cve_CVE-2010-2036.yaml | 26 ++++++++++++++++++++++++++ rules/web/web_cve_CVE-2010-2259.yaml | 25 +++++++++++++++++++++++++ rules/web/web_cve_CVE-2010-2307.yaml | 27 +++++++++++++++++++++++++++ rules/web/web_cve_CVE-2010-2682.yaml | 26 ++++++++++++++++++++++++++ rules/web/web_cve_CVE-2010-2861.yaml | 27 +++++++++++++++++++++++++++ rules/web/web_cve_CVE-2010-3426.yaml | 23 +++++++++++++++++++++++ rules/web/web_cve_CVE-2010-4231.yaml | 25 +++++++++++++++++++++++++ rules/web/web_cve_CVE-2010-4617.yaml | 25 +++++++++++++++++++++++++ rules/web/web_cve_CVE-2010-5278.yaml | 26 ++++++++++++++++++++++++++ 30 files changed, 750 insertions(+) create mode 100644 rules/web/web_cve_CVE-2010-0943.yaml create mode 100644 rules/web/web_cve_CVE-2010-0944.yaml create mode 100644 rules/web/web_cve_CVE-2010-1314.yaml create mode 100644 rules/web/web_cve_CVE-2010-1345.yaml create mode 100644 rules/web/web_cve_CVE-2010-1353.yaml create mode 100644 rules/web/web_cve_CVE-2010-1474.yaml create mode 100644 rules/web/web_cve_CVE-2010-1475.yaml create mode 100644 rules/web/web_cve_CVE-2010-1495.yaml create mode 100644 rules/web/web_cve_CVE-2010-1532.yaml create mode 100644 rules/web/web_cve_CVE-2010-1533.yaml create mode 100644 rules/web/web_cve_CVE-2010-1535.yaml create mode 100644 rules/web/web_cve_CVE-2010-1602.yaml create mode 100644 rules/web/web_cve_CVE-2010-1657.yaml create mode 100644 rules/web/web_cve_CVE-2010-1718.yaml create mode 100644 rules/web/web_cve_CVE-2010-1722.yaml create mode 100644 rules/web/web_cve_CVE-2010-1875.yaml create mode 100644 rules/web/web_cve_CVE-2010-1953.yaml create mode 100644 rules/web/web_cve_CVE-2010-1955.yaml create mode 100644 rules/web/web_cve_CVE-2010-1979.yaml create mode 100644 rules/web/web_cve_CVE-2010-1983.yaml create mode 100644 rules/web/web_cve_CVE-2010-2033.yaml create mode 100644 rules/web/web_cve_CVE-2010-2036.yaml create mode 100644 rules/web/web_cve_CVE-2010-2259.yaml create mode 100644 rules/web/web_cve_CVE-2010-2307.yaml create mode 100644 rules/web/web_cve_CVE-2010-2682.yaml create mode 100644 rules/web/web_cve_CVE-2010-2861.yaml create mode 100644 rules/web/web_cve_CVE-2010-3426.yaml create mode 100644 rules/web/web_cve_CVE-2010-4231.yaml create mode 100644 rules/web/web_cve_CVE-2010-4617.yaml create mode 100644 rules/web/web_cve_CVE-2010-5278.yaml diff --git a/rules/web/web_cve_CVE-2010-0943.yaml b/rules/web/web_cve_CVE-2010-0943.yaml new file mode 100644 index 000000000..e90c6aab7 --- /dev/null +++ b/rules/web/web_cve_CVE-2010-0943.yaml @@ -0,0 +1,25 @@ +title: CVE-2010-0943:Joomla! Component com_jashowcase - Directory Traversal +id: a7b7151c-99e5-444b-89db-df927d1055ed +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Directory traversal vulnerability in the JA Showcase (com_jashowcase) + component for Joomla! allows remote attackers to read arbitrary files via a .. (dot + dot) in the controller parameter in a jashowcase action to index.php. +references: +- https://www.exploit-db.com/exploits/11090 +- https://www.cvedetails.com/cve/CVE-2010-0943 +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_jashowcase&view=jashowcase&controller=../../../../../../../etc/passwd%00 + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-0944.yaml b/rules/web/web_cve_CVE-2010-0944.yaml new file mode 100644 index 000000000..22499499b --- /dev/null +++ b/rules/web/web_cve_CVE-2010-0944.yaml @@ -0,0 +1,25 @@ +title: CVE-2010-0944:Joomla! Component com_jcollection - Directory Traversal +id: c3a5750d-210b-4a15-b1f7-17444d634a6a +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Directory traversal vulnerability in the JCollection (com_jcollection) + component for Joomla! allows remote attackers to read arbitrary files via a .. (dot + dot) in the controller parameter to index.php. +references: +- https://www.exploit-db.com/exploits/11088 +- https://www.cvedetails.com/cve/CVE-2010-0944 +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_jcollection&controller=../../../../../../../etc/passwd%00 + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-1314.yaml b/rules/web/web_cve_CVE-2010-1314.yaml new file mode 100644 index 000000000..324e4a660 --- /dev/null +++ b/rules/web/web_cve_CVE-2010-1314.yaml @@ -0,0 +1,23 @@ +title: CVE-2010-1314:Joomla! Component Highslide 1.5 - Local File Inclusion +id: 226602ff-06ce-4173-9b87-7c2d62b4b3a4 +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Directory traversal vulnerability in the Highslide JS (com_hsconfig) + component 1.5 and 2.0.9 for Joomla! allows remote attackers to read arbitrary files + via a .. (dot dot) in the controller parameter to index.php. +references: +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_hsconfig&controller=../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-1345.yaml b/rules/web/web_cve_CVE-2010-1345.yaml new file mode 100644 index 000000000..187b3f3cb --- /dev/null +++ b/rules/web/web_cve_CVE-2010-1345.yaml @@ -0,0 +1,23 @@ +title: CVE-2010-1345:Joomla! Component Cookex Agency CKForms - Local File Inclusion +id: ff1015cf-e991-458c-a999-67e30fd34f9a +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Directory traversal vulnerability in the Cookex Agency CKForms (com_ckforms) + component 1.3.3 for Joomla! allows remote attackers to read arbitrary files via + a .. (dot dot) in the controller parameter to index.php. +references: +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_ckforms&controller=../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-1353.yaml b/rules/web/web_cve_CVE-2010-1353.yaml new file mode 100644 index 000000000..77a9f02b4 --- /dev/null +++ b/rules/web/web_cve_CVE-2010-1353.yaml @@ -0,0 +1,25 @@ +title: CVE-2010-1353:Joomla! Component LoginBox - Local File Inclusion +id: dee9b22f-1e7c-44ec-ad34-555ea35c0a6e +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Directory traversal vulnerability in the LoginBox Pro (com_loginbox) + component for Joomla! allows remote attackers to read arbitrary files via a .. (dot + dot) in the view parameter to index.php. +references: +- https://www.exploit-db.com/exploits/12068 +- https://www.cvedetails.com/cve/CVE-2010-1353 +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_loginbox&view=../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-1474.yaml b/rules/web/web_cve_CVE-2010-1474.yaml new file mode 100644 index 000000000..f0c21085e --- /dev/null +++ b/rules/web/web_cve_CVE-2010-1474.yaml @@ -0,0 +1,26 @@ +title: CVE-2010-1474:Joomla! Component Sweetykeeper 1.5 - Local File Inclusion +id: b2a1a114-6d92-4cce-8b53-b82518abf56c +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Directory traversal vulnerability in the Sweety Keeper (com_sweetykeeper) + component 1.5.x for Joomla! allows remote attackers to read arbitrary files and + possibly have unspecified other impact via a .. (dot dot) in the controller parameter + to index.php. +references: +- https://www.exploit-db.com/exploits/12182 +- https://www.cvedetails.com/cve/CVE-2010-1474 +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_sweetykeeper&controller=../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-1475.yaml b/rules/web/web_cve_CVE-2010-1475.yaml new file mode 100644 index 000000000..b4e9e4f1c --- /dev/null +++ b/rules/web/web_cve_CVE-2010-1475.yaml @@ -0,0 +1,25 @@ +title: CVE-2010-1475:Joomla! Component Preventive And Reservation 1.0.5 - Local File + Inclusion +id: 6d1e0e6f-4e68-4f1c-8f60-467521d0c25b +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Directory traversal vulnerability in the Preventive & Reservation (com_preventive) + component 1.0.5 for Joomla! allows remote attackers to read arbitrary files and + possibly have unspecified other impact via a .. (dot dot) in the controller parameter + to index.php. +references: +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_preventive&controller==../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-1495.yaml b/rules/web/web_cve_CVE-2010-1495.yaml new file mode 100644 index 000000000..a3b4cdc15 --- /dev/null +++ b/rules/web/web_cve_CVE-2010-1495.yaml @@ -0,0 +1,25 @@ +title: CVE-2010-1495:Joomla! Component Matamko 1.01 - Local File Inclusion +id: 6edfc22e-9b33-43c4-8872-eb41d6cfb5bd +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Directory traversal vulnerability in the Matamko (com_matamko) component + 1.01 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) + in the controller parameter to index.php. +references: +- https://www.exploit-db.com/exploits/12286 +- https://www.cvedetails.com/cve/CVE-2010-1495 +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_matamko&controller=../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-1532.yaml b/rules/web/web_cve_CVE-2010-1532.yaml new file mode 100644 index 000000000..b3df21b91 --- /dev/null +++ b/rules/web/web_cve_CVE-2010-1532.yaml @@ -0,0 +1,24 @@ +title: CVE-2010-1532:Joomla! Component PowerMail Pro 1.5.3 - Local File Inclusion +id: d1890f8a-ef82-4d0c-a686-bace99bd54f2 +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Directory traversal vulnerability in the givesight PowerMail Pro (com_powermail) + component 1.5.3 for Joomla! allows remote attackers to read arbitrary files and + possibly have unspecified other impact via a .. (dot dot) in the controller parameter + to index.php. +references: +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_powermail&controller=../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-1533.yaml b/rules/web/web_cve_CVE-2010-1533.yaml new file mode 100644 index 000000000..53b105187 --- /dev/null +++ b/rules/web/web_cve_CVE-2010-1533.yaml @@ -0,0 +1,23 @@ +title: CVE-2010-1533:Joomla! Component TweetLA 1.0.1 - Local File Inclusion +id: 432ecccc-dfd6-4c0f-8173-0f57f8eafe46 +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Directory traversal vulnerability in the TweetLA (com_tweetla) component + 1.0.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot + dot) in the controller parameter to index.php. +references: +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_tweetla&controller=../../../../../../../etc/passwd%00 + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-1535.yaml b/rules/web/web_cve_CVE-2010-1535.yaml new file mode 100644 index 000000000..f5d20bce0 --- /dev/null +++ b/rules/web/web_cve_CVE-2010-1535.yaml @@ -0,0 +1,24 @@ +title: CVE-2010-1535:Joomla! Component TRAVELbook 1.0.1 - Local File Inclusion +id: 36a64564-5ba1-40ff-a85f-6a0a11215c35 +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Directory traversal vulnerability in the TRAVELbook (com_travelbook) + component 1.0.1 for Joomla! allows remote attackers to read arbitrary files and + possibly have unspecified other impact via a .. (dot dot) in the controller parameter + to index.php. +references: +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_travelbook&controller=../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-1602.yaml b/rules/web/web_cve_CVE-2010-1602.yaml new file mode 100644 index 000000000..e57fe8fe3 --- /dev/null +++ b/rules/web/web_cve_CVE-2010-1602.yaml @@ -0,0 +1,26 @@ +title: CVE-2010-1602:Joomla! Component ZiMB Comment 0.8.1 - Local File Inclusion +id: e9519f69-b3b8-4695-88bb-5bf2d34e40aa +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Directory traversal vulnerability in the ZiMB Comment (com_zimbcomment) + component 0.8.1 for Joomla! allows remote attackers to read arbitrary files and + possibly have unspecified other impact via a .. (dot dot) in the controller parameter + to index.php. +references: +- https://www.exploit-db.com/exploits/12283 +- https://www.cvedetails.com/cve/CVE-2010-1602 +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_zimbcomment&controller=../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-1657.yaml b/rules/web/web_cve_CVE-2010-1657.yaml new file mode 100644 index 000000000..614266e87 --- /dev/null +++ b/rules/web/web_cve_CVE-2010-1657.yaml @@ -0,0 +1,25 @@ +title: CVE-2010-1657:Joomla! Component SmartSite 1.0.0 - Local File Inclusion +id: b32928f2-521b-4e3b-b34c-cb49617727ca +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Directory traversal vulnerability in the SmartSite (com_smartsite) component + 1.0.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot + dot) in the controller parameter to index.php. +references: +- https://www.exploit-db.com/exploits/12428 +- https://www.cvedetails.com/cve/CVE-2010-1657 +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_smartsite&controller=../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-1718.yaml b/rules/web/web_cve_CVE-2010-1718.yaml new file mode 100644 index 000000000..ae4b53e3a --- /dev/null +++ b/rules/web/web_cve_CVE-2010-1718.yaml @@ -0,0 +1,24 @@ +title: CVE-2010-1718:Joomla! Component Archery Scores 1.0.6 - Local File Inclusion +id: 60f6f1f4-0312-4416-bb31-fd376a59ce7b +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Directory traversal vulnerability in archeryscores.php in the Archery + Scores (com_archeryscores) component 1.0.6 for Joomla! allows remote attackers to + include and execute arbitrary local files via a .. (dot dot) in the controller parameter + to index.php. +references: +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_archeryscores&controller=../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-1722.yaml b/rules/web/web_cve_CVE-2010-1722.yaml new file mode 100644 index 000000000..f8de41083 --- /dev/null +++ b/rules/web/web_cve_CVE-2010-1722.yaml @@ -0,0 +1,25 @@ +title: CVE-2010-1722:Joomla! Component Online Market 2.x - Local File Inclusion +id: e33e435a-51b1-416d-b0f3-0965a0b73af9 +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Directory traversal vulnerability in the Online Market (com_market) component + 2.x for Joomla! allows remote attackers to read arbitrary files and possibly have + unspecified other impact via a .. (dot dot) in the controller parameter to index.php. +references: +- https://www.exploit-db.com/exploits/12177 +- https://www.cvedetails.com/cve/CVE-2010-1722 +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_market&controller=../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-1875.yaml b/rules/web/web_cve_CVE-2010-1875.yaml new file mode 100644 index 000000000..48c7d5857 --- /dev/null +++ b/rules/web/web_cve_CVE-2010-1875.yaml @@ -0,0 +1,26 @@ +title: CVE-2010-1875:Joomla! Component Property - Local File Inclusion +id: d989a93e-8f69-4419-876d-12bd5f9bfc19 +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Directory traversal vulnerability in the Real Estate Property (com_properties) + component 3.1.22-03 for Joomla! allows remote attackers to read arbitrary files + and possibly have unspecified other impact via a .. (dot dot) in the controller + parameter to index.php. +references: +- https://www.exploit-db.com/exploits/11851 +- https://www.cvedetails.com/cve/CVE-2010-1875 +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_properties&controller=../../../../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-1953.yaml b/rules/web/web_cve_CVE-2010-1953.yaml new file mode 100644 index 000000000..aed738195 --- /dev/null +++ b/rules/web/web_cve_CVE-2010-1953.yaml @@ -0,0 +1,25 @@ +title: CVE-2010-1953:Joomla! Component iNetLanka Multiple Map 1.0 - Local File Inclusion +id: 88a112bd-6581-4492-8d76-5c984d738c09 +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Directory traversal vulnerability in the iNetLanka Multiple Map (com_multimap) + component 1.0 for Joomla! allows remote attackers to read arbitrary files via a + .. (dot dot) in the controller parameter to index.php. +references: +- https://www.exploit-db.com/exploits/12288 +- https://www.cvedetails.com/cve/CVE-2010-1953 +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_multimap&controller=../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-1955.yaml b/rules/web/web_cve_CVE-2010-1955.yaml new file mode 100644 index 000000000..c74eeaa7b --- /dev/null +++ b/rules/web/web_cve_CVE-2010-1955.yaml @@ -0,0 +1,25 @@ +title: CVE-2010-1955:Joomla! Component Deluxe Blog Factory 1.1.2 - Local File Inclusion +id: 5eeaa5a1-e6d1-46f8-9bf3-ef141d6733f9 +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Directory traversal vulnerability in the Deluxe Blog Factory (com_blogfactory) + component 1.1.2 for Joomla! allows remote attackers to read arbitrary files via + a .. (dot dot) in the controller parameter to index.php. +references: +- https://www.exploit-db.com/exploits/12238 +- https://www.cvedetails.com/cve/CVE-2010-1955 +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_blogfactory&controller=../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-1979.yaml b/rules/web/web_cve_CVE-2010-1979.yaml new file mode 100644 index 000000000..ddd153dce --- /dev/null +++ b/rules/web/web_cve_CVE-2010-1979.yaml @@ -0,0 +1,25 @@ +title: CVE-2010-1979:Joomla! Component Affiliate Datafeeds 880 - Local File Inclusion +id: 0221e773-afea-48bf-b3b2-dd60ed509720 +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Directory traversal vulnerability in the Affiliate Datafeeds (com_datafeeds) + component build 880 for Joomla! allows remote attackers to read arbitrary files + via a .. (dot dot) in the controller parameter to index.php. +references: +- https://www.exploit-db.com/exploits/12088 +- https://www.cvedetails.com/cve/CVE-2010-1979 +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_datafeeds&controller=../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-1983.yaml b/rules/web/web_cve_CVE-2010-1983.yaml new file mode 100644 index 000000000..2d8c81138 --- /dev/null +++ b/rules/web/web_cve_CVE-2010-1983.yaml @@ -0,0 +1,25 @@ +title: CVE-2010-1983:Joomla! Component redTWITTER 1.0 - Local File Inclusion +id: b205e0d0-b61a-4a7a-a8db-45225cad643f +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Directory traversal vulnerability in the redTWITTER (com_redtwitter) + component 1.0.x including 1.0b11 for Joomla! allows remote attackers to read arbitrary + files via a .. (dot dot) in the view parameter to index.php +references: +- https://www.exploit-db.com/exploits/12055 +- https://www.cvedetails.com/cve/CVE-2010-1983 +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_redtwitter&view=../../../../../../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-2033.yaml b/rules/web/web_cve_CVE-2010-2033.yaml new file mode 100644 index 000000000..de4c9b398 --- /dev/null +++ b/rules/web/web_cve_CVE-2010-2033.yaml @@ -0,0 +1,26 @@ +title: CVE-2010-2033:Joomla Percha Categories Tree 0.6 - Local File Inclusion +id: d61b5ebd-9dc8-4dc5-b377-5e7cabfde00e +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Directory traversal vulnerability in the Percha Fields Attach (com_perchafieldsattach) + component 1.x for Joomla! allows remote attackers to read arbitrary files and possibly + have unspecified other impact via a .. (dot dot) in the controller parameter to + index.php. +references: +- https://packetstormsecurity.com/files/89654/Joomla-Percha-Categories-Tree-0.6-Local-File-Inclusion.html +- https://www.cvedetails.com/cve/CVE-2010-2033 +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_perchacategoriestree&controller=../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-2036.yaml b/rules/web/web_cve_CVE-2010-2036.yaml new file mode 100644 index 000000000..b31322666 --- /dev/null +++ b/rules/web/web_cve_CVE-2010-2036.yaml @@ -0,0 +1,26 @@ +title: CVE-2010-2036:Joomla! Component Percha Fields Attach 1.0 - Directory Traversal +id: 1859e4d6-2965-4bee-897f-bded883e7364 +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Directory traversal vulnerability in the Percha Fields Attach (com_perchafieldsattach) + component 1.x for Joomla! allows remote attackers to read arbitrary files and possibly + have unspecified other impact via a .. (dot dot) in the controller parameter to + index.php. +references: +- https://www.exploit-db.com/exploits/34004 +- https://www.cvedetails.com/cve/CVE-2010-2036 +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_perchafieldsattach&controller=../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-2259.yaml b/rules/web/web_cve_CVE-2010-2259.yaml new file mode 100644 index 000000000..3b175aca8 --- /dev/null +++ b/rules/web/web_cve_CVE-2010-2259.yaml @@ -0,0 +1,25 @@ +title: CVE-2010-2259:Joomla! Component com_bfsurvey - Local File Inclusion +id: 0f74c630-3e11-41d3-8352-66961fc12085 +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Directory traversal vulnerability in the BF Survey (com_bfsurvey) component + for Joomla! allows remote attackers to include and execute arbitrary local files + via a .. (dot dot) in the controller parameter to index.php. +references: +- https://www.exploit-db.com/exploits/10946 +- https://www.cvedetails.com/cve/CVE-2010-2259 +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_bfsurvey&controller=../../../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-2307.yaml b/rules/web/web_cve_CVE-2010-2307.yaml new file mode 100644 index 000000000..8d7876924 --- /dev/null +++ b/rules/web/web_cve_CVE-2010-2307.yaml @@ -0,0 +1,27 @@ +title: CVE-2010-2307:Motorola SBV6120E SURFboard Digital Voice Modem SBV6X2X-1.0.0.5-SCM + - Directory Traversal +id: f03488dd-2c62-4541-9f0e-a11e8a7e1750 +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Multiple directory traversal vulnerabilities in the web server for Motorola + SURFBoard cable modem SBV6120E running firmware SBV6X2X-1.0.0.5-SCM-02-SHPC allow + remote attackers to read arbitrary files via (1) "//" (multiple leading slash), + (2) ../ (dot dot) sequences, and encoded dot dot sequences in a URL request. +references: +- https://www.securityfocus.com/bid/40550/info +- https://nvd.nist.gov/vuln/detail/CVE-2010-2307 +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /../../etc/passwd + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-2682.yaml b/rules/web/web_cve_CVE-2010-2682.yaml new file mode 100644 index 000000000..01a72dff3 --- /dev/null +++ b/rules/web/web_cve_CVE-2010-2682.yaml @@ -0,0 +1,26 @@ +title: CVE-2010-2682:Joomla! Component Realtyna Translator 1.0.15 - Local File Inclusion +id: 99824e58-3cce-4172-9970-04e0a6de5108 +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Directory traversal vulnerability in the Realtyna Translator (com_realtyna) + component 1.0.15 for Joomla! allows remote attackers to read arbitrary files and + possibly have unspecified other impact via a .. (dot dot) in the controller parameter + to index.php. +references: +- https://www.exploit-db.com/exploits/14017 +- https://www.cvedetails.com/cve/CVE-2010-2682 +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_realtyna&controller=../../../../../../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-2861.yaml b/rules/web/web_cve_CVE-2010-2861.yaml new file mode 100644 index 000000000..e5764559c --- /dev/null +++ b/rules/web/web_cve_CVE-2010-2861.yaml @@ -0,0 +1,27 @@ +title: CVE-2010-2861:Adobe ColdFusion 8.0/8.0.1/9.0/9.0.1 LFI +id: e22f6ee2-341a-44b8-a58b-33a0960fa8e0 +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Multiple directory traversal vulnerabilities in the administrator console + in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files + via the locale parameter to (1) CFIDE/administrator/settings/mappings.cfm, (2) logging/settings.cfm, + (3) datasources/index.cfm, (4) j2eepackaging/editarchive.cfm, and (5) enter.cfm + in CFIDE/administrator/. +references: +- https://github.com/vulhub/vulhub/tree/master/coldfusion/CVE-2010-2861 +- http://www.adobe.com/support/security/bulletins/apsb10-18.html +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /CFIDE/administrator/enter.cfm?locale=../../../../../../../lib/password.properties%00en + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-3426.yaml b/rules/web/web_cve_CVE-2010-3426.yaml new file mode 100644 index 000000000..d0c9a6c06 --- /dev/null +++ b/rules/web/web_cve_CVE-2010-3426.yaml @@ -0,0 +1,23 @@ +title: CVE-2010-3426:Joomla! Component Jphone 1.0 Alpha 3 - Local File Inclusion +id: 8df31def-3d71-4f01-85ab-4891fa481a8c +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Directory traversal vulnerability in jphone.php in the JPhone (com_jphone) + component 1.0 Alpha 3 for Joomla! allows remote attackers to include and execute + arbitrary local files via a .. (dot dot) in the controller parameter to index.php. +references: +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_jphone&controller=../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-4231.yaml b/rules/web/web_cve_CVE-2010-4231.yaml new file mode 100644 index 000000000..9863413f6 --- /dev/null +++ b/rules/web/web_cve_CVE-2010-4231.yaml @@ -0,0 +1,25 @@ +title: CVE-2010-4231:Camtron CMNC-200 IP Camera - Directory Traversal +id: e097e932-b39e-4e00-ac6f-1f03e43fc716 +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: The CMNC-200 IP Camera has a built-in web server that is enabled by default. + The server is vulnerable to directory transversal attacks, allowing access to any + file on the camera file system. +references: +- https://nvd.nist.gov/vuln/detail/CVE-2010-4231 +- https://www.exploit-db.com/exploits/15505 +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /../../../../../../../../../../../../../etc/passwd + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-4617.yaml b/rules/web/web_cve_CVE-2010-4617.yaml new file mode 100644 index 000000000..5a1a42e0e --- /dev/null +++ b/rules/web/web_cve_CVE-2010-4617.yaml @@ -0,0 +1,25 @@ +title: CVE-2010-4617:Joomla! Component JotLoader 2.2.1 - Local File Inclusion +id: 3965e578-e509-41e2-a572-12522bbcf4fd +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Directory traversal vulnerability in the JotLoader (com_jotloader) component + 2.2.1 for Joomla! allows remote attackers to read arbitrary files via directory + traversal sequences in the section parameter to index.php. +references: +- https://www.exploit-db.com/exploits/15791 +- https://www.cvedetails.com/cve/CVE-2010-4617 +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_jotloader§ion=../../../../../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-5278.yaml b/rules/web/web_cve_CVE-2010-5278.yaml new file mode 100644 index 000000000..3618fefcd --- /dev/null +++ b/rules/web/web_cve_CVE-2010-5278.yaml @@ -0,0 +1,26 @@ +title: CVE-2010-5278:MODx manager - Local File Inclusion +id: 5f6499cc-97a6-49ed-af28-00278c2c954e +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Directory traversal vulnerability in manager/controllers/default/resource/tvs.php + in MODx Revolution 2.0.2-pl, and possibly earlier, when magic_quotes_gpc is disabled, + allows remote attackers to read arbitrary files via a .. (dot dot) in the class_key + parameter. +references: +- https://www.exploit-db.com/exploits/34788 +- https://www.cvedetails.com/cve/CVE-2010-5278 +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /manager/controllers/default/resource/tvs.php?class_key=../../../../../../../../../../windows/win.ini%00 + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical From 5022fdc0855e620ccaff110fef44e420d995cd9f Mon Sep 17 00:00:00 2001 From: pbssubhash Date: Wed, 25 Aug 2021 21:11:21 +0530 Subject: [PATCH 03/17] Modified Yaml --- rules/web/web_cve_CVE-2010-0943.yaml | 50 +++++++++++++------------- rules/web/web_cve_CVE-2010-0944.yaml | 50 +++++++++++++------------- rules/web/web_cve_CVE-2010-1306.yaml | 23 ++++++++++++ rules/web/web_cve_CVE-2010-1314.yaml | 46 ++++++++++++------------ rules/web/web_cve_CVE-2010-1345.yaml | 46 ++++++++++++------------ rules/web/web_cve_CVE-2010-1353.yaml | 50 +++++++++++++------------- rules/web/web_cve_CVE-2010-1474.yaml | 52 +++++++++++++-------------- rules/web/web_cve_CVE-2010-1475.yaml | 50 +++++++++++++------------- rules/web/web_cve_CVE-2010-1495.yaml | 50 +++++++++++++------------- rules/web/web_cve_CVE-2010-1532.yaml | 48 ++++++++++++------------- rules/web/web_cve_CVE-2010-1533.yaml | 46 ++++++++++++------------ rules/web/web_cve_CVE-2010-1535.yaml | 48 ++++++++++++------------- rules/web/web_cve_CVE-2010-1602.yaml | 52 +++++++++++++-------------- rules/web/web_cve_CVE-2010-1657.yaml | 50 +++++++++++++------------- rules/web/web_cve_CVE-2010-1718.yaml | 48 ++++++++++++------------- rules/web/web_cve_CVE-2010-1722.yaml | 50 +++++++++++++------------- rules/web/web_cve_CVE-2010-1875.yaml | 52 +++++++++++++-------------- rules/web/web_cve_CVE-2010-1953.yaml | 50 +++++++++++++------------- rules/web/web_cve_CVE-2010-1954.yaml | 23 ++++++++++++ rules/web/web_cve_CVE-2010-1955.yaml | 50 +++++++++++++------------- rules/web/web_cve_CVE-2010-1979.yaml | 50 +++++++++++++------------- rules/web/web_cve_CVE-2010-1983.yaml | 50 +++++++++++++------------- rules/web/web_cve_CVE-2010-2033.yaml | 52 +++++++++++++-------------- rules/web/web_cve_CVE-2010-2036.yaml | 52 +++++++++++++-------------- rules/web/web_cve_CVE-2010-2259.yaml | 50 +++++++++++++------------- rules/web/web_cve_CVE-2010-2307.yaml | 54 ++++++++++++++-------------- rules/web/web_cve_CVE-2010-2682.yaml | 52 +++++++++++++-------------- rules/web/web_cve_CVE-2010-2861.yaml | 54 ++++++++++++++-------------- rules/web/web_cve_CVE-2010-3426.yaml | 46 ++++++++++++------------ rules/web/web_cve_CVE-2010-4231.yaml | 50 +++++++++++++------------- rules/web/web_cve_CVE-2010-4617.yaml | 50 +++++++++++++------------- rules/web/web_cve_CVE-2010-5278.yaml | 52 +++++++++++++-------------- 32 files changed, 796 insertions(+), 750 deletions(-) create mode 100644 rules/web/web_cve_CVE-2010-1306.yaml create mode 100644 rules/web/web_cve_CVE-2010-1954.yaml diff --git a/rules/web/web_cve_CVE-2010-0943.yaml b/rules/web/web_cve_CVE-2010-0943.yaml index e90c6aab7..59e19742b 100644 --- a/rules/web/web_cve_CVE-2010-0943.yaml +++ b/rules/web/web_cve_CVE-2010-0943.yaml @@ -1,25 +1,25 @@ -title: CVE-2010-0943:Joomla! Component com_jashowcase - Directory Traversal -id: a7b7151c-99e5-444b-89db-df927d1055ed -Author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: Directory traversal vulnerability in the JA Showcase (com_jashowcase) - component for Joomla! allows remote attackers to read arbitrary files via a .. (dot - dot) in the controller parameter in a jashowcase action to index.php. -references: -- https://www.exploit-db.com/exploits/11090 -- https://www.cvedetails.com/cve/CVE-2010-0943 -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /index.php?option=com_jashowcase&view=jashowcase&controller=../../../../../../../etc/passwd%00 - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical +title: CVE-2010-0943:Joomla! Component com_jashowcase - Directory Traversal +id: 6a99f28f-8626-4419-93c8-9aa9e75c0068 +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Directory traversal vulnerability in the JA Showcase (com_jashowcase) + component for Joomla! allows remote attackers to read arbitrary files via a .. (dot + dot) in the controller parameter in a jashowcase action to index.php. +references: +- https://www.exploit-db.com/exploits/11090 +- https://www.cvedetails.com/cve/CVE-2010-0943 +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_jashowcase&view=jashowcase&controller=../../../../../../../etc/passwd%00 + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-0944.yaml b/rules/web/web_cve_CVE-2010-0944.yaml index 22499499b..2872b219f 100644 --- a/rules/web/web_cve_CVE-2010-0944.yaml +++ b/rules/web/web_cve_CVE-2010-0944.yaml @@ -1,25 +1,25 @@ -title: CVE-2010-0944:Joomla! Component com_jcollection - Directory Traversal -id: c3a5750d-210b-4a15-b1f7-17444d634a6a -Author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: Directory traversal vulnerability in the JCollection (com_jcollection) - component for Joomla! allows remote attackers to read arbitrary files via a .. (dot - dot) in the controller parameter to index.php. -references: -- https://www.exploit-db.com/exploits/11088 -- https://www.cvedetails.com/cve/CVE-2010-0944 -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /index.php?option=com_jcollection&controller=../../../../../../../etc/passwd%00 - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical +title: CVE-2010-0944:Joomla! Component com_jcollection - Directory Traversal +id: ae369f4d-5f22-4969-8715-c8908394f279 +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Directory traversal vulnerability in the JCollection (com_jcollection) + component for Joomla! allows remote attackers to read arbitrary files via a .. (dot + dot) in the controller parameter to index.php. +references: +- https://www.exploit-db.com/exploits/11088 +- https://www.cvedetails.com/cve/CVE-2010-0944 +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_jcollection&controller=../../../../../../../etc/passwd%00 + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-1306.yaml b/rules/web/web_cve_CVE-2010-1306.yaml new file mode 100644 index 000000000..2b48098e5 --- /dev/null +++ b/rules/web/web_cve_CVE-2010-1306.yaml @@ -0,0 +1,23 @@ +title: CVE-2010-1306:Joomla! Component Picasa 2.0 - Local File Inclusion +id: 3cea101d-f72d-441f-8fdc-8462cfac20e7 +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Directory traversal vulnerability in the Picasa (com_joomlapicasa2) component + 2.0 and 2.0.5 for Joomla! allows remote attackers to read arbitrary local files + via a .. (dot dot) in the controller parameter to index.php. +references: +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_joomlapicasa2&controller=../../../../../etc/passwd%00 + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-1314.yaml b/rules/web/web_cve_CVE-2010-1314.yaml index 324e4a660..8673ae898 100644 --- a/rules/web/web_cve_CVE-2010-1314.yaml +++ b/rules/web/web_cve_CVE-2010-1314.yaml @@ -1,23 +1,23 @@ -title: CVE-2010-1314:Joomla! Component Highslide 1.5 - Local File Inclusion -id: 226602ff-06ce-4173-9b87-7c2d62b4b3a4 -Author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: Directory traversal vulnerability in the Highslide JS (com_hsconfig) - component 1.5 and 2.0.9 for Joomla! allows remote attackers to read arbitrary files - via a .. (dot dot) in the controller parameter to index.php. -references: -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /index.php?option=com_hsconfig&controller=../../../../../../../../../../etc/passwd%00 - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical +title: CVE-2010-1314:Joomla! Component Highslide 1.5 - Local File Inclusion +id: 9a7d17b2-ba50-4f83-bd75-92bcb0ba190f +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Directory traversal vulnerability in the Highslide JS (com_hsconfig) + component 1.5 and 2.0.9 for Joomla! allows remote attackers to read arbitrary files + via a .. (dot dot) in the controller parameter to index.php. +references: +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_hsconfig&controller=../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-1345.yaml b/rules/web/web_cve_CVE-2010-1345.yaml index 187b3f3cb..293262979 100644 --- a/rules/web/web_cve_CVE-2010-1345.yaml +++ b/rules/web/web_cve_CVE-2010-1345.yaml @@ -1,23 +1,23 @@ -title: CVE-2010-1345:Joomla! Component Cookex Agency CKForms - Local File Inclusion -id: ff1015cf-e991-458c-a999-67e30fd34f9a -Author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: Directory traversal vulnerability in the Cookex Agency CKForms (com_ckforms) - component 1.3.3 for Joomla! allows remote attackers to read arbitrary files via - a .. (dot dot) in the controller parameter to index.php. -references: -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /index.php?option=com_ckforms&controller=../../../../../../../../../../etc/passwd%00 - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical +title: CVE-2010-1345:Joomla! Component Cookex Agency CKForms - Local File Inclusion +id: dc5198bb-73cc-4a07-8b6c-b178d6c25265 +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Directory traversal vulnerability in the Cookex Agency CKForms (com_ckforms) + component 1.3.3 for Joomla! allows remote attackers to read arbitrary files via + a .. (dot dot) in the controller parameter to index.php. +references: +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_ckforms&controller=../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-1353.yaml b/rules/web/web_cve_CVE-2010-1353.yaml index 77a9f02b4..772094e3d 100644 --- a/rules/web/web_cve_CVE-2010-1353.yaml +++ b/rules/web/web_cve_CVE-2010-1353.yaml @@ -1,25 +1,25 @@ -title: CVE-2010-1353:Joomla! Component LoginBox - Local File Inclusion -id: dee9b22f-1e7c-44ec-ad34-555ea35c0a6e -Author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: Directory traversal vulnerability in the LoginBox Pro (com_loginbox) - component for Joomla! allows remote attackers to read arbitrary files via a .. (dot - dot) in the view parameter to index.php. -references: -- https://www.exploit-db.com/exploits/12068 -- https://www.cvedetails.com/cve/CVE-2010-1353 -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /index.php?option=com_loginbox&view=../../../../../../../../../etc/passwd%00 - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical +title: CVE-2010-1353:Joomla! Component LoginBox - Local File Inclusion +id: ad0a798b-87d2-4701-82d4-f7a253e44d69 +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Directory traversal vulnerability in the LoginBox Pro (com_loginbox) + component for Joomla! allows remote attackers to read arbitrary files via a .. (dot + dot) in the view parameter to index.php. +references: +- https://www.exploit-db.com/exploits/12068 +- https://www.cvedetails.com/cve/CVE-2010-1353 +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_loginbox&view=../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-1474.yaml b/rules/web/web_cve_CVE-2010-1474.yaml index f0c21085e..a9d569341 100644 --- a/rules/web/web_cve_CVE-2010-1474.yaml +++ b/rules/web/web_cve_CVE-2010-1474.yaml @@ -1,26 +1,26 @@ -title: CVE-2010-1474:Joomla! Component Sweetykeeper 1.5 - Local File Inclusion -id: b2a1a114-6d92-4cce-8b53-b82518abf56c -Author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: Directory traversal vulnerability in the Sweety Keeper (com_sweetykeeper) - component 1.5.x for Joomla! allows remote attackers to read arbitrary files and - possibly have unspecified other impact via a .. (dot dot) in the controller parameter - to index.php. -references: -- https://www.exploit-db.com/exploits/12182 -- https://www.cvedetails.com/cve/CVE-2010-1474 -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /index.php?option=com_sweetykeeper&controller=../../../../../../../../../../etc/passwd%00 - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical +title: CVE-2010-1474:Joomla! Component Sweetykeeper 1.5 - Local File Inclusion +id: 1248cb2d-f96a-49a0-83b0-c1e2c74ae397 +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Directory traversal vulnerability in the Sweety Keeper (com_sweetykeeper) + component 1.5.x for Joomla! allows remote attackers to read arbitrary files and + possibly have unspecified other impact via a .. (dot dot) in the controller parameter + to index.php. +references: +- https://www.exploit-db.com/exploits/12182 +- https://www.cvedetails.com/cve/CVE-2010-1474 +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_sweetykeeper&controller=../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-1475.yaml b/rules/web/web_cve_CVE-2010-1475.yaml index b4e9e4f1c..465857ed9 100644 --- a/rules/web/web_cve_CVE-2010-1475.yaml +++ b/rules/web/web_cve_CVE-2010-1475.yaml @@ -1,25 +1,25 @@ -title: CVE-2010-1475:Joomla! Component Preventive And Reservation 1.0.5 - Local File - Inclusion -id: 6d1e0e6f-4e68-4f1c-8f60-467521d0c25b -Author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: Directory traversal vulnerability in the Preventive & Reservation (com_preventive) - component 1.0.5 for Joomla! allows remote attackers to read arbitrary files and - possibly have unspecified other impact via a .. (dot dot) in the controller parameter - to index.php. -references: -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /index.php?option=com_preventive&controller==../../../../../../../../../../etc/passwd%00 - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical +title: CVE-2010-1475:Joomla! Component Preventive And Reservation 1.0.5 - Local File + Inclusion +id: 5cf9e456-3c79-4d1c-a926-a5a2d20b6f26 +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Directory traversal vulnerability in the Preventive & Reservation (com_preventive) + component 1.0.5 for Joomla! allows remote attackers to read arbitrary files and + possibly have unspecified other impact via a .. (dot dot) in the controller parameter + to index.php. +references: +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_preventive&controller==../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-1495.yaml b/rules/web/web_cve_CVE-2010-1495.yaml index a3b4cdc15..db0c2483e 100644 --- a/rules/web/web_cve_CVE-2010-1495.yaml +++ b/rules/web/web_cve_CVE-2010-1495.yaml @@ -1,25 +1,25 @@ -title: CVE-2010-1495:Joomla! Component Matamko 1.01 - Local File Inclusion -id: 6edfc22e-9b33-43c4-8872-eb41d6cfb5bd -Author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: Directory traversal vulnerability in the Matamko (com_matamko) component - 1.01 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) - in the controller parameter to index.php. -references: -- https://www.exploit-db.com/exploits/12286 -- https://www.cvedetails.com/cve/CVE-2010-1495 -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /index.php?option=com_matamko&controller=../../../../../../../../../../etc/passwd%00 - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical +title: CVE-2010-1495:Joomla! Component Matamko 1.01 - Local File Inclusion +id: 807aa121-81eb-418f-9bbb-a215d8c6f0e7 +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Directory traversal vulnerability in the Matamko (com_matamko) component + 1.01 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) + in the controller parameter to index.php. +references: +- https://www.exploit-db.com/exploits/12286 +- https://www.cvedetails.com/cve/CVE-2010-1495 +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_matamko&controller=../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-1532.yaml b/rules/web/web_cve_CVE-2010-1532.yaml index b3df21b91..76359b0d5 100644 --- a/rules/web/web_cve_CVE-2010-1532.yaml +++ b/rules/web/web_cve_CVE-2010-1532.yaml @@ -1,24 +1,24 @@ -title: CVE-2010-1532:Joomla! Component PowerMail Pro 1.5.3 - Local File Inclusion -id: d1890f8a-ef82-4d0c-a686-bace99bd54f2 -Author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: Directory traversal vulnerability in the givesight PowerMail Pro (com_powermail) - component 1.5.3 for Joomla! allows remote attackers to read arbitrary files and - possibly have unspecified other impact via a .. (dot dot) in the controller parameter - to index.php. -references: -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /index.php?option=com_powermail&controller=../../../../../../../../../../etc/passwd%00 - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical +title: CVE-2010-1532:Joomla! Component PowerMail Pro 1.5.3 - Local File Inclusion +id: 3f5ed59b-1944-4325-b675-5ea2441069f1 +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Directory traversal vulnerability in the givesight PowerMail Pro (com_powermail) + component 1.5.3 for Joomla! allows remote attackers to read arbitrary files and + possibly have unspecified other impact via a .. (dot dot) in the controller parameter + to index.php. +references: +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_powermail&controller=../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-1533.yaml b/rules/web/web_cve_CVE-2010-1533.yaml index 53b105187..d0566b2f8 100644 --- a/rules/web/web_cve_CVE-2010-1533.yaml +++ b/rules/web/web_cve_CVE-2010-1533.yaml @@ -1,23 +1,23 @@ -title: CVE-2010-1533:Joomla! Component TweetLA 1.0.1 - Local File Inclusion -id: 432ecccc-dfd6-4c0f-8173-0f57f8eafe46 -Author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: Directory traversal vulnerability in the TweetLA (com_tweetla) component - 1.0.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot - dot) in the controller parameter to index.php. -references: -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /index.php?option=com_tweetla&controller=../../../../../../../etc/passwd%00 - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical +title: CVE-2010-1533:Joomla! Component TweetLA 1.0.1 - Local File Inclusion +id: fb9d6f93-d5ce-45e5-abf4-51b092d082a2 +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Directory traversal vulnerability in the TweetLA (com_tweetla) component + 1.0.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot + dot) in the controller parameter to index.php. +references: +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_tweetla&controller=../../../../../../../etc/passwd%00 + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-1535.yaml b/rules/web/web_cve_CVE-2010-1535.yaml index f5d20bce0..3f94a2df9 100644 --- a/rules/web/web_cve_CVE-2010-1535.yaml +++ b/rules/web/web_cve_CVE-2010-1535.yaml @@ -1,24 +1,24 @@ -title: CVE-2010-1535:Joomla! Component TRAVELbook 1.0.1 - Local File Inclusion -id: 36a64564-5ba1-40ff-a85f-6a0a11215c35 -Author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: Directory traversal vulnerability in the TRAVELbook (com_travelbook) - component 1.0.1 for Joomla! allows remote attackers to read arbitrary files and - possibly have unspecified other impact via a .. (dot dot) in the controller parameter - to index.php. -references: -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /index.php?option=com_travelbook&controller=../../../../../../../../../../etc/passwd%00 - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical +title: CVE-2010-1535:Joomla! Component TRAVELbook 1.0.1 - Local File Inclusion +id: 74d51ae3-410b-4654-bb2d-20cca140a39c +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Directory traversal vulnerability in the TRAVELbook (com_travelbook) + component 1.0.1 for Joomla! allows remote attackers to read arbitrary files and + possibly have unspecified other impact via a .. (dot dot) in the controller parameter + to index.php. +references: +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_travelbook&controller=../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-1602.yaml b/rules/web/web_cve_CVE-2010-1602.yaml index e57fe8fe3..6703b9a53 100644 --- a/rules/web/web_cve_CVE-2010-1602.yaml +++ b/rules/web/web_cve_CVE-2010-1602.yaml @@ -1,26 +1,26 @@ -title: CVE-2010-1602:Joomla! Component ZiMB Comment 0.8.1 - Local File Inclusion -id: e9519f69-b3b8-4695-88bb-5bf2d34e40aa -Author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: Directory traversal vulnerability in the ZiMB Comment (com_zimbcomment) - component 0.8.1 for Joomla! allows remote attackers to read arbitrary files and - possibly have unspecified other impact via a .. (dot dot) in the controller parameter - to index.php. -references: -- https://www.exploit-db.com/exploits/12283 -- https://www.cvedetails.com/cve/CVE-2010-1602 -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /index.php?option=com_zimbcomment&controller=../../../../../../../../../../etc/passwd%00 - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical +title: CVE-2010-1602:Joomla! Component ZiMB Comment 0.8.1 - Local File Inclusion +id: 78b8be95-2dac-4660-867b-3096670f1801 +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Directory traversal vulnerability in the ZiMB Comment (com_zimbcomment) + component 0.8.1 for Joomla! allows remote attackers to read arbitrary files and + possibly have unspecified other impact via a .. (dot dot) in the controller parameter + to index.php. +references: +- https://www.exploit-db.com/exploits/12283 +- https://www.cvedetails.com/cve/CVE-2010-1602 +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_zimbcomment&controller=../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-1657.yaml b/rules/web/web_cve_CVE-2010-1657.yaml index 614266e87..8cc04a140 100644 --- a/rules/web/web_cve_CVE-2010-1657.yaml +++ b/rules/web/web_cve_CVE-2010-1657.yaml @@ -1,25 +1,25 @@ -title: CVE-2010-1657:Joomla! Component SmartSite 1.0.0 - Local File Inclusion -id: b32928f2-521b-4e3b-b34c-cb49617727ca -Author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: Directory traversal vulnerability in the SmartSite (com_smartsite) component - 1.0.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot - dot) in the controller parameter to index.php. -references: -- https://www.exploit-db.com/exploits/12428 -- https://www.cvedetails.com/cve/CVE-2010-1657 -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /index.php?option=com_smartsite&controller=../../../../../../../../../../etc/passwd%00 - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical +title: CVE-2010-1657:Joomla! Component SmartSite 1.0.0 - Local File Inclusion +id: 1b858384-5226-47df-beb9-d9162c63b0da +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Directory traversal vulnerability in the SmartSite (com_smartsite) component + 1.0.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot + dot) in the controller parameter to index.php. +references: +- https://www.exploit-db.com/exploits/12428 +- https://www.cvedetails.com/cve/CVE-2010-1657 +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_smartsite&controller=../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-1718.yaml b/rules/web/web_cve_CVE-2010-1718.yaml index ae4b53e3a..22aa34014 100644 --- a/rules/web/web_cve_CVE-2010-1718.yaml +++ b/rules/web/web_cve_CVE-2010-1718.yaml @@ -1,24 +1,24 @@ -title: CVE-2010-1718:Joomla! Component Archery Scores 1.0.6 - Local File Inclusion -id: 60f6f1f4-0312-4416-bb31-fd376a59ce7b -Author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: Directory traversal vulnerability in archeryscores.php in the Archery - Scores (com_archeryscores) component 1.0.6 for Joomla! allows remote attackers to - include and execute arbitrary local files via a .. (dot dot) in the controller parameter - to index.php. -references: -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /index.php?option=com_archeryscores&controller=../../../../../../../../../etc/passwd%00 - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical +title: CVE-2010-1718:Joomla! Component Archery Scores 1.0.6 - Local File Inclusion +id: 7f99cad1-85b6-4521-801e-aa27fa249207 +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Directory traversal vulnerability in archeryscores.php in the Archery + Scores (com_archeryscores) component 1.0.6 for Joomla! allows remote attackers to + include and execute arbitrary local files via a .. (dot dot) in the controller parameter + to index.php. +references: +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_archeryscores&controller=../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-1722.yaml b/rules/web/web_cve_CVE-2010-1722.yaml index f8de41083..0fc9c72ae 100644 --- a/rules/web/web_cve_CVE-2010-1722.yaml +++ b/rules/web/web_cve_CVE-2010-1722.yaml @@ -1,25 +1,25 @@ -title: CVE-2010-1722:Joomla! Component Online Market 2.x - Local File Inclusion -id: e33e435a-51b1-416d-b0f3-0965a0b73af9 -Author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: Directory traversal vulnerability in the Online Market (com_market) component - 2.x for Joomla! allows remote attackers to read arbitrary files and possibly have - unspecified other impact via a .. (dot dot) in the controller parameter to index.php. -references: -- https://www.exploit-db.com/exploits/12177 -- https://www.cvedetails.com/cve/CVE-2010-1722 -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /index.php?option=com_market&controller=../../../../../../../../../../etc/passwd%00 - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical +title: CVE-2010-1722:Joomla! Component Online Market 2.x - Local File Inclusion +id: 2de26e96-5594-4743-a74b-d8687d807efa +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Directory traversal vulnerability in the Online Market (com_market) component + 2.x for Joomla! allows remote attackers to read arbitrary files and possibly have + unspecified other impact via a .. (dot dot) in the controller parameter to index.php. +references: +- https://www.exploit-db.com/exploits/12177 +- https://www.cvedetails.com/cve/CVE-2010-1722 +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_market&controller=../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-1875.yaml b/rules/web/web_cve_CVE-2010-1875.yaml index 48c7d5857..d85a45fc9 100644 --- a/rules/web/web_cve_CVE-2010-1875.yaml +++ b/rules/web/web_cve_CVE-2010-1875.yaml @@ -1,26 +1,26 @@ -title: CVE-2010-1875:Joomla! Component Property - Local File Inclusion -id: d989a93e-8f69-4419-876d-12bd5f9bfc19 -Author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: Directory traversal vulnerability in the Real Estate Property (com_properties) - component 3.1.22-03 for Joomla! allows remote attackers to read arbitrary files - and possibly have unspecified other impact via a .. (dot dot) in the controller - parameter to index.php. -references: -- https://www.exploit-db.com/exploits/11851 -- https://www.cvedetails.com/cve/CVE-2010-1875 -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /index.php?option=com_properties&controller=../../../../../../../../../../../../../etc/passwd%00 - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical +title: CVE-2010-1875:Joomla! Component Property - Local File Inclusion +id: b2fa9b8b-da34-4598-b0dd-a77e409f786a +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Directory traversal vulnerability in the Real Estate Property (com_properties) + component 3.1.22-03 for Joomla! allows remote attackers to read arbitrary files + and possibly have unspecified other impact via a .. (dot dot) in the controller + parameter to index.php. +references: +- https://www.exploit-db.com/exploits/11851 +- https://www.cvedetails.com/cve/CVE-2010-1875 +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_properties&controller=../../../../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-1953.yaml b/rules/web/web_cve_CVE-2010-1953.yaml index aed738195..7317ab8ed 100644 --- a/rules/web/web_cve_CVE-2010-1953.yaml +++ b/rules/web/web_cve_CVE-2010-1953.yaml @@ -1,25 +1,25 @@ -title: CVE-2010-1953:Joomla! Component iNetLanka Multiple Map 1.0 - Local File Inclusion -id: 88a112bd-6581-4492-8d76-5c984d738c09 -Author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: Directory traversal vulnerability in the iNetLanka Multiple Map (com_multimap) - component 1.0 for Joomla! allows remote attackers to read arbitrary files via a - .. (dot dot) in the controller parameter to index.php. -references: -- https://www.exploit-db.com/exploits/12288 -- https://www.cvedetails.com/cve/CVE-2010-1953 -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /index.php?option=com_multimap&controller=../../../../../../../../../../etc/passwd%00 - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical +title: CVE-2010-1953:Joomla! Component iNetLanka Multiple Map 1.0 - Local File Inclusion +id: 0dcfbc60-2e37-4b43-a916-19cb2b8566d1 +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Directory traversal vulnerability in the iNetLanka Multiple Map (com_multimap) + component 1.0 for Joomla! allows remote attackers to read arbitrary files via a + .. (dot dot) in the controller parameter to index.php. +references: +- https://www.exploit-db.com/exploits/12288 +- https://www.cvedetails.com/cve/CVE-2010-1953 +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_multimap&controller=../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-1954.yaml b/rules/web/web_cve_CVE-2010-1954.yaml new file mode 100644 index 000000000..4b769808f --- /dev/null +++ b/rules/web/web_cve_CVE-2010-1954.yaml @@ -0,0 +1,23 @@ +title: CVE-2010-1954:Joomla! Component iNetLanka Multiple root 1.0 - Local File Inclusion +id: b669a952-66dd-4336-9372-1a91f0f7df69 +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Directory traversal vulnerability in the iNetLanka Multiple root (com_multiroot) + component 1.0 and 1.1 for Joomla! allows remote attackers to read arbitrary files + via a .. (dot dot) in the controller parameter to index.php. +references: +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_multiroot&controller=../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-1955.yaml b/rules/web/web_cve_CVE-2010-1955.yaml index c74eeaa7b..cfbab60f0 100644 --- a/rules/web/web_cve_CVE-2010-1955.yaml +++ b/rules/web/web_cve_CVE-2010-1955.yaml @@ -1,25 +1,25 @@ -title: CVE-2010-1955:Joomla! Component Deluxe Blog Factory 1.1.2 - Local File Inclusion -id: 5eeaa5a1-e6d1-46f8-9bf3-ef141d6733f9 -Author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: Directory traversal vulnerability in the Deluxe Blog Factory (com_blogfactory) - component 1.1.2 for Joomla! allows remote attackers to read arbitrary files via - a .. (dot dot) in the controller parameter to index.php. -references: -- https://www.exploit-db.com/exploits/12238 -- https://www.cvedetails.com/cve/CVE-2010-1955 -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /index.php?option=com_blogfactory&controller=../../../../../../../../../../etc/passwd%00 - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical +title: CVE-2010-1955:Joomla! Component Deluxe Blog Factory 1.1.2 - Local File Inclusion +id: 25f05d16-2cb0-442b-9902-d3ad8cff11f7 +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Directory traversal vulnerability in the Deluxe Blog Factory (com_blogfactory) + component 1.1.2 for Joomla! allows remote attackers to read arbitrary files via + a .. (dot dot) in the controller parameter to index.php. +references: +- https://www.exploit-db.com/exploits/12238 +- https://www.cvedetails.com/cve/CVE-2010-1955 +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_blogfactory&controller=../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-1979.yaml b/rules/web/web_cve_CVE-2010-1979.yaml index ddd153dce..02ca8a2aa 100644 --- a/rules/web/web_cve_CVE-2010-1979.yaml +++ b/rules/web/web_cve_CVE-2010-1979.yaml @@ -1,25 +1,25 @@ -title: CVE-2010-1979:Joomla! Component Affiliate Datafeeds 880 - Local File Inclusion -id: 0221e773-afea-48bf-b3b2-dd60ed509720 -Author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: Directory traversal vulnerability in the Affiliate Datafeeds (com_datafeeds) - component build 880 for Joomla! allows remote attackers to read arbitrary files - via a .. (dot dot) in the controller parameter to index.php. -references: -- https://www.exploit-db.com/exploits/12088 -- https://www.cvedetails.com/cve/CVE-2010-1979 -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /index.php?option=com_datafeeds&controller=../../../../../../../../../../etc/passwd%00 - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical +title: CVE-2010-1979:Joomla! Component Affiliate Datafeeds 880 - Local File Inclusion +id: 8d003d22-516d-445b-a8cf-809065ec3d2a +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Directory traversal vulnerability in the Affiliate Datafeeds (com_datafeeds) + component build 880 for Joomla! allows remote attackers to read arbitrary files + via a .. (dot dot) in the controller parameter to index.php. +references: +- https://www.exploit-db.com/exploits/12088 +- https://www.cvedetails.com/cve/CVE-2010-1979 +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_datafeeds&controller=../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-1983.yaml b/rules/web/web_cve_CVE-2010-1983.yaml index 2d8c81138..e3de690f0 100644 --- a/rules/web/web_cve_CVE-2010-1983.yaml +++ b/rules/web/web_cve_CVE-2010-1983.yaml @@ -1,25 +1,25 @@ -title: CVE-2010-1983:Joomla! Component redTWITTER 1.0 - Local File Inclusion -id: b205e0d0-b61a-4a7a-a8db-45225cad643f -Author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: Directory traversal vulnerability in the redTWITTER (com_redtwitter) - component 1.0.x including 1.0b11 for Joomla! allows remote attackers to read arbitrary - files via a .. (dot dot) in the view parameter to index.php -references: -- https://www.exploit-db.com/exploits/12055 -- https://www.cvedetails.com/cve/CVE-2010-1983 -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /index.php?option=com_redtwitter&view=../../../../../../../../../../../../../../../etc/passwd%00 - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical +title: CVE-2010-1983:Joomla! Component redTWITTER 1.0 - Local File Inclusion +id: ef76c1fe-3653-4530-b55b-0676b399c927 +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Directory traversal vulnerability in the redTWITTER (com_redtwitter) + component 1.0.x including 1.0b11 for Joomla! allows remote attackers to read arbitrary + files via a .. (dot dot) in the view parameter to index.php +references: +- https://www.exploit-db.com/exploits/12055 +- https://www.cvedetails.com/cve/CVE-2010-1983 +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_redtwitter&view=../../../../../../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-2033.yaml b/rules/web/web_cve_CVE-2010-2033.yaml index de4c9b398..12a5c02e7 100644 --- a/rules/web/web_cve_CVE-2010-2033.yaml +++ b/rules/web/web_cve_CVE-2010-2033.yaml @@ -1,26 +1,26 @@ -title: CVE-2010-2033:Joomla Percha Categories Tree 0.6 - Local File Inclusion -id: d61b5ebd-9dc8-4dc5-b377-5e7cabfde00e -Author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: Directory traversal vulnerability in the Percha Fields Attach (com_perchafieldsattach) - component 1.x for Joomla! allows remote attackers to read arbitrary files and possibly - have unspecified other impact via a .. (dot dot) in the controller parameter to - index.php. -references: -- https://packetstormsecurity.com/files/89654/Joomla-Percha-Categories-Tree-0.6-Local-File-Inclusion.html -- https://www.cvedetails.com/cve/CVE-2010-2033 -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /index.php?option=com_perchacategoriestree&controller=../../../../../../../../../../etc/passwd%00 - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical +title: CVE-2010-2033:Joomla Percha Categories Tree 0.6 - Local File Inclusion +id: f953c147-a017-4f36-a20f-64c8bf4ec31a +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Directory traversal vulnerability in the Percha Fields Attach (com_perchafieldsattach) + component 1.x for Joomla! allows remote attackers to read arbitrary files and possibly + have unspecified other impact via a .. (dot dot) in the controller parameter to + index.php. +references: +- https://packetstormsecurity.com/files/89654/Joomla-Percha-Categories-Tree-0.6-Local-File-Inclusion.html +- https://www.cvedetails.com/cve/CVE-2010-2033 +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_perchacategoriestree&controller=../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-2036.yaml b/rules/web/web_cve_CVE-2010-2036.yaml index b31322666..0057029cb 100644 --- a/rules/web/web_cve_CVE-2010-2036.yaml +++ b/rules/web/web_cve_CVE-2010-2036.yaml @@ -1,26 +1,26 @@ -title: CVE-2010-2036:Joomla! Component Percha Fields Attach 1.0 - Directory Traversal -id: 1859e4d6-2965-4bee-897f-bded883e7364 -Author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: Directory traversal vulnerability in the Percha Fields Attach (com_perchafieldsattach) - component 1.x for Joomla! allows remote attackers to read arbitrary files and possibly - have unspecified other impact via a .. (dot dot) in the controller parameter to - index.php. -references: -- https://www.exploit-db.com/exploits/34004 -- https://www.cvedetails.com/cve/CVE-2010-2036 -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /index.php?option=com_perchafieldsattach&controller=../../../../../../../../../../etc/passwd%00 - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical +title: CVE-2010-2036:Joomla! Component Percha Fields Attach 1.0 - Directory Traversal +id: 3036ae41-8549-429e-ba64-a3dd5991f7f2 +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Directory traversal vulnerability in the Percha Fields Attach (com_perchafieldsattach) + component 1.x for Joomla! allows remote attackers to read arbitrary files and possibly + have unspecified other impact via a .. (dot dot) in the controller parameter to + index.php. +references: +- https://www.exploit-db.com/exploits/34004 +- https://www.cvedetails.com/cve/CVE-2010-2036 +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_perchafieldsattach&controller=../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-2259.yaml b/rules/web/web_cve_CVE-2010-2259.yaml index 3b175aca8..2dd1e1739 100644 --- a/rules/web/web_cve_CVE-2010-2259.yaml +++ b/rules/web/web_cve_CVE-2010-2259.yaml @@ -1,25 +1,25 @@ -title: CVE-2010-2259:Joomla! Component com_bfsurvey - Local File Inclusion -id: 0f74c630-3e11-41d3-8352-66961fc12085 -Author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: Directory traversal vulnerability in the BF Survey (com_bfsurvey) component - for Joomla! allows remote attackers to include and execute arbitrary local files - via a .. (dot dot) in the controller parameter to index.php. -references: -- https://www.exploit-db.com/exploits/10946 -- https://www.cvedetails.com/cve/CVE-2010-2259 -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /index.php?option=com_bfsurvey&controller=../../../../../../../../../../../../etc/passwd%00 - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical +title: CVE-2010-2259:Joomla! Component com_bfsurvey - Local File Inclusion +id: 9876750e-ffd6-41a6-9486-31f17db8ab87 +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Directory traversal vulnerability in the BF Survey (com_bfsurvey) component + for Joomla! allows remote attackers to include and execute arbitrary local files + via a .. (dot dot) in the controller parameter to index.php. +references: +- https://www.exploit-db.com/exploits/10946 +- https://www.cvedetails.com/cve/CVE-2010-2259 +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_bfsurvey&controller=../../../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-2307.yaml b/rules/web/web_cve_CVE-2010-2307.yaml index 8d7876924..221de5f32 100644 --- a/rules/web/web_cve_CVE-2010-2307.yaml +++ b/rules/web/web_cve_CVE-2010-2307.yaml @@ -1,27 +1,27 @@ -title: CVE-2010-2307:Motorola SBV6120E SURFboard Digital Voice Modem SBV6X2X-1.0.0.5-SCM - - Directory Traversal -id: f03488dd-2c62-4541-9f0e-a11e8a7e1750 -Author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: Multiple directory traversal vulnerabilities in the web server for Motorola - SURFBoard cable modem SBV6120E running firmware SBV6X2X-1.0.0.5-SCM-02-SHPC allow - remote attackers to read arbitrary files via (1) "//" (multiple leading slash), - (2) ../ (dot dot) sequences, and encoded dot dot sequences in a URL request. -references: -- https://www.securityfocus.com/bid/40550/info -- https://nvd.nist.gov/vuln/detail/CVE-2010-2307 -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /../../etc/passwd - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical +title: CVE-2010-2307:Motorola SBV6120E SURFboard Digital Voice Modem SBV6X2X-1.0.0.5-SCM + - Directory Traversal +id: c2979f47-e361-4ce4-9f69-8a6a8bdf8916 +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Multiple directory traversal vulnerabilities in the web server for Motorola + SURFBoard cable modem SBV6120E running firmware SBV6X2X-1.0.0.5-SCM-02-SHPC allow + remote attackers to read arbitrary files via (1) "//" (multiple leading slash), + (2) ../ (dot dot) sequences, and encoded dot dot sequences in a URL request. +references: +- https://www.securityfocus.com/bid/40550/info +- https://nvd.nist.gov/vuln/detail/CVE-2010-2307 +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /../../etc/passwd + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-2682.yaml b/rules/web/web_cve_CVE-2010-2682.yaml index 01a72dff3..af009d5ee 100644 --- a/rules/web/web_cve_CVE-2010-2682.yaml +++ b/rules/web/web_cve_CVE-2010-2682.yaml @@ -1,26 +1,26 @@ -title: CVE-2010-2682:Joomla! Component Realtyna Translator 1.0.15 - Local File Inclusion -id: 99824e58-3cce-4172-9970-04e0a6de5108 -Author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: Directory traversal vulnerability in the Realtyna Translator (com_realtyna) - component 1.0.15 for Joomla! allows remote attackers to read arbitrary files and - possibly have unspecified other impact via a .. (dot dot) in the controller parameter - to index.php. -references: -- https://www.exploit-db.com/exploits/14017 -- https://www.cvedetails.com/cve/CVE-2010-2682 -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /index.php?option=com_realtyna&controller=../../../../../../../../../../../../../../../etc/passwd%00 - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical +title: CVE-2010-2682:Joomla! Component Realtyna Translator 1.0.15 - Local File Inclusion +id: a6e33159-2c73-4bde-b40c-cf013d639d8c +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Directory traversal vulnerability in the Realtyna Translator (com_realtyna) + component 1.0.15 for Joomla! allows remote attackers to read arbitrary files and + possibly have unspecified other impact via a .. (dot dot) in the controller parameter + to index.php. +references: +- https://www.exploit-db.com/exploits/14017 +- https://www.cvedetails.com/cve/CVE-2010-2682 +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_realtyna&controller=../../../../../../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-2861.yaml b/rules/web/web_cve_CVE-2010-2861.yaml index e5764559c..57ec00fa6 100644 --- a/rules/web/web_cve_CVE-2010-2861.yaml +++ b/rules/web/web_cve_CVE-2010-2861.yaml @@ -1,27 +1,27 @@ -title: CVE-2010-2861:Adobe ColdFusion 8.0/8.0.1/9.0/9.0.1 LFI -id: e22f6ee2-341a-44b8-a58b-33a0960fa8e0 -Author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: Multiple directory traversal vulnerabilities in the administrator console - in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files - via the locale parameter to (1) CFIDE/administrator/settings/mappings.cfm, (2) logging/settings.cfm, - (3) datasources/index.cfm, (4) j2eepackaging/editarchive.cfm, and (5) enter.cfm - in CFIDE/administrator/. -references: -- https://github.com/vulhub/vulhub/tree/master/coldfusion/CVE-2010-2861 -- http://www.adobe.com/support/security/bulletins/apsb10-18.html -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /CFIDE/administrator/enter.cfm?locale=../../../../../../../lib/password.properties%00en - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical +title: CVE-2010-2861:Adobe ColdFusion 8.0/8.0.1/9.0/9.0.1 LFI +id: 422116aa-40e3-4e44-a32f-b6c6f5855200 +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Multiple directory traversal vulnerabilities in the administrator console + in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files + via the locale parameter to (1) CFIDE/administrator/settings/mappings.cfm, (2) logging/settings.cfm, + (3) datasources/index.cfm, (4) j2eepackaging/editarchive.cfm, and (5) enter.cfm + in CFIDE/administrator/. +references: +- https://github.com/vulhub/vulhub/tree/master/coldfusion/CVE-2010-2861 +- http://www.adobe.com/support/security/bulletins/apsb10-18.html +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /CFIDE/administrator/enter.cfm?locale=../../../../../../../lib/password.properties%00en + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-3426.yaml b/rules/web/web_cve_CVE-2010-3426.yaml index d0c9a6c06..e6d0e9303 100644 --- a/rules/web/web_cve_CVE-2010-3426.yaml +++ b/rules/web/web_cve_CVE-2010-3426.yaml @@ -1,23 +1,23 @@ -title: CVE-2010-3426:Joomla! Component Jphone 1.0 Alpha 3 - Local File Inclusion -id: 8df31def-3d71-4f01-85ab-4891fa481a8c -Author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: Directory traversal vulnerability in jphone.php in the JPhone (com_jphone) - component 1.0 Alpha 3 for Joomla! allows remote attackers to include and execute - arbitrary local files via a .. (dot dot) in the controller parameter to index.php. -references: -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /index.php?option=com_jphone&controller=../../../../../../../../../../etc/passwd%00 - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical +title: CVE-2010-3426:Joomla! Component Jphone 1.0 Alpha 3 - Local File Inclusion +id: 542e1a33-d6b0-4843-9a27-ad846c2daf22 +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Directory traversal vulnerability in jphone.php in the JPhone (com_jphone) + component 1.0 Alpha 3 for Joomla! allows remote attackers to include and execute + arbitrary local files via a .. (dot dot) in the controller parameter to index.php. +references: +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_jphone&controller=../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-4231.yaml b/rules/web/web_cve_CVE-2010-4231.yaml index 9863413f6..436138ed9 100644 --- a/rules/web/web_cve_CVE-2010-4231.yaml +++ b/rules/web/web_cve_CVE-2010-4231.yaml @@ -1,25 +1,25 @@ -title: CVE-2010-4231:Camtron CMNC-200 IP Camera - Directory Traversal -id: e097e932-b39e-4e00-ac6f-1f03e43fc716 -Author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: The CMNC-200 IP Camera has a built-in web server that is enabled by default. - The server is vulnerable to directory transversal attacks, allowing access to any - file on the camera file system. -references: -- https://nvd.nist.gov/vuln/detail/CVE-2010-4231 -- https://www.exploit-db.com/exploits/15505 -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /../../../../../../../../../../../../../etc/passwd - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical +title: CVE-2010-4231:Camtron CMNC-200 IP Camera - Directory Traversal +id: aa46c601-90ce-48b3-b45e-c56eefd86134 +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: The CMNC-200 IP Camera has a built-in web server that is enabled by default. + The server is vulnerable to directory transversal attacks, allowing access to any + file on the camera file system. +references: +- https://nvd.nist.gov/vuln/detail/CVE-2010-4231 +- https://www.exploit-db.com/exploits/15505 +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /../../../../../../../../../../../../../etc/passwd + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-4617.yaml b/rules/web/web_cve_CVE-2010-4617.yaml index 5a1a42e0e..f925c8532 100644 --- a/rules/web/web_cve_CVE-2010-4617.yaml +++ b/rules/web/web_cve_CVE-2010-4617.yaml @@ -1,25 +1,25 @@ -title: CVE-2010-4617:Joomla! Component JotLoader 2.2.1 - Local File Inclusion -id: 3965e578-e509-41e2-a572-12522bbcf4fd -Author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: Directory traversal vulnerability in the JotLoader (com_jotloader) component - 2.2.1 for Joomla! allows remote attackers to read arbitrary files via directory - traversal sequences in the section parameter to index.php. -references: -- https://www.exploit-db.com/exploits/15791 -- https://www.cvedetails.com/cve/CVE-2010-4617 -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /index.php?option=com_jotloader§ion=../../../../../../../../../../../../../../etc/passwd%00 - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical +title: CVE-2010-4617:Joomla! Component JotLoader 2.2.1 - Local File Inclusion +id: 44d2ed53-964a-420c-a410-c4d44356a0f4 +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Directory traversal vulnerability in the JotLoader (com_jotloader) component + 2.2.1 for Joomla! allows remote attackers to read arbitrary files via directory + traversal sequences in the section parameter to index.php. +references: +- https://www.exploit-db.com/exploits/15791 +- https://www.cvedetails.com/cve/CVE-2010-4617 +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_jotloader§ion=../../../../../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-5278.yaml b/rules/web/web_cve_CVE-2010-5278.yaml index 3618fefcd..e8c0a733e 100644 --- a/rules/web/web_cve_CVE-2010-5278.yaml +++ b/rules/web/web_cve_CVE-2010-5278.yaml @@ -1,26 +1,26 @@ -title: CVE-2010-5278:MODx manager - Local File Inclusion -id: 5f6499cc-97a6-49ed-af28-00278c2c954e -Author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: Directory traversal vulnerability in manager/controllers/default/resource/tvs.php - in MODx Revolution 2.0.2-pl, and possibly earlier, when magic_quotes_gpc is disabled, - allows remote attackers to read arbitrary files via a .. (dot dot) in the class_key - parameter. -references: -- https://www.exploit-db.com/exploits/34788 -- https://www.cvedetails.com/cve/CVE-2010-5278 -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /manager/controllers/default/resource/tvs.php?class_key=../../../../../../../../../../windows/win.ini%00 - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical +title: CVE-2010-5278:MODx manager - Local File Inclusion +id: 0ed9f57e-d400-4f95-aaa4-6356b8e7eaeb +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Directory traversal vulnerability in manager/controllers/default/resource/tvs.php + in MODx Revolution 2.0.2-pl, and possibly earlier, when magic_quotes_gpc is disabled, + allows remote attackers to read arbitrary files via a .. (dot dot) in the class_key + parameter. +references: +- https://www.exploit-db.com/exploits/34788 +- https://www.cvedetails.com/cve/CVE-2010-5278 +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /manager/controllers/default/resource/tvs.php?class_key=../../../../../../../../../../windows/win.ini%00 + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical From 121c30e516adf28a20de8a84814c55c84bdc5adc Mon Sep 17 00:00:00 2001 From: pbssubhash Date: Wed, 25 Aug 2021 21:27:59 +0530 Subject: [PATCH 04/17] Changed Author to author --- rules/web/web_cve_CVE-2010-0943.yaml | 4 ++-- rules/web/web_cve_CVE-2010-0944.yaml | 4 ++-- rules/web/web_cve_CVE-2010-1306.yaml | 4 ++-- rules/web/web_cve_CVE-2010-1314.yaml | 4 ++-- rules/web/web_cve_CVE-2010-1345.yaml | 4 ++-- rules/web/web_cve_CVE-2010-1353.yaml | 4 ++-- rules/web/web_cve_CVE-2010-1474.yaml | 4 ++-- rules/web/web_cve_CVE-2010-1475.yaml | 4 ++-- rules/web/web_cve_CVE-2010-1495.yaml | 4 ++-- rules/web/web_cve_CVE-2010-1532.yaml | 4 ++-- rules/web/web_cve_CVE-2010-1533.yaml | 4 ++-- rules/web/web_cve_CVE-2010-1535.yaml | 4 ++-- rules/web/web_cve_CVE-2010-1602.yaml | 4 ++-- rules/web/web_cve_CVE-2010-1657.yaml | 4 ++-- rules/web/web_cve_CVE-2010-1718.yaml | 4 ++-- rules/web/web_cve_CVE-2010-1722.yaml | 4 ++-- rules/web/web_cve_CVE-2010-1875.yaml | 4 ++-- rules/web/web_cve_CVE-2010-1953.yaml | 4 ++-- rules/web/web_cve_CVE-2010-1954.yaml | 4 ++-- rules/web/web_cve_CVE-2010-1955.yaml | 4 ++-- rules/web/web_cve_CVE-2010-1979.yaml | 4 ++-- rules/web/web_cve_CVE-2010-1983.yaml | 4 ++-- rules/web/web_cve_CVE-2010-2033.yaml | 4 ++-- rules/web/web_cve_CVE-2010-2036.yaml | 4 ++-- rules/web/web_cve_CVE-2010-2259.yaml | 4 ++-- rules/web/web_cve_CVE-2010-2307.yaml | 4 ++-- rules/web/web_cve_CVE-2010-2682.yaml | 4 ++-- rules/web/web_cve_CVE-2010-2861.yaml | 4 ++-- rules/web/web_cve_CVE-2010-3426.yaml | 4 ++-- rules/web/web_cve_CVE-2010-4231.yaml | 4 ++-- rules/web/web_cve_CVE-2010-4617.yaml | 4 ++-- rules/web/web_cve_CVE-2010-5278.yaml | 4 ++-- 32 files changed, 64 insertions(+), 64 deletions(-) diff --git a/rules/web/web_cve_CVE-2010-0943.yaml b/rules/web/web_cve_CVE-2010-0943.yaml index 59e19742b..07b40e00d 100644 --- a/rules/web/web_cve_CVE-2010-0943.yaml +++ b/rules/web/web_cve_CVE-2010-0943.yaml @@ -1,6 +1,6 @@ title: CVE-2010-0943:Joomla! Component com_jashowcase - Directory Traversal -id: 6a99f28f-8626-4419-93c8-9aa9e75c0068 -Author: Subhash Popuri (@pbssubhash) +id: e5616a8c-a43e-47c2-9fd2-19b429581b90 +author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Directory traversal vulnerability in the JA Showcase (com_jashowcase) diff --git a/rules/web/web_cve_CVE-2010-0944.yaml b/rules/web/web_cve_CVE-2010-0944.yaml index 2872b219f..eb0802663 100644 --- a/rules/web/web_cve_CVE-2010-0944.yaml +++ b/rules/web/web_cve_CVE-2010-0944.yaml @@ -1,6 +1,6 @@ title: CVE-2010-0944:Joomla! Component com_jcollection - Directory Traversal -id: ae369f4d-5f22-4969-8715-c8908394f279 -Author: Subhash Popuri (@pbssubhash) +id: c3eada81-1f9a-4a55-97b8-d3207d89228e +author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Directory traversal vulnerability in the JCollection (com_jcollection) diff --git a/rules/web/web_cve_CVE-2010-1306.yaml b/rules/web/web_cve_CVE-2010-1306.yaml index 2b48098e5..1a6e62688 100644 --- a/rules/web/web_cve_CVE-2010-1306.yaml +++ b/rules/web/web_cve_CVE-2010-1306.yaml @@ -1,6 +1,6 @@ title: CVE-2010-1306:Joomla! Component Picasa 2.0 - Local File Inclusion -id: 3cea101d-f72d-441f-8fdc-8462cfac20e7 -Author: Subhash Popuri (@pbssubhash) +id: 560cd98d-aa1d-451b-90a5-08ce5ab72d7b +author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Directory traversal vulnerability in the Picasa (com_joomlapicasa2) component diff --git a/rules/web/web_cve_CVE-2010-1314.yaml b/rules/web/web_cve_CVE-2010-1314.yaml index 8673ae898..e36b0acaa 100644 --- a/rules/web/web_cve_CVE-2010-1314.yaml +++ b/rules/web/web_cve_CVE-2010-1314.yaml @@ -1,6 +1,6 @@ title: CVE-2010-1314:Joomla! Component Highslide 1.5 - Local File Inclusion -id: 9a7d17b2-ba50-4f83-bd75-92bcb0ba190f -Author: Subhash Popuri (@pbssubhash) +id: 18019647-a68c-412a-bca9-626618b1a79c +author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Directory traversal vulnerability in the Highslide JS (com_hsconfig) diff --git a/rules/web/web_cve_CVE-2010-1345.yaml b/rules/web/web_cve_CVE-2010-1345.yaml index 293262979..6c3fe8c81 100644 --- a/rules/web/web_cve_CVE-2010-1345.yaml +++ b/rules/web/web_cve_CVE-2010-1345.yaml @@ -1,6 +1,6 @@ title: CVE-2010-1345:Joomla! Component Cookex Agency CKForms - Local File Inclusion -id: dc5198bb-73cc-4a07-8b6c-b178d6c25265 -Author: Subhash Popuri (@pbssubhash) +id: e70e977a-aaf3-4ec1-a948-493caea7cff3 +author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Directory traversal vulnerability in the Cookex Agency CKForms (com_ckforms) diff --git a/rules/web/web_cve_CVE-2010-1353.yaml b/rules/web/web_cve_CVE-2010-1353.yaml index 772094e3d..a1c006bda 100644 --- a/rules/web/web_cve_CVE-2010-1353.yaml +++ b/rules/web/web_cve_CVE-2010-1353.yaml @@ -1,6 +1,6 @@ title: CVE-2010-1353:Joomla! Component LoginBox - Local File Inclusion -id: ad0a798b-87d2-4701-82d4-f7a253e44d69 -Author: Subhash Popuri (@pbssubhash) +id: 559e6e69-af61-407c-9949-a8602cfb6d95 +author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Directory traversal vulnerability in the LoginBox Pro (com_loginbox) diff --git a/rules/web/web_cve_CVE-2010-1474.yaml b/rules/web/web_cve_CVE-2010-1474.yaml index a9d569341..c023e301c 100644 --- a/rules/web/web_cve_CVE-2010-1474.yaml +++ b/rules/web/web_cve_CVE-2010-1474.yaml @@ -1,6 +1,6 @@ title: CVE-2010-1474:Joomla! Component Sweetykeeper 1.5 - Local File Inclusion -id: 1248cb2d-f96a-49a0-83b0-c1e2c74ae397 -Author: Subhash Popuri (@pbssubhash) +id: 06040396-89e0-4919-a186-a3ac48eb2d85 +author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Directory traversal vulnerability in the Sweety Keeper (com_sweetykeeper) diff --git a/rules/web/web_cve_CVE-2010-1475.yaml b/rules/web/web_cve_CVE-2010-1475.yaml index 465857ed9..5d2fb64e2 100644 --- a/rules/web/web_cve_CVE-2010-1475.yaml +++ b/rules/web/web_cve_CVE-2010-1475.yaml @@ -1,7 +1,7 @@ title: CVE-2010-1475:Joomla! Component Preventive And Reservation 1.0.5 - Local File Inclusion -id: 5cf9e456-3c79-4d1c-a926-a5a2d20b6f26 -Author: Subhash Popuri (@pbssubhash) +id: 568d0a33-0052-47bc-a04e-8f7e8f05e12d +author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Directory traversal vulnerability in the Preventive & Reservation (com_preventive) diff --git a/rules/web/web_cve_CVE-2010-1495.yaml b/rules/web/web_cve_CVE-2010-1495.yaml index db0c2483e..b33408623 100644 --- a/rules/web/web_cve_CVE-2010-1495.yaml +++ b/rules/web/web_cve_CVE-2010-1495.yaml @@ -1,6 +1,6 @@ title: CVE-2010-1495:Joomla! Component Matamko 1.01 - Local File Inclusion -id: 807aa121-81eb-418f-9bbb-a215d8c6f0e7 -Author: Subhash Popuri (@pbssubhash) +id: cb3ac5e3-de9e-44b7-b0f5-b18a13ba3c69 +author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Directory traversal vulnerability in the Matamko (com_matamko) component diff --git a/rules/web/web_cve_CVE-2010-1532.yaml b/rules/web/web_cve_CVE-2010-1532.yaml index 76359b0d5..d80c1a206 100644 --- a/rules/web/web_cve_CVE-2010-1532.yaml +++ b/rules/web/web_cve_CVE-2010-1532.yaml @@ -1,6 +1,6 @@ title: CVE-2010-1532:Joomla! Component PowerMail Pro 1.5.3 - Local File Inclusion -id: 3f5ed59b-1944-4325-b675-5ea2441069f1 -Author: Subhash Popuri (@pbssubhash) +id: ea2cd3fd-60fc-4945-be6d-e69340a0159d +author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Directory traversal vulnerability in the givesight PowerMail Pro (com_powermail) diff --git a/rules/web/web_cve_CVE-2010-1533.yaml b/rules/web/web_cve_CVE-2010-1533.yaml index d0566b2f8..1a181a6aa 100644 --- a/rules/web/web_cve_CVE-2010-1533.yaml +++ b/rules/web/web_cve_CVE-2010-1533.yaml @@ -1,6 +1,6 @@ title: CVE-2010-1533:Joomla! Component TweetLA 1.0.1 - Local File Inclusion -id: fb9d6f93-d5ce-45e5-abf4-51b092d082a2 -Author: Subhash Popuri (@pbssubhash) +id: fc58d241-5812-4a66-acad-2c9370fc2975 +author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Directory traversal vulnerability in the TweetLA (com_tweetla) component diff --git a/rules/web/web_cve_CVE-2010-1535.yaml b/rules/web/web_cve_CVE-2010-1535.yaml index 3f94a2df9..80029d7fe 100644 --- a/rules/web/web_cve_CVE-2010-1535.yaml +++ b/rules/web/web_cve_CVE-2010-1535.yaml @@ -1,6 +1,6 @@ title: CVE-2010-1535:Joomla! Component TRAVELbook 1.0.1 - Local File Inclusion -id: 74d51ae3-410b-4654-bb2d-20cca140a39c -Author: Subhash Popuri (@pbssubhash) +id: a4abca47-5c67-4b8c-a549-4e04f43ce751 +author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Directory traversal vulnerability in the TRAVELbook (com_travelbook) diff --git a/rules/web/web_cve_CVE-2010-1602.yaml b/rules/web/web_cve_CVE-2010-1602.yaml index 6703b9a53..aba677241 100644 --- a/rules/web/web_cve_CVE-2010-1602.yaml +++ b/rules/web/web_cve_CVE-2010-1602.yaml @@ -1,6 +1,6 @@ title: CVE-2010-1602:Joomla! Component ZiMB Comment 0.8.1 - Local File Inclusion -id: 78b8be95-2dac-4660-867b-3096670f1801 -Author: Subhash Popuri (@pbssubhash) +id: 25e8e854-0a76-4f55-9b7a-9769ea2dbebc +author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Directory traversal vulnerability in the ZiMB Comment (com_zimbcomment) diff --git a/rules/web/web_cve_CVE-2010-1657.yaml b/rules/web/web_cve_CVE-2010-1657.yaml index 8cc04a140..1772f0c8e 100644 --- a/rules/web/web_cve_CVE-2010-1657.yaml +++ b/rules/web/web_cve_CVE-2010-1657.yaml @@ -1,6 +1,6 @@ title: CVE-2010-1657:Joomla! Component SmartSite 1.0.0 - Local File Inclusion -id: 1b858384-5226-47df-beb9-d9162c63b0da -Author: Subhash Popuri (@pbssubhash) +id: 4fbedbee-ea11-4a65-9c25-bbb0d74f58fe +author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Directory traversal vulnerability in the SmartSite (com_smartsite) component diff --git a/rules/web/web_cve_CVE-2010-1718.yaml b/rules/web/web_cve_CVE-2010-1718.yaml index 22aa34014..9e4d9a4ad 100644 --- a/rules/web/web_cve_CVE-2010-1718.yaml +++ b/rules/web/web_cve_CVE-2010-1718.yaml @@ -1,6 +1,6 @@ title: CVE-2010-1718:Joomla! Component Archery Scores 1.0.6 - Local File Inclusion -id: 7f99cad1-85b6-4521-801e-aa27fa249207 -Author: Subhash Popuri (@pbssubhash) +id: 92b06e2a-66ae-47b3-a135-fd2759f05902 +author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Directory traversal vulnerability in archeryscores.php in the Archery diff --git a/rules/web/web_cve_CVE-2010-1722.yaml b/rules/web/web_cve_CVE-2010-1722.yaml index 0fc9c72ae..a7765c23c 100644 --- a/rules/web/web_cve_CVE-2010-1722.yaml +++ b/rules/web/web_cve_CVE-2010-1722.yaml @@ -1,6 +1,6 @@ title: CVE-2010-1722:Joomla! Component Online Market 2.x - Local File Inclusion -id: 2de26e96-5594-4743-a74b-d8687d807efa -Author: Subhash Popuri (@pbssubhash) +id: b0d9873c-08fc-4389-89aa-751d7d8d682e +author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Directory traversal vulnerability in the Online Market (com_market) component diff --git a/rules/web/web_cve_CVE-2010-1875.yaml b/rules/web/web_cve_CVE-2010-1875.yaml index d85a45fc9..e38a061a8 100644 --- a/rules/web/web_cve_CVE-2010-1875.yaml +++ b/rules/web/web_cve_CVE-2010-1875.yaml @@ -1,6 +1,6 @@ title: CVE-2010-1875:Joomla! Component Property - Local File Inclusion -id: b2fa9b8b-da34-4598-b0dd-a77e409f786a -Author: Subhash Popuri (@pbssubhash) +id: 454a58b3-a30a-4577-8175-a93d0febcb34 +author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Directory traversal vulnerability in the Real Estate Property (com_properties) diff --git a/rules/web/web_cve_CVE-2010-1953.yaml b/rules/web/web_cve_CVE-2010-1953.yaml index 7317ab8ed..b5cb130b3 100644 --- a/rules/web/web_cve_CVE-2010-1953.yaml +++ b/rules/web/web_cve_CVE-2010-1953.yaml @@ -1,6 +1,6 @@ title: CVE-2010-1953:Joomla! Component iNetLanka Multiple Map 1.0 - Local File Inclusion -id: 0dcfbc60-2e37-4b43-a916-19cb2b8566d1 -Author: Subhash Popuri (@pbssubhash) +id: e8b2e18e-5a9e-429e-9cd3-a839701736dc +author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Directory traversal vulnerability in the iNetLanka Multiple Map (com_multimap) diff --git a/rules/web/web_cve_CVE-2010-1954.yaml b/rules/web/web_cve_CVE-2010-1954.yaml index 4b769808f..4b1a6939a 100644 --- a/rules/web/web_cve_CVE-2010-1954.yaml +++ b/rules/web/web_cve_CVE-2010-1954.yaml @@ -1,6 +1,6 @@ title: CVE-2010-1954:Joomla! Component iNetLanka Multiple root 1.0 - Local File Inclusion -id: b669a952-66dd-4336-9372-1a91f0f7df69 -Author: Subhash Popuri (@pbssubhash) +id: be925ca8-6808-4c32-951d-6069597c2cab +author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Directory traversal vulnerability in the iNetLanka Multiple root (com_multiroot) diff --git a/rules/web/web_cve_CVE-2010-1955.yaml b/rules/web/web_cve_CVE-2010-1955.yaml index cfbab60f0..fb9bb13f6 100644 --- a/rules/web/web_cve_CVE-2010-1955.yaml +++ b/rules/web/web_cve_CVE-2010-1955.yaml @@ -1,6 +1,6 @@ title: CVE-2010-1955:Joomla! Component Deluxe Blog Factory 1.1.2 - Local File Inclusion -id: 25f05d16-2cb0-442b-9902-d3ad8cff11f7 -Author: Subhash Popuri (@pbssubhash) +id: 9d34dee7-212f-49a0-a1fe-41b37ea241d9 +author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Directory traversal vulnerability in the Deluxe Blog Factory (com_blogfactory) diff --git a/rules/web/web_cve_CVE-2010-1979.yaml b/rules/web/web_cve_CVE-2010-1979.yaml index 02ca8a2aa..a88364c80 100644 --- a/rules/web/web_cve_CVE-2010-1979.yaml +++ b/rules/web/web_cve_CVE-2010-1979.yaml @@ -1,6 +1,6 @@ title: CVE-2010-1979:Joomla! Component Affiliate Datafeeds 880 - Local File Inclusion -id: 8d003d22-516d-445b-a8cf-809065ec3d2a -Author: Subhash Popuri (@pbssubhash) +id: 4ccbb33d-d6d9-4f18-bc7f-502bd3cc9481 +author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Directory traversal vulnerability in the Affiliate Datafeeds (com_datafeeds) diff --git a/rules/web/web_cve_CVE-2010-1983.yaml b/rules/web/web_cve_CVE-2010-1983.yaml index e3de690f0..7543adad6 100644 --- a/rules/web/web_cve_CVE-2010-1983.yaml +++ b/rules/web/web_cve_CVE-2010-1983.yaml @@ -1,6 +1,6 @@ title: CVE-2010-1983:Joomla! Component redTWITTER 1.0 - Local File Inclusion -id: ef76c1fe-3653-4530-b55b-0676b399c927 -Author: Subhash Popuri (@pbssubhash) +id: fae044ae-fe67-4a83-809f-7a3203ee1a6d +author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Directory traversal vulnerability in the redTWITTER (com_redtwitter) diff --git a/rules/web/web_cve_CVE-2010-2033.yaml b/rules/web/web_cve_CVE-2010-2033.yaml index 12a5c02e7..bcb492f12 100644 --- a/rules/web/web_cve_CVE-2010-2033.yaml +++ b/rules/web/web_cve_CVE-2010-2033.yaml @@ -1,6 +1,6 @@ title: CVE-2010-2033:Joomla Percha Categories Tree 0.6 - Local File Inclusion -id: f953c147-a017-4f36-a20f-64c8bf4ec31a -Author: Subhash Popuri (@pbssubhash) +id: 80fca714-f31f-48e7-82cd-07bb3ed0917d +author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Directory traversal vulnerability in the Percha Fields Attach (com_perchafieldsattach) diff --git a/rules/web/web_cve_CVE-2010-2036.yaml b/rules/web/web_cve_CVE-2010-2036.yaml index 0057029cb..58d3c3104 100644 --- a/rules/web/web_cve_CVE-2010-2036.yaml +++ b/rules/web/web_cve_CVE-2010-2036.yaml @@ -1,6 +1,6 @@ title: CVE-2010-2036:Joomla! Component Percha Fields Attach 1.0 - Directory Traversal -id: 3036ae41-8549-429e-ba64-a3dd5991f7f2 -Author: Subhash Popuri (@pbssubhash) +id: b86f1914-f00b-4ba3-8f0b-3db29399d4d7 +author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Directory traversal vulnerability in the Percha Fields Attach (com_perchafieldsattach) diff --git a/rules/web/web_cve_CVE-2010-2259.yaml b/rules/web/web_cve_CVE-2010-2259.yaml index 2dd1e1739..55e68a9ed 100644 --- a/rules/web/web_cve_CVE-2010-2259.yaml +++ b/rules/web/web_cve_CVE-2010-2259.yaml @@ -1,6 +1,6 @@ title: CVE-2010-2259:Joomla! Component com_bfsurvey - Local File Inclusion -id: 9876750e-ffd6-41a6-9486-31f17db8ab87 -Author: Subhash Popuri (@pbssubhash) +id: a95a2207-33da-40df-a4ab-f8a53d8e99d9 +author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Directory traversal vulnerability in the BF Survey (com_bfsurvey) component diff --git a/rules/web/web_cve_CVE-2010-2307.yaml b/rules/web/web_cve_CVE-2010-2307.yaml index 221de5f32..3b4a10bec 100644 --- a/rules/web/web_cve_CVE-2010-2307.yaml +++ b/rules/web/web_cve_CVE-2010-2307.yaml @@ -1,7 +1,7 @@ title: CVE-2010-2307:Motorola SBV6120E SURFboard Digital Voice Modem SBV6X2X-1.0.0.5-SCM - Directory Traversal -id: c2979f47-e361-4ce4-9f69-8a6a8bdf8916 -Author: Subhash Popuri (@pbssubhash) +id: 6251acca-594f-48d0-8ec8-6f156c844e6e +author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Multiple directory traversal vulnerabilities in the web server for Motorola diff --git a/rules/web/web_cve_CVE-2010-2682.yaml b/rules/web/web_cve_CVE-2010-2682.yaml index af009d5ee..170858c7f 100644 --- a/rules/web/web_cve_CVE-2010-2682.yaml +++ b/rules/web/web_cve_CVE-2010-2682.yaml @@ -1,6 +1,6 @@ title: CVE-2010-2682:Joomla! Component Realtyna Translator 1.0.15 - Local File Inclusion -id: a6e33159-2c73-4bde-b40c-cf013d639d8c -Author: Subhash Popuri (@pbssubhash) +id: 1f409782-791f-4d8b-a63b-d0d713463cdb +author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Directory traversal vulnerability in the Realtyna Translator (com_realtyna) diff --git a/rules/web/web_cve_CVE-2010-2861.yaml b/rules/web/web_cve_CVE-2010-2861.yaml index 57ec00fa6..40081783e 100644 --- a/rules/web/web_cve_CVE-2010-2861.yaml +++ b/rules/web/web_cve_CVE-2010-2861.yaml @@ -1,6 +1,6 @@ title: CVE-2010-2861:Adobe ColdFusion 8.0/8.0.1/9.0/9.0.1 LFI -id: 422116aa-40e3-4e44-a32f-b6c6f5855200 -Author: Subhash Popuri (@pbssubhash) +id: 7ceb4e78-34fa-48a5-be21-a50307631d19 +author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Multiple directory traversal vulnerabilities in the administrator console diff --git a/rules/web/web_cve_CVE-2010-3426.yaml b/rules/web/web_cve_CVE-2010-3426.yaml index e6d0e9303..42379e8aa 100644 --- a/rules/web/web_cve_CVE-2010-3426.yaml +++ b/rules/web/web_cve_CVE-2010-3426.yaml @@ -1,6 +1,6 @@ title: CVE-2010-3426:Joomla! Component Jphone 1.0 Alpha 3 - Local File Inclusion -id: 542e1a33-d6b0-4843-9a27-ad846c2daf22 -Author: Subhash Popuri (@pbssubhash) +id: a991b845-3035-492c-914d-0cb7b0e7bd10 +author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Directory traversal vulnerability in jphone.php in the JPhone (com_jphone) diff --git a/rules/web/web_cve_CVE-2010-4231.yaml b/rules/web/web_cve_CVE-2010-4231.yaml index 436138ed9..dbe3d7256 100644 --- a/rules/web/web_cve_CVE-2010-4231.yaml +++ b/rules/web/web_cve_CVE-2010-4231.yaml @@ -1,6 +1,6 @@ title: CVE-2010-4231:Camtron CMNC-200 IP Camera - Directory Traversal -id: aa46c601-90ce-48b3-b45e-c56eefd86134 -Author: Subhash Popuri (@pbssubhash) +id: 8c7f0cbc-c7cd-4bb5-87ef-9e2ff125b7d8 +author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: The CMNC-200 IP Camera has a built-in web server that is enabled by default. diff --git a/rules/web/web_cve_CVE-2010-4617.yaml b/rules/web/web_cve_CVE-2010-4617.yaml index f925c8532..f31d54183 100644 --- a/rules/web/web_cve_CVE-2010-4617.yaml +++ b/rules/web/web_cve_CVE-2010-4617.yaml @@ -1,6 +1,6 @@ title: CVE-2010-4617:Joomla! Component JotLoader 2.2.1 - Local File Inclusion -id: 44d2ed53-964a-420c-a410-c4d44356a0f4 -Author: Subhash Popuri (@pbssubhash) +id: 35c29803-4068-4a64-a007-d2b6984f8c58 +author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Directory traversal vulnerability in the JotLoader (com_jotloader) component diff --git a/rules/web/web_cve_CVE-2010-5278.yaml b/rules/web/web_cve_CVE-2010-5278.yaml index e8c0a733e..fd292926b 100644 --- a/rules/web/web_cve_CVE-2010-5278.yaml +++ b/rules/web/web_cve_CVE-2010-5278.yaml @@ -1,6 +1,6 @@ title: CVE-2010-5278:MODx manager - Local File Inclusion -id: 0ed9f57e-d400-4f95-aaa4-6356b8e7eaeb -Author: Subhash Popuri (@pbssubhash) +id: 5e042bf8-67ea-4455-8b75-07c57d7ccdad +author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Directory traversal vulnerability in manager/controllers/default/resource/tvs.php From 25bcf1695d346ffd29e372b1f932ad3eefb1d3f8 Mon Sep 17 00:00:00 2001 From: pbssubhash Date: Wed, 25 Aug 2021 21:39:20 +0530 Subject: [PATCH 05/17] Changed title to reduce the chars --- ...ve_CVE-2010-0943 exploitation attempt.yaml | 25 +++++++++++++++++ ...ve_CVE-2010-0944 exploitation attempt.yaml | 25 +++++++++++++++++ ...ve_CVE-2010-1306 exploitation attempt.yaml | 23 ++++++++++++++++ ...ve_CVE-2010-1314 exploitation attempt.yaml | 23 ++++++++++++++++ ...ve_CVE-2010-1345 exploitation attempt.yaml | 23 ++++++++++++++++ ...ve_CVE-2010-1353 exploitation attempt.yaml | 25 +++++++++++++++++ ...ve_CVE-2010-1474 exploitation attempt.yaml | 26 ++++++++++++++++++ ...ve_CVE-2010-1475 exploitation attempt.yaml | 24 +++++++++++++++++ ...ve_CVE-2010-1495 exploitation attempt.yaml | 25 +++++++++++++++++ ...ve_CVE-2010-1532 exploitation attempt.yaml | 24 +++++++++++++++++ ...ve_CVE-2010-1533 exploitation attempt.yaml | 23 ++++++++++++++++ ...ve_CVE-2010-1535 exploitation attempt.yaml | 24 +++++++++++++++++ ...ve_CVE-2010-1602 exploitation attempt.yaml | 26 ++++++++++++++++++ ...ve_CVE-2010-1657 exploitation attempt.yaml | 25 +++++++++++++++++ ...ve_CVE-2010-1718 exploitation attempt.yaml | 24 +++++++++++++++++ ...ve_CVE-2010-1722 exploitation attempt.yaml | 25 +++++++++++++++++ ...ve_CVE-2010-1875 exploitation attempt.yaml | 26 ++++++++++++++++++ ...ve_CVE-2010-1953 exploitation attempt.yaml | 25 +++++++++++++++++ ...ve_CVE-2010-1954 exploitation attempt.yaml | 23 ++++++++++++++++ ...ve_CVE-2010-1955 exploitation attempt.yaml | 25 +++++++++++++++++ ...ve_CVE-2010-1979 exploitation attempt.yaml | 25 +++++++++++++++++ ...ve_CVE-2010-1983 exploitation attempt.yaml | 25 +++++++++++++++++ ...ve_CVE-2010-2033 exploitation attempt.yaml | 26 ++++++++++++++++++ ...ve_CVE-2010-2036 exploitation attempt.yaml | 26 ++++++++++++++++++ ...ve_CVE-2010-2259 exploitation attempt.yaml | 25 +++++++++++++++++ ...ve_CVE-2010-2307 exploitation attempt.yaml | 26 ++++++++++++++++++ ...ve_CVE-2010-2682 exploitation attempt.yaml | 26 ++++++++++++++++++ ...ve_CVE-2010-2861 exploitation attempt.yaml | 27 +++++++++++++++++++ ...ve_CVE-2010-3426 exploitation attempt.yaml | 23 ++++++++++++++++ ...ve_CVE-2010-4231 exploitation attempt.yaml | 25 +++++++++++++++++ ...ve_CVE-2010-4617 exploitation attempt.yaml | 25 +++++++++++++++++ ...ve_CVE-2010-5278 exploitation attempt.yaml | 26 ++++++++++++++++++ 32 files changed, 794 insertions(+) create mode 100644 rules/web/web_cve_CVE-2010-0943 exploitation attempt.yaml create mode 100644 rules/web/web_cve_CVE-2010-0944 exploitation attempt.yaml create mode 100644 rules/web/web_cve_CVE-2010-1306 exploitation attempt.yaml create mode 100644 rules/web/web_cve_CVE-2010-1314 exploitation attempt.yaml create mode 100644 rules/web/web_cve_CVE-2010-1345 exploitation attempt.yaml create mode 100644 rules/web/web_cve_CVE-2010-1353 exploitation attempt.yaml create mode 100644 rules/web/web_cve_CVE-2010-1474 exploitation attempt.yaml create mode 100644 rules/web/web_cve_CVE-2010-1475 exploitation attempt.yaml create mode 100644 rules/web/web_cve_CVE-2010-1495 exploitation attempt.yaml create mode 100644 rules/web/web_cve_CVE-2010-1532 exploitation attempt.yaml create mode 100644 rules/web/web_cve_CVE-2010-1533 exploitation attempt.yaml create mode 100644 rules/web/web_cve_CVE-2010-1535 exploitation attempt.yaml create mode 100644 rules/web/web_cve_CVE-2010-1602 exploitation attempt.yaml create mode 100644 rules/web/web_cve_CVE-2010-1657 exploitation attempt.yaml create mode 100644 rules/web/web_cve_CVE-2010-1718 exploitation attempt.yaml create mode 100644 rules/web/web_cve_CVE-2010-1722 exploitation attempt.yaml create mode 100644 rules/web/web_cve_CVE-2010-1875 exploitation attempt.yaml create mode 100644 rules/web/web_cve_CVE-2010-1953 exploitation attempt.yaml create mode 100644 rules/web/web_cve_CVE-2010-1954 exploitation attempt.yaml create mode 100644 rules/web/web_cve_CVE-2010-1955 exploitation attempt.yaml create mode 100644 rules/web/web_cve_CVE-2010-1979 exploitation attempt.yaml create mode 100644 rules/web/web_cve_CVE-2010-1983 exploitation attempt.yaml create mode 100644 rules/web/web_cve_CVE-2010-2033 exploitation attempt.yaml create mode 100644 rules/web/web_cve_CVE-2010-2036 exploitation attempt.yaml create mode 100644 rules/web/web_cve_CVE-2010-2259 exploitation attempt.yaml create mode 100644 rules/web/web_cve_CVE-2010-2307 exploitation attempt.yaml create mode 100644 rules/web/web_cve_CVE-2010-2682 exploitation attempt.yaml create mode 100644 rules/web/web_cve_CVE-2010-2861 exploitation attempt.yaml create mode 100644 rules/web/web_cve_CVE-2010-3426 exploitation attempt.yaml create mode 100644 rules/web/web_cve_CVE-2010-4231 exploitation attempt.yaml create mode 100644 rules/web/web_cve_CVE-2010-4617 exploitation attempt.yaml create mode 100644 rules/web/web_cve_CVE-2010-5278 exploitation attempt.yaml diff --git a/rules/web/web_cve_CVE-2010-0943 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-0943 exploitation attempt.yaml new file mode 100644 index 000000000..d6be923ac --- /dev/null +++ b/rules/web/web_cve_CVE-2010-0943 exploitation attempt.yaml @@ -0,0 +1,25 @@ +title: CVE-2010-0943 exploitation attempt +id: 63b70c55-0d7a-4e2f-a130-11028352b6ff +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Directory traversal vulnerability in the JA Showcase (com_jashowcase) + component for Joomla! allows remote attackers to read arbitrary files via a .. (dot + dot) in the controller parameter in a jashowcase action to index.php. +references: +- https://www.exploit-db.com/exploits/11090 +- https://www.cvedetails.com/cve/CVE-2010-0943 +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_jashowcase&view=jashowcase&controller=../../../../../../../etc/passwd%00 + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-0944 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-0944 exploitation attempt.yaml new file mode 100644 index 000000000..c38d952b9 --- /dev/null +++ b/rules/web/web_cve_CVE-2010-0944 exploitation attempt.yaml @@ -0,0 +1,25 @@ +title: CVE-2010-0944 exploitation attempt +id: d30903f7-cb51-445f-81a1-f2948f5fb763 +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Directory traversal vulnerability in the JCollection (com_jcollection) + component for Joomla! allows remote attackers to read arbitrary files via a .. (dot + dot) in the controller parameter to index.php. +references: +- https://www.exploit-db.com/exploits/11088 +- https://www.cvedetails.com/cve/CVE-2010-0944 +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_jcollection&controller=../../../../../../../etc/passwd%00 + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-1306 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-1306 exploitation attempt.yaml new file mode 100644 index 000000000..70431ad78 --- /dev/null +++ b/rules/web/web_cve_CVE-2010-1306 exploitation attempt.yaml @@ -0,0 +1,23 @@ +title: CVE-2010-1306 exploitation attempt +id: a12a5acd-3ebf-46b8-9ff3-95daeb84b801 +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Directory traversal vulnerability in the Picasa (com_joomlapicasa2) component + 2.0 and 2.0.5 for Joomla! allows remote attackers to read arbitrary local files + via a .. (dot dot) in the controller parameter to index.php. +references: +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_joomlapicasa2&controller=../../../../../etc/passwd%00 + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-1314 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-1314 exploitation attempt.yaml new file mode 100644 index 000000000..7faa239f0 --- /dev/null +++ b/rules/web/web_cve_CVE-2010-1314 exploitation attempt.yaml @@ -0,0 +1,23 @@ +title: CVE-2010-1314 exploitation attempt +id: 24c87e4f-7206-451a-9164-364ca4f3c388 +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Directory traversal vulnerability in the Highslide JS (com_hsconfig) + component 1.5 and 2.0.9 for Joomla! allows remote attackers to read arbitrary files + via a .. (dot dot) in the controller parameter to index.php. +references: +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_hsconfig&controller=../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-1345 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-1345 exploitation attempt.yaml new file mode 100644 index 000000000..25b32926f --- /dev/null +++ b/rules/web/web_cve_CVE-2010-1345 exploitation attempt.yaml @@ -0,0 +1,23 @@ +title: CVE-2010-1345 exploitation attempt +id: 5f723f65-f584-49f3-87c0-7babbae20d9d +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Directory traversal vulnerability in the Cookex Agency CKForms (com_ckforms) + component 1.3.3 for Joomla! allows remote attackers to read arbitrary files via + a .. (dot dot) in the controller parameter to index.php. +references: +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_ckforms&controller=../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-1353 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-1353 exploitation attempt.yaml new file mode 100644 index 000000000..1ba62bda9 --- /dev/null +++ b/rules/web/web_cve_CVE-2010-1353 exploitation attempt.yaml @@ -0,0 +1,25 @@ +title: CVE-2010-1353 exploitation attempt +id: 26d15692-1cfc-4427-8e7d-9a364c2628f3 +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Directory traversal vulnerability in the LoginBox Pro (com_loginbox) + component for Joomla! allows remote attackers to read arbitrary files via a .. (dot + dot) in the view parameter to index.php. +references: +- https://www.exploit-db.com/exploits/12068 +- https://www.cvedetails.com/cve/CVE-2010-1353 +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_loginbox&view=../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-1474 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-1474 exploitation attempt.yaml new file mode 100644 index 000000000..21b6dc419 --- /dev/null +++ b/rules/web/web_cve_CVE-2010-1474 exploitation attempt.yaml @@ -0,0 +1,26 @@ +title: CVE-2010-1474 exploitation attempt +id: 5b50ffc4-dde4-4905-9da9-eb499ee53971 +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Directory traversal vulnerability in the Sweety Keeper (com_sweetykeeper) + component 1.5.x for Joomla! allows remote attackers to read arbitrary files and + possibly have unspecified other impact via a .. (dot dot) in the controller parameter + to index.php. +references: +- https://www.exploit-db.com/exploits/12182 +- https://www.cvedetails.com/cve/CVE-2010-1474 +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_sweetykeeper&controller=../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-1475 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-1475 exploitation attempt.yaml new file mode 100644 index 000000000..4786c6854 --- /dev/null +++ b/rules/web/web_cve_CVE-2010-1475 exploitation attempt.yaml @@ -0,0 +1,24 @@ +title: CVE-2010-1475 exploitation attempt +id: 69295f5a-428a-47d6-bf4d-a93bb23270ca +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Directory traversal vulnerability in the Preventive & Reservation (com_preventive) + component 1.0.5 for Joomla! allows remote attackers to read arbitrary files and + possibly have unspecified other impact via a .. (dot dot) in the controller parameter + to index.php. +references: +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_preventive&controller==../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-1495 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-1495 exploitation attempt.yaml new file mode 100644 index 000000000..9e3ef52af --- /dev/null +++ b/rules/web/web_cve_CVE-2010-1495 exploitation attempt.yaml @@ -0,0 +1,25 @@ +title: CVE-2010-1495 exploitation attempt +id: e21410ad-5016-457a-a48f-2da871951471 +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Directory traversal vulnerability in the Matamko (com_matamko) component + 1.01 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) + in the controller parameter to index.php. +references: +- https://www.exploit-db.com/exploits/12286 +- https://www.cvedetails.com/cve/CVE-2010-1495 +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_matamko&controller=../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-1532 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-1532 exploitation attempt.yaml new file mode 100644 index 000000000..bb5f49b8f --- /dev/null +++ b/rules/web/web_cve_CVE-2010-1532 exploitation attempt.yaml @@ -0,0 +1,24 @@ +title: CVE-2010-1532 exploitation attempt +id: 92b23f0b-aa99-497a-a0f1-f7e632bcad7b +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Directory traversal vulnerability in the givesight PowerMail Pro (com_powermail) + component 1.5.3 for Joomla! allows remote attackers to read arbitrary files and + possibly have unspecified other impact via a .. (dot dot) in the controller parameter + to index.php. +references: +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_powermail&controller=../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-1533 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-1533 exploitation attempt.yaml new file mode 100644 index 000000000..31ae93363 --- /dev/null +++ b/rules/web/web_cve_CVE-2010-1533 exploitation attempt.yaml @@ -0,0 +1,23 @@ +title: CVE-2010-1533 exploitation attempt +id: 2e547af2-0fb1-4d26-829e-fb42d959133c +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Directory traversal vulnerability in the TweetLA (com_tweetla) component + 1.0.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot + dot) in the controller parameter to index.php. +references: +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_tweetla&controller=../../../../../../../etc/passwd%00 + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-1535 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-1535 exploitation attempt.yaml new file mode 100644 index 000000000..d2ee67cdd --- /dev/null +++ b/rules/web/web_cve_CVE-2010-1535 exploitation attempt.yaml @@ -0,0 +1,24 @@ +title: CVE-2010-1535 exploitation attempt +id: 7dbde0a0-bd74-47ba-85f7-32093ffbd50c +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Directory traversal vulnerability in the TRAVELbook (com_travelbook) + component 1.0.1 for Joomla! allows remote attackers to read arbitrary files and + possibly have unspecified other impact via a .. (dot dot) in the controller parameter + to index.php. +references: +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_travelbook&controller=../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-1602 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-1602 exploitation attempt.yaml new file mode 100644 index 000000000..564faaf91 --- /dev/null +++ b/rules/web/web_cve_CVE-2010-1602 exploitation attempt.yaml @@ -0,0 +1,26 @@ +title: CVE-2010-1602 exploitation attempt +id: d79bf48d-2705-4da1-929b-37e07764998f +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Directory traversal vulnerability in the ZiMB Comment (com_zimbcomment) + component 0.8.1 for Joomla! allows remote attackers to read arbitrary files and + possibly have unspecified other impact via a .. (dot dot) in the controller parameter + to index.php. +references: +- https://www.exploit-db.com/exploits/12283 +- https://www.cvedetails.com/cve/CVE-2010-1602 +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_zimbcomment&controller=../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-1657 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-1657 exploitation attempt.yaml new file mode 100644 index 000000000..447bbe514 --- /dev/null +++ b/rules/web/web_cve_CVE-2010-1657 exploitation attempt.yaml @@ -0,0 +1,25 @@ +title: CVE-2010-1657 exploitation attempt +id: 7bdc9bd3-8dcd-4187-ab28-98b20cc1d020 +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Directory traversal vulnerability in the SmartSite (com_smartsite) component + 1.0.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot + dot) in the controller parameter to index.php. +references: +- https://www.exploit-db.com/exploits/12428 +- https://www.cvedetails.com/cve/CVE-2010-1657 +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_smartsite&controller=../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-1718 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-1718 exploitation attempt.yaml new file mode 100644 index 000000000..148380f12 --- /dev/null +++ b/rules/web/web_cve_CVE-2010-1718 exploitation attempt.yaml @@ -0,0 +1,24 @@ +title: CVE-2010-1718 exploitation attempt +id: a538251c-d600-43f3-8051-c3a83a5e8702 +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Directory traversal vulnerability in archeryscores.php in the Archery + Scores (com_archeryscores) component 1.0.6 for Joomla! allows remote attackers to + include and execute arbitrary local files via a .. (dot dot) in the controller parameter + to index.php. +references: +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_archeryscores&controller=../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-1722 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-1722 exploitation attempt.yaml new file mode 100644 index 000000000..941793208 --- /dev/null +++ b/rules/web/web_cve_CVE-2010-1722 exploitation attempt.yaml @@ -0,0 +1,25 @@ +title: CVE-2010-1722 exploitation attempt +id: 84715b18-505d-4252-9470-03c98a3006e5 +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Directory traversal vulnerability in the Online Market (com_market) component + 2.x for Joomla! allows remote attackers to read arbitrary files and possibly have + unspecified other impact via a .. (dot dot) in the controller parameter to index.php. +references: +- https://www.exploit-db.com/exploits/12177 +- https://www.cvedetails.com/cve/CVE-2010-1722 +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_market&controller=../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-1875 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-1875 exploitation attempt.yaml new file mode 100644 index 000000000..9bd796a52 --- /dev/null +++ b/rules/web/web_cve_CVE-2010-1875 exploitation attempt.yaml @@ -0,0 +1,26 @@ +title: CVE-2010-1875 exploitation attempt +id: af757e17-ad81-4a28-a551-49c17aa5113a +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Directory traversal vulnerability in the Real Estate Property (com_properties) + component 3.1.22-03 for Joomla! allows remote attackers to read arbitrary files + and possibly have unspecified other impact via a .. (dot dot) in the controller + parameter to index.php. +references: +- https://www.exploit-db.com/exploits/11851 +- https://www.cvedetails.com/cve/CVE-2010-1875 +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_properties&controller=../../../../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-1953 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-1953 exploitation attempt.yaml new file mode 100644 index 000000000..4f10cf4e9 --- /dev/null +++ b/rules/web/web_cve_CVE-2010-1953 exploitation attempt.yaml @@ -0,0 +1,25 @@ +title: CVE-2010-1953 exploitation attempt +id: 0fc4af77-6974-4e50-bf5e-9f175304eb54 +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Directory traversal vulnerability in the iNetLanka Multiple Map (com_multimap) + component 1.0 for Joomla! allows remote attackers to read arbitrary files via a + .. (dot dot) in the controller parameter to index.php. +references: +- https://www.exploit-db.com/exploits/12288 +- https://www.cvedetails.com/cve/CVE-2010-1953 +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_multimap&controller=../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-1954 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-1954 exploitation attempt.yaml new file mode 100644 index 000000000..23ef26198 --- /dev/null +++ b/rules/web/web_cve_CVE-2010-1954 exploitation attempt.yaml @@ -0,0 +1,23 @@ +title: CVE-2010-1954 exploitation attempt +id: 2ccf65c5-e4b3-48f6-961e-93bbd537ca80 +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Directory traversal vulnerability in the iNetLanka Multiple root (com_multiroot) + component 1.0 and 1.1 for Joomla! allows remote attackers to read arbitrary files + via a .. (dot dot) in the controller parameter to index.php. +references: +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_multiroot&controller=../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-1955 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-1955 exploitation attempt.yaml new file mode 100644 index 000000000..10d81d675 --- /dev/null +++ b/rules/web/web_cve_CVE-2010-1955 exploitation attempt.yaml @@ -0,0 +1,25 @@ +title: CVE-2010-1955 exploitation attempt +id: 497c0911-226f-48a1-ac9f-518ffb98e65e +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Directory traversal vulnerability in the Deluxe Blog Factory (com_blogfactory) + component 1.1.2 for Joomla! allows remote attackers to read arbitrary files via + a .. (dot dot) in the controller parameter to index.php. +references: +- https://www.exploit-db.com/exploits/12238 +- https://www.cvedetails.com/cve/CVE-2010-1955 +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_blogfactory&controller=../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-1979 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-1979 exploitation attempt.yaml new file mode 100644 index 000000000..80eb18973 --- /dev/null +++ b/rules/web/web_cve_CVE-2010-1979 exploitation attempt.yaml @@ -0,0 +1,25 @@ +title: CVE-2010-1979 exploitation attempt +id: 5b1c3030-e17b-43b3-b95e-952355a0f43f +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Directory traversal vulnerability in the Affiliate Datafeeds (com_datafeeds) + component build 880 for Joomla! allows remote attackers to read arbitrary files + via a .. (dot dot) in the controller parameter to index.php. +references: +- https://www.exploit-db.com/exploits/12088 +- https://www.cvedetails.com/cve/CVE-2010-1979 +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_datafeeds&controller=../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-1983 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-1983 exploitation attempt.yaml new file mode 100644 index 000000000..a29bfea42 --- /dev/null +++ b/rules/web/web_cve_CVE-2010-1983 exploitation attempt.yaml @@ -0,0 +1,25 @@ +title: CVE-2010-1983 exploitation attempt +id: c4f29c4f-0281-4518-a824-88f259d92ef5 +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Directory traversal vulnerability in the redTWITTER (com_redtwitter) + component 1.0.x including 1.0b11 for Joomla! allows remote attackers to read arbitrary + files via a .. (dot dot) in the view parameter to index.php +references: +- https://www.exploit-db.com/exploits/12055 +- https://www.cvedetails.com/cve/CVE-2010-1983 +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_redtwitter&view=../../../../../../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-2033 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-2033 exploitation attempt.yaml new file mode 100644 index 000000000..20b4dc702 --- /dev/null +++ b/rules/web/web_cve_CVE-2010-2033 exploitation attempt.yaml @@ -0,0 +1,26 @@ +title: CVE-2010-2033 exploitation attempt +id: b5c6267a-7b2e-47c8-84dd-68a89ceb1e64 +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Directory traversal vulnerability in the Percha Fields Attach (com_perchafieldsattach) + component 1.x for Joomla! allows remote attackers to read arbitrary files and possibly + have unspecified other impact via a .. (dot dot) in the controller parameter to + index.php. +references: +- https://packetstormsecurity.com/files/89654/Joomla-Percha-Categories-Tree-0.6-Local-File-Inclusion.html +- https://www.cvedetails.com/cve/CVE-2010-2033 +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_perchacategoriestree&controller=../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-2036 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-2036 exploitation attempt.yaml new file mode 100644 index 000000000..f6c9adca4 --- /dev/null +++ b/rules/web/web_cve_CVE-2010-2036 exploitation attempt.yaml @@ -0,0 +1,26 @@ +title: CVE-2010-2036 exploitation attempt +id: 5f89e5fb-6f87-4fee-96b2-700e987a1c7e +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Directory traversal vulnerability in the Percha Fields Attach (com_perchafieldsattach) + component 1.x for Joomla! allows remote attackers to read arbitrary files and possibly + have unspecified other impact via a .. (dot dot) in the controller parameter to + index.php. +references: +- https://www.exploit-db.com/exploits/34004 +- https://www.cvedetails.com/cve/CVE-2010-2036 +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_perchafieldsattach&controller=../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-2259 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-2259 exploitation attempt.yaml new file mode 100644 index 000000000..70cc525b4 --- /dev/null +++ b/rules/web/web_cve_CVE-2010-2259 exploitation attempt.yaml @@ -0,0 +1,25 @@ +title: CVE-2010-2259 exploitation attempt +id: 7ead4790-e0f8-41fa-bb14-f1d225964fd4 +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Directory traversal vulnerability in the BF Survey (com_bfsurvey) component + for Joomla! allows remote attackers to include and execute arbitrary local files + via a .. (dot dot) in the controller parameter to index.php. +references: +- https://www.exploit-db.com/exploits/10946 +- https://www.cvedetails.com/cve/CVE-2010-2259 +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_bfsurvey&controller=../../../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-2307 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-2307 exploitation attempt.yaml new file mode 100644 index 000000000..32008b7c2 --- /dev/null +++ b/rules/web/web_cve_CVE-2010-2307 exploitation attempt.yaml @@ -0,0 +1,26 @@ +title: CVE-2010-2307 exploitation attempt +id: 6e0a4fc5-c7a5-40c6-a080-bc5a452637a9 +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Multiple directory traversal vulnerabilities in the web server for Motorola + SURFBoard cable modem SBV6120E running firmware SBV6X2X-1.0.0.5-SCM-02-SHPC allow + remote attackers to read arbitrary files via (1) "//" (multiple leading slash), + (2) ../ (dot dot) sequences, and encoded dot dot sequences in a URL request. +references: +- https://www.securityfocus.com/bid/40550/info +- https://nvd.nist.gov/vuln/detail/CVE-2010-2307 +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /../../etc/passwd + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-2682 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-2682 exploitation attempt.yaml new file mode 100644 index 000000000..01e0fedc8 --- /dev/null +++ b/rules/web/web_cve_CVE-2010-2682 exploitation attempt.yaml @@ -0,0 +1,26 @@ +title: CVE-2010-2682 exploitation attempt +id: 5f7ea8cf-47e3-46e6-a173-43a99c904e43 +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Directory traversal vulnerability in the Realtyna Translator (com_realtyna) + component 1.0.15 for Joomla! allows remote attackers to read arbitrary files and + possibly have unspecified other impact via a .. (dot dot) in the controller parameter + to index.php. +references: +- https://www.exploit-db.com/exploits/14017 +- https://www.cvedetails.com/cve/CVE-2010-2682 +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_realtyna&controller=../../../../../../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-2861 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-2861 exploitation attempt.yaml new file mode 100644 index 000000000..7dc8e6df0 --- /dev/null +++ b/rules/web/web_cve_CVE-2010-2861 exploitation attempt.yaml @@ -0,0 +1,27 @@ +title: CVE-2010-2861 exploitation attempt +id: 21032758-8761-4a18-8f66-bace612e2481 +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Multiple directory traversal vulnerabilities in the administrator console + in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files + via the locale parameter to (1) CFIDE/administrator/settings/mappings.cfm, (2) logging/settings.cfm, + (3) datasources/index.cfm, (4) j2eepackaging/editarchive.cfm, and (5) enter.cfm + in CFIDE/administrator/. +references: +- https://github.com/vulhub/vulhub/tree/master/coldfusion/CVE-2010-2861 +- http://www.adobe.com/support/security/bulletins/apsb10-18.html +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /CFIDE/administrator/enter.cfm?locale=../../../../../../../lib/password.properties%00en + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-3426 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-3426 exploitation attempt.yaml new file mode 100644 index 000000000..ad2dab17a --- /dev/null +++ b/rules/web/web_cve_CVE-2010-3426 exploitation attempt.yaml @@ -0,0 +1,23 @@ +title: CVE-2010-3426 exploitation attempt +id: 06621f7e-2987-4625-8c42-d66951a9da9d +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Directory traversal vulnerability in jphone.php in the JPhone (com_jphone) + component 1.0 Alpha 3 for Joomla! allows remote attackers to include and execute + arbitrary local files via a .. (dot dot) in the controller parameter to index.php. +references: +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_jphone&controller=../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-4231 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-4231 exploitation attempt.yaml new file mode 100644 index 000000000..5e4062f30 --- /dev/null +++ b/rules/web/web_cve_CVE-2010-4231 exploitation attempt.yaml @@ -0,0 +1,25 @@ +title: CVE-2010-4231 exploitation attempt +id: 8eb41b36-2b5a-44e0-a44b-b0ebdbff3e1b +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: The CMNC-200 IP Camera has a built-in web server that is enabled by default. + The server is vulnerable to directory transversal attacks, allowing access to any + file on the camera file system. +references: +- https://nvd.nist.gov/vuln/detail/CVE-2010-4231 +- https://www.exploit-db.com/exploits/15505 +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /../../../../../../../../../../../../../etc/passwd + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-4617 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-4617 exploitation attempt.yaml new file mode 100644 index 000000000..080cc8810 --- /dev/null +++ b/rules/web/web_cve_CVE-2010-4617 exploitation attempt.yaml @@ -0,0 +1,25 @@ +title: CVE-2010-4617 exploitation attempt +id: ed14d2cb-8716-4ab1-a819-36d173e617ab +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Directory traversal vulnerability in the JotLoader (com_jotloader) component + 2.2.1 for Joomla! allows remote attackers to read arbitrary files via directory + traversal sequences in the section parameter to index.php. +references: +- https://www.exploit-db.com/exploits/15791 +- https://www.cvedetails.com/cve/CVE-2010-4617 +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_jotloader§ion=../../../../../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-5278 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-5278 exploitation attempt.yaml new file mode 100644 index 000000000..cf20ed0ee --- /dev/null +++ b/rules/web/web_cve_CVE-2010-5278 exploitation attempt.yaml @@ -0,0 +1,26 @@ +title: CVE-2010-5278 exploitation attempt +id: 57bb7f1b-bb41-400d-a6e4-7eb2b70b3593 +Author: Subhash Popuri (@pbssubhash) +date: 25/08/2021 +status: experimental +description: Directory traversal vulnerability in manager/controllers/default/resource/tvs.php + in MODx Revolution 2.0.2-pl, and possibly earlier, when magic_quotes_gpc is disabled, + allows remote attackers to read arbitrary files via a .. (dot dot) in the class_key + parameter. +references: +- https://www.exploit-db.com/exploits/34788 +- https://www.cvedetails.com/cve/CVE-2010-5278 +- https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /manager/controllers/default/resource/tvs.php?class_key=../../../../../../../../../../windows/win.ini%00 + condition: selection +false_positives: +- Scanning from Nuclei +- Penetration Testing Activity +- Unknown +tags: +- attack.initial_access +- attack.t1190 +level: critical From e3331a4d0abbbcde76d10876a3d94ec9c3a23365 Mon Sep 17 00:00:00 2001 From: pbssubhash Date: Wed, 25 Aug 2021 21:40:32 +0530 Subject: [PATCH 06/17] Cleanup --- ...ve_CVE-2010-0943 exploitation attempt.yaml | 25 ----------------- ...ve_CVE-2010-0944 exploitation attempt.yaml | 25 ----------------- ...ve_CVE-2010-1306 exploitation attempt.yaml | 23 ---------------- ...ve_CVE-2010-1314 exploitation attempt.yaml | 23 ---------------- ...ve_CVE-2010-1345 exploitation attempt.yaml | 23 ---------------- ...ve_CVE-2010-1353 exploitation attempt.yaml | 25 ----------------- ...ve_CVE-2010-1474 exploitation attempt.yaml | 26 ------------------ ...ve_CVE-2010-1475 exploitation attempt.yaml | 24 ----------------- ...ve_CVE-2010-1495 exploitation attempt.yaml | 25 ----------------- ...ve_CVE-2010-1532 exploitation attempt.yaml | 24 ----------------- ...ve_CVE-2010-1533 exploitation attempt.yaml | 23 ---------------- ...ve_CVE-2010-1535 exploitation attempt.yaml | 24 ----------------- ...ve_CVE-2010-1602 exploitation attempt.yaml | 26 ------------------ ...ve_CVE-2010-1657 exploitation attempt.yaml | 25 ----------------- ...ve_CVE-2010-1718 exploitation attempt.yaml | 24 ----------------- ...ve_CVE-2010-1722 exploitation attempt.yaml | 25 ----------------- ...ve_CVE-2010-1875 exploitation attempt.yaml | 26 ------------------ ...ve_CVE-2010-1953 exploitation attempt.yaml | 25 ----------------- ...ve_CVE-2010-1954 exploitation attempt.yaml | 23 ---------------- ...ve_CVE-2010-1955 exploitation attempt.yaml | 25 ----------------- ...ve_CVE-2010-1979 exploitation attempt.yaml | 25 ----------------- ...ve_CVE-2010-1983 exploitation attempt.yaml | 25 ----------------- ...ve_CVE-2010-2033 exploitation attempt.yaml | 26 ------------------ ...ve_CVE-2010-2036 exploitation attempt.yaml | 26 ------------------ ...ve_CVE-2010-2259 exploitation attempt.yaml | 25 ----------------- ...ve_CVE-2010-2307 exploitation attempt.yaml | 26 ------------------ ...ve_CVE-2010-2682 exploitation attempt.yaml | 26 ------------------ ...ve_CVE-2010-2861 exploitation attempt.yaml | 27 ------------------- ...ve_CVE-2010-3426 exploitation attempt.yaml | 23 ---------------- ...ve_CVE-2010-4231 exploitation attempt.yaml | 25 ----------------- ...ve_CVE-2010-4617 exploitation attempt.yaml | 25 ----------------- ...ve_CVE-2010-5278 exploitation attempt.yaml | 26 ------------------ 32 files changed, 794 deletions(-) delete mode 100644 rules/web/web_cve_CVE-2010-0943 exploitation attempt.yaml delete mode 100644 rules/web/web_cve_CVE-2010-0944 exploitation attempt.yaml delete mode 100644 rules/web/web_cve_CVE-2010-1306 exploitation attempt.yaml delete mode 100644 rules/web/web_cve_CVE-2010-1314 exploitation attempt.yaml delete mode 100644 rules/web/web_cve_CVE-2010-1345 exploitation attempt.yaml delete mode 100644 rules/web/web_cve_CVE-2010-1353 exploitation attempt.yaml delete mode 100644 rules/web/web_cve_CVE-2010-1474 exploitation attempt.yaml delete mode 100644 rules/web/web_cve_CVE-2010-1475 exploitation attempt.yaml delete mode 100644 rules/web/web_cve_CVE-2010-1495 exploitation attempt.yaml delete mode 100644 rules/web/web_cve_CVE-2010-1532 exploitation attempt.yaml delete mode 100644 rules/web/web_cve_CVE-2010-1533 exploitation attempt.yaml delete mode 100644 rules/web/web_cve_CVE-2010-1535 exploitation attempt.yaml delete mode 100644 rules/web/web_cve_CVE-2010-1602 exploitation attempt.yaml delete mode 100644 rules/web/web_cve_CVE-2010-1657 exploitation attempt.yaml delete mode 100644 rules/web/web_cve_CVE-2010-1718 exploitation attempt.yaml delete mode 100644 rules/web/web_cve_CVE-2010-1722 exploitation attempt.yaml delete mode 100644 rules/web/web_cve_CVE-2010-1875 exploitation attempt.yaml delete mode 100644 rules/web/web_cve_CVE-2010-1953 exploitation attempt.yaml delete mode 100644 rules/web/web_cve_CVE-2010-1954 exploitation attempt.yaml delete mode 100644 rules/web/web_cve_CVE-2010-1955 exploitation attempt.yaml delete mode 100644 rules/web/web_cve_CVE-2010-1979 exploitation attempt.yaml delete mode 100644 rules/web/web_cve_CVE-2010-1983 exploitation attempt.yaml delete mode 100644 rules/web/web_cve_CVE-2010-2033 exploitation attempt.yaml delete mode 100644 rules/web/web_cve_CVE-2010-2036 exploitation attempt.yaml delete mode 100644 rules/web/web_cve_CVE-2010-2259 exploitation attempt.yaml delete mode 100644 rules/web/web_cve_CVE-2010-2307 exploitation attempt.yaml delete mode 100644 rules/web/web_cve_CVE-2010-2682 exploitation attempt.yaml delete mode 100644 rules/web/web_cve_CVE-2010-2861 exploitation attempt.yaml delete mode 100644 rules/web/web_cve_CVE-2010-3426 exploitation attempt.yaml delete mode 100644 rules/web/web_cve_CVE-2010-4231 exploitation attempt.yaml delete mode 100644 rules/web/web_cve_CVE-2010-4617 exploitation attempt.yaml delete mode 100644 rules/web/web_cve_CVE-2010-5278 exploitation attempt.yaml diff --git a/rules/web/web_cve_CVE-2010-0943 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-0943 exploitation attempt.yaml deleted file mode 100644 index d6be923ac..000000000 --- a/rules/web/web_cve_CVE-2010-0943 exploitation attempt.yaml +++ /dev/null @@ -1,25 +0,0 @@ -title: CVE-2010-0943 exploitation attempt -id: 63b70c55-0d7a-4e2f-a130-11028352b6ff -Author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: Directory traversal vulnerability in the JA Showcase (com_jashowcase) - component for Joomla! allows remote attackers to read arbitrary files via a .. (dot - dot) in the controller parameter in a jashowcase action to index.php. -references: -- https://www.exploit-db.com/exploits/11090 -- https://www.cvedetails.com/cve/CVE-2010-0943 -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /index.php?option=com_jashowcase&view=jashowcase&controller=../../../../../../../etc/passwd%00 - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical diff --git a/rules/web/web_cve_CVE-2010-0944 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-0944 exploitation attempt.yaml deleted file mode 100644 index c38d952b9..000000000 --- a/rules/web/web_cve_CVE-2010-0944 exploitation attempt.yaml +++ /dev/null @@ -1,25 +0,0 @@ -title: CVE-2010-0944 exploitation attempt -id: d30903f7-cb51-445f-81a1-f2948f5fb763 -Author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: Directory traversal vulnerability in the JCollection (com_jcollection) - component for Joomla! allows remote attackers to read arbitrary files via a .. (dot - dot) in the controller parameter to index.php. -references: -- https://www.exploit-db.com/exploits/11088 -- https://www.cvedetails.com/cve/CVE-2010-0944 -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /index.php?option=com_jcollection&controller=../../../../../../../etc/passwd%00 - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical diff --git a/rules/web/web_cve_CVE-2010-1306 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-1306 exploitation attempt.yaml deleted file mode 100644 index 70431ad78..000000000 --- a/rules/web/web_cve_CVE-2010-1306 exploitation attempt.yaml +++ /dev/null @@ -1,23 +0,0 @@ -title: CVE-2010-1306 exploitation attempt -id: a12a5acd-3ebf-46b8-9ff3-95daeb84b801 -Author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: Directory traversal vulnerability in the Picasa (com_joomlapicasa2) component - 2.0 and 2.0.5 for Joomla! allows remote attackers to read arbitrary local files - via a .. (dot dot) in the controller parameter to index.php. -references: -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /index.php?option=com_joomlapicasa2&controller=../../../../../etc/passwd%00 - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical diff --git a/rules/web/web_cve_CVE-2010-1314 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-1314 exploitation attempt.yaml deleted file mode 100644 index 7faa239f0..000000000 --- a/rules/web/web_cve_CVE-2010-1314 exploitation attempt.yaml +++ /dev/null @@ -1,23 +0,0 @@ -title: CVE-2010-1314 exploitation attempt -id: 24c87e4f-7206-451a-9164-364ca4f3c388 -Author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: Directory traversal vulnerability in the Highslide JS (com_hsconfig) - component 1.5 and 2.0.9 for Joomla! allows remote attackers to read arbitrary files - via a .. (dot dot) in the controller parameter to index.php. -references: -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /index.php?option=com_hsconfig&controller=../../../../../../../../../../etc/passwd%00 - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical diff --git a/rules/web/web_cve_CVE-2010-1345 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-1345 exploitation attempt.yaml deleted file mode 100644 index 25b32926f..000000000 --- a/rules/web/web_cve_CVE-2010-1345 exploitation attempt.yaml +++ /dev/null @@ -1,23 +0,0 @@ -title: CVE-2010-1345 exploitation attempt -id: 5f723f65-f584-49f3-87c0-7babbae20d9d -Author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: Directory traversal vulnerability in the Cookex Agency CKForms (com_ckforms) - component 1.3.3 for Joomla! allows remote attackers to read arbitrary files via - a .. (dot dot) in the controller parameter to index.php. -references: -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /index.php?option=com_ckforms&controller=../../../../../../../../../../etc/passwd%00 - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical diff --git a/rules/web/web_cve_CVE-2010-1353 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-1353 exploitation attempt.yaml deleted file mode 100644 index 1ba62bda9..000000000 --- a/rules/web/web_cve_CVE-2010-1353 exploitation attempt.yaml +++ /dev/null @@ -1,25 +0,0 @@ -title: CVE-2010-1353 exploitation attempt -id: 26d15692-1cfc-4427-8e7d-9a364c2628f3 -Author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: Directory traversal vulnerability in the LoginBox Pro (com_loginbox) - component for Joomla! allows remote attackers to read arbitrary files via a .. (dot - dot) in the view parameter to index.php. -references: -- https://www.exploit-db.com/exploits/12068 -- https://www.cvedetails.com/cve/CVE-2010-1353 -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /index.php?option=com_loginbox&view=../../../../../../../../../etc/passwd%00 - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical diff --git a/rules/web/web_cve_CVE-2010-1474 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-1474 exploitation attempt.yaml deleted file mode 100644 index 21b6dc419..000000000 --- a/rules/web/web_cve_CVE-2010-1474 exploitation attempt.yaml +++ /dev/null @@ -1,26 +0,0 @@ -title: CVE-2010-1474 exploitation attempt -id: 5b50ffc4-dde4-4905-9da9-eb499ee53971 -Author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: Directory traversal vulnerability in the Sweety Keeper (com_sweetykeeper) - component 1.5.x for Joomla! allows remote attackers to read arbitrary files and - possibly have unspecified other impact via a .. (dot dot) in the controller parameter - to index.php. -references: -- https://www.exploit-db.com/exploits/12182 -- https://www.cvedetails.com/cve/CVE-2010-1474 -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /index.php?option=com_sweetykeeper&controller=../../../../../../../../../../etc/passwd%00 - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical diff --git a/rules/web/web_cve_CVE-2010-1475 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-1475 exploitation attempt.yaml deleted file mode 100644 index 4786c6854..000000000 --- a/rules/web/web_cve_CVE-2010-1475 exploitation attempt.yaml +++ /dev/null @@ -1,24 +0,0 @@ -title: CVE-2010-1475 exploitation attempt -id: 69295f5a-428a-47d6-bf4d-a93bb23270ca -Author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: Directory traversal vulnerability in the Preventive & Reservation (com_preventive) - component 1.0.5 for Joomla! allows remote attackers to read arbitrary files and - possibly have unspecified other impact via a .. (dot dot) in the controller parameter - to index.php. -references: -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /index.php?option=com_preventive&controller==../../../../../../../../../../etc/passwd%00 - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical diff --git a/rules/web/web_cve_CVE-2010-1495 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-1495 exploitation attempt.yaml deleted file mode 100644 index 9e3ef52af..000000000 --- a/rules/web/web_cve_CVE-2010-1495 exploitation attempt.yaml +++ /dev/null @@ -1,25 +0,0 @@ -title: CVE-2010-1495 exploitation attempt -id: e21410ad-5016-457a-a48f-2da871951471 -Author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: Directory traversal vulnerability in the Matamko (com_matamko) component - 1.01 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) - in the controller parameter to index.php. -references: -- https://www.exploit-db.com/exploits/12286 -- https://www.cvedetails.com/cve/CVE-2010-1495 -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /index.php?option=com_matamko&controller=../../../../../../../../../../etc/passwd%00 - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical diff --git a/rules/web/web_cve_CVE-2010-1532 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-1532 exploitation attempt.yaml deleted file mode 100644 index bb5f49b8f..000000000 --- a/rules/web/web_cve_CVE-2010-1532 exploitation attempt.yaml +++ /dev/null @@ -1,24 +0,0 @@ -title: CVE-2010-1532 exploitation attempt -id: 92b23f0b-aa99-497a-a0f1-f7e632bcad7b -Author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: Directory traversal vulnerability in the givesight PowerMail Pro (com_powermail) - component 1.5.3 for Joomla! allows remote attackers to read arbitrary files and - possibly have unspecified other impact via a .. (dot dot) in the controller parameter - to index.php. -references: -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /index.php?option=com_powermail&controller=../../../../../../../../../../etc/passwd%00 - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical diff --git a/rules/web/web_cve_CVE-2010-1533 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-1533 exploitation attempt.yaml deleted file mode 100644 index 31ae93363..000000000 --- a/rules/web/web_cve_CVE-2010-1533 exploitation attempt.yaml +++ /dev/null @@ -1,23 +0,0 @@ -title: CVE-2010-1533 exploitation attempt -id: 2e547af2-0fb1-4d26-829e-fb42d959133c -Author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: Directory traversal vulnerability in the TweetLA (com_tweetla) component - 1.0.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot - dot) in the controller parameter to index.php. -references: -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /index.php?option=com_tweetla&controller=../../../../../../../etc/passwd%00 - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical diff --git a/rules/web/web_cve_CVE-2010-1535 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-1535 exploitation attempt.yaml deleted file mode 100644 index d2ee67cdd..000000000 --- a/rules/web/web_cve_CVE-2010-1535 exploitation attempt.yaml +++ /dev/null @@ -1,24 +0,0 @@ -title: CVE-2010-1535 exploitation attempt -id: 7dbde0a0-bd74-47ba-85f7-32093ffbd50c -Author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: Directory traversal vulnerability in the TRAVELbook (com_travelbook) - component 1.0.1 for Joomla! allows remote attackers to read arbitrary files and - possibly have unspecified other impact via a .. (dot dot) in the controller parameter - to index.php. -references: -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /index.php?option=com_travelbook&controller=../../../../../../../../../../etc/passwd%00 - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical diff --git a/rules/web/web_cve_CVE-2010-1602 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-1602 exploitation attempt.yaml deleted file mode 100644 index 564faaf91..000000000 --- a/rules/web/web_cve_CVE-2010-1602 exploitation attempt.yaml +++ /dev/null @@ -1,26 +0,0 @@ -title: CVE-2010-1602 exploitation attempt -id: d79bf48d-2705-4da1-929b-37e07764998f -Author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: Directory traversal vulnerability in the ZiMB Comment (com_zimbcomment) - component 0.8.1 for Joomla! allows remote attackers to read arbitrary files and - possibly have unspecified other impact via a .. (dot dot) in the controller parameter - to index.php. -references: -- https://www.exploit-db.com/exploits/12283 -- https://www.cvedetails.com/cve/CVE-2010-1602 -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /index.php?option=com_zimbcomment&controller=../../../../../../../../../../etc/passwd%00 - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical diff --git a/rules/web/web_cve_CVE-2010-1657 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-1657 exploitation attempt.yaml deleted file mode 100644 index 447bbe514..000000000 --- a/rules/web/web_cve_CVE-2010-1657 exploitation attempt.yaml +++ /dev/null @@ -1,25 +0,0 @@ -title: CVE-2010-1657 exploitation attempt -id: 7bdc9bd3-8dcd-4187-ab28-98b20cc1d020 -Author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: Directory traversal vulnerability in the SmartSite (com_smartsite) component - 1.0.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot - dot) in the controller parameter to index.php. -references: -- https://www.exploit-db.com/exploits/12428 -- https://www.cvedetails.com/cve/CVE-2010-1657 -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /index.php?option=com_smartsite&controller=../../../../../../../../../../etc/passwd%00 - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical diff --git a/rules/web/web_cve_CVE-2010-1718 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-1718 exploitation attempt.yaml deleted file mode 100644 index 148380f12..000000000 --- a/rules/web/web_cve_CVE-2010-1718 exploitation attempt.yaml +++ /dev/null @@ -1,24 +0,0 @@ -title: CVE-2010-1718 exploitation attempt -id: a538251c-d600-43f3-8051-c3a83a5e8702 -Author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: Directory traversal vulnerability in archeryscores.php in the Archery - Scores (com_archeryscores) component 1.0.6 for Joomla! allows remote attackers to - include and execute arbitrary local files via a .. (dot dot) in the controller parameter - to index.php. -references: -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /index.php?option=com_archeryscores&controller=../../../../../../../../../etc/passwd%00 - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical diff --git a/rules/web/web_cve_CVE-2010-1722 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-1722 exploitation attempt.yaml deleted file mode 100644 index 941793208..000000000 --- a/rules/web/web_cve_CVE-2010-1722 exploitation attempt.yaml +++ /dev/null @@ -1,25 +0,0 @@ -title: CVE-2010-1722 exploitation attempt -id: 84715b18-505d-4252-9470-03c98a3006e5 -Author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: Directory traversal vulnerability in the Online Market (com_market) component - 2.x for Joomla! allows remote attackers to read arbitrary files and possibly have - unspecified other impact via a .. (dot dot) in the controller parameter to index.php. -references: -- https://www.exploit-db.com/exploits/12177 -- https://www.cvedetails.com/cve/CVE-2010-1722 -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /index.php?option=com_market&controller=../../../../../../../../../../etc/passwd%00 - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical diff --git a/rules/web/web_cve_CVE-2010-1875 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-1875 exploitation attempt.yaml deleted file mode 100644 index 9bd796a52..000000000 --- a/rules/web/web_cve_CVE-2010-1875 exploitation attempt.yaml +++ /dev/null @@ -1,26 +0,0 @@ -title: CVE-2010-1875 exploitation attempt -id: af757e17-ad81-4a28-a551-49c17aa5113a -Author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: Directory traversal vulnerability in the Real Estate Property (com_properties) - component 3.1.22-03 for Joomla! allows remote attackers to read arbitrary files - and possibly have unspecified other impact via a .. (dot dot) in the controller - parameter to index.php. -references: -- https://www.exploit-db.com/exploits/11851 -- https://www.cvedetails.com/cve/CVE-2010-1875 -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /index.php?option=com_properties&controller=../../../../../../../../../../../../../etc/passwd%00 - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical diff --git a/rules/web/web_cve_CVE-2010-1953 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-1953 exploitation attempt.yaml deleted file mode 100644 index 4f10cf4e9..000000000 --- a/rules/web/web_cve_CVE-2010-1953 exploitation attempt.yaml +++ /dev/null @@ -1,25 +0,0 @@ -title: CVE-2010-1953 exploitation attempt -id: 0fc4af77-6974-4e50-bf5e-9f175304eb54 -Author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: Directory traversal vulnerability in the iNetLanka Multiple Map (com_multimap) - component 1.0 for Joomla! allows remote attackers to read arbitrary files via a - .. (dot dot) in the controller parameter to index.php. -references: -- https://www.exploit-db.com/exploits/12288 -- https://www.cvedetails.com/cve/CVE-2010-1953 -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /index.php?option=com_multimap&controller=../../../../../../../../../../etc/passwd%00 - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical diff --git a/rules/web/web_cve_CVE-2010-1954 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-1954 exploitation attempt.yaml deleted file mode 100644 index 23ef26198..000000000 --- a/rules/web/web_cve_CVE-2010-1954 exploitation attempt.yaml +++ /dev/null @@ -1,23 +0,0 @@ -title: CVE-2010-1954 exploitation attempt -id: 2ccf65c5-e4b3-48f6-961e-93bbd537ca80 -Author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: Directory traversal vulnerability in the iNetLanka Multiple root (com_multiroot) - component 1.0 and 1.1 for Joomla! allows remote attackers to read arbitrary files - via a .. (dot dot) in the controller parameter to index.php. -references: -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /index.php?option=com_multiroot&controller=../../../../../../../../../../etc/passwd%00 - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical diff --git a/rules/web/web_cve_CVE-2010-1955 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-1955 exploitation attempt.yaml deleted file mode 100644 index 10d81d675..000000000 --- a/rules/web/web_cve_CVE-2010-1955 exploitation attempt.yaml +++ /dev/null @@ -1,25 +0,0 @@ -title: CVE-2010-1955 exploitation attempt -id: 497c0911-226f-48a1-ac9f-518ffb98e65e -Author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: Directory traversal vulnerability in the Deluxe Blog Factory (com_blogfactory) - component 1.1.2 for Joomla! allows remote attackers to read arbitrary files via - a .. (dot dot) in the controller parameter to index.php. -references: -- https://www.exploit-db.com/exploits/12238 -- https://www.cvedetails.com/cve/CVE-2010-1955 -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /index.php?option=com_blogfactory&controller=../../../../../../../../../../etc/passwd%00 - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical diff --git a/rules/web/web_cve_CVE-2010-1979 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-1979 exploitation attempt.yaml deleted file mode 100644 index 80eb18973..000000000 --- a/rules/web/web_cve_CVE-2010-1979 exploitation attempt.yaml +++ /dev/null @@ -1,25 +0,0 @@ -title: CVE-2010-1979 exploitation attempt -id: 5b1c3030-e17b-43b3-b95e-952355a0f43f -Author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: Directory traversal vulnerability in the Affiliate Datafeeds (com_datafeeds) - component build 880 for Joomla! allows remote attackers to read arbitrary files - via a .. (dot dot) in the controller parameter to index.php. -references: -- https://www.exploit-db.com/exploits/12088 -- https://www.cvedetails.com/cve/CVE-2010-1979 -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /index.php?option=com_datafeeds&controller=../../../../../../../../../../etc/passwd%00 - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical diff --git a/rules/web/web_cve_CVE-2010-1983 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-1983 exploitation attempt.yaml deleted file mode 100644 index a29bfea42..000000000 --- a/rules/web/web_cve_CVE-2010-1983 exploitation attempt.yaml +++ /dev/null @@ -1,25 +0,0 @@ -title: CVE-2010-1983 exploitation attempt -id: c4f29c4f-0281-4518-a824-88f259d92ef5 -Author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: Directory traversal vulnerability in the redTWITTER (com_redtwitter) - component 1.0.x including 1.0b11 for Joomla! allows remote attackers to read arbitrary - files via a .. (dot dot) in the view parameter to index.php -references: -- https://www.exploit-db.com/exploits/12055 -- https://www.cvedetails.com/cve/CVE-2010-1983 -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /index.php?option=com_redtwitter&view=../../../../../../../../../../../../../../../etc/passwd%00 - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical diff --git a/rules/web/web_cve_CVE-2010-2033 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-2033 exploitation attempt.yaml deleted file mode 100644 index 20b4dc702..000000000 --- a/rules/web/web_cve_CVE-2010-2033 exploitation attempt.yaml +++ /dev/null @@ -1,26 +0,0 @@ -title: CVE-2010-2033 exploitation attempt -id: b5c6267a-7b2e-47c8-84dd-68a89ceb1e64 -Author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: Directory traversal vulnerability in the Percha Fields Attach (com_perchafieldsattach) - component 1.x for Joomla! allows remote attackers to read arbitrary files and possibly - have unspecified other impact via a .. (dot dot) in the controller parameter to - index.php. -references: -- https://packetstormsecurity.com/files/89654/Joomla-Percha-Categories-Tree-0.6-Local-File-Inclusion.html -- https://www.cvedetails.com/cve/CVE-2010-2033 -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /index.php?option=com_perchacategoriestree&controller=../../../../../../../../../../etc/passwd%00 - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical diff --git a/rules/web/web_cve_CVE-2010-2036 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-2036 exploitation attempt.yaml deleted file mode 100644 index f6c9adca4..000000000 --- a/rules/web/web_cve_CVE-2010-2036 exploitation attempt.yaml +++ /dev/null @@ -1,26 +0,0 @@ -title: CVE-2010-2036 exploitation attempt -id: 5f89e5fb-6f87-4fee-96b2-700e987a1c7e -Author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: Directory traversal vulnerability in the Percha Fields Attach (com_perchafieldsattach) - component 1.x for Joomla! allows remote attackers to read arbitrary files and possibly - have unspecified other impact via a .. (dot dot) in the controller parameter to - index.php. -references: -- https://www.exploit-db.com/exploits/34004 -- https://www.cvedetails.com/cve/CVE-2010-2036 -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /index.php?option=com_perchafieldsattach&controller=../../../../../../../../../../etc/passwd%00 - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical diff --git a/rules/web/web_cve_CVE-2010-2259 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-2259 exploitation attempt.yaml deleted file mode 100644 index 70cc525b4..000000000 --- a/rules/web/web_cve_CVE-2010-2259 exploitation attempt.yaml +++ /dev/null @@ -1,25 +0,0 @@ -title: CVE-2010-2259 exploitation attempt -id: 7ead4790-e0f8-41fa-bb14-f1d225964fd4 -Author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: Directory traversal vulnerability in the BF Survey (com_bfsurvey) component - for Joomla! allows remote attackers to include and execute arbitrary local files - via a .. (dot dot) in the controller parameter to index.php. -references: -- https://www.exploit-db.com/exploits/10946 -- https://www.cvedetails.com/cve/CVE-2010-2259 -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /index.php?option=com_bfsurvey&controller=../../../../../../../../../../../../etc/passwd%00 - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical diff --git a/rules/web/web_cve_CVE-2010-2307 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-2307 exploitation attempt.yaml deleted file mode 100644 index 32008b7c2..000000000 --- a/rules/web/web_cve_CVE-2010-2307 exploitation attempt.yaml +++ /dev/null @@ -1,26 +0,0 @@ -title: CVE-2010-2307 exploitation attempt -id: 6e0a4fc5-c7a5-40c6-a080-bc5a452637a9 -Author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: Multiple directory traversal vulnerabilities in the web server for Motorola - SURFBoard cable modem SBV6120E running firmware SBV6X2X-1.0.0.5-SCM-02-SHPC allow - remote attackers to read arbitrary files via (1) "//" (multiple leading slash), - (2) ../ (dot dot) sequences, and encoded dot dot sequences in a URL request. -references: -- https://www.securityfocus.com/bid/40550/info -- https://nvd.nist.gov/vuln/detail/CVE-2010-2307 -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /../../etc/passwd - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical diff --git a/rules/web/web_cve_CVE-2010-2682 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-2682 exploitation attempt.yaml deleted file mode 100644 index 01e0fedc8..000000000 --- a/rules/web/web_cve_CVE-2010-2682 exploitation attempt.yaml +++ /dev/null @@ -1,26 +0,0 @@ -title: CVE-2010-2682 exploitation attempt -id: 5f7ea8cf-47e3-46e6-a173-43a99c904e43 -Author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: Directory traversal vulnerability in the Realtyna Translator (com_realtyna) - component 1.0.15 for Joomla! allows remote attackers to read arbitrary files and - possibly have unspecified other impact via a .. (dot dot) in the controller parameter - to index.php. -references: -- https://www.exploit-db.com/exploits/14017 -- https://www.cvedetails.com/cve/CVE-2010-2682 -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /index.php?option=com_realtyna&controller=../../../../../../../../../../../../../../../etc/passwd%00 - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical diff --git a/rules/web/web_cve_CVE-2010-2861 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-2861 exploitation attempt.yaml deleted file mode 100644 index 7dc8e6df0..000000000 --- a/rules/web/web_cve_CVE-2010-2861 exploitation attempt.yaml +++ /dev/null @@ -1,27 +0,0 @@ -title: CVE-2010-2861 exploitation attempt -id: 21032758-8761-4a18-8f66-bace612e2481 -Author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: Multiple directory traversal vulnerabilities in the administrator console - in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files - via the locale parameter to (1) CFIDE/administrator/settings/mappings.cfm, (2) logging/settings.cfm, - (3) datasources/index.cfm, (4) j2eepackaging/editarchive.cfm, and (5) enter.cfm - in CFIDE/administrator/. -references: -- https://github.com/vulhub/vulhub/tree/master/coldfusion/CVE-2010-2861 -- http://www.adobe.com/support/security/bulletins/apsb10-18.html -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /CFIDE/administrator/enter.cfm?locale=../../../../../../../lib/password.properties%00en - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical diff --git a/rules/web/web_cve_CVE-2010-3426 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-3426 exploitation attempt.yaml deleted file mode 100644 index ad2dab17a..000000000 --- a/rules/web/web_cve_CVE-2010-3426 exploitation attempt.yaml +++ /dev/null @@ -1,23 +0,0 @@ -title: CVE-2010-3426 exploitation attempt -id: 06621f7e-2987-4625-8c42-d66951a9da9d -Author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: Directory traversal vulnerability in jphone.php in the JPhone (com_jphone) - component 1.0 Alpha 3 for Joomla! allows remote attackers to include and execute - arbitrary local files via a .. (dot dot) in the controller parameter to index.php. -references: -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /index.php?option=com_jphone&controller=../../../../../../../../../../etc/passwd%00 - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical diff --git a/rules/web/web_cve_CVE-2010-4231 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-4231 exploitation attempt.yaml deleted file mode 100644 index 5e4062f30..000000000 --- a/rules/web/web_cve_CVE-2010-4231 exploitation attempt.yaml +++ /dev/null @@ -1,25 +0,0 @@ -title: CVE-2010-4231 exploitation attempt -id: 8eb41b36-2b5a-44e0-a44b-b0ebdbff3e1b -Author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: The CMNC-200 IP Camera has a built-in web server that is enabled by default. - The server is vulnerable to directory transversal attacks, allowing access to any - file on the camera file system. -references: -- https://nvd.nist.gov/vuln/detail/CVE-2010-4231 -- https://www.exploit-db.com/exploits/15505 -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /../../../../../../../../../../../../../etc/passwd - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical diff --git a/rules/web/web_cve_CVE-2010-4617 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-4617 exploitation attempt.yaml deleted file mode 100644 index 080cc8810..000000000 --- a/rules/web/web_cve_CVE-2010-4617 exploitation attempt.yaml +++ /dev/null @@ -1,25 +0,0 @@ -title: CVE-2010-4617 exploitation attempt -id: ed14d2cb-8716-4ab1-a819-36d173e617ab -Author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: Directory traversal vulnerability in the JotLoader (com_jotloader) component - 2.2.1 for Joomla! allows remote attackers to read arbitrary files via directory - traversal sequences in the section parameter to index.php. -references: -- https://www.exploit-db.com/exploits/15791 -- https://www.cvedetails.com/cve/CVE-2010-4617 -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /index.php?option=com_jotloader§ion=../../../../../../../../../../../../../../etc/passwd%00 - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical diff --git a/rules/web/web_cve_CVE-2010-5278 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-5278 exploitation attempt.yaml deleted file mode 100644 index cf20ed0ee..000000000 --- a/rules/web/web_cve_CVE-2010-5278 exploitation attempt.yaml +++ /dev/null @@ -1,26 +0,0 @@ -title: CVE-2010-5278 exploitation attempt -id: 57bb7f1b-bb41-400d-a6e4-7eb2b70b3593 -Author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: Directory traversal vulnerability in manager/controllers/default/resource/tvs.php - in MODx Revolution 2.0.2-pl, and possibly earlier, when magic_quotes_gpc is disabled, - allows remote attackers to read arbitrary files via a .. (dot dot) in the class_key - parameter. -references: -- https://www.exploit-db.com/exploits/34788 -- https://www.cvedetails.com/cve/CVE-2010-5278 -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /manager/controllers/default/resource/tvs.php?class_key=../../../../../../../../../../windows/win.ini%00 - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical From 1bb99b4ece04264962895605d6b5fcbb1b34f3cd Mon Sep 17 00:00:00 2001 From: pbssubhash Date: Wed, 25 Aug 2021 21:44:23 +0530 Subject: [PATCH 07/17] Readd --- ...aml => web_cve_CVE-2010-0943_exploitation_attempt.yaml} | 6 +++--- ...aml => web_cve_CVE-2010-0944_exploitation_attempt.yaml} | 6 +++--- ...aml => web_cve_CVE-2010-1306_exploitation_attempt.yaml} | 6 +++--- ...aml => web_cve_CVE-2010-1314_exploitation_attempt.yaml} | 6 +++--- ...aml => web_cve_CVE-2010-1345_exploitation_attempt.yaml} | 6 +++--- ...aml => web_cve_CVE-2010-1353_exploitation_attempt.yaml} | 6 +++--- ...aml => web_cve_CVE-2010-1474_exploitation_attempt.yaml} | 6 +++--- ...aml => web_cve_CVE-2010-1475_exploitation_attempt.yaml} | 7 +++---- ...aml => web_cve_CVE-2010-1495_exploitation_attempt.yaml} | 6 +++--- ...aml => web_cve_CVE-2010-1532_exploitation_attempt.yaml} | 6 +++--- ...aml => web_cve_CVE-2010-1533_exploitation_attempt.yaml} | 6 +++--- ...aml => web_cve_CVE-2010-1535_exploitation_attempt.yaml} | 6 +++--- ...aml => web_cve_CVE-2010-1602_exploitation_attempt.yaml} | 6 +++--- ...aml => web_cve_CVE-2010-1657_exploitation_attempt.yaml} | 6 +++--- ...aml => web_cve_CVE-2010-1718_exploitation_attempt.yaml} | 6 +++--- ...aml => web_cve_CVE-2010-1722_exploitation_attempt.yaml} | 6 +++--- ...aml => web_cve_CVE-2010-1875_exploitation_attempt.yaml} | 6 +++--- ...aml => web_cve_CVE-2010-1953_exploitation_attempt.yaml} | 6 +++--- ...aml => web_cve_CVE-2010-1954_exploitation_attempt.yaml} | 6 +++--- ...aml => web_cve_CVE-2010-1955_exploitation_attempt.yaml} | 6 +++--- ...aml => web_cve_CVE-2010-1979_exploitation_attempt.yaml} | 6 +++--- ...aml => web_cve_CVE-2010-1983_exploitation_attempt.yaml} | 6 +++--- ...aml => web_cve_CVE-2010-2033_exploitation_attempt.yaml} | 6 +++--- ...aml => web_cve_CVE-2010-2036_exploitation_attempt.yaml} | 6 +++--- ...aml => web_cve_CVE-2010-2259_exploitation_attempt.yaml} | 6 +++--- ...aml => web_cve_CVE-2010-2307_exploitation_attempt.yaml} | 7 +++---- ...aml => web_cve_CVE-2010-2682_exploitation_attempt.yaml} | 6 +++--- ...aml => web_cve_CVE-2010-2861_exploitation_attempt.yaml} | 6 +++--- ...aml => web_cve_CVE-2010-3426_exploitation_attempt.yaml} | 6 +++--- ...aml => web_cve_CVE-2010-4231_exploitation_attempt.yaml} | 6 +++--- ...aml => web_cve_CVE-2010-4617_exploitation_attempt.yaml} | 6 +++--- ...aml => web_cve_CVE-2010-5278_exploitation_attempt.yaml} | 6 +++--- 32 files changed, 96 insertions(+), 98 deletions(-) rename rules/web/{web_cve_CVE-2010-0943.yaml => web_cve_CVE-2010-0943_exploitation_attempt.yaml} (82%) rename rules/web/{web_cve_CVE-2010-0944.yaml => web_cve_CVE-2010-0944_exploitation_attempt.yaml} (82%) rename rules/web/{web_cve_CVE-2010-1306.yaml => web_cve_CVE-2010-1306_exploitation_attempt.yaml} (80%) rename rules/web/{web_cve_CVE-2010-1314.yaml => web_cve_CVE-2010-1314_exploitation_attempt.yaml} (80%) rename rules/web/{web_cve_CVE-2010-1345.yaml => web_cve_CVE-2010-1345_exploitation_attempt.yaml} (79%) rename rules/web/{web_cve_CVE-2010-1353.yaml => web_cve_CVE-2010-1353_exploitation_attempt.yaml} (82%) rename rules/web/{web_cve_CVE-2010-1474.yaml => web_cve_CVE-2010-1474_exploitation_attempt.yaml} (83%) rename rules/web/{web_cve_CVE-2010-1475.yaml => web_cve_CVE-2010-1475_exploitation_attempt.yaml} (79%) rename rules/web/{web_cve_CVE-2010-1495.yaml => web_cve_CVE-2010-1495_exploitation_attempt.yaml} (82%) rename rules/web/{web_cve_CVE-2010-1532.yaml => web_cve_CVE-2010-1532_exploitation_attempt.yaml} (81%) rename rules/web/{web_cve_CVE-2010-1533.yaml => web_cve_CVE-2010-1533_exploitation_attempt.yaml} (79%) rename rules/web/{web_cve_CVE-2010-1535.yaml => web_cve_CVE-2010-1535_exploitation_attempt.yaml} (81%) rename rules/web/{web_cve_CVE-2010-1602.yaml => web_cve_CVE-2010-1602_exploitation_attempt.yaml} (82%) rename rules/web/{web_cve_CVE-2010-1657.yaml => web_cve_CVE-2010-1657_exploitation_attempt.yaml} (82%) rename rules/web/{web_cve_CVE-2010-1718.yaml => web_cve_CVE-2010-1718_exploitation_attempt.yaml} (80%) rename rules/web/{web_cve_CVE-2010-1722.yaml => web_cve_CVE-2010-1722_exploitation_attempt.yaml} (82%) rename rules/web/{web_cve_CVE-2010-1875.yaml => web_cve_CVE-2010-1875_exploitation_attempt.yaml} (84%) rename rules/web/{web_cve_CVE-2010-1953.yaml => web_cve_CVE-2010-1953_exploitation_attempt.yaml} (81%) rename rules/web/{web_cve_CVE-2010-1954.yaml => web_cve_CVE-2010-1954_exploitation_attempt.yaml} (79%) rename rules/web/{web_cve_CVE-2010-1955.yaml => web_cve_CVE-2010-1955_exploitation_attempt.yaml} (81%) rename rules/web/{web_cve_CVE-2010-1979.yaml => web_cve_CVE-2010-1979_exploitation_attempt.yaml} (81%) rename rules/web/{web_cve_CVE-2010-1983.yaml => web_cve_CVE-2010-1983_exploitation_attempt.yaml} (82%) rename rules/web/{web_cve_CVE-2010-2033.yaml => web_cve_CVE-2010-2033_exploitation_attempt.yaml} (84%) rename rules/web/{web_cve_CVE-2010-2036.yaml => web_cve_CVE-2010-2036_exploitation_attempt.yaml} (82%) rename rules/web/{web_cve_CVE-2010-2259.yaml => web_cve_CVE-2010-2259_exploitation_attempt.yaml} (82%) rename rules/web/{web_cve_CVE-2010-2307.yaml => web_cve_CVE-2010-2307_exploitation_attempt.yaml} (80%) rename rules/web/{web_cve_CVE-2010-2682.yaml => web_cve_CVE-2010-2682_exploitation_attempt.yaml} (82%) rename rules/web/{web_cve_CVE-2010-2861.yaml => web_cve_CVE-2010-2861_exploitation_attempt.yaml} (86%) rename rules/web/{web_cve_CVE-2010-3426.yaml => web_cve_CVE-2010-3426_exploitation_attempt.yaml} (80%) rename rules/web/{web_cve_CVE-2010-4231.yaml => web_cve_CVE-2010-4231_exploitation_attempt.yaml} (81%) rename rules/web/{web_cve_CVE-2010-4617.yaml => web_cve_CVE-2010-4617_exploitation_attempt.yaml} (82%) rename rules/web/{web_cve_CVE-2010-5278.yaml => web_cve_CVE-2010-5278_exploitation_attempt.yaml} (85%) diff --git a/rules/web/web_cve_CVE-2010-0943.yaml b/rules/web/web_cve_CVE-2010-0943_exploitation_attempt.yaml similarity index 82% rename from rules/web/web_cve_CVE-2010-0943.yaml rename to rules/web/web_cve_CVE-2010-0943_exploitation_attempt.yaml index 07b40e00d..d6be923ac 100644 --- a/rules/web/web_cve_CVE-2010-0943.yaml +++ b/rules/web/web_cve_CVE-2010-0943_exploitation_attempt.yaml @@ -1,6 +1,6 @@ -title: CVE-2010-0943:Joomla! Component com_jashowcase - Directory Traversal -id: e5616a8c-a43e-47c2-9fd2-19b429581b90 -author: Subhash Popuri (@pbssubhash) +title: CVE-2010-0943 exploitation attempt +id: 63b70c55-0d7a-4e2f-a130-11028352b6ff +Author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Directory traversal vulnerability in the JA Showcase (com_jashowcase) diff --git a/rules/web/web_cve_CVE-2010-0944.yaml b/rules/web/web_cve_CVE-2010-0944_exploitation_attempt.yaml similarity index 82% rename from rules/web/web_cve_CVE-2010-0944.yaml rename to rules/web/web_cve_CVE-2010-0944_exploitation_attempt.yaml index eb0802663..c38d952b9 100644 --- a/rules/web/web_cve_CVE-2010-0944.yaml +++ b/rules/web/web_cve_CVE-2010-0944_exploitation_attempt.yaml @@ -1,6 +1,6 @@ -title: CVE-2010-0944:Joomla! Component com_jcollection - Directory Traversal -id: c3eada81-1f9a-4a55-97b8-d3207d89228e -author: Subhash Popuri (@pbssubhash) +title: CVE-2010-0944 exploitation attempt +id: d30903f7-cb51-445f-81a1-f2948f5fb763 +Author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Directory traversal vulnerability in the JCollection (com_jcollection) diff --git a/rules/web/web_cve_CVE-2010-1306.yaml b/rules/web/web_cve_CVE-2010-1306_exploitation_attempt.yaml similarity index 80% rename from rules/web/web_cve_CVE-2010-1306.yaml rename to rules/web/web_cve_CVE-2010-1306_exploitation_attempt.yaml index 1a6e62688..70431ad78 100644 --- a/rules/web/web_cve_CVE-2010-1306.yaml +++ b/rules/web/web_cve_CVE-2010-1306_exploitation_attempt.yaml @@ -1,6 +1,6 @@ -title: CVE-2010-1306:Joomla! Component Picasa 2.0 - Local File Inclusion -id: 560cd98d-aa1d-451b-90a5-08ce5ab72d7b -author: Subhash Popuri (@pbssubhash) +title: CVE-2010-1306 exploitation attempt +id: a12a5acd-3ebf-46b8-9ff3-95daeb84b801 +Author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Directory traversal vulnerability in the Picasa (com_joomlapicasa2) component diff --git a/rules/web/web_cve_CVE-2010-1314.yaml b/rules/web/web_cve_CVE-2010-1314_exploitation_attempt.yaml similarity index 80% rename from rules/web/web_cve_CVE-2010-1314.yaml rename to rules/web/web_cve_CVE-2010-1314_exploitation_attempt.yaml index e36b0acaa..7faa239f0 100644 --- a/rules/web/web_cve_CVE-2010-1314.yaml +++ b/rules/web/web_cve_CVE-2010-1314_exploitation_attempt.yaml @@ -1,6 +1,6 @@ -title: CVE-2010-1314:Joomla! Component Highslide 1.5 - Local File Inclusion -id: 18019647-a68c-412a-bca9-626618b1a79c -author: Subhash Popuri (@pbssubhash) +title: CVE-2010-1314 exploitation attempt +id: 24c87e4f-7206-451a-9164-364ca4f3c388 +Author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Directory traversal vulnerability in the Highslide JS (com_hsconfig) diff --git a/rules/web/web_cve_CVE-2010-1345.yaml b/rules/web/web_cve_CVE-2010-1345_exploitation_attempt.yaml similarity index 79% rename from rules/web/web_cve_CVE-2010-1345.yaml rename to rules/web/web_cve_CVE-2010-1345_exploitation_attempt.yaml index 6c3fe8c81..25b32926f 100644 --- a/rules/web/web_cve_CVE-2010-1345.yaml +++ b/rules/web/web_cve_CVE-2010-1345_exploitation_attempt.yaml @@ -1,6 +1,6 @@ -title: CVE-2010-1345:Joomla! Component Cookex Agency CKForms - Local File Inclusion -id: e70e977a-aaf3-4ec1-a948-493caea7cff3 -author: Subhash Popuri (@pbssubhash) +title: CVE-2010-1345 exploitation attempt +id: 5f723f65-f584-49f3-87c0-7babbae20d9d +Author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Directory traversal vulnerability in the Cookex Agency CKForms (com_ckforms) diff --git a/rules/web/web_cve_CVE-2010-1353.yaml b/rules/web/web_cve_CVE-2010-1353_exploitation_attempt.yaml similarity index 82% rename from rules/web/web_cve_CVE-2010-1353.yaml rename to rules/web/web_cve_CVE-2010-1353_exploitation_attempt.yaml index a1c006bda..1ba62bda9 100644 --- a/rules/web/web_cve_CVE-2010-1353.yaml +++ b/rules/web/web_cve_CVE-2010-1353_exploitation_attempt.yaml @@ -1,6 +1,6 @@ -title: CVE-2010-1353:Joomla! Component LoginBox - Local File Inclusion -id: 559e6e69-af61-407c-9949-a8602cfb6d95 -author: Subhash Popuri (@pbssubhash) +title: CVE-2010-1353 exploitation attempt +id: 26d15692-1cfc-4427-8e7d-9a364c2628f3 +Author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Directory traversal vulnerability in the LoginBox Pro (com_loginbox) diff --git a/rules/web/web_cve_CVE-2010-1474.yaml b/rules/web/web_cve_CVE-2010-1474_exploitation_attempt.yaml similarity index 83% rename from rules/web/web_cve_CVE-2010-1474.yaml rename to rules/web/web_cve_CVE-2010-1474_exploitation_attempt.yaml index c023e301c..21b6dc419 100644 --- a/rules/web/web_cve_CVE-2010-1474.yaml +++ b/rules/web/web_cve_CVE-2010-1474_exploitation_attempt.yaml @@ -1,6 +1,6 @@ -title: CVE-2010-1474:Joomla! Component Sweetykeeper 1.5 - Local File Inclusion -id: 06040396-89e0-4919-a186-a3ac48eb2d85 -author: Subhash Popuri (@pbssubhash) +title: CVE-2010-1474 exploitation attempt +id: 5b50ffc4-dde4-4905-9da9-eb499ee53971 +Author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Directory traversal vulnerability in the Sweety Keeper (com_sweetykeeper) diff --git a/rules/web/web_cve_CVE-2010-1475.yaml b/rules/web/web_cve_CVE-2010-1475_exploitation_attempt.yaml similarity index 79% rename from rules/web/web_cve_CVE-2010-1475.yaml rename to rules/web/web_cve_CVE-2010-1475_exploitation_attempt.yaml index 5d2fb64e2..4786c6854 100644 --- a/rules/web/web_cve_CVE-2010-1475.yaml +++ b/rules/web/web_cve_CVE-2010-1475_exploitation_attempt.yaml @@ -1,7 +1,6 @@ -title: CVE-2010-1475:Joomla! Component Preventive And Reservation 1.0.5 - Local File - Inclusion -id: 568d0a33-0052-47bc-a04e-8f7e8f05e12d -author: Subhash Popuri (@pbssubhash) +title: CVE-2010-1475 exploitation attempt +id: 69295f5a-428a-47d6-bf4d-a93bb23270ca +Author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Directory traversal vulnerability in the Preventive & Reservation (com_preventive) diff --git a/rules/web/web_cve_CVE-2010-1495.yaml b/rules/web/web_cve_CVE-2010-1495_exploitation_attempt.yaml similarity index 82% rename from rules/web/web_cve_CVE-2010-1495.yaml rename to rules/web/web_cve_CVE-2010-1495_exploitation_attempt.yaml index b33408623..9e3ef52af 100644 --- a/rules/web/web_cve_CVE-2010-1495.yaml +++ b/rules/web/web_cve_CVE-2010-1495_exploitation_attempt.yaml @@ -1,6 +1,6 @@ -title: CVE-2010-1495:Joomla! Component Matamko 1.01 - Local File Inclusion -id: cb3ac5e3-de9e-44b7-b0f5-b18a13ba3c69 -author: Subhash Popuri (@pbssubhash) +title: CVE-2010-1495 exploitation attempt +id: e21410ad-5016-457a-a48f-2da871951471 +Author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Directory traversal vulnerability in the Matamko (com_matamko) component diff --git a/rules/web/web_cve_CVE-2010-1532.yaml b/rules/web/web_cve_CVE-2010-1532_exploitation_attempt.yaml similarity index 81% rename from rules/web/web_cve_CVE-2010-1532.yaml rename to rules/web/web_cve_CVE-2010-1532_exploitation_attempt.yaml index d80c1a206..bb5f49b8f 100644 --- a/rules/web/web_cve_CVE-2010-1532.yaml +++ b/rules/web/web_cve_CVE-2010-1532_exploitation_attempt.yaml @@ -1,6 +1,6 @@ -title: CVE-2010-1532:Joomla! Component PowerMail Pro 1.5.3 - Local File Inclusion -id: ea2cd3fd-60fc-4945-be6d-e69340a0159d -author: Subhash Popuri (@pbssubhash) +title: CVE-2010-1532 exploitation attempt +id: 92b23f0b-aa99-497a-a0f1-f7e632bcad7b +Author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Directory traversal vulnerability in the givesight PowerMail Pro (com_powermail) diff --git a/rules/web/web_cve_CVE-2010-1533.yaml b/rules/web/web_cve_CVE-2010-1533_exploitation_attempt.yaml similarity index 79% rename from rules/web/web_cve_CVE-2010-1533.yaml rename to rules/web/web_cve_CVE-2010-1533_exploitation_attempt.yaml index 1a181a6aa..31ae93363 100644 --- a/rules/web/web_cve_CVE-2010-1533.yaml +++ b/rules/web/web_cve_CVE-2010-1533_exploitation_attempt.yaml @@ -1,6 +1,6 @@ -title: CVE-2010-1533:Joomla! Component TweetLA 1.0.1 - Local File Inclusion -id: fc58d241-5812-4a66-acad-2c9370fc2975 -author: Subhash Popuri (@pbssubhash) +title: CVE-2010-1533 exploitation attempt +id: 2e547af2-0fb1-4d26-829e-fb42d959133c +Author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Directory traversal vulnerability in the TweetLA (com_tweetla) component diff --git a/rules/web/web_cve_CVE-2010-1535.yaml b/rules/web/web_cve_CVE-2010-1535_exploitation_attempt.yaml similarity index 81% rename from rules/web/web_cve_CVE-2010-1535.yaml rename to rules/web/web_cve_CVE-2010-1535_exploitation_attempt.yaml index 80029d7fe..d2ee67cdd 100644 --- a/rules/web/web_cve_CVE-2010-1535.yaml +++ b/rules/web/web_cve_CVE-2010-1535_exploitation_attempt.yaml @@ -1,6 +1,6 @@ -title: CVE-2010-1535:Joomla! Component TRAVELbook 1.0.1 - Local File Inclusion -id: a4abca47-5c67-4b8c-a549-4e04f43ce751 -author: Subhash Popuri (@pbssubhash) +title: CVE-2010-1535 exploitation attempt +id: 7dbde0a0-bd74-47ba-85f7-32093ffbd50c +Author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Directory traversal vulnerability in the TRAVELbook (com_travelbook) diff --git a/rules/web/web_cve_CVE-2010-1602.yaml b/rules/web/web_cve_CVE-2010-1602_exploitation_attempt.yaml similarity index 82% rename from rules/web/web_cve_CVE-2010-1602.yaml rename to rules/web/web_cve_CVE-2010-1602_exploitation_attempt.yaml index aba677241..564faaf91 100644 --- a/rules/web/web_cve_CVE-2010-1602.yaml +++ b/rules/web/web_cve_CVE-2010-1602_exploitation_attempt.yaml @@ -1,6 +1,6 @@ -title: CVE-2010-1602:Joomla! Component ZiMB Comment 0.8.1 - Local File Inclusion -id: 25e8e854-0a76-4f55-9b7a-9769ea2dbebc -author: Subhash Popuri (@pbssubhash) +title: CVE-2010-1602 exploitation attempt +id: d79bf48d-2705-4da1-929b-37e07764998f +Author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Directory traversal vulnerability in the ZiMB Comment (com_zimbcomment) diff --git a/rules/web/web_cve_CVE-2010-1657.yaml b/rules/web/web_cve_CVE-2010-1657_exploitation_attempt.yaml similarity index 82% rename from rules/web/web_cve_CVE-2010-1657.yaml rename to rules/web/web_cve_CVE-2010-1657_exploitation_attempt.yaml index 1772f0c8e..447bbe514 100644 --- a/rules/web/web_cve_CVE-2010-1657.yaml +++ b/rules/web/web_cve_CVE-2010-1657_exploitation_attempt.yaml @@ -1,6 +1,6 @@ -title: CVE-2010-1657:Joomla! Component SmartSite 1.0.0 - Local File Inclusion -id: 4fbedbee-ea11-4a65-9c25-bbb0d74f58fe -author: Subhash Popuri (@pbssubhash) +title: CVE-2010-1657 exploitation attempt +id: 7bdc9bd3-8dcd-4187-ab28-98b20cc1d020 +Author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Directory traversal vulnerability in the SmartSite (com_smartsite) component diff --git a/rules/web/web_cve_CVE-2010-1718.yaml b/rules/web/web_cve_CVE-2010-1718_exploitation_attempt.yaml similarity index 80% rename from rules/web/web_cve_CVE-2010-1718.yaml rename to rules/web/web_cve_CVE-2010-1718_exploitation_attempt.yaml index 9e4d9a4ad..148380f12 100644 --- a/rules/web/web_cve_CVE-2010-1718.yaml +++ b/rules/web/web_cve_CVE-2010-1718_exploitation_attempt.yaml @@ -1,6 +1,6 @@ -title: CVE-2010-1718:Joomla! Component Archery Scores 1.0.6 - Local File Inclusion -id: 92b06e2a-66ae-47b3-a135-fd2759f05902 -author: Subhash Popuri (@pbssubhash) +title: CVE-2010-1718 exploitation attempt +id: a538251c-d600-43f3-8051-c3a83a5e8702 +Author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Directory traversal vulnerability in archeryscores.php in the Archery diff --git a/rules/web/web_cve_CVE-2010-1722.yaml b/rules/web/web_cve_CVE-2010-1722_exploitation_attempt.yaml similarity index 82% rename from rules/web/web_cve_CVE-2010-1722.yaml rename to rules/web/web_cve_CVE-2010-1722_exploitation_attempt.yaml index a7765c23c..941793208 100644 --- a/rules/web/web_cve_CVE-2010-1722.yaml +++ b/rules/web/web_cve_CVE-2010-1722_exploitation_attempt.yaml @@ -1,6 +1,6 @@ -title: CVE-2010-1722:Joomla! Component Online Market 2.x - Local File Inclusion -id: b0d9873c-08fc-4389-89aa-751d7d8d682e -author: Subhash Popuri (@pbssubhash) +title: CVE-2010-1722 exploitation attempt +id: 84715b18-505d-4252-9470-03c98a3006e5 +Author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Directory traversal vulnerability in the Online Market (com_market) component diff --git a/rules/web/web_cve_CVE-2010-1875.yaml b/rules/web/web_cve_CVE-2010-1875_exploitation_attempt.yaml similarity index 84% rename from rules/web/web_cve_CVE-2010-1875.yaml rename to rules/web/web_cve_CVE-2010-1875_exploitation_attempt.yaml index e38a061a8..9bd796a52 100644 --- a/rules/web/web_cve_CVE-2010-1875.yaml +++ b/rules/web/web_cve_CVE-2010-1875_exploitation_attempt.yaml @@ -1,6 +1,6 @@ -title: CVE-2010-1875:Joomla! Component Property - Local File Inclusion -id: 454a58b3-a30a-4577-8175-a93d0febcb34 -author: Subhash Popuri (@pbssubhash) +title: CVE-2010-1875 exploitation attempt +id: af757e17-ad81-4a28-a551-49c17aa5113a +Author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Directory traversal vulnerability in the Real Estate Property (com_properties) diff --git a/rules/web/web_cve_CVE-2010-1953.yaml b/rules/web/web_cve_CVE-2010-1953_exploitation_attempt.yaml similarity index 81% rename from rules/web/web_cve_CVE-2010-1953.yaml rename to rules/web/web_cve_CVE-2010-1953_exploitation_attempt.yaml index b5cb130b3..4f10cf4e9 100644 --- a/rules/web/web_cve_CVE-2010-1953.yaml +++ b/rules/web/web_cve_CVE-2010-1953_exploitation_attempt.yaml @@ -1,6 +1,6 @@ -title: CVE-2010-1953:Joomla! Component iNetLanka Multiple Map 1.0 - Local File Inclusion -id: e8b2e18e-5a9e-429e-9cd3-a839701736dc -author: Subhash Popuri (@pbssubhash) +title: CVE-2010-1953 exploitation attempt +id: 0fc4af77-6974-4e50-bf5e-9f175304eb54 +Author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Directory traversal vulnerability in the iNetLanka Multiple Map (com_multimap) diff --git a/rules/web/web_cve_CVE-2010-1954.yaml b/rules/web/web_cve_CVE-2010-1954_exploitation_attempt.yaml similarity index 79% rename from rules/web/web_cve_CVE-2010-1954.yaml rename to rules/web/web_cve_CVE-2010-1954_exploitation_attempt.yaml index 4b1a6939a..23ef26198 100644 --- a/rules/web/web_cve_CVE-2010-1954.yaml +++ b/rules/web/web_cve_CVE-2010-1954_exploitation_attempt.yaml @@ -1,6 +1,6 @@ -title: CVE-2010-1954:Joomla! Component iNetLanka Multiple root 1.0 - Local File Inclusion -id: be925ca8-6808-4c32-951d-6069597c2cab -author: Subhash Popuri (@pbssubhash) +title: CVE-2010-1954 exploitation attempt +id: 2ccf65c5-e4b3-48f6-961e-93bbd537ca80 +Author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Directory traversal vulnerability in the iNetLanka Multiple root (com_multiroot) diff --git a/rules/web/web_cve_CVE-2010-1955.yaml b/rules/web/web_cve_CVE-2010-1955_exploitation_attempt.yaml similarity index 81% rename from rules/web/web_cve_CVE-2010-1955.yaml rename to rules/web/web_cve_CVE-2010-1955_exploitation_attempt.yaml index fb9bb13f6..10d81d675 100644 --- a/rules/web/web_cve_CVE-2010-1955.yaml +++ b/rules/web/web_cve_CVE-2010-1955_exploitation_attempt.yaml @@ -1,6 +1,6 @@ -title: CVE-2010-1955:Joomla! Component Deluxe Blog Factory 1.1.2 - Local File Inclusion -id: 9d34dee7-212f-49a0-a1fe-41b37ea241d9 -author: Subhash Popuri (@pbssubhash) +title: CVE-2010-1955 exploitation attempt +id: 497c0911-226f-48a1-ac9f-518ffb98e65e +Author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Directory traversal vulnerability in the Deluxe Blog Factory (com_blogfactory) diff --git a/rules/web/web_cve_CVE-2010-1979.yaml b/rules/web/web_cve_CVE-2010-1979_exploitation_attempt.yaml similarity index 81% rename from rules/web/web_cve_CVE-2010-1979.yaml rename to rules/web/web_cve_CVE-2010-1979_exploitation_attempt.yaml index a88364c80..80eb18973 100644 --- a/rules/web/web_cve_CVE-2010-1979.yaml +++ b/rules/web/web_cve_CVE-2010-1979_exploitation_attempt.yaml @@ -1,6 +1,6 @@ -title: CVE-2010-1979:Joomla! Component Affiliate Datafeeds 880 - Local File Inclusion -id: 4ccbb33d-d6d9-4f18-bc7f-502bd3cc9481 -author: Subhash Popuri (@pbssubhash) +title: CVE-2010-1979 exploitation attempt +id: 5b1c3030-e17b-43b3-b95e-952355a0f43f +Author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Directory traversal vulnerability in the Affiliate Datafeeds (com_datafeeds) diff --git a/rules/web/web_cve_CVE-2010-1983.yaml b/rules/web/web_cve_CVE-2010-1983_exploitation_attempt.yaml similarity index 82% rename from rules/web/web_cve_CVE-2010-1983.yaml rename to rules/web/web_cve_CVE-2010-1983_exploitation_attempt.yaml index 7543adad6..a29bfea42 100644 --- a/rules/web/web_cve_CVE-2010-1983.yaml +++ b/rules/web/web_cve_CVE-2010-1983_exploitation_attempt.yaml @@ -1,6 +1,6 @@ -title: CVE-2010-1983:Joomla! Component redTWITTER 1.0 - Local File Inclusion -id: fae044ae-fe67-4a83-809f-7a3203ee1a6d -author: Subhash Popuri (@pbssubhash) +title: CVE-2010-1983 exploitation attempt +id: c4f29c4f-0281-4518-a824-88f259d92ef5 +Author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Directory traversal vulnerability in the redTWITTER (com_redtwitter) diff --git a/rules/web/web_cve_CVE-2010-2033.yaml b/rules/web/web_cve_CVE-2010-2033_exploitation_attempt.yaml similarity index 84% rename from rules/web/web_cve_CVE-2010-2033.yaml rename to rules/web/web_cve_CVE-2010-2033_exploitation_attempt.yaml index bcb492f12..20b4dc702 100644 --- a/rules/web/web_cve_CVE-2010-2033.yaml +++ b/rules/web/web_cve_CVE-2010-2033_exploitation_attempt.yaml @@ -1,6 +1,6 @@ -title: CVE-2010-2033:Joomla Percha Categories Tree 0.6 - Local File Inclusion -id: 80fca714-f31f-48e7-82cd-07bb3ed0917d -author: Subhash Popuri (@pbssubhash) +title: CVE-2010-2033 exploitation attempt +id: b5c6267a-7b2e-47c8-84dd-68a89ceb1e64 +Author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Directory traversal vulnerability in the Percha Fields Attach (com_perchafieldsattach) diff --git a/rules/web/web_cve_CVE-2010-2036.yaml b/rules/web/web_cve_CVE-2010-2036_exploitation_attempt.yaml similarity index 82% rename from rules/web/web_cve_CVE-2010-2036.yaml rename to rules/web/web_cve_CVE-2010-2036_exploitation_attempt.yaml index 58d3c3104..f6c9adca4 100644 --- a/rules/web/web_cve_CVE-2010-2036.yaml +++ b/rules/web/web_cve_CVE-2010-2036_exploitation_attempt.yaml @@ -1,6 +1,6 @@ -title: CVE-2010-2036:Joomla! Component Percha Fields Attach 1.0 - Directory Traversal -id: b86f1914-f00b-4ba3-8f0b-3db29399d4d7 -author: Subhash Popuri (@pbssubhash) +title: CVE-2010-2036 exploitation attempt +id: 5f89e5fb-6f87-4fee-96b2-700e987a1c7e +Author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Directory traversal vulnerability in the Percha Fields Attach (com_perchafieldsattach) diff --git a/rules/web/web_cve_CVE-2010-2259.yaml b/rules/web/web_cve_CVE-2010-2259_exploitation_attempt.yaml similarity index 82% rename from rules/web/web_cve_CVE-2010-2259.yaml rename to rules/web/web_cve_CVE-2010-2259_exploitation_attempt.yaml index 55e68a9ed..70cc525b4 100644 --- a/rules/web/web_cve_CVE-2010-2259.yaml +++ b/rules/web/web_cve_CVE-2010-2259_exploitation_attempt.yaml @@ -1,6 +1,6 @@ -title: CVE-2010-2259:Joomla! Component com_bfsurvey - Local File Inclusion -id: a95a2207-33da-40df-a4ab-f8a53d8e99d9 -author: Subhash Popuri (@pbssubhash) +title: CVE-2010-2259 exploitation attempt +id: 7ead4790-e0f8-41fa-bb14-f1d225964fd4 +Author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Directory traversal vulnerability in the BF Survey (com_bfsurvey) component diff --git a/rules/web/web_cve_CVE-2010-2307.yaml b/rules/web/web_cve_CVE-2010-2307_exploitation_attempt.yaml similarity index 80% rename from rules/web/web_cve_CVE-2010-2307.yaml rename to rules/web/web_cve_CVE-2010-2307_exploitation_attempt.yaml index 3b4a10bec..32008b7c2 100644 --- a/rules/web/web_cve_CVE-2010-2307.yaml +++ b/rules/web/web_cve_CVE-2010-2307_exploitation_attempt.yaml @@ -1,7 +1,6 @@ -title: CVE-2010-2307:Motorola SBV6120E SURFboard Digital Voice Modem SBV6X2X-1.0.0.5-SCM - - Directory Traversal -id: 6251acca-594f-48d0-8ec8-6f156c844e6e -author: Subhash Popuri (@pbssubhash) +title: CVE-2010-2307 exploitation attempt +id: 6e0a4fc5-c7a5-40c6-a080-bc5a452637a9 +Author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Multiple directory traversal vulnerabilities in the web server for Motorola diff --git a/rules/web/web_cve_CVE-2010-2682.yaml b/rules/web/web_cve_CVE-2010-2682_exploitation_attempt.yaml similarity index 82% rename from rules/web/web_cve_CVE-2010-2682.yaml rename to rules/web/web_cve_CVE-2010-2682_exploitation_attempt.yaml index 170858c7f..01e0fedc8 100644 --- a/rules/web/web_cve_CVE-2010-2682.yaml +++ b/rules/web/web_cve_CVE-2010-2682_exploitation_attempt.yaml @@ -1,6 +1,6 @@ -title: CVE-2010-2682:Joomla! Component Realtyna Translator 1.0.15 - Local File Inclusion -id: 1f409782-791f-4d8b-a63b-d0d713463cdb -author: Subhash Popuri (@pbssubhash) +title: CVE-2010-2682 exploitation attempt +id: 5f7ea8cf-47e3-46e6-a173-43a99c904e43 +Author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Directory traversal vulnerability in the Realtyna Translator (com_realtyna) diff --git a/rules/web/web_cve_CVE-2010-2861.yaml b/rules/web/web_cve_CVE-2010-2861_exploitation_attempt.yaml similarity index 86% rename from rules/web/web_cve_CVE-2010-2861.yaml rename to rules/web/web_cve_CVE-2010-2861_exploitation_attempt.yaml index 40081783e..7dc8e6df0 100644 --- a/rules/web/web_cve_CVE-2010-2861.yaml +++ b/rules/web/web_cve_CVE-2010-2861_exploitation_attempt.yaml @@ -1,6 +1,6 @@ -title: CVE-2010-2861:Adobe ColdFusion 8.0/8.0.1/9.0/9.0.1 LFI -id: 7ceb4e78-34fa-48a5-be21-a50307631d19 -author: Subhash Popuri (@pbssubhash) +title: CVE-2010-2861 exploitation attempt +id: 21032758-8761-4a18-8f66-bace612e2481 +Author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Multiple directory traversal vulnerabilities in the administrator console diff --git a/rules/web/web_cve_CVE-2010-3426.yaml b/rules/web/web_cve_CVE-2010-3426_exploitation_attempt.yaml similarity index 80% rename from rules/web/web_cve_CVE-2010-3426.yaml rename to rules/web/web_cve_CVE-2010-3426_exploitation_attempt.yaml index 42379e8aa..ad2dab17a 100644 --- a/rules/web/web_cve_CVE-2010-3426.yaml +++ b/rules/web/web_cve_CVE-2010-3426_exploitation_attempt.yaml @@ -1,6 +1,6 @@ -title: CVE-2010-3426:Joomla! Component Jphone 1.0 Alpha 3 - Local File Inclusion -id: a991b845-3035-492c-914d-0cb7b0e7bd10 -author: Subhash Popuri (@pbssubhash) +title: CVE-2010-3426 exploitation attempt +id: 06621f7e-2987-4625-8c42-d66951a9da9d +Author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Directory traversal vulnerability in jphone.php in the JPhone (com_jphone) diff --git a/rules/web/web_cve_CVE-2010-4231.yaml b/rules/web/web_cve_CVE-2010-4231_exploitation_attempt.yaml similarity index 81% rename from rules/web/web_cve_CVE-2010-4231.yaml rename to rules/web/web_cve_CVE-2010-4231_exploitation_attempt.yaml index dbe3d7256..5e4062f30 100644 --- a/rules/web/web_cve_CVE-2010-4231.yaml +++ b/rules/web/web_cve_CVE-2010-4231_exploitation_attempt.yaml @@ -1,6 +1,6 @@ -title: CVE-2010-4231:Camtron CMNC-200 IP Camera - Directory Traversal -id: 8c7f0cbc-c7cd-4bb5-87ef-9e2ff125b7d8 -author: Subhash Popuri (@pbssubhash) +title: CVE-2010-4231 exploitation attempt +id: 8eb41b36-2b5a-44e0-a44b-b0ebdbff3e1b +Author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: The CMNC-200 IP Camera has a built-in web server that is enabled by default. diff --git a/rules/web/web_cve_CVE-2010-4617.yaml b/rules/web/web_cve_CVE-2010-4617_exploitation_attempt.yaml similarity index 82% rename from rules/web/web_cve_CVE-2010-4617.yaml rename to rules/web/web_cve_CVE-2010-4617_exploitation_attempt.yaml index f31d54183..080cc8810 100644 --- a/rules/web/web_cve_CVE-2010-4617.yaml +++ b/rules/web/web_cve_CVE-2010-4617_exploitation_attempt.yaml @@ -1,6 +1,6 @@ -title: CVE-2010-4617:Joomla! Component JotLoader 2.2.1 - Local File Inclusion -id: 35c29803-4068-4a64-a007-d2b6984f8c58 -author: Subhash Popuri (@pbssubhash) +title: CVE-2010-4617 exploitation attempt +id: ed14d2cb-8716-4ab1-a819-36d173e617ab +Author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Directory traversal vulnerability in the JotLoader (com_jotloader) component diff --git a/rules/web/web_cve_CVE-2010-5278.yaml b/rules/web/web_cve_CVE-2010-5278_exploitation_attempt.yaml similarity index 85% rename from rules/web/web_cve_CVE-2010-5278.yaml rename to rules/web/web_cve_CVE-2010-5278_exploitation_attempt.yaml index fd292926b..cf20ed0ee 100644 --- a/rules/web/web_cve_CVE-2010-5278.yaml +++ b/rules/web/web_cve_CVE-2010-5278_exploitation_attempt.yaml @@ -1,6 +1,6 @@ -title: CVE-2010-5278:MODx manager - Local File Inclusion -id: 5e042bf8-67ea-4455-8b75-07c57d7ccdad -author: Subhash Popuri (@pbssubhash) +title: CVE-2010-5278 exploitation attempt +id: 57bb7f1b-bb41-400d-a6e4-7eb2b70b3593 +Author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Directory traversal vulnerability in manager/controllers/default/resource/tvs.php From 3f27295e64b91e7aed6eff5ccf2a5c0c3b52573b Mon Sep 17 00:00:00 2001 From: pbssubhash Date: Wed, 25 Aug 2021 21:47:33 +0530 Subject: [PATCH 08/17] Stupid Author field --- rules/web/web_cve_CVE-2010-0943_exploitation_attempt.yaml | 4 ++-- rules/web/web_cve_CVE-2010-0944_exploitation_attempt.yaml | 4 ++-- rules/web/web_cve_CVE-2010-1306_exploitation_attempt.yaml | 4 ++-- rules/web/web_cve_CVE-2010-1314_exploitation_attempt.yaml | 4 ++-- rules/web/web_cve_CVE-2010-1345_exploitation_attempt.yaml | 4 ++-- rules/web/web_cve_CVE-2010-1353_exploitation_attempt.yaml | 4 ++-- rules/web/web_cve_CVE-2010-1474_exploitation_attempt.yaml | 4 ++-- rules/web/web_cve_CVE-2010-1475_exploitation_attempt.yaml | 4 ++-- rules/web/web_cve_CVE-2010-1495_exploitation_attempt.yaml | 4 ++-- rules/web/web_cve_CVE-2010-1532_exploitation_attempt.yaml | 4 ++-- rules/web/web_cve_CVE-2010-1533_exploitation_attempt.yaml | 4 ++-- rules/web/web_cve_CVE-2010-1535_exploitation_attempt.yaml | 4 ++-- rules/web/web_cve_CVE-2010-1602_exploitation_attempt.yaml | 4 ++-- rules/web/web_cve_CVE-2010-1657_exploitation_attempt.yaml | 4 ++-- rules/web/web_cve_CVE-2010-1718_exploitation_attempt.yaml | 4 ++-- rules/web/web_cve_CVE-2010-1722_exploitation_attempt.yaml | 4 ++-- rules/web/web_cve_CVE-2010-1875_exploitation_attempt.yaml | 4 ++-- rules/web/web_cve_CVE-2010-1953_exploitation_attempt.yaml | 4 ++-- rules/web/web_cve_CVE-2010-1954_exploitation_attempt.yaml | 4 ++-- rules/web/web_cve_CVE-2010-1955_exploitation_attempt.yaml | 4 ++-- rules/web/web_cve_CVE-2010-1979_exploitation_attempt.yaml | 4 ++-- rules/web/web_cve_CVE-2010-1983_exploitation_attempt.yaml | 4 ++-- rules/web/web_cve_CVE-2010-2033_exploitation_attempt.yaml | 4 ++-- rules/web/web_cve_CVE-2010-2036_exploitation_attempt.yaml | 4 ++-- rules/web/web_cve_CVE-2010-2259_exploitation_attempt.yaml | 4 ++-- rules/web/web_cve_CVE-2010-2307_exploitation_attempt.yaml | 4 ++-- rules/web/web_cve_CVE-2010-2682_exploitation_attempt.yaml | 4 ++-- rules/web/web_cve_CVE-2010-2861_exploitation_attempt.yaml | 4 ++-- rules/web/web_cve_CVE-2010-3426_exploitation_attempt.yaml | 4 ++-- rules/web/web_cve_CVE-2010-4231_exploitation_attempt.yaml | 4 ++-- rules/web/web_cve_CVE-2010-4617_exploitation_attempt.yaml | 4 ++-- rules/web/web_cve_CVE-2010-5278_exploitation_attempt.yaml | 4 ++-- 32 files changed, 64 insertions(+), 64 deletions(-) diff --git a/rules/web/web_cve_CVE-2010-0943_exploitation_attempt.yaml b/rules/web/web_cve_CVE-2010-0943_exploitation_attempt.yaml index d6be923ac..a6ec1f7d4 100644 --- a/rules/web/web_cve_CVE-2010-0943_exploitation_attempt.yaml +++ b/rules/web/web_cve_CVE-2010-0943_exploitation_attempt.yaml @@ -1,6 +1,6 @@ title: CVE-2010-0943 exploitation attempt -id: 63b70c55-0d7a-4e2f-a130-11028352b6ff -Author: Subhash Popuri (@pbssubhash) +id: fa7e28e3-d286-4c38-b6df-41eb004b66ba +author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Directory traversal vulnerability in the JA Showcase (com_jashowcase) diff --git a/rules/web/web_cve_CVE-2010-0944_exploitation_attempt.yaml b/rules/web/web_cve_CVE-2010-0944_exploitation_attempt.yaml index c38d952b9..f96cb67b4 100644 --- a/rules/web/web_cve_CVE-2010-0944_exploitation_attempt.yaml +++ b/rules/web/web_cve_CVE-2010-0944_exploitation_attempt.yaml @@ -1,6 +1,6 @@ title: CVE-2010-0944 exploitation attempt -id: d30903f7-cb51-445f-81a1-f2948f5fb763 -Author: Subhash Popuri (@pbssubhash) +id: c656c178-4f5a-4dc4-a605-21e225987ac5 +author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Directory traversal vulnerability in the JCollection (com_jcollection) diff --git a/rules/web/web_cve_CVE-2010-1306_exploitation_attempt.yaml b/rules/web/web_cve_CVE-2010-1306_exploitation_attempt.yaml index 70431ad78..8cead1aa0 100644 --- a/rules/web/web_cve_CVE-2010-1306_exploitation_attempt.yaml +++ b/rules/web/web_cve_CVE-2010-1306_exploitation_attempt.yaml @@ -1,6 +1,6 @@ title: CVE-2010-1306 exploitation attempt -id: a12a5acd-3ebf-46b8-9ff3-95daeb84b801 -Author: Subhash Popuri (@pbssubhash) +id: b2105629-bb00-47a1-a01e-24147433710c +author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Directory traversal vulnerability in the Picasa (com_joomlapicasa2) component diff --git a/rules/web/web_cve_CVE-2010-1314_exploitation_attempt.yaml b/rules/web/web_cve_CVE-2010-1314_exploitation_attempt.yaml index 7faa239f0..6e4902b2e 100644 --- a/rules/web/web_cve_CVE-2010-1314_exploitation_attempt.yaml +++ b/rules/web/web_cve_CVE-2010-1314_exploitation_attempt.yaml @@ -1,6 +1,6 @@ title: CVE-2010-1314 exploitation attempt -id: 24c87e4f-7206-451a-9164-364ca4f3c388 -Author: Subhash Popuri (@pbssubhash) +id: 532cef3e-f3cc-437d-b6da-146675cb61ac +author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Directory traversal vulnerability in the Highslide JS (com_hsconfig) diff --git a/rules/web/web_cve_CVE-2010-1345_exploitation_attempt.yaml b/rules/web/web_cve_CVE-2010-1345_exploitation_attempt.yaml index 25b32926f..1286b44e3 100644 --- a/rules/web/web_cve_CVE-2010-1345_exploitation_attempt.yaml +++ b/rules/web/web_cve_CVE-2010-1345_exploitation_attempt.yaml @@ -1,6 +1,6 @@ title: CVE-2010-1345 exploitation attempt -id: 5f723f65-f584-49f3-87c0-7babbae20d9d -Author: Subhash Popuri (@pbssubhash) +id: 8869cdca-39da-496a-ba9c-c9eeb5c51a4c +author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Directory traversal vulnerability in the Cookex Agency CKForms (com_ckforms) diff --git a/rules/web/web_cve_CVE-2010-1353_exploitation_attempt.yaml b/rules/web/web_cve_CVE-2010-1353_exploitation_attempt.yaml index 1ba62bda9..206da49b7 100644 --- a/rules/web/web_cve_CVE-2010-1353_exploitation_attempt.yaml +++ b/rules/web/web_cve_CVE-2010-1353_exploitation_attempt.yaml @@ -1,6 +1,6 @@ title: CVE-2010-1353 exploitation attempt -id: 26d15692-1cfc-4427-8e7d-9a364c2628f3 -Author: Subhash Popuri (@pbssubhash) +id: e464164c-0cb6-427f-9eea-06dbf29d3044 +author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Directory traversal vulnerability in the LoginBox Pro (com_loginbox) diff --git a/rules/web/web_cve_CVE-2010-1474_exploitation_attempt.yaml b/rules/web/web_cve_CVE-2010-1474_exploitation_attempt.yaml index 21b6dc419..29e32c325 100644 --- a/rules/web/web_cve_CVE-2010-1474_exploitation_attempt.yaml +++ b/rules/web/web_cve_CVE-2010-1474_exploitation_attempt.yaml @@ -1,6 +1,6 @@ title: CVE-2010-1474 exploitation attempt -id: 5b50ffc4-dde4-4905-9da9-eb499ee53971 -Author: Subhash Popuri (@pbssubhash) +id: 4964f728-0184-4efb-b8b1-23087da5baab +author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Directory traversal vulnerability in the Sweety Keeper (com_sweetykeeper) diff --git a/rules/web/web_cve_CVE-2010-1475_exploitation_attempt.yaml b/rules/web/web_cve_CVE-2010-1475_exploitation_attempt.yaml index 4786c6854..50fbb1669 100644 --- a/rules/web/web_cve_CVE-2010-1475_exploitation_attempt.yaml +++ b/rules/web/web_cve_CVE-2010-1475_exploitation_attempt.yaml @@ -1,6 +1,6 @@ title: CVE-2010-1475 exploitation attempt -id: 69295f5a-428a-47d6-bf4d-a93bb23270ca -Author: Subhash Popuri (@pbssubhash) +id: 5f4ba4e9-6b51-4284-afdf-15485b08088f +author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Directory traversal vulnerability in the Preventive & Reservation (com_preventive) diff --git a/rules/web/web_cve_CVE-2010-1495_exploitation_attempt.yaml b/rules/web/web_cve_CVE-2010-1495_exploitation_attempt.yaml index 9e3ef52af..3f165d2af 100644 --- a/rules/web/web_cve_CVE-2010-1495_exploitation_attempt.yaml +++ b/rules/web/web_cve_CVE-2010-1495_exploitation_attempt.yaml @@ -1,6 +1,6 @@ title: CVE-2010-1495 exploitation attempt -id: e21410ad-5016-457a-a48f-2da871951471 -Author: Subhash Popuri (@pbssubhash) +id: 24ffa234-2963-4518-b72d-7aae991d1189 +author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Directory traversal vulnerability in the Matamko (com_matamko) component diff --git a/rules/web/web_cve_CVE-2010-1532_exploitation_attempt.yaml b/rules/web/web_cve_CVE-2010-1532_exploitation_attempt.yaml index bb5f49b8f..295628c19 100644 --- a/rules/web/web_cve_CVE-2010-1532_exploitation_attempt.yaml +++ b/rules/web/web_cve_CVE-2010-1532_exploitation_attempt.yaml @@ -1,6 +1,6 @@ title: CVE-2010-1532 exploitation attempt -id: 92b23f0b-aa99-497a-a0f1-f7e632bcad7b -Author: Subhash Popuri (@pbssubhash) +id: d65086e6-88a4-45e5-bc99-b1695aff4bd7 +author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Directory traversal vulnerability in the givesight PowerMail Pro (com_powermail) diff --git a/rules/web/web_cve_CVE-2010-1533_exploitation_attempt.yaml b/rules/web/web_cve_CVE-2010-1533_exploitation_attempt.yaml index 31ae93363..17821b03e 100644 --- a/rules/web/web_cve_CVE-2010-1533_exploitation_attempt.yaml +++ b/rules/web/web_cve_CVE-2010-1533_exploitation_attempt.yaml @@ -1,6 +1,6 @@ title: CVE-2010-1533 exploitation attempt -id: 2e547af2-0fb1-4d26-829e-fb42d959133c -Author: Subhash Popuri (@pbssubhash) +id: ad63c834-1072-4c2d-b246-f615557b3026 +author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Directory traversal vulnerability in the TweetLA (com_tweetla) component diff --git a/rules/web/web_cve_CVE-2010-1535_exploitation_attempt.yaml b/rules/web/web_cve_CVE-2010-1535_exploitation_attempt.yaml index d2ee67cdd..382365286 100644 --- a/rules/web/web_cve_CVE-2010-1535_exploitation_attempt.yaml +++ b/rules/web/web_cve_CVE-2010-1535_exploitation_attempt.yaml @@ -1,6 +1,6 @@ title: CVE-2010-1535 exploitation attempt -id: 7dbde0a0-bd74-47ba-85f7-32093ffbd50c -Author: Subhash Popuri (@pbssubhash) +id: b0962f54-4cfd-4059-b742-af6f4e82e8b2 +author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Directory traversal vulnerability in the TRAVELbook (com_travelbook) diff --git a/rules/web/web_cve_CVE-2010-1602_exploitation_attempt.yaml b/rules/web/web_cve_CVE-2010-1602_exploitation_attempt.yaml index 564faaf91..2c2df33ef 100644 --- a/rules/web/web_cve_CVE-2010-1602_exploitation_attempt.yaml +++ b/rules/web/web_cve_CVE-2010-1602_exploitation_attempt.yaml @@ -1,6 +1,6 @@ title: CVE-2010-1602 exploitation attempt -id: d79bf48d-2705-4da1-929b-37e07764998f -Author: Subhash Popuri (@pbssubhash) +id: fdf12606-2a8a-4450-b3b7-e6bdf03e7096 +author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Directory traversal vulnerability in the ZiMB Comment (com_zimbcomment) diff --git a/rules/web/web_cve_CVE-2010-1657_exploitation_attempt.yaml b/rules/web/web_cve_CVE-2010-1657_exploitation_attempt.yaml index 447bbe514..74080bca7 100644 --- a/rules/web/web_cve_CVE-2010-1657_exploitation_attempt.yaml +++ b/rules/web/web_cve_CVE-2010-1657_exploitation_attempt.yaml @@ -1,6 +1,6 @@ title: CVE-2010-1657 exploitation attempt -id: 7bdc9bd3-8dcd-4187-ab28-98b20cc1d020 -Author: Subhash Popuri (@pbssubhash) +id: 41364f89-94ca-464d-8ab4-0c1348656707 +author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Directory traversal vulnerability in the SmartSite (com_smartsite) component diff --git a/rules/web/web_cve_CVE-2010-1718_exploitation_attempt.yaml b/rules/web/web_cve_CVE-2010-1718_exploitation_attempt.yaml index 148380f12..87d7b66af 100644 --- a/rules/web/web_cve_CVE-2010-1718_exploitation_attempt.yaml +++ b/rules/web/web_cve_CVE-2010-1718_exploitation_attempt.yaml @@ -1,6 +1,6 @@ title: CVE-2010-1718 exploitation attempt -id: a538251c-d600-43f3-8051-c3a83a5e8702 -Author: Subhash Popuri (@pbssubhash) +id: 14f01fca-dec5-4144-a40c-63488767b57f +author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Directory traversal vulnerability in archeryscores.php in the Archery diff --git a/rules/web/web_cve_CVE-2010-1722_exploitation_attempt.yaml b/rules/web/web_cve_CVE-2010-1722_exploitation_attempt.yaml index 941793208..eff648092 100644 --- a/rules/web/web_cve_CVE-2010-1722_exploitation_attempt.yaml +++ b/rules/web/web_cve_CVE-2010-1722_exploitation_attempt.yaml @@ -1,6 +1,6 @@ title: CVE-2010-1722 exploitation attempt -id: 84715b18-505d-4252-9470-03c98a3006e5 -Author: Subhash Popuri (@pbssubhash) +id: d1b8ce75-b746-48a9-ad5c-4d692f5a21a0 +author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Directory traversal vulnerability in the Online Market (com_market) component diff --git a/rules/web/web_cve_CVE-2010-1875_exploitation_attempt.yaml b/rules/web/web_cve_CVE-2010-1875_exploitation_attempt.yaml index 9bd796a52..356a6f8a0 100644 --- a/rules/web/web_cve_CVE-2010-1875_exploitation_attempt.yaml +++ b/rules/web/web_cve_CVE-2010-1875_exploitation_attempt.yaml @@ -1,6 +1,6 @@ title: CVE-2010-1875 exploitation attempt -id: af757e17-ad81-4a28-a551-49c17aa5113a -Author: Subhash Popuri (@pbssubhash) +id: 9fec2f12-8d56-4b94-8140-be92319e6282 +author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Directory traversal vulnerability in the Real Estate Property (com_properties) diff --git a/rules/web/web_cve_CVE-2010-1953_exploitation_attempt.yaml b/rules/web/web_cve_CVE-2010-1953_exploitation_attempt.yaml index 4f10cf4e9..cdcf71d5d 100644 --- a/rules/web/web_cve_CVE-2010-1953_exploitation_attempt.yaml +++ b/rules/web/web_cve_CVE-2010-1953_exploitation_attempt.yaml @@ -1,6 +1,6 @@ title: CVE-2010-1953 exploitation attempt -id: 0fc4af77-6974-4e50-bf5e-9f175304eb54 -Author: Subhash Popuri (@pbssubhash) +id: b83f9267-f61a-4a52-a39c-2244330665c8 +author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Directory traversal vulnerability in the iNetLanka Multiple Map (com_multimap) diff --git a/rules/web/web_cve_CVE-2010-1954_exploitation_attempt.yaml b/rules/web/web_cve_CVE-2010-1954_exploitation_attempt.yaml index 23ef26198..4430f4fb1 100644 --- a/rules/web/web_cve_CVE-2010-1954_exploitation_attempt.yaml +++ b/rules/web/web_cve_CVE-2010-1954_exploitation_attempt.yaml @@ -1,6 +1,6 @@ title: CVE-2010-1954 exploitation attempt -id: 2ccf65c5-e4b3-48f6-961e-93bbd537ca80 -Author: Subhash Popuri (@pbssubhash) +id: e15b002d-bfad-4ae6-8253-5c5e1d3d7c61 +author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Directory traversal vulnerability in the iNetLanka Multiple root (com_multiroot) diff --git a/rules/web/web_cve_CVE-2010-1955_exploitation_attempt.yaml b/rules/web/web_cve_CVE-2010-1955_exploitation_attempt.yaml index 10d81d675..6204191c8 100644 --- a/rules/web/web_cve_CVE-2010-1955_exploitation_attempt.yaml +++ b/rules/web/web_cve_CVE-2010-1955_exploitation_attempt.yaml @@ -1,6 +1,6 @@ title: CVE-2010-1955 exploitation attempt -id: 497c0911-226f-48a1-ac9f-518ffb98e65e -Author: Subhash Popuri (@pbssubhash) +id: e5ac823c-60fa-40c5-b7b2-965e023d3747 +author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Directory traversal vulnerability in the Deluxe Blog Factory (com_blogfactory) diff --git a/rules/web/web_cve_CVE-2010-1979_exploitation_attempt.yaml b/rules/web/web_cve_CVE-2010-1979_exploitation_attempt.yaml index 80eb18973..ee9852f82 100644 --- a/rules/web/web_cve_CVE-2010-1979_exploitation_attempt.yaml +++ b/rules/web/web_cve_CVE-2010-1979_exploitation_attempt.yaml @@ -1,6 +1,6 @@ title: CVE-2010-1979 exploitation attempt -id: 5b1c3030-e17b-43b3-b95e-952355a0f43f -Author: Subhash Popuri (@pbssubhash) +id: 62b49fe0-8735-4c00-ac45-52ac7b673174 +author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Directory traversal vulnerability in the Affiliate Datafeeds (com_datafeeds) diff --git a/rules/web/web_cve_CVE-2010-1983_exploitation_attempt.yaml b/rules/web/web_cve_CVE-2010-1983_exploitation_attempt.yaml index a29bfea42..2d32c4058 100644 --- a/rules/web/web_cve_CVE-2010-1983_exploitation_attempt.yaml +++ b/rules/web/web_cve_CVE-2010-1983_exploitation_attempt.yaml @@ -1,6 +1,6 @@ title: CVE-2010-1983 exploitation attempt -id: c4f29c4f-0281-4518-a824-88f259d92ef5 -Author: Subhash Popuri (@pbssubhash) +id: 7325d138-af8e-42a1-80eb-a6b69c32da79 +author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Directory traversal vulnerability in the redTWITTER (com_redtwitter) diff --git a/rules/web/web_cve_CVE-2010-2033_exploitation_attempt.yaml b/rules/web/web_cve_CVE-2010-2033_exploitation_attempt.yaml index 20b4dc702..171ec24e9 100644 --- a/rules/web/web_cve_CVE-2010-2033_exploitation_attempt.yaml +++ b/rules/web/web_cve_CVE-2010-2033_exploitation_attempt.yaml @@ -1,6 +1,6 @@ title: CVE-2010-2033 exploitation attempt -id: b5c6267a-7b2e-47c8-84dd-68a89ceb1e64 -Author: Subhash Popuri (@pbssubhash) +id: 2d38d9d5-b9a3-46dd-8f55-81c5961c21b2 +author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Directory traversal vulnerability in the Percha Fields Attach (com_perchafieldsattach) diff --git a/rules/web/web_cve_CVE-2010-2036_exploitation_attempt.yaml b/rules/web/web_cve_CVE-2010-2036_exploitation_attempt.yaml index f6c9adca4..06d0b88e8 100644 --- a/rules/web/web_cve_CVE-2010-2036_exploitation_attempt.yaml +++ b/rules/web/web_cve_CVE-2010-2036_exploitation_attempt.yaml @@ -1,6 +1,6 @@ title: CVE-2010-2036 exploitation attempt -id: 5f89e5fb-6f87-4fee-96b2-700e987a1c7e -Author: Subhash Popuri (@pbssubhash) +id: ae8ea246-0ec4-48ed-96b1-e6ad8a8a0274 +author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Directory traversal vulnerability in the Percha Fields Attach (com_perchafieldsattach) diff --git a/rules/web/web_cve_CVE-2010-2259_exploitation_attempt.yaml b/rules/web/web_cve_CVE-2010-2259_exploitation_attempt.yaml index 70cc525b4..3609a834c 100644 --- a/rules/web/web_cve_CVE-2010-2259_exploitation_attempt.yaml +++ b/rules/web/web_cve_CVE-2010-2259_exploitation_attempt.yaml @@ -1,6 +1,6 @@ title: CVE-2010-2259 exploitation attempt -id: 7ead4790-e0f8-41fa-bb14-f1d225964fd4 -Author: Subhash Popuri (@pbssubhash) +id: a64bc24c-39fc-4531-b0c3-9d26f439f246 +author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Directory traversal vulnerability in the BF Survey (com_bfsurvey) component diff --git a/rules/web/web_cve_CVE-2010-2307_exploitation_attempt.yaml b/rules/web/web_cve_CVE-2010-2307_exploitation_attempt.yaml index 32008b7c2..600ebee32 100644 --- a/rules/web/web_cve_CVE-2010-2307_exploitation_attempt.yaml +++ b/rules/web/web_cve_CVE-2010-2307_exploitation_attempt.yaml @@ -1,6 +1,6 @@ title: CVE-2010-2307 exploitation attempt -id: 6e0a4fc5-c7a5-40c6-a080-bc5a452637a9 -Author: Subhash Popuri (@pbssubhash) +id: 4d1124ea-beb9-4b9a-b75b-a76f61236a67 +author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Multiple directory traversal vulnerabilities in the web server for Motorola diff --git a/rules/web/web_cve_CVE-2010-2682_exploitation_attempt.yaml b/rules/web/web_cve_CVE-2010-2682_exploitation_attempt.yaml index 01e0fedc8..94fcbdbc8 100644 --- a/rules/web/web_cve_CVE-2010-2682_exploitation_attempt.yaml +++ b/rules/web/web_cve_CVE-2010-2682_exploitation_attempt.yaml @@ -1,6 +1,6 @@ title: CVE-2010-2682 exploitation attempt -id: 5f7ea8cf-47e3-46e6-a173-43a99c904e43 -Author: Subhash Popuri (@pbssubhash) +id: c190dd5f-7b3c-4184-bca0-94129a1a0cdb +author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Directory traversal vulnerability in the Realtyna Translator (com_realtyna) diff --git a/rules/web/web_cve_CVE-2010-2861_exploitation_attempt.yaml b/rules/web/web_cve_CVE-2010-2861_exploitation_attempt.yaml index 7dc8e6df0..6513ed687 100644 --- a/rules/web/web_cve_CVE-2010-2861_exploitation_attempt.yaml +++ b/rules/web/web_cve_CVE-2010-2861_exploitation_attempt.yaml @@ -1,6 +1,6 @@ title: CVE-2010-2861 exploitation attempt -id: 21032758-8761-4a18-8f66-bace612e2481 -Author: Subhash Popuri (@pbssubhash) +id: d98ff4e9-b11e-40b7-a536-b71bd1800042 +author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Multiple directory traversal vulnerabilities in the administrator console diff --git a/rules/web/web_cve_CVE-2010-3426_exploitation_attempt.yaml b/rules/web/web_cve_CVE-2010-3426_exploitation_attempt.yaml index ad2dab17a..8d50a3c82 100644 --- a/rules/web/web_cve_CVE-2010-3426_exploitation_attempt.yaml +++ b/rules/web/web_cve_CVE-2010-3426_exploitation_attempt.yaml @@ -1,6 +1,6 @@ title: CVE-2010-3426 exploitation attempt -id: 06621f7e-2987-4625-8c42-d66951a9da9d -Author: Subhash Popuri (@pbssubhash) +id: 3178d248-aa37-4f7c-97ee-3c16809bca69 +author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Directory traversal vulnerability in jphone.php in the JPhone (com_jphone) diff --git a/rules/web/web_cve_CVE-2010-4231_exploitation_attempt.yaml b/rules/web/web_cve_CVE-2010-4231_exploitation_attempt.yaml index 5e4062f30..e8a4bb989 100644 --- a/rules/web/web_cve_CVE-2010-4231_exploitation_attempt.yaml +++ b/rules/web/web_cve_CVE-2010-4231_exploitation_attempt.yaml @@ -1,6 +1,6 @@ title: CVE-2010-4231 exploitation attempt -id: 8eb41b36-2b5a-44e0-a44b-b0ebdbff3e1b -Author: Subhash Popuri (@pbssubhash) +id: 52c315b8-c56e-41b9-ace4-fdfdc593657d +author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: The CMNC-200 IP Camera has a built-in web server that is enabled by default. diff --git a/rules/web/web_cve_CVE-2010-4617_exploitation_attempt.yaml b/rules/web/web_cve_CVE-2010-4617_exploitation_attempt.yaml index 080cc8810..9384cf9d3 100644 --- a/rules/web/web_cve_CVE-2010-4617_exploitation_attempt.yaml +++ b/rules/web/web_cve_CVE-2010-4617_exploitation_attempt.yaml @@ -1,6 +1,6 @@ title: CVE-2010-4617 exploitation attempt -id: ed14d2cb-8716-4ab1-a819-36d173e617ab -Author: Subhash Popuri (@pbssubhash) +id: cc29de7e-88e9-4deb-ac0b-5072745ba6d5 +author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Directory traversal vulnerability in the JotLoader (com_jotloader) component diff --git a/rules/web/web_cve_CVE-2010-5278_exploitation_attempt.yaml b/rules/web/web_cve_CVE-2010-5278_exploitation_attempt.yaml index cf20ed0ee..fb25c1370 100644 --- a/rules/web/web_cve_CVE-2010-5278_exploitation_attempt.yaml +++ b/rules/web/web_cve_CVE-2010-5278_exploitation_attempt.yaml @@ -1,6 +1,6 @@ title: CVE-2010-5278 exploitation attempt -id: 57bb7f1b-bb41-400d-a6e4-7eb2b70b3593 -Author: Subhash Popuri (@pbssubhash) +id: 55a72ccd-4f16-42a7-afc8-f7958035bf90 +author: Subhash Popuri (@pbssubhash) date: 25/08/2021 status: experimental description: Directory traversal vulnerability in manager/controllers/default/resource/tvs.php From 39daebffa4d5073a7ba3fc5ebdc0507ee75aa588 Mon Sep 17 00:00:00 2001 From: frack113 <62423083+frack113@users.noreply.github.com> Date: Wed, 25 Aug 2021 20:02:38 +0200 Subject: [PATCH 09/17] Cleanup --- ...eb_cve_2010_5278_exploitation_attempt.yml} | 22 +++++++++---------- 1 file changed, 10 insertions(+), 12 deletions(-) rename rules/web/{web_cve_CVE-2010-5278_exploitation_attempt.yaml => web_cve_2010_5278_exploitation_attempt.yml} (52%) diff --git a/rules/web/web_cve_CVE-2010-5278_exploitation_attempt.yaml b/rules/web/web_cve_2010_5278_exploitation_attempt.yml similarity index 52% rename from rules/web/web_cve_CVE-2010-5278_exploitation_attempt.yaml rename to rules/web/web_cve_2010_5278_exploitation_attempt.yml index fb25c1370..49100bc5c 100644 --- a/rules/web/web_cve_CVE-2010-5278_exploitation_attempt.yaml +++ b/rules/web/web_cve_2010_5278_exploitation_attempt.yml @@ -1,26 +1,24 @@ -title: CVE-2010-5278 exploitation attempt +title: CVE-2010-5278 Exploitation Attempt id: 55a72ccd-4f16-42a7-afc8-f7958035bf90 author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 +date: 2021/08/25 status: experimental description: Directory traversal vulnerability in manager/controllers/default/resource/tvs.php in MODx Revolution 2.0.2-pl, and possibly earlier, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the class_key parameter. references: -- https://www.exploit-db.com/exploits/34788 -- https://www.cvedetails.com/cve/CVE-2010-5278 -- https://github.com/projectdiscovery/nuclei-templates + - https://www.exploit-db.com/exploits/34788 + - https://www.cvedetails.com/cve/CVE-2010-5278 + - https://github.com/projectdiscovery/nuclei-templates detection: selection: - c-uri|contains: - - /manager/controllers/default/resource/tvs.php?class_key=../../../../../../../../../../windows/win.ini%00 + c-uri|contains: '/manager/controllers/default/resource/tvs.php?class_key=../../../../../../../../../../windows/win.ini%00' condition: selection false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown + - Scanning from Nuclei + - Penetration Testing Activity tags: -- attack.initial_access -- attack.t1190 + - attack.initial_access + - attack.t1190 level: critical From bdb8dbc0dee81e235552d466f71582d29a85b1c6 Mon Sep 17 00:00:00 2001 From: frack113 <62423083+frack113@users.noreply.github.com> Date: Wed, 25 Aug 2021 20:04:38 +0200 Subject: [PATCH 10/17] fix title Joomla JaShowcase --- rules/web/web_cve_2010_5278_exploitation_attempt.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/web/web_cve_2010_5278_exploitation_attempt.yml b/rules/web/web_cve_2010_5278_exploitation_attempt.yml index 49100bc5c..3540cbf38 100644 --- a/rules/web/web_cve_2010_5278_exploitation_attempt.yml +++ b/rules/web/web_cve_2010_5278_exploitation_attempt.yml @@ -1,4 +1,4 @@ -title: CVE-2010-5278 Exploitation Attempt +title: CVE-2010-5278 Joomla JaShowcase Exploitation Attempt id: 55a72ccd-4f16-42a7-afc8-f7958035bf90 author: Subhash Popuri (@pbssubhash) date: 2021/08/25 From 014ac2d24e5adcaf9cb94b613118399988ca58e1 Mon Sep 17 00:00:00 2001 From: pbssubhash Date: Sun, 12 Sep 2021 18:09:14 +0530 Subject: [PATCH 11/17] Modifying Rules --- ...eb_cve-2010-0943_exploitation_attempt.yaml | 24 +++++++++++++++++ ...eb_cve-2010-0944_exploitation_attempt.yaml | 24 +++++++++++++++++ ...eb_cve-2010-0985_exploitation_attempt.yaml | 24 +++++++++++++++++ ...eb_cve-2010-1219_exploitation_attempt.yaml | 24 +++++++++++++++++ ...eb_cve-2010-1304_exploitation_attempt.yaml | 24 +++++++++++++++++ ...eb_cve-2010-1305_exploitation_attempt.yaml | 25 +++++++++++++++++ ...eb_cve-2010-1306_exploitation_attempt.yaml | 24 +++++++++++++++++ ...eb_cve-2010-1307_exploitation_attempt.yaml | 24 +++++++++++++++++ ...eb_cve-2010-1308_exploitation_attempt.yaml | 24 +++++++++++++++++ ...eb_cve-2010-1312_exploitation_attempt.yaml | 24 +++++++++++++++++ ...eb_cve-2010-1313_exploitation_attempt.yaml | 24 +++++++++++++++++ ...eb_cve-2010-1314_exploitation_attempt.yaml | 24 +++++++++++++++++ ...eb_cve-2010-1345_exploitation_attempt.yaml | 24 +++++++++++++++++ ...eb_cve-2010-1353_exploitation_attempt.yaml | 23 ++++++++++++++++ ...eb_cve-2010-1354_exploitation_attempt.yaml | 24 +++++++++++++++++ ...eb_cve-2010-1470_exploitation_attempt.yaml | 24 +++++++++++++++++ ...eb_cve-2010-1471_exploitation_attempt.yaml | 24 +++++++++++++++++ ...eb_cve-2010-1472_exploitation_attempt.yaml | 24 +++++++++++++++++ ...eb_cve-2010-1473_exploitation_attempt.yaml | 24 +++++++++++++++++ ...eb_cve-2010-1474_exploitation_attempt.yaml | 24 +++++++++++++++++ ...eb_cve-2010-1475_exploitation_attempt.yaml | 24 +++++++++++++++++ ...eb_cve-2010-1476_exploitation_attempt.yaml | 24 +++++++++++++++++ ...eb_cve-2010-1494_exploitation_attempt.yaml | 24 +++++++++++++++++ ...eb_cve-2010-1495_exploitation_attempt.yaml | 24 +++++++++++++++++ ...eb_cve-2010-1532_exploitation_attempt.yaml | 24 +++++++++++++++++ ...eb_cve-2010-1533_exploitation_attempt.yaml | 24 +++++++++++++++++ ...eb_cve-2010-1534_exploitation_attempt.yaml | 24 +++++++++++++++++ ...eb_cve-2010-1535_exploitation_attempt.yaml | 24 +++++++++++++++++ ...eb_cve-2010-1601_exploitation_attempt.yaml | 23 ++++++++++++++++ ...eb_cve-2010-1602_exploitation_attempt.yaml | 24 +++++++++++++++++ ...eb_cve-2010-1607_exploitation_attempt.yaml | 24 +++++++++++++++++ ...eb_cve-2010-1657_exploitation_attempt.yaml | 24 +++++++++++++++++ ...eb_cve-2010-1659_exploitation_attempt.yaml | 24 +++++++++++++++++ ...eb_cve-2010-1714_exploitation_attempt.yaml | 24 +++++++++++++++++ ...eb_cve-2010-1717_exploitation_attempt.yaml | 24 +++++++++++++++++ ...eb_cve-2010-1718_exploitation_attempt.yaml | 24 +++++++++++++++++ ...eb_cve-2010-1719_exploitation_attempt.yaml | 24 +++++++++++++++++ ...eb_cve-2010-1722_exploitation_attempt.yaml | 24 +++++++++++++++++ ...eb_cve-2010-1875_exploitation_attempt.yaml | 24 +++++++++++++++++ ...eb_cve-2010-1953_exploitation_attempt.yaml | 24 +++++++++++++++++ ...eb_cve-2010-1954_exploitation_attempt.yaml | 24 +++++++++++++++++ ...eb_cve-2010-1955_exploitation_attempt.yaml | 24 +++++++++++++++++ ...eb_cve-2010-1956_exploitation_attempt.yaml | 24 +++++++++++++++++ ...eb_cve-2010-1979_exploitation_attempt.yaml | 24 +++++++++++++++++ ...eb_cve-2010-1980_exploitation_attempt.yaml | 24 +++++++++++++++++ ...eb_cve-2010-1981_exploitation_attempt.yaml | 24 +++++++++++++++++ ...eb_cve-2010-1983_exploitation_attempt.yaml | 24 +++++++++++++++++ ...eb_cve-2010-2033_exploitation_attempt.yaml | 24 +++++++++++++++++ ...eb_cve-2010-2034_exploitation_attempt.yaml | 24 +++++++++++++++++ ...eb_cve-2010-2035_exploitation_attempt.yaml | 24 +++++++++++++++++ ...eb_cve-2010-2036_exploitation_attempt.yaml | 24 +++++++++++++++++ ...eb_cve-2010-2122_exploitation_attempt.yaml | 24 +++++++++++++++++ ...eb_cve-2010-2259_exploitation_attempt.yaml | 24 +++++++++++++++++ ...eb_cve-2010-2307_exploitation_attempt.yaml | 25 +++++++++++++++++ ...eb_cve-2010-2682_exploitation_attempt.yaml | 24 +++++++++++++++++ ...eb_cve-2010-2861_exploitation_attempt.yaml | 25 +++++++++++++++++ ...eb_cve-2010-2920_exploitation_attempt.yaml | 24 +++++++++++++++++ ...eb_cve-2010-3426_exploitation_attempt.yaml | 24 +++++++++++++++++ ...eb_cve-2010-4231_exploitation_attempt.yaml | 23 ++++++++++++++++ ...eb_cve-2010-4617_exploitation_attempt.yaml | 24 +++++++++++++++++ ...eb_cve-2010-5278_exploitation_attempt.yaml | 24 +++++++++++++++++ ...ve_CVE-2010-0943_exploitation_attempt.yaml | 25 ----------------- ...ve_CVE-2010-0944_exploitation_attempt.yaml | 25 ----------------- ...ve_CVE-2010-1306_exploitation_attempt.yaml | 23 ---------------- ...ve_CVE-2010-1314_exploitation_attempt.yaml | 23 ---------------- ...ve_CVE-2010-1345_exploitation_attempt.yaml | 23 ---------------- ...ve_CVE-2010-1353_exploitation_attempt.yaml | 25 ----------------- ...ve_CVE-2010-1474_exploitation_attempt.yaml | 26 ------------------ ...ve_CVE-2010-1475_exploitation_attempt.yaml | 24 ----------------- ...ve_CVE-2010-1495_exploitation_attempt.yaml | 25 ----------------- ...ve_CVE-2010-1532_exploitation_attempt.yaml | 24 ----------------- ...ve_CVE-2010-1533_exploitation_attempt.yaml | 23 ---------------- ...ve_CVE-2010-1535_exploitation_attempt.yaml | 24 ----------------- ...ve_CVE-2010-1602_exploitation_attempt.yaml | 26 ------------------ ...ve_CVE-2010-1657_exploitation_attempt.yaml | 25 ----------------- ...ve_CVE-2010-1718_exploitation_attempt.yaml | 24 ----------------- ...ve_CVE-2010-1722_exploitation_attempt.yaml | 25 ----------------- ...ve_CVE-2010-1875_exploitation_attempt.yaml | 26 ------------------ ...ve_CVE-2010-1953_exploitation_attempt.yaml | 25 ----------------- ...ve_CVE-2010-1954_exploitation_attempt.yaml | 23 ---------------- ...ve_CVE-2010-1955_exploitation_attempt.yaml | 25 ----------------- ...ve_CVE-2010-1979_exploitation_attempt.yaml | 25 ----------------- ...ve_CVE-2010-1983_exploitation_attempt.yaml | 25 ----------------- ...ve_CVE-2010-2033_exploitation_attempt.yaml | 26 ------------------ ...ve_CVE-2010-2036_exploitation_attempt.yaml | 26 ------------------ ...ve_CVE-2010-2259_exploitation_attempt.yaml | 25 ----------------- ...ve_CVE-2010-2307_exploitation_attempt.yaml | 26 ------------------ ...ve_CVE-2010-2682_exploitation_attempt.yaml | 26 ------------------ ...ve_CVE-2010-2861_exploitation_attempt.yaml | 27 ------------------- ...ve_CVE-2010-3426_exploitation_attempt.yaml | 23 ---------------- ...ve_CVE-2010-4231_exploitation_attempt.yaml | 25 ----------------- ...ve_CVE-2010-4617_exploitation_attempt.yaml | 25 ----------------- 92 files changed, 1464 insertions(+), 768 deletions(-) create mode 100644 rules/web/web_cve-2010-0943_exploitation_attempt.yaml create mode 100644 rules/web/web_cve-2010-0944_exploitation_attempt.yaml create mode 100644 rules/web/web_cve-2010-0985_exploitation_attempt.yaml create mode 100644 rules/web/web_cve-2010-1219_exploitation_attempt.yaml create mode 100644 rules/web/web_cve-2010-1304_exploitation_attempt.yaml create mode 100644 rules/web/web_cve-2010-1305_exploitation_attempt.yaml create mode 100644 rules/web/web_cve-2010-1306_exploitation_attempt.yaml create mode 100644 rules/web/web_cve-2010-1307_exploitation_attempt.yaml create mode 100644 rules/web/web_cve-2010-1308_exploitation_attempt.yaml create mode 100644 rules/web/web_cve-2010-1312_exploitation_attempt.yaml create mode 100644 rules/web/web_cve-2010-1313_exploitation_attempt.yaml create mode 100644 rules/web/web_cve-2010-1314_exploitation_attempt.yaml create mode 100644 rules/web/web_cve-2010-1345_exploitation_attempt.yaml create mode 100644 rules/web/web_cve-2010-1353_exploitation_attempt.yaml create mode 100644 rules/web/web_cve-2010-1354_exploitation_attempt.yaml create mode 100644 rules/web/web_cve-2010-1470_exploitation_attempt.yaml create mode 100644 rules/web/web_cve-2010-1471_exploitation_attempt.yaml create mode 100644 rules/web/web_cve-2010-1472_exploitation_attempt.yaml create mode 100644 rules/web/web_cve-2010-1473_exploitation_attempt.yaml create mode 100644 rules/web/web_cve-2010-1474_exploitation_attempt.yaml create mode 100644 rules/web/web_cve-2010-1475_exploitation_attempt.yaml create mode 100644 rules/web/web_cve-2010-1476_exploitation_attempt.yaml create mode 100644 rules/web/web_cve-2010-1494_exploitation_attempt.yaml create mode 100644 rules/web/web_cve-2010-1495_exploitation_attempt.yaml create mode 100644 rules/web/web_cve-2010-1532_exploitation_attempt.yaml create mode 100644 rules/web/web_cve-2010-1533_exploitation_attempt.yaml create mode 100644 rules/web/web_cve-2010-1534_exploitation_attempt.yaml create mode 100644 rules/web/web_cve-2010-1535_exploitation_attempt.yaml create mode 100644 rules/web/web_cve-2010-1601_exploitation_attempt.yaml create mode 100644 rules/web/web_cve-2010-1602_exploitation_attempt.yaml create mode 100644 rules/web/web_cve-2010-1607_exploitation_attempt.yaml create mode 100644 rules/web/web_cve-2010-1657_exploitation_attempt.yaml create mode 100644 rules/web/web_cve-2010-1659_exploitation_attempt.yaml create mode 100644 rules/web/web_cve-2010-1714_exploitation_attempt.yaml create mode 100644 rules/web/web_cve-2010-1717_exploitation_attempt.yaml create mode 100644 rules/web/web_cve-2010-1718_exploitation_attempt.yaml create mode 100644 rules/web/web_cve-2010-1719_exploitation_attempt.yaml create mode 100644 rules/web/web_cve-2010-1722_exploitation_attempt.yaml create mode 100644 rules/web/web_cve-2010-1875_exploitation_attempt.yaml create mode 100644 rules/web/web_cve-2010-1953_exploitation_attempt.yaml create mode 100644 rules/web/web_cve-2010-1954_exploitation_attempt.yaml create mode 100644 rules/web/web_cve-2010-1955_exploitation_attempt.yaml create mode 100644 rules/web/web_cve-2010-1956_exploitation_attempt.yaml create mode 100644 rules/web/web_cve-2010-1979_exploitation_attempt.yaml create mode 100644 rules/web/web_cve-2010-1980_exploitation_attempt.yaml create mode 100644 rules/web/web_cve-2010-1981_exploitation_attempt.yaml create mode 100644 rules/web/web_cve-2010-1983_exploitation_attempt.yaml create mode 100644 rules/web/web_cve-2010-2033_exploitation_attempt.yaml create mode 100644 rules/web/web_cve-2010-2034_exploitation_attempt.yaml create mode 100644 rules/web/web_cve-2010-2035_exploitation_attempt.yaml create mode 100644 rules/web/web_cve-2010-2036_exploitation_attempt.yaml create mode 100644 rules/web/web_cve-2010-2122_exploitation_attempt.yaml create mode 100644 rules/web/web_cve-2010-2259_exploitation_attempt.yaml create mode 100644 rules/web/web_cve-2010-2307_exploitation_attempt.yaml create mode 100644 rules/web/web_cve-2010-2682_exploitation_attempt.yaml create mode 100644 rules/web/web_cve-2010-2861_exploitation_attempt.yaml create mode 100644 rules/web/web_cve-2010-2920_exploitation_attempt.yaml create mode 100644 rules/web/web_cve-2010-3426_exploitation_attempt.yaml create mode 100644 rules/web/web_cve-2010-4231_exploitation_attempt.yaml create mode 100644 rules/web/web_cve-2010-4617_exploitation_attempt.yaml create mode 100644 rules/web/web_cve-2010-5278_exploitation_attempt.yaml delete mode 100644 rules/web/web_cve_CVE-2010-0943_exploitation_attempt.yaml delete mode 100644 rules/web/web_cve_CVE-2010-0944_exploitation_attempt.yaml delete mode 100644 rules/web/web_cve_CVE-2010-1306_exploitation_attempt.yaml delete mode 100644 rules/web/web_cve_CVE-2010-1314_exploitation_attempt.yaml delete mode 100644 rules/web/web_cve_CVE-2010-1345_exploitation_attempt.yaml delete mode 100644 rules/web/web_cve_CVE-2010-1353_exploitation_attempt.yaml delete mode 100644 rules/web/web_cve_CVE-2010-1474_exploitation_attempt.yaml delete mode 100644 rules/web/web_cve_CVE-2010-1475_exploitation_attempt.yaml delete mode 100644 rules/web/web_cve_CVE-2010-1495_exploitation_attempt.yaml delete mode 100644 rules/web/web_cve_CVE-2010-1532_exploitation_attempt.yaml delete mode 100644 rules/web/web_cve_CVE-2010-1533_exploitation_attempt.yaml delete mode 100644 rules/web/web_cve_CVE-2010-1535_exploitation_attempt.yaml delete mode 100644 rules/web/web_cve_CVE-2010-1602_exploitation_attempt.yaml delete mode 100644 rules/web/web_cve_CVE-2010-1657_exploitation_attempt.yaml delete mode 100644 rules/web/web_cve_CVE-2010-1718_exploitation_attempt.yaml delete mode 100644 rules/web/web_cve_CVE-2010-1722_exploitation_attempt.yaml delete mode 100644 rules/web/web_cve_CVE-2010-1875_exploitation_attempt.yaml delete mode 100644 rules/web/web_cve_CVE-2010-1953_exploitation_attempt.yaml delete mode 100644 rules/web/web_cve_CVE-2010-1954_exploitation_attempt.yaml delete mode 100644 rules/web/web_cve_CVE-2010-1955_exploitation_attempt.yaml delete mode 100644 rules/web/web_cve_CVE-2010-1979_exploitation_attempt.yaml delete mode 100644 rules/web/web_cve_CVE-2010-1983_exploitation_attempt.yaml delete mode 100644 rules/web/web_cve_CVE-2010-2033_exploitation_attempt.yaml delete mode 100644 rules/web/web_cve_CVE-2010-2036_exploitation_attempt.yaml delete mode 100644 rules/web/web_cve_CVE-2010-2259_exploitation_attempt.yaml delete mode 100644 rules/web/web_cve_CVE-2010-2307_exploitation_attempt.yaml delete mode 100644 rules/web/web_cve_CVE-2010-2682_exploitation_attempt.yaml delete mode 100644 rules/web/web_cve_CVE-2010-2861_exploitation_attempt.yaml delete mode 100644 rules/web/web_cve_CVE-2010-3426_exploitation_attempt.yaml delete mode 100644 rules/web/web_cve_CVE-2010-4231_exploitation_attempt.yaml delete mode 100644 rules/web/web_cve_CVE-2010-4617_exploitation_attempt.yaml diff --git a/rules/web/web_cve-2010-0943_exploitation_attempt.yaml b/rules/web/web_cve-2010-0943_exploitation_attempt.yaml new file mode 100644 index 000000000..52d23982f --- /dev/null +++ b/rules/web/web_cve-2010-0943_exploitation_attempt.yaml @@ -0,0 +1,24 @@ +title: CVE-2010-0943 exploitation attempt +id: 7341b3ab-aed8-470b-b3b3-baee54357b21 +author: Subhash Popuri (@pbssubhash) +date: 2021/08/25 +status: experimental +description: Joomla! Component com_jashowcase - Directory Traversal:Directory traversal + vulnerability in the JA Showcase (com_jashowcase) component for Joomla! allows remote + attackers to read arbitrary files via a .. (dot dot) in the controller parameter + in a jashowcase action to index.php. +references: + - https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_jashowcase&view=jashowcase&controller=../../../../../../../etc/passwd%00 + condition: selection +false_positives: + - Scanning from Nuclei + - Penetration Testing Activity + - Unknown +tags: + - attack.initial_access + - attack.t1190 +level: critical diff --git a/rules/web/web_cve-2010-0944_exploitation_attempt.yaml b/rules/web/web_cve-2010-0944_exploitation_attempt.yaml new file mode 100644 index 000000000..3bcd121b8 --- /dev/null +++ b/rules/web/web_cve-2010-0944_exploitation_attempt.yaml @@ -0,0 +1,24 @@ +title: CVE-2010-0944 exploitation attempt +id: 99eb6dd1-7eef-4210-862c-a4289b0eb3c1 +author: Subhash Popuri (@pbssubhash) +date: 2021/08/25 +status: experimental +description: Joomla! Component com_jcollection - Directory Traversal:Directory traversal + vulnerability in the JCollection (com_jcollection) component for Joomla! allows + remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter + to index.php. +references: + - https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_jcollection&controller=../../../../../../../etc/passwd%00 + condition: selection +false_positives: + - Scanning from Nuclei + - Penetration Testing Activity + - Unknown +tags: + - attack.initial_access + - attack.t1190 +level: critical diff --git a/rules/web/web_cve-2010-0985_exploitation_attempt.yaml b/rules/web/web_cve-2010-0985_exploitation_attempt.yaml new file mode 100644 index 000000000..13e1971a3 --- /dev/null +++ b/rules/web/web_cve-2010-0985_exploitation_attempt.yaml @@ -0,0 +1,24 @@ +title: CVE-2010-0985 exploitation attempt +id: 299f62c1-9e8a-43cc-b018-98d469f5654b +author: Subhash Popuri (@pbssubhash) +date: 2021/08/25 +status: experimental +description: Joomla! Component com_abbrev - Local File Inclusion:Directory traversal + vulnerability in the Abbreviations Manager (com_abbrev) component 1.1 for Joomla! + allows remote attackers to include and execute arbitrary local files via a .. (dot + dot) in the controller parameter to index.php. +references: + - https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_abbrev&controller=../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: + - Scanning from Nuclei + - Penetration Testing Activity + - Unknown +tags: + - attack.initial_access + - attack.t1190 +level: critical diff --git a/rules/web/web_cve-2010-1219_exploitation_attempt.yaml b/rules/web/web_cve-2010-1219_exploitation_attempt.yaml new file mode 100644 index 000000000..741d57a3d --- /dev/null +++ b/rules/web/web_cve-2010-1219_exploitation_attempt.yaml @@ -0,0 +1,24 @@ +title: CVE-2010-1219 exploitation attempt +id: c72b9df0-2e24-4c59-a18d-2ce9f309011c +author: Subhash Popuri (@pbssubhash) +date: 2021/08/25 +status: experimental +description: Joomla! Component com_janews - Local File Inclusion:Directory traversal + vulnerability in the JA News (com_janews) component 1.0 for Joomla! allows remote + attackers to read arbitrary local files via a .. (dot dot) in the controller parameter + to index.php. +references: + - https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_janews&controller=../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: + - Scanning from Nuclei + - Penetration Testing Activity + - Unknown +tags: + - attack.initial_access + - attack.t1190 +level: critical diff --git a/rules/web/web_cve-2010-1304_exploitation_attempt.yaml b/rules/web/web_cve-2010-1304_exploitation_attempt.yaml new file mode 100644 index 000000000..62c8e7681 --- /dev/null +++ b/rules/web/web_cve-2010-1304_exploitation_attempt.yaml @@ -0,0 +1,24 @@ +title: CVE-2010-1304 exploitation attempt +id: d43a3260-6661-4963-ae51-1516b410eab4 +author: Subhash Popuri (@pbssubhash) +date: 2021/08/25 +status: experimental +description: Joomla! Component User Status - Local File Inclusion:Directory traversal + vulnerability in userstatus.php in the User Status (com_userstatus) component 1.21.16 + for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in + the controller parameter to index.php. +references: + - https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_userstatus&controller=../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: + - Scanning from Nuclei + - Penetration Testing Activity + - Unknown +tags: + - attack.initial_access + - attack.t1190 +level: critical diff --git a/rules/web/web_cve-2010-1305_exploitation_attempt.yaml b/rules/web/web_cve-2010-1305_exploitation_attempt.yaml new file mode 100644 index 000000000..ac18cb0a4 --- /dev/null +++ b/rules/web/web_cve-2010-1305_exploitation_attempt.yaml @@ -0,0 +1,25 @@ +title: CVE-2010-1305 exploitation attempt +id: 4ad4e3e9-c2ec-4f11-ae69-686317089de1 +author: Subhash Popuri (@pbssubhash) +date: 2021/08/25 +status: experimental +description: Joomla! Component JInventory 1.23.02 - Local File Inclusion:Directory + traversal vulnerability in jinventory.php in the JInventory (com_jinventory) component + 1.23.02 and possibly other versions before 1.26.03, a module for Joomla!, allows + remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter + to index.php. +references: + - https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_jinventory&controller=../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: + - Scanning from Nuclei + - Penetration Testing Activity + - Unknown +tags: + - attack.initial_access + - attack.t1190 +level: critical diff --git a/rules/web/web_cve-2010-1306_exploitation_attempt.yaml b/rules/web/web_cve-2010-1306_exploitation_attempt.yaml new file mode 100644 index 000000000..8efdc7f93 --- /dev/null +++ b/rules/web/web_cve-2010-1306_exploitation_attempt.yaml @@ -0,0 +1,24 @@ +title: CVE-2010-1306 exploitation attempt +id: 6eef2e17-dda2-4c9d-8e1f-9f28d02cbb68 +author: Subhash Popuri (@pbssubhash) +date: 2021/08/25 +status: experimental +description: Joomla! Component Picasa 2.0 - Local File Inclusion:Directory traversal + vulnerability in the Picasa (com_joomlapicasa2) component 2.0 and 2.0.5 for Joomla! + allows remote attackers to read arbitrary local files via a .. (dot dot) in the + controller parameter to index.php. +references: + - https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_joomlapicasa2&controller=../../../../../etc/passwd%00 + condition: selection +false_positives: + - Scanning from Nuclei + - Penetration Testing Activity + - Unknown +tags: + - attack.initial_access + - attack.t1190 +level: critical diff --git a/rules/web/web_cve-2010-1307_exploitation_attempt.yaml b/rules/web/web_cve-2010-1307_exploitation_attempt.yaml new file mode 100644 index 000000000..15558f07e --- /dev/null +++ b/rules/web/web_cve-2010-1307_exploitation_attempt.yaml @@ -0,0 +1,24 @@ +title: CVE-2010-1307 exploitation attempt +id: 57eb5063-d907-440a-8194-6a304a2c33dc +author: Subhash Popuri (@pbssubhash) +date: 2021/08/25 +status: experimental +description: Joomla! Component Magic Updater - Local File Inclusion:Directory traversal + vulnerability in the Magic Updater (com_joomlaupdater) component for Joomla! allows + remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter + to index.php. +references: + - https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_joomlaupdater&controller=../../../../../../../etc/passwd%00 + condition: selection +false_positives: + - Scanning from Nuclei + - Penetration Testing Activity + - Unknown +tags: + - attack.initial_access + - attack.t1190 +level: critical diff --git a/rules/web/web_cve-2010-1308_exploitation_attempt.yaml b/rules/web/web_cve-2010-1308_exploitation_attempt.yaml new file mode 100644 index 000000000..bf0e78b57 --- /dev/null +++ b/rules/web/web_cve-2010-1308_exploitation_attempt.yaml @@ -0,0 +1,24 @@ +title: CVE-2010-1308 exploitation attempt +id: 2ab1d26f-292d-48ef-b821-30000ca2d796 +author: Subhash Popuri (@pbssubhash) +date: 2021/08/25 +status: experimental +description: Joomla! Component SVMap 1.1.1 - Local File Inclusion:Directory traversal + vulnerability in the SVMap (com_svmap) component 1.1.1 for Joomla! allows remote + attackers to read arbitrary files via a .. (dot dot) in the controller parameter + to index.php. +references: + - https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_svmap&controller=../../../../../../../etc/passwd%00 + condition: selection +false_positives: + - Scanning from Nuclei + - Penetration Testing Activity + - Unknown +tags: + - attack.initial_access + - attack.t1190 +level: critical diff --git a/rules/web/web_cve-2010-1312_exploitation_attempt.yaml b/rules/web/web_cve-2010-1312_exploitation_attempt.yaml new file mode 100644 index 000000000..8dff65893 --- /dev/null +++ b/rules/web/web_cve-2010-1312_exploitation_attempt.yaml @@ -0,0 +1,24 @@ +title: CVE-2010-1312 exploitation attempt +id: 72d483b1-ef4e-4da4-a56b-d388d5fc55e4 +author: Subhash Popuri (@pbssubhash) +date: 2021/08/25 +status: experimental +description: Joomla! Component News Portal 1.5.x - Local File Inclusion:Directory + traversal vulnerability in the iJoomla News Portal (com_news_portal) component 1.5.x + for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in + the controller parameter to index.php. +references: + - https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_news_portal&controller=../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: + - Scanning from Nuclei + - Penetration Testing Activity + - Unknown +tags: + - attack.initial_access + - attack.t1190 +level: critical diff --git a/rules/web/web_cve-2010-1313_exploitation_attempt.yaml b/rules/web/web_cve-2010-1313_exploitation_attempt.yaml new file mode 100644 index 000000000..6722ac485 --- /dev/null +++ b/rules/web/web_cve-2010-1313_exploitation_attempt.yaml @@ -0,0 +1,24 @@ +title: CVE-2010-1313 exploitation attempt +id: a9cfe674-5625-47c0-aa7b-ed19fb5aebc1 +author: Subhash Popuri (@pbssubhash) +date: 2021/08/25 +status: experimental +description: Joomla! Component Saber Cart 1.0.0.12 - Local File Inclusion:Directory + traversal vulnerability in the Seber Cart (com_sebercart) component 1.0.0.12 and + 1.0.0.13 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers + to read arbitrary files via a .. (dot dot) in the view parameter to index.php. +references: + - https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_sebercart&view=../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: + - Scanning from Nuclei + - Penetration Testing Activity + - Unknown +tags: + - attack.initial_access + - attack.t1190 +level: critical diff --git a/rules/web/web_cve-2010-1314_exploitation_attempt.yaml b/rules/web/web_cve-2010-1314_exploitation_attempt.yaml new file mode 100644 index 000000000..37a26d24b --- /dev/null +++ b/rules/web/web_cve-2010-1314_exploitation_attempt.yaml @@ -0,0 +1,24 @@ +title: CVE-2010-1314 exploitation attempt +id: c54f2a94-b8eb-4b33-a430-f219b97a85e1 +author: Subhash Popuri (@pbssubhash) +date: 2021/08/25 +status: experimental +description: Joomla! Component Highslide 1.5 - Local File Inclusion:Directory traversal + vulnerability in the Highslide JS (com_hsconfig) component 1.5 and 2.0.9 for Joomla! + allows remote attackers to read arbitrary files via a .. (dot dot) in the controller + parameter to index.php. +references: + - https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_hsconfig&controller=../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: + - Scanning from Nuclei + - Penetration Testing Activity + - Unknown +tags: + - attack.initial_access + - attack.t1190 +level: critical diff --git a/rules/web/web_cve-2010-1345_exploitation_attempt.yaml b/rules/web/web_cve-2010-1345_exploitation_attempt.yaml new file mode 100644 index 000000000..b26bd3bb1 --- /dev/null +++ b/rules/web/web_cve-2010-1345_exploitation_attempt.yaml @@ -0,0 +1,24 @@ +title: CVE-2010-1345 exploitation attempt +id: a14d080c-2aa0-4d7b-bffd-06f0e325bd0c +author: Subhash Popuri (@pbssubhash) +date: 2021/08/25 +status: experimental +description: Joomla! Component Cookex Agency CKForms - Local File Inclusion:Directory + traversal vulnerability in the Cookex Agency CKForms (com_ckforms) component 1.3.3 + for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in + the controller parameter to index.php. +references: + - https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_ckforms&controller=../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: + - Scanning from Nuclei + - Penetration Testing Activity + - Unknown +tags: + - attack.initial_access + - attack.t1190 +level: critical diff --git a/rules/web/web_cve-2010-1353_exploitation_attempt.yaml b/rules/web/web_cve-2010-1353_exploitation_attempt.yaml new file mode 100644 index 000000000..35fc5a281 --- /dev/null +++ b/rules/web/web_cve-2010-1353_exploitation_attempt.yaml @@ -0,0 +1,23 @@ +title: CVE-2010-1353 exploitation attempt +id: 9506788c-d0d6-4671-92b5-61a07cd5a056 +author: Subhash Popuri (@pbssubhash) +date: 2021/08/25 +status: experimental +description: Joomla! Component LoginBox - Local File Inclusion:Directory traversal + vulnerability in the LoginBox Pro (com_loginbox) component for Joomla! allows remote + attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. +references: + - https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_loginbox&view=../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: + - Scanning from Nuclei + - Penetration Testing Activity + - Unknown +tags: + - attack.initial_access + - attack.t1190 +level: critical diff --git a/rules/web/web_cve-2010-1354_exploitation_attempt.yaml b/rules/web/web_cve-2010-1354_exploitation_attempt.yaml new file mode 100644 index 000000000..c60446151 --- /dev/null +++ b/rules/web/web_cve-2010-1354_exploitation_attempt.yaml @@ -0,0 +1,24 @@ +title: CVE-2010-1354 exploitation attempt +id: bf6bdfcf-7229-4812-8188-9c778d97ed63 +author: Subhash Popuri (@pbssubhash) +date: 2021/08/25 +status: experimental +description: Joomla! Component VJDEO 1.0 - Local File Inclusion:Directory traversal + vulnerability in the VJDEO (com_vjdeo) component 1.0 and 1.0.1 for Joomla! allows + remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter + to index.php. +references: + - https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_vjdeo&controller=../../../../../../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: + - Scanning from Nuclei + - Penetration Testing Activity + - Unknown +tags: + - attack.initial_access + - attack.t1190 +level: critical diff --git a/rules/web/web_cve-2010-1470_exploitation_attempt.yaml b/rules/web/web_cve-2010-1470_exploitation_attempt.yaml new file mode 100644 index 000000000..618ab28d0 --- /dev/null +++ b/rules/web/web_cve-2010-1470_exploitation_attempt.yaml @@ -0,0 +1,24 @@ +title: CVE-2010-1470 exploitation attempt +id: 2b631e08-2471-4b98-a385-f420ebf1f406 +author: Subhash Popuri (@pbssubhash) +date: 2021/08/25 +status: experimental +description: Joomla! Component Web TV 1.0 - Local File Inclusion:Directory traversal + vulnerability in the Web TV (com_webtv) component 1.0 for Joomla! allows remote + attackers to read arbitrary files and possibly have unspecified other impact via + a .. (dot dot) in the controller parameter to index.php. +references: + - https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_webtv&controller=../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: + - Scanning from Nuclei + - Penetration Testing Activity + - Unknown +tags: + - attack.initial_access + - attack.t1190 +level: critical diff --git a/rules/web/web_cve-2010-1471_exploitation_attempt.yaml b/rules/web/web_cve-2010-1471_exploitation_attempt.yaml new file mode 100644 index 000000000..6e0821970 --- /dev/null +++ b/rules/web/web_cve-2010-1471_exploitation_attempt.yaml @@ -0,0 +1,24 @@ +title: CVE-2010-1471 exploitation attempt +id: cb214df9-5948-4967-ba0b-4a5ad197313e +author: Subhash Popuri (@pbssubhash) +date: 2021/08/25 +status: experimental +description: Joomla! Component Address Book 1.5.0 - Local File Inclusion:Directory + traversal vulnerability in the AddressBook (com_addressbook) component 1.5.0 for + Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the + controller parameter to index.php. +references: + - https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_addressbook&controller=../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: + - Scanning from Nuclei + - Penetration Testing Activity + - Unknown +tags: + - attack.initial_access + - attack.t1190 +level: critical diff --git a/rules/web/web_cve-2010-1472_exploitation_attempt.yaml b/rules/web/web_cve-2010-1472_exploitation_attempt.yaml new file mode 100644 index 000000000..cb94d57cf --- /dev/null +++ b/rules/web/web_cve-2010-1472_exploitation_attempt.yaml @@ -0,0 +1,24 @@ +title: CVE-2010-1472 exploitation attempt +id: 9878af5a-91d9-474f-b4ff-4874db061c90 +author: Subhash Popuri (@pbssubhash) +date: 2021/08/25 +status: experimental +description: Joomla! Component Horoscope 1.5.0 - Local File Inclusion:Directory traversal + vulnerability in the Daily Horoscope (com_horoscope) component 1.5.0 for Joomla! + allows remote attackers to read arbitrary files via a .. (dot dot) in the controller + parameter to index.php. +references: + - https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_horoscope&controller=../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: + - Scanning from Nuclei + - Penetration Testing Activity + - Unknown +tags: + - attack.initial_access + - attack.t1190 +level: critical diff --git a/rules/web/web_cve-2010-1473_exploitation_attempt.yaml b/rules/web/web_cve-2010-1473_exploitation_attempt.yaml new file mode 100644 index 000000000..a7824e779 --- /dev/null +++ b/rules/web/web_cve-2010-1473_exploitation_attempt.yaml @@ -0,0 +1,24 @@ +title: CVE-2010-1473 exploitation attempt +id: 09fe8c14-2dd6-4c16-9610-54e9762acd81 +author: Subhash Popuri (@pbssubhash) +date: 2021/08/25 +status: experimental +description: Joomla! Component Advertising 0.25 - Local File Inclusion:Directory traversal + vulnerability in the Advertising (com_advertising) component 0.25 for Joomla! allows + remote attackers to read arbitrary files and possibly have unspecified other impact + via a .. (dot dot) in the controller parameter to index.php. +references: + - https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_advertising&controller=../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: + - Scanning from Nuclei + - Penetration Testing Activity + - Unknown +tags: + - attack.initial_access + - attack.t1190 +level: critical diff --git a/rules/web/web_cve-2010-1474_exploitation_attempt.yaml b/rules/web/web_cve-2010-1474_exploitation_attempt.yaml new file mode 100644 index 000000000..7d7dc15c3 --- /dev/null +++ b/rules/web/web_cve-2010-1474_exploitation_attempt.yaml @@ -0,0 +1,24 @@ +title: CVE-2010-1474 exploitation attempt +id: 7d738208-638c-4e01-a694-b507cae881a6 +author: Subhash Popuri (@pbssubhash) +date: 2021/08/25 +status: experimental +description: Joomla! Component Sweetykeeper 1.5 - Local File Inclusion:Directory traversal + vulnerability in the Sweety Keeper (com_sweetykeeper) component 1.5.x for Joomla! + allows remote attackers to read arbitrary files and possibly have unspecified other + impact via a .. (dot dot) in the controller parameter to index.php. +references: + - https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_sweetykeeper&controller=../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: + - Scanning from Nuclei + - Penetration Testing Activity + - Unknown +tags: + - attack.initial_access + - attack.t1190 +level: critical diff --git a/rules/web/web_cve-2010-1475_exploitation_attempt.yaml b/rules/web/web_cve-2010-1475_exploitation_attempt.yaml new file mode 100644 index 000000000..4f733e47e --- /dev/null +++ b/rules/web/web_cve-2010-1475_exploitation_attempt.yaml @@ -0,0 +1,24 @@ +title: CVE-2010-1475 exploitation attempt +id: c9db721a-f2c1-4e8a-8f6a-b31aa0e51374 +author: Subhash Popuri (@pbssubhash) +date: 2021/08/25 +status: experimental +description: Joomla! Component Preventive And Reservation 1.0.5 - Local File Inclusion:Directory + traversal vulnerability in the Preventive & Reservation (com_preventive) component + 1.0.5 for Joomla! allows remote attackers to read arbitrary files and possibly have + unspecified other impact via a .. (dot dot) in the controller parameter to index.php. +references: + - https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_preventive&controller==../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: + - Scanning from Nuclei + - Penetration Testing Activity + - Unknown +tags: + - attack.initial_access + - attack.t1190 +level: critical diff --git a/rules/web/web_cve-2010-1476_exploitation_attempt.yaml b/rules/web/web_cve-2010-1476_exploitation_attempt.yaml new file mode 100644 index 000000000..17650b596 --- /dev/null +++ b/rules/web/web_cve-2010-1476_exploitation_attempt.yaml @@ -0,0 +1,24 @@ +title: CVE-2010-1476 exploitation attempt +id: 65239f96-f508-4941-b537-7837471ddcad +author: Subhash Popuri (@pbssubhash) +date: 2021/08/25 +status: experimental +description: Joomla! Component AlphaUserPoints 1.5.5 - Local File Inclusion:Directory + traversal vulnerability in the AlphaUserPoints (com_alphauserpoints) component 1.5.5 + for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified + other impact via a .. (dot dot) in the view parameter to index.php. +references: + - https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_alphauserpoints&view=../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: + - Scanning from Nuclei + - Penetration Testing Activity + - Unknown +tags: + - attack.initial_access + - attack.t1190 +level: critical diff --git a/rules/web/web_cve-2010-1494_exploitation_attempt.yaml b/rules/web/web_cve-2010-1494_exploitation_attempt.yaml new file mode 100644 index 000000000..bc6b75445 --- /dev/null +++ b/rules/web/web_cve-2010-1494_exploitation_attempt.yaml @@ -0,0 +1,24 @@ +title: CVE-2010-1494 exploitation attempt +id: 2ab0992e-1f93-499b-b1e6-580b651c151e +author: Subhash Popuri (@pbssubhash) +date: 2021/08/25 +status: experimental +description: Joomla! Component AWDwall 1.5.4 - Local File Inclusion:Directory traversal + vulnerability in the AWDwall (com_awdwall) component 1.5.4 for Joomla! allows remote + attackers to read arbitrary files via a .. (dot dot) in the controller parameter + to index.php. +references: + - https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_awdwall&controller=../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: + - Scanning from Nuclei + - Penetration Testing Activity + - Unknown +tags: + - attack.initial_access + - attack.t1190 +level: critical diff --git a/rules/web/web_cve-2010-1495_exploitation_attempt.yaml b/rules/web/web_cve-2010-1495_exploitation_attempt.yaml new file mode 100644 index 000000000..820bb00c5 --- /dev/null +++ b/rules/web/web_cve-2010-1495_exploitation_attempt.yaml @@ -0,0 +1,24 @@ +title: CVE-2010-1495 exploitation attempt +id: 16173107-1da6-4bb0-884c-0113ca1bd22c +author: Subhash Popuri (@pbssubhash) +date: 2021/08/25 +status: experimental +description: Joomla! Component Matamko 1.01 - Local File Inclusion:Directory traversal + vulnerability in the Matamko (com_matamko) component 1.01 for Joomla! allows remote + attackers to read arbitrary files via a .. (dot dot) in the controller parameter + to index.php. +references: + - https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_matamko&controller=../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: + - Scanning from Nuclei + - Penetration Testing Activity + - Unknown +tags: + - attack.initial_access + - attack.t1190 +level: critical diff --git a/rules/web/web_cve-2010-1532_exploitation_attempt.yaml b/rules/web/web_cve-2010-1532_exploitation_attempt.yaml new file mode 100644 index 000000000..3b477e4e0 --- /dev/null +++ b/rules/web/web_cve-2010-1532_exploitation_attempt.yaml @@ -0,0 +1,24 @@ +title: CVE-2010-1532 exploitation attempt +id: b0caca18-cbcd-4e57-8d26-5aa5ab1dae90 +author: Subhash Popuri (@pbssubhash) +date: 2021/08/25 +status: experimental +description: Joomla! Component PowerMail Pro 1.5.3 - Local File Inclusion:Directory + traversal vulnerability in the givesight PowerMail Pro (com_powermail) component + 1.5.3 for Joomla! allows remote attackers to read arbitrary files and possibly have + unspecified other impact via a .. (dot dot) in the controller parameter to index.php. +references: + - https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_powermail&controller=../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: + - Scanning from Nuclei + - Penetration Testing Activity + - Unknown +tags: + - attack.initial_access + - attack.t1190 +level: critical diff --git a/rules/web/web_cve-2010-1533_exploitation_attempt.yaml b/rules/web/web_cve-2010-1533_exploitation_attempt.yaml new file mode 100644 index 000000000..989feccd1 --- /dev/null +++ b/rules/web/web_cve-2010-1533_exploitation_attempt.yaml @@ -0,0 +1,24 @@ +title: CVE-2010-1533 exploitation attempt +id: 900bac77-29fa-47d7-a2cc-a2b259e5aa34 +author: Subhash Popuri (@pbssubhash) +date: 2021/08/25 +status: experimental +description: Joomla! Component TweetLA 1.0.1 - Local File Inclusion:Directory traversal + vulnerability in the TweetLA (com_tweetla) component 1.0.1 for Joomla! allows remote + attackers to read arbitrary files via a .. (dot dot) in the controller parameter + to index.php. +references: + - https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_tweetla&controller=../../../../../../../etc/passwd%00 + condition: selection +false_positives: + - Scanning from Nuclei + - Penetration Testing Activity + - Unknown +tags: + - attack.initial_access + - attack.t1190 +level: critical diff --git a/rules/web/web_cve-2010-1534_exploitation_attempt.yaml b/rules/web/web_cve-2010-1534_exploitation_attempt.yaml new file mode 100644 index 000000000..71b30ef2f --- /dev/null +++ b/rules/web/web_cve-2010-1534_exploitation_attempt.yaml @@ -0,0 +1,24 @@ +title: CVE-2010-1534 exploitation attempt +id: 8315e276-a65f-4617-a32b-668d19b0dcf2 +author: Subhash Popuri (@pbssubhash) +date: 2021/08/25 +status: experimental +description: Joomla! Component Shoutbox Pro - Local File Inclusion:Directory traversal + vulnerability in the Shoutbox Pro (com_shoutbox) component for Joomla! allows remote + attackers to read arbitrary files via a .. (dot dot) in the controller parameter + to index.php. +references: + - https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_shoutbox&controller=../../../../../../../etc/passwd%00 + condition: selection +false_positives: + - Scanning from Nuclei + - Penetration Testing Activity + - Unknown +tags: + - attack.initial_access + - attack.t1190 +level: critical diff --git a/rules/web/web_cve-2010-1535_exploitation_attempt.yaml b/rules/web/web_cve-2010-1535_exploitation_attempt.yaml new file mode 100644 index 000000000..6c1045d03 --- /dev/null +++ b/rules/web/web_cve-2010-1535_exploitation_attempt.yaml @@ -0,0 +1,24 @@ +title: CVE-2010-1535 exploitation attempt +id: c0e76601-93b3-4ccf-9d62-95c083ea375d +author: Subhash Popuri (@pbssubhash) +date: 2021/08/25 +status: experimental +description: Joomla! Component TRAVELbook 1.0.1 - Local File Inclusion:Directory traversal + vulnerability in the TRAVELbook (com_travelbook) component 1.0.1 for Joomla! allows + remote attackers to read arbitrary files and possibly have unspecified other impact + via a .. (dot dot) in the controller parameter to index.php. +references: + - https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_travelbook&controller=../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: + - Scanning from Nuclei + - Penetration Testing Activity + - Unknown +tags: + - attack.initial_access + - attack.t1190 +level: critical diff --git a/rules/web/web_cve-2010-1601_exploitation_attempt.yaml b/rules/web/web_cve-2010-1601_exploitation_attempt.yaml new file mode 100644 index 000000000..c414ea499 --- /dev/null +++ b/rules/web/web_cve-2010-1601_exploitation_attempt.yaml @@ -0,0 +1,23 @@ +title: CVE-2010-1601 exploitation attempt +id: ceac625a-0a44-4cab-ba06-1d0d6cacfd89 +author: Subhash Popuri (@pbssubhash) +date: 2021/08/25 +status: experimental +description: Joomla! Component JA Comment - Local File Inclusion:Directory traversal + vulnerability in the JA Comment (com_jacomment) component for Joomla! allows remote + attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. +references: + - https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_jacomment&view=../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: + - Scanning from Nuclei + - Penetration Testing Activity + - Unknown +tags: + - attack.initial_access + - attack.t1190 +level: critical diff --git a/rules/web/web_cve-2010-1602_exploitation_attempt.yaml b/rules/web/web_cve-2010-1602_exploitation_attempt.yaml new file mode 100644 index 000000000..8bc9d320c --- /dev/null +++ b/rules/web/web_cve-2010-1602_exploitation_attempt.yaml @@ -0,0 +1,24 @@ +title: CVE-2010-1602 exploitation attempt +id: 63b0013c-c10d-4f45-a0f5-b918514d6721 +author: Subhash Popuri (@pbssubhash) +date: 2021/08/25 +status: experimental +description: Joomla! Component ZiMB Comment 0.8.1 - Local File Inclusion:Directory + traversal vulnerability in the ZiMB Comment (com_zimbcomment) component 0.8.1 for + Joomla! allows remote attackers to read arbitrary files and possibly have unspecified + other impact via a .. (dot dot) in the controller parameter to index.php. +references: + - https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_zimbcomment&controller=../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: + - Scanning from Nuclei + - Penetration Testing Activity + - Unknown +tags: + - attack.initial_access + - attack.t1190 +level: critical diff --git a/rules/web/web_cve-2010-1607_exploitation_attempt.yaml b/rules/web/web_cve-2010-1607_exploitation_attempt.yaml new file mode 100644 index 000000000..88e7fa06d --- /dev/null +++ b/rules/web/web_cve-2010-1607_exploitation_attempt.yaml @@ -0,0 +1,24 @@ +title: CVE-2010-1607 exploitation attempt +id: fc8d65e0-cbed-434d-b881-28aa0346d408 +author: Subhash Popuri (@pbssubhash) +date: 2021/08/25 +status: experimental +description: Joomla! Component WMI 1.5.0 - Local File Inclusion:Directory traversal + vulnerability in wmi.php in the Webmoney Web Merchant Interface (aka WMI or com_wmi) + component 1.5.0 for Joomla! allows remote attackers to include and execute arbitrary + local files via a .. (dot dot) in the controller parameter to index.php. +references: + - https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_wmi&controller=../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: + - Scanning from Nuclei + - Penetration Testing Activity + - Unknown +tags: + - attack.initial_access + - attack.t1190 +level: critical diff --git a/rules/web/web_cve-2010-1657_exploitation_attempt.yaml b/rules/web/web_cve-2010-1657_exploitation_attempt.yaml new file mode 100644 index 000000000..2dd7914c6 --- /dev/null +++ b/rules/web/web_cve-2010-1657_exploitation_attempt.yaml @@ -0,0 +1,24 @@ +title: CVE-2010-1657 exploitation attempt +id: c32f0956-77ec-4875-8c3b-a84836f489a2 +author: Subhash Popuri (@pbssubhash) +date: 2021/08/25 +status: experimental +description: Joomla! Component SmartSite 1.0.0 - Local File Inclusion:Directory traversal + vulnerability in the SmartSite (com_smartsite) component 1.0.0 for Joomla! allows + remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter + to index.php. +references: + - https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_smartsite&controller=../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: + - Scanning from Nuclei + - Penetration Testing Activity + - Unknown +tags: + - attack.initial_access + - attack.t1190 +level: critical diff --git a/rules/web/web_cve-2010-1659_exploitation_attempt.yaml b/rules/web/web_cve-2010-1659_exploitation_attempt.yaml new file mode 100644 index 000000000..89c97e046 --- /dev/null +++ b/rules/web/web_cve-2010-1659_exploitation_attempt.yaml @@ -0,0 +1,24 @@ +title: CVE-2010-1659 exploitation attempt +id: 10697a46-85ff-499d-8bc5-7b6219da594a +author: Subhash Popuri (@pbssubhash) +date: 2021/08/25 +status: experimental +description: Joomla! Component Ultimate Portfolio 1.0 - Local File Inclusion:Directory + traversal vulnerability in the Ultimate Portfolio (com_ultimateportfolio) component + 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) + in the controller parameter to index.php. +references: + - https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_ultimateportfolio&controller=../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: + - Scanning from Nuclei + - Penetration Testing Activity + - Unknown +tags: + - attack.initial_access + - attack.t1190 +level: critical diff --git a/rules/web/web_cve-2010-1714_exploitation_attempt.yaml b/rules/web/web_cve-2010-1714_exploitation_attempt.yaml new file mode 100644 index 000000000..dca273b26 --- /dev/null +++ b/rules/web/web_cve-2010-1714_exploitation_attempt.yaml @@ -0,0 +1,24 @@ +title: CVE-2010-1714 exploitation attempt +id: c754acbf-a0ce-4df6-843e-fb1c55af5373 +author: Subhash Popuri (@pbssubhash) +date: 2021/08/25 +status: experimental +description: Joomla! Component Arcade Games 1.0 - Local File Inclusion:Directory traversal + vulnerability in the Arcade Games (com_arcadegames) component 1.0 for Joomla! allows + remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter + to index.php. +references: + - https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_arcadegames&controller=../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: + - Scanning from Nuclei + - Penetration Testing Activity + - Unknown +tags: + - attack.initial_access + - attack.t1190 +level: critical diff --git a/rules/web/web_cve-2010-1717_exploitation_attempt.yaml b/rules/web/web_cve-2010-1717_exploitation_attempt.yaml new file mode 100644 index 000000000..992d7d407 --- /dev/null +++ b/rules/web/web_cve-2010-1717_exploitation_attempt.yaml @@ -0,0 +1,24 @@ +title: CVE-2010-1717 exploitation attempt +id: 54c142a2-27af-4786-a191-12c76398e63f +author: Subhash Popuri (@pbssubhash) +date: 2021/08/25 +status: experimental +description: Joomla! Component iF surfALERT 1.2 - Local File Inclusion:Directory traversal + vulnerability in the iF surfALERT (com_if_surfalert) component 1.2 for Joomla! allows + remote attackers to read arbitrary files and possibly have unspecified other impact + via a .. (dot dot) in the controller parameter to index.php. +references: + - https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_if_surfalert&controller=../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: + - Scanning from Nuclei + - Penetration Testing Activity + - Unknown +tags: + - attack.initial_access + - attack.t1190 +level: critical diff --git a/rules/web/web_cve-2010-1718_exploitation_attempt.yaml b/rules/web/web_cve-2010-1718_exploitation_attempt.yaml new file mode 100644 index 000000000..b9306420b --- /dev/null +++ b/rules/web/web_cve-2010-1718_exploitation_attempt.yaml @@ -0,0 +1,24 @@ +title: CVE-2010-1718 exploitation attempt +id: 706f8907-5d0a-41db-b93f-f0ee343300b6 +author: Subhash Popuri (@pbssubhash) +date: 2021/08/25 +status: experimental +description: Joomla! Component Archery Scores 1.0.6 - Local File Inclusion:Directory + traversal vulnerability in archeryscores.php in the Archery Scores (com_archeryscores) + component 1.0.6 for Joomla! allows remote attackers to include and execute arbitrary + local files via a .. (dot dot) in the controller parameter to index.php. +references: + - https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_archeryscores&controller=../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: + - Scanning from Nuclei + - Penetration Testing Activity + - Unknown +tags: + - attack.initial_access + - attack.t1190 +level: critical diff --git a/rules/web/web_cve-2010-1719_exploitation_attempt.yaml b/rules/web/web_cve-2010-1719_exploitation_attempt.yaml new file mode 100644 index 000000000..f11417c48 --- /dev/null +++ b/rules/web/web_cve-2010-1719_exploitation_attempt.yaml @@ -0,0 +1,24 @@ +title: CVE-2010-1719 exploitation attempt +id: e11eeb05-00e2-4d00-a572-222e6fe5e716 +author: Subhash Popuri (@pbssubhash) +date: 2021/08/25 +status: experimental +description: Joomla! Component MT Fire Eagle 1.2 - Local File Inclusion:Directory + traversal vulnerability in the MT Fire Eagle (com_mtfireeagle) component 1.2 for + Joomla! allows remote attackers to read arbitrary files and possibly have unspecified + other impact via a .. (dot dot) in the controller parameter to index.php. +references: + - https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_mtfireeagle&controller=../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: + - Scanning from Nuclei + - Penetration Testing Activity + - Unknown +tags: + - attack.initial_access + - attack.t1190 +level: critical diff --git a/rules/web/web_cve-2010-1722_exploitation_attempt.yaml b/rules/web/web_cve-2010-1722_exploitation_attempt.yaml new file mode 100644 index 000000000..557f28d2e --- /dev/null +++ b/rules/web/web_cve-2010-1722_exploitation_attempt.yaml @@ -0,0 +1,24 @@ +title: CVE-2010-1722 exploitation attempt +id: 850fafc1-3151-48b6-b25a-41c3543df57c +author: Subhash Popuri (@pbssubhash) +date: 2021/08/25 +status: experimental +description: Joomla! Component Online Market 2.x - Local File Inclusion:Directory + traversal vulnerability in the Online Market (com_market) component 2.x for Joomla! + allows remote attackers to read arbitrary files and possibly have unspecified other + impact via a .. (dot dot) in the controller parameter to index.php. +references: + - https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_market&controller=../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: + - Scanning from Nuclei + - Penetration Testing Activity + - Unknown +tags: + - attack.initial_access + - attack.t1190 +level: critical diff --git a/rules/web/web_cve-2010-1875_exploitation_attempt.yaml b/rules/web/web_cve-2010-1875_exploitation_attempt.yaml new file mode 100644 index 000000000..3a52358d6 --- /dev/null +++ b/rules/web/web_cve-2010-1875_exploitation_attempt.yaml @@ -0,0 +1,24 @@ +title: CVE-2010-1875 exploitation attempt +id: 335b7e25-03d9-40b9-9f3a-82fdfce99af1 +author: Subhash Popuri (@pbssubhash) +date: 2021/08/25 +status: experimental +description: Joomla! Component Property - Local File Inclusion:Directory traversal + vulnerability in the Real Estate Property (com_properties) component 3.1.22-03 for + Joomla! allows remote attackers to read arbitrary files and possibly have unspecified + other impact via a .. (dot dot) in the controller parameter to index.php. +references: + - https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_properties&controller=../../../../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: + - Scanning from Nuclei + - Penetration Testing Activity + - Unknown +tags: + - attack.initial_access + - attack.t1190 +level: critical diff --git a/rules/web/web_cve-2010-1953_exploitation_attempt.yaml b/rules/web/web_cve-2010-1953_exploitation_attempt.yaml new file mode 100644 index 000000000..20e8f0b74 --- /dev/null +++ b/rules/web/web_cve-2010-1953_exploitation_attempt.yaml @@ -0,0 +1,24 @@ +title: CVE-2010-1953 exploitation attempt +id: 72936897-8824-4fa8-9ecf-dbbc5f19e53a +author: Subhash Popuri (@pbssubhash) +date: 2021/08/25 +status: experimental +description: Joomla! Component iNetLanka Multiple Map 1.0 - Local File Inclusion:Directory + traversal vulnerability in the iNetLanka Multiple Map (com_multimap) component 1.0 + for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in + the controller parameter to index.php. +references: + - https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_multimap&controller=../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: + - Scanning from Nuclei + - Penetration Testing Activity + - Unknown +tags: + - attack.initial_access + - attack.t1190 +level: critical diff --git a/rules/web/web_cve-2010-1954_exploitation_attempt.yaml b/rules/web/web_cve-2010-1954_exploitation_attempt.yaml new file mode 100644 index 000000000..30ecafe1f --- /dev/null +++ b/rules/web/web_cve-2010-1954_exploitation_attempt.yaml @@ -0,0 +1,24 @@ +title: CVE-2010-1954 exploitation attempt +id: 0159a66f-50f9-4485-b681-756fa2d16ce8 +author: Subhash Popuri (@pbssubhash) +date: 2021/08/25 +status: experimental +description: Joomla! Component iNetLanka Multiple root 1.0 - Local File Inclusion:Directory + traversal vulnerability in the iNetLanka Multiple root (com_multiroot) component + 1.0 and 1.1 for Joomla! allows remote attackers to read arbitrary files via a .. + (dot dot) in the controller parameter to index.php. +references: + - https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_multiroot&controller=../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: + - Scanning from Nuclei + - Penetration Testing Activity + - Unknown +tags: + - attack.initial_access + - attack.t1190 +level: critical diff --git a/rules/web/web_cve-2010-1955_exploitation_attempt.yaml b/rules/web/web_cve-2010-1955_exploitation_attempt.yaml new file mode 100644 index 000000000..f4c424f8b --- /dev/null +++ b/rules/web/web_cve-2010-1955_exploitation_attempt.yaml @@ -0,0 +1,24 @@ +title: CVE-2010-1955 exploitation attempt +id: 9a0064ff-3544-4130-aaec-a8547645f44d +author: Subhash Popuri (@pbssubhash) +date: 2021/08/25 +status: experimental +description: Joomla! Component Deluxe Blog Factory 1.1.2 - Local File Inclusion:Directory + traversal vulnerability in the Deluxe Blog Factory (com_blogfactory) component 1.1.2 + for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in + the controller parameter to index.php. +references: + - https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_blogfactory&controller=../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: + - Scanning from Nuclei + - Penetration Testing Activity + - Unknown +tags: + - attack.initial_access + - attack.t1190 +level: critical diff --git a/rules/web/web_cve-2010-1956_exploitation_attempt.yaml b/rules/web/web_cve-2010-1956_exploitation_attempt.yaml new file mode 100644 index 000000000..7d33c368e --- /dev/null +++ b/rules/web/web_cve-2010-1956_exploitation_attempt.yaml @@ -0,0 +1,24 @@ +title: CVE-2010-1956 exploitation attempt +id: 87412ddd-24a7-4d25-98b7-1df572fcac16 +author: Subhash Popuri (@pbssubhash) +date: 2021/08/25 +status: experimental +description: Joomla! Component Gadget Factory 1.0.0 - Local File Inclusion:Directory + traversal vulnerability in the Gadget Factory (com_gadgetfactory) component 1.0.0 + and 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot + dot) in the controller parameter to index.php. +references: + - https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_gadgetfactory&controller=../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: + - Scanning from Nuclei + - Penetration Testing Activity + - Unknown +tags: + - attack.initial_access + - attack.t1190 +level: critical diff --git a/rules/web/web_cve-2010-1979_exploitation_attempt.yaml b/rules/web/web_cve-2010-1979_exploitation_attempt.yaml new file mode 100644 index 000000000..f91073b5a --- /dev/null +++ b/rules/web/web_cve-2010-1979_exploitation_attempt.yaml @@ -0,0 +1,24 @@ +title: CVE-2010-1979 exploitation attempt +id: c56ae44a-bf7b-4643-a2f8-6935f792684c +author: Subhash Popuri (@pbssubhash) +date: 2021/08/25 +status: experimental +description: Joomla! Component Affiliate Datafeeds 880 - Local File Inclusion:Directory + traversal vulnerability in the Affiliate Datafeeds (com_datafeeds) component build + 880 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) + in the controller parameter to index.php. +references: + - https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_datafeeds&controller=../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: + - Scanning from Nuclei + - Penetration Testing Activity + - Unknown +tags: + - attack.initial_access + - attack.t1190 +level: critical diff --git a/rules/web/web_cve-2010-1980_exploitation_attempt.yaml b/rules/web/web_cve-2010-1980_exploitation_attempt.yaml new file mode 100644 index 000000000..26b19ee75 --- /dev/null +++ b/rules/web/web_cve-2010-1980_exploitation_attempt.yaml @@ -0,0 +1,24 @@ +title: CVE-2010-1980 exploitation attempt +id: 33689775-59d1-4bb4-84e6-4c659819e740 +author: Subhash Popuri (@pbssubhash) +date: 2021/08/25 +status: experimental +description: Joomla! Component Joomla! Flickr 1.0 - Local File Inclusion:Directory + traversal vulnerability in joomlaflickr.php in the Joomla Flickr (com_joomlaflickr) + component 1.0.3 for Joomla! allows remote attackers to include and execute arbitrary + local files via a .. (dot dot) in the controller parameter to index.php. +references: + - https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_joomlaflickr&controller=../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: + - Scanning from Nuclei + - Penetration Testing Activity + - Unknown +tags: + - attack.initial_access + - attack.t1190 +level: critical diff --git a/rules/web/web_cve-2010-1981_exploitation_attempt.yaml b/rules/web/web_cve-2010-1981_exploitation_attempt.yaml new file mode 100644 index 000000000..fa7dba175 --- /dev/null +++ b/rules/web/web_cve-2010-1981_exploitation_attempt.yaml @@ -0,0 +1,24 @@ +title: CVE-2010-1981 exploitation attempt +id: 7b1693c7-dfb2-4bc2-a100-8ff973053339 +author: Subhash Popuri (@pbssubhash) +date: 2021/08/25 +status: experimental +description: Joomla! Component Fabrik 2.0 - Local File Inclusion:Directory traversal + vulnerability in the Fabrik (com_fabrik) component 2.0 for Joomla! allows remote + attackers to read arbitrary files via a .. (dot dot) in the controller parameter + to index.php. +references: + - https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_fabrik&controller=../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: + - Scanning from Nuclei + - Penetration Testing Activity + - Unknown +tags: + - attack.initial_access + - attack.t1190 +level: critical diff --git a/rules/web/web_cve-2010-1983_exploitation_attempt.yaml b/rules/web/web_cve-2010-1983_exploitation_attempt.yaml new file mode 100644 index 000000000..7ba0e0c8a --- /dev/null +++ b/rules/web/web_cve-2010-1983_exploitation_attempt.yaml @@ -0,0 +1,24 @@ +title: CVE-2010-1983 exploitation attempt +id: 1ccbc483-aa94-436c-ae2c-c0ff89c88950 +author: Subhash Popuri (@pbssubhash) +date: 2021/08/25 +status: experimental +description: Joomla! Component redTWITTER 1.0 - Local File Inclusion:Directory traversal + vulnerability in the redTWITTER (com_redtwitter) component 1.0.x including 1.0b11 + for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in + the view parameter to index.php +references: + - https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_redtwitter&view=../../../../../../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: + - Scanning from Nuclei + - Penetration Testing Activity + - Unknown +tags: + - attack.initial_access + - attack.t1190 +level: critical diff --git a/rules/web/web_cve-2010-2033_exploitation_attempt.yaml b/rules/web/web_cve-2010-2033_exploitation_attempt.yaml new file mode 100644 index 000000000..a12fc270e --- /dev/null +++ b/rules/web/web_cve-2010-2033_exploitation_attempt.yaml @@ -0,0 +1,24 @@ +title: CVE-2010-2033 exploitation attempt +id: 5f65aa73-1a1f-44f6-9df4-2a593d83ca47 +author: Subhash Popuri (@pbssubhash) +date: 2021/08/25 +status: experimental +description: Joomla Percha Categories Tree 0.6 - Local File Inclusion:Directory traversal + vulnerability in the Percha Fields Attach (com_perchafieldsattach) component 1.x + for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified + other impact via a .. (dot dot) in the controller parameter to index.php. +references: + - https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_perchacategoriestree&controller=../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: + - Scanning from Nuclei + - Penetration Testing Activity + - Unknown +tags: + - attack.initial_access + - attack.t1190 +level: critical diff --git a/rules/web/web_cve-2010-2034_exploitation_attempt.yaml b/rules/web/web_cve-2010-2034_exploitation_attempt.yaml new file mode 100644 index 000000000..239593875 --- /dev/null +++ b/rules/web/web_cve-2010-2034_exploitation_attempt.yaml @@ -0,0 +1,24 @@ +title: CVE-2010-2034 exploitation attempt +id: fa7d6a2c-4fef-49cc-9b80-07edaa2687c2 +author: Subhash Popuri (@pbssubhash) +date: 2021/08/25 +status: experimental +description: Joomla! Component Percha Image Attach 1.1 - Directory Traversal:Directory + traversal vulnerability in the Percha Image Attach (com_perchaimageattach) component + 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have + unspecified other impact via a .. (dot dot) in the controller parameter to index.php. +references: + - https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_perchaimageattach&controller=../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: + - Scanning from Nuclei + - Penetration Testing Activity + - Unknown +tags: + - attack.initial_access + - attack.t1190 +level: critical diff --git a/rules/web/web_cve-2010-2035_exploitation_attempt.yaml b/rules/web/web_cve-2010-2035_exploitation_attempt.yaml new file mode 100644 index 000000000..37cd635fc --- /dev/null +++ b/rules/web/web_cve-2010-2035_exploitation_attempt.yaml @@ -0,0 +1,24 @@ +title: CVE-2010-2035 exploitation attempt +id: 517f9070-1bd8-4e24-ab39-17e41e353ab6 +author: Subhash Popuri (@pbssubhash) +date: 2021/08/25 +status: experimental +description: Joomla! Component Percha Gallery 1.6 Beta - Directory Traversal:Directory + traversal vulnerability in the Percha Gallery (com_perchagallery) component 1.6 + Beta for Joomla! allows remote attackers to read arbitrary files and possibly have + unspecified other impact via a .. (dot dot) in the controller parameter to index.php. +references: + - https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_perchagallery&controller=../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: + - Scanning from Nuclei + - Penetration Testing Activity + - Unknown +tags: + - attack.initial_access + - attack.t1190 +level: critical diff --git a/rules/web/web_cve-2010-2036_exploitation_attempt.yaml b/rules/web/web_cve-2010-2036_exploitation_attempt.yaml new file mode 100644 index 000000000..3f7221eef --- /dev/null +++ b/rules/web/web_cve-2010-2036_exploitation_attempt.yaml @@ -0,0 +1,24 @@ +title: CVE-2010-2036 exploitation attempt +id: 99462979-ccf6-4c28-a108-fd2d958d39e0 +author: Subhash Popuri (@pbssubhash) +date: 2021/08/25 +status: experimental +description: Joomla! Component Percha Fields Attach 1.0 - Directory Traversal:Directory + traversal vulnerability in the Percha Fields Attach (com_perchafieldsattach) component + 1.x for Joomla! allows remote attackers to read arbitrary files and possibly have + unspecified other impact via a .. (dot dot) in the controller parameter to index.php. +references: + - https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_perchafieldsattach&controller=../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: + - Scanning from Nuclei + - Penetration Testing Activity + - Unknown +tags: + - attack.initial_access + - attack.t1190 +level: critical diff --git a/rules/web/web_cve-2010-2122_exploitation_attempt.yaml b/rules/web/web_cve-2010-2122_exploitation_attempt.yaml new file mode 100644 index 000000000..de75a78a1 --- /dev/null +++ b/rules/web/web_cve-2010-2122_exploitation_attempt.yaml @@ -0,0 +1,24 @@ +title: CVE-2010-2122 exploitation attempt +id: 993b1828-3194-4686-87b6-14b893a2ac1e +author: Subhash Popuri (@pbssubhash) +date: 2021/08/25 +status: experimental +description: Joomla! Component simpledownload 0.9.5 - Local File Disclosure:Directory + traversal vulnerability in the SimpleDownload (com_simpledownload) component before + 0.9.6 for Joomla! allows remote attackers to include and execute arbitrary local + files via a .. (dot dot) in the controller parameter to index.php. +references: + - https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_simpledownload&task=download&fileid=../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: + - Scanning from Nuclei + - Penetration Testing Activity + - Unknown +tags: + - attack.initial_access + - attack.t1190 +level: critical diff --git a/rules/web/web_cve-2010-2259_exploitation_attempt.yaml b/rules/web/web_cve-2010-2259_exploitation_attempt.yaml new file mode 100644 index 000000000..fe81d09a3 --- /dev/null +++ b/rules/web/web_cve-2010-2259_exploitation_attempt.yaml @@ -0,0 +1,24 @@ +title: CVE-2010-2259 exploitation attempt +id: 12a63c52-1a42-437a-90cc-950a4cf6b3ab +author: Subhash Popuri (@pbssubhash) +date: 2021/08/25 +status: experimental +description: Joomla! Component com_bfsurvey - Local File Inclusion:Directory traversal + vulnerability in the BF Survey (com_bfsurvey) component for Joomla! allows remote + attackers to include and execute arbitrary local files via a .. (dot dot) in the + controller parameter to index.php. +references: + - https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_bfsurvey&controller=../../../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: + - Scanning from Nuclei + - Penetration Testing Activity + - Unknown +tags: + - attack.initial_access + - attack.t1190 +level: critical diff --git a/rules/web/web_cve-2010-2307_exploitation_attempt.yaml b/rules/web/web_cve-2010-2307_exploitation_attempt.yaml new file mode 100644 index 000000000..e77c82881 --- /dev/null +++ b/rules/web/web_cve-2010-2307_exploitation_attempt.yaml @@ -0,0 +1,25 @@ +title: CVE-2010-2307 exploitation attempt +id: f2029a95-84dc-427f-a112-f5e373e791ff +author: Subhash Popuri (@pbssubhash) +date: 2021/08/25 +status: experimental +description: Motorola SBV6120E SURFboard Digital Voice Modem SBV6X2X-1.0.0.5-SCM - + Directory Traversal:Multiple directory traversal vulnerabilities in the web server + for Motorola SURFBoard cable modem SBV6120E running firmware SBV6X2X-1.0.0.5-SCM-02-SHPC + allow remote attackers to read arbitrary files via (1) "//" (multiple leading slash), + (2) ../ (dot dot) sequences, and encoded dot dot sequences in a URL request. +references: + - https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /../../etc/passwd + condition: selection +false_positives: + - Scanning from Nuclei + - Penetration Testing Activity + - Unknown +tags: + - attack.initial_access + - attack.t1190 +level: critical diff --git a/rules/web/web_cve-2010-2682_exploitation_attempt.yaml b/rules/web/web_cve-2010-2682_exploitation_attempt.yaml new file mode 100644 index 000000000..6f88ea8d2 --- /dev/null +++ b/rules/web/web_cve-2010-2682_exploitation_attempt.yaml @@ -0,0 +1,24 @@ +title: CVE-2010-2682 exploitation attempt +id: 93d57e84-a8e0-40c6-9d5f-679419117413 +author: Subhash Popuri (@pbssubhash) +date: 2021/08/25 +status: experimental +description: Joomla! Component Realtyna Translator 1.0.15 - Local File Inclusion:Directory + traversal vulnerability in the Realtyna Translator (com_realtyna) component 1.0.15 + for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified + other impact via a .. (dot dot) in the controller parameter to index.php. +references: + - https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_realtyna&controller=../../../../../../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: + - Scanning from Nuclei + - Penetration Testing Activity + - Unknown +tags: + - attack.initial_access + - attack.t1190 +level: critical diff --git a/rules/web/web_cve-2010-2861_exploitation_attempt.yaml b/rules/web/web_cve-2010-2861_exploitation_attempt.yaml new file mode 100644 index 000000000..8e1345f21 --- /dev/null +++ b/rules/web/web_cve-2010-2861_exploitation_attempt.yaml @@ -0,0 +1,25 @@ +title: CVE-2010-2861 exploitation attempt +id: 51f51d47-b13c-4305-b017-f367e790e2cd +author: Subhash Popuri (@pbssubhash) +date: 2021/08/25 +status: experimental +description: Adobe ColdFusion 8.0/8.0.1/9.0/9.0.1 LFI:Multiple directory traversal + vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier + allow remote attackers to read arbitrary files via the locale parameter to (1) CFIDE/administrator/settings/mappings.cfm, + (2) logging/settings.cfm, (3) datasources/index.cfm, (4) j2eepackaging/editarchive.cfm, + and (5) enter.cfm in CFIDE/administrator/. +references: + - https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /CFIDE/administrator/enter.cfm?locale=../../../../../../../lib/password.properties%00en + condition: selection +false_positives: + - Scanning from Nuclei + - Penetration Testing Activity + - Unknown +tags: + - attack.initial_access + - attack.t1190 +level: critical diff --git a/rules/web/web_cve-2010-2920_exploitation_attempt.yaml b/rules/web/web_cve-2010-2920_exploitation_attempt.yaml new file mode 100644 index 000000000..da22cf06a --- /dev/null +++ b/rules/web/web_cve-2010-2920_exploitation_attempt.yaml @@ -0,0 +1,24 @@ +title: CVE-2010-2920 exploitation attempt +id: e5195f58-f828-4ab2-a609-23eaaf46de44 +author: Subhash Popuri (@pbssubhash) +date: 2021/08/25 +status: experimental +description: Joomla! Component Foobla Suggestions 1.5.1.2 - Local File Inclusion:Directory + traversal vulnerability in the Foobla Suggestions (com_foobla_suggestions) component + 1.5.1.2 for Joomla! allows remote attackers to read arbitrary files via directory + traversal sequences in the controller parameter to index.php. +references: + - https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_foobla_suggestions&controller=../../../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: + - Scanning from Nuclei + - Penetration Testing Activity + - Unknown +tags: + - attack.initial_access + - attack.t1190 +level: critical diff --git a/rules/web/web_cve-2010-3426_exploitation_attempt.yaml b/rules/web/web_cve-2010-3426_exploitation_attempt.yaml new file mode 100644 index 000000000..6bb330c86 --- /dev/null +++ b/rules/web/web_cve-2010-3426_exploitation_attempt.yaml @@ -0,0 +1,24 @@ +title: CVE-2010-3426 exploitation attempt +id: aa48eb4c-9028-4d0f-b6be-83f52bc805f7 +author: Subhash Popuri (@pbssubhash) +date: 2021/08/25 +status: experimental +description: Joomla! Component Jphone 1.0 Alpha 3 - Local File Inclusion:Directory + traversal vulnerability in jphone.php in the JPhone (com_jphone) component 1.0 Alpha + 3 for Joomla! allows remote attackers to include and execute arbitrary local files + via a .. (dot dot) in the controller parameter to index.php. +references: + - https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_jphone&controller=../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: + - Scanning from Nuclei + - Penetration Testing Activity + - Unknown +tags: + - attack.initial_access + - attack.t1190 +level: critical diff --git a/rules/web/web_cve-2010-4231_exploitation_attempt.yaml b/rules/web/web_cve-2010-4231_exploitation_attempt.yaml new file mode 100644 index 000000000..a0476b22c --- /dev/null +++ b/rules/web/web_cve-2010-4231_exploitation_attempt.yaml @@ -0,0 +1,23 @@ +title: CVE-2010-4231 exploitation attempt +id: c60db1d4-a919-4cbc-bcba-3271b2fd0e6b +author: Subhash Popuri (@pbssubhash) +date: 2021/08/25 +status: experimental +description: Camtron CMNC-200 IP Camera - Directory Traversal:The CMNC-200 IP Camera + has a built-in web server that is enabled by default. The server is vulnerable to + directory transversal attacks, allowing access to any file on the camera file system. +references: + - https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /../../../../../../../../../../../../../etc/passwd + condition: selection +false_positives: + - Scanning from Nuclei + - Penetration Testing Activity + - Unknown +tags: + - attack.initial_access + - attack.t1190 +level: critical diff --git a/rules/web/web_cve-2010-4617_exploitation_attempt.yaml b/rules/web/web_cve-2010-4617_exploitation_attempt.yaml new file mode 100644 index 000000000..33f2bc11a --- /dev/null +++ b/rules/web/web_cve-2010-4617_exploitation_attempt.yaml @@ -0,0 +1,24 @@ +title: CVE-2010-4617 exploitation attempt +id: a7745670-2ad1-411a-8e6d-c43bc9942139 +author: Subhash Popuri (@pbssubhash) +date: 2021/08/25 +status: experimental +description: Joomla! Component JotLoader 2.2.1 - Local File Inclusion:Directory traversal + vulnerability in the JotLoader (com_jotloader) component 2.2.1 for Joomla! allows + remote attackers to read arbitrary files via directory traversal sequences in the + section parameter to index.php. +references: + - https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /index.php?option=com_jotloader§ion=../../../../../../../../../../../../../../etc/passwd%00 + condition: selection +false_positives: + - Scanning from Nuclei + - Penetration Testing Activity + - Unknown +tags: + - attack.initial_access + - attack.t1190 +level: critical diff --git a/rules/web/web_cve-2010-5278_exploitation_attempt.yaml b/rules/web/web_cve-2010-5278_exploitation_attempt.yaml new file mode 100644 index 000000000..14abd22d4 --- /dev/null +++ b/rules/web/web_cve-2010-5278_exploitation_attempt.yaml @@ -0,0 +1,24 @@ +title: CVE-2010-5278 exploitation attempt +id: 37dbe173-d9f1-400b-862e-cceef489ef6f +author: Subhash Popuri (@pbssubhash) +date: 2021/08/25 +status: experimental +description: MODx manager - Local File Inclusion:Directory traversal vulnerability + in manager/controllers/default/resource/tvs.php in MODx Revolution 2.0.2-pl, and + possibly earlier, when magic_quotes_gpc is disabled, allows remote attackers to + read arbitrary files via a .. (dot dot) in the class_key parameter. +references: + - https://github.com/projectdiscovery/nuclei-templates +detection: + selection: + c-uri|contains: + - /manager/controllers/default/resource/tvs.php?class_key=../../../../../../../../../../windows/win.ini%00 + condition: selection +false_positives: + - Scanning from Nuclei + - Penetration Testing Activity + - Unknown +tags: + - attack.initial_access + - attack.t1190 +level: critical diff --git a/rules/web/web_cve_CVE-2010-0943_exploitation_attempt.yaml b/rules/web/web_cve_CVE-2010-0943_exploitation_attempt.yaml deleted file mode 100644 index a6ec1f7d4..000000000 --- a/rules/web/web_cve_CVE-2010-0943_exploitation_attempt.yaml +++ /dev/null @@ -1,25 +0,0 @@ -title: CVE-2010-0943 exploitation attempt -id: fa7e28e3-d286-4c38-b6df-41eb004b66ba -author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: Directory traversal vulnerability in the JA Showcase (com_jashowcase) - component for Joomla! allows remote attackers to read arbitrary files via a .. (dot - dot) in the controller parameter in a jashowcase action to index.php. -references: -- https://www.exploit-db.com/exploits/11090 -- https://www.cvedetails.com/cve/CVE-2010-0943 -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /index.php?option=com_jashowcase&view=jashowcase&controller=../../../../../../../etc/passwd%00 - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical diff --git a/rules/web/web_cve_CVE-2010-0944_exploitation_attempt.yaml b/rules/web/web_cve_CVE-2010-0944_exploitation_attempt.yaml deleted file mode 100644 index f96cb67b4..000000000 --- a/rules/web/web_cve_CVE-2010-0944_exploitation_attempt.yaml +++ /dev/null @@ -1,25 +0,0 @@ -title: CVE-2010-0944 exploitation attempt -id: c656c178-4f5a-4dc4-a605-21e225987ac5 -author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: Directory traversal vulnerability in the JCollection (com_jcollection) - component for Joomla! allows remote attackers to read arbitrary files via a .. (dot - dot) in the controller parameter to index.php. -references: -- https://www.exploit-db.com/exploits/11088 -- https://www.cvedetails.com/cve/CVE-2010-0944 -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /index.php?option=com_jcollection&controller=../../../../../../../etc/passwd%00 - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical diff --git a/rules/web/web_cve_CVE-2010-1306_exploitation_attempt.yaml b/rules/web/web_cve_CVE-2010-1306_exploitation_attempt.yaml deleted file mode 100644 index 8cead1aa0..000000000 --- a/rules/web/web_cve_CVE-2010-1306_exploitation_attempt.yaml +++ /dev/null @@ -1,23 +0,0 @@ -title: CVE-2010-1306 exploitation attempt -id: b2105629-bb00-47a1-a01e-24147433710c -author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: Directory traversal vulnerability in the Picasa (com_joomlapicasa2) component - 2.0 and 2.0.5 for Joomla! allows remote attackers to read arbitrary local files - via a .. (dot dot) in the controller parameter to index.php. -references: -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /index.php?option=com_joomlapicasa2&controller=../../../../../etc/passwd%00 - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical diff --git a/rules/web/web_cve_CVE-2010-1314_exploitation_attempt.yaml b/rules/web/web_cve_CVE-2010-1314_exploitation_attempt.yaml deleted file mode 100644 index 6e4902b2e..000000000 --- a/rules/web/web_cve_CVE-2010-1314_exploitation_attempt.yaml +++ /dev/null @@ -1,23 +0,0 @@ -title: CVE-2010-1314 exploitation attempt -id: 532cef3e-f3cc-437d-b6da-146675cb61ac -author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: Directory traversal vulnerability in the Highslide JS (com_hsconfig) - component 1.5 and 2.0.9 for Joomla! allows remote attackers to read arbitrary files - via a .. (dot dot) in the controller parameter to index.php. -references: -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /index.php?option=com_hsconfig&controller=../../../../../../../../../../etc/passwd%00 - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical diff --git a/rules/web/web_cve_CVE-2010-1345_exploitation_attempt.yaml b/rules/web/web_cve_CVE-2010-1345_exploitation_attempt.yaml deleted file mode 100644 index 1286b44e3..000000000 --- a/rules/web/web_cve_CVE-2010-1345_exploitation_attempt.yaml +++ /dev/null @@ -1,23 +0,0 @@ -title: CVE-2010-1345 exploitation attempt -id: 8869cdca-39da-496a-ba9c-c9eeb5c51a4c -author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: Directory traversal vulnerability in the Cookex Agency CKForms (com_ckforms) - component 1.3.3 for Joomla! allows remote attackers to read arbitrary files via - a .. (dot dot) in the controller parameter to index.php. -references: -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /index.php?option=com_ckforms&controller=../../../../../../../../../../etc/passwd%00 - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical diff --git a/rules/web/web_cve_CVE-2010-1353_exploitation_attempt.yaml b/rules/web/web_cve_CVE-2010-1353_exploitation_attempt.yaml deleted file mode 100644 index 206da49b7..000000000 --- a/rules/web/web_cve_CVE-2010-1353_exploitation_attempt.yaml +++ /dev/null @@ -1,25 +0,0 @@ -title: CVE-2010-1353 exploitation attempt -id: e464164c-0cb6-427f-9eea-06dbf29d3044 -author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: Directory traversal vulnerability in the LoginBox Pro (com_loginbox) - component for Joomla! allows remote attackers to read arbitrary files via a .. (dot - dot) in the view parameter to index.php. -references: -- https://www.exploit-db.com/exploits/12068 -- https://www.cvedetails.com/cve/CVE-2010-1353 -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /index.php?option=com_loginbox&view=../../../../../../../../../etc/passwd%00 - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical diff --git a/rules/web/web_cve_CVE-2010-1474_exploitation_attempt.yaml b/rules/web/web_cve_CVE-2010-1474_exploitation_attempt.yaml deleted file mode 100644 index 29e32c325..000000000 --- a/rules/web/web_cve_CVE-2010-1474_exploitation_attempt.yaml +++ /dev/null @@ -1,26 +0,0 @@ -title: CVE-2010-1474 exploitation attempt -id: 4964f728-0184-4efb-b8b1-23087da5baab -author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: Directory traversal vulnerability in the Sweety Keeper (com_sweetykeeper) - component 1.5.x for Joomla! allows remote attackers to read arbitrary files and - possibly have unspecified other impact via a .. (dot dot) in the controller parameter - to index.php. -references: -- https://www.exploit-db.com/exploits/12182 -- https://www.cvedetails.com/cve/CVE-2010-1474 -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /index.php?option=com_sweetykeeper&controller=../../../../../../../../../../etc/passwd%00 - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical diff --git a/rules/web/web_cve_CVE-2010-1475_exploitation_attempt.yaml b/rules/web/web_cve_CVE-2010-1475_exploitation_attempt.yaml deleted file mode 100644 index 50fbb1669..000000000 --- a/rules/web/web_cve_CVE-2010-1475_exploitation_attempt.yaml +++ /dev/null @@ -1,24 +0,0 @@ -title: CVE-2010-1475 exploitation attempt -id: 5f4ba4e9-6b51-4284-afdf-15485b08088f -author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: Directory traversal vulnerability in the Preventive & Reservation (com_preventive) - component 1.0.5 for Joomla! allows remote attackers to read arbitrary files and - possibly have unspecified other impact via a .. (dot dot) in the controller parameter - to index.php. -references: -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /index.php?option=com_preventive&controller==../../../../../../../../../../etc/passwd%00 - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical diff --git a/rules/web/web_cve_CVE-2010-1495_exploitation_attempt.yaml b/rules/web/web_cve_CVE-2010-1495_exploitation_attempt.yaml deleted file mode 100644 index 3f165d2af..000000000 --- a/rules/web/web_cve_CVE-2010-1495_exploitation_attempt.yaml +++ /dev/null @@ -1,25 +0,0 @@ -title: CVE-2010-1495 exploitation attempt -id: 24ffa234-2963-4518-b72d-7aae991d1189 -author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: Directory traversal vulnerability in the Matamko (com_matamko) component - 1.01 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) - in the controller parameter to index.php. -references: -- https://www.exploit-db.com/exploits/12286 -- https://www.cvedetails.com/cve/CVE-2010-1495 -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /index.php?option=com_matamko&controller=../../../../../../../../../../etc/passwd%00 - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical diff --git a/rules/web/web_cve_CVE-2010-1532_exploitation_attempt.yaml b/rules/web/web_cve_CVE-2010-1532_exploitation_attempt.yaml deleted file mode 100644 index 295628c19..000000000 --- a/rules/web/web_cve_CVE-2010-1532_exploitation_attempt.yaml +++ /dev/null @@ -1,24 +0,0 @@ -title: CVE-2010-1532 exploitation attempt -id: d65086e6-88a4-45e5-bc99-b1695aff4bd7 -author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: Directory traversal vulnerability in the givesight PowerMail Pro (com_powermail) - component 1.5.3 for Joomla! allows remote attackers to read arbitrary files and - possibly have unspecified other impact via a .. (dot dot) in the controller parameter - to index.php. -references: -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /index.php?option=com_powermail&controller=../../../../../../../../../../etc/passwd%00 - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical diff --git a/rules/web/web_cve_CVE-2010-1533_exploitation_attempt.yaml b/rules/web/web_cve_CVE-2010-1533_exploitation_attempt.yaml deleted file mode 100644 index 17821b03e..000000000 --- a/rules/web/web_cve_CVE-2010-1533_exploitation_attempt.yaml +++ /dev/null @@ -1,23 +0,0 @@ -title: CVE-2010-1533 exploitation attempt -id: ad63c834-1072-4c2d-b246-f615557b3026 -author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: Directory traversal vulnerability in the TweetLA (com_tweetla) component - 1.0.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot - dot) in the controller parameter to index.php. -references: -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /index.php?option=com_tweetla&controller=../../../../../../../etc/passwd%00 - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical diff --git a/rules/web/web_cve_CVE-2010-1535_exploitation_attempt.yaml b/rules/web/web_cve_CVE-2010-1535_exploitation_attempt.yaml deleted file mode 100644 index 382365286..000000000 --- a/rules/web/web_cve_CVE-2010-1535_exploitation_attempt.yaml +++ /dev/null @@ -1,24 +0,0 @@ -title: CVE-2010-1535 exploitation attempt -id: b0962f54-4cfd-4059-b742-af6f4e82e8b2 -author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: Directory traversal vulnerability in the TRAVELbook (com_travelbook) - component 1.0.1 for Joomla! allows remote attackers to read arbitrary files and - possibly have unspecified other impact via a .. (dot dot) in the controller parameter - to index.php. -references: -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /index.php?option=com_travelbook&controller=../../../../../../../../../../etc/passwd%00 - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical diff --git a/rules/web/web_cve_CVE-2010-1602_exploitation_attempt.yaml b/rules/web/web_cve_CVE-2010-1602_exploitation_attempt.yaml deleted file mode 100644 index 2c2df33ef..000000000 --- a/rules/web/web_cve_CVE-2010-1602_exploitation_attempt.yaml +++ /dev/null @@ -1,26 +0,0 @@ -title: CVE-2010-1602 exploitation attempt -id: fdf12606-2a8a-4450-b3b7-e6bdf03e7096 -author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: Directory traversal vulnerability in the ZiMB Comment (com_zimbcomment) - component 0.8.1 for Joomla! allows remote attackers to read arbitrary files and - possibly have unspecified other impact via a .. (dot dot) in the controller parameter - to index.php. -references: -- https://www.exploit-db.com/exploits/12283 -- https://www.cvedetails.com/cve/CVE-2010-1602 -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /index.php?option=com_zimbcomment&controller=../../../../../../../../../../etc/passwd%00 - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical diff --git a/rules/web/web_cve_CVE-2010-1657_exploitation_attempt.yaml b/rules/web/web_cve_CVE-2010-1657_exploitation_attempt.yaml deleted file mode 100644 index 74080bca7..000000000 --- a/rules/web/web_cve_CVE-2010-1657_exploitation_attempt.yaml +++ /dev/null @@ -1,25 +0,0 @@ -title: CVE-2010-1657 exploitation attempt -id: 41364f89-94ca-464d-8ab4-0c1348656707 -author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: Directory traversal vulnerability in the SmartSite (com_smartsite) component - 1.0.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot - dot) in the controller parameter to index.php. -references: -- https://www.exploit-db.com/exploits/12428 -- https://www.cvedetails.com/cve/CVE-2010-1657 -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /index.php?option=com_smartsite&controller=../../../../../../../../../../etc/passwd%00 - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical diff --git a/rules/web/web_cve_CVE-2010-1718_exploitation_attempt.yaml b/rules/web/web_cve_CVE-2010-1718_exploitation_attempt.yaml deleted file mode 100644 index 87d7b66af..000000000 --- a/rules/web/web_cve_CVE-2010-1718_exploitation_attempt.yaml +++ /dev/null @@ -1,24 +0,0 @@ -title: CVE-2010-1718 exploitation attempt -id: 14f01fca-dec5-4144-a40c-63488767b57f -author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: Directory traversal vulnerability in archeryscores.php in the Archery - Scores (com_archeryscores) component 1.0.6 for Joomla! allows remote attackers to - include and execute arbitrary local files via a .. (dot dot) in the controller parameter - to index.php. -references: -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /index.php?option=com_archeryscores&controller=../../../../../../../../../etc/passwd%00 - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical diff --git a/rules/web/web_cve_CVE-2010-1722_exploitation_attempt.yaml b/rules/web/web_cve_CVE-2010-1722_exploitation_attempt.yaml deleted file mode 100644 index eff648092..000000000 --- a/rules/web/web_cve_CVE-2010-1722_exploitation_attempt.yaml +++ /dev/null @@ -1,25 +0,0 @@ -title: CVE-2010-1722 exploitation attempt -id: d1b8ce75-b746-48a9-ad5c-4d692f5a21a0 -author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: Directory traversal vulnerability in the Online Market (com_market) component - 2.x for Joomla! allows remote attackers to read arbitrary files and possibly have - unspecified other impact via a .. (dot dot) in the controller parameter to index.php. -references: -- https://www.exploit-db.com/exploits/12177 -- https://www.cvedetails.com/cve/CVE-2010-1722 -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /index.php?option=com_market&controller=../../../../../../../../../../etc/passwd%00 - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical diff --git a/rules/web/web_cve_CVE-2010-1875_exploitation_attempt.yaml b/rules/web/web_cve_CVE-2010-1875_exploitation_attempt.yaml deleted file mode 100644 index 356a6f8a0..000000000 --- a/rules/web/web_cve_CVE-2010-1875_exploitation_attempt.yaml +++ /dev/null @@ -1,26 +0,0 @@ -title: CVE-2010-1875 exploitation attempt -id: 9fec2f12-8d56-4b94-8140-be92319e6282 -author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: Directory traversal vulnerability in the Real Estate Property (com_properties) - component 3.1.22-03 for Joomla! allows remote attackers to read arbitrary files - and possibly have unspecified other impact via a .. (dot dot) in the controller - parameter to index.php. -references: -- https://www.exploit-db.com/exploits/11851 -- https://www.cvedetails.com/cve/CVE-2010-1875 -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /index.php?option=com_properties&controller=../../../../../../../../../../../../../etc/passwd%00 - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical diff --git a/rules/web/web_cve_CVE-2010-1953_exploitation_attempt.yaml b/rules/web/web_cve_CVE-2010-1953_exploitation_attempt.yaml deleted file mode 100644 index cdcf71d5d..000000000 --- a/rules/web/web_cve_CVE-2010-1953_exploitation_attempt.yaml +++ /dev/null @@ -1,25 +0,0 @@ -title: CVE-2010-1953 exploitation attempt -id: b83f9267-f61a-4a52-a39c-2244330665c8 -author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: Directory traversal vulnerability in the iNetLanka Multiple Map (com_multimap) - component 1.0 for Joomla! allows remote attackers to read arbitrary files via a - .. (dot dot) in the controller parameter to index.php. -references: -- https://www.exploit-db.com/exploits/12288 -- https://www.cvedetails.com/cve/CVE-2010-1953 -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /index.php?option=com_multimap&controller=../../../../../../../../../../etc/passwd%00 - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical diff --git a/rules/web/web_cve_CVE-2010-1954_exploitation_attempt.yaml b/rules/web/web_cve_CVE-2010-1954_exploitation_attempt.yaml deleted file mode 100644 index 4430f4fb1..000000000 --- a/rules/web/web_cve_CVE-2010-1954_exploitation_attempt.yaml +++ /dev/null @@ -1,23 +0,0 @@ -title: CVE-2010-1954 exploitation attempt -id: e15b002d-bfad-4ae6-8253-5c5e1d3d7c61 -author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: Directory traversal vulnerability in the iNetLanka Multiple root (com_multiroot) - component 1.0 and 1.1 for Joomla! allows remote attackers to read arbitrary files - via a .. (dot dot) in the controller parameter to index.php. -references: -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /index.php?option=com_multiroot&controller=../../../../../../../../../../etc/passwd%00 - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical diff --git a/rules/web/web_cve_CVE-2010-1955_exploitation_attempt.yaml b/rules/web/web_cve_CVE-2010-1955_exploitation_attempt.yaml deleted file mode 100644 index 6204191c8..000000000 --- a/rules/web/web_cve_CVE-2010-1955_exploitation_attempt.yaml +++ /dev/null @@ -1,25 +0,0 @@ -title: CVE-2010-1955 exploitation attempt -id: e5ac823c-60fa-40c5-b7b2-965e023d3747 -author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: Directory traversal vulnerability in the Deluxe Blog Factory (com_blogfactory) - component 1.1.2 for Joomla! allows remote attackers to read arbitrary files via - a .. (dot dot) in the controller parameter to index.php. -references: -- https://www.exploit-db.com/exploits/12238 -- https://www.cvedetails.com/cve/CVE-2010-1955 -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /index.php?option=com_blogfactory&controller=../../../../../../../../../../etc/passwd%00 - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical diff --git a/rules/web/web_cve_CVE-2010-1979_exploitation_attempt.yaml b/rules/web/web_cve_CVE-2010-1979_exploitation_attempt.yaml deleted file mode 100644 index ee9852f82..000000000 --- a/rules/web/web_cve_CVE-2010-1979_exploitation_attempt.yaml +++ /dev/null @@ -1,25 +0,0 @@ -title: CVE-2010-1979 exploitation attempt -id: 62b49fe0-8735-4c00-ac45-52ac7b673174 -author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: Directory traversal vulnerability in the Affiliate Datafeeds (com_datafeeds) - component build 880 for Joomla! allows remote attackers to read arbitrary files - via a .. (dot dot) in the controller parameter to index.php. -references: -- https://www.exploit-db.com/exploits/12088 -- https://www.cvedetails.com/cve/CVE-2010-1979 -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /index.php?option=com_datafeeds&controller=../../../../../../../../../../etc/passwd%00 - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical diff --git a/rules/web/web_cve_CVE-2010-1983_exploitation_attempt.yaml b/rules/web/web_cve_CVE-2010-1983_exploitation_attempt.yaml deleted file mode 100644 index 2d32c4058..000000000 --- a/rules/web/web_cve_CVE-2010-1983_exploitation_attempt.yaml +++ /dev/null @@ -1,25 +0,0 @@ -title: CVE-2010-1983 exploitation attempt -id: 7325d138-af8e-42a1-80eb-a6b69c32da79 -author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: Directory traversal vulnerability in the redTWITTER (com_redtwitter) - component 1.0.x including 1.0b11 for Joomla! allows remote attackers to read arbitrary - files via a .. (dot dot) in the view parameter to index.php -references: -- https://www.exploit-db.com/exploits/12055 -- https://www.cvedetails.com/cve/CVE-2010-1983 -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /index.php?option=com_redtwitter&view=../../../../../../../../../../../../../../../etc/passwd%00 - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical diff --git a/rules/web/web_cve_CVE-2010-2033_exploitation_attempt.yaml b/rules/web/web_cve_CVE-2010-2033_exploitation_attempt.yaml deleted file mode 100644 index 171ec24e9..000000000 --- a/rules/web/web_cve_CVE-2010-2033_exploitation_attempt.yaml +++ /dev/null @@ -1,26 +0,0 @@ -title: CVE-2010-2033 exploitation attempt -id: 2d38d9d5-b9a3-46dd-8f55-81c5961c21b2 -author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: Directory traversal vulnerability in the Percha Fields Attach (com_perchafieldsattach) - component 1.x for Joomla! allows remote attackers to read arbitrary files and possibly - have unspecified other impact via a .. (dot dot) in the controller parameter to - index.php. -references: -- https://packetstormsecurity.com/files/89654/Joomla-Percha-Categories-Tree-0.6-Local-File-Inclusion.html -- https://www.cvedetails.com/cve/CVE-2010-2033 -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /index.php?option=com_perchacategoriestree&controller=../../../../../../../../../../etc/passwd%00 - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical diff --git a/rules/web/web_cve_CVE-2010-2036_exploitation_attempt.yaml b/rules/web/web_cve_CVE-2010-2036_exploitation_attempt.yaml deleted file mode 100644 index 06d0b88e8..000000000 --- a/rules/web/web_cve_CVE-2010-2036_exploitation_attempt.yaml +++ /dev/null @@ -1,26 +0,0 @@ -title: CVE-2010-2036 exploitation attempt -id: ae8ea246-0ec4-48ed-96b1-e6ad8a8a0274 -author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: Directory traversal vulnerability in the Percha Fields Attach (com_perchafieldsattach) - component 1.x for Joomla! allows remote attackers to read arbitrary files and possibly - have unspecified other impact via a .. (dot dot) in the controller parameter to - index.php. -references: -- https://www.exploit-db.com/exploits/34004 -- https://www.cvedetails.com/cve/CVE-2010-2036 -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /index.php?option=com_perchafieldsattach&controller=../../../../../../../../../../etc/passwd%00 - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical diff --git a/rules/web/web_cve_CVE-2010-2259_exploitation_attempt.yaml b/rules/web/web_cve_CVE-2010-2259_exploitation_attempt.yaml deleted file mode 100644 index 3609a834c..000000000 --- a/rules/web/web_cve_CVE-2010-2259_exploitation_attempt.yaml +++ /dev/null @@ -1,25 +0,0 @@ -title: CVE-2010-2259 exploitation attempt -id: a64bc24c-39fc-4531-b0c3-9d26f439f246 -author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: Directory traversal vulnerability in the BF Survey (com_bfsurvey) component - for Joomla! allows remote attackers to include and execute arbitrary local files - via a .. (dot dot) in the controller parameter to index.php. -references: -- https://www.exploit-db.com/exploits/10946 -- https://www.cvedetails.com/cve/CVE-2010-2259 -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /index.php?option=com_bfsurvey&controller=../../../../../../../../../../../../etc/passwd%00 - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical diff --git a/rules/web/web_cve_CVE-2010-2307_exploitation_attempt.yaml b/rules/web/web_cve_CVE-2010-2307_exploitation_attempt.yaml deleted file mode 100644 index 600ebee32..000000000 --- a/rules/web/web_cve_CVE-2010-2307_exploitation_attempt.yaml +++ /dev/null @@ -1,26 +0,0 @@ -title: CVE-2010-2307 exploitation attempt -id: 4d1124ea-beb9-4b9a-b75b-a76f61236a67 -author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: Multiple directory traversal vulnerabilities in the web server for Motorola - SURFBoard cable modem SBV6120E running firmware SBV6X2X-1.0.0.5-SCM-02-SHPC allow - remote attackers to read arbitrary files via (1) "//" (multiple leading slash), - (2) ../ (dot dot) sequences, and encoded dot dot sequences in a URL request. -references: -- https://www.securityfocus.com/bid/40550/info -- https://nvd.nist.gov/vuln/detail/CVE-2010-2307 -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /../../etc/passwd - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical diff --git a/rules/web/web_cve_CVE-2010-2682_exploitation_attempt.yaml b/rules/web/web_cve_CVE-2010-2682_exploitation_attempt.yaml deleted file mode 100644 index 94fcbdbc8..000000000 --- a/rules/web/web_cve_CVE-2010-2682_exploitation_attempt.yaml +++ /dev/null @@ -1,26 +0,0 @@ -title: CVE-2010-2682 exploitation attempt -id: c190dd5f-7b3c-4184-bca0-94129a1a0cdb -author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: Directory traversal vulnerability in the Realtyna Translator (com_realtyna) - component 1.0.15 for Joomla! allows remote attackers to read arbitrary files and - possibly have unspecified other impact via a .. (dot dot) in the controller parameter - to index.php. -references: -- https://www.exploit-db.com/exploits/14017 -- https://www.cvedetails.com/cve/CVE-2010-2682 -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /index.php?option=com_realtyna&controller=../../../../../../../../../../../../../../../etc/passwd%00 - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical diff --git a/rules/web/web_cve_CVE-2010-2861_exploitation_attempt.yaml b/rules/web/web_cve_CVE-2010-2861_exploitation_attempt.yaml deleted file mode 100644 index 6513ed687..000000000 --- a/rules/web/web_cve_CVE-2010-2861_exploitation_attempt.yaml +++ /dev/null @@ -1,27 +0,0 @@ -title: CVE-2010-2861 exploitation attempt -id: d98ff4e9-b11e-40b7-a536-b71bd1800042 -author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: Multiple directory traversal vulnerabilities in the administrator console - in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files - via the locale parameter to (1) CFIDE/administrator/settings/mappings.cfm, (2) logging/settings.cfm, - (3) datasources/index.cfm, (4) j2eepackaging/editarchive.cfm, and (5) enter.cfm - in CFIDE/administrator/. -references: -- https://github.com/vulhub/vulhub/tree/master/coldfusion/CVE-2010-2861 -- http://www.adobe.com/support/security/bulletins/apsb10-18.html -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /CFIDE/administrator/enter.cfm?locale=../../../../../../../lib/password.properties%00en - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical diff --git a/rules/web/web_cve_CVE-2010-3426_exploitation_attempt.yaml b/rules/web/web_cve_CVE-2010-3426_exploitation_attempt.yaml deleted file mode 100644 index 8d50a3c82..000000000 --- a/rules/web/web_cve_CVE-2010-3426_exploitation_attempt.yaml +++ /dev/null @@ -1,23 +0,0 @@ -title: CVE-2010-3426 exploitation attempt -id: 3178d248-aa37-4f7c-97ee-3c16809bca69 -author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: Directory traversal vulnerability in jphone.php in the JPhone (com_jphone) - component 1.0 Alpha 3 for Joomla! allows remote attackers to include and execute - arbitrary local files via a .. (dot dot) in the controller parameter to index.php. -references: -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /index.php?option=com_jphone&controller=../../../../../../../../../../etc/passwd%00 - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical diff --git a/rules/web/web_cve_CVE-2010-4231_exploitation_attempt.yaml b/rules/web/web_cve_CVE-2010-4231_exploitation_attempt.yaml deleted file mode 100644 index e8a4bb989..000000000 --- a/rules/web/web_cve_CVE-2010-4231_exploitation_attempt.yaml +++ /dev/null @@ -1,25 +0,0 @@ -title: CVE-2010-4231 exploitation attempt -id: 52c315b8-c56e-41b9-ace4-fdfdc593657d -author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: The CMNC-200 IP Camera has a built-in web server that is enabled by default. - The server is vulnerable to directory transversal attacks, allowing access to any - file on the camera file system. -references: -- https://nvd.nist.gov/vuln/detail/CVE-2010-4231 -- https://www.exploit-db.com/exploits/15505 -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /../../../../../../../../../../../../../etc/passwd - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical diff --git a/rules/web/web_cve_CVE-2010-4617_exploitation_attempt.yaml b/rules/web/web_cve_CVE-2010-4617_exploitation_attempt.yaml deleted file mode 100644 index 9384cf9d3..000000000 --- a/rules/web/web_cve_CVE-2010-4617_exploitation_attempt.yaml +++ /dev/null @@ -1,25 +0,0 @@ -title: CVE-2010-4617 exploitation attempt -id: cc29de7e-88e9-4deb-ac0b-5072745ba6d5 -author: Subhash Popuri (@pbssubhash) -date: 25/08/2021 -status: experimental -description: Directory traversal vulnerability in the JotLoader (com_jotloader) component - 2.2.1 for Joomla! allows remote attackers to read arbitrary files via directory - traversal sequences in the section parameter to index.php. -references: -- https://www.exploit-db.com/exploits/15791 -- https://www.cvedetails.com/cve/CVE-2010-4617 -- https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: - - /index.php?option=com_jotloader§ion=../../../../../../../../../../../../../../etc/passwd%00 - condition: selection -false_positives: -- Scanning from Nuclei -- Penetration Testing Activity -- Unknown -tags: -- attack.initial_access -- attack.t1190 -level: critical From 1f7d239bf9ed2f4d7d5314a3587024125b082504 Mon Sep 17 00:00:00 2001 From: pbssubhash Date: Sun, 12 Sep 2021 18:24:35 +0530 Subject: [PATCH 12/17] Name change --- ...2010-0943_exploitation_attempt.yaml => web_cve-2010-0943.yaml} | 0 ...2010-0944_exploitation_attempt.yaml => web_cve-2010-0944.yaml} | 0 ...2010-0985_exploitation_attempt.yaml => web_cve-2010-0985.yaml} | 0 ...2010-1219_exploitation_attempt.yaml => web_cve-2010-1219.yaml} | 0 ...2010-1304_exploitation_attempt.yaml => web_cve-2010-1304.yaml} | 0 ...2010-1305_exploitation_attempt.yaml => web_cve-2010-1305.yaml} | 0 ...2010-1306_exploitation_attempt.yaml => web_cve-2010-1306.yaml} | 0 ...2010-1307_exploitation_attempt.yaml => web_cve-2010-1307.yaml} | 0 ...2010-1308_exploitation_attempt.yaml => web_cve-2010-1308.yaml} | 0 ...2010-1312_exploitation_attempt.yaml => web_cve-2010-1312.yaml} | 0 ...2010-1313_exploitation_attempt.yaml => web_cve-2010-1313.yaml} | 0 ...2010-1314_exploitation_attempt.yaml => web_cve-2010-1314.yaml} | 0 ...2010-1345_exploitation_attempt.yaml => web_cve-2010-1345.yaml} | 0 ...2010-1353_exploitation_attempt.yaml => web_cve-2010-1353.yaml} | 0 ...2010-1354_exploitation_attempt.yaml => web_cve-2010-1354.yaml} | 0 ...2010-1470_exploitation_attempt.yaml => web_cve-2010-1470.yaml} | 0 ...2010-1471_exploitation_attempt.yaml => web_cve-2010-1471.yaml} | 0 ...2010-1472_exploitation_attempt.yaml => web_cve-2010-1472.yaml} | 0 ...2010-1473_exploitation_attempt.yaml => web_cve-2010-1473.yaml} | 0 ...2010-1474_exploitation_attempt.yaml => web_cve-2010-1474.yaml} | 0 ...2010-1475_exploitation_attempt.yaml => web_cve-2010-1475.yaml} | 0 ...2010-1476_exploitation_attempt.yaml => web_cve-2010-1476.yaml} | 0 ...2010-1494_exploitation_attempt.yaml => web_cve-2010-1494.yaml} | 0 ...2010-1495_exploitation_attempt.yaml => web_cve-2010-1495.yaml} | 0 ...2010-1532_exploitation_attempt.yaml => web_cve-2010-1532.yaml} | 0 ...2010-1533_exploitation_attempt.yaml => web_cve-2010-1533.yaml} | 0 ...2010-1534_exploitation_attempt.yaml => web_cve-2010-1534.yaml} | 0 ...2010-1535_exploitation_attempt.yaml => web_cve-2010-1535.yaml} | 0 ...2010-1601_exploitation_attempt.yaml => web_cve-2010-1601.yaml} | 0 ...2010-1602_exploitation_attempt.yaml => web_cve-2010-1602.yaml} | 0 ...2010-1607_exploitation_attempt.yaml => web_cve-2010-1607.yaml} | 0 ...2010-1657_exploitation_attempt.yaml => web_cve-2010-1657.yaml} | 0 ...2010-1659_exploitation_attempt.yaml => web_cve-2010-1659.yaml} | 0 ...2010-1714_exploitation_attempt.yaml => web_cve-2010-1714.yaml} | 0 ...2010-1717_exploitation_attempt.yaml => web_cve-2010-1717.yaml} | 0 ...2010-1718_exploitation_attempt.yaml => web_cve-2010-1718.yaml} | 0 ...2010-1719_exploitation_attempt.yaml => web_cve-2010-1719.yaml} | 0 ...2010-1722_exploitation_attempt.yaml => web_cve-2010-1722.yaml} | 0 ...2010-1875_exploitation_attempt.yaml => web_cve-2010-1875.yaml} | 0 ...2010-1953_exploitation_attempt.yaml => web_cve-2010-1953.yaml} | 0 ...2010-1954_exploitation_attempt.yaml => web_cve-2010-1954.yaml} | 0 ...2010-1955_exploitation_attempt.yaml => web_cve-2010-1955.yaml} | 0 ...2010-1956_exploitation_attempt.yaml => web_cve-2010-1956.yaml} | 0 ...2010-1979_exploitation_attempt.yaml => web_cve-2010-1979.yaml} | 0 ...2010-1980_exploitation_attempt.yaml => web_cve-2010-1980.yaml} | 0 ...2010-1981_exploitation_attempt.yaml => web_cve-2010-1981.yaml} | 0 ...2010-1983_exploitation_attempt.yaml => web_cve-2010-1983.yaml} | 0 ...2010-2033_exploitation_attempt.yaml => web_cve-2010-2033.yaml} | 0 ...2010-2034_exploitation_attempt.yaml => web_cve-2010-2034.yaml} | 0 ...2010-2035_exploitation_attempt.yaml => web_cve-2010-2035.yaml} | 0 ...2010-2036_exploitation_attempt.yaml => web_cve-2010-2036.yaml} | 0 ...2010-2122_exploitation_attempt.yaml => web_cve-2010-2122.yaml} | 0 ...2010-2259_exploitation_attempt.yaml => web_cve-2010-2259.yaml} | 0 ...2010-2307_exploitation_attempt.yaml => web_cve-2010-2307.yaml} | 0 ...2010-2682_exploitation_attempt.yaml => web_cve-2010-2682.yaml} | 0 ...2010-2861_exploitation_attempt.yaml => web_cve-2010-2861.yaml} | 0 ...2010-2920_exploitation_attempt.yaml => web_cve-2010-2920.yaml} | 0 ...2010-3426_exploitation_attempt.yaml => web_cve-2010-3426.yaml} | 0 ...2010-4231_exploitation_attempt.yaml => web_cve-2010-4231.yaml} | 0 ...2010-4617_exploitation_attempt.yaml => web_cve-2010-4617.yaml} | 0 ...2010-5278_exploitation_attempt.yaml => web_cve-2010-5278.yaml} | 0 61 files changed, 0 insertions(+), 0 deletions(-) rename rules/web/{web_cve-2010-0943_exploitation_attempt.yaml => web_cve-2010-0943.yaml} (100%) rename rules/web/{web_cve-2010-0944_exploitation_attempt.yaml => web_cve-2010-0944.yaml} (100%) rename rules/web/{web_cve-2010-0985_exploitation_attempt.yaml => web_cve-2010-0985.yaml} (100%) rename rules/web/{web_cve-2010-1219_exploitation_attempt.yaml => web_cve-2010-1219.yaml} (100%) rename rules/web/{web_cve-2010-1304_exploitation_attempt.yaml => web_cve-2010-1304.yaml} (100%) rename rules/web/{web_cve-2010-1305_exploitation_attempt.yaml => web_cve-2010-1305.yaml} (100%) rename rules/web/{web_cve-2010-1306_exploitation_attempt.yaml => web_cve-2010-1306.yaml} (100%) rename rules/web/{web_cve-2010-1307_exploitation_attempt.yaml => web_cve-2010-1307.yaml} (100%) rename rules/web/{web_cve-2010-1308_exploitation_attempt.yaml => web_cve-2010-1308.yaml} (100%) rename rules/web/{web_cve-2010-1312_exploitation_attempt.yaml => web_cve-2010-1312.yaml} (100%) rename rules/web/{web_cve-2010-1313_exploitation_attempt.yaml => web_cve-2010-1313.yaml} (100%) rename rules/web/{web_cve-2010-1314_exploitation_attempt.yaml => web_cve-2010-1314.yaml} (100%) rename rules/web/{web_cve-2010-1345_exploitation_attempt.yaml => web_cve-2010-1345.yaml} (100%) rename rules/web/{web_cve-2010-1353_exploitation_attempt.yaml => web_cve-2010-1353.yaml} (100%) rename rules/web/{web_cve-2010-1354_exploitation_attempt.yaml => web_cve-2010-1354.yaml} (100%) rename rules/web/{web_cve-2010-1470_exploitation_attempt.yaml => web_cve-2010-1470.yaml} (100%) rename rules/web/{web_cve-2010-1471_exploitation_attempt.yaml => web_cve-2010-1471.yaml} (100%) rename rules/web/{web_cve-2010-1472_exploitation_attempt.yaml => web_cve-2010-1472.yaml} (100%) rename rules/web/{web_cve-2010-1473_exploitation_attempt.yaml => web_cve-2010-1473.yaml} (100%) rename rules/web/{web_cve-2010-1474_exploitation_attempt.yaml => web_cve-2010-1474.yaml} (100%) rename rules/web/{web_cve-2010-1475_exploitation_attempt.yaml => web_cve-2010-1475.yaml} (100%) rename rules/web/{web_cve-2010-1476_exploitation_attempt.yaml => web_cve-2010-1476.yaml} (100%) rename rules/web/{web_cve-2010-1494_exploitation_attempt.yaml => web_cve-2010-1494.yaml} (100%) rename rules/web/{web_cve-2010-1495_exploitation_attempt.yaml => web_cve-2010-1495.yaml} (100%) rename rules/web/{web_cve-2010-1532_exploitation_attempt.yaml => web_cve-2010-1532.yaml} (100%) rename rules/web/{web_cve-2010-1533_exploitation_attempt.yaml => web_cve-2010-1533.yaml} (100%) rename rules/web/{web_cve-2010-1534_exploitation_attempt.yaml => web_cve-2010-1534.yaml} (100%) rename rules/web/{web_cve-2010-1535_exploitation_attempt.yaml => web_cve-2010-1535.yaml} (100%) rename rules/web/{web_cve-2010-1601_exploitation_attempt.yaml => web_cve-2010-1601.yaml} (100%) rename rules/web/{web_cve-2010-1602_exploitation_attempt.yaml => web_cve-2010-1602.yaml} (100%) rename rules/web/{web_cve-2010-1607_exploitation_attempt.yaml => web_cve-2010-1607.yaml} (100%) rename rules/web/{web_cve-2010-1657_exploitation_attempt.yaml => web_cve-2010-1657.yaml} (100%) rename rules/web/{web_cve-2010-1659_exploitation_attempt.yaml => web_cve-2010-1659.yaml} (100%) rename rules/web/{web_cve-2010-1714_exploitation_attempt.yaml => web_cve-2010-1714.yaml} (100%) rename rules/web/{web_cve-2010-1717_exploitation_attempt.yaml => web_cve-2010-1717.yaml} (100%) rename rules/web/{web_cve-2010-1718_exploitation_attempt.yaml => web_cve-2010-1718.yaml} (100%) rename rules/web/{web_cve-2010-1719_exploitation_attempt.yaml => web_cve-2010-1719.yaml} (100%) rename rules/web/{web_cve-2010-1722_exploitation_attempt.yaml => web_cve-2010-1722.yaml} (100%) rename rules/web/{web_cve-2010-1875_exploitation_attempt.yaml => web_cve-2010-1875.yaml} (100%) rename rules/web/{web_cve-2010-1953_exploitation_attempt.yaml => web_cve-2010-1953.yaml} (100%) rename rules/web/{web_cve-2010-1954_exploitation_attempt.yaml => web_cve-2010-1954.yaml} (100%) rename rules/web/{web_cve-2010-1955_exploitation_attempt.yaml => web_cve-2010-1955.yaml} (100%) rename rules/web/{web_cve-2010-1956_exploitation_attempt.yaml => web_cve-2010-1956.yaml} (100%) rename rules/web/{web_cve-2010-1979_exploitation_attempt.yaml => web_cve-2010-1979.yaml} (100%) rename rules/web/{web_cve-2010-1980_exploitation_attempt.yaml => web_cve-2010-1980.yaml} (100%) rename rules/web/{web_cve-2010-1981_exploitation_attempt.yaml => web_cve-2010-1981.yaml} (100%) rename rules/web/{web_cve-2010-1983_exploitation_attempt.yaml => web_cve-2010-1983.yaml} (100%) rename rules/web/{web_cve-2010-2033_exploitation_attempt.yaml => web_cve-2010-2033.yaml} (100%) rename rules/web/{web_cve-2010-2034_exploitation_attempt.yaml => web_cve-2010-2034.yaml} (100%) rename rules/web/{web_cve-2010-2035_exploitation_attempt.yaml => web_cve-2010-2035.yaml} (100%) rename rules/web/{web_cve-2010-2036_exploitation_attempt.yaml => web_cve-2010-2036.yaml} (100%) rename rules/web/{web_cve-2010-2122_exploitation_attempt.yaml => web_cve-2010-2122.yaml} (100%) rename rules/web/{web_cve-2010-2259_exploitation_attempt.yaml => web_cve-2010-2259.yaml} (100%) rename rules/web/{web_cve-2010-2307_exploitation_attempt.yaml => web_cve-2010-2307.yaml} (100%) rename rules/web/{web_cve-2010-2682_exploitation_attempt.yaml => web_cve-2010-2682.yaml} (100%) rename rules/web/{web_cve-2010-2861_exploitation_attempt.yaml => web_cve-2010-2861.yaml} (100%) rename rules/web/{web_cve-2010-2920_exploitation_attempt.yaml => web_cve-2010-2920.yaml} (100%) rename rules/web/{web_cve-2010-3426_exploitation_attempt.yaml => web_cve-2010-3426.yaml} (100%) rename rules/web/{web_cve-2010-4231_exploitation_attempt.yaml => web_cve-2010-4231.yaml} (100%) rename rules/web/{web_cve-2010-4617_exploitation_attempt.yaml => web_cve-2010-4617.yaml} (100%) rename rules/web/{web_cve-2010-5278_exploitation_attempt.yaml => web_cve-2010-5278.yaml} (100%) diff --git a/rules/web/web_cve-2010-0943_exploitation_attempt.yaml b/rules/web/web_cve-2010-0943.yaml similarity index 100% rename from rules/web/web_cve-2010-0943_exploitation_attempt.yaml rename to rules/web/web_cve-2010-0943.yaml diff --git a/rules/web/web_cve-2010-0944_exploitation_attempt.yaml b/rules/web/web_cve-2010-0944.yaml similarity index 100% rename from rules/web/web_cve-2010-0944_exploitation_attempt.yaml rename to rules/web/web_cve-2010-0944.yaml diff --git a/rules/web/web_cve-2010-0985_exploitation_attempt.yaml b/rules/web/web_cve-2010-0985.yaml similarity index 100% rename from rules/web/web_cve-2010-0985_exploitation_attempt.yaml rename to rules/web/web_cve-2010-0985.yaml diff --git a/rules/web/web_cve-2010-1219_exploitation_attempt.yaml b/rules/web/web_cve-2010-1219.yaml similarity index 100% rename from rules/web/web_cve-2010-1219_exploitation_attempt.yaml rename to rules/web/web_cve-2010-1219.yaml diff --git a/rules/web/web_cve-2010-1304_exploitation_attempt.yaml b/rules/web/web_cve-2010-1304.yaml similarity index 100% rename from rules/web/web_cve-2010-1304_exploitation_attempt.yaml rename to rules/web/web_cve-2010-1304.yaml diff --git a/rules/web/web_cve-2010-1305_exploitation_attempt.yaml b/rules/web/web_cve-2010-1305.yaml similarity index 100% rename from rules/web/web_cve-2010-1305_exploitation_attempt.yaml rename to rules/web/web_cve-2010-1305.yaml diff --git a/rules/web/web_cve-2010-1306_exploitation_attempt.yaml b/rules/web/web_cve-2010-1306.yaml similarity index 100% rename from rules/web/web_cve-2010-1306_exploitation_attempt.yaml rename to rules/web/web_cve-2010-1306.yaml diff --git a/rules/web/web_cve-2010-1307_exploitation_attempt.yaml b/rules/web/web_cve-2010-1307.yaml similarity index 100% rename from rules/web/web_cve-2010-1307_exploitation_attempt.yaml rename to rules/web/web_cve-2010-1307.yaml diff --git a/rules/web/web_cve-2010-1308_exploitation_attempt.yaml b/rules/web/web_cve-2010-1308.yaml similarity index 100% rename from rules/web/web_cve-2010-1308_exploitation_attempt.yaml rename to rules/web/web_cve-2010-1308.yaml diff --git a/rules/web/web_cve-2010-1312_exploitation_attempt.yaml b/rules/web/web_cve-2010-1312.yaml similarity index 100% rename from rules/web/web_cve-2010-1312_exploitation_attempt.yaml rename to rules/web/web_cve-2010-1312.yaml diff --git a/rules/web/web_cve-2010-1313_exploitation_attempt.yaml b/rules/web/web_cve-2010-1313.yaml similarity index 100% rename from rules/web/web_cve-2010-1313_exploitation_attempt.yaml rename to rules/web/web_cve-2010-1313.yaml diff --git a/rules/web/web_cve-2010-1314_exploitation_attempt.yaml b/rules/web/web_cve-2010-1314.yaml similarity index 100% rename from rules/web/web_cve-2010-1314_exploitation_attempt.yaml rename to rules/web/web_cve-2010-1314.yaml diff --git a/rules/web/web_cve-2010-1345_exploitation_attempt.yaml b/rules/web/web_cve-2010-1345.yaml similarity index 100% rename from rules/web/web_cve-2010-1345_exploitation_attempt.yaml rename to rules/web/web_cve-2010-1345.yaml diff --git a/rules/web/web_cve-2010-1353_exploitation_attempt.yaml b/rules/web/web_cve-2010-1353.yaml similarity index 100% rename from rules/web/web_cve-2010-1353_exploitation_attempt.yaml rename to rules/web/web_cve-2010-1353.yaml diff --git a/rules/web/web_cve-2010-1354_exploitation_attempt.yaml b/rules/web/web_cve-2010-1354.yaml similarity index 100% rename from rules/web/web_cve-2010-1354_exploitation_attempt.yaml rename to rules/web/web_cve-2010-1354.yaml diff --git a/rules/web/web_cve-2010-1470_exploitation_attempt.yaml b/rules/web/web_cve-2010-1470.yaml similarity index 100% rename from rules/web/web_cve-2010-1470_exploitation_attempt.yaml rename to rules/web/web_cve-2010-1470.yaml diff --git a/rules/web/web_cve-2010-1471_exploitation_attempt.yaml b/rules/web/web_cve-2010-1471.yaml similarity index 100% rename from rules/web/web_cve-2010-1471_exploitation_attempt.yaml rename to rules/web/web_cve-2010-1471.yaml diff --git a/rules/web/web_cve-2010-1472_exploitation_attempt.yaml b/rules/web/web_cve-2010-1472.yaml similarity index 100% rename from rules/web/web_cve-2010-1472_exploitation_attempt.yaml rename to rules/web/web_cve-2010-1472.yaml diff --git a/rules/web/web_cve-2010-1473_exploitation_attempt.yaml b/rules/web/web_cve-2010-1473.yaml similarity index 100% rename from rules/web/web_cve-2010-1473_exploitation_attempt.yaml rename to rules/web/web_cve-2010-1473.yaml diff --git a/rules/web/web_cve-2010-1474_exploitation_attempt.yaml b/rules/web/web_cve-2010-1474.yaml similarity index 100% rename from rules/web/web_cve-2010-1474_exploitation_attempt.yaml rename to rules/web/web_cve-2010-1474.yaml diff --git a/rules/web/web_cve-2010-1475_exploitation_attempt.yaml b/rules/web/web_cve-2010-1475.yaml similarity index 100% rename from rules/web/web_cve-2010-1475_exploitation_attempt.yaml rename to rules/web/web_cve-2010-1475.yaml diff --git a/rules/web/web_cve-2010-1476_exploitation_attempt.yaml b/rules/web/web_cve-2010-1476.yaml similarity index 100% rename from rules/web/web_cve-2010-1476_exploitation_attempt.yaml rename to rules/web/web_cve-2010-1476.yaml diff --git a/rules/web/web_cve-2010-1494_exploitation_attempt.yaml b/rules/web/web_cve-2010-1494.yaml similarity index 100% rename from rules/web/web_cve-2010-1494_exploitation_attempt.yaml rename to rules/web/web_cve-2010-1494.yaml diff --git a/rules/web/web_cve-2010-1495_exploitation_attempt.yaml b/rules/web/web_cve-2010-1495.yaml similarity index 100% rename from rules/web/web_cve-2010-1495_exploitation_attempt.yaml rename to rules/web/web_cve-2010-1495.yaml diff --git a/rules/web/web_cve-2010-1532_exploitation_attempt.yaml b/rules/web/web_cve-2010-1532.yaml similarity index 100% rename from rules/web/web_cve-2010-1532_exploitation_attempt.yaml rename to rules/web/web_cve-2010-1532.yaml diff --git a/rules/web/web_cve-2010-1533_exploitation_attempt.yaml b/rules/web/web_cve-2010-1533.yaml similarity index 100% rename from rules/web/web_cve-2010-1533_exploitation_attempt.yaml rename to rules/web/web_cve-2010-1533.yaml diff --git a/rules/web/web_cve-2010-1534_exploitation_attempt.yaml b/rules/web/web_cve-2010-1534.yaml similarity index 100% rename from rules/web/web_cve-2010-1534_exploitation_attempt.yaml rename to rules/web/web_cve-2010-1534.yaml diff --git a/rules/web/web_cve-2010-1535_exploitation_attempt.yaml b/rules/web/web_cve-2010-1535.yaml similarity index 100% rename from rules/web/web_cve-2010-1535_exploitation_attempt.yaml rename to rules/web/web_cve-2010-1535.yaml diff --git a/rules/web/web_cve-2010-1601_exploitation_attempt.yaml b/rules/web/web_cve-2010-1601.yaml similarity index 100% rename from rules/web/web_cve-2010-1601_exploitation_attempt.yaml rename to rules/web/web_cve-2010-1601.yaml diff --git a/rules/web/web_cve-2010-1602_exploitation_attempt.yaml b/rules/web/web_cve-2010-1602.yaml similarity index 100% rename from rules/web/web_cve-2010-1602_exploitation_attempt.yaml rename to rules/web/web_cve-2010-1602.yaml diff --git a/rules/web/web_cve-2010-1607_exploitation_attempt.yaml b/rules/web/web_cve-2010-1607.yaml similarity index 100% rename from rules/web/web_cve-2010-1607_exploitation_attempt.yaml rename to rules/web/web_cve-2010-1607.yaml diff --git a/rules/web/web_cve-2010-1657_exploitation_attempt.yaml b/rules/web/web_cve-2010-1657.yaml similarity index 100% rename from rules/web/web_cve-2010-1657_exploitation_attempt.yaml rename to rules/web/web_cve-2010-1657.yaml diff --git a/rules/web/web_cve-2010-1659_exploitation_attempt.yaml b/rules/web/web_cve-2010-1659.yaml similarity index 100% rename from rules/web/web_cve-2010-1659_exploitation_attempt.yaml rename to rules/web/web_cve-2010-1659.yaml diff --git a/rules/web/web_cve-2010-1714_exploitation_attempt.yaml b/rules/web/web_cve-2010-1714.yaml similarity index 100% rename from rules/web/web_cve-2010-1714_exploitation_attempt.yaml rename to rules/web/web_cve-2010-1714.yaml diff --git a/rules/web/web_cve-2010-1717_exploitation_attempt.yaml b/rules/web/web_cve-2010-1717.yaml similarity index 100% rename from rules/web/web_cve-2010-1717_exploitation_attempt.yaml rename to rules/web/web_cve-2010-1717.yaml diff --git a/rules/web/web_cve-2010-1718_exploitation_attempt.yaml b/rules/web/web_cve-2010-1718.yaml similarity index 100% rename from rules/web/web_cve-2010-1718_exploitation_attempt.yaml rename to rules/web/web_cve-2010-1718.yaml diff --git a/rules/web/web_cve-2010-1719_exploitation_attempt.yaml b/rules/web/web_cve-2010-1719.yaml similarity index 100% rename from rules/web/web_cve-2010-1719_exploitation_attempt.yaml rename to rules/web/web_cve-2010-1719.yaml diff --git a/rules/web/web_cve-2010-1722_exploitation_attempt.yaml b/rules/web/web_cve-2010-1722.yaml similarity index 100% rename from rules/web/web_cve-2010-1722_exploitation_attempt.yaml rename to rules/web/web_cve-2010-1722.yaml diff --git a/rules/web/web_cve-2010-1875_exploitation_attempt.yaml b/rules/web/web_cve-2010-1875.yaml similarity index 100% rename from rules/web/web_cve-2010-1875_exploitation_attempt.yaml rename to rules/web/web_cve-2010-1875.yaml diff --git a/rules/web/web_cve-2010-1953_exploitation_attempt.yaml b/rules/web/web_cve-2010-1953.yaml similarity index 100% rename from rules/web/web_cve-2010-1953_exploitation_attempt.yaml rename to rules/web/web_cve-2010-1953.yaml diff --git a/rules/web/web_cve-2010-1954_exploitation_attempt.yaml b/rules/web/web_cve-2010-1954.yaml similarity index 100% rename from rules/web/web_cve-2010-1954_exploitation_attempt.yaml rename to rules/web/web_cve-2010-1954.yaml diff --git a/rules/web/web_cve-2010-1955_exploitation_attempt.yaml b/rules/web/web_cve-2010-1955.yaml similarity index 100% rename from rules/web/web_cve-2010-1955_exploitation_attempt.yaml rename to rules/web/web_cve-2010-1955.yaml diff --git a/rules/web/web_cve-2010-1956_exploitation_attempt.yaml b/rules/web/web_cve-2010-1956.yaml similarity index 100% rename from rules/web/web_cve-2010-1956_exploitation_attempt.yaml rename to rules/web/web_cve-2010-1956.yaml diff --git a/rules/web/web_cve-2010-1979_exploitation_attempt.yaml b/rules/web/web_cve-2010-1979.yaml similarity index 100% rename from rules/web/web_cve-2010-1979_exploitation_attempt.yaml rename to rules/web/web_cve-2010-1979.yaml diff --git a/rules/web/web_cve-2010-1980_exploitation_attempt.yaml b/rules/web/web_cve-2010-1980.yaml similarity index 100% rename from rules/web/web_cve-2010-1980_exploitation_attempt.yaml rename to rules/web/web_cve-2010-1980.yaml diff --git a/rules/web/web_cve-2010-1981_exploitation_attempt.yaml b/rules/web/web_cve-2010-1981.yaml similarity index 100% rename from rules/web/web_cve-2010-1981_exploitation_attempt.yaml rename to rules/web/web_cve-2010-1981.yaml diff --git a/rules/web/web_cve-2010-1983_exploitation_attempt.yaml b/rules/web/web_cve-2010-1983.yaml similarity index 100% rename from rules/web/web_cve-2010-1983_exploitation_attempt.yaml rename to rules/web/web_cve-2010-1983.yaml diff --git a/rules/web/web_cve-2010-2033_exploitation_attempt.yaml b/rules/web/web_cve-2010-2033.yaml similarity index 100% rename from rules/web/web_cve-2010-2033_exploitation_attempt.yaml rename to rules/web/web_cve-2010-2033.yaml diff --git a/rules/web/web_cve-2010-2034_exploitation_attempt.yaml b/rules/web/web_cve-2010-2034.yaml similarity index 100% rename from rules/web/web_cve-2010-2034_exploitation_attempt.yaml rename to rules/web/web_cve-2010-2034.yaml diff --git a/rules/web/web_cve-2010-2035_exploitation_attempt.yaml b/rules/web/web_cve-2010-2035.yaml similarity index 100% rename from rules/web/web_cve-2010-2035_exploitation_attempt.yaml rename to rules/web/web_cve-2010-2035.yaml diff --git a/rules/web/web_cve-2010-2036_exploitation_attempt.yaml b/rules/web/web_cve-2010-2036.yaml similarity index 100% rename from rules/web/web_cve-2010-2036_exploitation_attempt.yaml rename to rules/web/web_cve-2010-2036.yaml diff --git a/rules/web/web_cve-2010-2122_exploitation_attempt.yaml b/rules/web/web_cve-2010-2122.yaml similarity index 100% rename from rules/web/web_cve-2010-2122_exploitation_attempt.yaml rename to rules/web/web_cve-2010-2122.yaml diff --git a/rules/web/web_cve-2010-2259_exploitation_attempt.yaml b/rules/web/web_cve-2010-2259.yaml similarity index 100% rename from rules/web/web_cve-2010-2259_exploitation_attempt.yaml rename to rules/web/web_cve-2010-2259.yaml diff --git a/rules/web/web_cve-2010-2307_exploitation_attempt.yaml b/rules/web/web_cve-2010-2307.yaml similarity index 100% rename from rules/web/web_cve-2010-2307_exploitation_attempt.yaml rename to rules/web/web_cve-2010-2307.yaml diff --git a/rules/web/web_cve-2010-2682_exploitation_attempt.yaml b/rules/web/web_cve-2010-2682.yaml similarity index 100% rename from rules/web/web_cve-2010-2682_exploitation_attempt.yaml rename to rules/web/web_cve-2010-2682.yaml diff --git a/rules/web/web_cve-2010-2861_exploitation_attempt.yaml b/rules/web/web_cve-2010-2861.yaml similarity index 100% rename from rules/web/web_cve-2010-2861_exploitation_attempt.yaml rename to rules/web/web_cve-2010-2861.yaml diff --git a/rules/web/web_cve-2010-2920_exploitation_attempt.yaml b/rules/web/web_cve-2010-2920.yaml similarity index 100% rename from rules/web/web_cve-2010-2920_exploitation_attempt.yaml rename to rules/web/web_cve-2010-2920.yaml diff --git a/rules/web/web_cve-2010-3426_exploitation_attempt.yaml b/rules/web/web_cve-2010-3426.yaml similarity index 100% rename from rules/web/web_cve-2010-3426_exploitation_attempt.yaml rename to rules/web/web_cve-2010-3426.yaml diff --git a/rules/web/web_cve-2010-4231_exploitation_attempt.yaml b/rules/web/web_cve-2010-4231.yaml similarity index 100% rename from rules/web/web_cve-2010-4231_exploitation_attempt.yaml rename to rules/web/web_cve-2010-4231.yaml diff --git a/rules/web/web_cve-2010-4617_exploitation_attempt.yaml b/rules/web/web_cve-2010-4617.yaml similarity index 100% rename from rules/web/web_cve-2010-4617_exploitation_attempt.yaml rename to rules/web/web_cve-2010-4617.yaml diff --git a/rules/web/web_cve-2010-5278_exploitation_attempt.yaml b/rules/web/web_cve-2010-5278.yaml similarity index 100% rename from rules/web/web_cve-2010-5278_exploitation_attempt.yaml rename to rules/web/web_cve-2010-5278.yaml From 5d654c45187baefe4d0cb5f70400b6c2835dac76 Mon Sep 17 00:00:00 2001 From: pbssubhash Date: Sun, 12 Sep 2021 18:36:20 +0530 Subject: [PATCH 13/17] Changing title to camelcase --- ...-0943.yaml => web_cve-2010-0943_exploitation_attempt.yaml} | 4 ++-- ...-0944.yaml => web_cve-2010-0944_exploitation_attempt.yaml} | 4 ++-- ...-0985.yaml => web_cve-2010-0985_exploitation_attempt.yaml} | 4 ++-- ...-1219.yaml => web_cve-2010-1219_exploitation_attempt.yaml} | 4 ++-- ...-1304.yaml => web_cve-2010-1304_exploitation_attempt.yaml} | 4 ++-- ...-1305.yaml => web_cve-2010-1305_exploitation_attempt.yaml} | 4 ++-- ...-1306.yaml => web_cve-2010-1306_exploitation_attempt.yaml} | 4 ++-- ...-1307.yaml => web_cve-2010-1307_exploitation_attempt.yaml} | 4 ++-- ...-1308.yaml => web_cve-2010-1308_exploitation_attempt.yaml} | 4 ++-- ...-1312.yaml => web_cve-2010-1312_exploitation_attempt.yaml} | 4 ++-- ...-1313.yaml => web_cve-2010-1313_exploitation_attempt.yaml} | 4 ++-- ...-1314.yaml => web_cve-2010-1314_exploitation_attempt.yaml} | 4 ++-- ...-1345.yaml => web_cve-2010-1345_exploitation_attempt.yaml} | 4 ++-- ...-1353.yaml => web_cve-2010-1353_exploitation_attempt.yaml} | 4 ++-- ...-1354.yaml => web_cve-2010-1354_exploitation_attempt.yaml} | 4 ++-- ...-1470.yaml => web_cve-2010-1470_exploitation_attempt.yaml} | 4 ++-- ...-1471.yaml => web_cve-2010-1471_exploitation_attempt.yaml} | 4 ++-- ...-1472.yaml => web_cve-2010-1472_exploitation_attempt.yaml} | 4 ++-- ...-1473.yaml => web_cve-2010-1473_exploitation_attempt.yaml} | 4 ++-- ...-1474.yaml => web_cve-2010-1474_exploitation_attempt.yaml} | 4 ++-- ...-1475.yaml => web_cve-2010-1475_exploitation_attempt.yaml} | 4 ++-- ...-1476.yaml => web_cve-2010-1476_exploitation_attempt.yaml} | 4 ++-- ...-1494.yaml => web_cve-2010-1494_exploitation_attempt.yaml} | 4 ++-- ...-1495.yaml => web_cve-2010-1495_exploitation_attempt.yaml} | 4 ++-- ...-1532.yaml => web_cve-2010-1532_exploitation_attempt.yaml} | 4 ++-- ...-1533.yaml => web_cve-2010-1533_exploitation_attempt.yaml} | 4 ++-- ...-1534.yaml => web_cve-2010-1534_exploitation_attempt.yaml} | 4 ++-- ...-1535.yaml => web_cve-2010-1535_exploitation_attempt.yaml} | 4 ++-- ...-1601.yaml => web_cve-2010-1601_exploitation_attempt.yaml} | 4 ++-- ...-1602.yaml => web_cve-2010-1602_exploitation_attempt.yaml} | 4 ++-- ...-1607.yaml => web_cve-2010-1607_exploitation_attempt.yaml} | 4 ++-- ...-1657.yaml => web_cve-2010-1657_exploitation_attempt.yaml} | 4 ++-- ...-1659.yaml => web_cve-2010-1659_exploitation_attempt.yaml} | 4 ++-- ...-1714.yaml => web_cve-2010-1714_exploitation_attempt.yaml} | 4 ++-- ...-1717.yaml => web_cve-2010-1717_exploitation_attempt.yaml} | 4 ++-- ...-1718.yaml => web_cve-2010-1718_exploitation_attempt.yaml} | 4 ++-- ...-1719.yaml => web_cve-2010-1719_exploitation_attempt.yaml} | 4 ++-- ...-1722.yaml => web_cve-2010-1722_exploitation_attempt.yaml} | 4 ++-- ...-1875.yaml => web_cve-2010-1875_exploitation_attempt.yaml} | 4 ++-- ...-1953.yaml => web_cve-2010-1953_exploitation_attempt.yaml} | 4 ++-- ...-1954.yaml => web_cve-2010-1954_exploitation_attempt.yaml} | 4 ++-- ...-1955.yaml => web_cve-2010-1955_exploitation_attempt.yaml} | 4 ++-- ...-1956.yaml => web_cve-2010-1956_exploitation_attempt.yaml} | 4 ++-- ...-1979.yaml => web_cve-2010-1979_exploitation_attempt.yaml} | 4 ++-- ...-1980.yaml => web_cve-2010-1980_exploitation_attempt.yaml} | 4 ++-- ...-1981.yaml => web_cve-2010-1981_exploitation_attempt.yaml} | 4 ++-- ...-1983.yaml => web_cve-2010-1983_exploitation_attempt.yaml} | 4 ++-- ...-2033.yaml => web_cve-2010-2033_exploitation_attempt.yaml} | 4 ++-- ...-2034.yaml => web_cve-2010-2034_exploitation_attempt.yaml} | 4 ++-- ...-2035.yaml => web_cve-2010-2035_exploitation_attempt.yaml} | 4 ++-- ...-2036.yaml => web_cve-2010-2036_exploitation_attempt.yaml} | 4 ++-- ...-2122.yaml => web_cve-2010-2122_exploitation_attempt.yaml} | 4 ++-- ...-2259.yaml => web_cve-2010-2259_exploitation_attempt.yaml} | 4 ++-- ...-2307.yaml => web_cve-2010-2307_exploitation_attempt.yaml} | 4 ++-- ...-2682.yaml => web_cve-2010-2682_exploitation_attempt.yaml} | 4 ++-- ...-2861.yaml => web_cve-2010-2861_exploitation_attempt.yaml} | 4 ++-- ...-2920.yaml => web_cve-2010-2920_exploitation_attempt.yaml} | 4 ++-- ...-3426.yaml => web_cve-2010-3426_exploitation_attempt.yaml} | 4 ++-- ...-4231.yaml => web_cve-2010-4231_exploitation_attempt.yaml} | 4 ++-- ...-4617.yaml => web_cve-2010-4617_exploitation_attempt.yaml} | 4 ++-- ...-5278.yaml => web_cve-2010-5278_exploitation_attempt.yaml} | 4 ++-- 61 files changed, 122 insertions(+), 122 deletions(-) rename rules/web/{web_cve-2010-0943.yaml => web_cve-2010-0943_exploitation_attempt.yaml} (90%) rename rules/web/{web_cve-2010-0944.yaml => web_cve-2010-0944_exploitation_attempt.yaml} (89%) rename rules/web/{web_cve-2010-0985.yaml => web_cve-2010-0985_exploitation_attempt.yaml} (90%) rename rules/web/{web_cve-2010-1219.yaml => web_cve-2010-1219_exploitation_attempt.yaml} (89%) rename rules/web/{web_cve-2010-1304.yaml => web_cve-2010-1304_exploitation_attempt.yaml} (90%) rename rules/web/{web_cve-2010-1305.yaml => web_cve-2010-1305_exploitation_attempt.yaml} (90%) rename rules/web/{web_cve-2010-1306.yaml => web_cve-2010-1306_exploitation_attempt.yaml} (89%) rename rules/web/{web_cve-2010-1307.yaml => web_cve-2010-1307_exploitation_attempt.yaml} (89%) rename rules/web/{web_cve-2010-1308.yaml => web_cve-2010-1308_exploitation_attempt.yaml} (89%) rename rules/web/{web_cve-2010-1312.yaml => web_cve-2010-1312_exploitation_attempt.yaml} (90%) rename rules/web/{web_cve-2010-1313.yaml => web_cve-2010-1313_exploitation_attempt.yaml} (90%) rename rules/web/{web_cve-2010-1314.yaml => web_cve-2010-1314_exploitation_attempt.yaml} (89%) rename rules/web/{web_cve-2010-1345.yaml => web_cve-2010-1345_exploitation_attempt.yaml} (90%) rename rules/web/{web_cve-2010-1353.yaml => web_cve-2010-1353_exploitation_attempt.yaml} (89%) rename rules/web/{web_cve-2010-1354.yaml => web_cve-2010-1354_exploitation_attempt.yaml} (89%) rename rules/web/{web_cve-2010-1470.yaml => web_cve-2010-1470_exploitation_attempt.yaml} (90%) rename rules/web/{web_cve-2010-1471.yaml => web_cve-2010-1471_exploitation_attempt.yaml} (90%) rename rules/web/{web_cve-2010-1472.yaml => web_cve-2010-1472_exploitation_attempt.yaml} (89%) rename rules/web/{web_cve-2010-1473.yaml => web_cve-2010-1473_exploitation_attempt.yaml} (90%) rename rules/web/{web_cve-2010-1474.yaml => web_cve-2010-1474_exploitation_attempt.yaml} (90%) rename rules/web/{web_cve-2010-1475.yaml => web_cve-2010-1475_exploitation_attempt.yaml} (90%) rename rules/web/{web_cve-2010-1476.yaml => web_cve-2010-1476_exploitation_attempt.yaml} (90%) rename rules/web/{web_cve-2010-1494.yaml => web_cve-2010-1494_exploitation_attempt.yaml} (89%) rename rules/web/{web_cve-2010-1495.yaml => web_cve-2010-1495_exploitation_attempt.yaml} (89%) rename rules/web/{web_cve-2010-1532.yaml => web_cve-2010-1532_exploitation_attempt.yaml} (90%) rename rules/web/{web_cve-2010-1533.yaml => web_cve-2010-1533_exploitation_attempt.yaml} (89%) rename rules/web/{web_cve-2010-1534.yaml => web_cve-2010-1534_exploitation_attempt.yaml} (89%) rename rules/web/{web_cve-2010-1535.yaml => web_cve-2010-1535_exploitation_attempt.yaml} (90%) rename rules/web/{web_cve-2010-1601.yaml => web_cve-2010-1601_exploitation_attempt.yaml} (89%) rename rules/web/{web_cve-2010-1602.yaml => web_cve-2010-1602_exploitation_attempt.yaml} (90%) rename rules/web/{web_cve-2010-1607.yaml => web_cve-2010-1607_exploitation_attempt.yaml} (90%) rename rules/web/{web_cve-2010-1657.yaml => web_cve-2010-1657_exploitation_attempt.yaml} (89%) rename rules/web/{web_cve-2010-1659.yaml => web_cve-2010-1659_exploitation_attempt.yaml} (90%) rename rules/web/{web_cve-2010-1714.yaml => web_cve-2010-1714_exploitation_attempt.yaml} (89%) rename rules/web/{web_cve-2010-1717.yaml => web_cve-2010-1717_exploitation_attempt.yaml} (90%) rename rules/web/{web_cve-2010-1718.yaml => web_cve-2010-1718_exploitation_attempt.yaml} (90%) rename rules/web/{web_cve-2010-1719.yaml => web_cve-2010-1719_exploitation_attempt.yaml} (90%) rename rules/web/{web_cve-2010-1722.yaml => web_cve-2010-1722_exploitation_attempt.yaml} (90%) rename rules/web/{web_cve-2010-1875.yaml => web_cve-2010-1875_exploitation_attempt.yaml} (90%) rename rules/web/{web_cve-2010-1953.yaml => web_cve-2010-1953_exploitation_attempt.yaml} (90%) rename rules/web/{web_cve-2010-1954.yaml => web_cve-2010-1954_exploitation_attempt.yaml} (90%) rename rules/web/{web_cve-2010-1955.yaml => web_cve-2010-1955_exploitation_attempt.yaml} (90%) rename rules/web/{web_cve-2010-1956.yaml => web_cve-2010-1956_exploitation_attempt.yaml} (90%) rename rules/web/{web_cve-2010-1979.yaml => web_cve-2010-1979_exploitation_attempt.yaml} (90%) rename rules/web/{web_cve-2010-1980.yaml => web_cve-2010-1980_exploitation_attempt.yaml} (90%) rename rules/web/{web_cve-2010-1981.yaml => web_cve-2010-1981_exploitation_attempt.yaml} (89%) rename rules/web/{web_cve-2010-1983.yaml => web_cve-2010-1983_exploitation_attempt.yaml} (90%) rename rules/web/{web_cve-2010-2033.yaml => web_cve-2010-2033_exploitation_attempt.yaml} (90%) rename rules/web/{web_cve-2010-2034.yaml => web_cve-2010-2034_exploitation_attempt.yaml} (90%) rename rules/web/{web_cve-2010-2035.yaml => web_cve-2010-2035_exploitation_attempt.yaml} (90%) rename rules/web/{web_cve-2010-2036.yaml => web_cve-2010-2036_exploitation_attempt.yaml} (90%) rename rules/web/{web_cve-2010-2122.yaml => web_cve-2010-2122_exploitation_attempt.yaml} (90%) rename rules/web/{web_cve-2010-2259.yaml => web_cve-2010-2259_exploitation_attempt.yaml} (90%) rename rules/web/{web_cve-2010-2307.yaml => web_cve-2010-2307_exploitation_attempt.yaml} (90%) rename rules/web/{web_cve-2010-2682.yaml => web_cve-2010-2682_exploitation_attempt.yaml} (90%) rename rules/web/{web_cve-2010-2861.yaml => web_cve-2010-2861_exploitation_attempt.yaml} (91%) rename rules/web/{web_cve-2010-2920.yaml => web_cve-2010-2920_exploitation_attempt.yaml} (90%) rename rules/web/{web_cve-2010-3426.yaml => web_cve-2010-3426_exploitation_attempt.yaml} (90%) rename rules/web/{web_cve-2010-4231.yaml => web_cve-2010-4231_exploitation_attempt.yaml} (89%) rename rules/web/{web_cve-2010-4617.yaml => web_cve-2010-4617_exploitation_attempt.yaml} (90%) rename rules/web/{web_cve-2010-5278.yaml => web_cve-2010-5278_exploitation_attempt.yaml} (90%) diff --git a/rules/web/web_cve-2010-0943.yaml b/rules/web/web_cve-2010-0943_exploitation_attempt.yaml similarity index 90% rename from rules/web/web_cve-2010-0943.yaml rename to rules/web/web_cve-2010-0943_exploitation_attempt.yaml index 52d23982f..e36f9ca07 100644 --- a/rules/web/web_cve-2010-0943.yaml +++ b/rules/web/web_cve-2010-0943_exploitation_attempt.yaml @@ -1,5 +1,5 @@ -title: CVE-2010-0943 exploitation attempt -id: 7341b3ab-aed8-470b-b3b3-baee54357b21 +title: CVE-2010-0943 Exploitation Attempt +id: 3b8a0723-2e41-43ef-b56a-0ebf5859871c author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental diff --git a/rules/web/web_cve-2010-0944.yaml b/rules/web/web_cve-2010-0944_exploitation_attempt.yaml similarity index 89% rename from rules/web/web_cve-2010-0944.yaml rename to rules/web/web_cve-2010-0944_exploitation_attempt.yaml index 3bcd121b8..caf28629c 100644 --- a/rules/web/web_cve-2010-0944.yaml +++ b/rules/web/web_cve-2010-0944_exploitation_attempt.yaml @@ -1,5 +1,5 @@ -title: CVE-2010-0944 exploitation attempt -id: 99eb6dd1-7eef-4210-862c-a4289b0eb3c1 +title: CVE-2010-0944 Exploitation Attempt +id: 9a6621c8-26ce-4fa1-a081-5092a31df9f1 author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental diff --git a/rules/web/web_cve-2010-0985.yaml b/rules/web/web_cve-2010-0985_exploitation_attempt.yaml similarity index 90% rename from rules/web/web_cve-2010-0985.yaml rename to rules/web/web_cve-2010-0985_exploitation_attempt.yaml index 13e1971a3..41d2adcfd 100644 --- a/rules/web/web_cve-2010-0985.yaml +++ b/rules/web/web_cve-2010-0985_exploitation_attempt.yaml @@ -1,5 +1,5 @@ -title: CVE-2010-0985 exploitation attempt -id: 299f62c1-9e8a-43cc-b018-98d469f5654b +title: CVE-2010-0985 Exploitation Attempt +id: 65eb9e0e-d8ea-4dbb-bdb1-8a7bfe726218 author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental diff --git a/rules/web/web_cve-2010-1219.yaml b/rules/web/web_cve-2010-1219_exploitation_attempt.yaml similarity index 89% rename from rules/web/web_cve-2010-1219.yaml rename to rules/web/web_cve-2010-1219_exploitation_attempt.yaml index 741d57a3d..704705336 100644 --- a/rules/web/web_cve-2010-1219.yaml +++ b/rules/web/web_cve-2010-1219_exploitation_attempt.yaml @@ -1,5 +1,5 @@ -title: CVE-2010-1219 exploitation attempt -id: c72b9df0-2e24-4c59-a18d-2ce9f309011c +title: CVE-2010-1219 Exploitation Attempt +id: 5c13b413-1c5d-471e-b5d0-502d67c2cfff author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental diff --git a/rules/web/web_cve-2010-1304.yaml b/rules/web/web_cve-2010-1304_exploitation_attempt.yaml similarity index 90% rename from rules/web/web_cve-2010-1304.yaml rename to rules/web/web_cve-2010-1304_exploitation_attempt.yaml index 62c8e7681..e90d45b9c 100644 --- a/rules/web/web_cve-2010-1304.yaml +++ b/rules/web/web_cve-2010-1304_exploitation_attempt.yaml @@ -1,5 +1,5 @@ -title: CVE-2010-1304 exploitation attempt -id: d43a3260-6661-4963-ae51-1516b410eab4 +title: CVE-2010-1304 Exploitation Attempt +id: b9f646f1-1e8d-4213-a122-e8cfb2526f7e author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental diff --git a/rules/web/web_cve-2010-1305.yaml b/rules/web/web_cve-2010-1305_exploitation_attempt.yaml similarity index 90% rename from rules/web/web_cve-2010-1305.yaml rename to rules/web/web_cve-2010-1305_exploitation_attempt.yaml index ac18cb0a4..e1fd20026 100644 --- a/rules/web/web_cve-2010-1305.yaml +++ b/rules/web/web_cve-2010-1305_exploitation_attempt.yaml @@ -1,5 +1,5 @@ -title: CVE-2010-1305 exploitation attempt -id: 4ad4e3e9-c2ec-4f11-ae69-686317089de1 +title: CVE-2010-1305 Exploitation Attempt +id: b80d67c0-e544-463e-8db0-cfa6fd1062c7 author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental diff --git a/rules/web/web_cve-2010-1306.yaml b/rules/web/web_cve-2010-1306_exploitation_attempt.yaml similarity index 89% rename from rules/web/web_cve-2010-1306.yaml rename to rules/web/web_cve-2010-1306_exploitation_attempt.yaml index 8efdc7f93..b3c45a34e 100644 --- a/rules/web/web_cve-2010-1306.yaml +++ b/rules/web/web_cve-2010-1306_exploitation_attempt.yaml @@ -1,5 +1,5 @@ -title: CVE-2010-1306 exploitation attempt -id: 6eef2e17-dda2-4c9d-8e1f-9f28d02cbb68 +title: CVE-2010-1306 Exploitation Attempt +id: 18655982-0c25-41ca-99a9-66c081e5c28e author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental diff --git a/rules/web/web_cve-2010-1307.yaml b/rules/web/web_cve-2010-1307_exploitation_attempt.yaml similarity index 89% rename from rules/web/web_cve-2010-1307.yaml rename to rules/web/web_cve-2010-1307_exploitation_attempt.yaml index 15558f07e..a0c1b0936 100644 --- a/rules/web/web_cve-2010-1307.yaml +++ b/rules/web/web_cve-2010-1307_exploitation_attempt.yaml @@ -1,5 +1,5 @@ -title: CVE-2010-1307 exploitation attempt -id: 57eb5063-d907-440a-8194-6a304a2c33dc +title: CVE-2010-1307 Exploitation Attempt +id: 1f6127b7-58d0-428e-afd6-3daa7093f500 author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental diff --git a/rules/web/web_cve-2010-1308.yaml b/rules/web/web_cve-2010-1308_exploitation_attempt.yaml similarity index 89% rename from rules/web/web_cve-2010-1308.yaml rename to rules/web/web_cve-2010-1308_exploitation_attempt.yaml index bf0e78b57..5e7dfeb6e 100644 --- a/rules/web/web_cve-2010-1308.yaml +++ b/rules/web/web_cve-2010-1308_exploitation_attempt.yaml @@ -1,5 +1,5 @@ -title: CVE-2010-1308 exploitation attempt -id: 2ab1d26f-292d-48ef-b821-30000ca2d796 +title: CVE-2010-1308 Exploitation Attempt +id: e7fa765b-d565-42e4-b03e-44a52a25c00a author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental diff --git a/rules/web/web_cve-2010-1312.yaml b/rules/web/web_cve-2010-1312_exploitation_attempt.yaml similarity index 90% rename from rules/web/web_cve-2010-1312.yaml rename to rules/web/web_cve-2010-1312_exploitation_attempt.yaml index 8dff65893..4d863fd34 100644 --- a/rules/web/web_cve-2010-1312.yaml +++ b/rules/web/web_cve-2010-1312_exploitation_attempt.yaml @@ -1,5 +1,5 @@ -title: CVE-2010-1312 exploitation attempt -id: 72d483b1-ef4e-4da4-a56b-d388d5fc55e4 +title: CVE-2010-1312 Exploitation Attempt +id: ffb67143-f136-490b-a593-abc36e0a2f44 author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental diff --git a/rules/web/web_cve-2010-1313.yaml b/rules/web/web_cve-2010-1313_exploitation_attempt.yaml similarity index 90% rename from rules/web/web_cve-2010-1313.yaml rename to rules/web/web_cve-2010-1313_exploitation_attempt.yaml index 6722ac485..d132790fd 100644 --- a/rules/web/web_cve-2010-1313.yaml +++ b/rules/web/web_cve-2010-1313_exploitation_attempt.yaml @@ -1,5 +1,5 @@ -title: CVE-2010-1313 exploitation attempt -id: a9cfe674-5625-47c0-aa7b-ed19fb5aebc1 +title: CVE-2010-1313 Exploitation Attempt +id: 73c88bfc-5e2a-4fac-b2b2-01b29b565d09 author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental diff --git a/rules/web/web_cve-2010-1314.yaml b/rules/web/web_cve-2010-1314_exploitation_attempt.yaml similarity index 89% rename from rules/web/web_cve-2010-1314.yaml rename to rules/web/web_cve-2010-1314_exploitation_attempt.yaml index 37a26d24b..57b4b9479 100644 --- a/rules/web/web_cve-2010-1314.yaml +++ b/rules/web/web_cve-2010-1314_exploitation_attempt.yaml @@ -1,5 +1,5 @@ -title: CVE-2010-1314 exploitation attempt -id: c54f2a94-b8eb-4b33-a430-f219b97a85e1 +title: CVE-2010-1314 Exploitation Attempt +id: bab4e9de-2dab-4471-914b-319ddf29735f author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental diff --git a/rules/web/web_cve-2010-1345.yaml b/rules/web/web_cve-2010-1345_exploitation_attempt.yaml similarity index 90% rename from rules/web/web_cve-2010-1345.yaml rename to rules/web/web_cve-2010-1345_exploitation_attempt.yaml index b26bd3bb1..1a75fecb0 100644 --- a/rules/web/web_cve-2010-1345.yaml +++ b/rules/web/web_cve-2010-1345_exploitation_attempt.yaml @@ -1,5 +1,5 @@ -title: CVE-2010-1345 exploitation attempt -id: a14d080c-2aa0-4d7b-bffd-06f0e325bd0c +title: CVE-2010-1345 Exploitation Attempt +id: 8e52016c-f42b-4d53-9812-5079fa88bb9a author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental diff --git a/rules/web/web_cve-2010-1353.yaml b/rules/web/web_cve-2010-1353_exploitation_attempt.yaml similarity index 89% rename from rules/web/web_cve-2010-1353.yaml rename to rules/web/web_cve-2010-1353_exploitation_attempt.yaml index 35fc5a281..978f2bd29 100644 --- a/rules/web/web_cve-2010-1353.yaml +++ b/rules/web/web_cve-2010-1353_exploitation_attempt.yaml @@ -1,5 +1,5 @@ -title: CVE-2010-1353 exploitation attempt -id: 9506788c-d0d6-4671-92b5-61a07cd5a056 +title: CVE-2010-1353 Exploitation Attempt +id: 58e30700-499a-4d21-9c7b-8727e5f8b6e7 author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental diff --git a/rules/web/web_cve-2010-1354.yaml b/rules/web/web_cve-2010-1354_exploitation_attempt.yaml similarity index 89% rename from rules/web/web_cve-2010-1354.yaml rename to rules/web/web_cve-2010-1354_exploitation_attempt.yaml index c60446151..86e14aa81 100644 --- a/rules/web/web_cve-2010-1354.yaml +++ b/rules/web/web_cve-2010-1354_exploitation_attempt.yaml @@ -1,5 +1,5 @@ -title: CVE-2010-1354 exploitation attempt -id: bf6bdfcf-7229-4812-8188-9c778d97ed63 +title: CVE-2010-1354 Exploitation Attempt +id: 9d0cfe31-7ead-4c4c-8b33-b77c2a42ca24 author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental diff --git a/rules/web/web_cve-2010-1470.yaml b/rules/web/web_cve-2010-1470_exploitation_attempt.yaml similarity index 90% rename from rules/web/web_cve-2010-1470.yaml rename to rules/web/web_cve-2010-1470_exploitation_attempt.yaml index 618ab28d0..a34806625 100644 --- a/rules/web/web_cve-2010-1470.yaml +++ b/rules/web/web_cve-2010-1470_exploitation_attempt.yaml @@ -1,5 +1,5 @@ -title: CVE-2010-1470 exploitation attempt -id: 2b631e08-2471-4b98-a385-f420ebf1f406 +title: CVE-2010-1470 Exploitation Attempt +id: 3dcb67ad-1b33-4721-8386-7cfccd0e3684 author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental diff --git a/rules/web/web_cve-2010-1471.yaml b/rules/web/web_cve-2010-1471_exploitation_attempt.yaml similarity index 90% rename from rules/web/web_cve-2010-1471.yaml rename to rules/web/web_cve-2010-1471_exploitation_attempt.yaml index 6e0821970..8043e1a0a 100644 --- a/rules/web/web_cve-2010-1471.yaml +++ b/rules/web/web_cve-2010-1471_exploitation_attempt.yaml @@ -1,5 +1,5 @@ -title: CVE-2010-1471 exploitation attempt -id: cb214df9-5948-4967-ba0b-4a5ad197313e +title: CVE-2010-1471 Exploitation Attempt +id: ae585c7e-f75e-4b76-b7cd-a7c3eed7065f author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental diff --git a/rules/web/web_cve-2010-1472.yaml b/rules/web/web_cve-2010-1472_exploitation_attempt.yaml similarity index 89% rename from rules/web/web_cve-2010-1472.yaml rename to rules/web/web_cve-2010-1472_exploitation_attempt.yaml index cb94d57cf..b85aaaea2 100644 --- a/rules/web/web_cve-2010-1472.yaml +++ b/rules/web/web_cve-2010-1472_exploitation_attempt.yaml @@ -1,5 +1,5 @@ -title: CVE-2010-1472 exploitation attempt -id: 9878af5a-91d9-474f-b4ff-4874db061c90 +title: CVE-2010-1472 Exploitation Attempt +id: 7472bddd-70cf-409b-8cdd-30c134bcda60 author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental diff --git a/rules/web/web_cve-2010-1473.yaml b/rules/web/web_cve-2010-1473_exploitation_attempt.yaml similarity index 90% rename from rules/web/web_cve-2010-1473.yaml rename to rules/web/web_cve-2010-1473_exploitation_attempt.yaml index a7824e779..1c46d7605 100644 --- a/rules/web/web_cve-2010-1473.yaml +++ b/rules/web/web_cve-2010-1473_exploitation_attempt.yaml @@ -1,5 +1,5 @@ -title: CVE-2010-1473 exploitation attempt -id: 09fe8c14-2dd6-4c16-9610-54e9762acd81 +title: CVE-2010-1473 Exploitation Attempt +id: 2be15734-06fe-4383-8ee4-721d4f8b0a70 author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental diff --git a/rules/web/web_cve-2010-1474.yaml b/rules/web/web_cve-2010-1474_exploitation_attempt.yaml similarity index 90% rename from rules/web/web_cve-2010-1474.yaml rename to rules/web/web_cve-2010-1474_exploitation_attempt.yaml index 7d7dc15c3..83bf15da0 100644 --- a/rules/web/web_cve-2010-1474.yaml +++ b/rules/web/web_cve-2010-1474_exploitation_attempt.yaml @@ -1,5 +1,5 @@ -title: CVE-2010-1474 exploitation attempt -id: 7d738208-638c-4e01-a694-b507cae881a6 +title: CVE-2010-1474 Exploitation Attempt +id: b68d5d20-e6ca-425a-9681-93e924c2918b author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental diff --git a/rules/web/web_cve-2010-1475.yaml b/rules/web/web_cve-2010-1475_exploitation_attempt.yaml similarity index 90% rename from rules/web/web_cve-2010-1475.yaml rename to rules/web/web_cve-2010-1475_exploitation_attempt.yaml index 4f733e47e..9806d6331 100644 --- a/rules/web/web_cve-2010-1475.yaml +++ b/rules/web/web_cve-2010-1475_exploitation_attempt.yaml @@ -1,5 +1,5 @@ -title: CVE-2010-1475 exploitation attempt -id: c9db721a-f2c1-4e8a-8f6a-b31aa0e51374 +title: CVE-2010-1475 Exploitation Attempt +id: 11c50fbe-f54a-4c32-a0ae-9d3ab2b0f547 author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental diff --git a/rules/web/web_cve-2010-1476.yaml b/rules/web/web_cve-2010-1476_exploitation_attempt.yaml similarity index 90% rename from rules/web/web_cve-2010-1476.yaml rename to rules/web/web_cve-2010-1476_exploitation_attempt.yaml index 17650b596..fc7dcc00b 100644 --- a/rules/web/web_cve-2010-1476.yaml +++ b/rules/web/web_cve-2010-1476_exploitation_attempt.yaml @@ -1,5 +1,5 @@ -title: CVE-2010-1476 exploitation attempt -id: 65239f96-f508-4941-b537-7837471ddcad +title: CVE-2010-1476 Exploitation Attempt +id: cc5df87f-99ed-486a-8805-d8b97c5bd5bb author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental diff --git a/rules/web/web_cve-2010-1494.yaml b/rules/web/web_cve-2010-1494_exploitation_attempt.yaml similarity index 89% rename from rules/web/web_cve-2010-1494.yaml rename to rules/web/web_cve-2010-1494_exploitation_attempt.yaml index bc6b75445..e492dff63 100644 --- a/rules/web/web_cve-2010-1494.yaml +++ b/rules/web/web_cve-2010-1494_exploitation_attempt.yaml @@ -1,5 +1,5 @@ -title: CVE-2010-1494 exploitation attempt -id: 2ab0992e-1f93-499b-b1e6-580b651c151e +title: CVE-2010-1494 Exploitation Attempt +id: 82fc453a-8032-444e-9801-e6ad7b3e3a9c author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental diff --git a/rules/web/web_cve-2010-1495.yaml b/rules/web/web_cve-2010-1495_exploitation_attempt.yaml similarity index 89% rename from rules/web/web_cve-2010-1495.yaml rename to rules/web/web_cve-2010-1495_exploitation_attempt.yaml index 820bb00c5..8b5b8588c 100644 --- a/rules/web/web_cve-2010-1495.yaml +++ b/rules/web/web_cve-2010-1495_exploitation_attempt.yaml @@ -1,5 +1,5 @@ -title: CVE-2010-1495 exploitation attempt -id: 16173107-1da6-4bb0-884c-0113ca1bd22c +title: CVE-2010-1495 Exploitation Attempt +id: eede38ab-67a5-47cd-a0e4-65e82824378d author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental diff --git a/rules/web/web_cve-2010-1532.yaml b/rules/web/web_cve-2010-1532_exploitation_attempt.yaml similarity index 90% rename from rules/web/web_cve-2010-1532.yaml rename to rules/web/web_cve-2010-1532_exploitation_attempt.yaml index 3b477e4e0..bd2e252a0 100644 --- a/rules/web/web_cve-2010-1532.yaml +++ b/rules/web/web_cve-2010-1532_exploitation_attempt.yaml @@ -1,5 +1,5 @@ -title: CVE-2010-1532 exploitation attempt -id: b0caca18-cbcd-4e57-8d26-5aa5ab1dae90 +title: CVE-2010-1532 Exploitation Attempt +id: 7185db2e-b76b-4a9f-b157-51a7f799de43 author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental diff --git a/rules/web/web_cve-2010-1533.yaml b/rules/web/web_cve-2010-1533_exploitation_attempt.yaml similarity index 89% rename from rules/web/web_cve-2010-1533.yaml rename to rules/web/web_cve-2010-1533_exploitation_attempt.yaml index 989feccd1..1e779cd79 100644 --- a/rules/web/web_cve-2010-1533.yaml +++ b/rules/web/web_cve-2010-1533_exploitation_attempt.yaml @@ -1,5 +1,5 @@ -title: CVE-2010-1533 exploitation attempt -id: 900bac77-29fa-47d7-a2cc-a2b259e5aa34 +title: CVE-2010-1533 Exploitation Attempt +id: 4f6c4eef-bd44-4d25-8a4a-7f84a1748ec6 author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental diff --git a/rules/web/web_cve-2010-1534.yaml b/rules/web/web_cve-2010-1534_exploitation_attempt.yaml similarity index 89% rename from rules/web/web_cve-2010-1534.yaml rename to rules/web/web_cve-2010-1534_exploitation_attempt.yaml index 71b30ef2f..1649ce5f6 100644 --- a/rules/web/web_cve-2010-1534.yaml +++ b/rules/web/web_cve-2010-1534_exploitation_attempt.yaml @@ -1,5 +1,5 @@ -title: CVE-2010-1534 exploitation attempt -id: 8315e276-a65f-4617-a32b-668d19b0dcf2 +title: CVE-2010-1534 Exploitation Attempt +id: 25de4419-cce2-4b62-8204-8a4e38114c09 author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental diff --git a/rules/web/web_cve-2010-1535.yaml b/rules/web/web_cve-2010-1535_exploitation_attempt.yaml similarity index 90% rename from rules/web/web_cve-2010-1535.yaml rename to rules/web/web_cve-2010-1535_exploitation_attempt.yaml index 6c1045d03..ce87bdecc 100644 --- a/rules/web/web_cve-2010-1535.yaml +++ b/rules/web/web_cve-2010-1535_exploitation_attempt.yaml @@ -1,5 +1,5 @@ -title: CVE-2010-1535 exploitation attempt -id: c0e76601-93b3-4ccf-9d62-95c083ea375d +title: CVE-2010-1535 Exploitation Attempt +id: df8fe6a5-b4a6-4d8f-bd32-b6456544d0f8 author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental diff --git a/rules/web/web_cve-2010-1601.yaml b/rules/web/web_cve-2010-1601_exploitation_attempt.yaml similarity index 89% rename from rules/web/web_cve-2010-1601.yaml rename to rules/web/web_cve-2010-1601_exploitation_attempt.yaml index c414ea499..a715d0fa3 100644 --- a/rules/web/web_cve-2010-1601.yaml +++ b/rules/web/web_cve-2010-1601_exploitation_attempt.yaml @@ -1,5 +1,5 @@ -title: CVE-2010-1601 exploitation attempt -id: ceac625a-0a44-4cab-ba06-1d0d6cacfd89 +title: CVE-2010-1601 Exploitation Attempt +id: cfd25065-8f6b-4181-bda1-e3507b51b114 author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental diff --git a/rules/web/web_cve-2010-1602.yaml b/rules/web/web_cve-2010-1602_exploitation_attempt.yaml similarity index 90% rename from rules/web/web_cve-2010-1602.yaml rename to rules/web/web_cve-2010-1602_exploitation_attempt.yaml index 8bc9d320c..41d81aeca 100644 --- a/rules/web/web_cve-2010-1602.yaml +++ b/rules/web/web_cve-2010-1602_exploitation_attempt.yaml @@ -1,5 +1,5 @@ -title: CVE-2010-1602 exploitation attempt -id: 63b0013c-c10d-4f45-a0f5-b918514d6721 +title: CVE-2010-1602 Exploitation Attempt +id: 6a5cc49b-2487-4ec4-8c33-c7d7ba2a3196 author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental diff --git a/rules/web/web_cve-2010-1607.yaml b/rules/web/web_cve-2010-1607_exploitation_attempt.yaml similarity index 90% rename from rules/web/web_cve-2010-1607.yaml rename to rules/web/web_cve-2010-1607_exploitation_attempt.yaml index 88e7fa06d..f95b2209b 100644 --- a/rules/web/web_cve-2010-1607.yaml +++ b/rules/web/web_cve-2010-1607_exploitation_attempt.yaml @@ -1,5 +1,5 @@ -title: CVE-2010-1607 exploitation attempt -id: fc8d65e0-cbed-434d-b881-28aa0346d408 +title: CVE-2010-1607 Exploitation Attempt +id: 02ad707d-11d8-4654-93b7-668ee425618c author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental diff --git a/rules/web/web_cve-2010-1657.yaml b/rules/web/web_cve-2010-1657_exploitation_attempt.yaml similarity index 89% rename from rules/web/web_cve-2010-1657.yaml rename to rules/web/web_cve-2010-1657_exploitation_attempt.yaml index 2dd7914c6..ee93c1d6d 100644 --- a/rules/web/web_cve-2010-1657.yaml +++ b/rules/web/web_cve-2010-1657_exploitation_attempt.yaml @@ -1,5 +1,5 @@ -title: CVE-2010-1657 exploitation attempt -id: c32f0956-77ec-4875-8c3b-a84836f489a2 +title: CVE-2010-1657 Exploitation Attempt +id: adf6f8fb-fe7f-4dc2-af06-7f8885c5e9e9 author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental diff --git a/rules/web/web_cve-2010-1659.yaml b/rules/web/web_cve-2010-1659_exploitation_attempt.yaml similarity index 90% rename from rules/web/web_cve-2010-1659.yaml rename to rules/web/web_cve-2010-1659_exploitation_attempt.yaml index 89c97e046..dd7a2a06c 100644 --- a/rules/web/web_cve-2010-1659.yaml +++ b/rules/web/web_cve-2010-1659_exploitation_attempt.yaml @@ -1,5 +1,5 @@ -title: CVE-2010-1659 exploitation attempt -id: 10697a46-85ff-499d-8bc5-7b6219da594a +title: CVE-2010-1659 Exploitation Attempt +id: bad7c462-464c-4471-8b46-309f295c5f09 author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental diff --git a/rules/web/web_cve-2010-1714.yaml b/rules/web/web_cve-2010-1714_exploitation_attempt.yaml similarity index 89% rename from rules/web/web_cve-2010-1714.yaml rename to rules/web/web_cve-2010-1714_exploitation_attempt.yaml index dca273b26..6c99e6f86 100644 --- a/rules/web/web_cve-2010-1714.yaml +++ b/rules/web/web_cve-2010-1714_exploitation_attempt.yaml @@ -1,5 +1,5 @@ -title: CVE-2010-1714 exploitation attempt -id: c754acbf-a0ce-4df6-843e-fb1c55af5373 +title: CVE-2010-1714 Exploitation Attempt +id: 3d08c7e5-c55f-48e9-90d9-5abfd04e59f0 author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental diff --git a/rules/web/web_cve-2010-1717.yaml b/rules/web/web_cve-2010-1717_exploitation_attempt.yaml similarity index 90% rename from rules/web/web_cve-2010-1717.yaml rename to rules/web/web_cve-2010-1717_exploitation_attempt.yaml index 992d7d407..20749f733 100644 --- a/rules/web/web_cve-2010-1717.yaml +++ b/rules/web/web_cve-2010-1717_exploitation_attempt.yaml @@ -1,5 +1,5 @@ -title: CVE-2010-1717 exploitation attempt -id: 54c142a2-27af-4786-a191-12c76398e63f +title: CVE-2010-1717 Exploitation Attempt +id: d86b7f81-416b-41e1-81d8-d8b0ce291879 author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental diff --git a/rules/web/web_cve-2010-1718.yaml b/rules/web/web_cve-2010-1718_exploitation_attempt.yaml similarity index 90% rename from rules/web/web_cve-2010-1718.yaml rename to rules/web/web_cve-2010-1718_exploitation_attempt.yaml index b9306420b..c18702c46 100644 --- a/rules/web/web_cve-2010-1718.yaml +++ b/rules/web/web_cve-2010-1718_exploitation_attempt.yaml @@ -1,5 +1,5 @@ -title: CVE-2010-1718 exploitation attempt -id: 706f8907-5d0a-41db-b93f-f0ee343300b6 +title: CVE-2010-1718 Exploitation Attempt +id: be0a91f3-44af-423b-ac25-21cac3719194 author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental diff --git a/rules/web/web_cve-2010-1719.yaml b/rules/web/web_cve-2010-1719_exploitation_attempt.yaml similarity index 90% rename from rules/web/web_cve-2010-1719.yaml rename to rules/web/web_cve-2010-1719_exploitation_attempt.yaml index f11417c48..ad0528dee 100644 --- a/rules/web/web_cve-2010-1719.yaml +++ b/rules/web/web_cve-2010-1719_exploitation_attempt.yaml @@ -1,5 +1,5 @@ -title: CVE-2010-1719 exploitation attempt -id: e11eeb05-00e2-4d00-a572-222e6fe5e716 +title: CVE-2010-1719 Exploitation Attempt +id: 7e6667ad-773d-430f-803e-b0434e1a18b0 author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental diff --git a/rules/web/web_cve-2010-1722.yaml b/rules/web/web_cve-2010-1722_exploitation_attempt.yaml similarity index 90% rename from rules/web/web_cve-2010-1722.yaml rename to rules/web/web_cve-2010-1722_exploitation_attempt.yaml index 557f28d2e..915152b49 100644 --- a/rules/web/web_cve-2010-1722.yaml +++ b/rules/web/web_cve-2010-1722_exploitation_attempt.yaml @@ -1,5 +1,5 @@ -title: CVE-2010-1722 exploitation attempt -id: 850fafc1-3151-48b6-b25a-41c3543df57c +title: CVE-2010-1722 Exploitation Attempt +id: b6b08f77-dd85-43a1-aba7-2c5019de2cbb author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental diff --git a/rules/web/web_cve-2010-1875.yaml b/rules/web/web_cve-2010-1875_exploitation_attempt.yaml similarity index 90% rename from rules/web/web_cve-2010-1875.yaml rename to rules/web/web_cve-2010-1875_exploitation_attempt.yaml index 3a52358d6..3327818da 100644 --- a/rules/web/web_cve-2010-1875.yaml +++ b/rules/web/web_cve-2010-1875_exploitation_attempt.yaml @@ -1,5 +1,5 @@ -title: CVE-2010-1875 exploitation attempt -id: 335b7e25-03d9-40b9-9f3a-82fdfce99af1 +title: CVE-2010-1875 Exploitation Attempt +id: dd496a1a-4d1a-466b-961a-c5ec583d9c2a author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental diff --git a/rules/web/web_cve-2010-1953.yaml b/rules/web/web_cve-2010-1953_exploitation_attempt.yaml similarity index 90% rename from rules/web/web_cve-2010-1953.yaml rename to rules/web/web_cve-2010-1953_exploitation_attempt.yaml index 20e8f0b74..44324f9cf 100644 --- a/rules/web/web_cve-2010-1953.yaml +++ b/rules/web/web_cve-2010-1953_exploitation_attempt.yaml @@ -1,5 +1,5 @@ -title: CVE-2010-1953 exploitation attempt -id: 72936897-8824-4fa8-9ecf-dbbc5f19e53a +title: CVE-2010-1953 Exploitation Attempt +id: 57d8ec13-203c-41fd-ab1f-1faae9b50704 author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental diff --git a/rules/web/web_cve-2010-1954.yaml b/rules/web/web_cve-2010-1954_exploitation_attempt.yaml similarity index 90% rename from rules/web/web_cve-2010-1954.yaml rename to rules/web/web_cve-2010-1954_exploitation_attempt.yaml index 30ecafe1f..b8a24efbf 100644 --- a/rules/web/web_cve-2010-1954.yaml +++ b/rules/web/web_cve-2010-1954_exploitation_attempt.yaml @@ -1,5 +1,5 @@ -title: CVE-2010-1954 exploitation attempt -id: 0159a66f-50f9-4485-b681-756fa2d16ce8 +title: CVE-2010-1954 Exploitation Attempt +id: 75db8c01-6053-40f5-bde9-3eb9b58c6993 author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental diff --git a/rules/web/web_cve-2010-1955.yaml b/rules/web/web_cve-2010-1955_exploitation_attempt.yaml similarity index 90% rename from rules/web/web_cve-2010-1955.yaml rename to rules/web/web_cve-2010-1955_exploitation_attempt.yaml index f4c424f8b..5d45ec589 100644 --- a/rules/web/web_cve-2010-1955.yaml +++ b/rules/web/web_cve-2010-1955_exploitation_attempt.yaml @@ -1,5 +1,5 @@ -title: CVE-2010-1955 exploitation attempt -id: 9a0064ff-3544-4130-aaec-a8547645f44d +title: CVE-2010-1955 Exploitation Attempt +id: c6c7a6f6-53ae-4dd9-b765-369572746618 author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental diff --git a/rules/web/web_cve-2010-1956.yaml b/rules/web/web_cve-2010-1956_exploitation_attempt.yaml similarity index 90% rename from rules/web/web_cve-2010-1956.yaml rename to rules/web/web_cve-2010-1956_exploitation_attempt.yaml index 7d33c368e..be22f9f49 100644 --- a/rules/web/web_cve-2010-1956.yaml +++ b/rules/web/web_cve-2010-1956_exploitation_attempt.yaml @@ -1,5 +1,5 @@ -title: CVE-2010-1956 exploitation attempt -id: 87412ddd-24a7-4d25-98b7-1df572fcac16 +title: CVE-2010-1956 Exploitation Attempt +id: 45c57364-0925-43c7-8340-2a4a3d57d080 author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental diff --git a/rules/web/web_cve-2010-1979.yaml b/rules/web/web_cve-2010-1979_exploitation_attempt.yaml similarity index 90% rename from rules/web/web_cve-2010-1979.yaml rename to rules/web/web_cve-2010-1979_exploitation_attempt.yaml index f91073b5a..44b2760fd 100644 --- a/rules/web/web_cve-2010-1979.yaml +++ b/rules/web/web_cve-2010-1979_exploitation_attempt.yaml @@ -1,5 +1,5 @@ -title: CVE-2010-1979 exploitation attempt -id: c56ae44a-bf7b-4643-a2f8-6935f792684c +title: CVE-2010-1979 Exploitation Attempt +id: 26d368fb-6ba7-42c0-9fdd-cb704c9b5762 author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental diff --git a/rules/web/web_cve-2010-1980.yaml b/rules/web/web_cve-2010-1980_exploitation_attempt.yaml similarity index 90% rename from rules/web/web_cve-2010-1980.yaml rename to rules/web/web_cve-2010-1980_exploitation_attempt.yaml index 26b19ee75..74f85631f 100644 --- a/rules/web/web_cve-2010-1980.yaml +++ b/rules/web/web_cve-2010-1980_exploitation_attempt.yaml @@ -1,5 +1,5 @@ -title: CVE-2010-1980 exploitation attempt -id: 33689775-59d1-4bb4-84e6-4c659819e740 +title: CVE-2010-1980 Exploitation Attempt +id: a3003789-08e5-43c3-bf3b-a41498b626be author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental diff --git a/rules/web/web_cve-2010-1981.yaml b/rules/web/web_cve-2010-1981_exploitation_attempt.yaml similarity index 89% rename from rules/web/web_cve-2010-1981.yaml rename to rules/web/web_cve-2010-1981_exploitation_attempt.yaml index fa7dba175..61351d148 100644 --- a/rules/web/web_cve-2010-1981.yaml +++ b/rules/web/web_cve-2010-1981_exploitation_attempt.yaml @@ -1,5 +1,5 @@ -title: CVE-2010-1981 exploitation attempt -id: 7b1693c7-dfb2-4bc2-a100-8ff973053339 +title: CVE-2010-1981 Exploitation Attempt +id: 4819d179-2307-4d81-a96a-a6af63583c90 author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental diff --git a/rules/web/web_cve-2010-1983.yaml b/rules/web/web_cve-2010-1983_exploitation_attempt.yaml similarity index 90% rename from rules/web/web_cve-2010-1983.yaml rename to rules/web/web_cve-2010-1983_exploitation_attempt.yaml index 7ba0e0c8a..89e35f9f2 100644 --- a/rules/web/web_cve-2010-1983.yaml +++ b/rules/web/web_cve-2010-1983_exploitation_attempt.yaml @@ -1,5 +1,5 @@ -title: CVE-2010-1983 exploitation attempt -id: 1ccbc483-aa94-436c-ae2c-c0ff89c88950 +title: CVE-2010-1983 Exploitation Attempt +id: 34aeb1ba-e6a1-47d8-b705-89f21530c0bc author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental diff --git a/rules/web/web_cve-2010-2033.yaml b/rules/web/web_cve-2010-2033_exploitation_attempt.yaml similarity index 90% rename from rules/web/web_cve-2010-2033.yaml rename to rules/web/web_cve-2010-2033_exploitation_attempt.yaml index a12fc270e..4d19b0ba4 100644 --- a/rules/web/web_cve-2010-2033.yaml +++ b/rules/web/web_cve-2010-2033_exploitation_attempt.yaml @@ -1,5 +1,5 @@ -title: CVE-2010-2033 exploitation attempt -id: 5f65aa73-1a1f-44f6-9df4-2a593d83ca47 +title: CVE-2010-2033 Exploitation Attempt +id: 6fe83c91-50fa-4715-abeb-56db4494f0d6 author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental diff --git a/rules/web/web_cve-2010-2034.yaml b/rules/web/web_cve-2010-2034_exploitation_attempt.yaml similarity index 90% rename from rules/web/web_cve-2010-2034.yaml rename to rules/web/web_cve-2010-2034_exploitation_attempt.yaml index 239593875..e4c6c576c 100644 --- a/rules/web/web_cve-2010-2034.yaml +++ b/rules/web/web_cve-2010-2034_exploitation_attempt.yaml @@ -1,5 +1,5 @@ -title: CVE-2010-2034 exploitation attempt -id: fa7d6a2c-4fef-49cc-9b80-07edaa2687c2 +title: CVE-2010-2034 Exploitation Attempt +id: ac5d3e21-b01f-4bd3-b541-96107ca1a575 author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental diff --git a/rules/web/web_cve-2010-2035.yaml b/rules/web/web_cve-2010-2035_exploitation_attempt.yaml similarity index 90% rename from rules/web/web_cve-2010-2035.yaml rename to rules/web/web_cve-2010-2035_exploitation_attempt.yaml index 37cd635fc..5dc18fac6 100644 --- a/rules/web/web_cve-2010-2035.yaml +++ b/rules/web/web_cve-2010-2035_exploitation_attempt.yaml @@ -1,5 +1,5 @@ -title: CVE-2010-2035 exploitation attempt -id: 517f9070-1bd8-4e24-ab39-17e41e353ab6 +title: CVE-2010-2035 Exploitation Attempt +id: a3d33778-c46a-4c7f-93d0-32fa6f44f216 author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental diff --git a/rules/web/web_cve-2010-2036.yaml b/rules/web/web_cve-2010-2036_exploitation_attempt.yaml similarity index 90% rename from rules/web/web_cve-2010-2036.yaml rename to rules/web/web_cve-2010-2036_exploitation_attempt.yaml index 3f7221eef..213ad9a80 100644 --- a/rules/web/web_cve-2010-2036.yaml +++ b/rules/web/web_cve-2010-2036_exploitation_attempt.yaml @@ -1,5 +1,5 @@ -title: CVE-2010-2036 exploitation attempt -id: 99462979-ccf6-4c28-a108-fd2d958d39e0 +title: CVE-2010-2036 Exploitation Attempt +id: ab306706-061e-418d-bcda-f2350f713aa3 author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental diff --git a/rules/web/web_cve-2010-2122.yaml b/rules/web/web_cve-2010-2122_exploitation_attempt.yaml similarity index 90% rename from rules/web/web_cve-2010-2122.yaml rename to rules/web/web_cve-2010-2122_exploitation_attempt.yaml index de75a78a1..cbf7c4a1c 100644 --- a/rules/web/web_cve-2010-2122.yaml +++ b/rules/web/web_cve-2010-2122_exploitation_attempt.yaml @@ -1,5 +1,5 @@ -title: CVE-2010-2122 exploitation attempt -id: 993b1828-3194-4686-87b6-14b893a2ac1e +title: CVE-2010-2122 Exploitation Attempt +id: 9c26c662-bd83-453c-bee6-af9ec135f0ed author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental diff --git a/rules/web/web_cve-2010-2259.yaml b/rules/web/web_cve-2010-2259_exploitation_attempt.yaml similarity index 90% rename from rules/web/web_cve-2010-2259.yaml rename to rules/web/web_cve-2010-2259_exploitation_attempt.yaml index fe81d09a3..f270d25cc 100644 --- a/rules/web/web_cve-2010-2259.yaml +++ b/rules/web/web_cve-2010-2259_exploitation_attempt.yaml @@ -1,5 +1,5 @@ -title: CVE-2010-2259 exploitation attempt -id: 12a63c52-1a42-437a-90cc-950a4cf6b3ab +title: CVE-2010-2259 Exploitation Attempt +id: 5122163e-68ae-4091-becc-1ce76da87818 author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental diff --git a/rules/web/web_cve-2010-2307.yaml b/rules/web/web_cve-2010-2307_exploitation_attempt.yaml similarity index 90% rename from rules/web/web_cve-2010-2307.yaml rename to rules/web/web_cve-2010-2307_exploitation_attempt.yaml index e77c82881..aa36c44ee 100644 --- a/rules/web/web_cve-2010-2307.yaml +++ b/rules/web/web_cve-2010-2307_exploitation_attempt.yaml @@ -1,5 +1,5 @@ -title: CVE-2010-2307 exploitation attempt -id: f2029a95-84dc-427f-a112-f5e373e791ff +title: CVE-2010-2307 Exploitation Attempt +id: 5ca51722-d5ab-4fd2-8019-d86ab7c4ab06 author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental diff --git a/rules/web/web_cve-2010-2682.yaml b/rules/web/web_cve-2010-2682_exploitation_attempt.yaml similarity index 90% rename from rules/web/web_cve-2010-2682.yaml rename to rules/web/web_cve-2010-2682_exploitation_attempt.yaml index 6f88ea8d2..e37ba64c0 100644 --- a/rules/web/web_cve-2010-2682.yaml +++ b/rules/web/web_cve-2010-2682_exploitation_attempt.yaml @@ -1,5 +1,5 @@ -title: CVE-2010-2682 exploitation attempt -id: 93d57e84-a8e0-40c6-9d5f-679419117413 +title: CVE-2010-2682 Exploitation Attempt +id: 9523ed0f-8d29-43d2-ba03-80021ca432e9 author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental diff --git a/rules/web/web_cve-2010-2861.yaml b/rules/web/web_cve-2010-2861_exploitation_attempt.yaml similarity index 91% rename from rules/web/web_cve-2010-2861.yaml rename to rules/web/web_cve-2010-2861_exploitation_attempt.yaml index 8e1345f21..02c606e5f 100644 --- a/rules/web/web_cve-2010-2861.yaml +++ b/rules/web/web_cve-2010-2861_exploitation_attempt.yaml @@ -1,5 +1,5 @@ -title: CVE-2010-2861 exploitation attempt -id: 51f51d47-b13c-4305-b017-f367e790e2cd +title: CVE-2010-2861 Exploitation Attempt +id: fe01aa56-4e1f-4a9e-8a91-a54ecb03337e author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental diff --git a/rules/web/web_cve-2010-2920.yaml b/rules/web/web_cve-2010-2920_exploitation_attempt.yaml similarity index 90% rename from rules/web/web_cve-2010-2920.yaml rename to rules/web/web_cve-2010-2920_exploitation_attempt.yaml index da22cf06a..fcae4a86a 100644 --- a/rules/web/web_cve-2010-2920.yaml +++ b/rules/web/web_cve-2010-2920_exploitation_attempt.yaml @@ -1,5 +1,5 @@ -title: CVE-2010-2920 exploitation attempt -id: e5195f58-f828-4ab2-a609-23eaaf46de44 +title: CVE-2010-2920 Exploitation Attempt +id: 06d7adfa-1797-499d-a070-afb10935ac16 author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental diff --git a/rules/web/web_cve-2010-3426.yaml b/rules/web/web_cve-2010-3426_exploitation_attempt.yaml similarity index 90% rename from rules/web/web_cve-2010-3426.yaml rename to rules/web/web_cve-2010-3426_exploitation_attempt.yaml index 6bb330c86..a5571a8de 100644 --- a/rules/web/web_cve-2010-3426.yaml +++ b/rules/web/web_cve-2010-3426_exploitation_attempt.yaml @@ -1,5 +1,5 @@ -title: CVE-2010-3426 exploitation attempt -id: aa48eb4c-9028-4d0f-b6be-83f52bc805f7 +title: CVE-2010-3426 Exploitation Attempt +id: 2cb7c37d-e5a6-4dee-a34f-7b96ea217d5b author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental diff --git a/rules/web/web_cve-2010-4231.yaml b/rules/web/web_cve-2010-4231_exploitation_attempt.yaml similarity index 89% rename from rules/web/web_cve-2010-4231.yaml rename to rules/web/web_cve-2010-4231_exploitation_attempt.yaml index a0476b22c..216b3351e 100644 --- a/rules/web/web_cve-2010-4231.yaml +++ b/rules/web/web_cve-2010-4231_exploitation_attempt.yaml @@ -1,5 +1,5 @@ -title: CVE-2010-4231 exploitation attempt -id: c60db1d4-a919-4cbc-bcba-3271b2fd0e6b +title: CVE-2010-4231 Exploitation Attempt +id: dbf4c46f-5581-4cbd-8f31-7183bd7bc9eb author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental diff --git a/rules/web/web_cve-2010-4617.yaml b/rules/web/web_cve-2010-4617_exploitation_attempt.yaml similarity index 90% rename from rules/web/web_cve-2010-4617.yaml rename to rules/web/web_cve-2010-4617_exploitation_attempt.yaml index 33f2bc11a..8664cee01 100644 --- a/rules/web/web_cve-2010-4617.yaml +++ b/rules/web/web_cve-2010-4617_exploitation_attempt.yaml @@ -1,5 +1,5 @@ -title: CVE-2010-4617 exploitation attempt -id: a7745670-2ad1-411a-8e6d-c43bc9942139 +title: CVE-2010-4617 Exploitation Attempt +id: 6e5bcbec-b693-4dc2-b093-38e07d0dd405 author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental diff --git a/rules/web/web_cve-2010-5278.yaml b/rules/web/web_cve-2010-5278_exploitation_attempt.yaml similarity index 90% rename from rules/web/web_cve-2010-5278.yaml rename to rules/web/web_cve-2010-5278_exploitation_attempt.yaml index 14abd22d4..9226d793c 100644 --- a/rules/web/web_cve-2010-5278.yaml +++ b/rules/web/web_cve-2010-5278_exploitation_attempt.yaml @@ -1,5 +1,5 @@ -title: CVE-2010-5278 exploitation attempt -id: 37dbe173-d9f1-400b-862e-cceef489ef6f +title: CVE-2010-5278 Exploitation Attempt +id: 88280398-c4a7-498f-9652-86d2448418d1 author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental From 276cb597567fa91dd9f5912bd753fd997911b692 Mon Sep 17 00:00:00 2001 From: pbssubhash Date: Sun, 12 Sep 2021 18:41:56 +0530 Subject: [PATCH 14/17] yaml to yml ext --- ...on_attempt.yaml => web_cve-2010-0943_exploitation_attempt.yml} | 0 ...on_attempt.yaml => web_cve-2010-0944_exploitation_attempt.yml} | 0 ...on_attempt.yaml => web_cve-2010-0985_exploitation_attempt.yml} | 0 ...on_attempt.yaml => web_cve-2010-1219_exploitation_attempt.yml} | 0 ...on_attempt.yaml => web_cve-2010-1304_exploitation_attempt.yml} | 0 ...on_attempt.yaml => web_cve-2010-1305_exploitation_attempt.yml} | 0 ...on_attempt.yaml => web_cve-2010-1306_exploitation_attempt.yml} | 0 ...on_attempt.yaml => web_cve-2010-1307_exploitation_attempt.yml} | 0 ...on_attempt.yaml => web_cve-2010-1308_exploitation_attempt.yml} | 0 ...on_attempt.yaml => web_cve-2010-1312_exploitation_attempt.yml} | 0 ...on_attempt.yaml => web_cve-2010-1313_exploitation_attempt.yml} | 0 ...on_attempt.yaml => web_cve-2010-1314_exploitation_attempt.yml} | 0 ...on_attempt.yaml => web_cve-2010-1345_exploitation_attempt.yml} | 0 ...on_attempt.yaml => web_cve-2010-1353_exploitation_attempt.yml} | 0 ...on_attempt.yaml => web_cve-2010-1354_exploitation_attempt.yml} | 0 ...on_attempt.yaml => web_cve-2010-1470_exploitation_attempt.yml} | 0 ...on_attempt.yaml => web_cve-2010-1471_exploitation_attempt.yml} | 0 ...on_attempt.yaml => web_cve-2010-1472_exploitation_attempt.yml} | 0 ...on_attempt.yaml => web_cve-2010-1473_exploitation_attempt.yml} | 0 ...on_attempt.yaml => web_cve-2010-1474_exploitation_attempt.yml} | 0 ...on_attempt.yaml => web_cve-2010-1475_exploitation_attempt.yml} | 0 ...on_attempt.yaml => web_cve-2010-1476_exploitation_attempt.yml} | 0 ...on_attempt.yaml => web_cve-2010-1494_exploitation_attempt.yml} | 0 ...on_attempt.yaml => web_cve-2010-1495_exploitation_attempt.yml} | 0 ...on_attempt.yaml => web_cve-2010-1532_exploitation_attempt.yml} | 0 ...on_attempt.yaml => web_cve-2010-1533_exploitation_attempt.yml} | 0 ...on_attempt.yaml => web_cve-2010-1534_exploitation_attempt.yml} | 0 ...on_attempt.yaml => web_cve-2010-1535_exploitation_attempt.yml} | 0 ...on_attempt.yaml => web_cve-2010-1601_exploitation_attempt.yml} | 0 ...on_attempt.yaml => web_cve-2010-1602_exploitation_attempt.yml} | 0 ...on_attempt.yaml => web_cve-2010-1607_exploitation_attempt.yml} | 0 ...on_attempt.yaml => web_cve-2010-1657_exploitation_attempt.yml} | 0 ...on_attempt.yaml => web_cve-2010-1659_exploitation_attempt.yml} | 0 ...on_attempt.yaml => web_cve-2010-1714_exploitation_attempt.yml} | 0 ...on_attempt.yaml => web_cve-2010-1717_exploitation_attempt.yml} | 0 ...on_attempt.yaml => web_cve-2010-1718_exploitation_attempt.yml} | 0 ...on_attempt.yaml => web_cve-2010-1719_exploitation_attempt.yml} | 0 ...on_attempt.yaml => web_cve-2010-1722_exploitation_attempt.yml} | 0 ...on_attempt.yaml => web_cve-2010-1875_exploitation_attempt.yml} | 0 ...on_attempt.yaml => web_cve-2010-1953_exploitation_attempt.yml} | 0 ...on_attempt.yaml => web_cve-2010-1954_exploitation_attempt.yml} | 0 ...on_attempt.yaml => web_cve-2010-1955_exploitation_attempt.yml} | 0 ...on_attempt.yaml => web_cve-2010-1956_exploitation_attempt.yml} | 0 ...on_attempt.yaml => web_cve-2010-1979_exploitation_attempt.yml} | 0 ...on_attempt.yaml => web_cve-2010-1980_exploitation_attempt.yml} | 0 ...on_attempt.yaml => web_cve-2010-1981_exploitation_attempt.yml} | 0 ...on_attempt.yaml => web_cve-2010-1983_exploitation_attempt.yml} | 0 ...on_attempt.yaml => web_cve-2010-2033_exploitation_attempt.yml} | 0 ...on_attempt.yaml => web_cve-2010-2034_exploitation_attempt.yml} | 0 ...on_attempt.yaml => web_cve-2010-2035_exploitation_attempt.yml} | 0 ...on_attempt.yaml => web_cve-2010-2036_exploitation_attempt.yml} | 0 ...on_attempt.yaml => web_cve-2010-2122_exploitation_attempt.yml} | 0 ...on_attempt.yaml => web_cve-2010-2259_exploitation_attempt.yml} | 0 ...on_attempt.yaml => web_cve-2010-2307_exploitation_attempt.yml} | 0 ...on_attempt.yaml => web_cve-2010-2682_exploitation_attempt.yml} | 0 ...on_attempt.yaml => web_cve-2010-2861_exploitation_attempt.yml} | 0 ...on_attempt.yaml => web_cve-2010-2920_exploitation_attempt.yml} | 0 ...on_attempt.yaml => web_cve-2010-3426_exploitation_attempt.yml} | 0 ...on_attempt.yaml => web_cve-2010-4231_exploitation_attempt.yml} | 0 ...on_attempt.yaml => web_cve-2010-4617_exploitation_attempt.yml} | 0 ...on_attempt.yaml => web_cve-2010-5278_exploitation_attempt.yml} | 0 61 files changed, 0 insertions(+), 0 deletions(-) rename rules/web/{web_cve-2010-0943_exploitation_attempt.yaml => web_cve-2010-0943_exploitation_attempt.yml} (100%) rename rules/web/{web_cve-2010-0944_exploitation_attempt.yaml => web_cve-2010-0944_exploitation_attempt.yml} (100%) rename rules/web/{web_cve-2010-0985_exploitation_attempt.yaml => web_cve-2010-0985_exploitation_attempt.yml} (100%) rename rules/web/{web_cve-2010-1219_exploitation_attempt.yaml => web_cve-2010-1219_exploitation_attempt.yml} (100%) rename rules/web/{web_cve-2010-1304_exploitation_attempt.yaml => web_cve-2010-1304_exploitation_attempt.yml} (100%) rename rules/web/{web_cve-2010-1305_exploitation_attempt.yaml => web_cve-2010-1305_exploitation_attempt.yml} (100%) rename rules/web/{web_cve-2010-1306_exploitation_attempt.yaml => web_cve-2010-1306_exploitation_attempt.yml} (100%) rename rules/web/{web_cve-2010-1307_exploitation_attempt.yaml => web_cve-2010-1307_exploitation_attempt.yml} (100%) rename rules/web/{web_cve-2010-1308_exploitation_attempt.yaml => web_cve-2010-1308_exploitation_attempt.yml} (100%) rename rules/web/{web_cve-2010-1312_exploitation_attempt.yaml => web_cve-2010-1312_exploitation_attempt.yml} (100%) rename rules/web/{web_cve-2010-1313_exploitation_attempt.yaml => web_cve-2010-1313_exploitation_attempt.yml} (100%) rename rules/web/{web_cve-2010-1314_exploitation_attempt.yaml => web_cve-2010-1314_exploitation_attempt.yml} (100%) rename rules/web/{web_cve-2010-1345_exploitation_attempt.yaml => web_cve-2010-1345_exploitation_attempt.yml} (100%) rename rules/web/{web_cve-2010-1353_exploitation_attempt.yaml => web_cve-2010-1353_exploitation_attempt.yml} (100%) rename rules/web/{web_cve-2010-1354_exploitation_attempt.yaml => web_cve-2010-1354_exploitation_attempt.yml} (100%) rename rules/web/{web_cve-2010-1470_exploitation_attempt.yaml => web_cve-2010-1470_exploitation_attempt.yml} (100%) rename rules/web/{web_cve-2010-1471_exploitation_attempt.yaml => web_cve-2010-1471_exploitation_attempt.yml} (100%) rename rules/web/{web_cve-2010-1472_exploitation_attempt.yaml => web_cve-2010-1472_exploitation_attempt.yml} (100%) rename rules/web/{web_cve-2010-1473_exploitation_attempt.yaml => web_cve-2010-1473_exploitation_attempt.yml} (100%) rename rules/web/{web_cve-2010-1474_exploitation_attempt.yaml => web_cve-2010-1474_exploitation_attempt.yml} (100%) rename rules/web/{web_cve-2010-1475_exploitation_attempt.yaml => web_cve-2010-1475_exploitation_attempt.yml} (100%) rename rules/web/{web_cve-2010-1476_exploitation_attempt.yaml => web_cve-2010-1476_exploitation_attempt.yml} (100%) rename rules/web/{web_cve-2010-1494_exploitation_attempt.yaml => web_cve-2010-1494_exploitation_attempt.yml} (100%) rename rules/web/{web_cve-2010-1495_exploitation_attempt.yaml => web_cve-2010-1495_exploitation_attempt.yml} (100%) rename rules/web/{web_cve-2010-1532_exploitation_attempt.yaml => web_cve-2010-1532_exploitation_attempt.yml} (100%) rename rules/web/{web_cve-2010-1533_exploitation_attempt.yaml => web_cve-2010-1533_exploitation_attempt.yml} (100%) rename rules/web/{web_cve-2010-1534_exploitation_attempt.yaml => web_cve-2010-1534_exploitation_attempt.yml} (100%) rename rules/web/{web_cve-2010-1535_exploitation_attempt.yaml => web_cve-2010-1535_exploitation_attempt.yml} (100%) rename rules/web/{web_cve-2010-1601_exploitation_attempt.yaml => web_cve-2010-1601_exploitation_attempt.yml} (100%) rename rules/web/{web_cve-2010-1602_exploitation_attempt.yaml => web_cve-2010-1602_exploitation_attempt.yml} (100%) rename rules/web/{web_cve-2010-1607_exploitation_attempt.yaml => web_cve-2010-1607_exploitation_attempt.yml} (100%) rename rules/web/{web_cve-2010-1657_exploitation_attempt.yaml => web_cve-2010-1657_exploitation_attempt.yml} (100%) rename rules/web/{web_cve-2010-1659_exploitation_attempt.yaml => web_cve-2010-1659_exploitation_attempt.yml} (100%) rename rules/web/{web_cve-2010-1714_exploitation_attempt.yaml => web_cve-2010-1714_exploitation_attempt.yml} (100%) rename rules/web/{web_cve-2010-1717_exploitation_attempt.yaml => web_cve-2010-1717_exploitation_attempt.yml} (100%) rename rules/web/{web_cve-2010-1718_exploitation_attempt.yaml => web_cve-2010-1718_exploitation_attempt.yml} (100%) rename rules/web/{web_cve-2010-1719_exploitation_attempt.yaml => web_cve-2010-1719_exploitation_attempt.yml} (100%) rename rules/web/{web_cve-2010-1722_exploitation_attempt.yaml => web_cve-2010-1722_exploitation_attempt.yml} (100%) rename rules/web/{web_cve-2010-1875_exploitation_attempt.yaml => web_cve-2010-1875_exploitation_attempt.yml} (100%) rename rules/web/{web_cve-2010-1953_exploitation_attempt.yaml => web_cve-2010-1953_exploitation_attempt.yml} (100%) rename rules/web/{web_cve-2010-1954_exploitation_attempt.yaml => web_cve-2010-1954_exploitation_attempt.yml} (100%) rename rules/web/{web_cve-2010-1955_exploitation_attempt.yaml => web_cve-2010-1955_exploitation_attempt.yml} (100%) rename rules/web/{web_cve-2010-1956_exploitation_attempt.yaml => web_cve-2010-1956_exploitation_attempt.yml} (100%) rename rules/web/{web_cve-2010-1979_exploitation_attempt.yaml => web_cve-2010-1979_exploitation_attempt.yml} (100%) rename rules/web/{web_cve-2010-1980_exploitation_attempt.yaml => web_cve-2010-1980_exploitation_attempt.yml} (100%) rename rules/web/{web_cve-2010-1981_exploitation_attempt.yaml => web_cve-2010-1981_exploitation_attempt.yml} (100%) rename rules/web/{web_cve-2010-1983_exploitation_attempt.yaml => web_cve-2010-1983_exploitation_attempt.yml} (100%) rename rules/web/{web_cve-2010-2033_exploitation_attempt.yaml => web_cve-2010-2033_exploitation_attempt.yml} (100%) rename rules/web/{web_cve-2010-2034_exploitation_attempt.yaml => web_cve-2010-2034_exploitation_attempt.yml} (100%) rename rules/web/{web_cve-2010-2035_exploitation_attempt.yaml => web_cve-2010-2035_exploitation_attempt.yml} (100%) rename rules/web/{web_cve-2010-2036_exploitation_attempt.yaml => web_cve-2010-2036_exploitation_attempt.yml} (100%) rename rules/web/{web_cve-2010-2122_exploitation_attempt.yaml => web_cve-2010-2122_exploitation_attempt.yml} (100%) rename rules/web/{web_cve-2010-2259_exploitation_attempt.yaml => web_cve-2010-2259_exploitation_attempt.yml} (100%) rename rules/web/{web_cve-2010-2307_exploitation_attempt.yaml => web_cve-2010-2307_exploitation_attempt.yml} (100%) rename rules/web/{web_cve-2010-2682_exploitation_attempt.yaml => web_cve-2010-2682_exploitation_attempt.yml} (100%) rename rules/web/{web_cve-2010-2861_exploitation_attempt.yaml => web_cve-2010-2861_exploitation_attempt.yml} (100%) rename rules/web/{web_cve-2010-2920_exploitation_attempt.yaml => web_cve-2010-2920_exploitation_attempt.yml} (100%) rename rules/web/{web_cve-2010-3426_exploitation_attempt.yaml => web_cve-2010-3426_exploitation_attempt.yml} (100%) rename rules/web/{web_cve-2010-4231_exploitation_attempt.yaml => web_cve-2010-4231_exploitation_attempt.yml} (100%) rename rules/web/{web_cve-2010-4617_exploitation_attempt.yaml => web_cve-2010-4617_exploitation_attempt.yml} (100%) rename rules/web/{web_cve-2010-5278_exploitation_attempt.yaml => web_cve-2010-5278_exploitation_attempt.yml} (100%) diff --git a/rules/web/web_cve-2010-0943_exploitation_attempt.yaml b/rules/web/web_cve-2010-0943_exploitation_attempt.yml similarity index 100% rename from rules/web/web_cve-2010-0943_exploitation_attempt.yaml rename to rules/web/web_cve-2010-0943_exploitation_attempt.yml diff --git a/rules/web/web_cve-2010-0944_exploitation_attempt.yaml b/rules/web/web_cve-2010-0944_exploitation_attempt.yml similarity index 100% rename from rules/web/web_cve-2010-0944_exploitation_attempt.yaml rename to rules/web/web_cve-2010-0944_exploitation_attempt.yml diff --git a/rules/web/web_cve-2010-0985_exploitation_attempt.yaml b/rules/web/web_cve-2010-0985_exploitation_attempt.yml similarity index 100% rename from rules/web/web_cve-2010-0985_exploitation_attempt.yaml rename to rules/web/web_cve-2010-0985_exploitation_attempt.yml diff --git a/rules/web/web_cve-2010-1219_exploitation_attempt.yaml b/rules/web/web_cve-2010-1219_exploitation_attempt.yml similarity index 100% rename from rules/web/web_cve-2010-1219_exploitation_attempt.yaml rename to rules/web/web_cve-2010-1219_exploitation_attempt.yml diff --git a/rules/web/web_cve-2010-1304_exploitation_attempt.yaml b/rules/web/web_cve-2010-1304_exploitation_attempt.yml similarity index 100% rename from rules/web/web_cve-2010-1304_exploitation_attempt.yaml rename to rules/web/web_cve-2010-1304_exploitation_attempt.yml diff --git a/rules/web/web_cve-2010-1305_exploitation_attempt.yaml b/rules/web/web_cve-2010-1305_exploitation_attempt.yml similarity index 100% rename from rules/web/web_cve-2010-1305_exploitation_attempt.yaml rename to rules/web/web_cve-2010-1305_exploitation_attempt.yml diff --git a/rules/web/web_cve-2010-1306_exploitation_attempt.yaml b/rules/web/web_cve-2010-1306_exploitation_attempt.yml similarity index 100% rename from rules/web/web_cve-2010-1306_exploitation_attempt.yaml rename to rules/web/web_cve-2010-1306_exploitation_attempt.yml diff --git a/rules/web/web_cve-2010-1307_exploitation_attempt.yaml b/rules/web/web_cve-2010-1307_exploitation_attempt.yml similarity index 100% rename from rules/web/web_cve-2010-1307_exploitation_attempt.yaml rename to rules/web/web_cve-2010-1307_exploitation_attempt.yml diff --git a/rules/web/web_cve-2010-1308_exploitation_attempt.yaml b/rules/web/web_cve-2010-1308_exploitation_attempt.yml similarity index 100% rename from rules/web/web_cve-2010-1308_exploitation_attempt.yaml rename to rules/web/web_cve-2010-1308_exploitation_attempt.yml diff --git a/rules/web/web_cve-2010-1312_exploitation_attempt.yaml b/rules/web/web_cve-2010-1312_exploitation_attempt.yml similarity index 100% rename from rules/web/web_cve-2010-1312_exploitation_attempt.yaml rename to rules/web/web_cve-2010-1312_exploitation_attempt.yml diff --git a/rules/web/web_cve-2010-1313_exploitation_attempt.yaml b/rules/web/web_cve-2010-1313_exploitation_attempt.yml similarity index 100% rename from rules/web/web_cve-2010-1313_exploitation_attempt.yaml rename to rules/web/web_cve-2010-1313_exploitation_attempt.yml diff --git a/rules/web/web_cve-2010-1314_exploitation_attempt.yaml b/rules/web/web_cve-2010-1314_exploitation_attempt.yml similarity index 100% rename from rules/web/web_cve-2010-1314_exploitation_attempt.yaml rename to rules/web/web_cve-2010-1314_exploitation_attempt.yml diff --git a/rules/web/web_cve-2010-1345_exploitation_attempt.yaml b/rules/web/web_cve-2010-1345_exploitation_attempt.yml similarity index 100% rename from rules/web/web_cve-2010-1345_exploitation_attempt.yaml rename to rules/web/web_cve-2010-1345_exploitation_attempt.yml diff --git a/rules/web/web_cve-2010-1353_exploitation_attempt.yaml b/rules/web/web_cve-2010-1353_exploitation_attempt.yml similarity index 100% rename from rules/web/web_cve-2010-1353_exploitation_attempt.yaml rename to rules/web/web_cve-2010-1353_exploitation_attempt.yml diff --git a/rules/web/web_cve-2010-1354_exploitation_attempt.yaml b/rules/web/web_cve-2010-1354_exploitation_attempt.yml similarity index 100% rename from rules/web/web_cve-2010-1354_exploitation_attempt.yaml rename to rules/web/web_cve-2010-1354_exploitation_attempt.yml diff --git a/rules/web/web_cve-2010-1470_exploitation_attempt.yaml b/rules/web/web_cve-2010-1470_exploitation_attempt.yml similarity index 100% rename from rules/web/web_cve-2010-1470_exploitation_attempt.yaml rename to rules/web/web_cve-2010-1470_exploitation_attempt.yml diff --git a/rules/web/web_cve-2010-1471_exploitation_attempt.yaml b/rules/web/web_cve-2010-1471_exploitation_attempt.yml similarity index 100% rename from rules/web/web_cve-2010-1471_exploitation_attempt.yaml rename to rules/web/web_cve-2010-1471_exploitation_attempt.yml diff --git a/rules/web/web_cve-2010-1472_exploitation_attempt.yaml b/rules/web/web_cve-2010-1472_exploitation_attempt.yml similarity index 100% rename from rules/web/web_cve-2010-1472_exploitation_attempt.yaml rename to rules/web/web_cve-2010-1472_exploitation_attempt.yml diff --git a/rules/web/web_cve-2010-1473_exploitation_attempt.yaml b/rules/web/web_cve-2010-1473_exploitation_attempt.yml similarity index 100% rename from rules/web/web_cve-2010-1473_exploitation_attempt.yaml rename to rules/web/web_cve-2010-1473_exploitation_attempt.yml diff --git a/rules/web/web_cve-2010-1474_exploitation_attempt.yaml b/rules/web/web_cve-2010-1474_exploitation_attempt.yml similarity index 100% rename from rules/web/web_cve-2010-1474_exploitation_attempt.yaml rename to rules/web/web_cve-2010-1474_exploitation_attempt.yml diff --git a/rules/web/web_cve-2010-1475_exploitation_attempt.yaml b/rules/web/web_cve-2010-1475_exploitation_attempt.yml similarity index 100% rename from rules/web/web_cve-2010-1475_exploitation_attempt.yaml rename to rules/web/web_cve-2010-1475_exploitation_attempt.yml diff --git a/rules/web/web_cve-2010-1476_exploitation_attempt.yaml b/rules/web/web_cve-2010-1476_exploitation_attempt.yml similarity index 100% rename from rules/web/web_cve-2010-1476_exploitation_attempt.yaml rename to rules/web/web_cve-2010-1476_exploitation_attempt.yml diff --git a/rules/web/web_cve-2010-1494_exploitation_attempt.yaml b/rules/web/web_cve-2010-1494_exploitation_attempt.yml similarity index 100% rename from rules/web/web_cve-2010-1494_exploitation_attempt.yaml rename to rules/web/web_cve-2010-1494_exploitation_attempt.yml diff --git a/rules/web/web_cve-2010-1495_exploitation_attempt.yaml b/rules/web/web_cve-2010-1495_exploitation_attempt.yml similarity index 100% rename from rules/web/web_cve-2010-1495_exploitation_attempt.yaml rename to rules/web/web_cve-2010-1495_exploitation_attempt.yml diff --git a/rules/web/web_cve-2010-1532_exploitation_attempt.yaml b/rules/web/web_cve-2010-1532_exploitation_attempt.yml similarity index 100% rename from rules/web/web_cve-2010-1532_exploitation_attempt.yaml rename to rules/web/web_cve-2010-1532_exploitation_attempt.yml diff --git a/rules/web/web_cve-2010-1533_exploitation_attempt.yaml b/rules/web/web_cve-2010-1533_exploitation_attempt.yml similarity index 100% rename from rules/web/web_cve-2010-1533_exploitation_attempt.yaml rename to rules/web/web_cve-2010-1533_exploitation_attempt.yml diff --git a/rules/web/web_cve-2010-1534_exploitation_attempt.yaml b/rules/web/web_cve-2010-1534_exploitation_attempt.yml similarity index 100% rename from rules/web/web_cve-2010-1534_exploitation_attempt.yaml rename to rules/web/web_cve-2010-1534_exploitation_attempt.yml diff --git a/rules/web/web_cve-2010-1535_exploitation_attempt.yaml b/rules/web/web_cve-2010-1535_exploitation_attempt.yml similarity index 100% rename from rules/web/web_cve-2010-1535_exploitation_attempt.yaml rename to rules/web/web_cve-2010-1535_exploitation_attempt.yml diff --git a/rules/web/web_cve-2010-1601_exploitation_attempt.yaml b/rules/web/web_cve-2010-1601_exploitation_attempt.yml similarity index 100% rename from rules/web/web_cve-2010-1601_exploitation_attempt.yaml rename to rules/web/web_cve-2010-1601_exploitation_attempt.yml diff --git a/rules/web/web_cve-2010-1602_exploitation_attempt.yaml b/rules/web/web_cve-2010-1602_exploitation_attempt.yml similarity index 100% rename from rules/web/web_cve-2010-1602_exploitation_attempt.yaml rename to rules/web/web_cve-2010-1602_exploitation_attempt.yml diff --git a/rules/web/web_cve-2010-1607_exploitation_attempt.yaml b/rules/web/web_cve-2010-1607_exploitation_attempt.yml similarity index 100% rename from rules/web/web_cve-2010-1607_exploitation_attempt.yaml rename to rules/web/web_cve-2010-1607_exploitation_attempt.yml diff --git a/rules/web/web_cve-2010-1657_exploitation_attempt.yaml b/rules/web/web_cve-2010-1657_exploitation_attempt.yml similarity index 100% rename from rules/web/web_cve-2010-1657_exploitation_attempt.yaml rename to rules/web/web_cve-2010-1657_exploitation_attempt.yml diff --git a/rules/web/web_cve-2010-1659_exploitation_attempt.yaml b/rules/web/web_cve-2010-1659_exploitation_attempt.yml similarity index 100% rename from rules/web/web_cve-2010-1659_exploitation_attempt.yaml rename to rules/web/web_cve-2010-1659_exploitation_attempt.yml diff --git a/rules/web/web_cve-2010-1714_exploitation_attempt.yaml b/rules/web/web_cve-2010-1714_exploitation_attempt.yml similarity index 100% rename from rules/web/web_cve-2010-1714_exploitation_attempt.yaml rename to rules/web/web_cve-2010-1714_exploitation_attempt.yml diff --git a/rules/web/web_cve-2010-1717_exploitation_attempt.yaml b/rules/web/web_cve-2010-1717_exploitation_attempt.yml similarity index 100% rename from rules/web/web_cve-2010-1717_exploitation_attempt.yaml rename to rules/web/web_cve-2010-1717_exploitation_attempt.yml diff --git a/rules/web/web_cve-2010-1718_exploitation_attempt.yaml b/rules/web/web_cve-2010-1718_exploitation_attempt.yml similarity index 100% rename from rules/web/web_cve-2010-1718_exploitation_attempt.yaml rename to rules/web/web_cve-2010-1718_exploitation_attempt.yml diff --git a/rules/web/web_cve-2010-1719_exploitation_attempt.yaml b/rules/web/web_cve-2010-1719_exploitation_attempt.yml similarity index 100% rename from rules/web/web_cve-2010-1719_exploitation_attempt.yaml rename to rules/web/web_cve-2010-1719_exploitation_attempt.yml diff --git a/rules/web/web_cve-2010-1722_exploitation_attempt.yaml b/rules/web/web_cve-2010-1722_exploitation_attempt.yml similarity index 100% rename from rules/web/web_cve-2010-1722_exploitation_attempt.yaml rename to rules/web/web_cve-2010-1722_exploitation_attempt.yml diff --git a/rules/web/web_cve-2010-1875_exploitation_attempt.yaml b/rules/web/web_cve-2010-1875_exploitation_attempt.yml similarity index 100% rename from rules/web/web_cve-2010-1875_exploitation_attempt.yaml rename to rules/web/web_cve-2010-1875_exploitation_attempt.yml diff --git a/rules/web/web_cve-2010-1953_exploitation_attempt.yaml b/rules/web/web_cve-2010-1953_exploitation_attempt.yml similarity index 100% rename from rules/web/web_cve-2010-1953_exploitation_attempt.yaml rename to rules/web/web_cve-2010-1953_exploitation_attempt.yml diff --git a/rules/web/web_cve-2010-1954_exploitation_attempt.yaml b/rules/web/web_cve-2010-1954_exploitation_attempt.yml similarity index 100% rename from rules/web/web_cve-2010-1954_exploitation_attempt.yaml rename to rules/web/web_cve-2010-1954_exploitation_attempt.yml diff --git a/rules/web/web_cve-2010-1955_exploitation_attempt.yaml b/rules/web/web_cve-2010-1955_exploitation_attempt.yml similarity index 100% rename from rules/web/web_cve-2010-1955_exploitation_attempt.yaml rename to rules/web/web_cve-2010-1955_exploitation_attempt.yml diff --git a/rules/web/web_cve-2010-1956_exploitation_attempt.yaml b/rules/web/web_cve-2010-1956_exploitation_attempt.yml similarity index 100% rename from rules/web/web_cve-2010-1956_exploitation_attempt.yaml rename to rules/web/web_cve-2010-1956_exploitation_attempt.yml diff --git a/rules/web/web_cve-2010-1979_exploitation_attempt.yaml b/rules/web/web_cve-2010-1979_exploitation_attempt.yml similarity index 100% rename from rules/web/web_cve-2010-1979_exploitation_attempt.yaml rename to rules/web/web_cve-2010-1979_exploitation_attempt.yml diff --git a/rules/web/web_cve-2010-1980_exploitation_attempt.yaml b/rules/web/web_cve-2010-1980_exploitation_attempt.yml similarity index 100% rename from rules/web/web_cve-2010-1980_exploitation_attempt.yaml rename to rules/web/web_cve-2010-1980_exploitation_attempt.yml diff --git a/rules/web/web_cve-2010-1981_exploitation_attempt.yaml b/rules/web/web_cve-2010-1981_exploitation_attempt.yml similarity index 100% rename from rules/web/web_cve-2010-1981_exploitation_attempt.yaml rename to rules/web/web_cve-2010-1981_exploitation_attempt.yml diff --git a/rules/web/web_cve-2010-1983_exploitation_attempt.yaml b/rules/web/web_cve-2010-1983_exploitation_attempt.yml similarity index 100% rename from rules/web/web_cve-2010-1983_exploitation_attempt.yaml rename to rules/web/web_cve-2010-1983_exploitation_attempt.yml diff --git a/rules/web/web_cve-2010-2033_exploitation_attempt.yaml b/rules/web/web_cve-2010-2033_exploitation_attempt.yml similarity index 100% rename from rules/web/web_cve-2010-2033_exploitation_attempt.yaml rename to rules/web/web_cve-2010-2033_exploitation_attempt.yml diff --git a/rules/web/web_cve-2010-2034_exploitation_attempt.yaml b/rules/web/web_cve-2010-2034_exploitation_attempt.yml similarity index 100% rename from rules/web/web_cve-2010-2034_exploitation_attempt.yaml rename to rules/web/web_cve-2010-2034_exploitation_attempt.yml diff --git a/rules/web/web_cve-2010-2035_exploitation_attempt.yaml b/rules/web/web_cve-2010-2035_exploitation_attempt.yml similarity index 100% rename from rules/web/web_cve-2010-2035_exploitation_attempt.yaml rename to rules/web/web_cve-2010-2035_exploitation_attempt.yml diff --git a/rules/web/web_cve-2010-2036_exploitation_attempt.yaml b/rules/web/web_cve-2010-2036_exploitation_attempt.yml similarity index 100% rename from rules/web/web_cve-2010-2036_exploitation_attempt.yaml rename to rules/web/web_cve-2010-2036_exploitation_attempt.yml diff --git a/rules/web/web_cve-2010-2122_exploitation_attempt.yaml b/rules/web/web_cve-2010-2122_exploitation_attempt.yml similarity index 100% rename from rules/web/web_cve-2010-2122_exploitation_attempt.yaml rename to rules/web/web_cve-2010-2122_exploitation_attempt.yml diff --git a/rules/web/web_cve-2010-2259_exploitation_attempt.yaml b/rules/web/web_cve-2010-2259_exploitation_attempt.yml similarity index 100% rename from rules/web/web_cve-2010-2259_exploitation_attempt.yaml rename to rules/web/web_cve-2010-2259_exploitation_attempt.yml diff --git a/rules/web/web_cve-2010-2307_exploitation_attempt.yaml b/rules/web/web_cve-2010-2307_exploitation_attempt.yml similarity index 100% rename from rules/web/web_cve-2010-2307_exploitation_attempt.yaml rename to rules/web/web_cve-2010-2307_exploitation_attempt.yml diff --git a/rules/web/web_cve-2010-2682_exploitation_attempt.yaml b/rules/web/web_cve-2010-2682_exploitation_attempt.yml similarity index 100% rename from rules/web/web_cve-2010-2682_exploitation_attempt.yaml rename to rules/web/web_cve-2010-2682_exploitation_attempt.yml diff --git a/rules/web/web_cve-2010-2861_exploitation_attempt.yaml b/rules/web/web_cve-2010-2861_exploitation_attempt.yml similarity index 100% rename from rules/web/web_cve-2010-2861_exploitation_attempt.yaml rename to rules/web/web_cve-2010-2861_exploitation_attempt.yml diff --git a/rules/web/web_cve-2010-2920_exploitation_attempt.yaml b/rules/web/web_cve-2010-2920_exploitation_attempt.yml similarity index 100% rename from rules/web/web_cve-2010-2920_exploitation_attempt.yaml rename to rules/web/web_cve-2010-2920_exploitation_attempt.yml diff --git a/rules/web/web_cve-2010-3426_exploitation_attempt.yaml b/rules/web/web_cve-2010-3426_exploitation_attempt.yml similarity index 100% rename from rules/web/web_cve-2010-3426_exploitation_attempt.yaml rename to rules/web/web_cve-2010-3426_exploitation_attempt.yml diff --git a/rules/web/web_cve-2010-4231_exploitation_attempt.yaml b/rules/web/web_cve-2010-4231_exploitation_attempt.yml similarity index 100% rename from rules/web/web_cve-2010-4231_exploitation_attempt.yaml rename to rules/web/web_cve-2010-4231_exploitation_attempt.yml diff --git a/rules/web/web_cve-2010-4617_exploitation_attempt.yaml b/rules/web/web_cve-2010-4617_exploitation_attempt.yml similarity index 100% rename from rules/web/web_cve-2010-4617_exploitation_attempt.yaml rename to rules/web/web_cve-2010-4617_exploitation_attempt.yml diff --git a/rules/web/web_cve-2010-5278_exploitation_attempt.yaml b/rules/web/web_cve-2010-5278_exploitation_attempt.yml similarity index 100% rename from rules/web/web_cve-2010-5278_exploitation_attempt.yaml rename to rules/web/web_cve-2010-5278_exploitation_attempt.yml From 3c0c1706dcc745934cae3076815cf482b4dfa83f Mon Sep 17 00:00:00 2001 From: pbssubhash Date: Sun, 12 Sep 2021 23:06:01 +0530 Subject: [PATCH 15/17] Changed --- rules/windows/file_event/sysmon_detect_powerup_dllhijacking.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/windows/file_event/sysmon_detect_powerup_dllhijacking.yml b/rules/windows/file_event/sysmon_detect_powerup_dllhijacking.yml index bbb1219f0..1fecf8392 100644 --- a/rules/windows/file_event/sysmon_detect_powerup_dllhijacking.yml +++ b/rules/windows/file_event/sysmon_detect_powerup_dllhijacking.yml @@ -15,7 +15,7 @@ tags: - attack.defense_evasion - attack.t1574.001 logsource: - service: sysmon + service: file_event product: windows detection: selection: From 0c092cd1064b997eff6de5e377479d6b76f62c24 Mon Sep 17 00:00:00 2001 From: pbssubhash Date: Sun, 12 Sep 2021 23:11:46 +0530 Subject: [PATCH 16/17] Final changes --- rules/windows/file_event/sysmon_detect_powerup_dllhijacking.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/windows/file_event/sysmon_detect_powerup_dllhijacking.yml b/rules/windows/file_event/sysmon_detect_powerup_dllhijacking.yml index 1fecf8392..702dcf29c 100644 --- a/rules/windows/file_event/sysmon_detect_powerup_dllhijacking.yml +++ b/rules/windows/file_event/sysmon_detect_powerup_dllhijacking.yml @@ -15,7 +15,7 @@ tags: - attack.defense_evasion - attack.t1574.001 logsource: - service: file_event + category: file_event product: windows detection: selection: From 4ae1d4198357afdf31e0c4195c5d8ddbeb24a405 Mon Sep 17 00:00:00 2001 From: pbssubhash Date: Mon, 13 Sep 2021 10:16:02 +0530 Subject: [PATCH 17/17] Corrected Rules - Logsource --- ...web_cve-2010-0943_exploitation_attempt.yml | 4 +++- ...web_cve-2010-0944_exploitation_attempt.yml | 4 +++- ...web_cve-2010-0985_exploitation_attempt.yml | 4 +++- ...web_cve-2010-1219_exploitation_attempt.yml | 4 +++- ...web_cve-2010-1304_exploitation_attempt.yml | 4 +++- ...web_cve-2010-1305_exploitation_attempt.yml | 4 +++- ...web_cve-2010-1306_exploitation_attempt.yml | 4 +++- ...web_cve-2010-1307_exploitation_attempt.yml | 4 +++- ...web_cve-2010-1308_exploitation_attempt.yml | 4 +++- ...web_cve-2010-1312_exploitation_attempt.yml | 4 +++- ...web_cve-2010-1313_exploitation_attempt.yml | 4 +++- ...web_cve-2010-1314_exploitation_attempt.yml | 4 +++- ...web_cve-2010-1345_exploitation_attempt.yml | 4 +++- ...web_cve-2010-1353_exploitation_attempt.yml | 4 +++- ...web_cve-2010-1354_exploitation_attempt.yml | 4 +++- ...web_cve-2010-1470_exploitation_attempt.yml | 4 +++- ...web_cve-2010-1471_exploitation_attempt.yml | 4 +++- ...web_cve-2010-1472_exploitation_attempt.yml | 4 +++- ...web_cve-2010-1473_exploitation_attempt.yml | 4 +++- ...web_cve-2010-1474_exploitation_attempt.yml | 4 +++- ...web_cve-2010-1475_exploitation_attempt.yml | 4 +++- ...web_cve-2010-1476_exploitation_attempt.yml | 4 +++- ...web_cve-2010-1494_exploitation_attempt.yml | 4 +++- ...web_cve-2010-1495_exploitation_attempt.yml | 4 +++- ...web_cve-2010-1532_exploitation_attempt.yml | 4 +++- ...web_cve-2010-1533_exploitation_attempt.yml | 4 +++- ...web_cve-2010-1534_exploitation_attempt.yml | 4 +++- ...web_cve-2010-1535_exploitation_attempt.yml | 4 +++- ...web_cve-2010-1601_exploitation_attempt.yml | 4 +++- ...web_cve-2010-1602_exploitation_attempt.yml | 4 +++- ...web_cve-2010-1607_exploitation_attempt.yml | 4 +++- ...web_cve-2010-1657_exploitation_attempt.yml | 4 +++- ...web_cve-2010-1659_exploitation_attempt.yml | 4 +++- ...web_cve-2010-1714_exploitation_attempt.yml | 4 +++- ...web_cve-2010-1717_exploitation_attempt.yml | 4 +++- ...web_cve-2010-1718_exploitation_attempt.yml | 4 +++- ...web_cve-2010-1719_exploitation_attempt.yml | 4 +++- ...web_cve-2010-1722_exploitation_attempt.yml | 4 +++- ...web_cve-2010-1875_exploitation_attempt.yml | 4 +++- ...web_cve-2010-1953_exploitation_attempt.yml | 4 +++- ...web_cve-2010-1954_exploitation_attempt.yml | 4 +++- ...web_cve-2010-1955_exploitation_attempt.yml | 4 +++- ...web_cve-2010-1956_exploitation_attempt.yml | 4 +++- ...web_cve-2010-1979_exploitation_attempt.yml | 4 +++- ...web_cve-2010-1980_exploitation_attempt.yml | 4 +++- ...web_cve-2010-1981_exploitation_attempt.yml | 4 +++- ...web_cve-2010-1983_exploitation_attempt.yml | 4 +++- ...web_cve-2010-2033_exploitation_attempt.yml | 4 +++- ...web_cve-2010-2034_exploitation_attempt.yml | 4 +++- ...web_cve-2010-2035_exploitation_attempt.yml | 4 +++- ...web_cve-2010-2036_exploitation_attempt.yml | 4 +++- ...web_cve-2010-2122_exploitation_attempt.yml | 4 +++- ...web_cve-2010-2259_exploitation_attempt.yml | 4 +++- ...web_cve-2010-2307_exploitation_attempt.yml | 4 +++- ...web_cve-2010-2682_exploitation_attempt.yml | 4 +++- ...web_cve-2010-2861_exploitation_attempt.yml | 4 +++- ...web_cve-2010-2920_exploitation_attempt.yml | 4 +++- ...web_cve-2010-3426_exploitation_attempt.yml | 4 +++- ...web_cve-2010-4231_exploitation_attempt.yml | 4 +++- ...web_cve-2010-4617_exploitation_attempt.yml | 4 +++- ...web_cve-2010-5278_exploitation_attempt.yml | 4 +++- ...web_cve_2010_5278_exploitation_attempt.yml | 24 ------------------- .../sysmon_detect_powerup_dllhijacking.yml | 4 ++-- 63 files changed, 185 insertions(+), 87 deletions(-) delete mode 100644 rules/web/web_cve_2010_5278_exploitation_attempt.yml diff --git a/rules/web/web_cve-2010-0943_exploitation_attempt.yml b/rules/web/web_cve-2010-0943_exploitation_attempt.yml index e36f9ca07..fb5bfcbf0 100644 --- a/rules/web/web_cve-2010-0943_exploitation_attempt.yml +++ b/rules/web/web_cve-2010-0943_exploitation_attempt.yml @@ -1,5 +1,5 @@ title: CVE-2010-0943 Exploitation Attempt -id: 3b8a0723-2e41-43ef-b56a-0ebf5859871c +id: f28d6faa-4163-4967-b397-414aab6cbe41 author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental @@ -9,6 +9,8 @@ description: Joomla! Component com_jashowcase - Directory Traversal:Directory tr in a jashowcase action to index.php. references: - https://github.com/projectdiscovery/nuclei-templates +logsource: + category: webserver detection: selection: c-uri|contains: diff --git a/rules/web/web_cve-2010-0944_exploitation_attempt.yml b/rules/web/web_cve-2010-0944_exploitation_attempt.yml index caf28629c..f33fd3a71 100644 --- a/rules/web/web_cve-2010-0944_exploitation_attempt.yml +++ b/rules/web/web_cve-2010-0944_exploitation_attempt.yml @@ -1,5 +1,5 @@ title: CVE-2010-0944 Exploitation Attempt -id: 9a6621c8-26ce-4fa1-a081-5092a31df9f1 +id: 55d082fa-118a-4649-8e06-bf342de0ba84 author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental @@ -9,6 +9,8 @@ description: Joomla! Component com_jcollection - Directory Traversal:Directory t to index.php. references: - https://github.com/projectdiscovery/nuclei-templates +logsource: + category: webserver detection: selection: c-uri|contains: diff --git a/rules/web/web_cve-2010-0985_exploitation_attempt.yml b/rules/web/web_cve-2010-0985_exploitation_attempt.yml index 41d2adcfd..22a45c289 100644 --- a/rules/web/web_cve-2010-0985_exploitation_attempt.yml +++ b/rules/web/web_cve-2010-0985_exploitation_attempt.yml @@ -1,5 +1,5 @@ title: CVE-2010-0985 Exploitation Attempt -id: 65eb9e0e-d8ea-4dbb-bdb1-8a7bfe726218 +id: 624c389f-24aa-44c2-b702-c2b58eb18ff9 author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental @@ -9,6 +9,8 @@ description: Joomla! Component com_abbrev - Local File Inclusion:Directory trave dot) in the controller parameter to index.php. references: - https://github.com/projectdiscovery/nuclei-templates +logsource: + category: webserver detection: selection: c-uri|contains: diff --git a/rules/web/web_cve-2010-1219_exploitation_attempt.yml b/rules/web/web_cve-2010-1219_exploitation_attempt.yml index 704705336..4a23c671b 100644 --- a/rules/web/web_cve-2010-1219_exploitation_attempt.yml +++ b/rules/web/web_cve-2010-1219_exploitation_attempt.yml @@ -1,5 +1,5 @@ title: CVE-2010-1219 Exploitation Attempt -id: 5c13b413-1c5d-471e-b5d0-502d67c2cfff +id: c05d288c-1f70-4090-8f86-9739afedb14b author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental @@ -9,6 +9,8 @@ description: Joomla! Component com_janews - Local File Inclusion:Directory trave to index.php. references: - https://github.com/projectdiscovery/nuclei-templates +logsource: + category: webserver detection: selection: c-uri|contains: diff --git a/rules/web/web_cve-2010-1304_exploitation_attempt.yml b/rules/web/web_cve-2010-1304_exploitation_attempt.yml index e90d45b9c..f848a240a 100644 --- a/rules/web/web_cve-2010-1304_exploitation_attempt.yml +++ b/rules/web/web_cve-2010-1304_exploitation_attempt.yml @@ -1,5 +1,5 @@ title: CVE-2010-1304 Exploitation Attempt -id: b9f646f1-1e8d-4213-a122-e8cfb2526f7e +id: 6bc9b1ee-a560-4944-84d7-02d45d99cdb1 author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental @@ -9,6 +9,8 @@ description: Joomla! Component User Status - Local File Inclusion:Directory trav the controller parameter to index.php. references: - https://github.com/projectdiscovery/nuclei-templates +logsource: + category: webserver detection: selection: c-uri|contains: diff --git a/rules/web/web_cve-2010-1305_exploitation_attempt.yml b/rules/web/web_cve-2010-1305_exploitation_attempt.yml index e1fd20026..77a6a40ca 100644 --- a/rules/web/web_cve-2010-1305_exploitation_attempt.yml +++ b/rules/web/web_cve-2010-1305_exploitation_attempt.yml @@ -1,5 +1,5 @@ title: CVE-2010-1305 Exploitation Attempt -id: b80d67c0-e544-463e-8db0-cfa6fd1062c7 +id: 4c450e3e-b786-4bf6-bbf4-f2f44546d61e author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental @@ -10,6 +10,8 @@ description: Joomla! Component JInventory 1.23.02 - Local File Inclusion:Directo to index.php. references: - https://github.com/projectdiscovery/nuclei-templates +logsource: + category: webserver detection: selection: c-uri|contains: diff --git a/rules/web/web_cve-2010-1306_exploitation_attempt.yml b/rules/web/web_cve-2010-1306_exploitation_attempt.yml index b3c45a34e..1d0a373da 100644 --- a/rules/web/web_cve-2010-1306_exploitation_attempt.yml +++ b/rules/web/web_cve-2010-1306_exploitation_attempt.yml @@ -1,5 +1,5 @@ title: CVE-2010-1306 Exploitation Attempt -id: 18655982-0c25-41ca-99a9-66c081e5c28e +id: 613ccec4-9812-4cc7-a2f5-bf88383cf83d author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental @@ -9,6 +9,8 @@ description: Joomla! Component Picasa 2.0 - Local File Inclusion:Directory trave controller parameter to index.php. references: - https://github.com/projectdiscovery/nuclei-templates +logsource: + category: webserver detection: selection: c-uri|contains: diff --git a/rules/web/web_cve-2010-1307_exploitation_attempt.yml b/rules/web/web_cve-2010-1307_exploitation_attempt.yml index a0c1b0936..cff579262 100644 --- a/rules/web/web_cve-2010-1307_exploitation_attempt.yml +++ b/rules/web/web_cve-2010-1307_exploitation_attempt.yml @@ -1,5 +1,5 @@ title: CVE-2010-1307 Exploitation Attempt -id: 1f6127b7-58d0-428e-afd6-3daa7093f500 +id: d2bcd27a-de8c-465b-889a-62588138feaa author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental @@ -9,6 +9,8 @@ description: Joomla! Component Magic Updater - Local File Inclusion:Directory tr to index.php. references: - https://github.com/projectdiscovery/nuclei-templates +logsource: + category: webserver detection: selection: c-uri|contains: diff --git a/rules/web/web_cve-2010-1308_exploitation_attempt.yml b/rules/web/web_cve-2010-1308_exploitation_attempt.yml index 5e7dfeb6e..52c29e672 100644 --- a/rules/web/web_cve-2010-1308_exploitation_attempt.yml +++ b/rules/web/web_cve-2010-1308_exploitation_attempt.yml @@ -1,5 +1,5 @@ title: CVE-2010-1308 Exploitation Attempt -id: e7fa765b-d565-42e4-b03e-44a52a25c00a +id: 4cf2d8e5-2b82-484e-b412-bb5fcfb519eb author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental @@ -9,6 +9,8 @@ description: Joomla! Component SVMap 1.1.1 - Local File Inclusion:Directory trav to index.php. references: - https://github.com/projectdiscovery/nuclei-templates +logsource: + category: webserver detection: selection: c-uri|contains: diff --git a/rules/web/web_cve-2010-1312_exploitation_attempt.yml b/rules/web/web_cve-2010-1312_exploitation_attempt.yml index 4d863fd34..65aa281aa 100644 --- a/rules/web/web_cve-2010-1312_exploitation_attempt.yml +++ b/rules/web/web_cve-2010-1312_exploitation_attempt.yml @@ -1,5 +1,5 @@ title: CVE-2010-1312 Exploitation Attempt -id: ffb67143-f136-490b-a593-abc36e0a2f44 +id: fc07dc98-780f-4493-98ce-6e1b7c9742e2 author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental @@ -9,6 +9,8 @@ description: Joomla! Component News Portal 1.5.x - Local File Inclusion:Director the controller parameter to index.php. references: - https://github.com/projectdiscovery/nuclei-templates +logsource: + category: webserver detection: selection: c-uri|contains: diff --git a/rules/web/web_cve-2010-1313_exploitation_attempt.yml b/rules/web/web_cve-2010-1313_exploitation_attempt.yml index d132790fd..cc8366443 100644 --- a/rules/web/web_cve-2010-1313_exploitation_attempt.yml +++ b/rules/web/web_cve-2010-1313_exploitation_attempt.yml @@ -1,5 +1,5 @@ title: CVE-2010-1313 Exploitation Attempt -id: 73c88bfc-5e2a-4fac-b2b2-01b29b565d09 +id: 4287d3e9-5ba8-4a00-925b-bce992e8b2d5 author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental @@ -9,6 +9,8 @@ description: Joomla! Component Saber Cart 1.0.0.12 - Local File Inclusion:Direct to read arbitrary files via a .. (dot dot) in the view parameter to index.php. references: - https://github.com/projectdiscovery/nuclei-templates +logsource: + category: webserver detection: selection: c-uri|contains: diff --git a/rules/web/web_cve-2010-1314_exploitation_attempt.yml b/rules/web/web_cve-2010-1314_exploitation_attempt.yml index 57b4b9479..22c062b99 100644 --- a/rules/web/web_cve-2010-1314_exploitation_attempt.yml +++ b/rules/web/web_cve-2010-1314_exploitation_attempt.yml @@ -1,5 +1,5 @@ title: CVE-2010-1314 Exploitation Attempt -id: bab4e9de-2dab-4471-914b-319ddf29735f +id: 0ce79c5d-cb0c-4800-a040-a0c8c7ad45d1 author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental @@ -9,6 +9,8 @@ description: Joomla! Component Highslide 1.5 - Local File Inclusion:Directory tr parameter to index.php. references: - https://github.com/projectdiscovery/nuclei-templates +logsource: + category: webserver detection: selection: c-uri|contains: diff --git a/rules/web/web_cve-2010-1345_exploitation_attempt.yml b/rules/web/web_cve-2010-1345_exploitation_attempt.yml index 1a75fecb0..e03153f1c 100644 --- a/rules/web/web_cve-2010-1345_exploitation_attempt.yml +++ b/rules/web/web_cve-2010-1345_exploitation_attempt.yml @@ -1,5 +1,5 @@ title: CVE-2010-1345 Exploitation Attempt -id: 8e52016c-f42b-4d53-9812-5079fa88bb9a +id: b92bc21b-e649-4695-8f7c-8b881e33ed1c author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental @@ -9,6 +9,8 @@ description: Joomla! Component Cookex Agency CKForms - Local File Inclusion:Dire the controller parameter to index.php. references: - https://github.com/projectdiscovery/nuclei-templates +logsource: + category: webserver detection: selection: c-uri|contains: diff --git a/rules/web/web_cve-2010-1353_exploitation_attempt.yml b/rules/web/web_cve-2010-1353_exploitation_attempt.yml index 978f2bd29..17d6462a4 100644 --- a/rules/web/web_cve-2010-1353_exploitation_attempt.yml +++ b/rules/web/web_cve-2010-1353_exploitation_attempt.yml @@ -1,5 +1,5 @@ title: CVE-2010-1353 Exploitation Attempt -id: 58e30700-499a-4d21-9c7b-8727e5f8b6e7 +id: 3a9f4835-3518-40e9-91bc-ebb1d918c055 author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental @@ -8,6 +8,8 @@ description: Joomla! Component LoginBox - Local File Inclusion:Directory travers attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. references: - https://github.com/projectdiscovery/nuclei-templates +logsource: + category: webserver detection: selection: c-uri|contains: diff --git a/rules/web/web_cve-2010-1354_exploitation_attempt.yml b/rules/web/web_cve-2010-1354_exploitation_attempt.yml index 86e14aa81..0c88d17b3 100644 --- a/rules/web/web_cve-2010-1354_exploitation_attempt.yml +++ b/rules/web/web_cve-2010-1354_exploitation_attempt.yml @@ -1,5 +1,5 @@ title: CVE-2010-1354 Exploitation Attempt -id: 9d0cfe31-7ead-4c4c-8b33-b77c2a42ca24 +id: 841e7037-c68e-40d1-9fd4-d08fee87f124 author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental @@ -9,6 +9,8 @@ description: Joomla! Component VJDEO 1.0 - Local File Inclusion:Directory traver to index.php. references: - https://github.com/projectdiscovery/nuclei-templates +logsource: + category: webserver detection: selection: c-uri|contains: diff --git a/rules/web/web_cve-2010-1470_exploitation_attempt.yml b/rules/web/web_cve-2010-1470_exploitation_attempt.yml index a34806625..00e0319da 100644 --- a/rules/web/web_cve-2010-1470_exploitation_attempt.yml +++ b/rules/web/web_cve-2010-1470_exploitation_attempt.yml @@ -1,5 +1,5 @@ title: CVE-2010-1470 Exploitation Attempt -id: 3dcb67ad-1b33-4721-8386-7cfccd0e3684 +id: 91dcce8a-b0dc-49e8-a766-9bd0d234d397 author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental @@ -9,6 +9,8 @@ description: Joomla! Component Web TV 1.0 - Local File Inclusion:Directory trave a .. (dot dot) in the controller parameter to index.php. references: - https://github.com/projectdiscovery/nuclei-templates +logsource: + category: webserver detection: selection: c-uri|contains: diff --git a/rules/web/web_cve-2010-1471_exploitation_attempt.yml b/rules/web/web_cve-2010-1471_exploitation_attempt.yml index 8043e1a0a..af7e60db0 100644 --- a/rules/web/web_cve-2010-1471_exploitation_attempt.yml +++ b/rules/web/web_cve-2010-1471_exploitation_attempt.yml @@ -1,5 +1,5 @@ title: CVE-2010-1471 Exploitation Attempt -id: ae585c7e-f75e-4b76-b7cd-a7c3eed7065f +id: c25e9c8b-5bc3-4eda-a29e-62ed09349442 author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental @@ -9,6 +9,8 @@ description: Joomla! Component Address Book 1.5.0 - Local File Inclusion:Directo controller parameter to index.php. references: - https://github.com/projectdiscovery/nuclei-templates +logsource: + category: webserver detection: selection: c-uri|contains: diff --git a/rules/web/web_cve-2010-1472_exploitation_attempt.yml b/rules/web/web_cve-2010-1472_exploitation_attempt.yml index b85aaaea2..7caddd100 100644 --- a/rules/web/web_cve-2010-1472_exploitation_attempt.yml +++ b/rules/web/web_cve-2010-1472_exploitation_attempt.yml @@ -1,5 +1,5 @@ title: CVE-2010-1472 Exploitation Attempt -id: 7472bddd-70cf-409b-8cdd-30c134bcda60 +id: d189b718-577a-4826-ba75-7965be24403f author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental @@ -9,6 +9,8 @@ description: Joomla! Component Horoscope 1.5.0 - Local File Inclusion:Directory parameter to index.php. references: - https://github.com/projectdiscovery/nuclei-templates +logsource: + category: webserver detection: selection: c-uri|contains: diff --git a/rules/web/web_cve-2010-1473_exploitation_attempt.yml b/rules/web/web_cve-2010-1473_exploitation_attempt.yml index 1c46d7605..b48610e1b 100644 --- a/rules/web/web_cve-2010-1473_exploitation_attempt.yml +++ b/rules/web/web_cve-2010-1473_exploitation_attempt.yml @@ -1,5 +1,5 @@ title: CVE-2010-1473 Exploitation Attempt -id: 2be15734-06fe-4383-8ee4-721d4f8b0a70 +id: 51848efa-1963-4f90-b9ca-e614ab66c848 author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental @@ -9,6 +9,8 @@ description: Joomla! Component Advertising 0.25 - Local File Inclusion:Directory via a .. (dot dot) in the controller parameter to index.php. references: - https://github.com/projectdiscovery/nuclei-templates +logsource: + category: webserver detection: selection: c-uri|contains: diff --git a/rules/web/web_cve-2010-1474_exploitation_attempt.yml b/rules/web/web_cve-2010-1474_exploitation_attempt.yml index 83bf15da0..25da08914 100644 --- a/rules/web/web_cve-2010-1474_exploitation_attempt.yml +++ b/rules/web/web_cve-2010-1474_exploitation_attempt.yml @@ -1,5 +1,5 @@ title: CVE-2010-1474 Exploitation Attempt -id: b68d5d20-e6ca-425a-9681-93e924c2918b +id: dcb1e22b-b95e-40b0-a95c-620baf73e56d author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental @@ -9,6 +9,8 @@ description: Joomla! Component Sweetykeeper 1.5 - Local File Inclusion:Directory impact via a .. (dot dot) in the controller parameter to index.php. references: - https://github.com/projectdiscovery/nuclei-templates +logsource: + category: webserver detection: selection: c-uri|contains: diff --git a/rules/web/web_cve-2010-1475_exploitation_attempt.yml b/rules/web/web_cve-2010-1475_exploitation_attempt.yml index 9806d6331..94ed4d8f8 100644 --- a/rules/web/web_cve-2010-1475_exploitation_attempt.yml +++ b/rules/web/web_cve-2010-1475_exploitation_attempt.yml @@ -1,5 +1,5 @@ title: CVE-2010-1475 Exploitation Attempt -id: 11c50fbe-f54a-4c32-a0ae-9d3ab2b0f547 +id: 58505c84-2d43-4686-9fd3-497a7e4f89a3 author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental @@ -9,6 +9,8 @@ description: Joomla! Component Preventive And Reservation 1.0.5 - Local File Inc unspecified other impact via a .. (dot dot) in the controller parameter to index.php. references: - https://github.com/projectdiscovery/nuclei-templates +logsource: + category: webserver detection: selection: c-uri|contains: diff --git a/rules/web/web_cve-2010-1476_exploitation_attempt.yml b/rules/web/web_cve-2010-1476_exploitation_attempt.yml index fc7dcc00b..fb13d5460 100644 --- a/rules/web/web_cve-2010-1476_exploitation_attempt.yml +++ b/rules/web/web_cve-2010-1476_exploitation_attempt.yml @@ -1,5 +1,5 @@ title: CVE-2010-1476 Exploitation Attempt -id: cc5df87f-99ed-486a-8805-d8b97c5bd5bb +id: a095b6d3-0c40-4719-aa55-01dcb47bc03f author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental @@ -9,6 +9,8 @@ description: Joomla! Component AlphaUserPoints 1.5.5 - Local File Inclusion:Dire other impact via a .. (dot dot) in the view parameter to index.php. references: - https://github.com/projectdiscovery/nuclei-templates +logsource: + category: webserver detection: selection: c-uri|contains: diff --git a/rules/web/web_cve-2010-1494_exploitation_attempt.yml b/rules/web/web_cve-2010-1494_exploitation_attempt.yml index e492dff63..2a20d4b9a 100644 --- a/rules/web/web_cve-2010-1494_exploitation_attempt.yml +++ b/rules/web/web_cve-2010-1494_exploitation_attempt.yml @@ -1,5 +1,5 @@ title: CVE-2010-1494 Exploitation Attempt -id: 82fc453a-8032-444e-9801-e6ad7b3e3a9c +id: 4c7ff51e-47cb-4f89-8a1c-ec71be8d811a author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental @@ -9,6 +9,8 @@ description: Joomla! Component AWDwall 1.5.4 - Local File Inclusion:Directory tr to index.php. references: - https://github.com/projectdiscovery/nuclei-templates +logsource: + category: webserver detection: selection: c-uri|contains: diff --git a/rules/web/web_cve-2010-1495_exploitation_attempt.yml b/rules/web/web_cve-2010-1495_exploitation_attempt.yml index 8b5b8588c..2db4bbabc 100644 --- a/rules/web/web_cve-2010-1495_exploitation_attempt.yml +++ b/rules/web/web_cve-2010-1495_exploitation_attempt.yml @@ -1,5 +1,5 @@ title: CVE-2010-1495 Exploitation Attempt -id: eede38ab-67a5-47cd-a0e4-65e82824378d +id: d87e5c39-a7ed-4f34-8be1-ad1697f3d7d7 author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental @@ -9,6 +9,8 @@ description: Joomla! Component Matamko 1.01 - Local File Inclusion:Directory tra to index.php. references: - https://github.com/projectdiscovery/nuclei-templates +logsource: + category: webserver detection: selection: c-uri|contains: diff --git a/rules/web/web_cve-2010-1532_exploitation_attempt.yml b/rules/web/web_cve-2010-1532_exploitation_attempt.yml index bd2e252a0..a0fc22ad7 100644 --- a/rules/web/web_cve-2010-1532_exploitation_attempt.yml +++ b/rules/web/web_cve-2010-1532_exploitation_attempt.yml @@ -1,5 +1,5 @@ title: CVE-2010-1532 Exploitation Attempt -id: 7185db2e-b76b-4a9f-b157-51a7f799de43 +id: 2abfc7f1-cf26-44c4-a3ff-5033bfe6b855 author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental @@ -9,6 +9,8 @@ description: Joomla! Component PowerMail Pro 1.5.3 - Local File Inclusion:Direct unspecified other impact via a .. (dot dot) in the controller parameter to index.php. references: - https://github.com/projectdiscovery/nuclei-templates +logsource: + category: webserver detection: selection: c-uri|contains: diff --git a/rules/web/web_cve-2010-1533_exploitation_attempt.yml b/rules/web/web_cve-2010-1533_exploitation_attempt.yml index 1e779cd79..034bfb716 100644 --- a/rules/web/web_cve-2010-1533_exploitation_attempt.yml +++ b/rules/web/web_cve-2010-1533_exploitation_attempt.yml @@ -1,5 +1,5 @@ title: CVE-2010-1533 Exploitation Attempt -id: 4f6c4eef-bd44-4d25-8a4a-7f84a1748ec6 +id: a97dbf8e-5234-4821-9033-d1209c55415c author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental @@ -9,6 +9,8 @@ description: Joomla! Component TweetLA 1.0.1 - Local File Inclusion:Directory tr to index.php. references: - https://github.com/projectdiscovery/nuclei-templates +logsource: + category: webserver detection: selection: c-uri|contains: diff --git a/rules/web/web_cve-2010-1534_exploitation_attempt.yml b/rules/web/web_cve-2010-1534_exploitation_attempt.yml index 1649ce5f6..ce58f7847 100644 --- a/rules/web/web_cve-2010-1534_exploitation_attempt.yml +++ b/rules/web/web_cve-2010-1534_exploitation_attempt.yml @@ -1,5 +1,5 @@ title: CVE-2010-1534 Exploitation Attempt -id: 25de4419-cce2-4b62-8204-8a4e38114c09 +id: 2a9be005-a6b9-4cdc-aa9e-4d08ba721143 author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental @@ -9,6 +9,8 @@ description: Joomla! Component Shoutbox Pro - Local File Inclusion:Directory tra to index.php. references: - https://github.com/projectdiscovery/nuclei-templates +logsource: + category: webserver detection: selection: c-uri|contains: diff --git a/rules/web/web_cve-2010-1535_exploitation_attempt.yml b/rules/web/web_cve-2010-1535_exploitation_attempt.yml index ce87bdecc..3adce8a29 100644 --- a/rules/web/web_cve-2010-1535_exploitation_attempt.yml +++ b/rules/web/web_cve-2010-1535_exploitation_attempt.yml @@ -1,5 +1,5 @@ title: CVE-2010-1535 Exploitation Attempt -id: df8fe6a5-b4a6-4d8f-bd32-b6456544d0f8 +id: ce1c278f-5c58-4846-93eb-3fd21ed6b41c author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental @@ -9,6 +9,8 @@ description: Joomla! Component TRAVELbook 1.0.1 - Local File Inclusion:Directory via a .. (dot dot) in the controller parameter to index.php. references: - https://github.com/projectdiscovery/nuclei-templates +logsource: + category: webserver detection: selection: c-uri|contains: diff --git a/rules/web/web_cve-2010-1601_exploitation_attempt.yml b/rules/web/web_cve-2010-1601_exploitation_attempt.yml index a715d0fa3..208fd52b2 100644 --- a/rules/web/web_cve-2010-1601_exploitation_attempt.yml +++ b/rules/web/web_cve-2010-1601_exploitation_attempt.yml @@ -1,5 +1,5 @@ title: CVE-2010-1601 Exploitation Attempt -id: cfd25065-8f6b-4181-bda1-e3507b51b114 +id: b2dd80fa-e3bf-4321-bc39-c37295d513dd author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental @@ -8,6 +8,8 @@ description: Joomla! Component JA Comment - Local File Inclusion:Directory trave attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. references: - https://github.com/projectdiscovery/nuclei-templates +logsource: + category: webserver detection: selection: c-uri|contains: diff --git a/rules/web/web_cve-2010-1602_exploitation_attempt.yml b/rules/web/web_cve-2010-1602_exploitation_attempt.yml index 41d81aeca..a41a645d6 100644 --- a/rules/web/web_cve-2010-1602_exploitation_attempt.yml +++ b/rules/web/web_cve-2010-1602_exploitation_attempt.yml @@ -1,5 +1,5 @@ title: CVE-2010-1602 Exploitation Attempt -id: 6a5cc49b-2487-4ec4-8c33-c7d7ba2a3196 +id: f042c30f-ec39-4d1f-bc8b-56c94cd870a7 author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental @@ -9,6 +9,8 @@ description: Joomla! Component ZiMB Comment 0.8.1 - Local File Inclusion:Directo other impact via a .. (dot dot) in the controller parameter to index.php. references: - https://github.com/projectdiscovery/nuclei-templates +logsource: + category: webserver detection: selection: c-uri|contains: diff --git a/rules/web/web_cve-2010-1607_exploitation_attempt.yml b/rules/web/web_cve-2010-1607_exploitation_attempt.yml index f95b2209b..6fdab6d46 100644 --- a/rules/web/web_cve-2010-1607_exploitation_attempt.yml +++ b/rules/web/web_cve-2010-1607_exploitation_attempt.yml @@ -1,5 +1,5 @@ title: CVE-2010-1607 Exploitation Attempt -id: 02ad707d-11d8-4654-93b7-668ee425618c +id: 699e3765-a82a-4d7c-8214-8e8fe7c57fdd author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental @@ -9,6 +9,8 @@ description: Joomla! Component WMI 1.5.0 - Local File Inclusion:Directory traver local files via a .. (dot dot) in the controller parameter to index.php. references: - https://github.com/projectdiscovery/nuclei-templates +logsource: + category: webserver detection: selection: c-uri|contains: diff --git a/rules/web/web_cve-2010-1657_exploitation_attempt.yml b/rules/web/web_cve-2010-1657_exploitation_attempt.yml index ee93c1d6d..d861dbc27 100644 --- a/rules/web/web_cve-2010-1657_exploitation_attempt.yml +++ b/rules/web/web_cve-2010-1657_exploitation_attempt.yml @@ -1,5 +1,5 @@ title: CVE-2010-1657 Exploitation Attempt -id: adf6f8fb-fe7f-4dc2-af06-7f8885c5e9e9 +id: e218a3bd-5583-4737-a993-60c14a6839a8 author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental @@ -9,6 +9,8 @@ description: Joomla! Component SmartSite 1.0.0 - Local File Inclusion:Directory to index.php. references: - https://github.com/projectdiscovery/nuclei-templates +logsource: + category: webserver detection: selection: c-uri|contains: diff --git a/rules/web/web_cve-2010-1659_exploitation_attempt.yml b/rules/web/web_cve-2010-1659_exploitation_attempt.yml index dd7a2a06c..e2208448f 100644 --- a/rules/web/web_cve-2010-1659_exploitation_attempt.yml +++ b/rules/web/web_cve-2010-1659_exploitation_attempt.yml @@ -1,5 +1,5 @@ title: CVE-2010-1659 Exploitation Attempt -id: bad7c462-464c-4471-8b46-309f295c5f09 +id: dde389b6-a56a-48a6-98f6-a58ea7adc0b6 author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental @@ -9,6 +9,8 @@ description: Joomla! Component Ultimate Portfolio 1.0 - Local File Inclusion:Dir in the controller parameter to index.php. references: - https://github.com/projectdiscovery/nuclei-templates +logsource: + category: webserver detection: selection: c-uri|contains: diff --git a/rules/web/web_cve-2010-1714_exploitation_attempt.yml b/rules/web/web_cve-2010-1714_exploitation_attempt.yml index 6c99e6f86..16d1438ad 100644 --- a/rules/web/web_cve-2010-1714_exploitation_attempt.yml +++ b/rules/web/web_cve-2010-1714_exploitation_attempt.yml @@ -1,5 +1,5 @@ title: CVE-2010-1714 Exploitation Attempt -id: 3d08c7e5-c55f-48e9-90d9-5abfd04e59f0 +id: 52e333b4-a627-44d5-818d-c222c47568e4 author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental @@ -9,6 +9,8 @@ description: Joomla! Component Arcade Games 1.0 - Local File Inclusion:Directory to index.php. references: - https://github.com/projectdiscovery/nuclei-templates +logsource: + category: webserver detection: selection: c-uri|contains: diff --git a/rules/web/web_cve-2010-1717_exploitation_attempt.yml b/rules/web/web_cve-2010-1717_exploitation_attempt.yml index 20749f733..b05337868 100644 --- a/rules/web/web_cve-2010-1717_exploitation_attempt.yml +++ b/rules/web/web_cve-2010-1717_exploitation_attempt.yml @@ -1,5 +1,5 @@ title: CVE-2010-1717 Exploitation Attempt -id: d86b7f81-416b-41e1-81d8-d8b0ce291879 +id: 7b5b8495-759b-4ebe-917e-7902579036d9 author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental @@ -9,6 +9,8 @@ description: Joomla! Component iF surfALERT 1.2 - Local File Inclusion:Directory via a .. (dot dot) in the controller parameter to index.php. references: - https://github.com/projectdiscovery/nuclei-templates +logsource: + category: webserver detection: selection: c-uri|contains: diff --git a/rules/web/web_cve-2010-1718_exploitation_attempt.yml b/rules/web/web_cve-2010-1718_exploitation_attempt.yml index c18702c46..67d257aed 100644 --- a/rules/web/web_cve-2010-1718_exploitation_attempt.yml +++ b/rules/web/web_cve-2010-1718_exploitation_attempt.yml @@ -1,5 +1,5 @@ title: CVE-2010-1718 Exploitation Attempt -id: be0a91f3-44af-423b-ac25-21cac3719194 +id: b263bad9-acf2-45d6-a1e7-bfde91cdcf08 author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental @@ -9,6 +9,8 @@ description: Joomla! Component Archery Scores 1.0.6 - Local File Inclusion:Direc local files via a .. (dot dot) in the controller parameter to index.php. references: - https://github.com/projectdiscovery/nuclei-templates +logsource: + category: webserver detection: selection: c-uri|contains: diff --git a/rules/web/web_cve-2010-1719_exploitation_attempt.yml b/rules/web/web_cve-2010-1719_exploitation_attempt.yml index ad0528dee..c5589c7f5 100644 --- a/rules/web/web_cve-2010-1719_exploitation_attempt.yml +++ b/rules/web/web_cve-2010-1719_exploitation_attempt.yml @@ -1,5 +1,5 @@ title: CVE-2010-1719 Exploitation Attempt -id: 7e6667ad-773d-430f-803e-b0434e1a18b0 +id: 77d936f8-0b09-4996-bb2e-52893a34f91f author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental @@ -9,6 +9,8 @@ description: Joomla! Component MT Fire Eagle 1.2 - Local File Inclusion:Director other impact via a .. (dot dot) in the controller parameter to index.php. references: - https://github.com/projectdiscovery/nuclei-templates +logsource: + category: webserver detection: selection: c-uri|contains: diff --git a/rules/web/web_cve-2010-1722_exploitation_attempt.yml b/rules/web/web_cve-2010-1722_exploitation_attempt.yml index 915152b49..98629be1b 100644 --- a/rules/web/web_cve-2010-1722_exploitation_attempt.yml +++ b/rules/web/web_cve-2010-1722_exploitation_attempt.yml @@ -1,5 +1,5 @@ title: CVE-2010-1722 Exploitation Attempt -id: b6b08f77-dd85-43a1-aba7-2c5019de2cbb +id: 26b7051c-48b7-4212-ac5e-c8799fe80bdf author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental @@ -9,6 +9,8 @@ description: Joomla! Component Online Market 2.x - Local File Inclusion:Director impact via a .. (dot dot) in the controller parameter to index.php. references: - https://github.com/projectdiscovery/nuclei-templates +logsource: + category: webserver detection: selection: c-uri|contains: diff --git a/rules/web/web_cve-2010-1875_exploitation_attempt.yml b/rules/web/web_cve-2010-1875_exploitation_attempt.yml index 3327818da..fff7c1655 100644 --- a/rules/web/web_cve-2010-1875_exploitation_attempt.yml +++ b/rules/web/web_cve-2010-1875_exploitation_attempt.yml @@ -1,5 +1,5 @@ title: CVE-2010-1875 Exploitation Attempt -id: dd496a1a-4d1a-466b-961a-c5ec583d9c2a +id: 28aadbf4-5125-4e7c-9f79-c907363bebd2 author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental @@ -9,6 +9,8 @@ description: Joomla! Component Property - Local File Inclusion:Directory travers other impact via a .. (dot dot) in the controller parameter to index.php. references: - https://github.com/projectdiscovery/nuclei-templates +logsource: + category: webserver detection: selection: c-uri|contains: diff --git a/rules/web/web_cve-2010-1953_exploitation_attempt.yml b/rules/web/web_cve-2010-1953_exploitation_attempt.yml index 44324f9cf..68fd370bf 100644 --- a/rules/web/web_cve-2010-1953_exploitation_attempt.yml +++ b/rules/web/web_cve-2010-1953_exploitation_attempt.yml @@ -1,5 +1,5 @@ title: CVE-2010-1953 Exploitation Attempt -id: 57d8ec13-203c-41fd-ab1f-1faae9b50704 +id: ebcd435e-0ed6-4d35-b08f-d5a875608f82 author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental @@ -9,6 +9,8 @@ description: Joomla! Component iNetLanka Multiple Map 1.0 - Local File Inclusion the controller parameter to index.php. references: - https://github.com/projectdiscovery/nuclei-templates +logsource: + category: webserver detection: selection: c-uri|contains: diff --git a/rules/web/web_cve-2010-1954_exploitation_attempt.yml b/rules/web/web_cve-2010-1954_exploitation_attempt.yml index b8a24efbf..1da216a23 100644 --- a/rules/web/web_cve-2010-1954_exploitation_attempt.yml +++ b/rules/web/web_cve-2010-1954_exploitation_attempt.yml @@ -1,5 +1,5 @@ title: CVE-2010-1954 Exploitation Attempt -id: 75db8c01-6053-40f5-bde9-3eb9b58c6993 +id: 651421c8-279e-4813-954e-64b9d05d1a06 author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental @@ -9,6 +9,8 @@ description: Joomla! Component iNetLanka Multiple root 1.0 - Local File Inclusio (dot dot) in the controller parameter to index.php. references: - https://github.com/projectdiscovery/nuclei-templates +logsource: + category: webserver detection: selection: c-uri|contains: diff --git a/rules/web/web_cve-2010-1955_exploitation_attempt.yml b/rules/web/web_cve-2010-1955_exploitation_attempt.yml index 5d45ec589..abdda4f9b 100644 --- a/rules/web/web_cve-2010-1955_exploitation_attempt.yml +++ b/rules/web/web_cve-2010-1955_exploitation_attempt.yml @@ -1,5 +1,5 @@ title: CVE-2010-1955 Exploitation Attempt -id: c6c7a6f6-53ae-4dd9-b765-369572746618 +id: ed851f14-5b09-4463-bd9b-75bade8718ff author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental @@ -9,6 +9,8 @@ description: Joomla! Component Deluxe Blog Factory 1.1.2 - Local File Inclusion: the controller parameter to index.php. references: - https://github.com/projectdiscovery/nuclei-templates +logsource: + category: webserver detection: selection: c-uri|contains: diff --git a/rules/web/web_cve-2010-1956_exploitation_attempt.yml b/rules/web/web_cve-2010-1956_exploitation_attempt.yml index be22f9f49..448c125f7 100644 --- a/rules/web/web_cve-2010-1956_exploitation_attempt.yml +++ b/rules/web/web_cve-2010-1956_exploitation_attempt.yml @@ -1,5 +1,5 @@ title: CVE-2010-1956 Exploitation Attempt -id: 45c57364-0925-43c7-8340-2a4a3d57d080 +id: 19d87410-0d59-4176-b0f2-65c2e33c07e7 author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental @@ -9,6 +9,8 @@ description: Joomla! Component Gadget Factory 1.0.0 - Local File Inclusion:Direc dot) in the controller parameter to index.php. references: - https://github.com/projectdiscovery/nuclei-templates +logsource: + category: webserver detection: selection: c-uri|contains: diff --git a/rules/web/web_cve-2010-1979_exploitation_attempt.yml b/rules/web/web_cve-2010-1979_exploitation_attempt.yml index 44b2760fd..1ecb9b3b7 100644 --- a/rules/web/web_cve-2010-1979_exploitation_attempt.yml +++ b/rules/web/web_cve-2010-1979_exploitation_attempt.yml @@ -1,5 +1,5 @@ title: CVE-2010-1979 Exploitation Attempt -id: 26d368fb-6ba7-42c0-9fdd-cb704c9b5762 +id: 924df1b0-04f2-4e4a-b638-519a6eb3d4e5 author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental @@ -9,6 +9,8 @@ description: Joomla! Component Affiliate Datafeeds 880 - Local File Inclusion:Di in the controller parameter to index.php. references: - https://github.com/projectdiscovery/nuclei-templates +logsource: + category: webserver detection: selection: c-uri|contains: diff --git a/rules/web/web_cve-2010-1980_exploitation_attempt.yml b/rules/web/web_cve-2010-1980_exploitation_attempt.yml index 74f85631f..c142f1205 100644 --- a/rules/web/web_cve-2010-1980_exploitation_attempt.yml +++ b/rules/web/web_cve-2010-1980_exploitation_attempt.yml @@ -1,5 +1,5 @@ title: CVE-2010-1980 Exploitation Attempt -id: a3003789-08e5-43c3-bf3b-a41498b626be +id: f6af8453-b1d9-4714-a005-fd231d940855 author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental @@ -9,6 +9,8 @@ description: Joomla! Component Joomla! Flickr 1.0 - Local File Inclusion:Directo local files via a .. (dot dot) in the controller parameter to index.php. references: - https://github.com/projectdiscovery/nuclei-templates +logsource: + category: webserver detection: selection: c-uri|contains: diff --git a/rules/web/web_cve-2010-1981_exploitation_attempt.yml b/rules/web/web_cve-2010-1981_exploitation_attempt.yml index 61351d148..a66a65820 100644 --- a/rules/web/web_cve-2010-1981_exploitation_attempt.yml +++ b/rules/web/web_cve-2010-1981_exploitation_attempt.yml @@ -1,5 +1,5 @@ title: CVE-2010-1981 Exploitation Attempt -id: 4819d179-2307-4d81-a96a-a6af63583c90 +id: c0bc20f5-f9f7-4019-83fd-19398acdfb0a author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental @@ -9,6 +9,8 @@ description: Joomla! Component Fabrik 2.0 - Local File Inclusion:Directory trave to index.php. references: - https://github.com/projectdiscovery/nuclei-templates +logsource: + category: webserver detection: selection: c-uri|contains: diff --git a/rules/web/web_cve-2010-1983_exploitation_attempt.yml b/rules/web/web_cve-2010-1983_exploitation_attempt.yml index 89e35f9f2..208e28d0c 100644 --- a/rules/web/web_cve-2010-1983_exploitation_attempt.yml +++ b/rules/web/web_cve-2010-1983_exploitation_attempt.yml @@ -1,5 +1,5 @@ title: CVE-2010-1983 Exploitation Attempt -id: 34aeb1ba-e6a1-47d8-b705-89f21530c0bc +id: 113530a7-3288-4f04-887d-127c962e0415 author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental @@ -9,6 +9,8 @@ description: Joomla! Component redTWITTER 1.0 - Local File Inclusion:Directory t the view parameter to index.php references: - https://github.com/projectdiscovery/nuclei-templates +logsource: + category: webserver detection: selection: c-uri|contains: diff --git a/rules/web/web_cve-2010-2033_exploitation_attempt.yml b/rules/web/web_cve-2010-2033_exploitation_attempt.yml index 4d19b0ba4..133697d2b 100644 --- a/rules/web/web_cve-2010-2033_exploitation_attempt.yml +++ b/rules/web/web_cve-2010-2033_exploitation_attempt.yml @@ -1,5 +1,5 @@ title: CVE-2010-2033 Exploitation Attempt -id: 6fe83c91-50fa-4715-abeb-56db4494f0d6 +id: 8081629e-b3a0-4abc-b254-1cdf6cd8f9c8 author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental @@ -9,6 +9,8 @@ description: Joomla Percha Categories Tree 0.6 - Local File Inclusion:Directory other impact via a .. (dot dot) in the controller parameter to index.php. references: - https://github.com/projectdiscovery/nuclei-templates +logsource: + category: webserver detection: selection: c-uri|contains: diff --git a/rules/web/web_cve-2010-2034_exploitation_attempt.yml b/rules/web/web_cve-2010-2034_exploitation_attempt.yml index e4c6c576c..55fa11066 100644 --- a/rules/web/web_cve-2010-2034_exploitation_attempt.yml +++ b/rules/web/web_cve-2010-2034_exploitation_attempt.yml @@ -1,5 +1,5 @@ title: CVE-2010-2034 Exploitation Attempt -id: ac5d3e21-b01f-4bd3-b541-96107ca1a575 +id: af8a99cc-e237-405f-a399-dd3d81109c90 author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental @@ -9,6 +9,8 @@ description: Joomla! Component Percha Image Attach 1.1 - Directory Traversal:Dir unspecified other impact via a .. (dot dot) in the controller parameter to index.php. references: - https://github.com/projectdiscovery/nuclei-templates +logsource: + category: webserver detection: selection: c-uri|contains: diff --git a/rules/web/web_cve-2010-2035_exploitation_attempt.yml b/rules/web/web_cve-2010-2035_exploitation_attempt.yml index 5dc18fac6..ab08ba811 100644 --- a/rules/web/web_cve-2010-2035_exploitation_attempt.yml +++ b/rules/web/web_cve-2010-2035_exploitation_attempt.yml @@ -1,5 +1,5 @@ title: CVE-2010-2035 Exploitation Attempt -id: a3d33778-c46a-4c7f-93d0-32fa6f44f216 +id: 58483eec-3415-4b3a-958b-5107727a3388 author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental @@ -9,6 +9,8 @@ description: Joomla! Component Percha Gallery 1.6 Beta - Directory Traversal:Dir unspecified other impact via a .. (dot dot) in the controller parameter to index.php. references: - https://github.com/projectdiscovery/nuclei-templates +logsource: + category: webserver detection: selection: c-uri|contains: diff --git a/rules/web/web_cve-2010-2036_exploitation_attempt.yml b/rules/web/web_cve-2010-2036_exploitation_attempt.yml index 213ad9a80..0d46db2ae 100644 --- a/rules/web/web_cve-2010-2036_exploitation_attempt.yml +++ b/rules/web/web_cve-2010-2036_exploitation_attempt.yml @@ -1,5 +1,5 @@ title: CVE-2010-2036 Exploitation Attempt -id: ab306706-061e-418d-bcda-f2350f713aa3 +id: e5fa9960-e1c3-4f95-93c0-66e3c29bd5d8 author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental @@ -9,6 +9,8 @@ description: Joomla! Component Percha Fields Attach 1.0 - Directory Traversal:Di unspecified other impact via a .. (dot dot) in the controller parameter to index.php. references: - https://github.com/projectdiscovery/nuclei-templates +logsource: + category: webserver detection: selection: c-uri|contains: diff --git a/rules/web/web_cve-2010-2122_exploitation_attempt.yml b/rules/web/web_cve-2010-2122_exploitation_attempt.yml index cbf7c4a1c..015f44d83 100644 --- a/rules/web/web_cve-2010-2122_exploitation_attempt.yml +++ b/rules/web/web_cve-2010-2122_exploitation_attempt.yml @@ -1,5 +1,5 @@ title: CVE-2010-2122 Exploitation Attempt -id: 9c26c662-bd83-453c-bee6-af9ec135f0ed +id: be413e66-166e-42bb-875d-72552abfe774 author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental @@ -9,6 +9,8 @@ description: Joomla! Component simpledownload 0.9.5 - Local File Disclosure:Dire files via a .. (dot dot) in the controller parameter to index.php. references: - https://github.com/projectdiscovery/nuclei-templates +logsource: + category: webserver detection: selection: c-uri|contains: diff --git a/rules/web/web_cve-2010-2259_exploitation_attempt.yml b/rules/web/web_cve-2010-2259_exploitation_attempt.yml index f270d25cc..32350c5d4 100644 --- a/rules/web/web_cve-2010-2259_exploitation_attempt.yml +++ b/rules/web/web_cve-2010-2259_exploitation_attempt.yml @@ -1,5 +1,5 @@ title: CVE-2010-2259 Exploitation Attempt -id: 5122163e-68ae-4091-becc-1ce76da87818 +id: c26a4ac4-9dff-47b3-a602-70eb83aad468 author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental @@ -9,6 +9,8 @@ description: Joomla! Component com_bfsurvey - Local File Inclusion:Directory tra controller parameter to index.php. references: - https://github.com/projectdiscovery/nuclei-templates +logsource: + category: webserver detection: selection: c-uri|contains: diff --git a/rules/web/web_cve-2010-2307_exploitation_attempt.yml b/rules/web/web_cve-2010-2307_exploitation_attempt.yml index aa36c44ee..91eeaa631 100644 --- a/rules/web/web_cve-2010-2307_exploitation_attempt.yml +++ b/rules/web/web_cve-2010-2307_exploitation_attempt.yml @@ -1,5 +1,5 @@ title: CVE-2010-2307 Exploitation Attempt -id: 5ca51722-d5ab-4fd2-8019-d86ab7c4ab06 +id: dd54adb6-05b1-40d6-a609-d5c8f3745853 author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental @@ -10,6 +10,8 @@ description: Motorola SBV6120E SURFboard Digital Voice Modem SBV6X2X-1.0.0.5-SCM (2) ../ (dot dot) sequences, and encoded dot dot sequences in a URL request. references: - https://github.com/projectdiscovery/nuclei-templates +logsource: + category: webserver detection: selection: c-uri|contains: diff --git a/rules/web/web_cve-2010-2682_exploitation_attempt.yml b/rules/web/web_cve-2010-2682_exploitation_attempt.yml index e37ba64c0..3f464d30e 100644 --- a/rules/web/web_cve-2010-2682_exploitation_attempt.yml +++ b/rules/web/web_cve-2010-2682_exploitation_attempt.yml @@ -1,5 +1,5 @@ title: CVE-2010-2682 Exploitation Attempt -id: 9523ed0f-8d29-43d2-ba03-80021ca432e9 +id: 74bbe7ca-4136-46a2-a5fd-f521b0c773b3 author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental @@ -9,6 +9,8 @@ description: Joomla! Component Realtyna Translator 1.0.15 - Local File Inclusion other impact via a .. (dot dot) in the controller parameter to index.php. references: - https://github.com/projectdiscovery/nuclei-templates +logsource: + category: webserver detection: selection: c-uri|contains: diff --git a/rules/web/web_cve-2010-2861_exploitation_attempt.yml b/rules/web/web_cve-2010-2861_exploitation_attempt.yml index 02c606e5f..8477110dd 100644 --- a/rules/web/web_cve-2010-2861_exploitation_attempt.yml +++ b/rules/web/web_cve-2010-2861_exploitation_attempt.yml @@ -1,5 +1,5 @@ title: CVE-2010-2861 Exploitation Attempt -id: fe01aa56-4e1f-4a9e-8a91-a54ecb03337e +id: b7f12d62-4aa3-48aa-bfbf-5a12966ebed9 author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental @@ -10,6 +10,8 @@ description: Adobe ColdFusion 8.0/8.0.1/9.0/9.0.1 LFI:Multiple directory travers and (5) enter.cfm in CFIDE/administrator/. references: - https://github.com/projectdiscovery/nuclei-templates +logsource: + category: webserver detection: selection: c-uri|contains: diff --git a/rules/web/web_cve-2010-2920_exploitation_attempt.yml b/rules/web/web_cve-2010-2920_exploitation_attempt.yml index fcae4a86a..32a850def 100644 --- a/rules/web/web_cve-2010-2920_exploitation_attempt.yml +++ b/rules/web/web_cve-2010-2920_exploitation_attempt.yml @@ -1,5 +1,5 @@ title: CVE-2010-2920 Exploitation Attempt -id: 06d7adfa-1797-499d-a070-afb10935ac16 +id: c4bdce4d-6a3c-4760-be05-a3bf923f7f0e author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental @@ -9,6 +9,8 @@ description: Joomla! Component Foobla Suggestions 1.5.1.2 - Local File Inclusion traversal sequences in the controller parameter to index.php. references: - https://github.com/projectdiscovery/nuclei-templates +logsource: + category: webserver detection: selection: c-uri|contains: diff --git a/rules/web/web_cve-2010-3426_exploitation_attempt.yml b/rules/web/web_cve-2010-3426_exploitation_attempt.yml index a5571a8de..69f3ca3fd 100644 --- a/rules/web/web_cve-2010-3426_exploitation_attempt.yml +++ b/rules/web/web_cve-2010-3426_exploitation_attempt.yml @@ -1,5 +1,5 @@ title: CVE-2010-3426 Exploitation Attempt -id: 2cb7c37d-e5a6-4dee-a34f-7b96ea217d5b +id: 4387e23a-0022-454e-8f9a-e2f19b97fbce author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental @@ -9,6 +9,8 @@ description: Joomla! Component Jphone 1.0 Alpha 3 - Local File Inclusion:Directo via a .. (dot dot) in the controller parameter to index.php. references: - https://github.com/projectdiscovery/nuclei-templates +logsource: + category: webserver detection: selection: c-uri|contains: diff --git a/rules/web/web_cve-2010-4231_exploitation_attempt.yml b/rules/web/web_cve-2010-4231_exploitation_attempt.yml index 216b3351e..a04663df4 100644 --- a/rules/web/web_cve-2010-4231_exploitation_attempt.yml +++ b/rules/web/web_cve-2010-4231_exploitation_attempt.yml @@ -1,5 +1,5 @@ title: CVE-2010-4231 Exploitation Attempt -id: dbf4c46f-5581-4cbd-8f31-7183bd7bc9eb +id: 7f38b244-d9e1-4ad4-a4c2-326accaefbfd author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental @@ -8,6 +8,8 @@ description: Camtron CMNC-200 IP Camera - Directory Traversal:The CMNC-200 IP Ca directory transversal attacks, allowing access to any file on the camera file system. references: - https://github.com/projectdiscovery/nuclei-templates +logsource: + category: webserver detection: selection: c-uri|contains: diff --git a/rules/web/web_cve-2010-4617_exploitation_attempt.yml b/rules/web/web_cve-2010-4617_exploitation_attempt.yml index 8664cee01..9cb15ecae 100644 --- a/rules/web/web_cve-2010-4617_exploitation_attempt.yml +++ b/rules/web/web_cve-2010-4617_exploitation_attempt.yml @@ -1,5 +1,5 @@ title: CVE-2010-4617 Exploitation Attempt -id: 6e5bcbec-b693-4dc2-b093-38e07d0dd405 +id: 62a7a20d-34f2-4b54-962b-539f17723730 author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental @@ -9,6 +9,8 @@ description: Joomla! Component JotLoader 2.2.1 - Local File Inclusion:Directory section parameter to index.php. references: - https://github.com/projectdiscovery/nuclei-templates +logsource: + category: webserver detection: selection: c-uri|contains: diff --git a/rules/web/web_cve-2010-5278_exploitation_attempt.yml b/rules/web/web_cve-2010-5278_exploitation_attempt.yml index 9226d793c..0e99c6b30 100644 --- a/rules/web/web_cve-2010-5278_exploitation_attempt.yml +++ b/rules/web/web_cve-2010-5278_exploitation_attempt.yml @@ -1,5 +1,5 @@ title: CVE-2010-5278 Exploitation Attempt -id: 88280398-c4a7-498f-9652-86d2448418d1 +id: a4a899e8-fd7a-49dd-b5a8-7044def72d61 author: Subhash Popuri (@pbssubhash) date: 2021/08/25 status: experimental @@ -9,6 +9,8 @@ description: MODx manager - Local File Inclusion:Directory traversal vulnerabili read arbitrary files via a .. (dot dot) in the class_key parameter. references: - https://github.com/projectdiscovery/nuclei-templates +logsource: + category: webserver detection: selection: c-uri|contains: diff --git a/rules/web/web_cve_2010_5278_exploitation_attempt.yml b/rules/web/web_cve_2010_5278_exploitation_attempt.yml deleted file mode 100644 index 3540cbf38..000000000 --- a/rules/web/web_cve_2010_5278_exploitation_attempt.yml +++ /dev/null @@ -1,24 +0,0 @@ -title: CVE-2010-5278 Joomla JaShowcase Exploitation Attempt -id: 55a72ccd-4f16-42a7-afc8-f7958035bf90 -author: Subhash Popuri (@pbssubhash) -date: 2021/08/25 -status: experimental -description: Directory traversal vulnerability in manager/controllers/default/resource/tvs.php - in MODx Revolution 2.0.2-pl, and possibly earlier, when magic_quotes_gpc is disabled, - allows remote attackers to read arbitrary files via a .. (dot dot) in the class_key - parameter. -references: - - https://www.exploit-db.com/exploits/34788 - - https://www.cvedetails.com/cve/CVE-2010-5278 - - https://github.com/projectdiscovery/nuclei-templates -detection: - selection: - c-uri|contains: '/manager/controllers/default/resource/tvs.php?class_key=../../../../../../../../../../windows/win.ini%00' - condition: selection -false_positives: - - Scanning from Nuclei - - Penetration Testing Activity -tags: - - attack.initial_access - - attack.t1190 -level: critical diff --git a/rules/windows/file_event/sysmon_detect_powerup_dllhijacking.yml b/rules/windows/file_event/sysmon_detect_powerup_dllhijacking.yml index 702dcf29c..79718f93c 100644 --- a/rules/windows/file_event/sysmon_detect_powerup_dllhijacking.yml +++ b/rules/windows/file_event/sysmon_detect_powerup_dllhijacking.yml @@ -1,13 +1,13 @@ title: Powerup Write Hijack DLL id: 602a1f13-c640-4d73-b053-be9a2fa58b96 status: experimental -description: | +description: Powerup tool's Write Hijack DLL exploits DLL hijacking for privilege escalation. In it's default mode, it builds a self deleting .bat file which executes malicious command. The detection rule relies on creation of the malicious bat file (debug.bat by default). references: - https://powersploit.readthedocs.io/en/latest/Privesc/Write-HijackDll/ -author: pbssubhash +author: Subhash Popuri (@pbssubhash) date: 2021/08/21 tags: - attack.persistence