Cleanup

2024-11-06 17:35:19 +00:00 · 2021-08-25 21:40:32 +05:30 · 2021-08-25 21:40:32 +05:30 · e3331a4d0a
commit e3331a4d0a
parent 25bcf1695d
32 changed files with 0 additions and 794 deletions
--- a/rules/web/web_cve_CVE-2010-0943
+++ b/rules/web/web_cve_CVE-2010-0943
@ -1,25 +0,0 @@
-title: CVE-2010-0943 exploitation attempt
-id: 63b70c55-0d7a-4e2f-a130-11028352b6ff
-Author: Subhash Popuri (@pbssubhash)
-date: 25/08/2021
-status: experimental
-description: Directory traversal vulnerability in the JA Showcase (com_jashowcase)
-  component for Joomla! allows remote attackers to read arbitrary files via a .. (dot
-  dot) in the controller parameter in a jashowcase action to index.php.
-references:
- https://www.exploit-db.com/exploits/11090
- https://www.cvedetails.com/cve/CVE-2010-0943
- https://github.com/projectdiscovery/nuclei-templates
-detection:
-  selection:
-    c-uri|contains:
-    - /index.php?option=com_jashowcase&view=jashowcase&controller=../../../../../../../etc/passwd%00
-  condition: selection
-false_positives:
- Scanning from Nuclei
- Penetration Testing Activity
- Unknown
-tags:
- attack.initial_access
- attack.t1190
-level: critical
--- a/rules/web/web_cve_CVE-2010-0944
+++ b/rules/web/web_cve_CVE-2010-0944
@ -1,25 +0,0 @@
-title: CVE-2010-0944 exploitation attempt
-id: d30903f7-cb51-445f-81a1-f2948f5fb763
-Author: Subhash Popuri (@pbssubhash)
-date: 25/08/2021
-status: experimental
-description: Directory traversal vulnerability in the JCollection (com_jcollection)
-  component for Joomla! allows remote attackers to read arbitrary files via a .. (dot
-  dot) in the controller parameter to index.php.
-references:
- https://www.exploit-db.com/exploits/11088
- https://www.cvedetails.com/cve/CVE-2010-0944
- https://github.com/projectdiscovery/nuclei-templates
-detection:
-  selection:
-    c-uri|contains:
-    - /index.php?option=com_jcollection&controller=../../../../../../../etc/passwd%00
-  condition: selection
-false_positives:
- Scanning from Nuclei
- Penetration Testing Activity
- Unknown
-tags:
- attack.initial_access
- attack.t1190
-level: critical
--- a/rules/web/web_cve_CVE-2010-1306
+++ b/rules/web/web_cve_CVE-2010-1306
@ -1,23 +0,0 @@
-title: CVE-2010-1306 exploitation attempt
-id: a12a5acd-3ebf-46b8-9ff3-95daeb84b801
-Author: Subhash Popuri (@pbssubhash)
-date: 25/08/2021
-status: experimental
-description: Directory traversal vulnerability in the Picasa (com_joomlapicasa2) component
-  2.0 and 2.0.5 for Joomla! allows remote attackers to read arbitrary local files
-  via a .. (dot dot) in the controller parameter to index.php.
-references:
- https://github.com/projectdiscovery/nuclei-templates
-detection:
-  selection:
-    c-uri|contains:
-    - /index.php?option=com_joomlapicasa2&controller=../../../../../etc/passwd%00
-  condition: selection
-false_positives:
- Scanning from Nuclei
- Penetration Testing Activity
- Unknown
-tags:
- attack.initial_access
- attack.t1190
-level: critical
--- a/rules/web/web_cve_CVE-2010-1314
+++ b/rules/web/web_cve_CVE-2010-1314
@ -1,23 +0,0 @@
-title: CVE-2010-1314 exploitation attempt
-id: 24c87e4f-7206-451a-9164-364ca4f3c388
-Author: Subhash Popuri (@pbssubhash)
-date: 25/08/2021
-status: experimental
-description: Directory traversal vulnerability in the Highslide JS (com_hsconfig)
-  component 1.5 and 2.0.9 for Joomla! allows remote attackers to read arbitrary files
-  via a .. (dot dot) in the controller parameter to index.php.
-references:
- https://github.com/projectdiscovery/nuclei-templates
-detection:
-  selection:
-    c-uri|contains:
-    - /index.php?option=com_hsconfig&controller=../../../../../../../../../../etc/passwd%00
-  condition: selection
-false_positives:
- Scanning from Nuclei
- Penetration Testing Activity
- Unknown
-tags:
- attack.initial_access
- attack.t1190
-level: critical
--- a/rules/web/web_cve_CVE-2010-1345
+++ b/rules/web/web_cve_CVE-2010-1345
@ -1,23 +0,0 @@
-title: CVE-2010-1345 exploitation attempt
-id: 5f723f65-f584-49f3-87c0-7babbae20d9d
-Author: Subhash Popuri (@pbssubhash)
-date: 25/08/2021
-status: experimental
-description: Directory traversal vulnerability in the Cookex Agency CKForms (com_ckforms)
-  component 1.3.3 for Joomla! allows remote attackers to read arbitrary files via
-  a .. (dot dot) in the controller parameter to index.php.
-references:
- https://github.com/projectdiscovery/nuclei-templates
-detection:
-  selection:
-    c-uri|contains:
-    - /index.php?option=com_ckforms&controller=../../../../../../../../../../etc/passwd%00
-  condition: selection
-false_positives:
- Scanning from Nuclei
- Penetration Testing Activity
- Unknown
-tags:
- attack.initial_access
- attack.t1190
-level: critical
--- a/rules/web/web_cve_CVE-2010-1353
+++ b/rules/web/web_cve_CVE-2010-1353
@ -1,25 +0,0 @@
-title: CVE-2010-1353 exploitation attempt
-id: 26d15692-1cfc-4427-8e7d-9a364c2628f3
-Author: Subhash Popuri (@pbssubhash)
-date: 25/08/2021
-status: experimental
-description: Directory traversal vulnerability in the LoginBox Pro (com_loginbox)
-  component for Joomla! allows remote attackers to read arbitrary files via a .. (dot
-  dot) in the view parameter to index.php.
-references:
- https://www.exploit-db.com/exploits/12068
- https://www.cvedetails.com/cve/CVE-2010-1353
- https://github.com/projectdiscovery/nuclei-templates
-detection:
-  selection:
-    c-uri|contains:
-    - /index.php?option=com_loginbox&view=../../../../../../../../../etc/passwd%00
-  condition: selection
-false_positives:
- Scanning from Nuclei
- Penetration Testing Activity
- Unknown
-tags:
- attack.initial_access
- attack.t1190
-level: critical
--- a/rules/web/web_cve_CVE-2010-1474
+++ b/rules/web/web_cve_CVE-2010-1474
@ -1,26 +0,0 @@
-title: CVE-2010-1474 exploitation attempt
-id: 5b50ffc4-dde4-4905-9da9-eb499ee53971
-Author: Subhash Popuri (@pbssubhash)
-date: 25/08/2021
-status: experimental
-description: Directory traversal vulnerability in the Sweety Keeper (com_sweetykeeper)
-  component 1.5.x for Joomla! allows remote attackers to read arbitrary files and
-  possibly have unspecified other impact via a .. (dot dot) in the controller parameter
-  to index.php.
-references:
- https://www.exploit-db.com/exploits/12182
- https://www.cvedetails.com/cve/CVE-2010-1474
- https://github.com/projectdiscovery/nuclei-templates
-detection:
-  selection:
-    c-uri|contains:
-    - /index.php?option=com_sweetykeeper&controller=../../../../../../../../../../etc/passwd%00
-  condition: selection
-false_positives:
- Scanning from Nuclei
- Penetration Testing Activity
- Unknown
-tags:
- attack.initial_access
- attack.t1190
-level: critical
--- a/rules/web/web_cve_CVE-2010-1475
+++ b/rules/web/web_cve_CVE-2010-1475
@ -1,24 +0,0 @@
-title: CVE-2010-1475 exploitation attempt
-id: 69295f5a-428a-47d6-bf4d-a93bb23270ca
-Author: Subhash Popuri (@pbssubhash)
-date: 25/08/2021
-status: experimental
-description: Directory traversal vulnerability in the Preventive & Reservation (com_preventive)
-  component 1.0.5 for Joomla! allows remote attackers to read arbitrary files and
-  possibly have unspecified other impact via a .. (dot dot) in the controller parameter
-  to index.php.
-references:
- https://github.com/projectdiscovery/nuclei-templates
-detection:
-  selection:
-    c-uri|contains:
-    - /index.php?option=com_preventive&controller==../../../../../../../../../../etc/passwd%00
-  condition: selection
-false_positives:
- Scanning from Nuclei
- Penetration Testing Activity
- Unknown
-tags:
- attack.initial_access
- attack.t1190
-level: critical
--- a/rules/web/web_cve_CVE-2010-1495
+++ b/rules/web/web_cve_CVE-2010-1495
@ -1,25 +0,0 @@
-title: CVE-2010-1495 exploitation attempt
-id: e21410ad-5016-457a-a48f-2da871951471
-Author: Subhash Popuri (@pbssubhash)
-date: 25/08/2021
-status: experimental
-description: Directory traversal vulnerability in the Matamko (com_matamko) component
-  1.01 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot)
-  in the controller parameter to index.php.
-references:
- https://www.exploit-db.com/exploits/12286
- https://www.cvedetails.com/cve/CVE-2010-1495
- https://github.com/projectdiscovery/nuclei-templates
-detection:
-  selection:
-    c-uri|contains:
-    - /index.php?option=com_matamko&controller=../../../../../../../../../../etc/passwd%00
-  condition: selection
-false_positives:
- Scanning from Nuclei
- Penetration Testing Activity
- Unknown
-tags:
- attack.initial_access
- attack.t1190
-level: critical
--- a/rules/web/web_cve_CVE-2010-1532
+++ b/rules/web/web_cve_CVE-2010-1532
@ -1,24 +0,0 @@
-title: CVE-2010-1532 exploitation attempt
-id: 92b23f0b-aa99-497a-a0f1-f7e632bcad7b
-Author: Subhash Popuri (@pbssubhash)
-date: 25/08/2021
-status: experimental
-description: Directory traversal vulnerability in the givesight PowerMail Pro (com_powermail)
-  component 1.5.3 for Joomla! allows remote attackers to read arbitrary files and
-  possibly have unspecified other impact via a .. (dot dot) in the controller parameter
-  to index.php.
-references:
- https://github.com/projectdiscovery/nuclei-templates
-detection:
-  selection:
-    c-uri|contains:
-    - /index.php?option=com_powermail&controller=../../../../../../../../../../etc/passwd%00
-  condition: selection
-false_positives:
- Scanning from Nuclei
- Penetration Testing Activity
- Unknown
-tags:
- attack.initial_access
- attack.t1190
-level: critical
--- a/rules/web/web_cve_CVE-2010-1533
+++ b/rules/web/web_cve_CVE-2010-1533
@ -1,23 +0,0 @@
-title: CVE-2010-1533 exploitation attempt
-id: 2e547af2-0fb1-4d26-829e-fb42d959133c
-Author: Subhash Popuri (@pbssubhash)
-date: 25/08/2021
-status: experimental
-description: Directory traversal vulnerability in the TweetLA (com_tweetla) component
-  1.0.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot
-  dot) in the controller parameter to index.php.
-references:
- https://github.com/projectdiscovery/nuclei-templates
-detection:
-  selection:
-    c-uri|contains:
-    - /index.php?option=com_tweetla&controller=../../../../../../../etc/passwd%00
-  condition: selection
-false_positives:
- Scanning from Nuclei
- Penetration Testing Activity
- Unknown
-tags:
- attack.initial_access
- attack.t1190
-level: critical
--- a/rules/web/web_cve_CVE-2010-1535
+++ b/rules/web/web_cve_CVE-2010-1535
@ -1,24 +0,0 @@
-title: CVE-2010-1535 exploitation attempt
-id: 7dbde0a0-bd74-47ba-85f7-32093ffbd50c
-Author: Subhash Popuri (@pbssubhash)
-date: 25/08/2021
-status: experimental
-description: Directory traversal vulnerability in the TRAVELbook (com_travelbook)
-  component 1.0.1 for Joomla! allows remote attackers to read arbitrary files and
-  possibly have unspecified other impact via a .. (dot dot) in the controller parameter
-  to index.php.
-references:
- https://github.com/projectdiscovery/nuclei-templates
-detection:
-  selection:
-    c-uri|contains:
-    - /index.php?option=com_travelbook&controller=../../../../../../../../../../etc/passwd%00
-  condition: selection
-false_positives:
- Scanning from Nuclei
- Penetration Testing Activity
- Unknown
-tags:
- attack.initial_access
- attack.t1190
-level: critical
--- a/rules/web/web_cve_CVE-2010-1602
+++ b/rules/web/web_cve_CVE-2010-1602
@ -1,26 +0,0 @@
-title: CVE-2010-1602 exploitation attempt
-id: d79bf48d-2705-4da1-929b-37e07764998f
-Author: Subhash Popuri (@pbssubhash)
-date: 25/08/2021
-status: experimental
-description: Directory traversal vulnerability in the ZiMB Comment (com_zimbcomment)
-  component 0.8.1 for Joomla! allows remote attackers to read arbitrary files and
-  possibly have unspecified other impact via a .. (dot dot) in the controller parameter
-  to index.php.
-references:
- https://www.exploit-db.com/exploits/12283
- https://www.cvedetails.com/cve/CVE-2010-1602
- https://github.com/projectdiscovery/nuclei-templates
-detection:
-  selection:
-    c-uri|contains:
-    - /index.php?option=com_zimbcomment&controller=../../../../../../../../../../etc/passwd%00
-  condition: selection
-false_positives:
- Scanning from Nuclei
- Penetration Testing Activity
- Unknown
-tags:
- attack.initial_access
- attack.t1190
-level: critical
--- a/rules/web/web_cve_CVE-2010-1657
+++ b/rules/web/web_cve_CVE-2010-1657
@ -1,25 +0,0 @@
-title: CVE-2010-1657 exploitation attempt
-id: 7bdc9bd3-8dcd-4187-ab28-98b20cc1d020
-Author: Subhash Popuri (@pbssubhash)
-date: 25/08/2021
-status: experimental
-description: Directory traversal vulnerability in the SmartSite (com_smartsite) component
-  1.0.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot
-  dot) in the controller parameter to index.php.
-references:
- https://www.exploit-db.com/exploits/12428
- https://www.cvedetails.com/cve/CVE-2010-1657
- https://github.com/projectdiscovery/nuclei-templates
-detection:
-  selection:
-    c-uri|contains:
-    - /index.php?option=com_smartsite&controller=../../../../../../../../../../etc/passwd%00
-  condition: selection
-false_positives:
- Scanning from Nuclei
- Penetration Testing Activity
- Unknown
-tags:
- attack.initial_access
- attack.t1190
-level: critical
--- a/rules/web/web_cve_CVE-2010-1718
+++ b/rules/web/web_cve_CVE-2010-1718
@ -1,24 +0,0 @@
-title: CVE-2010-1718 exploitation attempt
-id: a538251c-d600-43f3-8051-c3a83a5e8702
-Author: Subhash Popuri (@pbssubhash)
-date: 25/08/2021
-status: experimental
-description: Directory traversal vulnerability in archeryscores.php in the Archery
-  Scores (com_archeryscores) component 1.0.6 for Joomla! allows remote attackers to
-  include and execute arbitrary local files via a .. (dot dot) in the controller parameter
-  to index.php.
-references:
- https://github.com/projectdiscovery/nuclei-templates
-detection:
-  selection:
-    c-uri|contains:
-    - /index.php?option=com_archeryscores&controller=../../../../../../../../../etc/passwd%00
-  condition: selection
-false_positives:
- Scanning from Nuclei
- Penetration Testing Activity
- Unknown
-tags:
- attack.initial_access
- attack.t1190
-level: critical
--- a/rules/web/web_cve_CVE-2010-1722
+++ b/rules/web/web_cve_CVE-2010-1722
@ -1,25 +0,0 @@
-title: CVE-2010-1722 exploitation attempt
-id: 84715b18-505d-4252-9470-03c98a3006e5
-Author: Subhash Popuri (@pbssubhash)
-date: 25/08/2021
-status: experimental
-description: Directory traversal vulnerability in the Online Market (com_market) component
-  2.x for Joomla! allows remote attackers to read arbitrary files and possibly have
-  unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
-references:
- https://www.exploit-db.com/exploits/12177
- https://www.cvedetails.com/cve/CVE-2010-1722
- https://github.com/projectdiscovery/nuclei-templates
-detection:
-  selection:
-    c-uri|contains:
-    - /index.php?option=com_market&controller=../../../../../../../../../../etc/passwd%00
-  condition: selection
-false_positives:
- Scanning from Nuclei
- Penetration Testing Activity
- Unknown
-tags:
- attack.initial_access
- attack.t1190
-level: critical
--- a/rules/web/web_cve_CVE-2010-1875
+++ b/rules/web/web_cve_CVE-2010-1875
@ -1,26 +0,0 @@
-title: CVE-2010-1875 exploitation attempt
-id: af757e17-ad81-4a28-a551-49c17aa5113a
-Author: Subhash Popuri (@pbssubhash)
-date: 25/08/2021
-status: experimental
-description: Directory traversal vulnerability in the Real Estate Property (com_properties)
-  component 3.1.22-03 for Joomla! allows remote attackers to read arbitrary files
-  and possibly have unspecified other impact via a .. (dot dot) in the controller
-  parameter to index.php.
-references:
- https://www.exploit-db.com/exploits/11851
- https://www.cvedetails.com/cve/CVE-2010-1875
- https://github.com/projectdiscovery/nuclei-templates
-detection:
-  selection:
-    c-uri|contains:
-    - /index.php?option=com_properties&controller=../../../../../../../../../../../../../etc/passwd%00
-  condition: selection
-false_positives:
- Scanning from Nuclei
- Penetration Testing Activity
- Unknown
-tags:
- attack.initial_access
- attack.t1190
-level: critical
--- a/rules/web/web_cve_CVE-2010-1953
+++ b/rules/web/web_cve_CVE-2010-1953
@ -1,25 +0,0 @@
-title: CVE-2010-1953 exploitation attempt
-id: 0fc4af77-6974-4e50-bf5e-9f175304eb54
-Author: Subhash Popuri (@pbssubhash)
-date: 25/08/2021
-status: experimental
-description: Directory traversal vulnerability in the iNetLanka Multiple Map (com_multimap)
-  component 1.0 for Joomla! allows remote attackers to read arbitrary files via a
-  .. (dot dot) in the controller parameter to index.php.
-references:
- https://www.exploit-db.com/exploits/12288
- https://www.cvedetails.com/cve/CVE-2010-1953
- https://github.com/projectdiscovery/nuclei-templates
-detection:
-  selection:
-    c-uri|contains:
-    - /index.php?option=com_multimap&controller=../../../../../../../../../../etc/passwd%00
-  condition: selection
-false_positives:
- Scanning from Nuclei
- Penetration Testing Activity
- Unknown
-tags:
- attack.initial_access
- attack.t1190
-level: critical
--- a/rules/web/web_cve_CVE-2010-1954
+++ b/rules/web/web_cve_CVE-2010-1954
@ -1,23 +0,0 @@
-title: CVE-2010-1954 exploitation attempt
-id: 2ccf65c5-e4b3-48f6-961e-93bbd537ca80
-Author: Subhash Popuri (@pbssubhash)
-date: 25/08/2021
-status: experimental
-description: Directory traversal vulnerability in the iNetLanka Multiple root (com_multiroot)
-  component 1.0 and 1.1 for Joomla! allows remote attackers to read arbitrary files
-  via a .. (dot dot) in the controller parameter to index.php.
-references:
- https://github.com/projectdiscovery/nuclei-templates
-detection:
-  selection:
-    c-uri|contains:
-    - /index.php?option=com_multiroot&controller=../../../../../../../../../../etc/passwd%00
-  condition: selection
-false_positives:
- Scanning from Nuclei
- Penetration Testing Activity
- Unknown
-tags:
- attack.initial_access
- attack.t1190
-level: critical
--- a/rules/web/web_cve_CVE-2010-1955
+++ b/rules/web/web_cve_CVE-2010-1955
@ -1,25 +0,0 @@
-title: CVE-2010-1955 exploitation attempt
-id: 497c0911-226f-48a1-ac9f-518ffb98e65e
-Author: Subhash Popuri (@pbssubhash)
-date: 25/08/2021
-status: experimental
-description: Directory traversal vulnerability in the Deluxe Blog Factory (com_blogfactory)
-  component 1.1.2 for Joomla! allows remote attackers to read arbitrary files via
-  a .. (dot dot) in the controller parameter to index.php.
-references:
- https://www.exploit-db.com/exploits/12238
- https://www.cvedetails.com/cve/CVE-2010-1955
- https://github.com/projectdiscovery/nuclei-templates
-detection:
-  selection:
-    c-uri|contains:
-    - /index.php?option=com_blogfactory&controller=../../../../../../../../../../etc/passwd%00
-  condition: selection
-false_positives:
- Scanning from Nuclei
- Penetration Testing Activity
- Unknown
-tags:
- attack.initial_access
- attack.t1190
-level: critical
--- a/rules/web/web_cve_CVE-2010-1979
+++ b/rules/web/web_cve_CVE-2010-1979
@ -1,25 +0,0 @@
-title: CVE-2010-1979 exploitation attempt
-id: 5b1c3030-e17b-43b3-b95e-952355a0f43f
-Author: Subhash Popuri (@pbssubhash)
-date: 25/08/2021
-status: experimental
-description: Directory traversal vulnerability in the Affiliate Datafeeds (com_datafeeds)
-  component build 880 for Joomla! allows remote attackers to read arbitrary files
-  via a .. (dot dot) in the controller parameter to index.php.
-references:
- https://www.exploit-db.com/exploits/12088
- https://www.cvedetails.com/cve/CVE-2010-1979
- https://github.com/projectdiscovery/nuclei-templates
-detection:
-  selection:
-    c-uri|contains:
-    - /index.php?option=com_datafeeds&controller=../../../../../../../../../../etc/passwd%00
-  condition: selection
-false_positives:
- Scanning from Nuclei
- Penetration Testing Activity
- Unknown
-tags:
- attack.initial_access
- attack.t1190
-level: critical
--- a/rules/web/web_cve_CVE-2010-1983
+++ b/rules/web/web_cve_CVE-2010-1983
@ -1,25 +0,0 @@
-title: CVE-2010-1983 exploitation attempt
-id: c4f29c4f-0281-4518-a824-88f259d92ef5
-Author: Subhash Popuri (@pbssubhash)
-date: 25/08/2021
-status: experimental
-description: Directory traversal vulnerability in the redTWITTER (com_redtwitter)
-  component 1.0.x including 1.0b11 for Joomla! allows remote attackers to read arbitrary
-  files via a .. (dot dot) in the view parameter to index.php
-references:
- https://www.exploit-db.com/exploits/12055
- https://www.cvedetails.com/cve/CVE-2010-1983
- https://github.com/projectdiscovery/nuclei-templates
-detection:
-  selection:
-    c-uri|contains:
-    - /index.php?option=com_redtwitter&view=../../../../../../../../../../../../../../../etc/passwd%00
-  condition: selection
-false_positives:
- Scanning from Nuclei
- Penetration Testing Activity
- Unknown
-tags:
- attack.initial_access
- attack.t1190
-level: critical
--- a/rules/web/web_cve_CVE-2010-2033
+++ b/rules/web/web_cve_CVE-2010-2033
@ -1,26 +0,0 @@
-title: CVE-2010-2033 exploitation attempt
-id: b5c6267a-7b2e-47c8-84dd-68a89ceb1e64
-Author: Subhash Popuri (@pbssubhash)
-date: 25/08/2021
-status: experimental
-description: Directory traversal vulnerability in the Percha Fields Attach (com_perchafieldsattach)
-  component 1.x for Joomla! allows remote attackers to read arbitrary files and possibly
-  have unspecified other impact via a .. (dot dot) in the controller parameter to
-  index.php.
-references:
- https://packetstormsecurity.com/files/89654/Joomla-Percha-Categories-Tree-0.6-Local-File-Inclusion.html
- https://www.cvedetails.com/cve/CVE-2010-2033
- https://github.com/projectdiscovery/nuclei-templates
-detection:
-  selection:
-    c-uri|contains:
-    - /index.php?option=com_perchacategoriestree&controller=../../../../../../../../../../etc/passwd%00
-  condition: selection
-false_positives:
- Scanning from Nuclei
- Penetration Testing Activity
- Unknown
-tags:
- attack.initial_access
- attack.t1190
-level: critical
--- a/rules/web/web_cve_CVE-2010-2036
+++ b/rules/web/web_cve_CVE-2010-2036
@ -1,26 +0,0 @@
-title: CVE-2010-2036 exploitation attempt
-id: 5f89e5fb-6f87-4fee-96b2-700e987a1c7e
-Author: Subhash Popuri (@pbssubhash)
-date: 25/08/2021
-status: experimental
-description: Directory traversal vulnerability in the Percha Fields Attach (com_perchafieldsattach)
-  component 1.x for Joomla! allows remote attackers to read arbitrary files and possibly
-  have unspecified other impact via a .. (dot dot) in the controller parameter to
-  index.php.
-references:
- https://www.exploit-db.com/exploits/34004
- https://www.cvedetails.com/cve/CVE-2010-2036
- https://github.com/projectdiscovery/nuclei-templates
-detection:
-  selection:
-    c-uri|contains:
-    - /index.php?option=com_perchafieldsattach&controller=../../../../../../../../../../etc/passwd%00
-  condition: selection
-false_positives:
- Scanning from Nuclei
- Penetration Testing Activity
- Unknown
-tags:
- attack.initial_access
- attack.t1190
-level: critical
--- a/rules/web/web_cve_CVE-2010-2259
+++ b/rules/web/web_cve_CVE-2010-2259
@ -1,25 +0,0 @@
-title: CVE-2010-2259 exploitation attempt
-id: 7ead4790-e0f8-41fa-bb14-f1d225964fd4
-Author: Subhash Popuri (@pbssubhash)
-date: 25/08/2021
-status: experimental
-description: Directory traversal vulnerability in the BF Survey (com_bfsurvey) component
-  for Joomla! allows remote attackers to include and execute arbitrary local files
-  via a .. (dot dot) in the controller parameter to index.php.
-references:
- https://www.exploit-db.com/exploits/10946
- https://www.cvedetails.com/cve/CVE-2010-2259
- https://github.com/projectdiscovery/nuclei-templates
-detection:
-  selection:
-    c-uri|contains:
-    - /index.php?option=com_bfsurvey&controller=../../../../../../../../../../../../etc/passwd%00
-  condition: selection
-false_positives:
- Scanning from Nuclei
- Penetration Testing Activity
- Unknown
-tags:
- attack.initial_access
- attack.t1190
-level: critical
--- a/rules/web/web_cve_CVE-2010-2307
+++ b/rules/web/web_cve_CVE-2010-2307
@ -1,26 +0,0 @@
-title: CVE-2010-2307 exploitation attempt
-id: 6e0a4fc5-c7a5-40c6-a080-bc5a452637a9
-Author: Subhash Popuri (@pbssubhash)
-date: 25/08/2021
-status: experimental
-description: Multiple directory traversal vulnerabilities in the web server for Motorola
-  SURFBoard cable modem SBV6120E running firmware SBV6X2X-1.0.0.5-SCM-02-SHPC allow
-  remote attackers to read arbitrary files via (1) "//" (multiple leading slash),
-  (2) ../ (dot dot) sequences, and encoded dot dot sequences in a URL request.
-references:
- https://www.securityfocus.com/bid/40550/info
- https://nvd.nist.gov/vuln/detail/CVE-2010-2307
- https://github.com/projectdiscovery/nuclei-templates
-detection:
-  selection:
-    c-uri|contains:
-    - /../../etc/passwd
-  condition: selection
-false_positives:
- Scanning from Nuclei
- Penetration Testing Activity
- Unknown
-tags:
- attack.initial_access
- attack.t1190
-level: critical
--- a/rules/web/web_cve_CVE-2010-2682
+++ b/rules/web/web_cve_CVE-2010-2682
@ -1,26 +0,0 @@
-title: CVE-2010-2682 exploitation attempt
-id: 5f7ea8cf-47e3-46e6-a173-43a99c904e43
-Author: Subhash Popuri (@pbssubhash)
-date: 25/08/2021
-status: experimental
-description: Directory traversal vulnerability in the Realtyna Translator (com_realtyna)
-  component 1.0.15 for Joomla! allows remote attackers to read arbitrary files and
-  possibly have unspecified other impact via a .. (dot dot) in the controller parameter
-  to index.php.
-references:
- https://www.exploit-db.com/exploits/14017
- https://www.cvedetails.com/cve/CVE-2010-2682
- https://github.com/projectdiscovery/nuclei-templates
-detection:
-  selection:
-    c-uri|contains:
-    - /index.php?option=com_realtyna&controller=../../../../../../../../../../../../../../../etc/passwd%00
-  condition: selection
-false_positives:
- Scanning from Nuclei
- Penetration Testing Activity
- Unknown
-tags:
- attack.initial_access
- attack.t1190
-level: critical
--- a/rules/web/web_cve_CVE-2010-2861
+++ b/rules/web/web_cve_CVE-2010-2861
@ -1,27 +0,0 @@
-title: CVE-2010-2861 exploitation attempt
-id: 21032758-8761-4a18-8f66-bace612e2481
-Author: Subhash Popuri (@pbssubhash)
-date: 25/08/2021
-status: experimental
-description: Multiple directory traversal vulnerabilities in the administrator console
-  in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files
-  via the locale parameter to (1) CFIDE/administrator/settings/mappings.cfm, (2) logging/settings.cfm,
-  (3) datasources/index.cfm, (4) j2eepackaging/editarchive.cfm, and (5) enter.cfm
-  in CFIDE/administrator/.
-references:
- https://github.com/vulhub/vulhub/tree/master/coldfusion/CVE-2010-2861
- http://www.adobe.com/support/security/bulletins/apsb10-18.html
- https://github.com/projectdiscovery/nuclei-templates
-detection:
-  selection:
-    c-uri|contains:
-    - /CFIDE/administrator/enter.cfm?locale=../../../../../../../lib/password.properties%00en
-  condition: selection
-false_positives:
- Scanning from Nuclei
- Penetration Testing Activity
- Unknown
-tags:
- attack.initial_access
- attack.t1190
-level: critical
--- a/rules/web/web_cve_CVE-2010-3426
+++ b/rules/web/web_cve_CVE-2010-3426
@ -1,23 +0,0 @@
-title: CVE-2010-3426 exploitation attempt
-id: 06621f7e-2987-4625-8c42-d66951a9da9d
-Author: Subhash Popuri (@pbssubhash)
-date: 25/08/2021
-status: experimental
-description: Directory traversal vulnerability in jphone.php in the JPhone (com_jphone)
-  component 1.0 Alpha 3 for Joomla! allows remote attackers to include and execute
-  arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
-references:
- https://github.com/projectdiscovery/nuclei-templates
-detection:
-  selection:
-    c-uri|contains:
-    - /index.php?option=com_jphone&controller=../../../../../../../../../../etc/passwd%00
-  condition: selection
-false_positives:
- Scanning from Nuclei
- Penetration Testing Activity
- Unknown
-tags:
- attack.initial_access
- attack.t1190
-level: critical
--- a/rules/web/web_cve_CVE-2010-4231
+++ b/rules/web/web_cve_CVE-2010-4231
@ -1,25 +0,0 @@
-title: CVE-2010-4231 exploitation attempt
-id: 8eb41b36-2b5a-44e0-a44b-b0ebdbff3e1b
-Author: Subhash Popuri (@pbssubhash)
-date: 25/08/2021
-status: experimental
-description: The CMNC-200 IP Camera has a built-in web server that is enabled by default.
-  The server is vulnerable to directory transversal attacks, allowing access to any
-  file on the camera file system.
-references:
- https://nvd.nist.gov/vuln/detail/CVE-2010-4231
- https://www.exploit-db.com/exploits/15505
- https://github.com/projectdiscovery/nuclei-templates
-detection:
-  selection:
-    c-uri|contains:
-    - /../../../../../../../../../../../../../etc/passwd
-  condition: selection
-false_positives:
- Scanning from Nuclei
- Penetration Testing Activity
- Unknown
-tags:
- attack.initial_access
- attack.t1190
-level: critical
--- a/rules/web/web_cve_CVE-2010-4617
+++ b/rules/web/web_cve_CVE-2010-4617
@ -1,25 +0,0 @@
-title: CVE-2010-4617 exploitation attempt
-id: ed14d2cb-8716-4ab1-a819-36d173e617ab
-Author: Subhash Popuri (@pbssubhash)
-date: 25/08/2021
-status: experimental
-description: Directory traversal vulnerability in the JotLoader (com_jotloader) component
-  2.2.1 for Joomla! allows remote attackers to read arbitrary files via directory
-  traversal sequences in the section parameter to index.php.
-references:
- https://www.exploit-db.com/exploits/15791
- https://www.cvedetails.com/cve/CVE-2010-4617
- https://github.com/projectdiscovery/nuclei-templates
-detection:
-  selection:
-    c-uri|contains:
-    - /index.php?option=com_jotloader&section=../../../../../../../../../../../../../../etc/passwd%00
-  condition: selection
-false_positives:
- Scanning from Nuclei
- Penetration Testing Activity
- Unknown
-tags:
- attack.initial_access
- attack.t1190
-level: critical
--- a/rules/web/web_cve_CVE-2010-5278
+++ b/rules/web/web_cve_CVE-2010-5278
@ -1,26 +0,0 @@
-title: CVE-2010-5278 exploitation attempt
-id: 57bb7f1b-bb41-400d-a6e4-7eb2b70b3593
-Author: Subhash Popuri (@pbssubhash)
-date: 25/08/2021
-status: experimental
-description: Directory traversal vulnerability in manager/controllers/default/resource/tvs.php
-  in MODx Revolution 2.0.2-pl, and possibly earlier, when magic_quotes_gpc is disabled,
-  allows remote attackers to read arbitrary files via a .. (dot dot) in the class_key
-  parameter.
-references:
- https://www.exploit-db.com/exploits/34788
- https://www.cvedetails.com/cve/CVE-2010-5278
- https://github.com/projectdiscovery/nuclei-templates
-detection:
-  selection:
-    c-uri|contains:
-    - /manager/controllers/default/resource/tvs.php?class_key=../../../../../../../../../../windows/win.ini%00
-  condition: selection
-false_positives:
- Scanning from Nuclei
- Penetration Testing Activity
- Unknown
-tags:
- attack.initial_access
- attack.t1190
-level: critical