From e3331a4d0abbbcde76d10876a3d94ec9c3a23365 Mon Sep 17 00:00:00 2001
From: pbssubhash <pbssubhash@gmail.com>
Date: Wed, 25 Aug 2021 21:40:32 +0530
Subject: [PATCH] Cleanup

---
 ...ve_CVE-2010-0943 exploitation attempt.yaml | 25 -----------------
 ...ve_CVE-2010-0944 exploitation attempt.yaml | 25 -----------------
 ...ve_CVE-2010-1306 exploitation attempt.yaml | 23 ----------------
 ...ve_CVE-2010-1314 exploitation attempt.yaml | 23 ----------------
 ...ve_CVE-2010-1345 exploitation attempt.yaml | 23 ----------------
 ...ve_CVE-2010-1353 exploitation attempt.yaml | 25 -----------------
 ...ve_CVE-2010-1474 exploitation attempt.yaml | 26 ------------------
 ...ve_CVE-2010-1475 exploitation attempt.yaml | 24 -----------------
 ...ve_CVE-2010-1495 exploitation attempt.yaml | 25 -----------------
 ...ve_CVE-2010-1532 exploitation attempt.yaml | 24 -----------------
 ...ve_CVE-2010-1533 exploitation attempt.yaml | 23 ----------------
 ...ve_CVE-2010-1535 exploitation attempt.yaml | 24 -----------------
 ...ve_CVE-2010-1602 exploitation attempt.yaml | 26 ------------------
 ...ve_CVE-2010-1657 exploitation attempt.yaml | 25 -----------------
 ...ve_CVE-2010-1718 exploitation attempt.yaml | 24 -----------------
 ...ve_CVE-2010-1722 exploitation attempt.yaml | 25 -----------------
 ...ve_CVE-2010-1875 exploitation attempt.yaml | 26 ------------------
 ...ve_CVE-2010-1953 exploitation attempt.yaml | 25 -----------------
 ...ve_CVE-2010-1954 exploitation attempt.yaml | 23 ----------------
 ...ve_CVE-2010-1955 exploitation attempt.yaml | 25 -----------------
 ...ve_CVE-2010-1979 exploitation attempt.yaml | 25 -----------------
 ...ve_CVE-2010-1983 exploitation attempt.yaml | 25 -----------------
 ...ve_CVE-2010-2033 exploitation attempt.yaml | 26 ------------------
 ...ve_CVE-2010-2036 exploitation attempt.yaml | 26 ------------------
 ...ve_CVE-2010-2259 exploitation attempt.yaml | 25 -----------------
 ...ve_CVE-2010-2307 exploitation attempt.yaml | 26 ------------------
 ...ve_CVE-2010-2682 exploitation attempt.yaml | 26 ------------------
 ...ve_CVE-2010-2861 exploitation attempt.yaml | 27 -------------------
 ...ve_CVE-2010-3426 exploitation attempt.yaml | 23 ----------------
 ...ve_CVE-2010-4231 exploitation attempt.yaml | 25 -----------------
 ...ve_CVE-2010-4617 exploitation attempt.yaml | 25 -----------------
 ...ve_CVE-2010-5278 exploitation attempt.yaml | 26 ------------------
 32 files changed, 794 deletions(-)
 delete mode 100644 rules/web/web_cve_CVE-2010-0943 exploitation attempt.yaml
 delete mode 100644 rules/web/web_cve_CVE-2010-0944 exploitation attempt.yaml
 delete mode 100644 rules/web/web_cve_CVE-2010-1306 exploitation attempt.yaml
 delete mode 100644 rules/web/web_cve_CVE-2010-1314 exploitation attempt.yaml
 delete mode 100644 rules/web/web_cve_CVE-2010-1345 exploitation attempt.yaml
 delete mode 100644 rules/web/web_cve_CVE-2010-1353 exploitation attempt.yaml
 delete mode 100644 rules/web/web_cve_CVE-2010-1474 exploitation attempt.yaml
 delete mode 100644 rules/web/web_cve_CVE-2010-1475 exploitation attempt.yaml
 delete mode 100644 rules/web/web_cve_CVE-2010-1495 exploitation attempt.yaml
 delete mode 100644 rules/web/web_cve_CVE-2010-1532 exploitation attempt.yaml
 delete mode 100644 rules/web/web_cve_CVE-2010-1533 exploitation attempt.yaml
 delete mode 100644 rules/web/web_cve_CVE-2010-1535 exploitation attempt.yaml
 delete mode 100644 rules/web/web_cve_CVE-2010-1602 exploitation attempt.yaml
 delete mode 100644 rules/web/web_cve_CVE-2010-1657 exploitation attempt.yaml
 delete mode 100644 rules/web/web_cve_CVE-2010-1718 exploitation attempt.yaml
 delete mode 100644 rules/web/web_cve_CVE-2010-1722 exploitation attempt.yaml
 delete mode 100644 rules/web/web_cve_CVE-2010-1875 exploitation attempt.yaml
 delete mode 100644 rules/web/web_cve_CVE-2010-1953 exploitation attempt.yaml
 delete mode 100644 rules/web/web_cve_CVE-2010-1954 exploitation attempt.yaml
 delete mode 100644 rules/web/web_cve_CVE-2010-1955 exploitation attempt.yaml
 delete mode 100644 rules/web/web_cve_CVE-2010-1979 exploitation attempt.yaml
 delete mode 100644 rules/web/web_cve_CVE-2010-1983 exploitation attempt.yaml
 delete mode 100644 rules/web/web_cve_CVE-2010-2033 exploitation attempt.yaml
 delete mode 100644 rules/web/web_cve_CVE-2010-2036 exploitation attempt.yaml
 delete mode 100644 rules/web/web_cve_CVE-2010-2259 exploitation attempt.yaml
 delete mode 100644 rules/web/web_cve_CVE-2010-2307 exploitation attempt.yaml
 delete mode 100644 rules/web/web_cve_CVE-2010-2682 exploitation attempt.yaml
 delete mode 100644 rules/web/web_cve_CVE-2010-2861 exploitation attempt.yaml
 delete mode 100644 rules/web/web_cve_CVE-2010-3426 exploitation attempt.yaml
 delete mode 100644 rules/web/web_cve_CVE-2010-4231 exploitation attempt.yaml
 delete mode 100644 rules/web/web_cve_CVE-2010-4617 exploitation attempt.yaml
 delete mode 100644 rules/web/web_cve_CVE-2010-5278 exploitation attempt.yaml

diff --git a/rules/web/web_cve_CVE-2010-0943 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-0943 exploitation attempt.yaml
deleted file mode 100644
index d6be923a..00000000
--- a/rules/web/web_cve_CVE-2010-0943 exploitation attempt.yaml	
+++ /dev/null
@@ -1,25 +0,0 @@
-title: CVE-2010-0943 exploitation attempt
-id: 63b70c55-0d7a-4e2f-a130-11028352b6ff
-Author: Subhash Popuri (@pbssubhash)
-date: 25/08/2021
-status: experimental
-description: Directory traversal vulnerability in the JA Showcase (com_jashowcase)
-  component for Joomla! allows remote attackers to read arbitrary files via a .. (dot
-  dot) in the controller parameter in a jashowcase action to index.php.
-references:
-- https://www.exploit-db.com/exploits/11090
-- https://www.cvedetails.com/cve/CVE-2010-0943
-- https://github.com/projectdiscovery/nuclei-templates
-detection:
-  selection:
-    c-uri|contains:
-    - /index.php?option=com_jashowcase&view=jashowcase&controller=../../../../../../../etc/passwd%00
-  condition: selection
-false_positives:
-- Scanning from Nuclei
-- Penetration Testing Activity
-- Unknown
-tags:
-- attack.initial_access
-- attack.t1190
-level: critical
diff --git a/rules/web/web_cve_CVE-2010-0944 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-0944 exploitation attempt.yaml
deleted file mode 100644
index c38d952b..00000000
--- a/rules/web/web_cve_CVE-2010-0944 exploitation attempt.yaml	
+++ /dev/null
@@ -1,25 +0,0 @@
-title: CVE-2010-0944 exploitation attempt
-id: d30903f7-cb51-445f-81a1-f2948f5fb763
-Author: Subhash Popuri (@pbssubhash)
-date: 25/08/2021
-status: experimental
-description: Directory traversal vulnerability in the JCollection (com_jcollection)
-  component for Joomla! allows remote attackers to read arbitrary files via a .. (dot
-  dot) in the controller parameter to index.php.
-references:
-- https://www.exploit-db.com/exploits/11088
-- https://www.cvedetails.com/cve/CVE-2010-0944
-- https://github.com/projectdiscovery/nuclei-templates
-detection:
-  selection:
-    c-uri|contains:
-    - /index.php?option=com_jcollection&controller=../../../../../../../etc/passwd%00
-  condition: selection
-false_positives:
-- Scanning from Nuclei
-- Penetration Testing Activity
-- Unknown
-tags:
-- attack.initial_access
-- attack.t1190
-level: critical
diff --git a/rules/web/web_cve_CVE-2010-1306 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-1306 exploitation attempt.yaml
deleted file mode 100644
index 70431ad7..00000000
--- a/rules/web/web_cve_CVE-2010-1306 exploitation attempt.yaml	
+++ /dev/null
@@ -1,23 +0,0 @@
-title: CVE-2010-1306 exploitation attempt
-id: a12a5acd-3ebf-46b8-9ff3-95daeb84b801
-Author: Subhash Popuri (@pbssubhash)
-date: 25/08/2021
-status: experimental
-description: Directory traversal vulnerability in the Picasa (com_joomlapicasa2) component
-  2.0 and 2.0.5 for Joomla! allows remote attackers to read arbitrary local files
-  via a .. (dot dot) in the controller parameter to index.php.
-references:
-- https://github.com/projectdiscovery/nuclei-templates
-detection:
-  selection:
-    c-uri|contains:
-    - /index.php?option=com_joomlapicasa2&controller=../../../../../etc/passwd%00
-  condition: selection
-false_positives:
-- Scanning from Nuclei
-- Penetration Testing Activity
-- Unknown
-tags:
-- attack.initial_access
-- attack.t1190
-level: critical
diff --git a/rules/web/web_cve_CVE-2010-1314 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-1314 exploitation attempt.yaml
deleted file mode 100644
index 7faa239f..00000000
--- a/rules/web/web_cve_CVE-2010-1314 exploitation attempt.yaml	
+++ /dev/null
@@ -1,23 +0,0 @@
-title: CVE-2010-1314 exploitation attempt
-id: 24c87e4f-7206-451a-9164-364ca4f3c388
-Author: Subhash Popuri (@pbssubhash)
-date: 25/08/2021
-status: experimental
-description: Directory traversal vulnerability in the Highslide JS (com_hsconfig)
-  component 1.5 and 2.0.9 for Joomla! allows remote attackers to read arbitrary files
-  via a .. (dot dot) in the controller parameter to index.php.
-references:
-- https://github.com/projectdiscovery/nuclei-templates
-detection:
-  selection:
-    c-uri|contains:
-    - /index.php?option=com_hsconfig&controller=../../../../../../../../../../etc/passwd%00
-  condition: selection
-false_positives:
-- Scanning from Nuclei
-- Penetration Testing Activity
-- Unknown
-tags:
-- attack.initial_access
-- attack.t1190
-level: critical
diff --git a/rules/web/web_cve_CVE-2010-1345 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-1345 exploitation attempt.yaml
deleted file mode 100644
index 25b32926..00000000
--- a/rules/web/web_cve_CVE-2010-1345 exploitation attempt.yaml	
+++ /dev/null
@@ -1,23 +0,0 @@
-title: CVE-2010-1345 exploitation attempt
-id: 5f723f65-f584-49f3-87c0-7babbae20d9d
-Author: Subhash Popuri (@pbssubhash)
-date: 25/08/2021
-status: experimental
-description: Directory traversal vulnerability in the Cookex Agency CKForms (com_ckforms)
-  component 1.3.3 for Joomla! allows remote attackers to read arbitrary files via
-  a .. (dot dot) in the controller parameter to index.php.
-references:
-- https://github.com/projectdiscovery/nuclei-templates
-detection:
-  selection:
-    c-uri|contains:
-    - /index.php?option=com_ckforms&controller=../../../../../../../../../../etc/passwd%00
-  condition: selection
-false_positives:
-- Scanning from Nuclei
-- Penetration Testing Activity
-- Unknown
-tags:
-- attack.initial_access
-- attack.t1190
-level: critical
diff --git a/rules/web/web_cve_CVE-2010-1353 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-1353 exploitation attempt.yaml
deleted file mode 100644
index 1ba62bda..00000000
--- a/rules/web/web_cve_CVE-2010-1353 exploitation attempt.yaml	
+++ /dev/null
@@ -1,25 +0,0 @@
-title: CVE-2010-1353 exploitation attempt
-id: 26d15692-1cfc-4427-8e7d-9a364c2628f3
-Author: Subhash Popuri (@pbssubhash)
-date: 25/08/2021
-status: experimental
-description: Directory traversal vulnerability in the LoginBox Pro (com_loginbox)
-  component for Joomla! allows remote attackers to read arbitrary files via a .. (dot
-  dot) in the view parameter to index.php.
-references:
-- https://www.exploit-db.com/exploits/12068
-- https://www.cvedetails.com/cve/CVE-2010-1353
-- https://github.com/projectdiscovery/nuclei-templates
-detection:
-  selection:
-    c-uri|contains:
-    - /index.php?option=com_loginbox&view=../../../../../../../../../etc/passwd%00
-  condition: selection
-false_positives:
-- Scanning from Nuclei
-- Penetration Testing Activity
-- Unknown
-tags:
-- attack.initial_access
-- attack.t1190
-level: critical
diff --git a/rules/web/web_cve_CVE-2010-1474 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-1474 exploitation attempt.yaml
deleted file mode 100644
index 21b6dc41..00000000
--- a/rules/web/web_cve_CVE-2010-1474 exploitation attempt.yaml	
+++ /dev/null
@@ -1,26 +0,0 @@
-title: CVE-2010-1474 exploitation attempt
-id: 5b50ffc4-dde4-4905-9da9-eb499ee53971
-Author: Subhash Popuri (@pbssubhash)
-date: 25/08/2021
-status: experimental
-description: Directory traversal vulnerability in the Sweety Keeper (com_sweetykeeper)
-  component 1.5.x for Joomla! allows remote attackers to read arbitrary files and
-  possibly have unspecified other impact via a .. (dot dot) in the controller parameter
-  to index.php.
-references:
-- https://www.exploit-db.com/exploits/12182
-- https://www.cvedetails.com/cve/CVE-2010-1474
-- https://github.com/projectdiscovery/nuclei-templates
-detection:
-  selection:
-    c-uri|contains:
-    - /index.php?option=com_sweetykeeper&controller=../../../../../../../../../../etc/passwd%00
-  condition: selection
-false_positives:
-- Scanning from Nuclei
-- Penetration Testing Activity
-- Unknown
-tags:
-- attack.initial_access
-- attack.t1190
-level: critical
diff --git a/rules/web/web_cve_CVE-2010-1475 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-1475 exploitation attempt.yaml
deleted file mode 100644
index 4786c685..00000000
--- a/rules/web/web_cve_CVE-2010-1475 exploitation attempt.yaml	
+++ /dev/null
@@ -1,24 +0,0 @@
-title: CVE-2010-1475 exploitation attempt
-id: 69295f5a-428a-47d6-bf4d-a93bb23270ca
-Author: Subhash Popuri (@pbssubhash)
-date: 25/08/2021
-status: experimental
-description: Directory traversal vulnerability in the Preventive & Reservation (com_preventive)
-  component 1.0.5 for Joomla! allows remote attackers to read arbitrary files and
-  possibly have unspecified other impact via a .. (dot dot) in the controller parameter
-  to index.php.
-references:
-- https://github.com/projectdiscovery/nuclei-templates
-detection:
-  selection:
-    c-uri|contains:
-    - /index.php?option=com_preventive&controller==../../../../../../../../../../etc/passwd%00
-  condition: selection
-false_positives:
-- Scanning from Nuclei
-- Penetration Testing Activity
-- Unknown
-tags:
-- attack.initial_access
-- attack.t1190
-level: critical
diff --git a/rules/web/web_cve_CVE-2010-1495 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-1495 exploitation attempt.yaml
deleted file mode 100644
index 9e3ef52a..00000000
--- a/rules/web/web_cve_CVE-2010-1495 exploitation attempt.yaml	
+++ /dev/null
@@ -1,25 +0,0 @@
-title: CVE-2010-1495 exploitation attempt
-id: e21410ad-5016-457a-a48f-2da871951471
-Author: Subhash Popuri (@pbssubhash)
-date: 25/08/2021
-status: experimental
-description: Directory traversal vulnerability in the Matamko (com_matamko) component
-  1.01 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot)
-  in the controller parameter to index.php.
-references:
-- https://www.exploit-db.com/exploits/12286
-- https://www.cvedetails.com/cve/CVE-2010-1495
-- https://github.com/projectdiscovery/nuclei-templates
-detection:
-  selection:
-    c-uri|contains:
-    - /index.php?option=com_matamko&controller=../../../../../../../../../../etc/passwd%00
-  condition: selection
-false_positives:
-- Scanning from Nuclei
-- Penetration Testing Activity
-- Unknown
-tags:
-- attack.initial_access
-- attack.t1190
-level: critical
diff --git a/rules/web/web_cve_CVE-2010-1532 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-1532 exploitation attempt.yaml
deleted file mode 100644
index bb5f49b8..00000000
--- a/rules/web/web_cve_CVE-2010-1532 exploitation attempt.yaml	
+++ /dev/null
@@ -1,24 +0,0 @@
-title: CVE-2010-1532 exploitation attempt
-id: 92b23f0b-aa99-497a-a0f1-f7e632bcad7b
-Author: Subhash Popuri (@pbssubhash)
-date: 25/08/2021
-status: experimental
-description: Directory traversal vulnerability in the givesight PowerMail Pro (com_powermail)
-  component 1.5.3 for Joomla! allows remote attackers to read arbitrary files and
-  possibly have unspecified other impact via a .. (dot dot) in the controller parameter
-  to index.php.
-references:
-- https://github.com/projectdiscovery/nuclei-templates
-detection:
-  selection:
-    c-uri|contains:
-    - /index.php?option=com_powermail&controller=../../../../../../../../../../etc/passwd%00
-  condition: selection
-false_positives:
-- Scanning from Nuclei
-- Penetration Testing Activity
-- Unknown
-tags:
-- attack.initial_access
-- attack.t1190
-level: critical
diff --git a/rules/web/web_cve_CVE-2010-1533 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-1533 exploitation attempt.yaml
deleted file mode 100644
index 31ae9336..00000000
--- a/rules/web/web_cve_CVE-2010-1533 exploitation attempt.yaml	
+++ /dev/null
@@ -1,23 +0,0 @@
-title: CVE-2010-1533 exploitation attempt
-id: 2e547af2-0fb1-4d26-829e-fb42d959133c
-Author: Subhash Popuri (@pbssubhash)
-date: 25/08/2021
-status: experimental
-description: Directory traversal vulnerability in the TweetLA (com_tweetla) component
-  1.0.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot
-  dot) in the controller parameter to index.php.
-references:
-- https://github.com/projectdiscovery/nuclei-templates
-detection:
-  selection:
-    c-uri|contains:
-    - /index.php?option=com_tweetla&controller=../../../../../../../etc/passwd%00
-  condition: selection
-false_positives:
-- Scanning from Nuclei
-- Penetration Testing Activity
-- Unknown
-tags:
-- attack.initial_access
-- attack.t1190
-level: critical
diff --git a/rules/web/web_cve_CVE-2010-1535 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-1535 exploitation attempt.yaml
deleted file mode 100644
index d2ee67cd..00000000
--- a/rules/web/web_cve_CVE-2010-1535 exploitation attempt.yaml	
+++ /dev/null
@@ -1,24 +0,0 @@
-title: CVE-2010-1535 exploitation attempt
-id: 7dbde0a0-bd74-47ba-85f7-32093ffbd50c
-Author: Subhash Popuri (@pbssubhash)
-date: 25/08/2021
-status: experimental
-description: Directory traversal vulnerability in the TRAVELbook (com_travelbook)
-  component 1.0.1 for Joomla! allows remote attackers to read arbitrary files and
-  possibly have unspecified other impact via a .. (dot dot) in the controller parameter
-  to index.php.
-references:
-- https://github.com/projectdiscovery/nuclei-templates
-detection:
-  selection:
-    c-uri|contains:
-    - /index.php?option=com_travelbook&controller=../../../../../../../../../../etc/passwd%00
-  condition: selection
-false_positives:
-- Scanning from Nuclei
-- Penetration Testing Activity
-- Unknown
-tags:
-- attack.initial_access
-- attack.t1190
-level: critical
diff --git a/rules/web/web_cve_CVE-2010-1602 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-1602 exploitation attempt.yaml
deleted file mode 100644
index 564faaf9..00000000
--- a/rules/web/web_cve_CVE-2010-1602 exploitation attempt.yaml	
+++ /dev/null
@@ -1,26 +0,0 @@
-title: CVE-2010-1602 exploitation attempt
-id: d79bf48d-2705-4da1-929b-37e07764998f
-Author: Subhash Popuri (@pbssubhash)
-date: 25/08/2021
-status: experimental
-description: Directory traversal vulnerability in the ZiMB Comment (com_zimbcomment)
-  component 0.8.1 for Joomla! allows remote attackers to read arbitrary files and
-  possibly have unspecified other impact via a .. (dot dot) in the controller parameter
-  to index.php.
-references:
-- https://www.exploit-db.com/exploits/12283
-- https://www.cvedetails.com/cve/CVE-2010-1602
-- https://github.com/projectdiscovery/nuclei-templates
-detection:
-  selection:
-    c-uri|contains:
-    - /index.php?option=com_zimbcomment&controller=../../../../../../../../../../etc/passwd%00
-  condition: selection
-false_positives:
-- Scanning from Nuclei
-- Penetration Testing Activity
-- Unknown
-tags:
-- attack.initial_access
-- attack.t1190
-level: critical
diff --git a/rules/web/web_cve_CVE-2010-1657 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-1657 exploitation attempt.yaml
deleted file mode 100644
index 447bbe51..00000000
--- a/rules/web/web_cve_CVE-2010-1657 exploitation attempt.yaml	
+++ /dev/null
@@ -1,25 +0,0 @@
-title: CVE-2010-1657 exploitation attempt
-id: 7bdc9bd3-8dcd-4187-ab28-98b20cc1d020
-Author: Subhash Popuri (@pbssubhash)
-date: 25/08/2021
-status: experimental
-description: Directory traversal vulnerability in the SmartSite (com_smartsite) component
-  1.0.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot
-  dot) in the controller parameter to index.php.
-references:
-- https://www.exploit-db.com/exploits/12428
-- https://www.cvedetails.com/cve/CVE-2010-1657
-- https://github.com/projectdiscovery/nuclei-templates
-detection:
-  selection:
-    c-uri|contains:
-    - /index.php?option=com_smartsite&controller=../../../../../../../../../../etc/passwd%00
-  condition: selection
-false_positives:
-- Scanning from Nuclei
-- Penetration Testing Activity
-- Unknown
-tags:
-- attack.initial_access
-- attack.t1190
-level: critical
diff --git a/rules/web/web_cve_CVE-2010-1718 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-1718 exploitation attempt.yaml
deleted file mode 100644
index 148380f1..00000000
--- a/rules/web/web_cve_CVE-2010-1718 exploitation attempt.yaml	
+++ /dev/null
@@ -1,24 +0,0 @@
-title: CVE-2010-1718 exploitation attempt
-id: a538251c-d600-43f3-8051-c3a83a5e8702
-Author: Subhash Popuri (@pbssubhash)
-date: 25/08/2021
-status: experimental
-description: Directory traversal vulnerability in archeryscores.php in the Archery
-  Scores (com_archeryscores) component 1.0.6 for Joomla! allows remote attackers to
-  include and execute arbitrary local files via a .. (dot dot) in the controller parameter
-  to index.php.
-references:
-- https://github.com/projectdiscovery/nuclei-templates
-detection:
-  selection:
-    c-uri|contains:
-    - /index.php?option=com_archeryscores&controller=../../../../../../../../../etc/passwd%00
-  condition: selection
-false_positives:
-- Scanning from Nuclei
-- Penetration Testing Activity
-- Unknown
-tags:
-- attack.initial_access
-- attack.t1190
-level: critical
diff --git a/rules/web/web_cve_CVE-2010-1722 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-1722 exploitation attempt.yaml
deleted file mode 100644
index 94179320..00000000
--- a/rules/web/web_cve_CVE-2010-1722 exploitation attempt.yaml	
+++ /dev/null
@@ -1,25 +0,0 @@
-title: CVE-2010-1722 exploitation attempt
-id: 84715b18-505d-4252-9470-03c98a3006e5
-Author: Subhash Popuri (@pbssubhash)
-date: 25/08/2021
-status: experimental
-description: Directory traversal vulnerability in the Online Market (com_market) component
-  2.x for Joomla! allows remote attackers to read arbitrary files and possibly have
-  unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
-references:
-- https://www.exploit-db.com/exploits/12177
-- https://www.cvedetails.com/cve/CVE-2010-1722
-- https://github.com/projectdiscovery/nuclei-templates
-detection:
-  selection:
-    c-uri|contains:
-    - /index.php?option=com_market&controller=../../../../../../../../../../etc/passwd%00
-  condition: selection
-false_positives:
-- Scanning from Nuclei
-- Penetration Testing Activity
-- Unknown
-tags:
-- attack.initial_access
-- attack.t1190
-level: critical
diff --git a/rules/web/web_cve_CVE-2010-1875 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-1875 exploitation attempt.yaml
deleted file mode 100644
index 9bd796a5..00000000
--- a/rules/web/web_cve_CVE-2010-1875 exploitation attempt.yaml	
+++ /dev/null
@@ -1,26 +0,0 @@
-title: CVE-2010-1875 exploitation attempt
-id: af757e17-ad81-4a28-a551-49c17aa5113a
-Author: Subhash Popuri (@pbssubhash)
-date: 25/08/2021
-status: experimental
-description: Directory traversal vulnerability in the Real Estate Property (com_properties)
-  component 3.1.22-03 for Joomla! allows remote attackers to read arbitrary files
-  and possibly have unspecified other impact via a .. (dot dot) in the controller
-  parameter to index.php.
-references:
-- https://www.exploit-db.com/exploits/11851
-- https://www.cvedetails.com/cve/CVE-2010-1875
-- https://github.com/projectdiscovery/nuclei-templates
-detection:
-  selection:
-    c-uri|contains:
-    - /index.php?option=com_properties&controller=../../../../../../../../../../../../../etc/passwd%00
-  condition: selection
-false_positives:
-- Scanning from Nuclei
-- Penetration Testing Activity
-- Unknown
-tags:
-- attack.initial_access
-- attack.t1190
-level: critical
diff --git a/rules/web/web_cve_CVE-2010-1953 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-1953 exploitation attempt.yaml
deleted file mode 100644
index 4f10cf4e..00000000
--- a/rules/web/web_cve_CVE-2010-1953 exploitation attempt.yaml	
+++ /dev/null
@@ -1,25 +0,0 @@
-title: CVE-2010-1953 exploitation attempt
-id: 0fc4af77-6974-4e50-bf5e-9f175304eb54
-Author: Subhash Popuri (@pbssubhash)
-date: 25/08/2021
-status: experimental
-description: Directory traversal vulnerability in the iNetLanka Multiple Map (com_multimap)
-  component 1.0 for Joomla! allows remote attackers to read arbitrary files via a
-  .. (dot dot) in the controller parameter to index.php.
-references:
-- https://www.exploit-db.com/exploits/12288
-- https://www.cvedetails.com/cve/CVE-2010-1953
-- https://github.com/projectdiscovery/nuclei-templates
-detection:
-  selection:
-    c-uri|contains:
-    - /index.php?option=com_multimap&controller=../../../../../../../../../../etc/passwd%00
-  condition: selection
-false_positives:
-- Scanning from Nuclei
-- Penetration Testing Activity
-- Unknown
-tags:
-- attack.initial_access
-- attack.t1190
-level: critical
diff --git a/rules/web/web_cve_CVE-2010-1954 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-1954 exploitation attempt.yaml
deleted file mode 100644
index 23ef2619..00000000
--- a/rules/web/web_cve_CVE-2010-1954 exploitation attempt.yaml	
+++ /dev/null
@@ -1,23 +0,0 @@
-title: CVE-2010-1954 exploitation attempt
-id: 2ccf65c5-e4b3-48f6-961e-93bbd537ca80
-Author: Subhash Popuri (@pbssubhash)
-date: 25/08/2021
-status: experimental
-description: Directory traversal vulnerability in the iNetLanka Multiple root (com_multiroot)
-  component 1.0 and 1.1 for Joomla! allows remote attackers to read arbitrary files
-  via a .. (dot dot) in the controller parameter to index.php.
-references:
-- https://github.com/projectdiscovery/nuclei-templates
-detection:
-  selection:
-    c-uri|contains:
-    - /index.php?option=com_multiroot&controller=../../../../../../../../../../etc/passwd%00
-  condition: selection
-false_positives:
-- Scanning from Nuclei
-- Penetration Testing Activity
-- Unknown
-tags:
-- attack.initial_access
-- attack.t1190
-level: critical
diff --git a/rules/web/web_cve_CVE-2010-1955 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-1955 exploitation attempt.yaml
deleted file mode 100644
index 10d81d67..00000000
--- a/rules/web/web_cve_CVE-2010-1955 exploitation attempt.yaml	
+++ /dev/null
@@ -1,25 +0,0 @@
-title: CVE-2010-1955 exploitation attempt
-id: 497c0911-226f-48a1-ac9f-518ffb98e65e
-Author: Subhash Popuri (@pbssubhash)
-date: 25/08/2021
-status: experimental
-description: Directory traversal vulnerability in the Deluxe Blog Factory (com_blogfactory)
-  component 1.1.2 for Joomla! allows remote attackers to read arbitrary files via
-  a .. (dot dot) in the controller parameter to index.php.
-references:
-- https://www.exploit-db.com/exploits/12238
-- https://www.cvedetails.com/cve/CVE-2010-1955
-- https://github.com/projectdiscovery/nuclei-templates
-detection:
-  selection:
-    c-uri|contains:
-    - /index.php?option=com_blogfactory&controller=../../../../../../../../../../etc/passwd%00
-  condition: selection
-false_positives:
-- Scanning from Nuclei
-- Penetration Testing Activity
-- Unknown
-tags:
-- attack.initial_access
-- attack.t1190
-level: critical
diff --git a/rules/web/web_cve_CVE-2010-1979 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-1979 exploitation attempt.yaml
deleted file mode 100644
index 80eb1897..00000000
--- a/rules/web/web_cve_CVE-2010-1979 exploitation attempt.yaml	
+++ /dev/null
@@ -1,25 +0,0 @@
-title: CVE-2010-1979 exploitation attempt
-id: 5b1c3030-e17b-43b3-b95e-952355a0f43f
-Author: Subhash Popuri (@pbssubhash)
-date: 25/08/2021
-status: experimental
-description: Directory traversal vulnerability in the Affiliate Datafeeds (com_datafeeds)
-  component build 880 for Joomla! allows remote attackers to read arbitrary files
-  via a .. (dot dot) in the controller parameter to index.php.
-references:
-- https://www.exploit-db.com/exploits/12088
-- https://www.cvedetails.com/cve/CVE-2010-1979
-- https://github.com/projectdiscovery/nuclei-templates
-detection:
-  selection:
-    c-uri|contains:
-    - /index.php?option=com_datafeeds&controller=../../../../../../../../../../etc/passwd%00
-  condition: selection
-false_positives:
-- Scanning from Nuclei
-- Penetration Testing Activity
-- Unknown
-tags:
-- attack.initial_access
-- attack.t1190
-level: critical
diff --git a/rules/web/web_cve_CVE-2010-1983 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-1983 exploitation attempt.yaml
deleted file mode 100644
index a29bfea4..00000000
--- a/rules/web/web_cve_CVE-2010-1983 exploitation attempt.yaml	
+++ /dev/null
@@ -1,25 +0,0 @@
-title: CVE-2010-1983 exploitation attempt
-id: c4f29c4f-0281-4518-a824-88f259d92ef5
-Author: Subhash Popuri (@pbssubhash)
-date: 25/08/2021
-status: experimental
-description: Directory traversal vulnerability in the redTWITTER (com_redtwitter)
-  component 1.0.x including 1.0b11 for Joomla! allows remote attackers to read arbitrary
-  files via a .. (dot dot) in the view parameter to index.php
-references:
-- https://www.exploit-db.com/exploits/12055
-- https://www.cvedetails.com/cve/CVE-2010-1983
-- https://github.com/projectdiscovery/nuclei-templates
-detection:
-  selection:
-    c-uri|contains:
-    - /index.php?option=com_redtwitter&view=../../../../../../../../../../../../../../../etc/passwd%00
-  condition: selection
-false_positives:
-- Scanning from Nuclei
-- Penetration Testing Activity
-- Unknown
-tags:
-- attack.initial_access
-- attack.t1190
-level: critical
diff --git a/rules/web/web_cve_CVE-2010-2033 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-2033 exploitation attempt.yaml
deleted file mode 100644
index 20b4dc70..00000000
--- a/rules/web/web_cve_CVE-2010-2033 exploitation attempt.yaml	
+++ /dev/null
@@ -1,26 +0,0 @@
-title: CVE-2010-2033 exploitation attempt
-id: b5c6267a-7b2e-47c8-84dd-68a89ceb1e64
-Author: Subhash Popuri (@pbssubhash)
-date: 25/08/2021
-status: experimental
-description: Directory traversal vulnerability in the Percha Fields Attach (com_perchafieldsattach)
-  component 1.x for Joomla! allows remote attackers to read arbitrary files and possibly
-  have unspecified other impact via a .. (dot dot) in the controller parameter to
-  index.php.
-references:
-- https://packetstormsecurity.com/files/89654/Joomla-Percha-Categories-Tree-0.6-Local-File-Inclusion.html
-- https://www.cvedetails.com/cve/CVE-2010-2033
-- https://github.com/projectdiscovery/nuclei-templates
-detection:
-  selection:
-    c-uri|contains:
-    - /index.php?option=com_perchacategoriestree&controller=../../../../../../../../../../etc/passwd%00
-  condition: selection
-false_positives:
-- Scanning from Nuclei
-- Penetration Testing Activity
-- Unknown
-tags:
-- attack.initial_access
-- attack.t1190
-level: critical
diff --git a/rules/web/web_cve_CVE-2010-2036 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-2036 exploitation attempt.yaml
deleted file mode 100644
index f6c9adca..00000000
--- a/rules/web/web_cve_CVE-2010-2036 exploitation attempt.yaml	
+++ /dev/null
@@ -1,26 +0,0 @@
-title: CVE-2010-2036 exploitation attempt
-id: 5f89e5fb-6f87-4fee-96b2-700e987a1c7e
-Author: Subhash Popuri (@pbssubhash)
-date: 25/08/2021
-status: experimental
-description: Directory traversal vulnerability in the Percha Fields Attach (com_perchafieldsattach)
-  component 1.x for Joomla! allows remote attackers to read arbitrary files and possibly
-  have unspecified other impact via a .. (dot dot) in the controller parameter to
-  index.php.
-references:
-- https://www.exploit-db.com/exploits/34004
-- https://www.cvedetails.com/cve/CVE-2010-2036
-- https://github.com/projectdiscovery/nuclei-templates
-detection:
-  selection:
-    c-uri|contains:
-    - /index.php?option=com_perchafieldsattach&controller=../../../../../../../../../../etc/passwd%00
-  condition: selection
-false_positives:
-- Scanning from Nuclei
-- Penetration Testing Activity
-- Unknown
-tags:
-- attack.initial_access
-- attack.t1190
-level: critical
diff --git a/rules/web/web_cve_CVE-2010-2259 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-2259 exploitation attempt.yaml
deleted file mode 100644
index 70cc525b..00000000
--- a/rules/web/web_cve_CVE-2010-2259 exploitation attempt.yaml	
+++ /dev/null
@@ -1,25 +0,0 @@
-title: CVE-2010-2259 exploitation attempt
-id: 7ead4790-e0f8-41fa-bb14-f1d225964fd4
-Author: Subhash Popuri (@pbssubhash)
-date: 25/08/2021
-status: experimental
-description: Directory traversal vulnerability in the BF Survey (com_bfsurvey) component
-  for Joomla! allows remote attackers to include and execute arbitrary local files
-  via a .. (dot dot) in the controller parameter to index.php.
-references:
-- https://www.exploit-db.com/exploits/10946
-- https://www.cvedetails.com/cve/CVE-2010-2259
-- https://github.com/projectdiscovery/nuclei-templates
-detection:
-  selection:
-    c-uri|contains:
-    - /index.php?option=com_bfsurvey&controller=../../../../../../../../../../../../etc/passwd%00
-  condition: selection
-false_positives:
-- Scanning from Nuclei
-- Penetration Testing Activity
-- Unknown
-tags:
-- attack.initial_access
-- attack.t1190
-level: critical
diff --git a/rules/web/web_cve_CVE-2010-2307 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-2307 exploitation attempt.yaml
deleted file mode 100644
index 32008b7c..00000000
--- a/rules/web/web_cve_CVE-2010-2307 exploitation attempt.yaml	
+++ /dev/null
@@ -1,26 +0,0 @@
-title: CVE-2010-2307 exploitation attempt
-id: 6e0a4fc5-c7a5-40c6-a080-bc5a452637a9
-Author: Subhash Popuri (@pbssubhash)
-date: 25/08/2021
-status: experimental
-description: Multiple directory traversal vulnerabilities in the web server for Motorola
-  SURFBoard cable modem SBV6120E running firmware SBV6X2X-1.0.0.5-SCM-02-SHPC allow
-  remote attackers to read arbitrary files via (1) "//" (multiple leading slash),
-  (2) ../ (dot dot) sequences, and encoded dot dot sequences in a URL request.
-references:
-- https://www.securityfocus.com/bid/40550/info
-- https://nvd.nist.gov/vuln/detail/CVE-2010-2307
-- https://github.com/projectdiscovery/nuclei-templates
-detection:
-  selection:
-    c-uri|contains:
-    - /../../etc/passwd
-  condition: selection
-false_positives:
-- Scanning from Nuclei
-- Penetration Testing Activity
-- Unknown
-tags:
-- attack.initial_access
-- attack.t1190
-level: critical
diff --git a/rules/web/web_cve_CVE-2010-2682 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-2682 exploitation attempt.yaml
deleted file mode 100644
index 01e0fedc..00000000
--- a/rules/web/web_cve_CVE-2010-2682 exploitation attempt.yaml	
+++ /dev/null
@@ -1,26 +0,0 @@
-title: CVE-2010-2682 exploitation attempt
-id: 5f7ea8cf-47e3-46e6-a173-43a99c904e43
-Author: Subhash Popuri (@pbssubhash)
-date: 25/08/2021
-status: experimental
-description: Directory traversal vulnerability in the Realtyna Translator (com_realtyna)
-  component 1.0.15 for Joomla! allows remote attackers to read arbitrary files and
-  possibly have unspecified other impact via a .. (dot dot) in the controller parameter
-  to index.php.
-references:
-- https://www.exploit-db.com/exploits/14017
-- https://www.cvedetails.com/cve/CVE-2010-2682
-- https://github.com/projectdiscovery/nuclei-templates
-detection:
-  selection:
-    c-uri|contains:
-    - /index.php?option=com_realtyna&controller=../../../../../../../../../../../../../../../etc/passwd%00
-  condition: selection
-false_positives:
-- Scanning from Nuclei
-- Penetration Testing Activity
-- Unknown
-tags:
-- attack.initial_access
-- attack.t1190
-level: critical
diff --git a/rules/web/web_cve_CVE-2010-2861 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-2861 exploitation attempt.yaml
deleted file mode 100644
index 7dc8e6df..00000000
--- a/rules/web/web_cve_CVE-2010-2861 exploitation attempt.yaml	
+++ /dev/null
@@ -1,27 +0,0 @@
-title: CVE-2010-2861 exploitation attempt
-id: 21032758-8761-4a18-8f66-bace612e2481
-Author: Subhash Popuri (@pbssubhash)
-date: 25/08/2021
-status: experimental
-description: Multiple directory traversal vulnerabilities in the administrator console
-  in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files
-  via the locale parameter to (1) CFIDE/administrator/settings/mappings.cfm, (2) logging/settings.cfm,
-  (3) datasources/index.cfm, (4) j2eepackaging/editarchive.cfm, and (5) enter.cfm
-  in CFIDE/administrator/.
-references:
-- https://github.com/vulhub/vulhub/tree/master/coldfusion/CVE-2010-2861
-- http://www.adobe.com/support/security/bulletins/apsb10-18.html
-- https://github.com/projectdiscovery/nuclei-templates
-detection:
-  selection:
-    c-uri|contains:
-    - /CFIDE/administrator/enter.cfm?locale=../../../../../../../lib/password.properties%00en
-  condition: selection
-false_positives:
-- Scanning from Nuclei
-- Penetration Testing Activity
-- Unknown
-tags:
-- attack.initial_access
-- attack.t1190
-level: critical
diff --git a/rules/web/web_cve_CVE-2010-3426 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-3426 exploitation attempt.yaml
deleted file mode 100644
index ad2dab17..00000000
--- a/rules/web/web_cve_CVE-2010-3426 exploitation attempt.yaml	
+++ /dev/null
@@ -1,23 +0,0 @@
-title: CVE-2010-3426 exploitation attempt
-id: 06621f7e-2987-4625-8c42-d66951a9da9d
-Author: Subhash Popuri (@pbssubhash)
-date: 25/08/2021
-status: experimental
-description: Directory traversal vulnerability in jphone.php in the JPhone (com_jphone)
-  component 1.0 Alpha 3 for Joomla! allows remote attackers to include and execute
-  arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
-references:
-- https://github.com/projectdiscovery/nuclei-templates
-detection:
-  selection:
-    c-uri|contains:
-    - /index.php?option=com_jphone&controller=../../../../../../../../../../etc/passwd%00
-  condition: selection
-false_positives:
-- Scanning from Nuclei
-- Penetration Testing Activity
-- Unknown
-tags:
-- attack.initial_access
-- attack.t1190
-level: critical
diff --git a/rules/web/web_cve_CVE-2010-4231 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-4231 exploitation attempt.yaml
deleted file mode 100644
index 5e4062f3..00000000
--- a/rules/web/web_cve_CVE-2010-4231 exploitation attempt.yaml	
+++ /dev/null
@@ -1,25 +0,0 @@
-title: CVE-2010-4231 exploitation attempt
-id: 8eb41b36-2b5a-44e0-a44b-b0ebdbff3e1b
-Author: Subhash Popuri (@pbssubhash)
-date: 25/08/2021
-status: experimental
-description: The CMNC-200 IP Camera has a built-in web server that is enabled by default.
-  The server is vulnerable to directory transversal attacks, allowing access to any
-  file on the camera file system.
-references:
-- https://nvd.nist.gov/vuln/detail/CVE-2010-4231
-- https://www.exploit-db.com/exploits/15505
-- https://github.com/projectdiscovery/nuclei-templates
-detection:
-  selection:
-    c-uri|contains:
-    - /../../../../../../../../../../../../../etc/passwd
-  condition: selection
-false_positives:
-- Scanning from Nuclei
-- Penetration Testing Activity
-- Unknown
-tags:
-- attack.initial_access
-- attack.t1190
-level: critical
diff --git a/rules/web/web_cve_CVE-2010-4617 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-4617 exploitation attempt.yaml
deleted file mode 100644
index 080cc881..00000000
--- a/rules/web/web_cve_CVE-2010-4617 exploitation attempt.yaml	
+++ /dev/null
@@ -1,25 +0,0 @@
-title: CVE-2010-4617 exploitation attempt
-id: ed14d2cb-8716-4ab1-a819-36d173e617ab
-Author: Subhash Popuri (@pbssubhash)
-date: 25/08/2021
-status: experimental
-description: Directory traversal vulnerability in the JotLoader (com_jotloader) component
-  2.2.1 for Joomla! allows remote attackers to read arbitrary files via directory
-  traversal sequences in the section parameter to index.php.
-references:
-- https://www.exploit-db.com/exploits/15791
-- https://www.cvedetails.com/cve/CVE-2010-4617
-- https://github.com/projectdiscovery/nuclei-templates
-detection:
-  selection:
-    c-uri|contains:
-    - /index.php?option=com_jotloader&section=../../../../../../../../../../../../../../etc/passwd%00
-  condition: selection
-false_positives:
-- Scanning from Nuclei
-- Penetration Testing Activity
-- Unknown
-tags:
-- attack.initial_access
-- attack.t1190
-level: critical
diff --git a/rules/web/web_cve_CVE-2010-5278 exploitation attempt.yaml b/rules/web/web_cve_CVE-2010-5278 exploitation attempt.yaml
deleted file mode 100644
index cf20ed0e..00000000
--- a/rules/web/web_cve_CVE-2010-5278 exploitation attempt.yaml	
+++ /dev/null
@@ -1,26 +0,0 @@
-title: CVE-2010-5278 exploitation attempt
-id: 57bb7f1b-bb41-400d-a6e4-7eb2b70b3593
-Author: Subhash Popuri (@pbssubhash)
-date: 25/08/2021
-status: experimental
-description: Directory traversal vulnerability in manager/controllers/default/resource/tvs.php
-  in MODx Revolution 2.0.2-pl, and possibly earlier, when magic_quotes_gpc is disabled,
-  allows remote attackers to read arbitrary files via a .. (dot dot) in the class_key
-  parameter.
-references:
-- https://www.exploit-db.com/exploits/34788
-- https://www.cvedetails.com/cve/CVE-2010-5278
-- https://github.com/projectdiscovery/nuclei-templates
-detection:
-  selection:
-    c-uri|contains:
-    - /manager/controllers/default/resource/tvs.php?class_key=../../../../../../../../../../windows/win.ini%00
-  condition: selection
-false_positives:
-- Scanning from Nuclei
-- Penetration Testing Activity
-- Unknown
-tags:
-- attack.initial_access
-- attack.t1190
-level: critical