Vulnerabilities with Nuclei Scanner Templates

An issue was discovered in NoneCms V1.3. thinkphp/library/think/App.php allows remote attackers to execute arbitrary PHP code via crafted use of the filter parameter, as demonstrated by the s=index/\think\Request/input&filter=phpinfo&data=1 query string.

A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invoke some methods on Java objects by accessing crafted URLs that were not intended to be invoked this way.

DomainMOD 4.11.01 has XSS via the assets/add/category.php Category Name or Stakeholder field.

DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider-account.php username field.

DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider.php SSL Provider Name or SSL Provider URL field.

DomainMOD through 4.11.01 has XSS via the assets/edit/host.php Web Host Name or Web Host URL field.

DomainMOD through 4.11.01 has XSS via the assets/add/dns.php Profile Name or notes field.

DomainMOD through 4.11.01 has XSS via the admin/dw/add-server.php DisplayName, HostName, or UserName field.

Tarantella Enterprise before 3.11 allows Directory Traversal.

login.php in Adiscon LogAnalyzer before 4.1.7 has XSS via the Login Button Referer field.

DomainMOD through 4.11.01 has XSS via the assets/add/registrar.php notes field for the Registrar.

DomainMOD through 4.11.01 has XSS via the admin/ssl-fields/add.php notes field for Custom SSL Fields.

DomainMOD through 4.11.01 has XSS via the assets/add/account-owner.php Owner name field.

Password disclosure in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to obtain the plaintext password for the admin user by making a GET request for password.htm.

In PHP Proxy 3.0.3, any user can read files from the server without authentication due to an index.php?q=file:/// LFI URI, a different vulnerability than CVE-2018-19246.

PRTG Network Monitor before 18.2.40.1683 allows remote unauthenticated attackers to create users with read-write privileges (including administrator). A remote unauthenticated user can craft an HTTP request and override attributes of the 'include' directive in /public/login.htm and perform a Local File Inclusion attack, by including /api/addusers and executing it. By providing the 'id' and 'users' parameters, an unauthenticated attacker can create a user with read-write privileges (including administrator).

Zyxel VMG1312-B10D devices before 5.13(AAXA.8)C0 allow ../ Directory Traversal, as demonstrated by reading /etc/passwd.

XSS in the Ninja Forms plugin before 3.3.18 for WordPress allows Remote Attackers to execute JavaScript via the includes/Admin/Menus/Submissions.php (aka submissions page) begin_date, end_date, or form_id parameter.

The Van Ons WP GDPR Compliance (aka wp-gdpr-compliance) plugin before 1.4.3 for WordPress allows remote attackers to execute arbitrary code because $wpdb->prepare() input is mishandled, as exploited in the wild in November 2018.

DomainMOD through 4.11.01 has XSS via the assets/edit/ip-address.php ipid parameter.