diff --git a/cves/2015/CVE-2015-2755.yaml b/cves/2015/CVE-2015-2755.yaml index 6bf534cb1e..433ac5272d 100644 --- a/cves/2015/CVE-2015-2755.yaml +++ b/cves/2015/CVE-2015-2755.yaml @@ -1,16 +1,21 @@ id: CVE-2015-2755 info: - name: AB Google Map Travel (AB-MAP) Wordpress Plugin <=3.4 - Stored XSS + name: WordPress AB Google Map Travel <=3.4 - Stored Cross-Site Scripting author: r3Y3r53 severity: medium description: | - Multiple cross-site scripting vulnerabilities in the AB Google Map Travel (AB-MAP) plugin before 4.0 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) lat (Latitude), (2) long (Longitude), (3) map_width, (4) map_height, or (5) zoom (Map Zoom) parameter in the ab_map_options page to wp-admin/admin.php. + WordPress AB Google Map Travel plugin through 3.4 contains multiple stored cross-site scripting vulnerabilities. The plugin allows an attacker to hijack the administrator authentication for requests via the (1) lat (Latitude), (2) long (Longitude), (3) map_width, (4) map_height, or (5) zoom (Map Zoom) parameters in the ab_map_options page to wp-admin/admin.php. reference: - https://packetstormsecurity.com/files/131155/ - - https://nvd.nist.gov/vuln/detail/https://nvd.nist.gov/vuln/detail/CVE-2015-2755 - http://packetstormsecurity.com/files/131155/WordPress-Google-Map-Travel-3.4-XSS-CSRF.html - http://packetstormsecurity.com/files/130960/WordPress-AB-Google-Map-Travel-CSRF-XSS.html + - https://nvd.nist.gov/vuln/detail/https://nvd.nist.gov/vuln/detail/CVE-2015-2755 + classification: + cve-id: CVE-2015-2755 + cwe-id: CWE-79 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 metadata: verified: "true" tags: cve2015,xss,wordpress,wp-plugin,wp,ab-map,packetstorm,cve @@ -41,3 +46,5 @@ requests: - 'contains(body_2, "")' - 'contains(body_2, "ab-google-map-travel")' condition: and + +# Enhanced by md on 2023/03/13 diff --git a/cves/2015/CVE-2015-2996.yaml b/cves/2015/CVE-2015-2996.yaml index fa4ba511ed..55927ae626 100644 --- a/cves/2015/CVE-2015-2996.yaml +++ b/cves/2015/CVE-2015-2996.yaml @@ -1,16 +1,16 @@ id: CVE-2015-2996 info: - name: SysAid Help Desk <15.2 - Local File Disclosure + name: SysAid Help Desk <15.2 - Local File Inclusion author: 0x_Akoko severity: high description: | - Multiple directory traversal vulnerabilities in SysAid Help Desk before 15.2 allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the fileName parameter to getGfiUpgradeFile or (2) cause a denial of service (CPU and memory consumption) via a .. (dot dot) in the fileName parameter to calculateRdsFileChecksum. + SysAid Help Desk before 15.2 contains multiple local file inclusion vulnerabilities which can allow remote attackers to read arbitrary files via .. (dot dot) in the fileName parameter of getGfiUpgradeFile or cause a denial of service (CPU and memory consumption) via .. (dot dot) in the fileName parameter of calculateRdsFileChecksum. reference: - https://seclists.org/fulldisclosure/2015/Jun/8 - - https://nvd.nist.gov/vuln/detail/CVE-2015-2996 - https://www.sysaid.com/blog/entry/sysaid-15-2-your-voice-your-service-desk - http://seclists.org/fulldisclosure/2015/Jun/8 + - https://nvd.nist.gov/vuln/detail/CVE-2015-2996 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 @@ -36,3 +36,5 @@ requests: - type: status status: - 200 + +# Enhanced by md on 2023/02/22 diff --git a/cves/2015/CVE-2015-4062.yaml b/cves/2015/CVE-2015-4062.yaml index 99f4b05cd3..c20c1a91fc 100644 --- a/cves/2015/CVE-2015-4062.yaml +++ b/cves/2015/CVE-2015-4062.yaml @@ -1,18 +1,18 @@ id: CVE-2015-4062 info: - name: NewStatPress 0.9.8 - SQL Injection + name: WordPress NewStatPress 0.9.8 - SQL Injection author: r3Y3r53 severity: critical description: | - The NewStatPress WordPress plugin was affected by SQL Injection security vulnerability. + WordPress NewStatPress 0.9.8 plugin contains a SQL injection vulnerability in includes/nsp_search.php. A remote authenticated user can execute arbitrary SQL commands via the where1 parameter in the nsp_search page to wp-admin/admin.php. reference: - https://packetstormsecurity.com/files/132038/ - - https://nvd.nist.gov/vuln/detail/CVE-2015-4062 - https://wordpress.org/plugins/newstatpress - http://packetstormsecurity.com/files/132038/WordPress-NewStatPress-0.9.8-Cross-Site-Scripting-SQL-Injection.html + - https://nvd.nist.gov/vuln/detail/CVE-2015-4062 remediation: | - Update to plugin version 0.9.9 or latest + Update to plugin version 0.9.9 or latest. classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 @@ -43,3 +43,5 @@ requests: - 'status_code == 200' - 'contains(body_2, "newstatpress_page_nsp_search")' condition: and + +# Enhanced by md on 2023/03/13 diff --git a/cves/2015/CVE-2015-4063.yaml b/cves/2015/CVE-2015-4063.yaml index 9f55dbcec1..96e34ed25a 100644 --- a/cves/2015/CVE-2015-4063.yaml +++ b/cves/2015/CVE-2015-4063.yaml @@ -1,17 +1,22 @@ id: CVE-2015-4063 info: - name: NewStatPress 0.9.8 - Cross Site Scripting + name: NewStatPress <0.9.9 - Cross-Site Scripting author: r3Y3r53 severity: medium description: | - Cross-site scripting (XSS) vulnerability in includes/nsp_search.php in the NewStatPress plugin before 0.9.9 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the where1 parameter in the nsp_search page to wp-admin/admin.php. + WordPress NewStatPress plugin before 0.9.9 contains a cross-site scripting vulnerability in includes/nsp_search.php. The plugin allows remote authenticated users to inject arbitrary web script or HTML via the where1 parameter in the nsp_search page to wp-admin/admin.php. reference: - https://packetstormsecurity.com/files/132038/ - - https://nvd.nist.gov/vuln/detail/CVE-2015-4063 - https://wordpress.org/plugins/newstatpress/ - http://packetstormsecurity.com/files/132038/WordPress-NewStatPress-0.9.8-Cross-Site-Scripting-SQL-Injection.html + - https://nvd.nist.gov/vuln/detail/CVE-2015-4063 remediation: Update to plugin version 0.9.9 or latest. + classification: + cve-id: CVE-2015-4063 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N + cvss-score: 5.4 + cwe-id: CWE-80 metadata: verified: "true" tags: cve,cve2015,xss,wordpress,wp-plugin,wp,newstatpress,packetstorm @@ -36,3 +41,5 @@ requests: - 'status_code_2 == 200' - "contains(body_2, '') && contains(body_2, 'newstatpress')" condition: and + +# Enhanced by md on 2023/03/13 diff --git a/cves/2015/CVE-2015-9312.yaml b/cves/2015/CVE-2015-9312.yaml index 80aaf13074..6954a1c100 100644 --- a/cves/2015/CVE-2015-9312.yaml +++ b/cves/2015/CVE-2015-9312.yaml @@ -1,7 +1,7 @@ id: CVE-2015-9312 info: - name: NewStatPress <= 1.0.4 - Cross Site Scripting + name: NewStatPress <= 1.0.4 - Cross-Site Scripting author: r3Y3r53 severity: medium description: | @@ -42,3 +42,5 @@ requests: - 'contains(body_2, "alert(document.domain)")' - 'contains(body_2, "2kb-amazon-affiliates-store")' condition: and + +# Enhanced by md on 2023/03/13 diff --git a/cves/2018/CVE-2018-16159.yaml b/cves/2018/CVE-2018-16159.yaml index 57ac28f95e..acbd9b7622 100644 --- a/cves/2018/CVE-2018-16159.yaml +++ b/cves/2018/CVE-2018-16159.yaml @@ -1,17 +1,17 @@ id: CVE-2018-16159 info: - name: Gift Voucher < 4.1.8 - Unauthenticated Blind SQL Injection + name: WordPress Gift Voucher <4.1.8 - Blind SQL Injection author: theamanrawat severity: critical description: | - The Gift Vouchers plugin through 2.0.1 for WordPress allows SQL Injection via the template_id parameter in a wp-admin/admin-ajax.php wpgv_doajax_front_template request. + WordPress Gift Vouchers plugin before 4.1.8 contains a blind SQL injection vulnerability via the template_id parameter in a wp-admin/admin-ajax.php wpgv_doajax_front_template request. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. reference: - https://wpscan.com/vulnerability/9117 - https://wordpress.org/plugins/gift-voucher/ - - https://nvd.nist.gov/vuln/detail/CVE-2018-16159 - https://www.exploit-db.com/exploits/45255/ - remediation: Fixed in version 4.1.8 + - https://nvd.nist.gov/vuln/detail/CVE-2018-16159 + remediation: Fixed in version 4.1.8. classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 @@ -39,3 +39,5 @@ requests: - 'contains(content_type, "application/json")' - 'contains(body, "images") && contains(body, "title")' condition: and + +# Enhanced by md on 2023/03/13 diff --git a/cves/2018/CVE-2018-6184.yaml b/cves/2018/CVE-2018-6184.yaml index 50fbdd0d99..b0b0589db5 100644 --- a/cves/2018/CVE-2018-6184.yaml +++ b/cves/2018/CVE-2018-6184.yaml @@ -1,15 +1,15 @@ id: CVE-2018-6184 info: - name: ZEIT Next.js Framework Path Traversal + name: Zeit Next.js <4.2.3 - Local File Inclusion author: DhiyaneshDK severity: high description: | - ZEIT Next.js 4 before 4.2.3 has Directory Traversal under the /_next request namespace. + Zeit Next.js before 4.2.3 is susceptible to local file inclusion under the /_next request namespace. An attacker can obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. reference: - https://github.com/PortSwigger/j2ee-scan/blob/master/src/main/java/burp/j2ee/issues/impl/NextFrameworkPathTraversal.java - - https://nvd.nist.gov/vuln/detail/CVE-2018-6184 - https://github.com/zeit/next.js/releases/tag/4.2.3 + - https://nvd.nist.gov/vuln/detail/CVE-2018-6184 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 @@ -34,3 +34,5 @@ requests: - type: status status: - 200 + +# Enhanced by md on 2023/03/07 diff --git a/cves/2019/CVE-2019-5434.yaml b/cves/2019/CVE-2019-5434.yaml index 60f6609fd2..4666784b5a 100644 --- a/cves/2019/CVE-2019-5434.yaml +++ b/cves/2019/CVE-2019-5434.yaml @@ -5,12 +5,12 @@ info: author: omarjezi severity: critical description: | - An attacker could send a specifically crafted payload to the XML-RPC invocation script and trigger the unserialize() call on the "what" parameter in the "openads.spc" RPC method. Such vulnerability could be used to perform various types of attacks, e.g. exploit serialize-related PHP vulnerabilities or PHP object injection. It is possible, although unconfirmed, that the vulnerability has been used by some attackers in order to gain access to some Revive Adserver instances and deliver malware through them to third party websites. This vulnerability was addressed in version 4.2.0 + Revive Adserver 4.2 is susceptible to remote code execution. An attacker can send a crafted payload to the XML-RPC invocation script and trigger the unserialize() call on the "what" parameter in the "openads.spc" RPC method. This can be exploited to perform various types of attacks, e.g. serialize-related PHP vulnerabilities or PHP object injection. It is possible, although unconfirmed, that the vulnerability has been used by some attackers in order to gain access to some Revive Adserver instances and deliver malware through them to third-party websites. reference: - - https://nvd.nist.gov/vuln/detail/CVE-2019-5434 - https://packetstormsecurity.com/files/155559/Revive-Adserver-4.2-Remote-Code-Execution.html - https://www.exploit-db.com/exploits/47739 - https://www.revive-adserver.com/security/revive-sa-2019-001/ + - https://nvd.nist.gov/vuln/detail/CVE-2019-5434 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 @@ -50,3 +50,5 @@ requests: - type: status status: - 200 + +# Enhanced by md on 2023/03/13 diff --git a/cves/2020/CVE-2020-15895.yaml b/cves/2020/CVE-2020-15895.yaml index 17440857bf..c053f7607b 100644 --- a/cves/2020/CVE-2020-15895.yaml +++ b/cves/2020/CVE-2020-15895.yaml @@ -1,16 +1,15 @@ id: CVE-2020-15895 info: - name: D-Link DIR-816L - Cross Site Scripting + name: D-Link DIR-816L 2.x - Cross-Site Scripting author: edoardottt severity: medium description: | - An XSS issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. In the file webinc/js/info.php, no output filtration is applied to the RESULT parameter, before it's printed on the webpage. + D-Link DIR-816L devices 2.x before 1.10b04Beta02 contains a cross-site scripting vulnerability. In the file webinc/js/info.php, no output filtration is applied to the RESULT parameter before being printed on the webpage. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site, which can allow for theft of cookie-based authentication credentials and launch of other attacks. reference: - - https://research.loginsoft.com/vulnerability/multiple-vulnerabilities-discovered-in-the-d-link-firmware-dir-816l/ - - https://nvd.nist.gov/vuln/detail/CVE-2020-15895 - https://research.loginsoft.com/bugs/multiple-vulnerabilities-discovered-in-the-d-link-firmware-dir-816l/ - https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10169 + - https://nvd.nist.gov/vuln/detail/CVE-2020-15895 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 @@ -42,3 +41,5 @@ requests: - type: status status: - 200 + +# Enhanced by md on 2023/02/22 diff --git a/cves/2021/CVE-2021-21311.yaml b/cves/2021/CVE-2021-21311.yaml index f02e7d0428..64c3b20ed1 100644 --- a/cves/2021/CVE-2021-21311.yaml +++ b/cves/2021/CVE-2021-21311.yaml @@ -4,7 +4,7 @@ info: name: Adminer <4.7.9 - Server-Side Request Forgery author: Adam Crosser,pwnhxl severity: high - description: Adminer from version 4.0.0 through 4.7.8 is susceptible to server-side request forgery due to its use of verbose error messages. Users of Adminer versions bundling all drivers (e.g. `adminer.php`) are affected. + description: Adminer before 4.7.9 is susceptible to server-side request forgery due to exposure of sensitive information in error messages. Users of Adminer versions bundling all drivers, e.g. adminer.php, are affected. An attacker can possibly obtain this information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. reference: - https://github.com/vrana/adminer/security/advisories/GHSA-x5r2-hj5c-8jx6 - https://github.com/vrana/adminer/files/5957311/Adminer.SSRF.pdf @@ -50,8 +50,10 @@ requests: - type: word part: body words: - - "<title>400 - Bad Request</title>" + - "
([A-Za-z. 0-9]+)<\/P>' + +# Enhanced by md on 2023/03/10 diff --git a/iot/codian-mcu-login.yaml b/iot/codian-mcu-login.yaml index a4182c7a17..a64a2d41ec 100644 --- a/iot/codian-mcu-login.yaml +++ b/iot/codian-mcu-login.yaml @@ -1,11 +1,16 @@ id: codian-mcu-login info: - name: Codian MCU Login + name: Codian MCU Login Panel - Detect author: dhiyaneshDK severity: info + description: Codian MCU login panel was detected. reference: - https://www.exploit-db.com/ghdb/7404 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + cvss-score: 0.0 + cwe-id: CWE-200 metadata: shodan-query: http.title:"Codian MCU - Home page" tags: iot,edb @@ -23,3 +28,5 @@ requests: - type: status status: - 200 + +# Enhanced by md on 2023/03/08 diff --git a/iot/contacam.yaml b/iot/contacam.yaml index e619a2c1f6..cefa193fc9 100644 --- a/iot/contacam.yaml +++ b/iot/contacam.yaml @@ -1,11 +1,16 @@ id: contacam info: - name: ContaCam + name: ContaCam Snapshot Images - Detect author: dhiyaneshDk - severity: low + severity: medium + description: ContaCam snapshot images were detected. reference: - https://www.exploit-db.com/ghdb/6831 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.3 + cwe-id: CWE-200 tags: edb,iot requests: @@ -21,3 +26,5 @@ requests: - type: status status: - 200 + +# Enhanced by cs on 2023/03/10 diff --git a/iot/envision-gateway.yaml b/iot/envision-gateway.yaml index f485d64668..3d8093ebe0 100644 --- a/iot/envision-gateway.yaml +++ b/iot/envision-gateway.yaml @@ -1,11 +1,16 @@ id: envision-gateway info: - name: EnvisionGateway + name: EnvisionGateway Scheduler Panel - Detect author: dhiyaneshDK - severity: low + severity: medium + description: EnvisionGateway scheduler panel was detected. reference: - https://www.exploit-db.com/ghdb/7315 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + cvss-score: 0.0 + cwe-id: CWE-200 metadata: shodan-query: http.title:"EnvisionGateway" tags: iot,edb @@ -23,3 +28,5 @@ requests: - type: status status: - 200 + +# Enhanced by cs on 2023/03/10 diff --git a/iot/heatmiser-wifi-thermostat.yaml b/iot/heatmiser-wifi-thermostat.yaml index f3e08e52b8..4a4d6a927c 100644 --- a/iot/heatmiser-wifi-thermostat.yaml +++ b/iot/heatmiser-wifi-thermostat.yaml @@ -1,11 +1,16 @@ id: heatmiser-wifi-thermostat info: - name: Heatmiser Wifi Thermostat + name: Heatmiser Wifi Thermostat Panel - Detect author: dhiyaneshDK severity: info + description: Heatmiser Wifi Thermostat panel was detected. reference: - https://www.exploit-db.com/ghdb/7445 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + cvss-score: 0.0 + cwe-id: CWE-200 metadata: shodan-query: http.title:"Heatmiser Wifi Thermostat" tags: iot,edb @@ -23,3 +28,5 @@ requests: - type: status status: - 200 + +# Enhanced by md on 2023/03/08 diff --git a/iot/hp-laserjet-detect.yaml b/iot/hp-laserjet-detect.yaml index 7f25f1c30d..392fda7f99 100644 --- a/iot/hp-laserjet-detect.yaml +++ b/iot/hp-laserjet-detect.yaml @@ -1,9 +1,14 @@ id: hp-laserjet-detect info: - name: HP LaserJet + name: HP LaserJet Professional Panel - Detect author: dhiyaneshDk - severity: low + severity: info + description: HP LaserJet Professional panel was detected. + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + cvss-score: 0.0 + cwe-id: CWE-200 reference: - https://www.exploit-db.com/ghdb/6459 tags: iot,edb @@ -21,3 +26,5 @@ requests: - type: status status: - 200 + +# Enhanced by cs on 2023/03/10 diff --git a/iot/internet-service.yaml b/iot/internet-service.yaml index 98535dd837..fdbbfc97ab 100644 --- a/iot/internet-service.yaml +++ b/iot/internet-service.yaml @@ -1,12 +1,18 @@ id: internet-service info: - name: Internet Services + name: Fuji Xerox Internet Services Panel - Detect author: dhiyaneshDK - severity: low + severity: info + description: Fuji Xerox Internet Services panel was detected. + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + cvss-score: 0.0 + cwe-id: CWE-200 reference: - https://www.exploit-db.com/ghdb/5948 - tags: iot,edb + - https://www.support.xerox.com/en-us/article/en/1852141 + tags: iot,edb,panel requests: - method: GET @@ -21,3 +27,5 @@ requests: - type: status status: - 200 + +# Enhanced by cs on 2023/03/10 diff --git a/iot/liveview-axis-camera.yaml b/iot/liveview-axis-camera.yaml index adcd2e81fd..254c55f916 100644 --- a/iot/liveview-axis-camera.yaml +++ b/iot/liveview-axis-camera.yaml @@ -1,11 +1,16 @@ id: liveview-axis-camera info: - name: Live View AXIS Network Camera + name: AXIS Network Camera Live View - Detect author: dhiyaneshDK,f1she3 severity: info + description: AXIS Network Camera live view was detected. reference: - https://www.exploit-db.com/ghdb/6843 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + cvss-score: 0.0 + cwe-id: CWE-200 tags: axis,network,edb,iot requests: @@ -39,3 +44,5 @@ requests: group: 1 regex: - 'AXIS (.*) Network Camera' + +# Enhanced by md on 2023/03/08 diff --git a/iot/mobotix-guest-camera.yaml b/iot/mobotix-guest-camera.yaml index f08fc3d0a2..8a946c9c52 100644 --- a/iot/mobotix-guest-camera.yaml +++ b/iot/mobotix-guest-camera.yaml @@ -1,11 +1,16 @@ id: mobotix-guest-camera info: - name: MOBOTIX Guest Camera + name: MOBOTIX Guest Camera Live View - Detect author: dhiyaneshDK severity: info + description: MOBOTIX Guest Camera live view was detected. reference: - https://www.exploit-db.com/ghdb/6848 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + cvss-score: 0.0 + cwe-id: CWE-200 tags: iot,edb requests: @@ -20,3 +25,5 @@ requests: - type: status status: - 200 + +# Enhanced by md on 2023/03/08 diff --git a/iot/netsurveillance-web.yaml b/iot/netsurveillance-web.yaml index 91a96b646b..c70d3e443d 100644 --- a/iot/netsurveillance-web.yaml +++ b/iot/netsurveillance-web.yaml @@ -1,11 +1,16 @@ id: netsurveillance-web info: - name: NETSurveillance WEB + name: NETSurveillance Web Panel - Detect author: DhiyaneshDK severity: info + description: NETSurveillance Web panel was detected. reference: - https://www.exploit-db.com/ghdb/7288 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + cvss-score: 0.0 + cwe-id: CWE-200 metadata: shodan-query: http.title:"NETSurveillance WEB" google-query: intitle:"NETSurveillance WEB" @@ -25,3 +30,5 @@ requests: - type: status status: - 200 + +# Enhanced by md on 2023/03/08 diff --git a/iot/panasonic-network-management.yaml b/iot/panasonic-network-management.yaml index 148bed407d..943f069171 100644 --- a/iot/panasonic-network-management.yaml +++ b/iot/panasonic-network-management.yaml @@ -1,11 +1,16 @@ id: panasonic-network-management info: - name: Panasonic Network Camera Management System + name: Panasonic Network Camera Management System - Detect author: dhiyaneshDk severity: medium + description: Panasonic Network Camera Management System page with live views was detected. reference: - https://www.exploit-db.com/ghdb/6487 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.3 + cwe-id: CWE-200 tags: iot,camera,panasonic,edb requests: @@ -21,3 +26,5 @@ requests: - type: status status: - 200 + +# Enhanced by md on 2023/03/08 diff --git a/iot/webcamxp-5.yaml b/iot/webcamxp-5.yaml index 689f299d7e..b680f77927 100644 --- a/iot/webcamxp-5.yaml +++ b/iot/webcamxp-5.yaml @@ -1,11 +1,16 @@ id: webcamxp-5 info: - name: webcamXP 5 + name: WebcamXP 5 Login Panel - Detect author: dhiyaneshDK severity: info + description: WebcamXP 5 login panel was detected. reference: - https://www.exploit-db.com/ghdb/7448 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + cvss-score: 0.0 + cwe-id: CWE-200 metadata: shodan-query: http.title:"webcamXP 5" tags: iot,edb @@ -23,3 +28,5 @@ requests: - type: status status: - 200 + +# Enhanced by md on 2023/03/08 diff --git a/misconfiguration/ace-admin-dashboard.yaml b/misconfiguration/ace-admin-dashboard.yaml index 1e63d1d541..5dcad3fd04 100644 --- a/misconfiguration/ace-admin-dashboard.yaml +++ b/misconfiguration/ace-admin-dashboard.yaml @@ -1,9 +1,14 @@ id: ace-admin-dashboard info: - name: Ace Admin Dashboard Exposure + name: Ace Admin Dashboard - Detect author: tess severity: medium + description: Ace Admin dashboard page was detected. + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.3 + cwe-id: CWE-200 metadata: verified: true shodan-query: title:"Dashboard - Ace Admin" @@ -20,7 +25,7 @@ requests: part: body words: - "Dashboard - Ace Admin" - - "overview & stats" + - "overview & stats" condition: and - type: word @@ -31,3 +36,5 @@ requests: - type: status status: - 200 + +# Enhanced by md on 2023/03/08 diff --git a/misconfiguration/aem/aem-childrenlist-xss.yaml b/misconfiguration/aem/aem-childrenlist-xss.yaml index efbb28a5c9..f3b6f59bbd 100644 --- a/misconfiguration/aem/aem-childrenlist-xss.yaml +++ b/misconfiguration/aem/aem-childrenlist-xss.yaml @@ -1,11 +1,15 @@ id: aem-xss-childlist info: - name: Adobe Experience Manager 'Childlist selector' - Cross-Site Scripting + name: Adobe Experience Manager Childlist Selector - Cross-Site Scripting author: theabhinavgaur severity: medium description: | - Adobe Experience Manager contains a cross-site scripting vulnerability via requests using the selector childlist when the dispatcher does not respect the content-type responded by AEM and flips from application/json to text/html. As a consequence, the reflected suffix is executed and interpreted in the browser. + Adobe Experience Manager contains a cross-site scripting vulnerability via requests using the childlist selector when a dispatcher does not respect the content type responded by AEM and flips from application/json to text/html. As a consequence, the reflected suffix is executed and interpreted in the browser. + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N + cvss-score: 5.4 + cwe-id: CWE-80 metadata: verified: true shodan-query: @@ -13,7 +17,6 @@ info: - http.component:"Adobe Experience Manager" tags: xss,aem,adobe - requests: - method: GET path: @@ -43,3 +46,5 @@ requests: - type: status status: - 200 + +# Enhanced by md on 2023/03/08 diff --git a/misconfiguration/akamai/akamai-s3-cache-poisoning.yaml b/misconfiguration/akamai/akamai-s3-cache-poisoning.yaml index 2eeded9ef0..ffcddd742e 100644 --- a/misconfiguration/akamai/akamai-s3-cache-poisoning.yaml +++ b/misconfiguration/akamai/akamai-s3-cache-poisoning.yaml @@ -1,12 +1,17 @@ id: akamai-s3-cache-poisoning info: - name: Akamai / S3 Cache Poisoning - Stored Cross-Site Scripting + name: Akamai/Amazon S3 - Cache Poisoning author: DhiyaneshDk - severity: high + severity: medium + description: Akamai/Amazon S3 expose a stored cross-site scripting vulnerability generated by cache poisoning capability. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site, which can further allow the attacker to steal cookie-based authentication credentials and launch other attacks. reference: - https://web.archive.org/web/20230101082612/https://spyclub.tech/2022/12/14/unusual-cache-poisoning-akamai-s3/ - https://owasp.org/www-community/attacks/Cache_Poisoning + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L + cvss-score: 7.1 + cwe-id: CWE-44 metadata: verified: "true" tags: cache,poisoning,generic,xss,akamai,s3 @@ -62,3 +67,5 @@ requests: - 'contains(body_2, "alert(document.domain)")' - 'status_code_2 == 200' condition: and + +# Enhanced by cs on 2023/03/10 diff --git a/misconfiguration/aws-s3-explorer.yaml b/misconfiguration/aws-s3-explorer.yaml index 0f14918cbb..fcad88ba55 100644 --- a/misconfiguration/aws-s3-explorer.yaml +++ b/misconfiguration/aws-s3-explorer.yaml @@ -1,11 +1,16 @@ id: aws-s3-explorer info: - name: AWS S3 Explorer + name: Amazon Web Services S3 Explorer - Detect author: DhiyaneshDk - severity: low + severity: medium + description: Amazon Web Services S3 Explorer page was detected. Page contains links to sensitive information. reference: - https://www.exploit-db.com/ghdb/7967 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.3 + cwe-id: CWE-200 metadata: verified: true google-query: inurl:s3.amazonaws.com intitle:"AWS S3 Explorer" @@ -30,3 +35,5 @@ requests: - type: status status: - 200 + +# Enhanced by cs on 2023/03/10 diff --git a/misconfiguration/cadvisor-exposure.yaml b/misconfiguration/cadvisor-exposure.yaml index 3192e57d88..1043646feb 100644 --- a/misconfiguration/cadvisor-exposure.yaml +++ b/misconfiguration/cadvisor-exposure.yaml @@ -1,9 +1,14 @@ id: cadvisor-exposure info: - name: cAdvisor Exposure + name: cAdvisor - Detect author: DhiyaneshDk severity: medium + description: cAdvisor page was detected. + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.3 + cwe-id: CWE-200 metadata: verified: true shodan-query: title:"cAdvisor" @@ -29,3 +34,5 @@ requests: - type: status status: - 200 + +# Enhanced by md on 2023/03/08 diff --git a/misconfiguration/exposed-jquery-file-upload.yaml b/misconfiguration/exposed-jquery-file-upload.yaml index 3fd6eef982..59eb5341c6 100644 --- a/misconfiguration/exposed-jquery-file-upload.yaml +++ b/misconfiguration/exposed-jquery-file-upload.yaml @@ -1,11 +1,17 @@ id: exposed-jquery-file-upload info: - name: Exposed jQuery File Upload + name: BlueImp jQuery-File-Upload - Arbitrary File Upload author: dhiyaneshDk - severity: medium + severity: critical + description: BlueImp jQuery-File-Upload does not require validation to upload files to the server and does not exclude file types, which can lead to a remote code execution vulnerability. reference: - https://www.exploit-db.com/exploits/45584 + - https://github.com/blueimp/jQuery-File-Upload/blob/master/server/php/UploadHandler.php + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cwe-id: CWE-434 tags: exposure,jquery,edb requests: @@ -23,3 +29,5 @@ requests: words: - "text/plain" part: header + +# Enhanced by cs on 2023/03/10 diff --git a/misconfiguration/ganglia-cluster-dashboard.yaml b/misconfiguration/ganglia-cluster-dashboard.yaml index d54f368ca8..fb1d53ee3e 100644 --- a/misconfiguration/ganglia-cluster-dashboard.yaml +++ b/misconfiguration/ganglia-cluster-dashboard.yaml @@ -1,11 +1,11 @@ id: ganglia-cluster-dashboard info: - name: Ganglia Cluster Dashboard - Exposure + name: Ganglia Cluster Dashboard - Detect author: ritikchaddha severity: low description: | - It exposes the Ganglia cluster dashboard to the unauth users. + Ganglia Cluster dashboard was detected. metadata: verified: true shodan-query: html:"ganglia_form.submit()" @@ -28,3 +28,5 @@ requests: - type: status status: - 200 + +# Enhanced by md on 2023/03/08 diff --git a/misconfiguration/haproxy-status.yaml b/misconfiguration/haproxy-status.yaml index 8b1e87464f..38edffb9c0 100644 --- a/misconfiguration/haproxy-status.yaml +++ b/misconfiguration/haproxy-status.yaml @@ -1,11 +1,16 @@ id: haproxy-status info: - name: HA Proxy Statistics + name: HAProxy Statistics Page - Detect author: dhiyaneshDK severity: medium + description: HAProxy statistics page was detected. reference: - https://www.exploit-db.com/ghdb/4191 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.3 + cwe-id: CWE-200 tags: logs,haproxy,edb requests: @@ -23,3 +28,5 @@ requests: - type: status status: - 200 + +# Enhanced by md on 2023/03/10 diff --git a/misconfiguration/iot-vdme-simulator.yaml b/misconfiguration/iot-vdme-simulator.yaml index 93e0a96f87..38921c9283 100644 --- a/misconfiguration/iot-vdme-simulator.yaml +++ b/misconfiguration/iot-vdme-simulator.yaml @@ -3,12 +3,12 @@ id: iot-vdme-simulator info: name: IoT vDME Simulator Panel - Detect author: tess - severity: low + severity: medium description: | loT vDME Simulator panel was detected. Exposure IoT vDME Simulator panel allows anonymous access to create new Items. classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N - cvss-score: 0.0 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.3 cwe-id: CWE-200 metadata: verified: true diff --git a/misconfiguration/jboss-status.yaml b/misconfiguration/jboss-status.yaml index 8c6dd4ac44..baffd0d607 100644 --- a/misconfiguration/jboss-status.yaml +++ b/misconfiguration/jboss-status.yaml @@ -1,17 +1,27 @@ id: jboss-web-console info: - name: JBoss Management Console Server Information + name: JBoss Management Console Server Information Page - Detect author: dhiyaneshDK - severity: low + severity: info + description: JBoss Management Console server information page was detected. reference: - https://www.exploit-db.com/ghdb/5215 + - https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/6.4/html/administration_and_configuration_guide/sect-the_management_console + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + cvss-score: 0.0 + cwe-id: CWE-200 + metadata: + verified: true + google-query: inurl:/web-console/ServerInfo.jsp | inurl:/status?full=true tags: jboss,unauth,edb requests: - method: GET path: - "{{BaseURL}}/web-console/ServerInfo.jsp" + matchers-condition: and matchers: - type: word @@ -23,3 +33,5 @@ requests: - type: status status: - 200 + +# Enhanced by cs on 2023/03/10 diff --git a/misconfiguration/mobiproxy-dashboard.yaml b/misconfiguration/mobiproxy-dashboard.yaml index a94e96097c..ad558c2cdb 100644 --- a/misconfiguration/mobiproxy-dashboard.yaml +++ b/misconfiguration/mobiproxy-dashboard.yaml @@ -1,9 +1,14 @@ id: mobiproxy-dashboard info: - name: MobiProxy Dashboard Exposure + name: MobiProxy Dashboard - Detect author: tess severity: medium + description: MobiProxy dashboard was detected. + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.3 + cwe-id: CWE-200 metadata: verified: true shodan-query: http.title:"MobiProxy" @@ -27,3 +32,5 @@ requests: - type: status status: - 200 + +# Enhanced by md on 2023/03/10 diff --git a/misconfiguration/mongodb-exporter-metrics.yaml b/misconfiguration/mongodb-exporter-metrics.yaml index 71da517b90..03f7315bdd 100644 --- a/misconfiguration/mongodb-exporter-metrics.yaml +++ b/misconfiguration/mongodb-exporter-metrics.yaml @@ -1,12 +1,19 @@ id: mongodb-exporter-metrics info: - name: Detect MongoDB Exporter + name: MongoDB Exporter - Detect author: pussycat0x - severity: low + severity: medium + description: MongoDB exporter was detected. metadata: verified: "true" shodan-query: title:"MongoDB exporter" + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.3 + cwe-id: CWE-200 + reference: + - https://github.com/percona/mongodb_exporter tags: mongodb,exposure,debug requests: @@ -31,3 +38,5 @@ requests: - type: status status: - 200 + +# Enhanced by cs on 2023/03/10 diff --git a/misconfiguration/ntopng-traffic-dashboard.yaml b/misconfiguration/ntopng-traffic-dashboard.yaml index d90ad4f46d..e1a1785c69 100644 --- a/misconfiguration/ntopng-traffic-dashboard.yaml +++ b/misconfiguration/ntopng-traffic-dashboard.yaml @@ -1,9 +1,14 @@ id: ntopng-traffic-dashboard info: - name: ntopng - Traffic Dashboard + name: Ntopng Traffic Dashboard - Detect author: theamanrawat - severity: low + severity: medium + description: Ntopng traffic dashboard was detected. + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.3 + cwe-id: CWE-200 metadata: verified: true shodan-query: http.title:"ntopng - Traffic Dashboard" @@ -26,3 +31,5 @@ requests: - type: status status: - 200 + +# Enhanced by cs on 2023/03/10 diff --git a/misconfiguration/oneinstack-control-center.yaml b/misconfiguration/oneinstack-control-center.yaml index f58b8018b9..ce1a9feb6a 100644 --- a/misconfiguration/oneinstack-control-center.yaml +++ b/misconfiguration/oneinstack-control-center.yaml @@ -1,18 +1,22 @@ id: oneinstack-control-center info: - name: OneinStack Control Center Dashboard + name: OneinStack Control Center Dashboard - Detect author: theabhinavgaur - severity: low + severity: medium description: | - OneinStack is an open source project to setup web environment for the development of PHP/JAVA applications on CentOS, Ubuntu, RedHat. + OneinStack Control Center dashboard was detected. reference: - https://github.com/oneinstack/oneinstack - https://oneinstack.com/ + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.3 + cwe-id: CWE-200 metadata: verified: "true" shodan-query: http.title:"OneinStack" - tags: misconfig,exposure,dashboard,oneinstack + tags: misconfig,exposure,panel,oneinstack requests: - method: GET @@ -31,3 +35,5 @@ requests: - type: status status: - 200 + +# Enhanced by cs on 2023/03/10 diff --git a/misconfiguration/openbmcs/openbmcs-secret-disclosure.yaml b/misconfiguration/openbmcs/openbmcs-secret-disclosure.yaml index d9df6909f2..4bdbf15caa 100644 --- a/misconfiguration/openbmcs/openbmcs-secret-disclosure.yaml +++ b/misconfiguration/openbmcs/openbmcs-secret-disclosure.yaml @@ -1,12 +1,16 @@ id: openbmcs-secret-disclosure info: - name: OpenBMCS 2.4 Secrets Disclosure + name: OpenBMCS 2.4 - Information Disclosure author: dhiyaneshDK severity: high - description: The application allows directory listing and information disclosure of some sensitive files that can allow an attacker to leverage the disclosed information and gain full BMS access + description: OpenBMCS 2.4 contains an information disclosure vulnerability. The application allows directory listing and exposure of some sensitive files, which can allow an attacker to leverage the disclosed information and gain full access. reference: - https://www.exploit-db.com/exploits/50671 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cwe-id: CWE-200 metadata: shodan-query: http.favicon.hash:1550906681 tags: misconfig,edb,openbmcs @@ -27,3 +31,5 @@ requests: - type: status status: - 200 + +# Enhanced by md on 2023/03/10 diff --git a/misconfiguration/phpmyadmin/phpmyadmin-server-import.yaml b/misconfiguration/phpmyadmin/phpmyadmin-server-import.yaml index 8f8c9c25a8..54242c3a7f 100644 --- a/misconfiguration/phpmyadmin/phpmyadmin-server-import.yaml +++ b/misconfiguration/phpmyadmin/phpmyadmin-server-import.yaml @@ -1,10 +1,14 @@ id: pma-server-import info: - name: PhpMyAdmin Server Import + name: PhpMyAdmin Server Import Page - Detect author: Cristi vlad (@cristivlad25) severity: high - description: Finds Unauthenticated PhpMyAdmin Server Import Pages. + description: Multiple phpMyAdmin server import pages were detected. + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cwe-id: CWE-200 tags: phpmyadmin,misconfig requests: @@ -33,3 +37,5 @@ requests: - type: status status: - 200 + +# Enhanced by md on 2023/03/10 diff --git a/misconfiguration/phpmyadmin/phpmyadmin-setup.yaml b/misconfiguration/phpmyadmin/phpmyadmin-setup.yaml index c265d7b346..ca9327aa06 100644 --- a/misconfiguration/phpmyadmin/phpmyadmin-setup.yaml +++ b/misconfiguration/phpmyadmin/phpmyadmin-setup.yaml @@ -1,9 +1,14 @@ id: phpmyadmin-setup info: - name: Publicly Accessible Phpmyadmin Setup + name: PhpMyAdmin Setup File - Detect author: sheikhrishad,thevillagehacker,Kr1shna4garwal,ArjunChandarana severity: medium + description: Multiple phpMyAdmin setup files were detected. + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.3 + cwe-id: CWE-200 metadata: verified: true shodan-query: http.html:"phpMyAdmin" @@ -38,3 +43,5 @@ requests: - type: status status: - 200 + +# Enhanced by md on 2023/03/10 diff --git a/misconfiguration/puppetdb-dashboard.yaml b/misconfiguration/puppetdb-dashboard.yaml index f734d94756..4eb83cbd4c 100644 --- a/misconfiguration/puppetdb-dashboard.yaml +++ b/misconfiguration/puppetdb-dashboard.yaml @@ -1,9 +1,14 @@ id: puppetdb-dashboard info: - name: PuppetDB Dashboard Exposure + name: PuppetDB Dashboard - Detect author: DhiyaneshDk - severity: low + severity: info + description: PuppetDB dashboard was detected. + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + cvss-score: 0.0 + cwe-id: CWE-200 metadata: verified: true shodan-query: 'title:"PuppetDB: Dashboard"' @@ -24,3 +29,5 @@ requests: - type: status status: - 200 + +# Enhanced by cs on 2023/03/10 diff --git a/misconfiguration/questdb-console.yaml b/misconfiguration/questdb-console.yaml index 5102f7b70a..bcb8accdd6 100644 --- a/misconfiguration/questdb-console.yaml +++ b/misconfiguration/questdb-console.yaml @@ -1,9 +1,16 @@ id: questdb-console info: - name: QuestDB Console Exposure + name: QuestDB Console - Detect author: tess - severity: low + severity: medium + description: QuestDB console was detected. + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.3 + cwe-id: CWE-200 + reference: + - https://questdb.io/docs/develop/web-console/ metadata: verified: true shodan-query: title:"QuestDB ยท Console" @@ -33,3 +40,5 @@ requests: - type: status status: - 200 + +# Enhanced by cs on 2023/03/10 diff --git a/misconfiguration/rethinkdb-admin-console.yaml b/misconfiguration/rethinkdb-admin-console.yaml index 1d6fd3d0e3..48a7a1faa5 100644 --- a/misconfiguration/rethinkdb-admin-console.yaml +++ b/misconfiguration/rethinkdb-admin-console.yaml @@ -1,9 +1,16 @@ id: rethinkdb-admin-console info: - name: RethinkDB Administration Console + name: RethinkDB Administration Console - Detect author: tess severity: medium + description: RethinkDB Administration Console was detected. + reference: + - https://rethinkdb.com/ + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.3 + cwe-id: CWE-200 metadata: verified: true shodan-query: http.favicon.hash:969374472 @@ -24,3 +31,5 @@ requests: - type: status status: - 200 + +# Enhanced by md on 2023/03/14 diff --git a/misconfiguration/slurm-hpc-dashboard.yaml b/misconfiguration/slurm-hpc-dashboard.yaml index d8ee687040..079351176d 100644 --- a/misconfiguration/slurm-hpc-dashboard.yaml +++ b/misconfiguration/slurm-hpc-dashboard.yaml @@ -3,9 +3,15 @@ id: slurm-hpc-dashboard info: name: Slurm HPC Dashboard - Detect author: ritikchaddha - severity: low + severity: medium description: | - It exposes the Slurm HPC dashboard to the unauth users. + Slurm HPC Dashboard was detected. + reference: + - https://grafana.com/grafana/dashboards/4323-slurm-dashboard/ + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.3 + cwe-id: CWE-200 metadata: verified: true shodan-query: title:"Slurm HPC Dashboard" @@ -27,3 +33,5 @@ requests: - type: status status: - 200 + +# Enhanced by cs on 2023/03/17 diff --git a/misconfiguration/tcpconfig.yaml b/misconfiguration/tcpconfig.yaml index 3ea0544410..f0e4790b43 100644 --- a/misconfiguration/tcpconfig.yaml +++ b/misconfiguration/tcpconfig.yaml @@ -1,10 +1,16 @@ id: tcpconfig info: - name: TCP Config Information Exposed + name: Rockwell Automation TCP/IP Configuration Information - Detect author: dhiyaneshDK - severity: low + severity: medium + description: TCP/IP configuration information was detected. + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.3 + cwe-id: CWE-200 reference: + - https://www.rockwellautomation.com/ - https://www.exploit-db.com/ghdb/6782 tags: config,edb,logs @@ -22,3 +28,5 @@ requests: - type: status status: - 200 + +# Enhanced by cs on 2023/03/17 diff --git a/misconfiguration/transmission-dashboard.yaml b/misconfiguration/transmission-dashboard.yaml index f36ee8134b..64cc379f88 100644 --- a/misconfiguration/transmission-dashboard.yaml +++ b/misconfiguration/transmission-dashboard.yaml @@ -1,11 +1,16 @@ id: transmission-dashboard info: - name: Transmission Dashboard Exposure + name: Transmission Dashboard - Detect author: fabaff severity: medium + description: Transmission dashboard was detected. reference: - https://transmissionbt.com/ + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.3 + cwe-id: CWE-200 metadata: verified: true shodan-query: http.title:"Transmission Web Interface" @@ -31,3 +36,5 @@ requests: part: server words: - 'Transmission' + +# Enhanced by md on 2023/03/15 diff --git a/misconfiguration/ups-status.yaml b/misconfiguration/ups-status.yaml index c4bf139637..3247f1525b 100644 --- a/misconfiguration/ups-status.yaml +++ b/misconfiguration/ups-status.yaml @@ -1,11 +1,17 @@ id: ups-status info: - name: Multimon UPS status page + name: APC UPC Multimon Status Page - Detect author: dhiyaneshDK - severity: low + severity: info + description: Multimon UPS status page was detected. reference: + - http://www.apcupsd.org/ - https://www.exploit-db.com/ghdb/752 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + cvss-score: 0.0 + cwe-id: CWE-200 tags: logs,status,edb requests: @@ -23,3 +29,5 @@ requests: - type: status status: - 200 + +# Enhanced by cs on 2023/03/17 diff --git a/network/cves/2011/CVE-2011-2523.yaml b/network/cves/2011/CVE-2011-2523.yaml index 4e5b945a52..f577745605 100644 --- a/network/cves/2011/CVE-2011-2523.yaml +++ b/network/cves/2011/CVE-2011-2523.yaml @@ -19,7 +19,7 @@ info: tags: cve,cve2011,network,vsftpd,ftp,backdoor variables: - cmd: "cat /etc/passwd" #shows the the user and group names and numeric IDs + cmd: "cat /etc/passwd" # shows the the user and group names and numeric IDs network: diff --git a/network/detection/mysql-detect.yaml b/network/detection/mysql-detect.yaml index b3d4b26aa7..9d9b23b7d7 100644 --- a/network/detection/mysql-detect.yaml +++ b/network/detection/mysql-detect.yaml @@ -1,27 +1,33 @@ -id: mysql-detect - -info: - name: Mysql Detection - author: pussycat0x - severity: info - description: | - MySQL is a tool used to manage databases and servers, so while it's not a database, it's widely used in relation to managing and organising data in databases. - metadata: - verified: true - shodan-query: product:"MySQL" - tags: network,mysql,db - -network: - - inputs: - - data: "\n" - - host: - - "{{Hostname}}" - - "{{Host}}:3306" - - matchers: - - type: word - part: body - words: - - "mysql" - case-insensitive: true +id: mysql-detect + +info: + name: MySQL - Detect + author: pussycat0x + severity: info + description: | + MySQL instance was detected. + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + cvss-score: 0.0 + cwe-id: CWE-200 + metadata: + verified: true + shodan-query: product:"MySQL" + tags: network,mysql,db + +network: + - inputs: + - data: "\n" + + host: + - "{{Hostname}}" + - "{{Host}}:3306" + + matchers: + - type: word + part: body + words: + - "mysql" + case-insensitive: true + +# Enhanced by md on 2023/03/15 diff --git a/network/detection/pgsql-detect.yaml b/network/detection/pgsql-detect.yaml index b3b377e0b6..209287080c 100644 --- a/network/detection/pgsql-detect.yaml +++ b/network/detection/pgsql-detect.yaml @@ -1,39 +1,45 @@ -id: pgsql-detect - -info: - name: Postgresql Detection - author: nybble04 - severity: info - description: | - PostgreSQL, also known as Postgres, is a free and open-source relational database management system emphasizing extensibility and SQL compliance. - reference: - - https://www.postgresql.org/docs/current/errcodes-appendix.html - - https://www.postgresql.org/docs/current/client-authentication-problems.html - metadata: - verified: true - shodan-query: port:5432 product:"PostgreSQL" - tags: network,postgresql,db - -network: - - inputs: - - data: "000000500003000075736572006e75636c6569006461746162617365006e75636c6569006170706c69636174696f6e5f6e616d65007073716c00636c69656e745f656e636f64696e6700555446380000" - type: hex - - data: "7000000036534352414d2d5348412d32353600000000206e2c2c6e3d2c723d000000000000000000000000000000000000000000000000" - type: hex - - host: - - "{{Hostname}}" - - "{{Host}}:5432" - read-size: 2048 - - matchers: - - type: word - part: body - words: - - "28000" # Error code for invalid_authorization_specification - - "28P01" # Error code for invalid_password - - "SCRAM-SHA-256" # Authentication prompt - - "pg_hba.conf" # Client authentication config file - - "user \"nuclei\"" # The user nuclei (sent in request) doesn't exist - - "database \"nuclei\"" # The db nuclei (sent in request) doesn't exist" - condition: or +id: pgsql-detect + +info: + name: PostgreSQL Authentication - Detect + author: nybble04 + severity: info + description: | + PostgreSQL authentication error messages which could reveal information useful in formulating further attacks were detected. + reference: + - https://www.postgresql.org/docs/current/errcodes-appendix.html + - https://www.postgresql.org/docs/current/client-authentication-problems.html + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + cvss-score: 0.0 + cwe-id: CWE-200 + metadata: + verified: true + shodan-query: port:5432 product:"PostgreSQL" + tags: network,postgresql,db + +network: + - inputs: + - data: "000000500003000075736572006e75636c6569006461746162617365006e75636c6569006170706c69636174696f6e5f6e616d65007073716c00636c69656e745f656e636f64696e6700555446380000" + type: hex + - data: "7000000036534352414d2d5348412d32353600000000206e2c2c6e3d2c723d000000000000000000000000000000000000000000000000" + type: hex + + host: + - "{{Hostname}}" + - "{{Host}}:5432" + read-size: 2048 + + matchers: + - type: word + part: body + words: + - "28000" # Error code for invalid_authorization_specification + - "28P01" # Error code for invalid_password + - "SCRAM-SHA-256" # Authentication prompt + - "pg_hba.conf" # Client authentication config file + - "user \"nuclei\"" # The user nuclei (sent in request) doesn't exist + - "database \"nuclei\"" # The db nuclei (sent in request) doesn't exist" + condition: or + +# Enhanced by md on 2023/03/15 diff --git a/network/enumeration/mongodb-info-enum.yaml b/network/enumeration/mongodb-info-enum.yaml index 7e9a050b36..6b8e2d52ab 100644 --- a/network/enumeration/mongodb-info-enum.yaml +++ b/network/enumeration/mongodb-info-enum.yaml @@ -1,13 +1,17 @@ id: mongodb-info-enum info: - name: MongoDB Information Enumeration + name: MongoDB Information - Detect author: pussycat0x severity: info description: | - MongoDB is an open source NoSQL database management program. NoSQL is used as an alternative to traditional relational databases. + MongoDB build and server information was detected. reference: - https://nmap.org/nsedoc/scripts/mongodb-info.html + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + cvss-score: 0.0 + cwe-id: CWE-200 metadata: verified: "true" shodan-query: mongodb server information @@ -35,3 +39,5 @@ network: - type: regex regex: - "([A-Za-z:0-9.]+)" + +# Enhanced by md on 2023/03/15 diff --git a/osint/flipboard.yaml b/osint/flipboard.yaml index b78e2eba14..dfc87d600c 100644 --- a/osint/flipboard.yaml +++ b/osint/flipboard.yaml @@ -3,8 +3,8 @@ id: flipboard info: name: Flipboard User Name Information - Detect author: dwisiswant0 - description: Flipboard user name information check was conducted. severity: info + description: Flipboard user name information check was conducted. classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N cvss-score: 0.0 @@ -27,3 +27,5 @@ requests: part: body words: - ") on Flipboard" + +# Enhanced by md on 2023/03/15 diff --git a/osint/mod-db.yaml b/osint/mod-db.yaml index d4b6a131be..1c56ae9360 100644 --- a/osint/mod-db.yaml +++ b/osint/mod-db.yaml @@ -3,8 +3,8 @@ id: mod-db info: name: Mod DB User Name Information - Detect author: dwisiswant0 - description: Mod DB user name information check was conducted. severity: info + description: Mod DB user name information check was conducted. classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N cvss-score: 0.0 @@ -27,3 +27,5 @@ requests: part: body words: - "joined