Update metadata query (#4350)
* Update adobe-component-login.yaml * Update cold-fusion-cfcache-map.yaml * Update unpatched-coldfusion.yaml * Update coldfusion-debug-xss.yaml * Update CVE-2020-11978.yaml * Update CVE-2020-13927.yaml * Update CVE-2021-38540.yaml * Update CVE-2021-44451.yaml * Update CVE-2022-24288.yaml * Update airflow-debug.yaml * Update airflow-detect.yaml * Update CVE-2010-0219.yaml * Update apache-axis-detect.yaml * Update CVE-2020-11991.yaml * Update apache-cocoon-detect.yaml * Update CVE-2021-21402.yaml * Update jellyfin-detect.yaml * Update CVE-2021-21402.yaml * Update CVE-2021-21402.yaml * Update ecology-arbitrary-file-upload.yaml * Update ecology-v8-sqli.yaml * Update ecology-syncuserinfo-sqli.yaml * Update ecology-filedownload-directory-traversal.yaml * Update CNVD-2021-15822.yaml * Update dedecms-carbuyaction-fileinclude.yaml * Update dedecms-openredirect.yaml * Update tamronos-rce.yaml * Update natshell-path-traversal.yamlpatch-1
parent
f24abcdb51
commit
27a039a70c
|
@ -6,6 +6,10 @@ info:
|
|||
severity: high
|
||||
reference:
|
||||
- https://mp.weixin.qq.com/s/69cDWCDoVXRhehqaHPgYog
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: title:"ShopXO企业级B2C电商系统提供商"
|
||||
fofa-query: app="ShopXO企业级B2C电商系统提供商"
|
||||
tags: shopxo,lfi,cnvd,cnvd2021
|
||||
|
||||
requests:
|
||||
|
|
|
@ -10,6 +10,8 @@ info:
|
|||
- https://knowledge.broadcom.com/external/article/13994/vulnerability-axis2-default-administrato.html
|
||||
classification:
|
||||
cve-id: CVE-2010-0219
|
||||
metadata:
|
||||
shodan-query: http.html:"Apache Axis"
|
||||
tags: cve,cve2010,axis,apache,default-login,axis2
|
||||
|
||||
requests:
|
||||
|
|
|
@ -16,6 +16,9 @@ info:
|
|||
cvss-score: 8.8
|
||||
cve-id: CVE-2020-11978
|
||||
cwe-id: CWE-77
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.html:"Apache Airflow" || title:"Airflow - DAGs"
|
||||
tags: cve,cve2020,apache,airflow,rce
|
||||
|
||||
requests:
|
||||
|
|
|
@ -15,6 +15,8 @@ info:
|
|||
cve-id: CVE-2020-11991
|
||||
cwe-id: CWE-611
|
||||
remediation: Upgrade to Apache Cocoon 2.1.13 or later.
|
||||
metadata:
|
||||
shodan-query: http.html:"Apache Cocoon"
|
||||
tags: cve,cve2020,apache,xml,cocoon,xxe
|
||||
|
||||
requests:
|
||||
|
|
|
@ -14,6 +14,9 @@ info:
|
|||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2020-13927
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: title:"Airflow - DAGs" || http.html:"Apache Airflow"
|
||||
tags: cve,cve2020,apache,airflow,unauth
|
||||
|
||||
requests:
|
||||
|
|
|
@ -15,6 +15,10 @@ info:
|
|||
cvss-score: 6.5
|
||||
cve-id: CVE-2021-21402
|
||||
cwe-id: CWE-22
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.html:"Jellyfin"
|
||||
fofa-query: title="Jellyfin" || body="http://jellyfin.media"
|
||||
tags: cve,cve2021,jellyfin,lfi
|
||||
|
||||
requests:
|
||||
|
|
|
@ -14,6 +14,7 @@ info:
|
|||
cve-id: CVE-2021-38540
|
||||
cwe-id: CWE-306
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: title:"Sign In - Airflow"
|
||||
tags: cve,cve2021,apache,airflow,rce
|
||||
|
||||
|
|
|
@ -11,6 +11,9 @@ info:
|
|||
classification:
|
||||
cve-id: CVE-2021-44451
|
||||
remediation: Users should upgrade to Apache Superset 1.4.0 or higher.
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: title:"Superset"
|
||||
tags: cve,cve2021,apache,superset,default-login
|
||||
|
||||
requests:
|
||||
|
|
|
@ -15,7 +15,8 @@ info:
|
|||
cve-id: CVE-2022-24288
|
||||
cwe-id: CWE-78
|
||||
metadata:
|
||||
shodan-query: title:"Airflow - DAGs"
|
||||
verified: true
|
||||
shodan-query: title:"Airflow - DAGs" || http.html:"Apache Airflow"
|
||||
tags: cve,cve2022,airflow,rce
|
||||
|
||||
requests:
|
||||
|
|
|
@ -9,6 +9,8 @@ info:
|
|||
- https://www.exploit-db.com/ghdb/6846
|
||||
classification:
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
shodan-query: http.component:"Adobe ColdFusion"
|
||||
tags: panel,adobe,coldfusion
|
||||
|
||||
requests:
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: low
|
||||
reference:
|
||||
- https://securiteam.com/windowsntfocus/5bp081f0ac/
|
||||
metadata:
|
||||
shodan-query: http.component:"Adobe ColdFusion"
|
||||
tags: exposure,coldfusion,adobe
|
||||
|
||||
requests:
|
||||
|
|
|
@ -7,6 +7,8 @@ info:
|
|||
reference:
|
||||
- https://helpx.adobe.com/security/products/coldfusion/apsb21-16.html
|
||||
- https://twitter.com/Daviey/status/1374070630283415558
|
||||
metadata:
|
||||
shodan-query: http.component:"Adobe ColdFusion"
|
||||
tags: rce,adobe,misc,coldfusion
|
||||
|
||||
requests:
|
||||
|
|
|
@ -4,6 +4,9 @@ info:
|
|||
name: Airflow Debug Trace
|
||||
author: pdteam
|
||||
severity: low
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: title:"Airflow - DAGs"
|
||||
tags: apache,airflow,fpd
|
||||
|
||||
requests:
|
||||
|
|
|
@ -4,6 +4,9 @@ info:
|
|||
name: Apache Airflow
|
||||
author: pdteam
|
||||
severity: info
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.html:"Apache Airflow"
|
||||
tags: tech,apache,airflow
|
||||
|
||||
requests:
|
||||
|
|
|
@ -5,6 +5,9 @@ info:
|
|||
author: dogasantos
|
||||
severity: info
|
||||
description: Axis and Axis2 detection
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.html:"Apache Axis"
|
||||
tags: tech,axis2,middleware,apache
|
||||
|
||||
requests:
|
||||
|
|
|
@ -5,6 +5,8 @@ info:
|
|||
author: ffffffff0x
|
||||
severity: info
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.html:"Apache Cocoon"
|
||||
fofa-query: app="APACHE-Cocoon"
|
||||
tags: apache,cocoon,tech
|
||||
|
||||
|
|
|
@ -4,6 +4,9 @@ info:
|
|||
name: Jellyfin detected
|
||||
author: dwisiswant0
|
||||
severity: info
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.html:"Jellyfin"
|
||||
tags: tech,jellyfin
|
||||
|
||||
requests:
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: medium
|
||||
reference:
|
||||
- https://mp.weixin.qq.com/s/wH5luLISE_G381W2ssv93g
|
||||
metadata:
|
||||
fofa-query: app="泛微-协同办公OA"
|
||||
tags: ecology,upload,fileupload,intrusive
|
||||
|
||||
requests:
|
||||
|
|
|
@ -7,6 +7,8 @@ info:
|
|||
description: The remote Adobe ColdFusion debug page has been left open to unauthenticated users, this could allow remote attackers to trigger a reflected cross site scripting against the visitors of the site.
|
||||
reference:
|
||||
- https://github.com/jaeles-project/jaeles-signatures/blob/master/common/coldfusion-debug-xss.yaml
|
||||
metadata:
|
||||
shodan-query: http.component:"Adobe ColdFusion"
|
||||
tags: adobe,coldfusion,xss
|
||||
|
||||
requests:
|
||||
|
|
|
@ -7,6 +7,9 @@ info:
|
|||
description: A vulnerability in DedeCMS's 'carbuyaction.php' endpoint allows remote attackers to return the content of locally stored files via a vulnerability in the 'code' parameter.
|
||||
reference:
|
||||
- https://www.cnblogs.com/milantgh/p/3615986.html
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.html:"power by dedecms" || title:"dedecms"
|
||||
tags: dedecms
|
||||
|
||||
requests:
|
||||
|
|
|
@ -6,6 +6,9 @@ info:
|
|||
severity: low
|
||||
reference:
|
||||
- https://blog.csdn.net/ystyaoshengting/article/details/82734888
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.html:"power by dedecms" || title:"dedecms"
|
||||
tags: dedecms,redirect
|
||||
|
||||
requests:
|
||||
|
|
|
@ -4,6 +4,8 @@ info:
|
|||
name: Ecology Directory Traversal
|
||||
author: princechaddha
|
||||
severity: medium
|
||||
metadata:
|
||||
fofa-query: app="泛微-协同办公OA"
|
||||
tags: ecology,lfi
|
||||
|
||||
requests:
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: high
|
||||
reference:
|
||||
- https://www.weaver.com.cn/
|
||||
metadata:
|
||||
fofa-query: app="泛微-协同办公OA"
|
||||
tags: ecology,sqli
|
||||
|
||||
requests:
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: high
|
||||
reference:
|
||||
- http://wiki.peiqi.tech/PeiQi_Wiki/OA%E4%BA%A7%E5%93%81%E6%BC%8F%E6%B4%9E/%E6%B3%9B%E5%BE%AEOA/%E6%B3%9B%E5%BE%AEOA%20V8%20SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.html
|
||||
metadata:
|
||||
fofa-query: app="泛微-协同办公OA"
|
||||
tags: ecology,sqli
|
||||
|
||||
requests:
|
||||
|
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: high
|
||||
reference:
|
||||
- https://mp.weixin.qq.com/s/g4YNI6UBqIQcKL0TRkKWlw
|
||||
metadata:
|
||||
fofa-query: title="蓝海卓越计费管理系统"
|
||||
tags: natshell,lfi
|
||||
|
||||
requests:
|
||||
|
|
|
@ -6,6 +6,10 @@ info:
|
|||
severity: critical
|
||||
reference:
|
||||
- https://twitter.com/sec715/status/1405336456923471874
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: title:"TamronOS IPTV系统"
|
||||
fofa-query: title="TamronOS IPTV系统"
|
||||
tags: tamronos,rce
|
||||
|
||||
requests:
|
||||
|
|
Loading…
Reference in New Issue