Match severity with CVSS
parent
f89feb6457
commit
2a7b69bab3
|
@ -4,12 +4,12 @@ info:
|
|||
name: EEA - Information Disclosure
|
||||
author: pikpikcu
|
||||
severity: high
|
||||
description: EEA is susceptible to information disclosure.
|
||||
description: EEA is susceptible to information disclosure including the username and password.
|
||||
reference:
|
||||
- https://www.cnvd.org.cn/flaw/show/CNVD-2021-10543
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
||||
cvss-score: 5.3
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
cwe-id: CWE-200
|
||||
tags: config,exposure,cnvd,cnvd2021
|
||||
|
||||
|
|
|
@ -1,17 +1,17 @@
|
|||
id: lutron-default-login
|
||||
|
||||
info:
|
||||
name: Lutron - Default Login
|
||||
name: Lutron - Default Account
|
||||
author: geeknik
|
||||
severity: high
|
||||
severity: critical
|
||||
description: Multiple Lutron devices contain a default login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
|
||||
reference:
|
||||
- https://www.lutron.com
|
||||
- https://vulners.com/openvas/OPENVAS:1361412562310113206
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
|
||||
cvss-score: 5.8
|
||||
cwe-id: CWE-522
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cwe-id: CWE-1391
|
||||
tags: default-login,lutron,iot
|
||||
|
||||
requests:
|
||||
|
|
|
@ -8,9 +8,9 @@ info:
|
|||
reference:
|
||||
- https://docs.commscope.com/bundle/fastiron-08092-securityguide/page/GUID-32D3BB01-E600-4FBE-B555-7570B5024D34.html
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
|
||||
cvss-score: 8.3
|
||||
cwe-id: CWE-522
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cwe-id: CWE-1391
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: title:"ruckus"
|
||||
|
|
|
@ -3,11 +3,11 @@ id: mybb-forum-install
|
|||
info:
|
||||
name: MyBB Installation Panel - Detect
|
||||
author: ritikchaddha
|
||||
severity: high
|
||||
severity: info
|
||||
description: MyBB installation panel was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
||||
cvss-score: 5.3
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
verified: true
|
||||
|
|
|
@ -3,12 +3,12 @@ id: osticket-install
|
|||
info:
|
||||
name: osTicket Installer Panel - Detect
|
||||
author: ritikchaddha
|
||||
severity: high
|
||||
severity: critical
|
||||
description: osTicket installer panel was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
||||
cvss-score: 5.3
|
||||
cwe-id: CWE-200
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
|
||||
cvss-score: 9.4
|
||||
cwe-id: CWE-284
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.title:"osTicket Installer"
|
||||
|
|
|
@ -1,34 +1,34 @@
|
|||
id: saltstack-config-panel
|
||||
|
||||
info:
|
||||
name: SaltStack Config Panel - Detect
|
||||
author: pussycat0x
|
||||
severity: info
|
||||
description: |
|
||||
SaltStack config panel was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: title:"SaltStack Config"
|
||||
tags: panel,vmware,login,saltstack
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/login"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "SaltStack Config"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by cs 01/26/2023
|
||||
id: saltstack-config-panel
|
||||
|
||||
info:
|
||||
name: SaltStack Config Panel - Detect
|
||||
author: pussycat0x
|
||||
severity: info
|
||||
description: |
|
||||
SaltStack config panel was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: title:"SaltStack Config"
|
||||
tags: panel,vmware,login,saltstack
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/login"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "SaltStack Config"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by cs 01/26/2023
|
||||
|
|
|
@ -6,8 +6,8 @@ info:
|
|||
severity: info
|
||||
description: Apache Solr admin panel was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
|
||||
cvss-score: 8.6
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
verified: true
|
||||
|
|
|
@ -1,35 +1,35 @@
|
|||
id: wagtail-login
|
||||
|
||||
info:
|
||||
name: Wagtail Login - Detect
|
||||
author: kishore-hariram
|
||||
severity: info
|
||||
description: The Wagtail panel has been detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: title:"Wagtail - Sign in"
|
||||
tags: panel,wagtail
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/login/?next=/'
|
||||
- '{{BaseURL}}/admin/login/?next=/admin/'
|
||||
|
||||
stop-at-first-match: true
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- 'Wagtail - Sign in'
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by cs 01/23/2023
|
||||
id: wagtail-login
|
||||
|
||||
info:
|
||||
name: Wagtail Login - Detect
|
||||
author: kishore-hariram
|
||||
severity: info
|
||||
description: The Wagtail panel has been detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: title:"Wagtail - Sign in"
|
||||
tags: panel,wagtail
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/login/?next=/'
|
||||
- '{{BaseURL}}/admin/login/?next=/admin/'
|
||||
|
||||
stop-at-first-match: true
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- 'Wagtail - Sign in'
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by cs 01/23/2023
|
||||
|
|
|
@ -3,7 +3,7 @@ id: couchbase-buckets-api
|
|||
info:
|
||||
name: Couchbase Buckets Unauthenticated REST API - Detect
|
||||
author: geeknik
|
||||
severity: info
|
||||
severity: medium
|
||||
description: Couchbase Buckets REST API without authentication was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
||||
|
|
|
@ -10,9 +10,9 @@ info:
|
|||
- https://docs.djangoproject.com/en/1.11/topics/logging/#django-security
|
||||
- https://github.com/projectdiscovery/nuclei-templates/blob/master/file/logs/django-framework-
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
||||
cvss-score: 5.3
|
||||
cwe-id: CWE-200exceptions.yaml
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
verified: true
|
||||
tags: exposure,config,django
|
||||
|
|
|
@ -8,8 +8,8 @@ info:
|
|||
reference:
|
||||
- https://gruntjs.com/sample-gruntfile
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
||||
cvss-score: 5.3
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
tags: config,exposure
|
||||
|
||||
|
|
|
@ -3,12 +3,12 @@ id: htpasswd-detection
|
|||
info:
|
||||
name: Apache htpasswd Config - Detect
|
||||
author: geeknik
|
||||
severity: info
|
||||
severity: high
|
||||
description: Apache htpasswd configuration was detected.
|
||||
reference: https://httpd.apache.org/docs/current/programs/htpasswd.html
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
||||
cvss-score: 5.3
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
cwe-id: CWE-200
|
||||
tags: config,exposure
|
||||
|
||||
|
|
|
@ -7,8 +7,8 @@ info:
|
|||
description: Apache httpd configuration information was detected.
|
||||
reference: https://httpd.apache.org/docs/current/configuring.html
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
||||
cvss-score: 5.3
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
tags: config,exposure,httpd
|
||||
|
||||
|
|
|
@ -7,8 +7,8 @@ info:
|
|||
description: Jetbrains IDE DataSources configuration information was detected.
|
||||
reference: https://www.jetbrains.com
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
||||
cvss-score: 5.3
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
tags: config,exposure,jetbrains
|
||||
|
||||
|
|
|
@ -8,8 +8,8 @@ info:
|
|||
reference:
|
||||
- https://issues.jboss.org/browse/KEYCLOAK-571
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
||||
cvss-score: 5.3
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
tags: keycloak,config
|
||||
|
||||
|
|
|
@ -8,8 +8,8 @@ info:
|
|||
reference:
|
||||
- https://netbeans.apache.org/
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
||||
cvss-score: 5.3
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
tags: netbeans,config,exposure
|
||||
|
||||
|
|
|
@ -8,8 +8,8 @@ info:
|
|||
reference:
|
||||
- https://owncloud.com/
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
||||
cvss-score: 5.3
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
tags: config,exposure
|
||||
|
||||
|
|
|
@ -7,8 +7,8 @@ info:
|
|||
description: npm configuration information was detected. All npm packages contain a file, usually in the project root, called package.json - this file holds various metadata relevant to the project.
|
||||
reference: https://www.npmjs.com
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
||||
cvss-score: 5.3
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
tags: config,exposure
|
||||
|
||||
|
|
|
@ -7,8 +7,8 @@ info:
|
|||
description: phpspec configuration information was detected.
|
||||
reference: https://phpspec.net/en/stable/cookbook/configuration.html
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
||||
cvss-score: 5.3
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
verified: true
|
||||
|
|
|
@ -7,8 +7,8 @@ info:
|
|||
description: Pipfile configuration information was detected.
|
||||
reference: https://pypi.org/project
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
||||
cvss-score: 5.3
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
verified: true
|
||||
|
|
|
@ -9,8 +9,8 @@ info:
|
|||
- https://raw.githubusercontent.com/maurosoria/dirsearch/master/db/dicc.txt
|
||||
- https://github.com/rubocop/rubocop
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
||||
cvss-score: 5.3
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
verified: true
|
||||
|
|
|
@ -3,7 +3,7 @@ id: lutron-iot-default-login
|
|||
info:
|
||||
name: Lutron IOT Device Default Login Panel - Detect
|
||||
author: geeknik
|
||||
severity: high
|
||||
severity: info
|
||||
description: Lutron IOT Device Default login panel was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
|
|
|
@ -1,27 +0,0 @@
|
|||
id: addeventlistener-detect
|
||||
|
||||
info:
|
||||
name: DOM EventListener - Cross-Site Scripting
|
||||
author: yavolo,dwisiswant0
|
||||
severity: info
|
||||
description: EventListener contains a cross-site scripting vulnerability via the document object model (DOM). An attacker can execute arbitrary script which can then allow theft of cookie-based authentication credentials and launch of other attacks.
|
||||
reference:
|
||||
- https://portswigger.net/web-security/dom-based/controlling-the-web-message-source
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
tags: xss,misc
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}"
|
||||
|
||||
matchers:
|
||||
- type: regex
|
||||
part: body
|
||||
regex:
|
||||
- (([\w\_]+)\.)?add[Ee]vent[Ll]istener\(["']?[\w\_]+["']? # Test cases: https://www.regextester.com/?fam=121118
|
||||
|
||||
# Enhanced by md on 2022/09/19
|
|
@ -3,7 +3,7 @@ id: command-api-explorer
|
|||
info:
|
||||
name: Command API Explorer Panel - Detect
|
||||
author: DhiyaneshDK
|
||||
severity: low
|
||||
severity: info
|
||||
description: Command API Explorer panel was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
|
|
|
@ -3,7 +3,7 @@ id: dgraph-dashboard-exposure
|
|||
info:
|
||||
name: Dgraph Ratel Dashboard Exposure Panel - Detect
|
||||
author: dhiyaneshDk
|
||||
severity: low
|
||||
severity: info
|
||||
description: Dgraph Ratel Dashboard Exposure panel was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
|
|
|
@ -3,7 +3,7 @@ id: iot-vdme-simulator
|
|||
info:
|
||||
name: IoT vDME Simulator Panel - Detect
|
||||
author: tess
|
||||
severity: low
|
||||
severity: info
|
||||
description: |
|
||||
loT vDME Simulator panel was detected. Exposure IoT vDME Simulator panel allows anonymous access to create new Items.
|
||||
classification:
|
||||
|
|
|
@ -3,9 +3,9 @@ id: office365-open-redirect
|
|||
info:
|
||||
name: Office365 Autodiscover - Open Redirect
|
||||
author: dhiyaneshDk
|
||||
severity: low
|
||||
severity: medium
|
||||
description: Office365 Autodiscover contains an open redirect vulnerability. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
|
||||
remediation: See https://learn.microsoft.com/en-us/outlook/troubleshoot/connectivity/how-to-suppress-autodiscover-redirect-warning for a workaround.
|
||||
remediation: See the workaround detailed in the Medium post in the references.
|
||||
reference:
|
||||
- https://medium.com/@heinjame/office365-open-redirect-from-autodiscover-64284d26c168
|
||||
classification:
|
||||
|
|
|
@ -3,7 +3,7 @@ id: pghero-dashboard-exposure
|
|||
info:
|
||||
name: PgHero Dashboard Exposure Panel - Detect
|
||||
author: DhiyaneshDk
|
||||
severity: low
|
||||
severity: info
|
||||
description: PgHero Dashboard Exposure panel was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
|
|
|
@ -6,8 +6,8 @@ info:
|
|||
severity: medium
|
||||
description: Fastvue Dashboard panel was detected without authentication.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
||||
cvss-score: 5.3
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
verified: true
|
||||
|
|
|
@ -8,8 +8,8 @@ info:
|
|||
reference:
|
||||
- https://github.com/Tinram/MySQL-Brute
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
||||
cvss-score: 5.3
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
tags: network,mysql,bruteforce,db
|
||||
|
||||
|
|
|
@ -9,9 +9,9 @@ info:
|
|||
- https://sir.kr/g5_pds/4788?page=5
|
||||
- https://github.com/gnuboard/gnuboard5/commit/8182cac90d2ee2f9da06469ecba759170e782ee3
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 5.4
|
||||
cwe-id: CWE-80
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.html:"Gnuboard"
|
||||
|
|
|
@ -10,9 +10,9 @@ info:
|
|||
- https://huntr.dev/bounties/ed317cde-9bd1-429e-b6d3-547e72534dd5/
|
||||
- https://vulners.com/huntr/25775287-88CD-4F00-B978-692D627DFF04
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 5.4
|
||||
cwe-id: CWE-80
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.html:"gnuboard5"
|
||||
|
|
|
@ -9,9 +9,9 @@ info:
|
|||
reference:
|
||||
- https://huntr.dev/bounties/ad2a9b32-fe6c-43e9-9b05-2c77c58dde6a/
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 5.4
|
||||
cwe-id: CWE-80
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.html:"gnuboard5"
|
||||
|
|
|
@ -8,9 +8,9 @@ info:
|
|||
reference:
|
||||
- https://www.dionach.com/blog/moodle-jmol-plugin-multiple-vulnerabilities/
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 5.4
|
||||
cwe-id: CWE-80
|
||||
tags: moodle,xss
|
||||
|
||||
requests:
|
||||
|
|
|
@ -9,9 +9,9 @@ info:
|
|||
- https://twitter.com/JacksonHHax/status/1391367064154042377
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-32478
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 5.4
|
||||
cwe-id: CWE-80
|
||||
tags: moodle,xss
|
||||
|
||||
requests:
|
||||
|
|
|
@ -10,9 +10,9 @@ info:
|
|||
- https://www.exploit-db.com/exploits/49546
|
||||
- https://www.sourcecodester.com/
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 5.4
|
||||
cwe-id: CWE-80
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.html:"Car Rental Management System"
|
||||
|
|
|
@ -3,7 +3,7 @@ id: kavita-lfi
|
|||
info:
|
||||
name: Kavita - Local File Inclusion
|
||||
author: arafatansari
|
||||
severity: medium
|
||||
severity: high
|
||||
description: |
|
||||
Kavita - Path Traversal is vulnerable to local file inclusion via abusing the Path Traversal filename parameter of the /api/image/cover-upload.
|
||||
reference:
|
||||
|
|
|
@ -3,14 +3,14 @@ id: keycloak-xss
|
|||
info:
|
||||
name: Keycloak <= 8.0 - Cross-Site Scripting
|
||||
author: incogbyte
|
||||
severity: info
|
||||
severity: medium
|
||||
description: Keycloak 8.0 and prior contains a cross-site scripting vulnerability. An attacker can execute arbitrary script and thus steal cookie-based authentication credentials and launch other attacks.
|
||||
reference:
|
||||
- https://cure53.de/pentest-report_keycloak.pdf
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 5.4
|
||||
cwe-id: CWE-80
|
||||
tags: keycloak,xss
|
||||
|
||||
requests:
|
||||
|
|
|
@ -8,9 +8,9 @@ info:
|
|||
reference:
|
||||
- https://www.exploit-db.com/exploits/26305
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 5.4
|
||||
cwe-id: CWE-80
|
||||
tags: edb,xss,squirrelmail,plugin
|
||||
|
||||
requests:
|
||||
|
|
|
@ -8,9 +8,9 @@ info:
|
|||
reference:
|
||||
- https://www.exploit-db.com/exploits/34814
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 5.4
|
||||
cwe-id: CWE-80
|
||||
tags: xss,squirrelmail,plugin,edb
|
||||
|
||||
requests:
|
||||
|
|
|
@ -3,13 +3,13 @@ id: ecology-arbitrary-file-upload
|
|||
info:
|
||||
name: Ecology - Arbitrary File Upload
|
||||
author: ritikchaddha
|
||||
severity: medium
|
||||
severity: critical
|
||||
description: Ecology contains an arbitrary file upload vulnerability. An attacker can upload arbitrary files to the server, which in turn can be used to make the application execute file content as code, As a result, an attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
|
||||
reference:
|
||||
- https://mp.weixin.qq.com/s/wH5luLISE_G381W2ssv93g
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 8.8
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cwe-id: CWE-434
|
||||
metadata:
|
||||
fofa-query: app="泛微-协同办公OA"
|
||||
|
|
|
@ -9,9 +9,9 @@ info:
|
|||
- https://wpscan.com/vulnerability/4a310b4f-79fa-4b74-93f8-e4522921abe1
|
||||
- https://wordpress.org/plugins/404-to-301
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 5.4
|
||||
cwe-id: CWE-80
|
||||
tags: wpscan,wp-plugin,xss,wp,wordpress,authenticated
|
||||
|
||||
requests:
|
||||
|
|
|
@ -12,9 +12,9 @@ info:
|
|||
verified: true
|
||||
google-query: inurl:/wp-content/plugins/wp-analytify
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 5.4
|
||||
cwe-id: CWE-80
|
||||
tags: wp,wordpress,analytify,wpscan,wp-plugin,xss
|
||||
|
||||
requests:
|
||||
|
|
|
@ -12,9 +12,9 @@ info:
|
|||
metadata:
|
||||
verified: true
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 5.4
|
||||
cwe-id: CWE-80
|
||||
tags: xss,,wp,wpscan,wordpress,wp-plugin
|
||||
|
||||
|
||||
|
|
|
@ -13,9 +13,9 @@ info:
|
|||
metadata:
|
||||
verified: true
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 5.4
|
||||
cwe-id: CWE-80
|
||||
tags: wordpress,wp-plugin,xss,wp,wpscan
|
||||
|
||||
requests:
|
||||
|
|
|
@ -11,9 +11,9 @@ info:
|
|||
metadata:
|
||||
verified: true
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 5.4
|
||||
cwe-id: CWE-80
|
||||
tags: xss,wp,wordpress,authenticated,woocommerce,wpscan,wp-plugin
|
||||
|
||||
requests:
|
||||
|
|
|
@ -9,9 +9,9 @@ info:
|
|||
- https://wpscan.com/vulnerability/a59e7102-13d6-4f1e-b7b1-75eae307e516
|
||||
- https://wordpress.org/plugins/clearfy
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 5.4
|
||||
cwe-id: CWE-80
|
||||
tags: xss,wp,wordpress,authenticated,clearfy-cache,wpscan,wp-plugin
|
||||
|
||||
requests:
|
||||
|
|
|
@ -11,9 +11,9 @@ info:
|
|||
metadata:
|
||||
verified: true
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 5.4
|
||||
cwe-id: CWE-80
|
||||
tags: wp-plugin,xss,wp,wordpress,authenticated,curcy,wpscan
|
||||
|
||||
requests:
|
||||
|
|
|
@ -8,9 +8,9 @@ info:
|
|||
reference:
|
||||
- https://wpscan.com/vulnerability/8354b34e-40f4-4b70-bb09-38e2cf572ce9
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 5.4
|
||||
cwe-id: CWE-80
|
||||
tags: xss,wordpress,wpscan
|
||||
|
||||
requests:
|
||||
|
|
|
@ -8,9 +8,9 @@ info:
|
|||
reference:
|
||||
- https://wpscan.com/vulnerability/d13f26f0-5d91-49d7-b514-1577d4247648
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 5.4
|
||||
cwe-id: CWE-80
|
||||
tags: wp,wordpress,wp-plugin,xss,wpscan
|
||||
|
||||
requests:
|
||||
|
|
|
@ -11,9 +11,9 @@ info:
|
|||
metadata:
|
||||
verified: true
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 5.4
|
||||
cwe-id: CWE-80
|
||||
tags: authenticated,wpscan,wp-plugin,xss,wp,wordpress
|
||||
|
||||
requests:
|
||||
|
|
|
@ -11,9 +11,9 @@ info:
|
|||
metadata:
|
||||
verified: true
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 5.4
|
||||
cwe-id: CWE-80
|
||||
tags: wordpress,xss,authenticated,wp-plugin,wpscan,wp
|
||||
|
||||
requests:
|
||||
|
|
|
@ -9,9 +9,9 @@ info:
|
|||
reference:
|
||||
- https://wpscan.com/vulnerability/4631519b-2060-43a0-b69b-b3d7ed94c705
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 5.4
|
||||
cwe-id: CWE-80
|
||||
tags: xss,wp,wpscan,wordpress,wp-plugin,sassy
|
||||
|
||||
requests:
|
||||
|
|
|
@ -10,9 +10,9 @@ info:
|
|||
reference:
|
||||
- https://wpscan.com/vulnerability/b694b9c0-a367-468c-99c2-6ba35bcf21ea
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 5.4
|
||||
cwe-id: CWE-80
|
||||
tags: wordpress,xss,wp-plugin,authenticated,wpscan
|
||||
|
||||
requests:
|
||||
|
|
|
@ -11,9 +11,9 @@ info:
|
|||
metadata:
|
||||
verified: true
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 5.4
|
||||
cwe-id: CWE-80
|
||||
tags: shortpixel,authenticated,wpscan,xss,wp-plugin,wp,wordpress
|
||||
|
||||
requests:
|
||||
|
|
|
@ -9,9 +9,9 @@ info:
|
|||
- https://wpscan.com/vulnerability/bc05dde0-98a2-46e3-b2c8-7bdc8c32394b
|
||||
- https://wordpress.org/plugins/woocommerce-pdf-invoices-packing-slips/
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 5.4
|
||||
cwe-id: CWE-80
|
||||
tags: xss,wp,wordpress,woocommerce,authenticated,wpscan,wp-plugin
|
||||
|
||||
requests:
|
||||
|
|
|
@ -8,9 +8,9 @@ info:
|
|||
reference:
|
||||
- https://twitter.com/naglinagli/status/1382082473744564226
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 5.4
|
||||
cwe-id: CWE-80
|
||||
tags: wordpress,wordfence,xss,bypass
|
||||
|
||||
requests:
|
||||
|
|
|
@ -6,9 +6,9 @@ info:
|
|||
severity: medium
|
||||
description: WordPress Wordfence 7.4.6 is vulnerable to cross-site scripting.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 5.4
|
||||
cwe-id: CWE-80
|
||||
tags: wordpress,wp-plugin,xss,wordfence
|
||||
|
||||
requests:
|
||||
|
|
|
@ -10,9 +10,9 @@ info:
|
|||
- https://blog.wpscan.com/2021/02/15/zebra-form-xss-wordpress-vulnerability-affects-multiple-plugins.html
|
||||
- https://wpscan.com/vulnerability/e4b796fa-3215-43ff-a6aa-71f6e1db25e5
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 5.4
|
||||
cwe-id: CWE-80
|
||||
tags: wordpress,xss,wp,wpscan
|
||||
|
||||
requests:
|
||||
|
|
|
@ -10,9 +10,9 @@ info:
|
|||
reference:
|
||||
- https://wpscan.com/vulnerability/de330a59-d64d-40be-86df-98997949e5e4
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 5.4
|
||||
cwe-id: CWE-80
|
||||
tags: wp-plugin,xss,wp,wordpress,authenticated,wpscan
|
||||
|
||||
requests:
|
||||
|
|
|
@ -10,9 +10,9 @@ info:
|
|||
- https://www.exploit-db.com/expl oits/38568
|
||||
- https://wpscan.com/vulnerability/c465e5c1-fe43-40e9-894a-97b8ac462381
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 5.4
|
||||
cwe-id: CWE-80
|
||||
tags: wp-plugin,wp,edb,wpscan,wordpress,xss
|
||||
|
||||
requests:
|
||||
|
|
|
@ -8,9 +8,9 @@ info:
|
|||
reference:
|
||||
- https://www.securify.nl/en/advisory/cross-site-scripting-in-code-snippets-wordpress-plugin/
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 5.4
|
||||
cwe-id: CWE-80
|
||||
tags: wordpress,xss,wp-plugin,authenticated
|
||||
|
||||
requests:
|
||||
|
|
Loading…
Reference in New Issue