Dashboard Template Enhancements (#3752)
* Enhancement: cves/2021/CVE-2021-1497.yaml by cs * Enhancement: cves/2010/CVE-2010-1957.yaml by mp * Enhancement: cves/2010/CVE-2010-1977.yaml by mp * Enhancement: cves/2010/CVE-2010-1979.yaml by mp * Enhancement: cves/2010/CVE-2010-1980.yaml by mp * Enhancement: cves/2010/CVE-2010-1981.yaml by mp * Enhancement: cves/2010/CVE-2010-1982.yaml by mp * Enhancement: cves/2010/CVE-2010-1983.yaml by mp * Enhancement: cves/2010/CVE-2010-2033.yaml by mp * Enhancement: cves/2010/CVE-2010-2034.yaml by mp * Enhancement: cves/2010/CVE-2010-2035.yaml by mp * Enhancement: cves/2010/CVE-2010-2036.yaml by mp * Enhancement: cves/2010/CVE-2010-2037.yaml by mp * Enhancement: cves/2010/CVE-2010-2045.yaml by mp * Enhancement: cves/2010/CVE-2010-2050.yaml by mp * Enhancement: cves/2010/CVE-2010-2122.yaml by mp * Enhancement: cves/2010/CVE-2010-1980.yaml by mp * Enhancement: cves/2010/CVE-2010-1981.yaml by mp * Enhancement: cves/2010/CVE-2010-1982.yaml by mp * Enhancement: cves/2010/CVE-2010-2035.yaml by mp * Enhancement: cves/2010/CVE-2010-2128.yaml by mp * Enhancement: cves/2010/CVE-2010-2259.yaml by mp * Enhancement: cves/2010/CVE-2010-2307.yaml by mp * Enhancement: cves/2010/CVE-2010-2507.yaml by mp * Enhancement: cves/2010/CVE-2010-2680.yaml by mp * Enhancement: cves/2010/CVE-2010-2682.yaml by mp * Enhancement: cves/2010/CVE-2010-2857.yaml by mp * Enhancement: cves/2010/CVE-2010-2861.yaml by mp * Enhancement: cves/2010/CVE-2010-2918.yaml by mp * Enhancement: cves/2010/CVE-2010-2920.yaml by mp * Enhancement: cves/2010/CVE-2010-3203.yaml by mp * Enhancement: cves/2010/CVE-2010-3426.yaml by mp * Enhancement: cves/2010/CVE-2010-4617.yaml by mp * Enhancement: cves/2010/CVE-2010-4231.yaml by mp * Enhancement: cves/2010/CVE-2010-4282.yaml by mp * Enhancement: cves/2010/CVE-2010-4282.yaml by mp * Enhancement: cves/2010/CVE-2010-4617.yaml by mp * Enhancement: cves/2010/CVE-2010-4719.yaml by mp * Enhancement: cves/2010/CVE-2010-4769.yaml by mp * Enhancement: cves/2010/CVE-2010-4977.yaml by mp * Enhancement: cves/2010/CVE-2010-5028.yaml by mp * Enhancement: cves/2010/CVE-2010-5278.yaml by mp * Enhancement: cves/2010/CVE-2010-5286.yaml by mp * Enhancement: cves/2011/CVE-2011-0049.yaml by mp * Enhancement: cves/2011/CVE-2011-1669.yaml by mp * Enhancement: cves/2011/CVE-2011-2744.yaml by mp * Enhancement: cves/2000/CVE-2000-0114.yaml by mp * Enhancement: cves/2011/CVE-2011-3315.yaml by mp * Enhancement: cves/2011/CVE-2011-4336.yaml by mp * Enhancement: cves/2011/CVE-2011-4618.yaml by mp * Enhancement: cves/2011/CVE-2011-4624.yaml by mp * Enhancement: cves/2011/CVE-2011-4804.yaml by mp * Enhancement: cves/2011/CVE-2011-0049.yaml by mp * Enhancement: cves/2011/CVE-2011-2780.yaml by mp * Enhancement: cves/2011/CVE-2011-2780.yaml by mp * Enhancement: cves/2012/CVE-2012-1823.yaml by mp * Enhancement: cves/2012/CVE-2012-0392.yaml by mp * Enhancement: cves/2012/CVE-2012-1226.yaml by mp * Enhancement: cves/2012/CVE-2012-0996.yaml by mp * Enhancement: cves/2021/CVE-2021-39226.yaml by cs * Enhancement: cves/2021/CVE-2021-27358.yaml by cs * Enhancement: cves/2021/CVE-2021-43798.yaml by cs * Enhancement: cves/2021/CVE-2021-43798.yaml by cs * Enhancement: cves/2021/CVE-2021-43798.yaml by cs * Enhancement: cves/2012/CVE-2012-1835.yaml by mp * Enhancement: cves/2012/CVE-2012-0901.yaml by mp * Enhancement: cves/2011/CVE-2011-5265.yaml by mp * Enhancement: cves/2011/CVE-2011-5181.yaml by mp * Enhancement: cves/2011/CVE-2011-5179.yaml by mp * Enhancement: cves/2011/CVE-2011-5107.yaml by mp * Enhancement: cves/2011/CVE-2011-5106.yaml by mp * Enhancement: cves/2011/CVE-2011-4926.yaml by mp * Enhancement: cves/2012/CVE-2012-0991.yaml by mp * Enhancement: cves/2012/CVE-2012-0981.yaml by mp * Enhancement: cves/2012/CVE-2012-0896.yaml by mp * Enhancement: cves/2012/CVE-2012-0392.yaml by mp * Enhancement: cves/2012/CVE-2012-0392.yaml by mp Fix "too few spaces before comment" lint errors * Enhancement: cves/2011/CVE-2011-5106.yaml by mp * Enhancement: cves/2011/CVE-2011-4926.yaml by mp * Enhancement: cves/2013/CVE-2013-2287.yaml by mp * Enhancement: cves/2012/CVE-2012-5913.yaml by mp * Enhancement: cves/2012/CVE-2012-4889.yaml by mp * Enhancement: cves/2012/CVE-2012-4768.yaml by mp * Enhancement: cves/2012/CVE-2012-4547.yaml by mp * Enhancement: cves/2012/CVE-2012-4273.yaml by mp * Enhancement: cves/2012/CVE-2012-4242.yaml by mp * Enhancement: cves/2012/CVE-2012-2371.yaml by mp * Enhancement: cves/2013/CVE-2013-2248.yaml by mp * Enhancement: cves/2012/CVE-2012-4940.yaml by mp * Enhancement: cves/2012/CVE-2012-4878.yaml by mp * Enhancement: cves/2012/CVE-2012-4253.yaml by mp * Enhancement: cves/2012/CVE-2012-4253.yaml by mp Trailing space * Enhancement: cves/2013/CVE-2013-2251.yaml by mp * Enhancement: cves/2013/CVE-2013-1965.yaml by mp * Enhancement: cves/2012/CVE-2012-3153.yaml by mp * Enhancement: cves/2012/CVE-2012-5913.yaml by mp * Enhancement: cves/2012/CVE-2012-4242.yaml by mp * Merge conflict * Fix references syntax * Fix syntax. Again. * Update CVE-2011-4926.yaml * Enhancement: cves/2021/CVE-2021-28073.yaml by cs * Enhancement: cves/2021/CVE-2021-39226.yaml by cs * Enhancement: cves/2021/CVE-2021-20167.yaml by cs * Enhancement: cves/2021/CVE-2021-40438.yaml by cs * Enhancement: cves/2021/CVE-2021-40438.yaml by cs Co-authored-by: sullo <sullo@cirt.net>patch-1
parent
fade3db21a
commit
3e13f1cce6
|
@ -4,7 +4,8 @@ info:
|
||||||
name: Netgear RAX43 - Unauthenticated Command Injection / Authentication Bypass Buffer Overrun via LAN Interface
|
name: Netgear RAX43 - Unauthenticated Command Injection / Authentication Bypass Buffer Overrun via LAN Interface
|
||||||
author: gy741
|
author: gy741
|
||||||
severity: critical
|
severity: critical
|
||||||
description: This vulnerability uses a combination of CVE-2021-20166 and CVE-2021-20167. Netgear RAX43 version 1.0.3.96 contains a command injection and authbypass vulnerability. The readycloud cgi application is vulnerable to command injection in the name parameter. and The URL parsing functionality in the cgi-bin endpoint of the router containers a buffer overrun issue that can redirection control flow of the applicaiton.
|
description: "Netgear RAX43 version 1.0.3.96 contains a command injection and authentication bypass vulnerability. The readycloud_control.cgi CGI application is vulnerable to command injection in the name parameter. Additionally, the URL parsing functionality in the cgi-bin endpoint of the router containers a buffer overrun issue that can redirection control flow of the application. Note: This vulnerability uses a combination of CVE-2021-20166 and CVE-2021-20167."
|
||||||
|
remediation: Upgrade to newer release of the RAX43 firmware.
|
||||||
reference:
|
reference:
|
||||||
- https://www.tenable.com/security/research/tra-2021-55
|
- https://www.tenable.com/security/research/tra-2021-55
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-20166
|
- https://nvd.nist.gov/vuln/detail/CVE-2021-20166
|
||||||
|
@ -30,3 +31,5 @@ requests:
|
||||||
part: interactsh_protocol
|
part: interactsh_protocol
|
||||||
words:
|
words:
|
||||||
- "http"
|
- "http"
|
||||||
|
|
||||||
|
# Enhanced by cs on 2022/02/22
|
||||||
|
|
|
@ -4,11 +4,15 @@ info:
|
||||||
name: Ntopng Authentication Bypass
|
name: Ntopng Authentication Bypass
|
||||||
author: z3bd
|
author: z3bd
|
||||||
severity: critical
|
severity: critical
|
||||||
description: Ntopng is a passive network monitoring tool focused on flows and statistics that can be obtained from the traffic captured by the server. There is a authentication bypass vulnerability in ntopng <= 4.2
|
description: Ntopng, a passive network monitoring tool, contains an authentication bypass vulnerability in ntopng <= 4.2
|
||||||
|
remediation: Upgrade to version 4.3 or later.
|
||||||
tags: ntopng,cve,cve2021
|
tags: ntopng,cve,cve2021
|
||||||
reference:
|
reference:
|
||||||
|
- https://nvd.nist.gov/vuln/detail/CVE-2021-27573
|
||||||
- http://noahblog.360.cn/ntopng-multiple-vulnerabilities/
|
- http://noahblog.360.cn/ntopng-multiple-vulnerabilities/
|
||||||
- https://github.com/AndreaOm/docs/blob/c27d2db8dbedb35c9e69109898aaecd0f849186a/wikipoc/PeiQi_Wiki/%E6%9C%8D%E5%8A%A1%E5%99%A8%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/HongKe/HongKe%20ntopng%20%E6%B5%81%E9%87%8F%E5%88%86%E6%9E%90%E7%B3%BB%E7%BB%9F%20%E6%9D%83%E9%99%90%E7%BB%95%E8%BF%87%E6%BC%8F%E6%B4%9E%20CVE-2021-28073.md
|
- https://github.com/AndreaOm/docs/blob/c27d2db8dbedb35c9e69109898aaecd0f849186a/wikipoc/PeiQi_Wiki/%E6%9C%8D%E5%8A%A1%E5%99%A8%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/HongKe/HongKe%20ntopng%20%E6%B5%81%E9%87%8F%E5%88%86%E6%9E%90%E7%B3%BB%E7%BB%9F%20%E6%9D%83%E9%99%90%E7%BB%95%E8%BF%87%E6%BC%8F%E6%B4%9E%20CVE-2021-28073.md
|
||||||
|
classification:
|
||||||
|
cve-id: CVE-2021-28073
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
@ -34,3 +38,5 @@ requests:
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
||||||
|
# Enhanced by cs on 2022/02/22
|
||||||
|
|
|
@ -3,7 +3,7 @@ id: CVE-2021-39226
|
||||||
info:
|
info:
|
||||||
name: Grafana Snapshot Authentication Bypass
|
name: Grafana Snapshot Authentication Bypass
|
||||||
author: Evan Rubinstein
|
author: Evan Rubinstein
|
||||||
description: Grafana instances up to 7.5.11 and 8.1.5 allow remote unauthenticated users to view the snapshot associated with the lowest database key by accessing the literal paths /api/snapshot/:key or /dashboard/snapshot/:key. If the snapshot is in public mode, unauthenticated users can delete snapshots by accessing the endpoint /api/snapshots-delete/:deleteKey. Authenticated users can also delete snapshots by accessing the endpoints /api/snapshots-delete/:deleteKey, or sending a delete request to /api/snapshot/:key, regardless of wether or not the snapshot is set to public mode (disabled by default).
|
description: Grafana instances up to 7.5.11 and 8.1.5 allow remote unauthenticated users to view the snapshot associated with the lowest database key by accessing the literal paths /api/snapshot/:key or /dashboard/snapshot/:key. If the snapshot is in public mode, unauthenticated users can delete snapshots by accessing the endpoint /api/snapshots-delete/:deleteKey. Authenticated users can also delete snapshots by accessing the endpoints /api/snapshots-delete/:deleteKey, or sending a delete request to /api/snapshot/:key, regardless of whether or not the snapshot is set to public mode (disabled by default).
|
||||||
remediation: "This issue has been resolved in versions 8.1.6 and 7.5.11. If you cannot upgrade you can block access to the literal paths: /api/snapshots/:key, /api/snapshots-delete/:deleteKey, /dashboard/snapshot/:key, and /api/snapshots/:key. They have no normal function and can be disabled without side effects."
|
remediation: "This issue has been resolved in versions 8.1.6 and 7.5.11. If you cannot upgrade you can block access to the literal paths: /api/snapshots/:key, /api/snapshots-delete/:deleteKey, /dashboard/snapshot/:key, and /api/snapshots/:key. They have no normal function and can be disabled without side effects."
|
||||||
reference:
|
reference:
|
||||||
- https://github.com/advisories/GHSA-69j6-29vr-p3j9
|
- https://github.com/advisories/GHSA-69j6-29vr-p3j9
|
||||||
|
@ -31,4 +31,4 @@ requests:
|
||||||
words:
|
words:
|
||||||
- '"isSnapshot":true'
|
- '"isSnapshot":true'
|
||||||
|
|
||||||
# Enhanced by cs on 2022/02/18
|
# Enhanced by cs on 2022/02/22
|
||||||
|
|
|
@ -1,10 +1,11 @@
|
||||||
id: CVE-2021-40438
|
id: CVE-2021-40438
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Apache <= 2.4.48 - Mod_Proxy SSRF
|
name: Apache <= 2.4.48 Mod_Proxy SSRF
|
||||||
author: pdteam
|
author: pdteam
|
||||||
severity: critical
|
severity: critical
|
||||||
description: A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user.
|
description: Apache 2.4.8 and below contain an issue where uri-path can cause mod_proxy to forward the request to an origin server chosen by the remote user.
|
||||||
|
remediation: Upgrade to Apache version 2.4.49 or newer.
|
||||||
reference:
|
reference:
|
||||||
- https://firzen.de/building-a-poc-for-cve-2021-40438
|
- https://firzen.de/building-a-poc-for-cve-2021-40438
|
||||||
- https://httpd.apache.org/security/vulnerabilities_24.html
|
- https://httpd.apache.org/security/vulnerabilities_24.html
|
||||||
|
@ -27,3 +28,5 @@ requests:
|
||||||
- type: word
|
- type: word
|
||||||
words:
|
words:
|
||||||
- "Interactsh Server"
|
- "Interactsh Server"
|
||||||
|
|
||||||
|
# Enhanced by cs on 2022/02/22
|
||||||
|
|
Loading…
Reference in New Issue