TemplateMan Update [Mon Apr 8 11:30:07 UTC 2024] 🤖

patch-1
GitHub Action 2024-04-08 11:30:07 +00:00
parent 465915c16e
commit 433dda4ae5
2075 changed files with 3395 additions and 3315 deletions

View File

@ -9,7 +9,7 @@ info:
metadata:
verified: true
max-request: 1
tags: cloud,enum,cloud-enum,azure
tags: cloud,enum,cloud-enum,azure,dns
self-contained: true

View File

@ -9,7 +9,7 @@ info:
metadata:
verified: true
max-request: 1
tags: cloud,cloud-enum,azure,fuzz,enum
tags: cloud,cloud-enum,azure,fuzz,enum,dns
self-contained: true

View File

@ -25,7 +25,7 @@ info:
max-request: 2
vendor: sudo_project
product: sudo
tags: packetstorm,cve,cve2019,sudo,code,linux,privesc,local,canonical
tags: packetstorm,cve,cve2019,sudo,code,linux,privesc,local,canonical,sudo_project
self-contained: true
code:

View File

@ -24,7 +24,7 @@ info:
verified: true
vendor: sudo_project
product: sudo
tags: packetstorm,cve,cve2021,sudo,code,linux,privesc,local,kev
tags: packetstorm,cve,cve2021,sudo,code,linux,privesc,local,kev,sudo_project
self-contained: true
code:

View File

@ -24,7 +24,7 @@ info:
max-request: 1
vendor: gnu
product: glibc
tags: cve,cve2023,code,glibc,looneytunables,linux,privesc,local,kev
tags: cve,cve2023,code,glibc,looneytunables,linux,privesc,local,kev,gnu
self-contained: true
code:

View File

@ -18,13 +18,13 @@ info:
cve-id: CVE-2023-6246
cwe-id: CWE-787,CWE-122
epss-score: 0.0077
epss-percentile: 0.80859
epss-percentile: 0.80911
cpe: cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: gnu
product: glibc
tags: cve,cve2023,code,glibc,linux,privesc,local
tags: cve,cve2023,code,glibc,linux,privesc,local,gnu
self-contained: true
code:

View File

@ -11,7 +11,7 @@ info:
metadata:
verified: true
max-request: 3
tags: code,linux,sqlite3,privesc,local
tags: code,linux,sqlite3,privesc,local,sqli
self-contained: true
code:

View File

@ -17,6 +17,7 @@ info:
cve-id: CVE-2018-19518
cwe-id: CWE-88
metadata:
max-request: 1
confidence: tenative
tags: imap,dast,vulhub,cve,cve2018,rce,oast,php

View File

@ -17,6 +17,7 @@ info:
cve-id: CVE-2021-45046
cwe-id: CWE-502
metadata:
max-request: 1
confidence: tenative
tags: cve,cve2021,rce,oast,log4j,injection,dast

View File

@ -6,19 +6,20 @@ info:
severity: critical
description: |
Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - "script" - execute expressions using the JVM script execution engine (javax.script) - "dns" - resolve dns records - "url" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators by default.
remediation: Upgrade to Apache Commons Text component between 1.5.0 to 1.10.0.
reference:
- https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om
- http://www.openwall.com/lists/oss-security/2022/10/13/4
- http://www.openwall.com/lists/oss-security/2022/10/18/1
- https://securitylab.github.com/advisories/GHSL-2022-018_Apache_Commons_Text/
- https://github.com/silentsignal/burp-text4shell
remediation: Upgrade to Apache Commons Text component between 1.5.0 to 1.10.0.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2022-42889
cwe-id: CWE-94
metadata:
max-request: 1
confidence: tenative
tags: cve,cve2022,rce,oast,text4shell,dast

View File

@ -10,6 +10,8 @@ info:
reference:
- https://portswigger.net/research/hunting-asynchronous-vulnerabilities
- https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Command%20Injection/README.md
metadata:
max-request: 4
tags: cmdi,oast,dast,blind,polyglot
variables:

View File

@ -9,6 +9,8 @@ info:
reference:
- https://bishopfox.com/blog/ruby-vulnerabilities-exploits
- https://codeql.github.com/codeql-query-help/ruby/rb-kernel-open/
metadata:
max-request: 1
tags: cmdi,oast,dast,blind,ruby,rce
variables:

View File

@ -7,6 +7,8 @@ info:
reference:
- https://www.invicti.com/blog/web-security/understanding-cookie-poisoning-attacks/
- https://docs.imperva.com/bundle/on-premises-knowledgebase-reference-guide/page/cookie_injection.htm
metadata:
max-request: 1
tags: reflected,dast,cookie,injection
variables:

View File

@ -4,6 +4,8 @@ info:
name: CRLF Injection
author: pdteam
severity: low
metadata:
max-request: 41
tags: crlf,dast
http:

View File

@ -6,6 +6,8 @@ info:
severity: unknown
reference:
- https://owasp.org/www-community/attacks/Unicode_Encoding
metadata:
max-request: 25
tags: dast,pathtraversal,lfi
variables:

View File

@ -7,6 +7,8 @@ info:
reference:
- https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Directory%20Traversal/Intruder/directory_traversal.txt
- https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/File%20Inclusion
metadata:
max-request: 46
tags: lfi,dast,linux
http:

View File

@ -4,6 +4,8 @@ info:
name: Local File Inclusion - Windows
author: pussycat0x
severity: high
metadata:
max-request: 39
tags: lfi,windows,dast
http:

View File

@ -4,6 +4,8 @@ info:
name: Open Redirect Detection
author: princechaddha
severity: medium
metadata:
max-request: 1
tags: redirect,dast
http:

View File

@ -6,6 +6,8 @@ info:
severity: high
reference:
- https://www.invicti.com/learn/remote-file-inclusion-rfi/
metadata:
max-request: 1
tags: rfi,dast,oast
http:

View File

@ -8,6 +8,8 @@ info:
Direct SQL Command Injection is a technique where an attacker creates or alters existing SQL commands to expose hidden data,
or to override valuable ones, or even to execute dangerous system level commands on the database host.
This is accomplished by the application taking user input and combining it with static parameters to build an SQL query .
metadata:
max-request: 3
tags: sqli,error,dast
http:

View File

@ -4,6 +4,8 @@ info:
name: Blind SSRF OAST Detection
author: pdteam
severity: medium
metadata:
max-request: 3
tags: ssrf,dast,oast
http:

View File

@ -6,6 +6,8 @@ info:
severity: high
reference:
- https://github.com/bugcrowd/HUNT/blob/master/ZAP/scripts/passive/SSRF.py
metadata:
max-request: 12
tags: ssrf,dast
http:

View File

@ -7,6 +7,8 @@ info:
reference:
- https://github.com/zaproxy/zap-extensions/blob/2d9898900abe85a47b9fe0ceb85ec39070816b98/addOns/ascanrulesAlpha/src/main/java/org/zaproxy/zap/extension/ascanrulesAlpha/SstiScanRule.java
- https://github.com/DiogoMRSilva/websitesVulnerableToSSTI#list-of-seversneeds-update
metadata:
max-request: 14
tags: ssti,dast
variables:

View File

@ -4,6 +4,8 @@ info:
name: Reflected Cross Site Scripting
author: pdteam
severity: medium
metadata:
max-request: 1
tags: xss,rxss,dast
variables:

View File

@ -6,6 +6,8 @@ info:
severity: medium
reference:
- https://github.com/andresriancho/w3af/blob/master/w3af/plugins/audit/xxe.py
metadata:
max-request: 2
tags: dast,xxe
variables:

View File

@ -5,7 +5,7 @@ info:
author: Sy3Omda,geeknik,forgedhallpass,ayadi
severity: unknown
description: Check for multiple keys/tokens/passwords hidden inside of files.
tags: exposure,token,file,disclosure
tags: exposure,token,file,disclosure,keys
# Extract secrets regex like api keys, password, token, etc ... for different services.
# Always validate the leaked key/tokens/passwords to make sure it's valid, a token/keys without any impact is not an valid issue.
# Severity is not fixed in this case, it varies from none to critical depending upon impact of disclosed key/tokes.

View File

@ -20,7 +20,7 @@ info:
cve-id: CVE-2000-0114
cwe-id: NVD-CWE-Other
epss-score: 0.15958
epss-percentile: 0.95829
epss-percentile: 0.95841
cpe: cpe:2.3:a:microsoft:internet_information_server:3.0:*:*:*:*:*:*:*
metadata:
max-request: 1

View File

@ -23,7 +23,7 @@ info:
cve-id: CVE-2005-3634
cwe-id: NVD-CWE-Other
epss-score: 0.02843
epss-percentile: 0.897
epss-percentile: 0.90511
cpe: cpe:2.3:a:sap:sap_web_application_server:6.10:*:*:*:*:*:*:*
metadata:
max-request: 1

View File

@ -22,7 +22,7 @@ info:
cve-id: CVE-2007-3010
cwe-id: CWE-20
epss-score: 0.97317
epss-percentile: 0.99868
epss-percentile: 0.99867
cpe: cpe:2.3:a:alcatel-lucent:omnipcx:7.1:*:enterprise:*:*:*:*:*
metadata:
verified: true
@ -31,7 +31,7 @@ info:
product: omnipcx
shodan-query: title:"OmniPCX for Enterprise"
fofa-query: app="Alcatel_Lucent-OmniPCX-Enterprise"
tags: cve,cve2007,kev,rce,alcatel
tags: cve,cve2007,kev,rce,alcatel,alcatel-lucent
http:
- method: GET

View File

@ -22,7 +22,7 @@ info:
cve-id: CVE-2008-1059
cwe-id: CWE-94
epss-score: 0.01493
epss-percentile: 0.86573
epss-percentile: 0.86593
cpe: cpe:2.3:a:wordpress:sniplets_plugin:1.1.2:*:*:*:*:*:*:*
metadata:
max-request: 1

View File

@ -25,11 +25,10 @@ info:
epss-percentile: 0.77516
cpe: cpe:2.3:a:wordpress:sniplets_plugin:1.1.2:*:*:*:*:*:*:*
metadata:
max-request: 1
max-request: 2
vendor: wordpress
product: sniplets_plugin
product: "sniplets_plugin"
tags: cve2008,cve,xss,wp-plugin,wp,edb,wpscan,wordpress,sniplets
flow: http(1) && http(2)
http:

View File

@ -22,7 +22,7 @@ info:
cve-id: CVE-2008-1547
cwe-id: CWE-601
epss-score: 0.03875
epss-percentile: 0.9108
epss-percentile: 0.91757
cpe: cpe:2.3:a:microsoft:exchange_server:2003:sp2:*:*:*:*:*:*
metadata:
max-request: 2

View File

@ -22,7 +22,7 @@ info:
cve-id: CVE-2008-2650
cwe-id: CWE-22
epss-score: 0.06344
epss-percentile: 0.93486
epss-percentile: 0.93508
cpe: cpe:2.3:a:cmsimple:cmsimple:3.1:*:*:*:*:*:*:*
metadata:
max-request: 1

View File

@ -21,7 +21,7 @@ info:
cve-id: CVE-2008-5587
cwe-id: CWE-22
epss-score: 0.02331
epss-percentile: 0.88625
epss-percentile: 0.89531
cpe: cpe:2.3:a:phppgadmin:phppgadmin:*:*:*:*:*:*:*:*
metadata:
max-request: 1

View File

@ -20,7 +20,7 @@ info:
cve-id: CVE-2008-6080
cwe-id: CWE-22
epss-score: 0.03314
epss-percentile: 0.90395
epss-percentile: 0.91148
cpe: cpe:2.3:a:codecall:com_ionfiles:4.4.2:*:*:*:*:*:*:*
metadata:
max-request: 1

View File

@ -13,13 +13,14 @@ info:
- https://www.exploit-db.com/exploits/6980
- https://nvd.nist.gov/vuln/detail/CVE-2008-6222
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46356
- https://github.com/ARPSyndicate/kenzer-templates
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N
cvss-score: 5
cve-id: CVE-2008-6222
cwe-id: CWE-22
epss-score: 0.01029
epss-percentile: 0.82175
epss-score: 0.01302
epss-percentile: 0.85607
cpe: cpe:2.3:a:joomlashowroom:pro_desk_support_center:1.0:*:*:*:*:*:*:*
metadata:
max-request: 1

View File

@ -15,13 +15,14 @@ info:
- http://sourceforge.net/projects/devalcms/files/devalcms/devalcms-1.4b/devalcms-1.4b.zip/download
- https://nvd.nist.gov/vuln/detail/CVE-2008-6982
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44940
- https://github.com/ARPSyndicate/kenzer-templates
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N
cvss-score: 4.3
cve-id: CVE-2008-6982
cwe-id: CWE-79
epss-score: 0.0038
epss-percentile: 0.70097
epss-percentile: 0.72554
cpe: cpe:2.3:a:devalcms:devalcms:1.4a:*:*:*:*:*:*:*
metadata:
verified: true

View File

@ -18,7 +18,7 @@ info:
cve-id: CVE-2008-7269
cwe-id: CWE-20
epss-score: 0.01425
epss-percentile: 0.86241
epss-percentile: 0.86272
cpe: cpe:2.3:a:boka:siteengine:5.0:*:*:*:*:*:*:*
metadata:
verified: "true"

View File

@ -21,7 +21,7 @@ info:
cve-id: CVE-2009-0932
cwe-id: CWE-22
epss-score: 0.04048
epss-percentile: 0.919
epss-percentile: 0.91931
cpe: cpe:2.3:a:debian:horde:3.2:*:*:*:*:*:*:*
metadata:
max-request: 1

View File

@ -20,8 +20,8 @@ info:
cvss-score: 4.3
cve-id: CVE-2009-1872
cwe-id: CWE-79
epss-score: 0.37553
epss-percentile: 0.97102
epss-score: 0.32712
epss-percentile: 0.96936
cpe: cpe:2.3:a:adobe:coldfusion:*:*:*:*:*:*:*:*
metadata:
verified: true

View File

@ -19,7 +19,7 @@ info:
cve-id: CVE-2009-2100
cwe-id: CWE-22
epss-score: 0.00779
epss-percentile: 0.80973
epss-percentile: 0.8102
cpe: cpe:2.3:a:joomla:joomla:*:*:*:*:*:*:*:*
metadata:
max-request: 1

View File

@ -14,13 +14,14 @@ info:
- http://www.vupen.com/english/advisories/2009/1494
- https://nvd.nist.gov/vuln/detail/CVE-2009-4202
- http://www.exploit-db.com/exploits/8870
- https://github.com/ARPSyndicate/kenzer-templates
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P
cvss-score: 7.5
cve-id: CVE-2009-4202
cwe-id: CWE-22
epss-score: 0.01956
epss-percentile: 0.87449
epss-percentile: 0.88476
cpe: cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:*
metadata:
max-request: 1

View File

@ -21,7 +21,7 @@ info:
cve-id: CVE-2010-0219
cwe-id: CWE-255
epss-score: 0.97509
epss-percentile: 0.99981
epss-percentile: 0.99982
cpe: cpe:2.3:a:apache:axis2:1.3:*:*:*:*:*:*:*
metadata:
max-request: 2

View File

@ -20,7 +20,7 @@ info:
cve-id: CVE-2010-0696
cwe-id: CWE-22
epss-score: 0.57303
epss-percentile: 0.97418
epss-percentile: 0.97645
cpe: cpe:2.3:a:joomlaworks:jw_allvideos:3.0:*:*:*:*:*:*:*
metadata:
max-request: 1

View File

@ -20,7 +20,7 @@ info:
cve-id: CVE-2010-0759
cwe-id: CWE-22
epss-score: 0.01569
epss-percentile: 0.86974
epss-percentile: 0.86988
cpe: cpe:2.3:a:greatjoomla:scriptegrator_plugin:1.4.1:*:*:*:*:*:*:*
metadata:
max-request: 1

View File

@ -20,7 +20,7 @@ info:
cve-id: CVE-2010-0943
cwe-id: CWE-22
epss-score: 0.01155
epss-percentile: 0.83338
epss-percentile: 0.84586
cpe: cpe:2.3:a:joomlart:com_jashowcase:*:*:*:*:*:*:*:*
metadata:
max-request: 1

View File

@ -20,7 +20,7 @@ info:
cve-id: CVE-2010-0972
cwe-id: CWE-22
epss-score: 0.00813
epss-percentile: 0.81406
epss-percentile: 0.8146
cpe: cpe:2.3:a:g4j.laoneo:com_gcalendar:2.1.5:*:*:*:*:*:*:*
metadata:
max-request: 1

View File

@ -11,13 +11,14 @@ info:
reference:
- https://www.exploit-db.com/exploits/10942
- https://nvd.nist.gov/vuln/detail/CVE-2010-0982
- https://github.com/ARPSyndicate/kenzer-templates
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:N/A:N
cvss-score: 4.3
cve-id: CVE-2010-0982
cwe-id: CWE-22
epss-score: 0.0087
epss-percentile: 0.80553
epss-score: 0.19302
epss-percentile: 0.96179
cpe: cpe:2.3:a:joomlamo:com_cartweberp:1.56.75:*:*:*:*:*:*:*
metadata:
max-request: 1

View File

@ -12,13 +12,14 @@ info:
- https://www.exploit-db.com/exploits/11511
- https://nvd.nist.gov/vuln/detail/CVE-2010-1081
- http://www.corejoomla.com/component/content/article/1-corejoomla-updates/40-community-polls-v153-security-release.html
- https://github.com/ARPSyndicate/kenzer-templates
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N
cvss-score: 5
cve-id: CVE-2010-1081
cwe-id: CWE-22
epss-score: 0.0168
epss-percentile: 0.8632
epss-score: 0.36214
epss-percentile: 0.97067
cpe: cpe:2.3:a:corejoomla:com_communitypolls:*:*:*:*:*:*:*:*
metadata:
max-request: 1

View File

@ -19,7 +19,7 @@ info:
cve-id: CVE-2010-1219
cwe-id: CWE-22
epss-score: 0.00813
epss-percentile: 0.81406
epss-percentile: 0.8146
cpe: cpe:2.3:a:com_janews:com_janews:1.0:*:*:*:*:*:*:*
metadata:
max-request: 1

View File

@ -20,7 +20,7 @@ info:
cve-id: CVE-2010-1305
cwe-id: CWE-22
epss-score: 0.03203
epss-percentile: 0.90236
epss-percentile: 0.91022
cpe: cpe:2.3:a:joomlamo:com_jinventory:1.23.02:*:*:*:*:*:*:*
metadata:
max-request: 1

View File

@ -13,13 +13,14 @@ info:
- https://nvd.nist.gov/vuln/detail/CVE-2010-1307
- http://www.vupen.com/english/advisories/2010/0806
- https://exchange.xforce.ibmcloud.com/vulnerabilities/57531
- https://github.com/ARPSyndicate/kenzer-templates
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N
cvss-score: 5
cve-id: CVE-2010-1307
cwe-id: CWE-22
epss-score: 0.01751
epss-percentile: 0.86604
epss-percentile: 0.87711
cpe: cpe:2.3:a:software.realtyna:com_joomlaupdater:1.0:*:*:*:*:*:*:*
metadata:
max-request: 1

View File

@ -19,7 +19,7 @@ info:
cve-id: CVE-2010-1308
cwe-id: CWE-22
epss-score: 0.01334
epss-percentile: 0.85765
epss-percentile: 0.85783
cpe: cpe:2.3:a:la-souris-verte:com_svmap:1.1.1:*:*:*:*:*:*:*
metadata:
max-request: 1

View File

@ -20,7 +20,7 @@ info:
cve-id: CVE-2010-1315
cwe-id: CWE-22
epss-score: 0.0087
epss-percentile: 0.82023
epss-percentile: 0.82084
cpe: cpe:2.3:a:joomlamo:com_weberpcustomer:1.2.1:*:*:*:*:*:*:*
metadata:
max-request: 1

View File

@ -19,7 +19,7 @@ info:
cve-id: CVE-2010-1345
cwe-id: CWE-22
epss-score: 0.00477
epss-percentile: 0.75244
epss-percentile: 0.75338
cpe: cpe:2.3:a:cookex:com_ckforms:1.3.3:*:*:*:*:*:*:*
metadata:
max-request: 1

View File

@ -19,7 +19,7 @@ info:
cve-id: CVE-2010-1352
cwe-id: CWE-22
epss-score: 0.00477
epss-percentile: 0.75244
epss-percentile: 0.75338
cpe: cpe:2.3:a:jooforge:com_jukebox:1.0:*:*:*:*:*:*:*
metadata:
max-request: 1

View File

@ -20,7 +20,7 @@ info:
cve-id: CVE-2010-1470
cwe-id: CWE-22
epss-score: 0.04616
epss-percentile: 0.92373
epss-percentile: 0.92396
cpe: cpe:2.3:a:dev.pucit.edu.pk:com_webtv:1.0:*:*:*:*:*:*:*
metadata:
max-request: 1

View File

@ -20,7 +20,7 @@ info:
cve-id: CVE-2010-1471
cwe-id: CWE-22
epss-score: 0.05684
epss-percentile: 0.93171
epss-percentile: 0.9319
cpe: cpe:2.3:a:b-elektro:com_addressbook:1.5.0:*:*:*:*:*:*:*
metadata:
max-request: 1

View File

@ -20,7 +20,7 @@ info:
cve-id: CVE-2010-1472
cwe-id: CWE-22
epss-score: 0.05684
epss-percentile: 0.93171
epss-percentile: 0.9319
cpe: cpe:2.3:a:kazulah:com_horoscope:1.5.0:*:*:*:*:*:*:*
metadata:
max-request: 1

View File

@ -20,7 +20,7 @@ info:
cve-id: CVE-2010-1531
cwe-id: CWE-22
epss-score: 0.01815
epss-percentile: 0.86892
epss-percentile: 0.87938
cpe: cpe:2.3:a:redcomponent:com_redshop:1.0:*:*:*:*:*:*:*
metadata:
max-request: 1

View File

@ -18,7 +18,7 @@ info:
cve-id: CVE-2010-1534
cwe-id: CWE-22
epss-score: 0.01385
epss-percentile: 0.86058
epss-percentile: 0.86077
cpe: cpe:2.3:a:joomla.batjo:com_shoutbox:*:*:*:*:*:*:*:*
metadata:
max-request: 1

View File

@ -12,13 +12,14 @@ info:
reference:
- https://www.exploit-db.com/exploits/11625
- https://nvd.nist.gov/vuln/detail/CVE-2010-1540
- https://github.com/ARPSyndicate/kenzer-templates
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N
cvss-score: 5
cve-id: CVE-2010-1540
cwe-id: CWE-22
epss-score: 0.0045
epss-percentile: 0.72402
epss-percentile: 0.74677
cpe: cpe:2.3:a:myblog:com_myblog:3.0.329:*:*:*:*:*:*:*
metadata:
max-request: 1

View File

@ -21,7 +21,7 @@ info:
cve-id: CVE-2010-1602
cwe-id: CWE-22
epss-score: 0.03451
epss-percentile: 0.91267
epss-percentile: 0.91313
cpe: cpe:2.3:a:zimbllc:com_zimbcomment:0.8.1:*:*:*:*:*:*:*
metadata:
max-request: 1

View File

@ -19,7 +19,7 @@ info:
cve-id: CVE-2010-1603
cwe-id: CWE-22
epss-score: 0.03451
epss-percentile: 0.91267
epss-percentile: 0.91313
cpe: cpe:2.3:a:zimbllc:com_zimbcore:0.1:*:*:*:*:*:*:*
metadata:
max-request: 1

View File

@ -20,7 +20,7 @@ info:
cve-id: CVE-2010-1607
cwe-id: CWE-22
epss-score: 0.01726
epss-percentile: 0.87577
epss-percentile: 0.87631
cpe: cpe:2.3:a:paysyspro:com_wmi:1.5.0:*:*:*:*:*:*:*
metadata:
max-request: 1

View File

@ -21,7 +21,7 @@ info:
cve-id: CVE-2010-1653
cwe-id: CWE-22
epss-score: 0.03527
epss-percentile: 0.91355
epss-percentile: 0.91392
cpe: cpe:2.3:a:htmlcoderhelper:com_graphics:1.0.6:*:*:*:*:*:*:*
metadata:
max-request: 1

View File

@ -12,13 +12,14 @@ info:
- https://nvd.nist.gov/vuln/detail/CVE-2010-1715
- http://packetstormsecurity.org/1004-exploits/joomlaonlineexam-lfi.txt
- https://exchange.xforce.ibmcloud.com/vulnerabilities/57677
- https://github.com/ARPSyndicate/kenzer-templates
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P
cvss-score: 6.8
cve-id: CVE-2010-1715
cwe-id: CWE-22
epss-score: 0.01242
epss-percentile: 0.83996
epss-percentile: 0.85229
cpe: cpe:2.3:a:pucit.edu:com_onlineexam:1.5.0:*:*:*:*:*:*:*
metadata:
max-request: 1

View File

@ -14,13 +14,14 @@ info:
- https://nvd.nist.gov/vuln/detail/CVE-2010-1722
- http://www.exploit-db.com/exploits/12177
- https://exchange.xforce.ibmcloud.com/vulnerabilities/57674
- https://github.com/ARPSyndicate/kenzer-templates
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P
cvss-score: 6.8
cve-id: CVE-2010-1722
cwe-id: CWE-22
epss-score: 0.01242
epss-percentile: 0.83996
epss-percentile: 0.85229
cpe: cpe:2.3:a:dev.pucit.edu.pk:com_market:2.0:*:*:*:*:*:*:*
metadata:
max-request: 1

View File

@ -21,7 +21,7 @@ info:
cve-id: CVE-2010-1870
cwe-id: CWE-917
epss-score: 0.06174
epss-percentile: 0.92842
epss-percentile: 0.93421
cpe: cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*
metadata:
max-request: 2

View File

@ -21,7 +21,7 @@ info:
cve-id: CVE-2010-1878
cwe-id: CWE-22
epss-score: 0.00826
epss-percentile: 0.81565
epss-percentile: 0.81631
cpe: cpe:2.3:a:blueflyingfish.no-ip:com_orgchart:1.0.0:*:*:*:*:*:*:*
metadata:
max-request: 1

View File

@ -20,7 +20,7 @@ info:
cve-id: CVE-2010-1956
cwe-id: CWE-22
epss-score: 0.06055
epss-percentile: 0.92761
epss-percentile: 0.93366
cpe: cpe:2.3:a:thefactory:com_gadgetfactory:1.0.0:*:*:*:*:*:*:*
metadata:
max-request: 1

View File

@ -20,7 +20,7 @@ info:
cve-id: CVE-2010-1957
cwe-id: CWE-22
epss-score: 0.01671
epss-percentile: 0.87378
epss-percentile: 0.87414
cpe: cpe:2.3:a:thefactory:com_lovefactory:1.3.4:*:*:*:*:*:*:*
metadata:
max-request: 1

View File

@ -20,7 +20,7 @@ info:
cve-id: CVE-2010-1979
cwe-id: CWE-22
epss-score: 0.00826
epss-percentile: 0.81565
epss-percentile: 0.81631
cpe: cpe:2.3:a:affiliatefeeds:com_datafeeds:build_880:*:*:*:*:*:*:*
metadata:
max-request: 1

View File

@ -20,7 +20,7 @@ info:
cve-id: CVE-2010-1981
cwe-id: CWE-22
epss-score: 0.00656
epss-percentile: 0.77311
epss-percentile: 0.79117
cpe: cpe:2.3:a:fabrikar:fabrik:2.0:*:*:*:*:joomla\!:*:*
metadata:
max-request: 1

View File

@ -20,7 +20,7 @@ info:
cve-id: CVE-2010-1983
cwe-id: CWE-22
epss-score: 0.01815
epss-percentile: 0.87898
epss-percentile: 0.87938
cpe: cpe:2.3:a:redcomponent:com_redtwitter:1.0b8:*:*:*:*:*:*:*
metadata:
max-request: 1

View File

@ -18,8 +18,8 @@ info:
cvss-score: 7.5
cve-id: CVE-2010-2034
cwe-id: CWE-22
epss-score: 0.00718
epss-percentile: 0.7851
epss-score: 0.07071
epss-percentile: 0.93866
cpe: cpe:2.3:a:percha:com_perchaimageattach:1.1:*:*:*:*:*:*:*
metadata:
max-request: 1

View File

@ -20,7 +20,7 @@ info:
cve-id: CVE-2010-2122
cwe-id: CWE-22
epss-score: 0.01806
epss-percentile: 0.87868
epss-percentile: 0.87908
cpe: cpe:2.3:a:joelrowley:com_simpledownload:0.9.5:*:*:*:*:*:*:*
metadata:
max-request: 1

View File

@ -20,7 +20,7 @@ info:
cve-id: CVE-2010-2507
cwe-id: CWE-22
epss-score: 0.01671
epss-percentile: 0.87378
epss-percentile: 0.87414
cpe: cpe:2.3:a:masselink:com_picasa2gallery:*:*:*:*:*:*:*:*
metadata:
max-request: 1

View File

@ -11,13 +11,14 @@ info:
- https://nvd.nist.gov/vuln/detail/CVE-2010-2680
- http://packetstormsecurity.org/1006-exploits/joomlajesectionfinder-lfi.txt
- https://exchange.xforce.ibmcloud.com/vulnerabilities/59796
- https://github.com/ARPSyndicate/kenzer-templates
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P
cvss-score: 6.8
cve-id: CVE-2010-2680
cwe-id: CWE-22
epss-score: 0.00826
epss-percentile: 0.80059
epss-percentile: 0.81631
cpe: cpe:2.3:a:harmistechnology:com_jesectionfinder:*:*:*:*:*:*:*:*
metadata:
max-request: 1

View File

@ -11,13 +11,14 @@ info:
- https://nvd.nist.gov/vuln/detail/CVE-2010-2920
- http://www.vupen.com/english/advisories/2010/1844
- https://exchange.xforce.ibmcloud.com/vulnerabilities/57660
- https://github.com/ARPSyndicate/kenzer-templates
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P
cvss-score: 6.8
cve-id: CVE-2010-2920
cwe-id: CWE-22
epss-score: 0.03527
epss-percentile: 0.90637
epss-percentile: 0.91392
cpe: cpe:2.3:a:foobla:com_foobla_suggestions:1.5.1.2:*:*:*:*:*:*:*
metadata:
max-request: 1

View File

@ -20,7 +20,7 @@ info:
cve-id: CVE-2010-3426
cwe-id: CWE-22
epss-score: 0.00826
epss-percentile: 0.81565
epss-percentile: 0.81631
cpe: cpe:2.3:a:4you-studio:com_jphone:1.0:alpha3:*:*:*:*:*:*
metadata:
max-request: 1

View File

@ -11,13 +11,14 @@ info:
reference:
- https://www.exploit-db.com/exploits/15585
- https://nvd.nist.gov/vuln/detail/CVE-2010-4769
- https://github.com/ARPSyndicate/kenzer-templates
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P
cvss-score: 7.5
cve-id: CVE-2010-4769
cwe-id: CWE-22
epss-score: 0.00826
epss-percentile: 0.80059
epss-score: 0.22222
epss-percentile: 0.96389
cpe: cpe:2.3:a:janguo:com_jimtawl:1.0.2:*:*:*:*:*:*:*
metadata:
max-request: 1

View File

@ -19,8 +19,8 @@ info:
cvss-score: 5
cve-id: CVE-2011-0049
cwe-id: CWE-22
epss-score: 0.96615
epss-percentile: 0.99548
epss-score: 0.8814
epss-percentile: 0.98619
cpe: cpe:2.3:a:mj2:majordomo_2:*:*:*:*:*:*:*:*
metadata:
max-request: 1

View File

@ -21,7 +21,7 @@ info:
cve-id: CVE-2011-2780
cwe-id: CWE-22
epss-score: 0.03327
epss-percentile: 0.91127
epss-percentile: 0.91171
cpe: cpe:2.3:a:chyrp:chyrp:*:*:*:*:*:*:*:*
metadata:
max-request: 1

View File

@ -18,7 +18,7 @@ info:
cve-id: CVE-2011-4336
cwe-id: CWE-79
epss-score: 0.00255
epss-percentile: 0.64746
epss-percentile: 0.6488
cpe: cpe:2.3:a:tiki:tikiwiki_cms\/groupware:*:*:*:*:*:*:*:*
metadata:
max-request: 1

View File

@ -20,16 +20,15 @@ info:
cve-id: CVE-2011-4624
cwe-id: CWE-79
epss-score: 0.00431
epss-percentile: 0.74018
epss-percentile: 0.7409
cpe: cpe:2.3:a:codeasily:grand_flagallery:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 1
max-request: 2
vendor: codeasily
product: grand_flagallery
product: "grand_flagallery"
framework: wordpress
google-query: inurl:"/wp-content/plugins/flash-album-gallery"
google-query: "inurl:\"/wp-content/plugins/flash-album-gallery\""
tags: cve,cve2011,wordpress,xss,wp-plugin,codeasily
flow: http(1) && http(2)
http:

View File

@ -14,11 +14,13 @@ info:
cvss-score: 4
cve-id: CVE-2011-4640
cwe-id: CWE-22
cpe: cpe:2.3:a:spamtitan:spamtitan:*:*:*:*:*:*:*:*
epss-score: 0.02569
epss-percentile: 0.90017
cpe: cpe:2.3:a:spamtitan:webtitan:*:*:*:*:*:*:*:*
metadata:
max-request: 3
product: spamtitan
vendor: spamtitan
product: webtitan
shodan-query: title:"WebTitan"
tags: cve,cve2011,lfi,spamtitan,webtitan,authenticated

View File

@ -21,15 +21,14 @@ info:
cve-id: CVE-2011-4926
cwe-id: CWE-79
epss-score: 0.01792
epss-percentile: 0.86796
epss-percentile: 0.87857
cpe: cpe:2.3:a:bueltge:adminimize:*:*:*:*:*:*:*:*
metadata:
max-request: 1
max-request: 2
vendor: bueltge
product: adminimize
google-query: inurl:"/wp-content/plugins/adminimize/"
google-query: "inurl:\"/wp-content/plugins/adminimize/\""
tags: cve2011,cve,wordpress,xss,wp-plugin,bueltge
flow: http(1) && http(2)
http:

View File

@ -19,16 +19,15 @@ info:
cvss-score: 4.3
cve-id: CVE-2011-5107
cwe-id: CWE-79
epss-score: 0.00232
epss-percentile: 0.6058
epss-score: 0.00231
epss-percentile: 0.6067
cpe: cpe:2.3:a:wordpress:alert_before_you_post:*:*:*:*:*:*:*:*
metadata:
max-request: 1
max-request: 2
vendor: wordpress
product: alert_before_you_post
google-query: inurl:"/wp-content/plugins/alert-before-your-post"
product: "alert_before_you_post"
google-query: "inurl:\"/wp-content/plugins/alert-before-your-post\""
tags: cve,cve2011,wordpress,xss,wp-plugin
flow: http(1) && http(2)
http:

View File

@ -22,12 +22,11 @@ info:
epss-percentile: 0.61346
cpe: cpe:2.3:a:skysa:skysa_app_bar_integration_plugin:*:*:*:*:*:*:*:*
metadata:
max-request: 1
max-request: 2
vendor: skysa
product: skysa_app_bar_integration_plugin
google-query: inurl:"/wp-content/plugins/skysa-official/"
product: "skysa_app_bar_integration_plugin"
google-query: "inurl:\"/wp-content/plugins/skysa-official/\""
tags: cve,cve2011,wordpress,xss,wp-plugin,skysa
flow: http(1) && http(2)
http:

View File

@ -22,12 +22,11 @@ info:
epss-percentile: 0.71803
cpe: cpe:2.3:a:clickdesk:clickdesk_live_support-live_chat_plugin:2.0:*:*:*:*:*:*:*
metadata:
max-request: 1
max-request: 2
vendor: clickdesk
product: clickdesk_live_support-live_chat_plugin
google-query: inurl:"/wp-content/plugins/clickdesk-live-support-chat/"
product: "clickdesk_live_support-live_chat_plugin"
google-query: "inurl:\"/wp-content/plugins/clickdesk-live-support-chat/\""
tags: cve2011,cve,wordpress,xss,wp-plugin,clickdesk
flow: http(1) && http(2)
http:

View File

@ -23,12 +23,11 @@ info:
epss-percentile: 0.75288
cpe: cpe:2.3:a:featurific_for_wordpress_project:featurific-for-wordpress:1.6.2:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: featurific_for_wordpress_project
product: featurific-for-wordpress
google-query: inurl:"/wp-content/plugins/featurific-for-wordpress"
max-request: 2
vendor: "featurific_for_wordpress_project"
product: "featurific-for-wordpress"
google-query: "inurl:\"/wp-content/plugins/featurific-for-wordpress\""
tags: cve2011,cve,wordpress,xss,wp-plugin,featurific_for_wordpress_project
flow: http(1) && http(2)
http:

View File

@ -20,7 +20,7 @@ info:
cve-id: CVE-2012-0392
cwe-id: NVD-CWE-noinfo
epss-score: 0.9496
epss-percentile: 0.99239
epss-percentile: 0.99258
cpe: cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*
metadata:
max-request: 1

View File

@ -14,21 +14,21 @@ info:
- http://packetstormsecurity.org/files/view/108470/wpystap-xss.txt
- https://exchange.xforce.ibmcloud.com/vulnerabilities/72271
- https://github.com/ARPSyndicate/kenzer-templates
- https://github.com/d4n-sec/d4n-sec.github.io
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N
cvss-score: 4.3
cve-id: CVE-2012-0901
cwe-id: CWE-79
epss-score: 0.00216
epss-percentile: 0.59612
epss-score: 0.00223
epss-percentile: 0.60018
cpe: cpe:2.3:a:attenzione:yousaytoo:1.0:*:*:*:*:*:*:*
metadata:
max-request: 1
max-request: 2
vendor: attenzione
product: yousaytoo
google-query: inurl:"/wp-content/plugins/yousaytoo-auto-publishing-plugin"
google-query: "inurl:\"/wp-content/plugins/yousaytoo-auto-publishing-plugin\""
tags: cve,cve2012,wp-plugin,packetstorm,wordpress,xss,attenzione
flow: http(1) && http(2)
http:

View File

@ -20,8 +20,8 @@ info:
cvss-score: 3.5
cve-id: CVE-2012-0991
cwe-id: CWE-22
epss-score: 0.81788
epss-percentile: 0.98116
epss-score: 0.72743
epss-percentile: 0.98029
cpe: cpe:2.3:a:openemr:openemr:4.1.0:*:*:*:*:*:*:*
metadata:
max-request: 1

View File

@ -19,15 +19,14 @@ info:
cve-id: CVE-2012-1835
cwe-id: CWE-79
epss-score: 0.01124
epss-percentile: 0.84313
epss-percentile: 0.84355
cpe: cpe:2.3:a:timely:all-in-one_event_calendar:1.4:*:*:*:*:*:*:*
metadata:
max-request: 1
max-request: 2
vendor: timely
product: all-in-one_event_calendar
google-query: inurl:"/wp-content/plugins/all-in-one-event-calendar"
product: "all-in-one_event_calendar"
google-query: "inurl:\"/wp-content/plugins/all-in-one-event-calendar\""
tags: cve,cve2012,wordpress,xss,wp-plugin,timely
flow: http(1) && http(2)
http:

View File

@ -24,11 +24,10 @@ info:
epss-percentile: 0.85828
cpe: cpe:2.3:a:mnt-tech:wp-facethumb:0.1:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: mnt-tech
product: wp-facethumb
max-request: 2
vendor: "mnt-tech"
product: "wp-facethumb"
tags: cve,cve2012,packetstorm,wordpress,xss,wp-plugin,mnt-tech
flow: http(1) && http(2)
http:

View File

@ -21,8 +21,8 @@ info:
cvss-score: 5.8
cve-id: CVE-2012-4032
cwe-id: CWE-20
epss-score: 0.00951
epss-percentile: 0.81499
epss-score: 0.00842
epss-percentile: 0.818
cpe: cpe:2.3:a:websitepanel:websitepanel:*:*:*:*:*:*:*:*
metadata:
max-request: 1

View File

@ -21,11 +21,10 @@ info:
epss-percentile: 0.59546
cpe: cpe:2.3:a:mf_gig_calendar_project:mf_gig_calendar:0.9.2:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: mf_gig_calendar_project
product: mf_gig_calendar
max-request: 2
vendor: "mf_gig_calendar_project"
product: "mf_gig_calendar"
tags: cve,cve2012,wordpress,xss,wp-plugin,mf_gig_calendar_project
flow: http(1) && http(2)
http:

View File

@ -21,13 +21,13 @@ info:
cve-id: CVE-2012-4253
cwe-id: CWE-22
epss-score: 0.0179
epss-percentile: 0.87805
epss-percentile: 0.87848
cpe: cpe:2.3:a:mysqldumper:mysqldumper:1.24.4:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: mysqldumper
product: mysqldumper
tags: cve2012,cve,packetstorm,lfi,edb,mysqldumper
tags: cve2012,cve,packetstorm,lfi,edb,mysqldumper,xss
http:
- method: GET

Some files were not shown because too many files have changed in this diff Show More