From 45174dee16b7b3d7f80d014aac738d24cc17872c Mon Sep 17 00:00:00 2001
From: MostInterestingBotInTheWorld
<98333686+MostInterestingBotInTheWorld@users.noreply.github.com>
Date: Mon, 11 Apr 2022 10:42:35 -0400
Subject: [PATCH] Dashboard Content Enhancements (#4111)
Dashboard Content Enhancements
---
cves/2018/CVE-2018-1000533.yaml | 12 ++++++++----
cves/2018/CVE-2018-18069.yaml | 9 ++++++---
cves/2020/CVE-2020-10546.yaml | 10 +++++++---
cves/2020/CVE-2020-10547.yaml | 9 ++++++---
cves/2020/CVE-2020-10548.yaml | 10 +++++++---
cves/2020/CVE-2020-14883.yaml | 2 +-
cves/2020/CVE-2020-24312.yaml | 6 +++---
cves/2020/CVE-2020-35848.yaml | 10 +++++++---
cves/2020/CVE-2020-6637.yaml | 10 ++++++----
.../open-virtualization-manager-panel.yaml | 11 +++++++++--
exposed-panels/openvpn-monitor.yaml | 10 +++++++++-
exposures/files/ioncube-loader-wizard.yaml | 13 ++++++++++---
miscellaneous/joomla-manifest-file.yaml | 11 +++++++++--
.../open-virtualization-manager-detect.yaml | 11 +++++++++--
vulnerabilities/other/chamilo-lms-xss.yaml | 16 +++++++++++++---
vulnerabilities/other/eyelock-nano-lfd.yaml | 4 +++-
16 files changed, 113 insertions(+), 41 deletions(-)
diff --git a/cves/2018/CVE-2018-1000533.yaml b/cves/2018/CVE-2018-1000533.yaml
index 7532d878ce..f04a60e01a 100644
--- a/cves/2018/CVE-2018-1000533.yaml
+++ b/cves/2018/CVE-2018-1000533.yaml
@@ -1,17 +1,19 @@
id: CVE-2018-1000533
info:
- name: GitList < 0.6.0 RCE
+ name: GitList < 0.6.0 Remote Code Execution
author: pikpikcu
severity: critical
- description: klaussilveira GitList version <= 0.6 contains a Passing incorrectly sanitized input to system function vulnerability in `searchTree` function that can result in Execute any code as PHP user.
- reference: https://github.com/vulhub/vulhub/tree/master/gitlist/CVE-2018-1000533
- tags: rce,git,cve,cve2018,gitlist
+ description: "klaussilveira GitList version <= 0.6 contains a passing incorrectly sanitized input via the `searchTree` function that can result in remote code execution."
+ reference:
+ - https://github.com/vulhub/vulhub/tree/master/gitlist/CVE-2018-1000533
+ - https://nvd.nist.gov/vuln/detail/CVE-2018-1000533
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80
cve-id: CVE-2018-1000533
cwe-id: CWE-20
+ tags: rce,git,cve,cve2018,gitlist
requests:
- raw:
@@ -40,3 +42,5 @@ requests:
words:
- "root:/root:/bin/bash"
part: body
+
+# Enhanced by mp on 2022/04/08
diff --git a/cves/2018/CVE-2018-18069.yaml b/cves/2018/CVE-2018-18069.yaml
index 2f61102505..0f4530824a 100644
--- a/cves/2018/CVE-2018-18069.yaml
+++ b/cves/2018/CVE-2018-18069.yaml
@@ -1,11 +1,10 @@
id: CVE-2018-18069
info:
- name: Wordpress unauthenticated stored xss
+ name: WordPress sitepress-multilingual-cms 3.6.3 - Cross-Site Scripting
author: nadino
severity: medium
- description: process_forms in the WPML (aka sitepress-multilingual-cms) plugin through 3.6.3 for WordPress has XSS via any locale_file_name_ parameter (such as locale_file_name_en) in an authenticated theme-localization.php request to wp-admin/admin.php.
- tags: cve,cve2018,wordpress,xss,plugin
+ description: "WordPress plugin sitepress-multilingual-cms 3.6.3 is vulnerable to cross-site scripting in process_forms via any locale_file_name_ parameter (such as locale_file_name_en) in an authenticated theme-localization.php request to wp-admin/admin.php."
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
@@ -13,6 +12,8 @@ info:
cwe-id: CWE-79
reference:
- https://0x62626262.wordpress.com/2018/10/08/sitepress-multilingual-cms-plugin-unauthenticated-stored-xss/
+ - https://nvd.nist.gov/vuln/detail/CVE-2018-18069
+ tags: cve,cve2018,wordpress,xss,plugin
requests:
- method: POST
@@ -25,3 +26,5 @@ requests:
- type: dsl
dsl:
- 'contains(tolower(all_headers), "text/html") && contains(set_cookie, "_icl_current_admin_language") && contains(body, "\">")'
+
+# Enhanced by mp on 2022/04/08
diff --git a/cves/2020/CVE-2020-10546.yaml b/cves/2020/CVE-2020-10546.yaml
index a7e3cdd179..d0aabc531c 100644
--- a/cves/2020/CVE-2020-10546.yaml
+++ b/cves/2020/CVE-2020-10546.yaml
@@ -1,18 +1,20 @@
id: CVE-2020-10546
+
info:
- name: rConfig 3.9.4 SQLi
+ name: rConfig 3.9.4 SQL Injection
author: madrobot
severity: critical
- description: rConfig 3.9.4 and previous versions has unauthenticated compliancepolicies.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.
+ description: "rConfig 3.9.4 and previous versions have unauthenticated compliancepolicies.inc.php SQL injection. Because nodes' passwords are stored in cleartext by default, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices."
reference:
- https://github.com/theguly/exploits/blob/master/CVE-2020-10546.py
- https://theguly.github.io/2020/09/rconfig-3.9.4-multiple-vulnerabilities/
- tags: cve,cve2020,rconfig,sqli
+ - https://nvd.nist.gov/vuln/detail/CVE-2020-10546
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80
cve-id: CVE-2020-10546
cwe-id: CWE-89,CWE-522
+ tags: cve,cve2020,rconfig,sqli
requests:
- method: GET
@@ -27,3 +29,5 @@ requests:
words:
- "[project-discovery]"
part: body
+
+# Enhanced by mp on 2022/04/07
diff --git a/cves/2020/CVE-2020-10547.yaml b/cves/2020/CVE-2020-10547.yaml
index 445f4d31d4..fb59e93d73 100644
--- a/cves/2020/CVE-2020-10547.yaml
+++ b/cves/2020/CVE-2020-10547.yaml
@@ -1,18 +1,19 @@
id: CVE-2020-10547
+
info:
- name: rConfig 3.9.4 SQLi
+ name: rConfig 3.9.4 SQL Injection
author: madrobot
severity: critical
- description: rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.
+ description: "rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injection. Because nodes' passwords are stored by default in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices."
reference:
https://github.com/theguly/exploits/blob/master/CVE-2020-10547.py
https://theguly.github.io/2020/09/rconfig-3.9.4-multiple-vulnerabilities/
- tags: cve,cve2020,rconfig,sqli
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80
cve-id: CVE-2020-10547
cwe-id: CWE-89,CWE-522
+ tags: cve,cve2020,rconfig,sqli
requests:
- method: GET
@@ -27,3 +28,5 @@ requests:
words:
- "[project-discovery]"
part: body
+
+# Enhanced by mp on 2022/04/07
diff --git a/cves/2020/CVE-2020-10548.yaml b/cves/2020/CVE-2020-10548.yaml
index fb420c8e1b..bd4827b4b0 100644
--- a/cves/2020/CVE-2020-10548.yaml
+++ b/cves/2020/CVE-2020-10548.yaml
@@ -1,18 +1,20 @@
id: CVE-2020-10548
+
info:
- name: rConfig 3.9.4 SQLi
+ name: rConfig 3.9.4 - SQL Injection
author: madrobot
severity: critical
- description: rConfig 3.9.4 and previous versions has unauthenticated devices.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.
+ description: "rConfig 3.9.4 and previous versions have unauthenticated devices.inc.php SQL injection. Because nodes' passwords are stored in cleartext by default, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices."
reference:
- https://github.com/theguly/exploits/blob/master/CVE-2020-10548.py
- https://theguly.github.io/2020/09/rconfig-3.9.4-multiple-vulnerabilities/
- tags: cve,cve2020,rconfig,sqli
+ - https://nvd.nist.gov/vuln/detail/CVE-2020-10548
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80
cve-id: CVE-2020-10548
cwe-id: CWE-89,CWE-522
+ tags: cve,cve2020,rconfig,sqli
requests:
- method: GET
@@ -27,3 +29,5 @@ requests:
words:
- "[project-discovery]"
part: body
+
+# Enhanced by mp on 2022/04/07
diff --git a/cves/2020/CVE-2020-14883.yaml b/cves/2020/CVE-2020-14883.yaml
index ad137bb72e..458e44a192 100644
--- a/cves/2020/CVE-2020-14883.yaml
+++ b/cves/2020/CVE-2020-14883.yaml
@@ -54,4 +54,4 @@ requests:
regex:
- "(u|g)id=.*"
-# Enhanced by mp on 2022/04/05
+# Enhanced by mp on 2022/04/05
\ No newline at end of file
diff --git a/cves/2020/CVE-2020-24312.yaml b/cves/2020/CVE-2020-24312.yaml
index 0fad0fbef6..7057eaa4f8 100644
--- a/cves/2020/CVE-2020-24312.yaml
+++ b/cves/2020/CVE-2020-24312.yaml
@@ -9,14 +9,12 @@ info:
reference:
- https://zeroaptitude.com/zerodetail/wordpress-plugin-bug-hunting-part-1/
- https://nvd.nist.gov/vuln/detail/CVE-2020-24312
- tags: cve,cve2020,wordpress,backups,plugin
-
- # Note: Manually check content
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.50
cve-id: CVE-2020-24312
cwe-id: CWE-552
+ tags: cve,cve2020,wordpress,backups,plugin
requests:
- method: GET
@@ -35,3 +33,5 @@ requests:
- 'wp-content/uploads/wp-file-manager-pro/fm_backup'
- 'backup_'
condition: and
+
+# Enhanced by mp on 2022/04/08
diff --git a/cves/2020/CVE-2020-35848.yaml b/cves/2020/CVE-2020-35848.yaml
index b560962774..aa4cbe20dc 100644
--- a/cves/2020/CVE-2020-35848.yaml
+++ b/cves/2020/CVE-2020-35848.yaml
@@ -1,19 +1,21 @@
id: CVE-2020-35848
info:
- name: Cockpit prior to 0.12.0 NoSQL injection in /auth/newpassword
+ name: Cockpit <0.12.0 NoSQL Injection
author: dwisiswant0
severity: critical
description: |
newpassword method of the Auth controller,
which is responsible for displaying the user password reset form.
- reference: https://swarm.ptsecurity.com/rce-cockpit-cms/
- tags: cve,cve2020,nosqli,sqli,cockpit,injection
+ reference:
+ - https://swarm.ptsecurity.com/rce-cockpit-cms/
+ - https://nvd.nist.gov/vuln/detail/CVE-2020-35848
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80
cve-id: CVE-2020-35848
cwe-id: CWE-89
+ tags: cve,cve2020,nosqli,sqli,cockpit,injection
requests:
- method: POST
@@ -33,3 +35,5 @@ requests:
part: body
regex:
- 'string\([0-9]{1,3}\)(\s)?"rp-([a-f0-9-]+)"'
+
+# Enhanced by mp on 2022/04/08
diff --git a/cves/2020/CVE-2020-6637.yaml b/cves/2020/CVE-2020-6637.yaml
index 572f55b729..81ff125c7c 100644
--- a/cves/2020/CVE-2020-6637.yaml
+++ b/cves/2020/CVE-2020-6637.yaml
@@ -1,19 +1,19 @@
id: CVE-2020-6637
info:
- name: OpenSIS v7.3 unauthenticated SQL injection
+ name: OpenSIS v7.3 unauthenticated SQL Injection
author: pikpikcu
severity: critical
- description: openSIS Community Edition version 7.3 is vulnerable to SQL injection via the USERNAME parameter of index.php.
- tags: cve,cve2020,sqli,opensis
+ description: "OpenSIS Community Edition version 7.3 is vulnerable to SQL injection via the USERNAME parameter of index.php."
reference:
- - https://nvd.nist.gov/vuln/detail/CVE-2020-6637
- https://cinzinga.com/CVE-2020-6637/
+ - https://nvd.nist.gov/vuln/detail/CVE-2020-6637
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80
cve-id: CVE-2020-6637
cwe-id: CWE-89
+ tags: cve,cve2020,sqli,opensis
requests:
- method: POST
@@ -43,3 +43,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by mp on 2022/04/08
diff --git a/exposed-panels/open-virtualization-manager-panel.yaml b/exposed-panels/open-virtualization-manager-panel.yaml
index 005b3c07e2..b118e000ad 100644
--- a/exposed-panels/open-virtualization-manager-panel.yaml
+++ b/exposed-panels/open-virtualization-manager-panel.yaml
@@ -1,16 +1,21 @@
id: open-virtualization-manager-panel
info:
- name: Open Virtualization Userportal & Webadmin Panel
+ name: Open Virtualization Userportal & Webadmin Panel Detection
author: idealphase
severity: info
- description: open-source distributed virtualization solution, designed to manage your entire enterprise infrastructure. oVirt uses the trusted KVM hypervisor and is built upon several other community projects, including libvirt, Gluster, PatternFly, and Ansible.
+ description: Open Virtualization Userportal & Webadmin panels were detected. Open Virtualization Manager is an open-source distributed virtualization solution designed to manage enterprise infrastructure. oVirt uses the trusted KVM hypervisor and is built upon several other community projects, including libvirt, Gluster, PatternFly, and Ansible.
metadata:
shodan-query: title:"Ovirt-Engine"
google-query: intitle:"Ovirt-Engine"
reference:
- https://www.ovirt.org/
- https://www.ovirt.org/dropped/admin-guide/virt/console-client-resources.html
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+ cvss-score: 5.3
+ cve-id:
+ cwe-id: CWE-200
tags: panel,ovirt,oss
requests:
@@ -36,3 +41,5 @@ requests:
group: 1
regex:
- '"application_title":"(([a-zA-Z]+\s)*[a-zA-Z]+)"'
+
+# Enhanced by mp on 2022/04/08
diff --git a/exposed-panels/openvpn-monitor.yaml b/exposed-panels/openvpn-monitor.yaml
index 6178beb3d3..7e6c0b6964 100644
--- a/exposed-panels/openvpn-monitor.yaml
+++ b/exposed-panels/openvpn-monitor.yaml
@@ -4,8 +4,13 @@ info:
name: OpenVPN Monitor Disclosure
author: geeknik
severity: high
- description: openvpn-monitor is a simple python program to generate html that displays the status of an OpenVPN server, including all current connections.
+ description: openvpn-monitor was discovered. OpenVPN Monitor is a simple python program to generate html that displays the status of an OpenVPN server, including all its current connections.
reference: https://openvpn-monitor.openbytes.ie/
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+ cvss-score: 5.3
+ cve-id:
+ cwe-id: CWE-200
tags: openvpn,disclosure,panel
requests:
@@ -33,3 +38,6 @@ requests:
part: header
words:
- "text/html"
+
+
+# Enhanced by mp on 2022/04/08
diff --git a/exposures/files/ioncube-loader-wizard.yaml b/exposures/files/ioncube-loader-wizard.yaml
index 8e33ae2bbb..e89ce2daa4 100644
--- a/exposures/files/ioncube-loader-wizard.yaml
+++ b/exposures/files/ioncube-loader-wizard.yaml
@@ -1,11 +1,16 @@
id: ioncube-loader-wizard
info:
- name: Ioncube Loader Wizard disclosure
+ name: ioncube Loader Wizard Disclosure
author: Mubassirpatel
severity: medium
- description: ioncube-loader-wizard is vulnerable to xss,phpinfo, etc.
+ description: An ioncube Loader Wizard was discovered.
reference: https://firefart.at/post/multiple-vulnerabilities-in-ioncube-loader-wizard/
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+ cvss-score: 5.3
+ cve-id:
+ cwe-id: CWE-200
tags: ioncube,disclosure,exposure
requests:
@@ -23,4 +28,6 @@ requests:
- type: status
status:
- - 200
\ No newline at end of file
+ - 200
+
+# Enhanced by mp on 2022/04/08
diff --git a/miscellaneous/joomla-manifest-file.yaml b/miscellaneous/joomla-manifest-file.yaml
index f7db23b3a2..8ab6836679 100644
--- a/miscellaneous/joomla-manifest-file.yaml
+++ b/miscellaneous/joomla-manifest-file.yaml
@@ -1,10 +1,15 @@
id: joomla-manifest-file
info:
- name: Joomla manifest file disclosure
+ name: Joomla Manifest File Disclosure
author: oppsec
severity: info
- description: joomla.xml is a file which stores information about installed Joomla, such as version, files, and paths.
+ description: A Joomla Manifest file was discovered. joomla.xml is a file which stores information about installed Joomla, such as version, files, and paths.
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+ cvss-score: 5.3
+ cve-id:
+ cwe-id: CWE-200
tags: misc,joomla
requests:
@@ -28,3 +33,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by mp on 2022/04/08
diff --git a/technologies/open-virtualization-manager-detect.yaml b/technologies/open-virtualization-manager-detect.yaml
index c37ca53295..bd4d6e546c 100644
--- a/technologies/open-virtualization-manager-detect.yaml
+++ b/technologies/open-virtualization-manager-detect.yaml
@@ -1,16 +1,21 @@
id: open-virtualization-manager-detect
info:
- name: Open Virtualization Manager Detect
+ name: Open Virtualization Manager Detection
author: idealphase
severity: info
- description: open-source distributed virtualization solution, designed to manage your entire enterprise infrastructure. oVirt uses the trusted KVM hypervisor and is built upon several other community projects, including libvirt, Gluster, PatternFly, and Ansible.
+ description: Open Virtualization Manager was detected. Open Virtualization Manager is an open-source distributed virtualization solution designed to manage enterprise infrastructure. oVirt uses the trusted KVM hypervisor and is built upon several other community projects, including libvirt, Gluster, PatternFly, and Ansible.
metadata:
shodan-query: title:"Ovirt-Engine"
google-query: intitle:"Ovirt-Engine"
reference:
- https://www.ovirt.org/
- https://www.ovirt.org/dropped/admin-guide/virt/console-client-resources.html
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+ cvss-score: 5.3
+ cve-id:
+ cwe-id: CWE-200
tags: tech,ovirt
requests:
@@ -33,3 +38,5 @@ requests:
group: 1
regex:
- '(.+)<\/span>'
+
+# Enhanced by mp on 2022/04/08
diff --git a/vulnerabilities/other/chamilo-lms-xss.yaml b/vulnerabilities/other/chamilo-lms-xss.yaml
index 3af835083c..e258304dda 100644
--- a/vulnerabilities/other/chamilo-lms-xss.yaml
+++ b/vulnerabilities/other/chamilo-lms-xss.yaml
@@ -1,10 +1,18 @@
id: chamilo-lms-xss
info:
- name: Chamilo LMS Cross Site Scripting
+ name: Chamilo LMS 1.11.14 Cross-Site Scripting
author: geeknik
- severity: medium
- description: https://www.netsparker.com/web-applications-advisories/ns-21-001-cross-site-scripting-in-chamilo-lms/
+ severity: high
+ description: Chamilo LMS 1.11.14 is vulnerable to cross-site scripting.
+ reference:
+ - https://www.netsparker.com/web-applications-advisories/ns-21-001-cross-site-scripting-in-chamilo-lms/
+ - https://support.chamilo.org/projects/chamilo-18/wiki/Security_issues#Issue-45-2021-01-21-Moderate-impact-moderate-risk-XSS-vulnerability-in-agenda
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 7.2
+ cve-id:
+ cwe-id: CWE-79
tags: xss,chamilo
requests:
@@ -25,3 +33,5 @@ requests:
part: header
words:
- "text/html"
+
+# Enhanced by mp on 2022/04/08
diff --git a/vulnerabilities/other/eyelock-nano-lfd.yaml b/vulnerabilities/other/eyelock-nano-lfd.yaml
index c6c41baad6..42bc8610f1 100644
--- a/vulnerabilities/other/eyelock-nano-lfd.yaml
+++ b/vulnerabilities/other/eyelock-nano-lfd.yaml
@@ -4,7 +4,7 @@ info:
name: EyeLock nano NXT 3.5 - Local File Disclosure
author: geeknik
severity: high
- description: nano NXT suffers from a file disclosure vulnerability when input passed through the 'path' parameter to 'logdownload.php' script is not properly verified before being used to read files. This can be exploited to disclose contents of files from local resources.
+ description: EyeLock nano NXT suffers from a file disclosure vulnerability when input passed through the 'path' parameter to 'logdownload.php' script is not properly verified before being used to read files. This can be exploited to disclose contents of files from local resources.
reference: https://www.zeroscience.mk/codes/eyelock_lfd.txt
tags: iot,lfi,eyelock
@@ -22,3 +22,5 @@ requests:
regex:
- "root:[x*]:0:0:"
part: body
+
+# Enhanced by mp on 2022/04/08