Dashboard Content Enhancements (#4111)

Dashboard Content Enhancements

cves/2018/CVE-2018-1000533.yaml

@@ -1,17 +1,19 @@
 id: CVE-2018-1000533
 
 info:
-  name: GitList < 0.6.0 RCE
+  name: GitList < 0.6.0 Remote Code Execution
   author: pikpikcu
   severity: critical
-  description: klaussilveira GitList version <= 0.6 contains a Passing incorrectly sanitized input to system function vulnerability in `searchTree` function that can result in Execute any code as PHP user.
+  description: "klaussilveira GitList version <= 0.6 contains a passing incorrectly sanitized input via the `searchTree` function that can result in remote code execution."
-  reference: https://github.com/vulhub/vulhub/tree/master/gitlist/CVE-2018-1000533
+  reference:
-  tags: rce,git,cve,cve2018,gitlist
+    - https://github.com/vulhub/vulhub/tree/master/gitlist/CVE-2018-1000533
+    - https://nvd.nist.gov/vuln/detail/CVE-2018-1000533
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.80
     cve-id: CVE-2018-1000533
     cwe-id: CWE-20
+  tags: rce,git,cve,cve2018,gitlist
 
 requests:
   - raw:
@@ -40,3 +42,5 @@ requests:
         words:
           - "root:/root:/bin/bash"
         part: body
+
+# Enhanced by mp on 2022/04/08

cves/2018/CVE-2018-18069.yaml

@@ -1,11 +1,10 @@
 id: CVE-2018-18069
 
 info:
-  name: Wordpress unauthenticated stored xss
+  name: WordPress sitepress-multilingual-cms 3.6.3 - Cross-Site Scripting
   author: nadino
   severity: medium
-  description: process_forms in the WPML (aka sitepress-multilingual-cms) plugin through 3.6.3 for WordPress has XSS via any locale_file_name_ parameter (such as locale_file_name_en) in an authenticated theme-localization.php request to wp-admin/admin.php.
+  description: "WordPress plugin sitepress-multilingual-cms 3.6.3 is vulnerable to cross-site scripting in process_forms via any locale_file_name_ parameter (such as locale_file_name_en) in an authenticated theme-localization.php request to wp-admin/admin.php."
-  tags: cve,cve2018,wordpress,xss,plugin
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.10
@@ -13,6 +12,8 @@ info:
     cwe-id: CWE-79
   reference:
     - https://0x62626262.wordpress.com/2018/10/08/sitepress-multilingual-cms-plugin-unauthenticated-stored-xss/
+    - https://nvd.nist.gov/vuln/detail/CVE-2018-18069
+  tags: cve,cve2018,wordpress,xss,plugin
 
 requests:
   - method: POST
@@ -25,3 +26,5 @@ requests:
       - type: dsl
         dsl:
           - 'contains(tolower(all_headers), "text/html") && contains(set_cookie, "_icl_current_admin_language") && contains(body, "\"><script>alert(0);</script>")'
+
+# Enhanced by mp on 2022/04/08

cves/2020/CVE-2020-10546.yaml

@@ -1,18 +1,20 @@
 id: CVE-2020-10546
+
 info:
-  name: rConfig 3.9.4 SQLi
+  name: rConfig 3.9.4 SQL Injection
   author: madrobot
   severity: critical
-  description: rConfig 3.9.4 and previous versions has unauthenticated compliancepolicies.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.
+  description: "rConfig 3.9.4 and previous versions have unauthenticated compliancepolicies.inc.php SQL injection. Because nodes' passwords are stored in cleartext by default, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices."
   reference:
     - https://github.com/theguly/exploits/blob/master/CVE-2020-10546.py
     - https://theguly.github.io/2020/09/rconfig-3.9.4-multiple-vulnerabilities/
-  tags: cve,cve2020,rconfig,sqli
+    - https://nvd.nist.gov/vuln/detail/CVE-2020-10546
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.80
     cve-id: CVE-2020-10546
     cwe-id: CWE-89,CWE-522
+  tags: cve,cve2020,rconfig,sqli
 
 requests:
   - method: GET
@@ -27,3 +29,5 @@ requests:
         words:
           - "[project-discovery]"
         part: body
+
+# Enhanced by mp on 2022/04/07

cves/2020/CVE-2020-10547.yaml

@@ -1,18 +1,19 @@
 id: CVE-2020-10547
+
 info:
-  name: rConfig 3.9.4 SQLi
+  name: rConfig 3.9.4 SQL Injection
   author: madrobot
   severity: critical
-  description: rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.
+  description: "rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injection. Because nodes' passwords are stored by default in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices."
   reference:
     https://github.com/theguly/exploits/blob/master/CVE-2020-10547.py
     https://theguly.github.io/2020/09/rconfig-3.9.4-multiple-vulnerabilities/
-  tags: cve,cve2020,rconfig,sqli
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.80
     cve-id: CVE-2020-10547
     cwe-id: CWE-89,CWE-522
+  tags: cve,cve2020,rconfig,sqli
 
 requests:
   - method: GET
@@ -27,3 +28,5 @@ requests:
         words:
           - "[project-discovery]"
         part: body
+
+# Enhanced by mp on 2022/04/07

cves/2020/CVE-2020-10548.yaml

@@ -1,18 +1,20 @@
 id: CVE-2020-10548
+
 info:
-  name: rConfig 3.9.4 SQLi
+  name: rConfig 3.9.4 - SQL Injection
   author: madrobot
   severity: critical
-  description: rConfig 3.9.4 and previous versions has unauthenticated devices.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.
+  description: "rConfig 3.9.4 and previous versions have unauthenticated devices.inc.php SQL injection. Because nodes' passwords are stored in cleartext by default, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices."
   reference:
     - https://github.com/theguly/exploits/blob/master/CVE-2020-10548.py
     - https://theguly.github.io/2020/09/rconfig-3.9.4-multiple-vulnerabilities/
-  tags: cve,cve2020,rconfig,sqli
+    - https://nvd.nist.gov/vuln/detail/CVE-2020-10548
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.80
     cve-id: CVE-2020-10548
     cwe-id: CWE-89,CWE-522
+  tags: cve,cve2020,rconfig,sqli
 
 requests:
   - method: GET
@@ -27,3 +29,5 @@ requests:
         words:
           - "[project-discovery]"
         part: body
+
+# Enhanced by mp on 2022/04/07

cves/2020/CVE-2020-24312.yaml

@@ -9,14 +9,12 @@ info:
   reference:
     - https://zeroaptitude.com/zerodetail/wordpress-plugin-bug-hunting-part-1/
     - https://nvd.nist.gov/vuln/detail/CVE-2020-24312
-  tags: cve,cve2020,wordpress,backups,plugin
-
-  # Note: Manually check content
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
     cvss-score: 7.50
     cve-id: CVE-2020-24312
     cwe-id: CWE-552
+  tags: cve,cve2020,wordpress,backups,plugin
 
 requests:
   - method: GET
@@ -35,3 +33,5 @@ requests:
           - 'wp-content/uploads/wp-file-manager-pro/fm_backup'
           - 'backup_'
         condition: and
+
+# Enhanced by mp on 2022/04/08

cves/2020/CVE-2020-35848.yaml

@@ -1,19 +1,21 @@
 id: CVE-2020-35848
 
 info:
-  name: Cockpit prior to 0.12.0 NoSQL injection in /auth/newpassword
+  name: Cockpit <0.12.0 NoSQL Injection
   author: dwisiswant0
   severity: critical
   description: |
     newpassword method of the Auth controller,
     which is responsible for displaying the user password reset form.
-  reference: https://swarm.ptsecurity.com/rce-cockpit-cms/
+  reference:
-  tags: cve,cve2020,nosqli,sqli,cockpit,injection
+    - https://swarm.ptsecurity.com/rce-cockpit-cms/
+    - https://nvd.nist.gov/vuln/detail/CVE-2020-35848
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.80
     cve-id: CVE-2020-35848
     cwe-id: CWE-89
+  tags: cve,cve2020,nosqli,sqli,cockpit,injection
 
 requests:
   - method: POST
@@ -33,3 +35,5 @@ requests:
         part: body
         regex:
           - 'string\([0-9]{1,3}\)(\s)?"rp-([a-f0-9-]+)"'
+
+# Enhanced by mp on 2022/04/08

cves/2020/CVE-2020-6637.yaml

@@ -1,19 +1,19 @@
 id: CVE-2020-6637
 
 info:
-  name: OpenSIS v7.3 unauthenticated SQL injection
+  name: OpenSIS v7.3 unauthenticated SQL Injection
   author: pikpikcu
   severity: critical
-  description: openSIS Community Edition version 7.3 is vulnerable to SQL injection via the USERNAME parameter of index.php.
+  description: "OpenSIS Community Edition version 7.3 is vulnerable to SQL injection via the USERNAME parameter of index.php."
-  tags: cve,cve2020,sqli,opensis
   reference:
-    - https://nvd.nist.gov/vuln/detail/CVE-2020-6637
     - https://cinzinga.com/CVE-2020-6637/
+    - https://nvd.nist.gov/vuln/detail/CVE-2020-6637
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.80
     cve-id: CVE-2020-6637
     cwe-id: CWE-89
+  tags: cve,cve2020,sqli,opensis
 
 requests:
   - method: POST
@@ -43,3 +43,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/04/08

exposed-panels/open-virtualization-manager-panel.yaml

@@ -1,16 +1,21 @@
 id: open-virtualization-manager-panel
 
 info:
-  name: Open Virtualization Userportal & Webadmin Panel
+  name: Open Virtualization Userportal & Webadmin Panel Detection
   author: idealphase
   severity: info
-  description: open-source distributed virtualization solution, designed to manage your entire enterprise infrastructure. oVirt uses the trusted KVM hypervisor and is built upon several other community projects, including libvirt, Gluster, PatternFly, and Ansible.
+  description: Open Virtualization Userportal & Webadmin panels were detected. Open Virtualization Manager is an open-source distributed virtualization solution designed to manage enterprise infrastructure. oVirt uses the trusted KVM hypervisor and is built upon several other community projects, including libvirt, Gluster, PatternFly, and Ansible.
   metadata:
     shodan-query: title:"Ovirt-Engine"
     google-query: intitle:"Ovirt-Engine"
   reference:
     - https://www.ovirt.org/
     - https://www.ovirt.org/dropped/admin-guide/virt/console-client-resources.html
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+    cvss-score: 5.3
+    cve-id:
+    cwe-id: CWE-200
   tags: panel,ovirt,oss
 
 requests:
@@ -36,3 +41,5 @@ requests:
         group: 1
         regex:
           - '"application_title":"(([a-zA-Z]+\s)*[a-zA-Z]+)"'
+
+# Enhanced by mp on 2022/04/08

exposed-panels/openvpn-monitor.yaml

@@ -4,8 +4,13 @@ info:
   name: OpenVPN Monitor Disclosure
   author: geeknik
   severity: high
-  description: openvpn-monitor is a simple python program to generate html that displays the status of an OpenVPN server, including all current connections.
+  description: openvpn-monitor was discovered. OpenVPN Monitor is a simple python program to generate html that displays the status of an OpenVPN server, including all its current connections.
   reference: https://openvpn-monitor.openbytes.ie/
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+    cvss-score: 5.3
+    cve-id:
+    cwe-id: CWE-200
   tags: openvpn,disclosure,panel
 
 requests:
@@ -33,3 +38,6 @@ requests:
         part: header
         words:
           - "text/html"
+
+
+# Enhanced by mp on 2022/04/08

exposures/files/ioncube-loader-wizard.yaml

@@ -1,11 +1,16 @@
 id: ioncube-loader-wizard
 
 info:
-  name: Ioncube Loader Wizard disclosure
+  name: ioncube Loader Wizard Disclosure
   author: Mubassirpatel
   severity: medium
-  description: ioncube-loader-wizard is vulnerable to xss,phpinfo, etc.
+  description: An ioncube Loader Wizard was discovered.
   reference: https://firefart.at/post/multiple-vulnerabilities-in-ioncube-loader-wizard/
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+    cvss-score: 5.3
+    cve-id:
+    cwe-id: CWE-200
   tags: ioncube,disclosure,exposure
 
 requests:
@@ -24,3 +29,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/04/08

miscellaneous/joomla-manifest-file.yaml

@@ -1,10 +1,15 @@
 id: joomla-manifest-file
 
 info:
-  name: Joomla manifest file disclosure
+  name: Joomla Manifest File Disclosure
   author: oppsec
   severity: info
-  description: joomla.xml is a file which stores information about installed Joomla, such as version, files, and paths.
+  description: A Joomla Manifest file was discovered. joomla.xml is a file which stores information about installed Joomla, such as version, files, and paths.
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+    cvss-score: 5.3
+    cve-id:
+    cwe-id: CWE-200
   tags: misc,joomla
 
 requests:
@@ -28,3 +33,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/04/08

technologies/open-virtualization-manager-detect.yaml

@@ -1,16 +1,21 @@
 id: open-virtualization-manager-detect
 
 info:
-  name: Open Virtualization Manager Detect
+  name: Open Virtualization Manager Detection
   author: idealphase
   severity: info
-  description: open-source distributed virtualization solution, designed to manage your entire enterprise infrastructure. oVirt uses the trusted KVM hypervisor and is built upon several other community projects, including libvirt, Gluster, PatternFly, and Ansible.
+  description: Open Virtualization Manager was detected. Open Virtualization Manager is an open-source distributed virtualization solution designed to manage enterprise infrastructure. oVirt uses the trusted KVM hypervisor and is built upon several other community projects, including libvirt, Gluster, PatternFly, and Ansible.
   metadata:
     shodan-query: title:"Ovirt-Engine"
     google-query: intitle:"Ovirt-Engine"
   reference:
     - https://www.ovirt.org/
     - https://www.ovirt.org/dropped/admin-guide/virt/console-client-resources.html
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+    cvss-score: 5.3
+    cve-id:
+    cwe-id: CWE-200
   tags: tech,ovirt
 
 requests:
@@ -33,3 +38,5 @@ requests:
         group: 1
         regex:
           - '<span class="version-text">(.+)<\/span>'
+
+# Enhanced by mp on 2022/04/08

vulnerabilities/other/chamilo-lms-xss.yaml

@@ -1,10 +1,18 @@
 id: chamilo-lms-xss
 
 info:
-  name: Chamilo LMS Cross Site Scripting
+  name: Chamilo LMS 1.11.14 Cross-Site Scripting
   author: geeknik
-  severity: medium
+  severity: high
-  description: https://www.netsparker.com/web-applications-advisories/ns-21-001-cross-site-scripting-in-chamilo-lms/
+  description: Chamilo LMS 1.11.14 is vulnerable to cross-site scripting.
+  reference:
+    - https://www.netsparker.com/web-applications-advisories/ns-21-001-cross-site-scripting-in-chamilo-lms/
+    - https://support.chamilo.org/projects/chamilo-18/wiki/Security_issues#Issue-45-2021-01-21-Moderate-impact-moderate-risk-XSS-vulnerability-in-agenda
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+    cvss-score: 7.2
+    cve-id:
+    cwe-id: CWE-79
   tags: xss,chamilo
 
 requests:
@@ -25,3 +33,5 @@ requests:
         part: header
         words:
           - "text/html"
+
+# Enhanced by mp on 2022/04/08

vulnerabilities/other/eyelock-nano-lfd.yaml

@@ -4,7 +4,7 @@ info:
   name: EyeLock nano NXT 3.5 - Local File Disclosure
   author: geeknik
   severity: high
-  description: nano NXT suffers from a file disclosure vulnerability when input passed through the 'path' parameter to 'logdownload.php' script is not properly verified before being used to read files. This can be exploited to disclose contents of files from local resources.
+  description: EyeLock nano NXT suffers from a file disclosure vulnerability when input passed through the 'path' parameter to 'logdownload.php' script is not properly verified before being used to read files. This can be exploited to disclose contents of files from local resources.
   reference: https://www.zeroscience.mk/codes/eyelock_lfd.txt
   tags: iot,lfi,eyelock
 
@@ -22,3 +22,5 @@ requests:
         regex:
           - "root:[x*]:0:0:"
         part: body
+
+# Enhanced by mp on 2022/04/08