From 4c920b2552e524196f129b13447170d1bb1159d0 Mon Sep 17 00:00:00 2001 From: forgedhallpass <13679401+forgedhallpass@users.noreply.github.com> Date: Wed, 18 Aug 2021 14:29:20 +0300 Subject: [PATCH] Rename "references" to "reference" to match the expected template info structure Related nuclei tickets: * #259 - dynamic key-value field support for template information * #940 - new infos in template * #834 * RES-84 --- cves/2019/CVE-2019-12725.yaml | 2 +- cves/2019/CVE-2019-15858.yaml | 3 +-- cves/2019/CVE-2019-6112.yaml | 2 +- cves/2020/CVE-2020-17506.yaml | 2 +- cves/2020/CVE-2020-2551.yaml | 3 +-- cves/2020/CVE-2020-27986.yaml | 2 +- cves/2020/CVE-2020-4463.yaml | 2 +- cves/2020/CVE-2020-7318.yaml | 2 +- cves/2020/CVE-2020-8209.yaml | 2 +- cves/2021/CVE-2021-24176.yaml | 2 +- exposures/tokens/generic/shoppable-token.yaml | 2 +- technologies/bolt-cms-detect.yaml | 2 +- technologies/bookstack-detect.yaml | 2 +- technologies/grav-cms-detect.yaml | 2 +- technologies/mautic-crm-detect.yaml | 2 +- technologies/moinmoin-detect.yaml | 2 +- technologies/octobercms-detect.yaml | 2 +- technologies/opencast-detect.yaml | 2 +- technologies/plone-cms-detect.yaml | 2 +- technologies/rhymix-cms-detect.yaml | 2 +- technologies/shopware-detect.yaml | 2 +- technologies/strapi-cms-detect.yaml | 2 +- technologies/wazuh-detect.yaml | 2 +- vulnerabilities/other/mcafee-epo-rce.yaml | 2 +- .../wordpress/wordpress-wpcourses-info-disclosure.yaml | 2 +- 25 files changed, 25 insertions(+), 27 deletions(-) diff --git a/cves/2019/CVE-2019-12725.yaml b/cves/2019/CVE-2019-12725.yaml index 9edb11b0c3..9c6e45ad88 100644 --- a/cves/2019/CVE-2019-12725.yaml +++ b/cves/2019/CVE-2019-12725.yaml @@ -9,7 +9,7 @@ info: found in ZeroShell 3.9.0 in the "/cgi-bin/kerbynet" url. As sudo is configured to execute /bin/tar without a password (NOPASSWD) it is possible to run root commands using the "checkpoint" tar options. - references: | + reference: | - https://www.tarlogic.com/advisories/zeroshell-rce-root.txt - https://github.com/X-C3LL/PoC-CVEs/blob/master/CVE-2019-12725/ZeroShell-RCE-EoP.py tags: cve,cve2019,rce diff --git a/cves/2019/CVE-2019-15858.yaml b/cves/2019/CVE-2019-15858.yaml index f243e8b2af..104ee2be4e 100644 --- a/cves/2019/CVE-2019-15858.yaml +++ b/cves/2019/CVE-2019-15858.yaml @@ -11,8 +11,7 @@ info: before 2.2.5 for WordPress allows unauthenticated options import, as demonstrated by storing an XSS payload for remote code execution. - Source/References: - - https://github.com/GeneralEG/CVE-2019-15858 + reference: https://github.com/GeneralEG/CVE-2019-15858 tags: cve,cve2019,wordpress,wp-plugin,xss requests: diff --git a/cves/2019/CVE-2019-6112.yaml b/cves/2019/CVE-2019-6112.yaml index 0346e41859..d8c76b9925 100644 --- a/cves/2019/CVE-2019-6112.yaml +++ b/cves/2019/CVE-2019-6112.yaml @@ -5,7 +5,7 @@ info: author: dwisiswant0 severity: medium description: A Cross-site scripting (XSS) vulnerability in /inc/class-search.php in the Sell Media plugin v2.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the keyword parameter (aka $search_term or the Search field). - references: https://github.com/graphpaperpress/Sell-Media/commit/8ac8cebf332e0885863d0a25e16b4b180abedc47#diff-f16fea0a0c8cc36031ec339d02a4fb3b + reference: https://github.com/graphpaperpress/Sell-Media/commit/8ac8cebf332e0885863d0a25e16b4b180abedc47#diff-f16fea0a0c8cc36031ec339d02a4fb3b tags: cve,cve2019,wordpress,wp-plugin,xss requests: diff --git a/cves/2020/CVE-2020-17506.yaml b/cves/2020/CVE-2020-17506.yaml index 1770ca102b..f22e184fd5 100644 --- a/cves/2020/CVE-2020-17506.yaml +++ b/cves/2020/CVE-2020-17506.yaml @@ -6,7 +6,7 @@ info: severity: critical description: Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privilege detection and gain web backend administrator privileges through SQL injection of the apikey parameter in fw.login.php. tags: cve,cve2020 - references: https://blog.max0x4141.com/post/artica_proxy/ + reference: https://blog.max0x4141.com/post/artica_proxy/ requests: - method: GET diff --git a/cves/2020/CVE-2020-2551.yaml b/cves/2020/CVE-2020-2551.yaml index 18ed900de0..c861f6b44a 100644 --- a/cves/2020/CVE-2020-2551.yaml +++ b/cves/2020/CVE-2020-2551.yaml @@ -17,8 +17,7 @@ info: Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. - Source/References: - - https://github.com/hktalent/CVE-2020-2551 + reference: https://github.com/hktalent/CVE-2020-2551 tags: cve,cve2020,oracle,weblogic,rce requests: diff --git a/cves/2020/CVE-2020-27986.yaml b/cves/2020/CVE-2020-27986.yaml index 11af6fe532..fa8541d74b 100644 --- a/cves/2020/CVE-2020-27986.yaml +++ b/cves/2020/CVE-2020-27986.yaml @@ -8,7 +8,7 @@ info: SonarQube 8.4.2.36762 allows remote attackers to discover cleartext SMTP, SVN, and GitLab credentials via the api/settings/values URI. NOTE: reportedly, the vendor's position for SMTP and SVN is "it is the administrator's responsibility to configure it." - references: https://csl.com.co/sonarqube-auditando-al-auditor-parte-i/ + reference: https://csl.com.co/sonarqube-auditando-al-auditor-parte-i/ tags: cve,cve2020,sonarqube requests: diff --git a/cves/2020/CVE-2020-4463.yaml b/cves/2020/CVE-2020-4463.yaml index d4f6d47a22..ef5ab6ed1e 100644 --- a/cves/2020/CVE-2020-4463.yaml +++ b/cves/2020/CVE-2020-4463.yaml @@ -10,7 +10,7 @@ info: A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. - references: | + reference: | - https://www.ibm.com/support/pages/security-bulletin-ibm-maximo-asset-management-vulnerable-information-disclosure-cve-2020-4463 - https://github.com/Ibonok/CVE-2020-4463 tags: cve,cve2020,ibm,xxe diff --git a/cves/2020/CVE-2020-7318.yaml b/cves/2020/CVE-2020-7318.yaml index 94e003c672..0d6ceac8da 100644 --- a/cves/2020/CVE-2020-7318.yaml +++ b/cves/2020/CVE-2020-7318.yaml @@ -10,7 +10,7 @@ info: script or HTML via multiple parameters where the administrator's entries were not correctly sanitized. - References: + reference: - https://swarm.ptsecurity.com/vulnerabilities-in-mcafee-epolicy-orchestrator/ tags: cve,cve2020,xss diff --git a/cves/2020/CVE-2020-8209.yaml b/cves/2020/CVE-2020-8209.yaml index ab58540906..6b7489c55f 100644 --- a/cves/2020/CVE-2020-8209.yaml +++ b/cves/2020/CVE-2020-8209.yaml @@ -9,7 +9,7 @@ info: Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 and leads to the ability to read arbitrary files. - References: + reference: - https://swarm.ptsecurity.com/path-traversal-on-citrix-xenmobile-server/ tags: cve,cve2020,citrix,lfi diff --git a/cves/2021/CVE-2021-24176.yaml b/cves/2021/CVE-2021-24176.yaml index e79ac758f3..07ad8546f2 100644 --- a/cves/2021/CVE-2021-24176.yaml +++ b/cves/2021/CVE-2021-24176.yaml @@ -5,7 +5,7 @@ info: author: Ganofins severity: medium description: JH 404 Logger WordPress plugin through 1.1 doesn't sanitise the referer and path of 404 pages, when they are output in the dashboard, which leads to executing arbitrary JavaScript code in the WordPress dashboard. - references: | + reference: | - https://wpscan.com/vulnerability/705bcd6e-6817-4f89-be37-901a767b0585 - https://wordpress.org/plugins/jh-404-logger/ tags: cve,cve2021,wordpress,wp-plugin,xss diff --git a/exposures/tokens/generic/shoppable-token.yaml b/exposures/tokens/generic/shoppable-token.yaml index 4a20a97a81..0f68803be2 100644 --- a/exposures/tokens/generic/shoppable-token.yaml +++ b/exposures/tokens/generic/shoppable-token.yaml @@ -4,7 +4,7 @@ info: name: Shoppable Service Auth Token author: philippedelteil severity: info - references: https://ask.shoppable.com/knowledge/quick-start-api-guide + reference: https://ask.shoppable.com/knowledge/quick-start-api-guide requests: - method: GET diff --git a/technologies/bolt-cms-detect.yaml b/technologies/bolt-cms-detect.yaml index 870ff9f428..f6b2118809 100644 --- a/technologies/bolt-cms-detect.yaml +++ b/technologies/bolt-cms-detect.yaml @@ -6,7 +6,7 @@ info: severity: info description: Detects bolt CMS tags: tech,bolt,cms - references: + reference: - https://github.com/bolt/bolt requests: diff --git a/technologies/bookstack-detect.yaml b/technologies/bookstack-detect.yaml index fc2da96253..6dde7e550c 100644 --- a/technologies/bookstack-detect.yaml +++ b/technologies/bookstack-detect.yaml @@ -6,7 +6,7 @@ info: severity: info description: Detects BookStack tags: tech,bookstack - references: https://github.com/BookStackApp/BookStack + reference: https://github.com/BookStackApp/BookStack requests: - method: GET diff --git a/technologies/grav-cms-detect.yaml b/technologies/grav-cms-detect.yaml index ad25f0365a..168a866015 100644 --- a/technologies/grav-cms-detect.yaml +++ b/technologies/grav-cms-detect.yaml @@ -6,7 +6,7 @@ info: severity: info description: Detects Grav CMS tags: tech,grav,cms - references: https://github.com/getgrav/grav + reference: https://github.com/getgrav/grav requests: - method: GET diff --git a/technologies/mautic-crm-detect.yaml b/technologies/mautic-crm-detect.yaml index 23fab5db7c..42d0c4df6f 100644 --- a/technologies/mautic-crm-detect.yaml +++ b/technologies/mautic-crm-detect.yaml @@ -6,7 +6,7 @@ info: severity: info description: Detects Mautic CRM tags: tech,mautic,crm - references: + reference: - https://github.com/mautic/mautic requests: diff --git a/technologies/moinmoin-detect.yaml b/technologies/moinmoin-detect.yaml index 11245a0d7c..063d5b0c3f 100644 --- a/technologies/moinmoin-detect.yaml +++ b/technologies/moinmoin-detect.yaml @@ -6,7 +6,7 @@ info: severity: info description: Detects MoinMoin Wiki tags: tech,moin,moinmoin,wiki - references: + reference: - https://github.com/moinwiki/moin-1.9 requests: diff --git a/technologies/octobercms-detect.yaml b/technologies/octobercms-detect.yaml index 63b0c367f3..1b5b221c6c 100644 --- a/technologies/octobercms-detect.yaml +++ b/technologies/octobercms-detect.yaml @@ -6,7 +6,7 @@ info: severity: info description: Detects OctoberCMS tags: tech,octobercms - references: https://github.com/octobercms/october + reference: https://github.com/octobercms/october requests: - method: GET diff --git a/technologies/opencast-detect.yaml b/technologies/opencast-detect.yaml index cde50dfadf..ef5d34d8e8 100644 --- a/technologies/opencast-detect.yaml +++ b/technologies/opencast-detect.yaml @@ -6,7 +6,7 @@ info: severity: info description: Detects Opencast tags: tech,opencast - references: + reference: - https://github.com/opencast/opencast requests: diff --git a/technologies/plone-cms-detect.yaml b/technologies/plone-cms-detect.yaml index f9ef9737b7..08791ef3f5 100644 --- a/technologies/plone-cms-detect.yaml +++ b/technologies/plone-cms-detect.yaml @@ -6,7 +6,7 @@ info: severity: info description: Detects Plone CMS tags: tech,plone,cms - references: + reference: - https://github.com/plone/Products.CMFPlone requests: diff --git a/technologies/rhymix-cms-detect.yaml b/technologies/rhymix-cms-detect.yaml index 9f946b8fc7..2e2299fb4f 100644 --- a/technologies/rhymix-cms-detect.yaml +++ b/technologies/rhymix-cms-detect.yaml @@ -6,7 +6,7 @@ info: severity: info description: Detects Rhymix CMS tags: tech,rhymix - references: https://github.com/rhymix/rhymix + reference: https://github.com/rhymix/rhymix requests: - method: GET diff --git a/technologies/shopware-detect.yaml b/technologies/shopware-detect.yaml index 0a5371d0e8..1ec4dee4f3 100644 --- a/technologies/shopware-detect.yaml +++ b/technologies/shopware-detect.yaml @@ -6,7 +6,7 @@ info: severity: info description: Detects Shopware CMS tags: tech,shopware,cms - references: + reference: - https://github.com/shopware/shopware - https://github.com/shopware/platform diff --git a/technologies/strapi-cms-detect.yaml b/technologies/strapi-cms-detect.yaml index d8a30233f9..1008f11d25 100644 --- a/technologies/strapi-cms-detect.yaml +++ b/technologies/strapi-cms-detect.yaml @@ -6,7 +6,7 @@ info: severity: info description: Detects strapi CMS tags: tech,strapi,cms - references: + reference: - https://github.com/strapi/strapi requests: diff --git a/technologies/wazuh-detect.yaml b/technologies/wazuh-detect.yaml index 061429b6fd..2961a8e89c 100644 --- a/technologies/wazuh-detect.yaml +++ b/technologies/wazuh-detect.yaml @@ -6,7 +6,7 @@ info: severity: info description: Detects wazuh tags: tech,wazuh - references: + reference: - https://github.com/wazuh/wazuh requests: diff --git a/vulnerabilities/other/mcafee-epo-rce.yaml b/vulnerabilities/other/mcafee-epo-rce.yaml index 8524264b95..07da44fc86 100644 --- a/vulnerabilities/other/mcafee-epo-rce.yaml +++ b/vulnerabilities/other/mcafee-epo-rce.yaml @@ -12,7 +12,7 @@ info: making it possible to upload arbitrary files to arbitrary directories or overwrite existing ones during archive extraction. - References: + reference: - https://swarm.ptsecurity.com/vulnerabilities-in-mcafee-epolicy-orchestrator/ tags: mcafee,rce diff --git a/vulnerabilities/wordpress/wordpress-wpcourses-info-disclosure.yaml b/vulnerabilities/wordpress/wordpress-wpcourses-info-disclosure.yaml index 5ab5a09e4a..054a5819d2 100644 --- a/vulnerabilities/wordpress/wordpress-wpcourses-info-disclosure.yaml +++ b/vulnerabilities/wordpress/wordpress-wpcourses-info-disclosure.yaml @@ -6,7 +6,7 @@ info: severity: high description: Critical Information Disclosure on WP Courses plugin < 2.0.29 exposes private course videos and materials tags: wordpress,plugin - references: | + reference: | - https://www.exploit-db.com/exploits/48910 - https://www.redtimmy.com/critical-information-disclosure-on-wp-courses-plugin-exposes-private-course-videos-and-materials/