Dashboard Content Enhancements (#4381)

Dashboard Content Enhancements

cnvd/2019/CNVD-2019-19299.yaml

@@ -1,12 +1,17 @@
 id: CNVD-2019-19299
 
 info:
-  name: Zhiyuan A8 Arbitrary File Write (RCE)
+  name: Zhiyuan A8 - Remote Code Execution
   author: daffainfo
   severity: critical
+  description: Zhiyuan A8 is susceptible to remote code execution because of an arbitrary file write issue.
   reference:
     - https://www.cxyzjd.com/article/guangying177/110177339
     - https://github.com/sectestt/CNVD-2019-19299
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
+    cvss-score: 10.0
+    cwe-id: CWE-77
   tags: zhiyuan,cnvd,cnvd2019,rce
 
 requests:
@@ -45,3 +50,5 @@ requests:
           - 'contains(body_1, "htmoffice operate")'
           - 'contains(body_2, "Windows IP")'
         condition: and
+
+# Enhanced by mp on 2022/05/12

cnvd/2019/CNVD-2019-32204.yaml

@@ -1,12 +1,16 @@
 id: CNVD-2019-32204
 
 info:
-  name: Fanwei e-cology <= 9.0 Remote Code Execution
+  name: Fanwei e-cology <=9.0 - Remote Code Execution
   author: daffainfo
   severity: critical
-  description: The attacker can directly execute arbitrary commands on the target server by invoking the unauthorized access problem interface in the BeanShell component. Currently, the security patch for this vulnerability has been released. Please take protective measures as soon as possible for users who use the Fanwei e-cology OA system.
+  description: Fanwei e-cology <=9.0 is susceptible to remote code execution vulnerabilities. Remote attackers can directly execute arbitrary commands on the target server by invoking the unauthorized access problem interface in the BeanShell component. Currently, the security patch for this vulnerability has been released. Please take protective measures as soon as possible for users who use the Fanwei e-cology OA system.
   reference:
     - https://blog.actorsfit.com/a?ID=01500-11a2f7e6-54b0-4a40-9a79-5c56dc6ebd51
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
+    cvss-score: 10.0
+    cwe-id: CWE-77
   tags: fanwei,cnvd,cnvd2019,rce
 
 requests:
@@ -22,3 +26,5 @@ requests:
       - type: regex
         regex:
           - "root:.*:0:0:"
+
+# Enhanced by mp on 2022/05/12

cnvd/2020/CNVD-2020-62422.yaml

@@ -1,7 +1,7 @@
 id: CNVD-2020-62422
 
 info:
-  name: Seeyon readfile(CNVD-2020-62422)
+  name: Seeyon - Arbitrary File Retrieval
   author: pikpikcu
   severity: medium
   reference:
@@ -29,4 +29,4 @@ requests:
         part: body
         words:
           - "ctpDataSource.password"
-        condition: and
+        condition: and

cnvd/2020/CNVD-2020-68596.yaml

@@ -1,11 +1,16 @@
 id: CNVD-2020-68596
 
 info:
-  name: WeiPHP 5.0 Path Traversal
+  name: WeiPHP 5.0 - Path Traversal
   author: pikpikcu
-  severity: critical
+  description: WeiPHP 5.0 is susceptible to directory traversal attacks.
+  severity: high
   reference:
     - http://wiki.peiqi.tech/PeiQi_Wiki/CMS%E6%BC%8F%E6%B4%9E/Weiphp/Weiphp5.0%20%E5%89%8D%E5%8F%B0%E6%96%87%E4%BB%B6%E4%BB%BB%E6%84%8F%E8%AF%BB%E5%8F%96%20CNVD-2020-68596.html
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
+    cvss-score: 8.6
+    cwe-id: CWE-22
   tags: weiphp,lfi,cnvd,cnvd2020
 
 requests:
@@ -41,3 +46,5 @@ requests:
           - WeiPHP
           - DB_PREFIX
         condition: and
+
+# Enhanced by mp on 2022/05/12

cnvd/2021/CNVD-2021-01931.yaml

@@ -1,7 +1,7 @@
 id: CNVD-2021-01931
 
 info:
-  name: Ruoyi Management System Arbitrary File Download
+  name: Ruoyi Management System - Arbitrary File Retrieval
   author: daffainfo,ritikchaddha
   severity: high
   reference:

cnvd/2021/CNVD-2021-09650.yaml

@@ -1,11 +1,16 @@
 id: CNVD-2021-09650
 
 info:
-  name: Ruijie EWEB Gateway Platform Command Execution
+  name: Ruijie EWEB Gateway Platform - Remote Command Injection
   author: daffainfo
   severity: critical
+  description: Ruijie EWEB Gateway Platform is susceptible to remote command injection attacks.
   reference:
     - http://j0j0xsec.top/2021/04/22/%E9%94%90%E6%8D%B7EWEB%E7%BD%91%E5%85%B3%E5%B9%B3%E5%8F%B0%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E/
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
+    cvss-score: 10.0
+    cwe-id: CWE-77
   tags: ruijie,cnvd,cnvd2021,rce
 
 requests:
@@ -23,3 +28,5 @@ requests:
         name: http
         words:
           - "http"
+
+# Enhanced by mp on 2022/05/12

cnvd/2021/CNVD-2021-26422.yaml

@@ -4,9 +4,14 @@ info:
   name: eYouMail - Remote Code Execution
   author: daffainfo
   severity: critical
+  description: eYouMail is susceptible to a remote code execution vulnerability.
   reference:
     - https://github.com/ltfafei/my_POC/blob/master/CNVD-2021-26422_eYouMail/CNVD-2021-26422_eYouMail_RCE_POC.py
     - https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/%E4%BA%BF%E9%82%AE%E9%82%AE%E4%BB%B6%E7%B3%BB%E7%BB%9F%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%20(CNVD-2021-26422).md
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
+    cvss-score: 10.0
+    cwe-id: CWE-77
   tags: eyoumail,rce,cnvd,cnvd2021
 
 requests:
@@ -27,3 +32,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/05/12

cnvd/2021/CNVD-2021-28277.yaml

@@ -1,7 +1,7 @@
 id: CNVD-2021-28277
 
 info:
-  name: Landray-OA Arbitrary File Download
+  name: Landray-OA Arbitrary - Arbitrary File Retrieval
   author: pikpikcu,daffainfo
   severity: high
   reference:
@@ -41,4 +41,4 @@ requests:
 
       - type: status
         status:
-          - 200
+          - 200

cnvd/2022/CNVD-2022-03672.yaml

@@ -1,14 +1,19 @@
 id: CNVD-2022-03672
 
 info:
-  name: Sunflower Simple and Personal edition RCE
+  name: Sunflower Simple and Personal - Remote Code Execution
   author: daffainfo
   severity: critical
+  description: Sunflower Simple and Personal is susceptible to a remote code execution vulnerability.
   reference:
     - https://www.1024sou.com/article/741374.html
     - https://copyfuture.com/blogs-details/202202192249158884
     - https://www.cnvd.org.cn/flaw/show/CNVD-2022-10270
     - https://www.cnvd.org.cn/flaw/show/CNVD-2022-03672
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
+    cvss-score: 10.0
+    cwe-id: CWE-77
   tags: cnvd,cnvd2020,sunflower,rce
 
 requests:
@@ -40,3 +45,5 @@ requests:
           - "contains(body_1, 'verify_string')"
           - "contains(body_2, 'Windows IP')"
         condition: and
+
+# Enhanced by mp on 2022/05/12

cves/2007/CVE-2007-4504.yaml

@@ -1,10 +1,10 @@
 id: CVE-2007-4504
 
 info:
-  name: Joomla! Component RSfiles 1.0.2 - 'path' File Download
+  name: Joomla! Component RSfiles <=1.0.2 - Arbitrary File Retrieval
   author: daffainfo
   severity: high
-  description: Directory traversal vulnerability in index.php in the RSfiles component (com_rsfiles) 1.0.2 and earlier for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter in a files.display action.
+  description: An arbitrary file retrieval vulnerability in index.php in the RSfiles component (com_rsfiles) <=1.0.2 for Joomla! allows remote attackers to arbitrarily read files via a .. (dot dot) in the path parameter in a files.display action.
   reference:
     - https://www.exploit-db.com/exploits/4307
     - https://www.cvedetails.com/cve/CVE-2007-4504

cves/2010/CVE-2010-0696.yaml

@@ -1,7 +1,7 @@
 id: CVE-2010-0696
 
 info:
-  name: Joomla! Component Jw_allVideos - Arbitrary File Download
+  name: Joomla! Component Jw_allVideos - Arbitrary File Retrieval
   author: daffainfo
   severity: high
   description: A directory traversal vulnerability in includes/download.php in the JoomlaWorks AllVideos (Jw_allVideos) plugin 3.0 through 3.2 for Joomla! allows remote attackers to read arbitrary files via a ./../.../ (modified dot dot) in the file parameter.
@@ -25,4 +25,5 @@ requests:
       - type: status
         status:
           - 200
+
 # Enhanced by mp on 2022/02/13

cves/2010/CVE-2010-2122.yaml

@@ -1,10 +1,10 @@
 id: CVE-2010-2122
 
 info:
-  name: Joomla! Component simpledownload 0.9.5 - Local File Disclosure
+  name: Joomla! Component simpledownload <=0.9.5 - Arbitrary File Retrieval
   author: daffainfo
   severity: high
-  description: A directory traversal vulnerability in the SimpleDownload (com_simpledownload) component before 0.9.6 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
+  description: A directory traversal vulnerability in the SimpleDownload (com_simpledownload) component before 0.9.6 for Joomla! allows remote attackers to retrieve arbitrary files via a .. (dot dot) in the controller parameter to index.php.
   reference:
     - https://www.exploit-db.com/exploits/12623
     - https://www.cvedetails.com/cve/CVE-2010-2122

cves/2010/CVE-2010-3203.yaml

@@ -1,7 +1,7 @@
 id: CVE-2010-3203
 
 info:
-  name: Joomla! Component PicSell 1.0 - Local File Disclosure
+  name: Joomla! Component PicSell 1.0 - Arbitrary File Retrieval
   author: daffainfo
   severity: high
   description: A directory traversal vulnerability in the PicSell (com_picsell) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the dflink parameter in a prevsell dwnfree action to index.php.

cves/2015/CVE-2015-4694.yaml

@@ -1,10 +1,10 @@
 id: CVE-2015-4694
 
 info:
-  name: WordPress Zip Attachments <= 1.1.4 - Arbitrary File Download
+  name: WordPress Zip Attachments <= 1.1.4 - Arbitrary File Retrieval
   author: 0x_Akoko
   severity: high
-  description: WordPress zip-attachments plugin allows arbitrary file downloads because it does not check the download path of the requested file.
+  description: WordPress zip-attachments plugin allows arbitrary file retrieval as it does not check the download path of the requested file.
   reference:
     - https://wordpress.org/plugins/zip-attachments/#developers
     - https://wpscan.com/vulnerability/8047

cves/2017/CVE-2017-11512.yaml

@@ -1,11 +1,11 @@
 id: CVE-2017-11512
 
 info:
-  name: ManageEngine ServiceDesk - Unauthenticated Arbitrary File Download
+  name: ManageEngine ServiceDesk - Arbitrary File Retrieval
   author: 0x_Akoko
   severity: high
   description: |
-    The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the name parameter for the download-snapshot URL. An unauthenticated remote attacker can use this vulnerability to download arbitrary files.
+    The ManageEngine ServiceDesk 9.3.9328 is vulnerable to an arbitrary file retrieval due to improper restrictions of the pathname used in the name parameter for the download-snapshot path. An unauthenticated remote attacker can use this vulnerability to download arbitrary files.
   reference:
     - https://exploit.kitploit.com/2017/11/manageengine-servicedesk-cve-2017-11512.html
     - https://www.cvedetails.com/cve/CVE-2017-11512

cves/2017/CVE-2017-15363.yaml

@@ -1,7 +1,7 @@
 id: CVE-2017-15363
 
 info:
-  name: Typo3 Restler Extension - Local File Disclosure
+  name: TYPO3 Restler - Arbitrary File Retrieval
   author: 0x_Akoko
   severity: high
   description: Directory traversal vulnerability in public/examples/resources/getsource.php in Luracast Restler through 3.0.0, as used in the restler extension before 1.7.1 for TYPO3, allows remote attackers to read arbitrary files via the file parameter.

cves/2017/CVE-2017-7269.yaml

@@ -5,7 +5,7 @@ info:
   author: thomas_from_offensity,geeknik
   severity: critical
   description: |
-    Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 contains a buffer overflow vulnearbility in the ScStoragePathFromUrl function in the WebDAV service that could allow remote attackers to execute arbitrary code via a long header beginning with "If <http://" in a PROPFIND request.
+    Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 contains a buffer overflow vulnerability in the ScStoragePathFromUrl function in the WebDAV service that could allow remote attackers to execute arbitrary code via a long header beginning with "If <http://" in a PROPFIND request.
   reference:
     - https://blog.0patch.com/2017/03/0patching-immortal-cve-2017-7269.html
     - https://github.com/danigargu/explodingcan/blob/master/explodingcan.py

cves/2017/CVE-2017-7615.yaml

@@ -6,7 +6,7 @@ id: CVE-2017-7615
 # MantisBT before 1.3.10, 2.2.4, and 2.3.1, that can be downloaded on reference[1].
 
 info:
-  name: CVE-2017-7615
+  name: MantisBT <=2.30 - Arbitrary Password Reset and Unauthenticated Admin Access
   author: bp0lr,dwisiswant0
   severity: high
   description: MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value to verify.php.

cves/2017/CVE-2017-9841.yaml

@@ -1,15 +1,16 @@
 id: CVE-2017-9841
 
 info:
-  name: PHPUnit < 4.8.28 and 5.x - 5.63 Arbitrary Code Execution
+  name: PHPUnit - Remote Code Execution
   author: Random_Robbie,pikpikcu
   severity: critical
-  description: Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI
+  description: PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring via Util/PHP/eval-stdin.php , as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI.
   reference:
     - https://github.com/cyberharsh/Php-unit-CVE-2017-9841
     - https://github.com/RandomRobbieBF/phpunit-brute
     - https://thephp.cc/articles/phpunit-a-security-risk
     - https://twitter.com/sec715/status/1411517028012158976
+    - https://nvd.nist.gov/vuln/detail/CVE-2017-9841
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.8
@@ -72,3 +73,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/05/12

cves/2018/CVE-2018-0127.yaml

@@ -1,14 +1,15 @@
 id: CVE-2018-0127
 
 info:
-  name: Cisco RV132W and RV134W Router Information Disclosure
+  name: Cisco RV132W/RV134W Router - Information Disclosure
   author: jrolf
   severity: critical
-  description: A vulnerability in the web interface of Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to view configuration parameters for an affected device, which could lead to the disclosure of confidential information.
+  description: Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to view configuration parameters for an affected device via the web interface, which could lead to the disclosure of confidential information.
   reference:
     - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-rv13x_2
     - http://www.securitytracker.com/id/1040345
     - http://www.securityfocus.com/bid/102969
+    - https://nvd.nist.gov/vuln/detail/CVE-2018-0127
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.8
@@ -35,3 +36,5 @@ requests:
           - "MDM"
           - "cisco"
           - "admin"
+
+# Enhanced by mp on 2022/05/12

cves/2018/CVE-2018-1000226.yaml

@@ -1,9 +1,10 @@
 id: CVE-2018-1000226
 
 info:
-  name: Cobbler versions 2.6.11+, (2.0.0+ or older versions) - Authentication Bypass
+  name: Cobbler - Authentication Bypass
   author: c-sh0
   severity: critical
+  description: Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ and possibly even older versions, may be vulnerable to an authentication bypass vulnerability in XMLRPC API (/cobbler_api) that can result in privilege escalation, data manipulation or exfiltration, and LDAP credential harvesting. This attack appear to be exploitable via "network connectivity". Taking advantage of improper validation of security tokens in API endpoints. Please note this is a different issue than CVE-2018-10931.
   reference:
     - https://github.com/cobbler/cobbler/issues/1916
     - https://movermeyer.com/2018-08-02-privilege-escalation-exploits-in-cobblers-api/
@@ -58,3 +59,5 @@ requests:
         part: body
         regex:
           - "(.*[a-zA-Z0-9].+==)</string></value>"
+
+# Enhanced by mp on 2022/05/12

cves/2018/CVE-2018-1000861.yaml

@@ -1,13 +1,13 @@
 id: CVE-2018-1000861
 
 info:
-  name: Jenkins 2.138 Remote Command Execution
+  name: Jenkins - Remote Command Injection
   author: dhiyaneshDK,pikpikcu
   severity: critical
-  description: A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows
-    attackers to invoke some methods on Java objects by accessing crafted URLs that were not intended to be invoked this way.
+  description: Jenkins 2.153 and earlier and LTS 2.138.3 and earlier are susceptible to a remote command injection via stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invoke some methods on Java objects by accessing crafted URLs that were not intended to be invoked this way.
   reference:
     - https://github.com/vulhub/vulhub/tree/master/jenkins/CVE-2018-1000861
+    - https://nvd.nist.gov/vuln/detail/CVE-2018-1000861
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.8
@@ -31,3 +31,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/05/12

cves/2018/CVE-2018-10562.yaml

@@ -1,10 +1,10 @@
 id: CVE-2018-10562
 
 info:
-  name: Dasan GPON Devices - Remote Code Execution (Unauthenticated)
+  name: Dasan GPON Devices - Remote Code Execution
   author: gy741
   severity: critical
-  description: An issue was discovered on Dasan GPON home routers. Command Injection can occur via the dest_host parameter in a diag_action=ping request to a GponForm/diag_Form URI. Because the router saves ping
+  description: Dasan GPON home routers are susceptible to command injection which can occur via the dest_host parameter in a diag_action=ping request to a GponForm/diag_Form URI. Because the router saves ping
     results in /tmp and transmits them to the user when the user revisits /diag.html, it's quite simple to execute commands and retrieve their output.
   reference:
     - https://www.vpnmentor.com/blog/critical-vulnerability-gpon-router
@@ -37,3 +37,5 @@ requests:
         part: interactsh_protocol # Confirms the HTTP Interaction
         words:
           - "http"
+
+# Enhanced by mp on 2022/05/12

cves/2018/CVE-2018-12031.yaml

@@ -4,11 +4,11 @@ info:
   name: Eaton Intelligent Power Manager 1.6 - Directory Traversal
   author: daffainfo
   severity: critical
-  description: Local file inclusion in Eaton Intelligent Power Manager v1.6 allows an attacker to include a file, it can lead to sensitive information disclosure, denial of service and code execution.
+  description: Eaton Intelligent Power Manager v1.6 allows an attacker to include a file via directory traversal, which can lead to sensitive information disclosure, denial of service and code execution.
   reference:
     - https://github.com/EmreOvunc/Eaton-Intelligent-Power-Manager-Local-File-Inclusion
-    - https://nvd.nist.gov/vuln/detail/CVE-2018-12031
     - https://www.exploit-db.com/exploits/48614
+    - https://nvd.nist.gov/vuln/detail/CVE-2018-12031
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.8
@@ -33,3 +33,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/05/12

cves/2018/CVE-2018-1207.yaml

@@ -1,19 +1,17 @@
 id: CVE-2018-1207
 
 info:
-  name: Dell iDRAC7 and iDRAC8 Devices Code Injection/RCE
+  name: Dell iDRAC7/8 Devices - Remote Code Injection
   author: dwisiswant0
   severity: critical
   description: |
-    This template supports the detection part only.
-
-    Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain CGI injection vulnerability
+    Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain a CGI injection vulnerability
     which could be used to execute remote code. A remote unauthenticated attacker may
     potentially be able to use CGI variables to execute remote code.
-
-    https://github.com/KraudSecurity/Exploits/blob/master/CVE-2018-1207/CVE-2018-1207.py
   reference:
     - https://downloads.dell.com/solutions/dell-management-solution-resources/iDRAC_CVE%201207_1211_1000116.pdf
+    - https://github.com/KraudSecurity/Exploits/blob/master/CVE-2018-1207/CVE-2018-1207.py
+    - https://nvd.nist.gov/vuln/detail/CVE-2018-1207
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.8
@@ -30,3 +28,5 @@ requests:
         words:
           - "calling init: /lib/"
         part: response
+
+# Enhanced by mp on 2022/05/12

cves/2018/CVE-2018-12300.yaml

@@ -1,7 +1,7 @@
 id: CVE-2018-12300
 
 info:
-  name: Seagate NAS OS 4.3.15.1 - Open redirect
+  name: Seagate NAS OS 4.3.15.1 - Open Redirect
   author: 0x_Akoko
   severity: medium
   description: Arbitrary Redirect in echo-server.html in Seagate NAS OS version 4.3.15.1 allows attackers to disclose information in the Referer header via the 'state' URL parameter.

cves/2018/CVE-2018-12634.yaml

@@ -1,12 +1,13 @@
 id: CVE-2018-12634
 
 info:
-  name: Exposed CirCarLife System Log
+  name: CirCarLife Scada <4.3 - System Log Exposure
   author: geeknik
   severity: critical
-  description: CirCarLife is an internet-connected electric vehicle charging station
+  description: CirCarLife Scada before 4.3 allows remote attackers to obtain sensitive information via a direct request for the html/log or services/system/info.html URI. CirCarLife is an internet-connected electric vehicle charging station.
   reference:
     - https://circontrol.com/
+    - https://nvd.nist.gov/vuln/detail/CVE-2018-12634
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.8
@@ -33,3 +34,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/05/12

cves/2018/CVE-2018-1273.yaml

@@ -1,7 +1,7 @@
 id: CVE-2018-1273
 
 info:
-  name: Spring Data Commons Unauthenticated RCE
+  name: Spring Data Commons - Remote Code Execution
   author: dwisiswant0
   severity: critical
   description: |
@@ -42,3 +42,5 @@ requests:
           - "\\[(font|extension|file)s\\]"
         condition: or
         part: body
+
+# Enhanced by mp on 2022/05/12

cves/2018/CVE-2018-13379.yaml

@@ -1,14 +1,14 @@
 id: CVE-2018-13379
 
 info:
-  name: FortiOS - Credentials Disclosure
+  name: Fortinet FortiOS - Credentials Disclosure
   author: organiccrap
   severity: critical
-  description: An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0
-    to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests.
+  description: Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests due to improper limitation of a pathname to a restricted directory (path traversal).
   reference:
     - https://fortiguard.com/advisory/FG-IR-18-384
     - https://www.fortiguard.com/psirt/FG-IR-20-233
+    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13379
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.8
@@ -24,3 +24,5 @@ requests:
       - type: word
         words:
           - "var fgt_lang"
+
+# Enhanced by mp on 2022/05/12

cves/2018/CVE-2018-13980.yaml

@@ -1,7 +1,7 @@
 id: CVE-2018-13980
 
 info:
-  name: Zeta Producer Desktop CMS 14.2.0 - Local File Disclosure
+  name: Zeta Producer Desktop CMS 14.2.0 - Arbitrary File Retrieval
   author: wisnupramoedya
   severity: medium
   description: The websites that were built from Zeta Producer Desktop CMS before 14.2.1 are vulnerable to unauthenticated file disclosure if the plugin "filebrowser" is installed, because of assets/php/filebrowser/filebrowser.main.php?file=../ directory traversal.

cves/2018/CVE-2018-14064.yaml

@@ -4,7 +4,7 @@ info:
   name: VelotiSmart Wifi - Directory Traversal
   author: 0x_Akoko
   severity: critical
-  description: The uc-http service 1.0.0 on VelotiSmart WiFi B-380 camera devices allows Directory Traversal, as demonstrated by /../../etc/passwd on TCP port 80.
+  description: VelotiSmart WiFi B-380 camera devices allow directory traversal via the uc-http service 1.0.0, as demonstrated by /../../etc/passwd on TCP port 80.
   reference:
     - https://medium.com/@s1kr10s/velotismart-0day-ca5056bcdcac
     - https://www.exploit-db.com/exploits/45030
@@ -31,3 +31,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/05/12

cves/2018/CVE-2018-14916.yaml

@@ -1,10 +1,10 @@
 id: CVE-2018-14916
 
 info:
-  name: Loytec LGATE-902 Directory Traversal
+  name: Loytec LGATE-902 <6.4.2 - Local File Inclusion
   author: 0x_Akoko
   severity: critical
-  description: Loytec LGATE-902 versions prior to 6.4.2 suffer from cross site scripting, arbitrary file deletion, and directory traversal vulnerabilities.
+  description: Loytec LGATE-902 versions prior to 6.4.2 suffers from a local file inclusion vulnerability.
   reference:
     - https://packetstormsecurity.com/files/152453/Loytec-LGATE-902-XSS-Traversal-File-Deletion.html
     - https://nvd.nist.gov/vuln/detail/CVE-2018-14916
@@ -30,3 +30,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/05/12

cves/2018/CVE-2018-15517.yaml

@@ -1,10 +1,10 @@
 id: CVE-2018-15517
 
 info:
-  name: D-LINK Central WifiManager Server-Side Request Forgery
+  name: D-Link Central WifiManager - Server-Side Request Forgery
   author: gy741
   severity: high
-  description: D-LINK Central WifiManager is susceptible to server-side request forgery. The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP
+  description: D-Link Central WifiManager is susceptible to server-side request forgery. The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP
     server but actually allows outbound TCP to any port on any IP address, as demonstrated by an index.php/System/MailConnect/host/127.0.0.1/port/22/secure/ URI. This can undermine accountability of where scan or
     connections actually came from and or bypass the FW etc. This can be automated via script or using a browser.
   reference:

cves/2018/CVE-2018-16167.yaml

@@ -1,7 +1,7 @@
 id: CVE-2018-16167
 
 info:
-  name: LogonTracer 1.2.0 - Remote Code Execution (Unauthenticated)
+  name: LogonTracer <=1.2.0 - Remote Command Injection
   author: gy741
   severity: critical
   description: LogonTracer 1.2.0 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.
@@ -30,3 +30,5 @@ requests:
         part: interactsh_protocol # Confirms the HTTP Interaction
         words:
           - "http"
+
+# Enhanced by mp on 2022/05/12

cves/2018/CVE-2018-16763.yaml

@@ -1,14 +1,15 @@
 id: CVE-2018-16763
 
 info:
-  name: fuelCMS 1.4.1 - Remote Code Execution
+  name: FUEL CMS 1.4.1 - Remote Code Execution
   author: pikpikcu
   severity: critical
-  description: FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This can lead to Pre-Auth Remote Code Execution.
+  description: FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter.
   reference:
     - https://www.exploit-db.com/exploits/47138
     - https://www.getfuelcms.com/
     - https://github.com/daylightstudio/FUEL-CMS/releases/tag/1.4.1
+    - https://nvd.nist.gov/vuln/detail/CVE-2018-16763
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.8
@@ -30,3 +31,5 @@ requests:
       - type: regex
         regex:
           - "root:.*:0:0:"
+
+# Enhanced by mp on 2022/05/12

cves/2018/CVE-2018-16836.yaml

@@ -1,13 +1,13 @@
 id: CVE-2018-16836
 
 info:
-  name: Rubedo CMS 3.4.0 - Directory Traversal
+  name: Rubedo CMS <=3.4.0 - Directory Traversal
   author: 0x_Akoko
   severity: critical
-  description: Rubedo through 3.4.0 contains a Directory Traversal vulnerability in the theme component, allowing unauthenticated attackers to read and execute arbitrary files outside of the service root path, as
-    demonstrated by a /theme/default/img/%2e%2e/..//etc/passwd URI.
+  description: Rubedo CMS through 3.4.0 contains a directory traversal vulnerability in the theme component, allowing unauthenticated attackers to read and execute arbitrary files outside of the service root path, as demonstrated by a /theme/default/img/%2e%2e/..//etc/passwd URI.
   reference:
     - https://www.exploit-db.com/exploits/45385
+    - https://nvd.nist.gov/vuln/detail/CVE-2018-16836
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.8
@@ -29,3 +29,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/05/13

cves/2018/CVE-2018-17246.yaml

@@ -1,14 +1,13 @@
 id: CVE-2018-17246
 
 info:
-  name: Kibana Local File Inclusion
+  name: Kibana - Local File Inclusion
   author: princechaddha
   severity: critical
-  description: Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request that will attempt to execute
-    javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.
+  description: Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request that will attempt to execute JavaScript which could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.
   reference:
-    - https://nvd.nist.gov/vuln/detail/CVE-2018-17246
     - https://github.com/vulhub/vulhub/blob/master/kibana/CVE-2018-17246/README.md
+    - https://nvd.nist.gov/vuln/detail/CVE-2018-17246
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.8
@@ -38,3 +37,5 @@ requests:
       - type: status
         status:
           - 500
+
+# Enhanced by mp on 2022/05/13

cves/2018/CVE-2018-17431.yaml

@@ -1,13 +1,14 @@
 id: CVE-2018-17431
 
 info:
-  name: Comodo Unified Threat Management Web Console 2.7.0 - RCE
+  name: Comodo Unified Threat Management Web Console - Remote Code Execution
   author: dwisiswant0
   severity: critical
-  description: Comodo Firewall & Central Manager (UTM) All Release before 2.7.0 & 1.5.0 Remote Code Execution (Web Shell based)
+  description: Comodo Firewall & Central Manager (UTM) All Release before 2.7.0 & 1.5.0 are susceptible to a web shell based remote code execution vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/48825
     - https://secure.comodo.com/home/purchase.php?pid=106&license=try&track=9276&af=9276
+    - https://nvd.nist.gov/vuln/detail/CVE-2018-17431
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.8
@@ -35,4 +36,6 @@ requests:
         part: body
       - type: status
         status:
-          - 200
+          - 200
+
+# Enhanced by mp on 2022/05/13

cves/2018/CVE-2018-18925.yaml

@@ -1,11 +1,10 @@
 id: CVE-2018-18925
 
 info:
-  name: Gogs - Remote Code Execution (CVE-2018-18925)
+  name: Gogs (Go Git Service) 0.11.66 - Remote Code Execution
   author: princechaddha
   severity: critical
-  description: Gogs 0.11.66 allows remote code execution because it does not properly validate session IDs, as demonstrated by a ".." session-file forgery in the file session provider in file.go. This is related
-    to session ID handling in the go-macaron/session code for Macaron.
+  description: Gogs 0.11.66 allows remote code execution because it does not properly validate session IDs, as demonstrated by a ".." session-file forgery in the file session provider in file.go. This is related to session ID handling in the go-macaron/session code for Macaron.
   reference:
     - https://www.anquanke.com/post/id/163575
     - https://github.com/vulhub/vulhub/tree/master/gogs/CVE-2018-18925
@@ -15,7 +14,7 @@ info:
     cvss-score: 9.8
     cve-id: CVE-2018-18925
     cwe-id: CWE-384
-  remediation: This issue will be fixed by updating to the latest version of Gogs
+  remediation: This issue will be fixed by updating to the latest version of Gogs.
   tags: cve,cve2018,gogs,lfi,rce
 
 requests:
@@ -35,3 +34,5 @@ requests:
       - type: dsl
         dsl:
           - 'status_code_1 == 500 && status_code_2 == 200 && contains(body_2, "<meta name=\"author\" content=\"Gogs\" />")'
+
+# Enhanced by mp on 2022/05/13

cves/2018/CVE-2018-20985.yaml

@@ -1,13 +1,13 @@
 id: CVE-2018-20985
 
 info:
-  name: WordPress Plugin WP Payeezy Pay 2.97 - Local File Inclusion
+  name: WordPress Payeezy Pay <=2.97 - Local File Inclusion
   author: daffainfo
   severity: critical
-  description: WordPress Plugin WP Payeezy Pay is prone to a local file inclusion vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive
-    information that could aid in further attacks. WordPress Plugin WP Payeezy Pay version 2.97 is vulnerable; prior versions are also affected.
+  description: WordPress Plugin WP Payeezy Pay is prone to a local file inclusion vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin WP Payeezy Pay version 2.97 is vulnerable; prior versions are also affected.
   reference:
     - https://www.pluginvulnerabilities.com/2018/12/06/our-improved-proactive-monitoring-has-now-caught-a-local-file-inclusion-lfi-vulnerability-as-well/
+    - https://wordpress.org/plugins/wp-payeezy-pay/#developers
     - https://www.cvedetails.com/cve/CVE-2018-20985/
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
@@ -35,3 +35,6 @@ requests:
       - type: status
         status:
           - 200
+
+
+# Enhanced by mp on 2022/05/13

cves/2018/CVE-2018-2894.yaml

@@ -1,13 +1,15 @@
 id: CVE-2018-2894
 
 info:
-  name: Oracle WebLogic RCE
+  name: Oracle WebLogic Server - Remote Code Execution
   author: geeknik,pdteam
   severity: critical
-  description: Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server.
+  description: |
+    The Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services) is susceptible to a remote code execution vulnerability that is easily exploitable and could allow unauthenticated attackers with network access via HTTP to compromise the server. Supported versions that are affected are 12.1.3.0, 12.2.1.2 and 12.2.1.3.
   reference:
     - https://blog.detectify.com/2018/11/14/technical-explanation-of-cve-2018-2894-oracle-weblogic-rce/
     - https://github.com/vulhub/vulhub/tree/fda47b97c7d2809660a4471539cd0e6dbf8fac8c/weblogic/CVE-2018-2894
+    - https://nvd.nist.gov/vuln/detail/CVE-2018-2894
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.8
@@ -90,3 +92,5 @@ requests:
       - type: word
         words:
           - "26ec00a3a03f6bfc5226fd121567bb58" # MD5 (CVE-2018-2894)
+
+# Enhanced by mp on 2022/05/13

cves/2018/CVE-2018-3810.yaml

@@ -1,14 +1,13 @@
 id: CVE-2018-3810
 
 info:
-  name: WordPress Smart Google Code Inserter Authentication Bypass
+  name: Oturia WordPress Smart Google Code Inserter <3.5 - Authentication Bypass
   author: princechaddha
   severity: critical
-  description: Authentication Bypass vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to insert arbitrary JavaScript or HTML code (via the sgcgoogleanalytic
-    parameter) that runs on all pages served by WordPress. The saveGoogleCode() function in smartgooglecode.php does not check if the current request is made by an authorized user, thus allowing any unauthenticated
-    user to successfully update the inserted code.
+  description: Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to insert arbitrary JavaScript or HTML code (via the sgcgoogleanalytic parameter) that runs on all pages served by WordPress. The saveGoogleCode() function in smartgooglecode.php does not check if the current request is made by an authorized user, thus allowing any unauthenticated user to successfully update the inserted code.
   reference:
     - https://www.exploit-db.com/exploits/43420
+    - https://nvd.nist.gov/vuln/detail/CVE-2018-3810
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.8
@@ -44,3 +43,6 @@ requests:
       - type: status
         status:
           - 200
+
+
+# Enhanced by mp on 2022/05/13

cves/2018/CVE-2018-6008.yaml

@@ -1,10 +1,10 @@
 id: CVE-2018-6008
 
 info:
-  name: Joomla! Component Jtag Members Directory 5.3.7 - Arbitrary File Download
+  name: Joomla! Component Jtag Members Directory 5.3.7 - Arbitrary File Retrieval
   author: daffainfo
   severity: high
-  description: Arbitrary File Download exists in the Jtag Members Directory 5.3.7 component for Joomla! via the download_file parameter.
+  description: Arbitrary file retrieval exists in the Jtag Members Directory 5.3.7 component for Joomla! via the download_file parameter.
   reference:
     - https://www.exploit-db.com/exploits/43913
     - https://www.cvedetails.com/cve/CVE-2018-6008

cves/2018/CVE-2018-7600.yaml

@@ -1,13 +1,13 @@
 id: CVE-2018-7600
 
 info:
-  name: Drupal Drupalgeddon 2 RCE
+  name: Drupal - Remote Code Execution
   author: pikpikcu
   severity: critical
-  description: Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or
-    common module configurations.
+  description: Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.
   reference:
     - https://github.com/vulhub/vulhub/tree/master/drupal/CVE-2018-7600
+    - https://nvd.nist.gov/vuln/detail/CVE-2018-7600
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.8
@@ -60,3 +60,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/05/13

cves/2018/CVE-2018-7602.yaml

@@ -1,11 +1,10 @@
 id: CVE-2018-7602
 
 info:
-  name: Drupal Remote Code Execution Vulnerability
+  name: Drupal - Remote Code Execution
   author: princechaddha
   severity: critical
-  description: A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result
-    in the site being compromised. This vulnerability is related to Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-002. Both SA-CORE-2018-002 and this vulnerability are being exploited in the wild.
+  description: Drupal 7.x and 8.x contain a remote code execution vulnerability that exists within multiple subsystems. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-002. Both SA-CORE-2018-002 and this vulnerability are being exploited in the wild.
   reference:
     - https://github.com/vulhub/vulhub/blob/master/drupal/CVE-2018-7602/drupa7-CVE-2018-7602.py
     - https://nvd.nist.gov/vuln/detail/CVE-2018-7602
@@ -74,3 +73,5 @@ requests:
         group: 1
         regex:
           - '<input type="hidden" name="form_build_id" value="(.*)" />'
+
+# Enhanced by mp on 2022/05/13

cves/2018/CVE-2018-7662.yaml

@@ -1,7 +1,7 @@
 id: CVE-2018-7662
 
 info:
-  name: CouchCMS <= 2.0 - Full Path Disclosure
+  name: CouchCMS <= 2.0 - Path Disclosure
   author: ritikchaddha
   severity: medium
   description: CouchCMS <= 2.0 allows remote attackers to discover the full path via a direct request to includes/mysql2i/mysql2i.func.php or addons/phpmailer/phpmailer.php.

cves/2018/CVE-2018-9161.yaml

@@ -4,8 +4,7 @@ info:
   name: PrismaWEB - Credentials Disclosure
   author: gy741
   severity: critical
-  description: The vulnerability exists due to the disclosure of hard-coded credentials allowing an attacker to effectively bypass authentication of PrismaWEB with administrator privileges. The credentials can be
-    disclosed by simply navigating to the login_par.js JavaScript page that holds the username and password for the management interface that are being used via the Login() function in /scripts/functions_cookie.js script.
+  description: PrismaWEB is susceptible to credential disclosure. The vulnerability exists due to the disclosure of hard-coded credentials allowing an attacker to effectively bypass authentication of PrismaWEB with administrator privileges. The credentials can be disclosed by simply navigating to the login_par.js JavaScript page that holds the username and password for the management interface that are being used via the Login() function in /scripts/functions_cookie.js script.
   reference:
     - https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5453.php
     - https://nvd.nist.gov/vuln/detail/CVE-2018-9161
@@ -33,3 +32,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/05/13

cves/2018/CVE-2018-9205.yaml

@@ -1,7 +1,7 @@
 id: CVE-2018-9205
 
 info:
-  name: Drupal avatar_uploader v7.x-1.0-beta8 Local File Inclusion
+  name: Drupal avatar_uploader v7.x-1.0-beta8 - Local File Inclusion
   author: daffainfo
   severity: high
   description: In avatar_uploader v7.x-1.0-beta8 the view.php program doesn't restrict file paths, allowing unauthenticated users to retrieve arbitrary files.

cves/2019/CVE-2019-16123.yaml

@@ -1,7 +1,7 @@
 id: CVE-2019-16123
 
 info:
-  name: PilusCart <= 1.4.1 - Local File Disclosure
+  name: PilusCart <= 1.4.1 - Arbitrary File Retrieval
   author: 0x_Akoko
   severity: high
   description: PilusCart versions 1.4.1 and below suffers from a file disclosure vulnerability.

cves/2019/CVE-2019-16759.yaml

@@ -1,7 +1,7 @@
 id: CVE-2019-16759
 
 info:
-  name: vBulletin v5.0.0-v5.5.4 Remote Command Execution
+  name: vBulletin v5.0.0-v5.5.4 - Remote Command Execution
   author: madrobot
   severity: critical
   description: vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request.

cves/2019/CVE-2019-17506.yaml

@@ -1,11 +1,10 @@
 id: CVE-2019-17506
 
 info:
-  name: DLINK DIR-868L & DIR-817LW Info Leak
+  name: D-Link DIR-868L & DIR-817LW - Information Disclosure
   author: pikpikcu
   severity: critical
-  description: There are some web interfaces without authentication requirements on D-Link DIR-868L B1-2.03 and DIR-817LW A1-1.04 routers. An attacker can get the router's username and password (and other information)
-    via a DEVICE.ACCOUNT value for SERVICES in conjunction with AUTHORIZED_GROUP=1%0a to getcfg.php. This could be used to control the router remotely.
+  description: There are some web interfaces without authentication requirements on D-Link DIR-868L B1-2.03 and DIR-817LW A1-1.04 routers. An attacker can get the router's username and password (and other information) via a DEVICE.ACCOUNT value for SERVICES in conjunction with AUTHORIZED_GROUP=1%0a to getcfg.php. This could be used to control the router remotely.
   reference:
     - https://github.com/dahua966/Routers-vuls/blob/master/DIR-868/name%26passwd.py
   classification:

cves/2019/CVE-2019-19908.yaml

@@ -1,10 +1,10 @@
 id: CVE-2019-19908
 
 info:
-  name: phpMyChat-Plus XSS
+  name: phpMyChat-Plus - Cross-Site Scripting
   author: madrobot
   severity: medium
-  description: phpMyChat-Plus 1.98 is vulnerable to reflected XSS via JavaScript injection into the password reset URL. In the URL, the pmc_username parameter to pass_reset.php is vulnerable.
+  description: phpMyChat-Plus 1.98 is vulnerable to reflected cross-site scripting (XSS) via JavaScript injection into the password reset URL. In the URL, the pmc_username parameter to pass_reset.php is vulnerable.
   reference:
     - https://cinzinga.github.io/CVE-2019-19908/
   classification:

cves/2019/CVE-2019-19985.yaml

@@ -1,10 +1,10 @@
 id: CVE-2019-19985
 
 info:
-  name: WordPress Plugin Email Subscribers & Newsletters 4.2.2 - Unauthenticated File Download
+  name: WordPress Email Subscribers & Newsletters <4.2.2 - Arbitrary File Retrieval
   author: KBA@SOGETI_ESEC,madrobot,dwisiswant0
   severity: medium
-  description: The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed unauthenticated file download with user information disclosure.
+  description: The WordPress plugin Email Subscribers & Newsletters before 4.2.3 contains a flaw that allows unauthenticated file download and user information disclosure.
   reference:
     - https://www.exploit-db.com/exploits/48698
   classification:
@@ -37,4 +37,4 @@ requests:
 
       - type: status
         status:
-          - 200
+          - 200

cves/2019/CVE-2019-20141.yaml

@@ -1,7 +1,7 @@
 id: CVE-2019-20141
 
 info:
-  name: Neon Dashboard - XSS Reflected
+  name: Neon Dashboard - Cross-Site Scripting
   author: knassar702
   severity: medium
   description: An XSS issue was discovered in the Laborator Neon theme 2.0 for WordPress via the data/autosuggest-remote.php q parameter.
@@ -30,4 +30,4 @@ requests:
       - type: word
         words:
           - "text/html"
-        part: header
+        part: header

cves/2019/CVE-2019-3912.yaml

@@ -1,7 +1,7 @@
 id: CVE-2019-3912
 
 info:
-  name: LabKey Server < 18.3.0 - Open redirect
+  name: LabKey Server < 18.3.0 - Open Redirect
   author: 0x_Akoko
   severity: medium
   description: An open redirect vulnerability in LabKey Server Community Edition before 18.3.0-61806.763 via the /__r1/ returnURL parameter allows an unauthenticated remote attacker to redirect users to arbitrary web sites.

cves/2019/CVE-2019-9955.yaml

@@ -1,7 +1,7 @@
 id: CVE-2019-9955
 
 info:
-  name: Zyxel Reflected Cross-site Scripting
+  name: Zyxel - Reflected Cross-site Scripting
   author: pdteam
   severity: medium
   description: On Zyxel ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, USG2200-VPN, ZyWALL 110, ZyWALL 310, ZyWALL 1100 devices, the security

cves/2020/CVE-2020-18268.yaml

@@ -1,7 +1,7 @@
 id: CVE-2020-18268
 
 info:
-  name: Z-BlogPHP 1.5.2 Open redirect
+  name: Z-BlogPHP 1.5.2 - Open Redirect
   author: 0x_Akoko
   severity: medium
   description: Open Redirect in Z-BlogPHP v1.5.2 and earlier allows remote attackers to obtain sensitive information via the "redirect" parameter in the component "zb_system/cmd.php."

cves/2020/CVE-2020-22840.yaml

@@ -1,7 +1,7 @@
 id: CVE-2020-22840
 
 info:
-  name: b2evolution CMS Open redirect
+  name: b2evolution CMS - Open Redirect
   author: geeknik
   severity: medium
   description: Open redirect vulnerability in b2evolution CMS version prior to 6.11.6 allows an attacker to perform malicious open redirects to an attacker controlled resource via redirect_to parameter in email_passthrough.php.

cves/2020/CVE-2020-24391.yaml

@@ -1,11 +1,10 @@
 id: CVE-2020-24391
 
 info:
-  name: Mongo-Express Remote Code Execution
+  name: Mongo-Express - Remote Code Execution
   author: leovalcante
   severity: critical
-  description: Mongo-Express before 1.0.0 is susceptible to remote code execution because it uses safer-eval to validate user supplied javascript. Unfortunately safer-eval sandboxing capabilities are easily bypassed
-    leading to remote code execution in the context of the node server.
+  description: Mongo-Express before 1.0.0 is susceptible to remote code execution because it uses safer-eval to validate user supplied javascript. Unfortunately safer-eval sandboxing capabilities are easily bypassed leading to remote code execution in the context of the node server.
   reference:
     - https://securitylab.github.com/advisories/GHSL-2020-131-mongo-express/
     - https://github.com/mongo-express/mongo-express/commit/3a26b079e7821e0e209c3ee0cc2ae15ad467b91a

cves/2020/CVE-2020-24550.yaml

@@ -1,7 +1,7 @@
 id: CVE-2020-24550
 
 info:
-  name: CVE-2020-24550
+  name: EpiServer <13.2.7 - Open Redirect
   author: dhiyaneshDK
   severity: medium
   description: An Open Redirect vulnerability in EpiServer Find before 13.2.7 allows an attacker to redirect users to untrusted websites via the _t_redirect parameter in a crafted URL, such as a /find_v2/_click URL.

cves/2020/CVE-2020-24579.yaml

@@ -1,7 +1,7 @@
 id: CVE-2020-24579
 
 info:
-  name: DLINK DSL 2888a RCE
+  name: D-Link DSL 2888a - Remote Command Execution
   author: pikpikcu
   severity: high
   description: An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. An unauthenticated attacker could bypass authentication to access authenticated pages and functionality.

cves/2020/CVE-2020-25495.yaml

@@ -1,10 +1,10 @@
 id: CVE-2020-25495
 
 info:
-  name: SCO Openserver 5.0.7 - 'section' Reflected XSS
+  name: SCO Openserver 5.0.7 - 'section' Cross-Site scripting
   author: 0x_Akoko
   severity: medium
-  description: A reflected Cross-site scripting (XSS) vulnerability in Xinuo (formerly SCO) Openserver version 5 and 6 allows remote attackers to inject arbitrary web script or HTML tag via the parameter 'section'.
+  description: A reflected cross-site scripting (XSS) vulnerability in Xinuo (formerly SCO) Openserver version 5 and 6 allows remote attackers to inject arbitrary web script or HTML tag via the parameter 'section'.
   reference:
     - https://www.exploit-db.com/exploits/49300
   classification:

cves/2020/CVE-2020-29453.yaml

@@ -1,7 +1,7 @@
 id: CVE-2020-29453
 
 info:
-  name: Jira Server Pre-Auth Limited Arbitrary File Read
+  name: Jira Server Pre-Auth - Arbitrary File Retrieval (WEB-INF, META-INF)
   author: dwisiswant0
   severity: medium
   description: The CachingResourceDownloadRewriteRule class in Jira Server and Jira Data Center allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check.

cves/2020/CVE-2020-3452.yaml

@@ -1,7 +1,7 @@
 id: CVE-2020-3452
 
 info:
-  name: CVE-2020-3452
+  name: Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) - Arbitrary File Retrieval
   author: pdteam
   severity: high
   description: |

cves/2020/CVE-2020-35736.yaml

@@ -1,10 +1,10 @@
 id: CVE-2020-35736
 
 info:
-  name: GateOne Arbitrary File Download
+  name: GateOne 1.1 - Arbitrary File Retrieval
   author: pikpikcu
   severity: high
-  description: GateOne 1.1 allows arbitrary file download without authentication via /downloads/.. directory traversal because os.path.join is misused.
+  description: GateOne 1.1 allows arbitrary file retrieval without authentication via /downloads/.. directory traversal because os.path.join is incorrectly used.
   reference:
     - https://github.com/liftoff/GateOne/issues/747
     - https://nvd.nist.gov/vuln/detail/CVE-2020-35736
@@ -28,4 +28,4 @@ requests:
 
       - type: status
         status:
-          - 200
+          - 200

cves/2020/CVE-2020-35749.yaml

@@ -1,7 +1,7 @@
 id: CVE-2020-35749
 
 info:
-  name: Simple Job Board < 2.9.4 - Authenticated Path Traversal Leading to Arbitrary File Download
+  name: Simple Job Board < 2.9.4 -Arbitrary File Retrieval (Authenticated)
   author: cckuailong
   severity: high
   description: The plugin does not validate the sjb_file parameter when viewing a resume, allowing authenticated user with the download_resume capability (such as HR users) to download arbitrary files from the web-server

cves/2020/CVE-2020-36365.yaml

@@ -1,7 +1,7 @@
 id: CVE-2020-36365
 
 info:
-  name: Smartstore < 4.1.0 - Open redirect
+  name: Smartstore < 4.1.0 - Open Redirect
   author: 0x_Akoko
   severity: medium
   description: Smartstore (aka SmartStoreNET) before 4.1.0 allows CommonController.ClearCache, ClearDatabaseCache, RestartApplication, and ScheduleTaskController.Edit open redirect.

cves/2020/CVE-2020-36510.yaml

@@ -5,7 +5,7 @@ info:
   author: veshraj
   severity: medium
   description: |
-    The theme does not sanitise and escape the cbi parameter before outputing it back in the response via the cb_s_a AJAX action, leading to a Reflected Cross-Site Scripting
+    The 15Zine Wordpress theme does not sanitize the cbi parameter before including it in the HTTP response via the cb_s_a AJAX action, leading to a reflected cross-site scripting.
   reference:
     - https://wpscan.com/vulnerability/d1dbc6d7-7488-40c2-bc38-0674ea5b3c95
     - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36510

cves/2020/CVE-2020-9054.yaml

@@ -1,10 +1,10 @@
 id: CVE-2020-9054
 
 info:
-  name: ZyXEL NAS Firmware 5.21- Remote Code Execution
+  name: Zyxel NAS Firmware 5.21- Remote Code Execution
   author: dhiyaneshDk
   severity: critical
-  description: "Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. ZyXEL NAS devices achieve authentication by using the weblogin.cgi CGI executable. This program fails to properly sanitize the username parameter that is passed to it. If the username parameter contains certain characters, it can allow command injection with the privileges of the web server that runs on the ZyXEL device. Although the web server does not run as the root user, ZyXEL devices include a setuid utility that can be leveraged to run any command with root privileges. As such, it should be assumed that exploitation of this vulnerability can lead to remote code execution with root privileges. By sending a specially-crafted HTTP POST or GET request to a vulnerable ZyXEL device, a remote, unauthenticated attacker may be able to execute arbitrary code on the device. This may happen by directly connecting to a device if it is directly exposed to an attacker.   However, there are ways to trigger such crafted requests even if an attacker does not have direct connectivity to a vulnerable devices. For example, simply visiting a website can result in the compromise of any ZyXEL device that is reachable from the client system. Affected products include: NAS326 before firmware V5.21(AAZF.7)C0 NAS520 before firmware V5.21(AASZ.3)C0 NAS540 before firmware V5.21(AATB.4)C0 NAS542 before firmware V5.21(ABAG.4)C0 ZyXEL has made firmware updates available for NAS326, NAS520, NAS540, and NAS542 devices. Affected models that are end-of-support: NSA210, NSA220, NSA220+, NSA221, NSA310, NSA310S, NSA320, NSA320S, NSA325 and NSA325v2."
+  description: "Multiple Zyxel network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. Zyxel NAS devices achieve authentication by using the weblogin.cgi CGI executable. This program fails to properly sanitize the username parameter that is passed to it. If the username parameter contains certain characters, it can allow command injection with the privileges of the web server that runs on the Zyxel device. Although the web server does not run as the root user, Zyyxel devices include a setuid utility that can be leveraged to run any command with root privileges. As such, it should be assumed that exploitation of this vulnerability can lead to remote code execution with root privileges. By sending a specially-crafted HTTP POST or GET request to a vulnerable Zyyxel device, a remote, unauthenticated attacker may be able to execute arbitrary code on the device. This may happen by directly connecting to a device if it is directly exposed to an attacker.   However, there are ways to trigger such crafted requests even if an attacker does not have direct connectivity to a vulnerable devices. For example, simply visiting a website can result in the compromise of any Zyyxel device that is reachable from the client system. Affected products include: NAS326 before firmware V5.21(AAZF.7)C0 NAS520 before firmware V5.21(AASZ.3)C0 NAS540 before firmware V5.21(AATB.4)C0 NAS542 before firmware V5.21(ABAG.4)C0 Zyyxel has made firmware updates available for NAS326, NAS520, NAS540, and NAS542 devices. Affected models that are end-of-support: NSA210, NSA220, NSA220+, NSA221, NSA310, NSA310S, NSA320, NSA320S, NSA325 and NSA325v2."
   reference:
     - https://krebsonsecurity.com/2020/02/zyxel-fixes-0day-in-network-storage-devices/
     - https://www.zyxel.com/support/remote-code-execution-vulnerability-of-NAS-products.shtml

cves/2020/CVE-2020-9490.yaml

@@ -1,11 +1,10 @@
 id: CVE-2020-9490
 
 info:
-  name: CVE-2020-9490
+  name: Apache HTTP Server 2.4.20-2.4.43 - HTTP/2 Cache-Digest DoS
   author: philippedelteil
   severity: high
-  description: Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource
-    afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers.
+  description: Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers.
   reference:
     - https://httpd.apache.org/security/vulnerabilities_24.html
     - https://bugs.chromium.org/p/project-zero/issues/detail?id=2030

cves/2021/CVE-2021-21816.yaml

@@ -1,10 +1,10 @@
 id: CVE-2021-21816
 
 info:
-  name: D-LINK DIR-3040 - Syslog Information Disclosure
+  name: D-Link DIR-3040 - Syslog Information Disclosure
   author: gy741
   severity: medium
-  description: An information disclosure vulnerability exists in the Syslog functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to the disclosure of sensitive information. An attacker
+  description: An information disclosure vulnerability exists in the Syslog functionality of D-Link DIR-3040 1.13B03. A specially crafted network request can lead to the disclosure of sensitive information. An attacker
     can send an HTTP request to trigger this vulnerability.
   reference:
     - https://talosintelligence.com/vulnerability_reports/TALOS-2021-1281

cves/2021/CVE-2021-24997.yaml

@@ -1,10 +1,9 @@
 id: CVE-2021-24997
 
 info:
-  name: CVE-2021-24997
+  name: Wordpress Guppy <=1.1 - User ID Disclosure
   author: Evan Rubinstein
-  description: Instances of the Guppy Wordpress extension up to 1.1 are vulnerable to an API disclosure vulnerability which allows remote unauthenticated attackrs to obtain all user IDs, and then use that information
-    to make API requests to either get messages sent between users, or send messages posing as one user to another.
+  description: Instances of the Guppy Wordpress extension up to 1.1 are vulnerable to an API disclosure vulnerability which allows remote unauthenticated attackrs to obtain all user IDs, and then use that information to make API requests to either get messages sent between users, or send messages posing as one user to another.
   reference:
     - https://www.exploit-db.com/exploits/50540
     - https://patchstack.com/database/vulnerability/wp-guppy/wordpress-wp-guppy-plugin-1-2-sensitive-information-disclosure-vulnerability
@@ -32,4 +31,4 @@ requests:
           - '"guppyUsers":'
           - '"userId":'
           - '"type":'
-        condition: and
+        condition: and

cves/2021/CVE-2021-25118.yaml

@@ -1,7 +1,7 @@
 id: CVE-2021-25118
 
 info:
-  name: Yoast SEO < 17.3 - Unauthenticated Full Path Disclosure
+  name: Yoast SEO < 17.3 - Path Disclosure
   author: DhiyaneshDK
   severity: medium
   description: The plugin discloses the full internal path of featured images in posts via the wp/v2/posts REST endpoints which could help an attacker identify other vulnerabilities or help during the exploitation of other identified vulnerabilities.

cves/2021/CVE-2021-30151.yaml

@@ -1,7 +1,7 @@
 id: CVE-2021-30151
 
 info:
-  name: CVE-2021-30151
+  name: Sidekiq 5.1.3 and 6.x-6.2.0 - Cross-Site Scripting
   author: DhiyaneshDk
   severity: medium
   description: Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue name of the live-poll feature when Internet Explorer is used.
@@ -33,4 +33,4 @@ requests:
 
       - type: status
         status:
-          - 200
+          - 200

cves/2021/CVE-2021-39316.yaml

@@ -1,11 +1,10 @@
 id: CVE-2021-39316
 
 info:
-  name: DZS Zoomsounds < 6.50 - Unauthenticated Arbitrary File Download
+  name: Wordpress DZS Zoomsounds <= 6.50 - Arbitrary File Retrieval
   author: daffainfo
   severity: high
-  description: The Zoomsounds plugin <= 6.45 for WordPress allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the `dzsap_download` action using directory traversal
-    in the `link` parameter.
+  description: The Zoomsounds plugin <= 6.45 for WordPress allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the `dzsap_download` action using a directory traversal in the `link` parameter.
   reference:
     - https://wpscan.com/vulnerability/d2d60cf7-e4d3-42b6-8dfe-7809f87547bd
     - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39316
@@ -30,4 +29,4 @@ requests:
 
       - type: status
         status:
-          - 200
+          - 200

cves/2021/CVE-2021-41293.yaml

@@ -1,7 +1,7 @@
 id: CVE-2021-41293
 
 info:
-  name: ECOA Building Automation System - Local File Disclosure
+  name: ECOA Building Automation System - Arbitrary File Retrieval
   author: 0x_Akoko
   severity: high
   description: The ECOA BAS controller suffers from an arbitrary file disclosure vulnerability. Using the 'fname' POST parameter in viewlog.jsp, attackers can disclose arbitrary files on the affected device and disclose

cves/2022/CVE-2022-0540.yaml

@@ -1,7 +1,7 @@
 id: CVE-2022-0540
 
 info:
-  name: Atlassian Jira - Authentication bypass in Seraph
+  name: Atlassian Jira Seraph- Authentication Bypass
   author: DhiyaneshDK
   severity: critical
   description: |

cves/2022/CVE-2022-1119.yaml

@@ -1,11 +1,11 @@
 id: CVE-2022-1119
 
 info:
-  name: WordPress Simple File List < 3.2.8 - Unauthenticated Arbitrary File Download
+  name: WordPress Simple File List < 3.2.8 - Arbitrary File Retrieval
   author: random-robbie
   severity: high
   description: |
-    The plugin is vulnerable to Arbitrary File Download via the eeFile parameter found in the ~/includes/ee-downloader.php file due to missing controls which makes it possible unauthenticated attackers to supply a path to a file that will subsequently be downloaded
+    The Wordpress plugin is vulnerable to arbitrary file retrieval via the eeFile parameter found in the ~/includes/ee-downloader.php file due to missing controls which make it possible for unauthenticated attackers retrieve arbitrary files.
   reference:
     - https://nvd.nist.gov/vuln/detail/CVE-2022-1119
     - https://wpscan.com/vulnerability/5551038f-64fb-44d8-bea0-d2f00f04877e

cves/2022/CVE-2022-1221.yaml

@@ -5,10 +5,12 @@ info:
   author: veshraj
   severity: medium
   description: |
-    The plugin does not sanitise and escape some parameters before outputting them back in attributes, leading to a Reflected Cross-Site Scripting.
+    The Gwyn's Imagemap Selector Wordpresss plugin does not sanitize the id and class parameters before returning them back in attributes, leading to a Reflected Cross-Site Scripting.
   reference:
     - https://wpscan.com/vulnerability/641be9f6-2f74-4386-b16e-4b9488f0d2a9
     - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1221
+  classification:
+    cve-id: CVE-2022-1221
   metadata:
     verified: true
   tags: xss,wordpress,wp-plugin,wp,cve,cve2022

exposed-panels/gogs-login.yaml

@@ -1,7 +1,7 @@
 id: gogs-login
 
 info:
-  name: Sign In - Gogs
+  name: Gogs (Go Git Service) - Sign In Page
   author: dhiyaneshDK
   severity: info
   metadata:

exposed-panels/zyxel/zyxel-vmg1312b10d-login.yaml

@@ -1,7 +1,7 @@
 id: zyxel-vmg1312b10d-login
 
 info:
-  name: ZYXEL VMG1312-B10D Login Detect
+  name: Zyxel VMG1312-B10D - Login Detection
   author: princechaddha
   severity: info
   metadata:

exposed-panels/zyxel/zyxel-vsg1432b101-login.yaml

@@ -1,7 +1,7 @@
 id: zyxel-vsg1432b101-login
 
 info:
-  name: ZYXEL VSG1432-B101 Login Detect
+  name: Zyxel VSG1432-B101 - Login Detection
   author: princechaddha
   severity: info
   metadata:

exposures/files/gogs-install-exposure.yaml

@@ -1,7 +1,7 @@
 id: gogs-install-exposure
 
 info:
-  name: Gogs install exposure
+  name: Gogs (Go Git Service) - Install Exposure
   author: dhiyaneshDk
   severity: high
   tags: gogs,exposure

headless/window-name-domxss.yaml

@@ -1,7 +1,7 @@
 id: window-name-domxss
 
 info:
-  name: window.name DOM XSS
+  name: window.name - DOM Cross-Site Scripting
   author: pdteam
   severity: medium
   reference:

misconfiguration/aem/aem-setpreferences-xss.yaml

@@ -1,7 +1,7 @@
 id: aem-setpreferences-xss
 
 info:
-  name: AEM setPreferences XSS
+  name: AEM setPreferences - Cross-Site Scripting
   author: zinminphy0,dhiyaneshDK
   severity: medium
   reference:
@@ -27,4 +27,4 @@ requests:
 
       - type: status
         status:
-          - 400
+          - 400

misconfiguration/akamai-arl-xss.yaml

@@ -1,7 +1,7 @@
 id: akamai-arl-xss
 
 info:
-  name: Open Akamai ARL XSS
+  name: Open Akamai ARL - Cross-Site Scripting
   author: pdteam
   severity: medium
   reference:
@@ -28,4 +28,4 @@ requests:
       - type: word
         part: header
         words:
-          - 'text/html'
+          - 'text/html'

misconfiguration/ampps-dirlisting.yaml

@@ -1,7 +1,7 @@
 id: ampps-dirlisting
 
 info:
-  name: AMPPS by Softaculous - Directory Listing Enabled
+  name: AMPPS by Softaculous - Directory Listing
   author: deFr0ggy
   severity: info
   tags: panel,ampps,softaculous,misconfig

misconfiguration/d-link-arbitary-fileread.yaml

@@ -1,7 +1,7 @@
 id: dlink-file-read
 
 info:
-  name: D-Link Arbitrary File Read
+  name: D-Link - Arbitrary File Retrieval
   author: dhiyaneshDK
   severity: high
   reference:

vulnerabilities/moodle/moodle-filter-jmol-xss.yaml

@@ -1,7 +1,7 @@
 id: moodle-filter-jmol-xss
 
 info:
-  name: Moodle filter_jmol - XSS
+  name: Moodle filter_jmol - Cross-Site Scripting
   author: madrobot
   severity: medium
   description: Cross-site scripting on Moodle.
@@ -28,4 +28,4 @@ requests:
       - type: word
         part: header
         words:
-          - "text/html"
+          - "text/html"

vulnerabilities/moodle/moodle-xss.yaml

@@ -1,7 +1,7 @@
 id: moodle-xss
 
 info:
-  name: Moodle redirect_uri Reflected XSS
+  name: Moodle redirect_uri - Cross-Site Scripting
   author: hackergautam
   severity: medium
   description: XSS in moodle via redirect_uri parameter

vulnerabilities/netsweeper/netsweeper-rxss.yaml

@@ -1,7 +1,7 @@
 id: netsweeper-rxss
 
 info:
-  name: Netsweeper 4.0.9 - Cross Site Scripting Injection
+  name: Netsweeper 4.0.9 - Cross-Site Scripting
   author: daffainfo
   severity: medium
   reference:

vulnerabilities/oracle/oracle-ebs-xss.yaml

@@ -1,7 +1,7 @@
 id: oracle-ebs-xss
 
 info:
-  name: Oracle EBS XSS
+  name: Oracle EBS - Cross-Site Scripting
   author: dhiyaneshDk
   severity: medium
   reference:

vulnerabilities/other/bems-api-lfi.yaml

@@ -1,10 +1,10 @@
 id: bems-api-lfi
 
 info:
-  name: Longjing Technology BEMS API 1.21 - Remote Arbitrary File Download
+  name: Longjing Technology BEMS API 1.21 - Arbitrary File Retrieval
   author: gy741
   severity: high
-  description: The application suffers from an unauthenticated arbitrary file download vulnerability. Input passed through the fileName parameter through downloads endpoint is not properly verified before being used to download files. This can be exploited to disclose the contents of arbitrary and sensitive files through directory traversal attacks.
+  description: The application suffers from an unauthenticated arbitrary file retrieval vulnerability. Input passed through the fileName parameter through the downloads API endpoint is not properly verified before being used to download files. This can be exploited to disclose the contents of arbitrary and sensitive files through directory traversal attacks.
   reference:
     - https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5657.php
   tags: lfi

vulnerabilities/other/ecsimagingpacs-rce.yaml

@@ -1,14 +1,16 @@
 id: ecsimagingpacs-rce
 
 info:
-  name: ECSIMAGING PACS 6.21.5 - Remote code execution
+  name: ECSIMAGING PACS <= 6.21.5 - Command Execution and Local File Inclusion
   author: ritikchaddha
   severity: critical
-  description: ECSIMAGING PACS Application in 6.21.5 and bellow suffers from a OS Injection vulnerability. The parameter `file` on the webpage /showfile.php can be exploited with simple OS injection to gain root access. www-data user has sudo NOPASSWD access
+  description: ECSIMAGING PACS Application 6.21.5 and below suffer from a command injection vulnerability and a local file include vulnerability. The 'file' parameter on the page /showfile.php can be exploited to perform command execution or local file inclusion. Often on ECSIMAGING PACS, the www-data user has sudo NOPASSWD access.
   reference: https://www.exploit-db.com/exploits/49388
   metadata:
     verified: false
   tags: ecsimagingpacs,rce
+  classification:
+    cwe-id: CWE-78
 
 requests:
   - method: GET
@@ -24,3 +26,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by cs 05/12/2022

vulnerabilities/other/eyelock-nano-lfd.yaml

@@ -1,10 +1,10 @@
 id: eyelock-nano-lfd
 
 info:
-  name: EyeLock nano NXT 3.5 - Local File Disclosure
+  name: EyeLock nano NXT 3.5 - Arbitrary File Retrieval
   author: geeknik
   severity: high
-  description: EyeLock nano NXT suffers from a file disclosure vulnerability when input passed through the 'path' parameter to 'logdownload.php' script is not properly verified before being used to read files. This
+  description: EyeLock nano NXT suffers from a file retrieval vulnerability when input passed through the 'path' parameter to 'logdownload.php' script is not properly verified before being used to read files. This
     can be exploited to disclose contents of files from local resources.
   reference:
     - https://www.zeroscience.mk/codes/eyelock_lfd.txt

vulnerabilities/other/java-melody-xss.yaml

@@ -1,7 +1,7 @@
 id: java-melody-xss
 
 info:
-  name: JavaMelody Monitoring XSS
+  name: JavaMelody Monitoring - Cross-Site Scripting
   author: kailashbohara
   severity: medium
   description: Reflected cross site scripting (XSS) in JavaMelody monitoring.

vulnerabilities/other/kafdrop-xss.yaml

@@ -1,10 +1,10 @@
 id: kafdrop-xss
 
 info:
-  name: KafDrop XSS
+  name: KafDrop - Cross-Site Scripting
   author: dhiyaneshDk
   severity: medium
-  description: A vulnerability in KafDrop allows remote unauthenticated attackers to inject arbitrary HTML and/or Javascript into the response returned by the server.
+  description: A vulnerability in KafDrop allows remote unauthenticated attackers to inject arbitrary HTML and/or JavaScript into the response returned by the server.
   reference:
     - https://github.com/HomeAdvisor/Kafdrop/issues/12
   tags: kafdrop,xss

vulnerabilities/other/kyocera-m2035dn-lfi.yaml

@@ -1,10 +1,10 @@
 id: kyocera-m2035dn-lfi
 
 info:
-  name: Kyocera Command Center RX ECOSYS M2035dn - Directory Traversal File Disclosure (Unauthenticated)
+  name: Kyocera Command Center RX ECOSYS M2035dn - Arbitrary File Retrieval
   author: 0x_Akoko
   severity: high
-  description: Kyocera Command Center RX ECOSYS M2035dn - Directory Traversal File Disclosure (Unauthenticated)
+  description: Kyocera Command Center RX ECOSYS M2035dn - Unauthenticated arbitrary file retrieval.
   reference:
     - https://www.exploit-db.com/exploits/50738
     - https://www.kyoceradocumentsolutions.com/asia/en/products/business-application/command-center-rx.html

vulnerabilities/other/microstrategy-ssrf.yaml

@@ -1,10 +1,10 @@
 id: microstrategy-ssrf
 
 info:
-  name: MicroStrategy tinyurl - BSSRF
+  name: MicroStrategy tinyurl - Server-Side Request Forgery (Blind)
   author: organiccrap
   severity: high
-  description: Blind server-side request forgery vulnerability on MicroStrategy URL shortener.
+  description: Blind server-side (SSRF) request forgery vulnerability on MicroStrategy URL shortener.
   reference:
     - https://medium.com/@win3zz/how-i-made-31500-by-submitting-a-bug-to-facebook-d31bb046e204
   tags: microstrategy,ssrf

vulnerabilities/other/nginx-module-vts-xss.yaml

@@ -1,7 +1,7 @@
 id: nginx-module-vts-xss
 
 info:
-  name: Nginx virtual host traffic status module XSS
+  name: Nginx Virtual Host Traffic Status Module - Cross-Site Scripting
   author: madrobot
   severity: medium
   tags: nginx,xss,status