TemplateMan Update [Mon Jan 29 11:58:34 UTC 2024] 🤖
parent
5a763c043e
commit
5c4a72935f
|
@ -8,6 +8,7 @@ info:
|
||||||
Searches for Azure virtual machines via their registered DNS names.
|
Searches for Azure virtual machines via their registered DNS names.
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
|
max-request: 1
|
||||||
tags: cloud,cloud-enum,azure,fuzz,enum
|
tags: cloud,cloud-enum,azure,fuzz,enum
|
||||||
|
|
||||||
self-contained: true
|
self-contained: true
|
||||||
|
|
|
@ -8,6 +8,7 @@ info:
|
||||||
Searches for Azure websites that are registered and responding.
|
Searches for Azure websites that are registered and responding.
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
|
max-request: 1
|
||||||
tags: cloud,enum,azure
|
tags: cloud,enum,azure
|
||||||
|
|
||||||
self-contained: true
|
self-contained: true
|
||||||
|
|
|
@ -8,6 +8,7 @@ info:
|
||||||
Searches for App Engine Apps in GCP.
|
Searches for App Engine Apps in GCP.
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
|
max-request: 1
|
||||||
tags: enum,cloud,cloud-enum,gcp
|
tags: enum,cloud,cloud-enum,gcp
|
||||||
|
|
||||||
self-contained: true
|
self-contained: true
|
||||||
|
|
|
@ -8,6 +8,7 @@ info:
|
||||||
Searches for open and protected buckets in GCP.
|
Searches for open and protected buckets in GCP.
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
|
max-request: 1
|
||||||
tags: cloud,enum,cloud-enum,gcp
|
tags: cloud,enum,cloud-enum,gcp
|
||||||
|
|
||||||
self-contained: true
|
self-contained: true
|
||||||
|
|
|
@ -8,6 +8,7 @@ info:
|
||||||
Searches for Firebase Apps in GCP.
|
Searches for Firebase Apps in GCP.
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
|
max-request: 1
|
||||||
tags: enum,cloud,cloud-enum,gcp
|
tags: enum,cloud,cloud-enum,gcp
|
||||||
|
|
||||||
self-contained: true
|
self-contained: true
|
||||||
|
|
|
@ -8,6 +8,7 @@ info:
|
||||||
Searches for Firebase Realtime Databases in GCP.
|
Searches for Firebase Realtime Databases in GCP.
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
|
max-request: 1
|
||||||
tags: enum,cloud,cloud-enum,gcp
|
tags: enum,cloud,cloud-enum,gcp
|
||||||
|
|
||||||
self-contained: true
|
self-contained: true
|
||||||
|
|
|
@ -10,6 +10,7 @@ info:
|
||||||
- https://gtfobins.github.io/gtfobins/aa-exec/
|
- https://gtfobins.github.io/gtfobins/aa-exec/
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
|
max-request: 3
|
||||||
tags: code,linux,aa-exec,privesc
|
tags: code,linux,aa-exec,privesc
|
||||||
|
|
||||||
self-contained: true
|
self-contained: true
|
||||||
|
|
|
@ -10,6 +10,7 @@ info:
|
||||||
- https://gtfobins.github.io/gtfobins/ash/
|
- https://gtfobins.github.io/gtfobins/ash/
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
|
max-request: 3
|
||||||
tags: code,linux,ash,privesc
|
tags: code,linux,ash,privesc
|
||||||
|
|
||||||
self-contained: true
|
self-contained: true
|
||||||
|
|
|
@ -10,6 +10,7 @@ info:
|
||||||
- https://gtfobins.github.io/gtfobins/awk/
|
- https://gtfobins.github.io/gtfobins/awk/
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
|
max-request: 3
|
||||||
tags: code,linux,awk,privesc
|
tags: code,linux,awk,privesc
|
||||||
|
|
||||||
self-contained: true
|
self-contained: true
|
||||||
|
|
|
@ -5,11 +5,12 @@ info:
|
||||||
author: daffainfo
|
author: daffainfo
|
||||||
severity: high
|
severity: high
|
||||||
description: |
|
description: |
|
||||||
Bash is a Unix shell and command language written by Brian Fox for the GNU Project as a free software replacement for the Bourne shell. The shell's name is an acronym for Bourne Again Shell, a pun on the name of the Bourne shell that it replaces and the notion of being born again.
|
Bash is a Unix shell and command language written by Brian Fox for the GNU Project as a free software replacement for the Bourne shell. The shell's name is an acronym for Bourne Again Shell, a pun on the name of the Bourne shell that it replaces and the notion of being born again.
|
||||||
reference:
|
reference:
|
||||||
- https://gtfobins.github.io/gtfobins/bash/
|
- https://gtfobins.github.io/gtfobins/bash/
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
|
max-request: 3
|
||||||
tags: code,linux,bash,privesc
|
tags: code,linux,bash,privesc
|
||||||
|
|
||||||
self-contained: true
|
self-contained: true
|
||||||
|
|
|
@ -10,6 +10,7 @@ info:
|
||||||
- https://gtfobins.github.io/gtfobins/cdist/
|
- https://gtfobins.github.io/gtfobins/cdist/
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
|
max-request: 3
|
||||||
tags: code,linux,cdist,privesc
|
tags: code,linux,cdist,privesc
|
||||||
|
|
||||||
self-contained: true
|
self-contained: true
|
||||||
|
|
|
@ -9,6 +9,7 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- https://gtfobins.github.io/gtfobins/choom/
|
- https://gtfobins.github.io/gtfobins/choom/
|
||||||
metadata:
|
metadata:
|
||||||
|
max-request: 3
|
||||||
verified: true
|
verified: true
|
||||||
tags: code,linux,choom,privesc
|
tags: code,linux,choom,privesc
|
||||||
|
|
||||||
|
|
|
@ -10,6 +10,7 @@ info:
|
||||||
- https://gtfobins.github.io/gtfobins/cpulimit/
|
- https://gtfobins.github.io/gtfobins/cpulimit/
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
|
max-request: 3
|
||||||
tags: code,linux,cpulimit,privesc
|
tags: code,linux,cpulimit,privesc
|
||||||
|
|
||||||
self-contained: true
|
self-contained: true
|
||||||
|
|
|
@ -10,6 +10,7 @@ info:
|
||||||
- https://gtfobins.github.io/gtfobins/csh/
|
- https://gtfobins.github.io/gtfobins/csh/
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
|
max-request: 3
|
||||||
tags: code,linux,csh,privesc
|
tags: code,linux,csh,privesc
|
||||||
|
|
||||||
self-contained: true
|
self-contained: true
|
||||||
|
|
|
@ -10,6 +10,7 @@ info:
|
||||||
- https://gtfobins.github.io/gtfobins/csvtool/
|
- https://gtfobins.github.io/gtfobins/csvtool/
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
|
max-request: 3
|
||||||
tags: code,linux,csvtool,privesc
|
tags: code,linux,csvtool,privesc
|
||||||
|
|
||||||
self-contained: true
|
self-contained: true
|
||||||
|
|
|
@ -10,6 +10,7 @@ info:
|
||||||
- https://gtfobins.github.io/gtfobins/dash/
|
- https://gtfobins.github.io/gtfobins/dash/
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
|
max-request: 3
|
||||||
tags: code,linux,dash,privesc
|
tags: code,linux,dash,privesc
|
||||||
|
|
||||||
self-contained: true
|
self-contained: true
|
||||||
|
|
|
@ -10,6 +10,7 @@ info:
|
||||||
- https://gtfobins.github.io/gtfobins/dc/
|
- https://gtfobins.github.io/gtfobins/dc/
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
|
max-request: 3
|
||||||
tags: code,linux,dc,privesc
|
tags: code,linux,dc,privesc
|
||||||
|
|
||||||
self-contained: true
|
self-contained: true
|
||||||
|
|
|
@ -10,6 +10,7 @@ info:
|
||||||
- https://gtfobins.github.io/gtfobins/distcc/
|
- https://gtfobins.github.io/gtfobins/distcc/
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
|
max-request: 3
|
||||||
tags: code,linux,distcc,privesc
|
tags: code,linux,distcc,privesc
|
||||||
|
|
||||||
self-contained: true
|
self-contained: true
|
||||||
|
|
|
@ -10,6 +10,7 @@ info:
|
||||||
- https://gtfobins.github.io/gtfobins/elvish/
|
- https://gtfobins.github.io/gtfobins/elvish/
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
|
max-request: 3
|
||||||
tags: code,linux,elvish,privesc
|
tags: code,linux,elvish,privesc
|
||||||
|
|
||||||
self-contained: true
|
self-contained: true
|
||||||
|
|
|
@ -10,6 +10,7 @@ info:
|
||||||
- https://gtfobins.github.io/gtfobins/enscript/
|
- https://gtfobins.github.io/gtfobins/enscript/
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
|
max-request: 3
|
||||||
tags: code,linux,enscript,privesc
|
tags: code,linux,enscript,privesc
|
||||||
|
|
||||||
self-contained: true
|
self-contained: true
|
||||||
|
|
|
@ -10,6 +10,7 @@ info:
|
||||||
- https://gtfobins.github.io/gtfobins/env/
|
- https://gtfobins.github.io/gtfobins/env/
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
|
max-request: 3
|
||||||
tags: code,linux,env,privesc
|
tags: code,linux,env,privesc
|
||||||
|
|
||||||
self-contained: true
|
self-contained: true
|
||||||
|
|
|
@ -10,6 +10,7 @@ info:
|
||||||
- https://gtfobins.github.io/gtfobins/expect/
|
- https://gtfobins.github.io/gtfobins/expect/
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
|
max-request: 3
|
||||||
tags: code,linux,expect,privesc
|
tags: code,linux,expect,privesc
|
||||||
|
|
||||||
self-contained: true
|
self-contained: true
|
||||||
|
|
|
@ -9,6 +9,7 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- https://gtfobins.github.io/gtfobins/find/
|
- https://gtfobins.github.io/gtfobins/find/
|
||||||
metadata:
|
metadata:
|
||||||
|
max-request: 3
|
||||||
verified: true
|
verified: true
|
||||||
tags: code,linux,find,privesc
|
tags: code,linux,find,privesc
|
||||||
|
|
||||||
|
|
|
@ -10,6 +10,7 @@ info:
|
||||||
- https://gtfobins.github.io/gtfobins/fish/
|
- https://gtfobins.github.io/gtfobins/fish/
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
|
max-request: 3
|
||||||
tags: code,linux,fish,privesc
|
tags: code,linux,fish,privesc
|
||||||
|
|
||||||
self-contained: true
|
self-contained: true
|
||||||
|
|
|
@ -10,6 +10,7 @@ info:
|
||||||
- https://gtfobins.github.io/gtfobins/flock/
|
- https://gtfobins.github.io/gtfobins/flock/
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
|
max-request: 3
|
||||||
tags: code,linux,flock,privesc
|
tags: code,linux,flock,privesc
|
||||||
|
|
||||||
self-contained: true
|
self-contained: true
|
||||||
|
|
|
@ -10,6 +10,7 @@ info:
|
||||||
- https://gtfobins.github.io/gtfobins/gawk/
|
- https://gtfobins.github.io/gtfobins/gawk/
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
|
max-request: 3
|
||||||
tags: code,linux,gawk,privesc
|
tags: code,linux,gawk,privesc
|
||||||
|
|
||||||
self-contained: true
|
self-contained: true
|
||||||
|
|
|
@ -10,6 +10,7 @@ info:
|
||||||
- https://gtfobins.github.io/gtfobins/grc/
|
- https://gtfobins.github.io/gtfobins/grc/
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
|
max-request: 3
|
||||||
tags: code,linux,grc,privesc
|
tags: code,linux,grc,privesc
|
||||||
|
|
||||||
self-contained: true
|
self-contained: true
|
||||||
|
|
|
@ -10,6 +10,7 @@ info:
|
||||||
- https://gtfobins.github.io/gtfobins/ionice/
|
- https://gtfobins.github.io/gtfobins/ionice/
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
|
max-request: 3
|
||||||
tags: code,linux,ionice,privesc
|
tags: code,linux,ionice,privesc
|
||||||
|
|
||||||
self-contained: true
|
self-contained: true
|
||||||
|
|
|
@ -10,6 +10,7 @@ info:
|
||||||
- https://gtfobins.github.io/gtfobins/julia/
|
- https://gtfobins.github.io/gtfobins/julia/
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
|
max-request: 3
|
||||||
tags: code,linux,julia,privesc
|
tags: code,linux,julia,privesc
|
||||||
|
|
||||||
self-contained: true
|
self-contained: true
|
||||||
|
|
|
@ -10,6 +10,7 @@ info:
|
||||||
- https://gtfobins.github.io/gtfobins/lftp/
|
- https://gtfobins.github.io/gtfobins/lftp/
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
|
max-request: 3
|
||||||
tags: code,linux,lftp,privesc
|
tags: code,linux,lftp,privesc
|
||||||
|
|
||||||
self-contained: true
|
self-contained: true
|
||||||
|
|
|
@ -10,6 +10,7 @@ info:
|
||||||
- https://gtfobins.github.io/gtfobins/ltrace/
|
- https://gtfobins.github.io/gtfobins/ltrace/
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
|
max-request: 3
|
||||||
tags: code,linux,ltrace,privesc
|
tags: code,linux,ltrace,privesc
|
||||||
|
|
||||||
self-contained: true
|
self-contained: true
|
||||||
|
|
|
@ -9,6 +9,7 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- https://gtfobins.github.io/gtfobins/lua/
|
- https://gtfobins.github.io/gtfobins/lua/
|
||||||
metadata:
|
metadata:
|
||||||
|
max-request: 3
|
||||||
verified: true
|
verified: true
|
||||||
tags: code,linux,lua,privesc
|
tags: code,linux,lua,privesc
|
||||||
|
|
||||||
|
|
|
@ -10,6 +10,7 @@ info:
|
||||||
- https://gtfobins.github.io/gtfobins/mawk/
|
- https://gtfobins.github.io/gtfobins/mawk/
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
|
max-request: 3
|
||||||
tags: code,linux,mawk,privesc
|
tags: code,linux,mawk,privesc
|
||||||
|
|
||||||
self-contained: true
|
self-contained: true
|
||||||
|
|
|
@ -10,6 +10,7 @@ info:
|
||||||
- https://gtfobins.github.io/gtfobins/multitime/
|
- https://gtfobins.github.io/gtfobins/multitime/
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
|
max-request: 3
|
||||||
tags: code,linux,multitime,privesc
|
tags: code,linux,multitime,privesc
|
||||||
|
|
||||||
self-contained: true
|
self-contained: true
|
||||||
|
|
|
@ -9,6 +9,7 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- https://gtfobins.github.io/gtfobins/mysql/
|
- https://gtfobins.github.io/gtfobins/mysql/
|
||||||
metadata:
|
metadata:
|
||||||
|
max-request: 3
|
||||||
verified: true
|
verified: true
|
||||||
tags: code,linux,mysql,privesc
|
tags: code,linux,mysql,privesc
|
||||||
|
|
||||||
|
|
|
@ -10,6 +10,7 @@ info:
|
||||||
- https://gtfobins.github.io/gtfobins/nawk/
|
- https://gtfobins.github.io/gtfobins/nawk/
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
|
max-request: 3
|
||||||
tags: code,linux,nawk,privesc
|
tags: code,linux,nawk,privesc
|
||||||
|
|
||||||
self-contained: true
|
self-contained: true
|
||||||
|
|
|
@ -10,6 +10,7 @@ info:
|
||||||
- https://gtfobins.github.io/gtfobins/nice/
|
- https://gtfobins.github.io/gtfobins/nice/
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
|
max-request: 3
|
||||||
tags: code,linux,nice,privesc
|
tags: code,linux,nice,privesc
|
||||||
|
|
||||||
self-contained: true
|
self-contained: true
|
||||||
|
|
|
@ -9,6 +9,7 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- https://gtfobins.github.io/gtfobins/node/
|
- https://gtfobins.github.io/gtfobins/node/
|
||||||
metadata:
|
metadata:
|
||||||
|
max-request: 4
|
||||||
verified: true
|
verified: true
|
||||||
tags: code,linux,node,privesc
|
tags: code,linux,node,privesc
|
||||||
|
|
||||||
|
|
|
@ -10,6 +10,7 @@ info:
|
||||||
- https://gtfobins.github.io/gtfobins/nsenter/
|
- https://gtfobins.github.io/gtfobins/nsenter/
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
|
max-request: 3
|
||||||
tags: code,linux,nsenter,privesc
|
tags: code,linux,nsenter,privesc
|
||||||
|
|
||||||
self-contained: true
|
self-contained: true
|
||||||
|
|
|
@ -10,6 +10,7 @@ info:
|
||||||
- https://gtfobins.github.io/gtfobins/perl/
|
- https://gtfobins.github.io/gtfobins/perl/
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
|
max-request: 4
|
||||||
tags: code,linux,perl,privesc
|
tags: code,linux,perl,privesc
|
||||||
|
|
||||||
self-contained: true
|
self-contained: true
|
||||||
|
|
|
@ -10,6 +10,7 @@ info:
|
||||||
https://gtfobins.github.io/gtfobins/pexec/
|
https://gtfobins.github.io/gtfobins/pexec/
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
|
max-request: 3
|
||||||
tags: code,linux,pexec,privesc
|
tags: code,linux,pexec,privesc
|
||||||
|
|
||||||
self-contained: true
|
self-contained: true
|
||||||
|
|
|
@ -10,6 +10,7 @@ info:
|
||||||
- https://gtfobins.github.io/gtfobins/php/
|
- https://gtfobins.github.io/gtfobins/php/
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
|
max-request: 4
|
||||||
tags: code,linux,php,privesc
|
tags: code,linux,php,privesc
|
||||||
|
|
||||||
self-contained: true
|
self-contained: true
|
||||||
|
|
|
@ -10,6 +10,7 @@ info:
|
||||||
- https://gtfobins.github.io/gtfobins/posh/
|
- https://gtfobins.github.io/gtfobins/posh/
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
|
max-request: 3
|
||||||
tags: code,linux,posh,privesc
|
tags: code,linux,posh,privesc
|
||||||
|
|
||||||
self-contained: true
|
self-contained: true
|
||||||
|
|
|
@ -10,6 +10,7 @@ info:
|
||||||
- https://gtfobins.github.io/gtfobins/python/
|
- https://gtfobins.github.io/gtfobins/python/
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
|
max-request: 4
|
||||||
tags: code,linux,php,privesc
|
tags: code,linux,php,privesc
|
||||||
|
|
||||||
self-contained: true
|
self-contained: true
|
||||||
|
|
|
@ -10,6 +10,7 @@ info:
|
||||||
- https://gtfobins.github.io/gtfobins/rake/
|
- https://gtfobins.github.io/gtfobins/rake/
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
|
max-request: 3
|
||||||
tags: code,linux,rake,privesc
|
tags: code,linux,rake,privesc
|
||||||
|
|
||||||
self-contained: true
|
self-contained: true
|
||||||
|
|
|
@ -9,6 +9,7 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- https://gtfobins.github.io/gtfobins/rc/
|
- https://gtfobins.github.io/gtfobins/rc/
|
||||||
metadata:
|
metadata:
|
||||||
|
max-request: 3
|
||||||
verified: true
|
verified: true
|
||||||
tags: code,linux,rc,privesc
|
tags: code,linux,rc,privesc
|
||||||
|
|
||||||
|
|
|
@ -10,6 +10,7 @@ info:
|
||||||
- https://gtfobins.github.io/gtfobins/rlwrap/
|
- https://gtfobins.github.io/gtfobins/rlwrap/
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
|
max-request: 3
|
||||||
tags: code,linux,rlwrap,privesc
|
tags: code,linux,rlwrap,privesc
|
||||||
|
|
||||||
self-contained: true
|
self-contained: true
|
||||||
|
|
|
@ -10,6 +10,7 @@ info:
|
||||||
- https://gtfobins.github.io/gtfobins/rpm/
|
- https://gtfobins.github.io/gtfobins/rpm/
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
|
max-request: 3
|
||||||
tags: code,linux,rpm,privesc
|
tags: code,linux,rpm,privesc
|
||||||
|
|
||||||
self-contained: true
|
self-contained: true
|
||||||
|
|
|
@ -10,6 +10,7 @@ info:
|
||||||
- https://gtfobins.github.io/gtfobins/rpmdb/
|
- https://gtfobins.github.io/gtfobins/rpmdb/
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
|
max-request: 3
|
||||||
tags: code,linux,rpmdb,privesc
|
tags: code,linux,rpmdb,privesc
|
||||||
|
|
||||||
self-contained: true
|
self-contained: true
|
||||||
|
|
|
@ -10,6 +10,7 @@ info:
|
||||||
- https://gtfobins.github.io/gtfobins/rpmverify/
|
- https://gtfobins.github.io/gtfobins/rpmverify/
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
|
max-request: 3
|
||||||
tags: code,linux,rpmverify,privesc
|
tags: code,linux,rpmverify,privesc
|
||||||
|
|
||||||
self-contained: true
|
self-contained: true
|
||||||
|
|
|
@ -10,6 +10,7 @@ info:
|
||||||
- https://gtfobins.github.io/gtfobins/ruby/
|
- https://gtfobins.github.io/gtfobins/ruby/
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
|
max-request: 4
|
||||||
tags: code,linux,ruby,privesc
|
tags: code,linux,ruby,privesc
|
||||||
|
|
||||||
self-contained: true
|
self-contained: true
|
||||||
|
|
|
@ -8,6 +8,7 @@ info:
|
||||||
The run-parts command in Linux is used to run all the executable files in a directory. It is commonly used for running scripts or commands located in a specific directory, such as system maintenance scripts in /etc/cron.daily. The run-parts command provides a convenient way to execute multiple scripts or commands in a batch manner.
|
The run-parts command in Linux is used to run all the executable files in a directory. It is commonly used for running scripts or commands located in a specific directory, such as system maintenance scripts in /etc/cron.daily. The run-parts command provides a convenient way to execute multiple scripts or commands in a batch manner.
|
||||||
reference: https://gtfobins.github.io/gtfobins/run-parts/
|
reference: https://gtfobins.github.io/gtfobins/run-parts/
|
||||||
metadata:
|
metadata:
|
||||||
|
max-request: 3
|
||||||
verified: true
|
verified: true
|
||||||
tags: code,linux,run-parts,privesc
|
tags: code,linux,run-parts,privesc
|
||||||
|
|
||||||
|
|
|
@ -10,6 +10,7 @@ info:
|
||||||
- https://gtfobins.github.io/gtfobins/sash/
|
- https://gtfobins.github.io/gtfobins/sash/
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
|
max-request: 3
|
||||||
tags: code,linux,sash,privesc
|
tags: code,linux,sash,privesc
|
||||||
|
|
||||||
self-contained: true
|
self-contained: true
|
||||||
|
|
|
@ -10,6 +10,7 @@ info:
|
||||||
- https://gtfobins.github.io/gtfobins/slsh/
|
- https://gtfobins.github.io/gtfobins/slsh/
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
|
max-request: 3
|
||||||
tags: code,linux,slsh,privesc
|
tags: code,linux,slsh,privesc
|
||||||
|
|
||||||
self-contained: true
|
self-contained: true
|
||||||
|
|
|
@ -10,6 +10,7 @@ info:
|
||||||
- https://gtfobins.github.io/gtfobins/socat/
|
- https://gtfobins.github.io/gtfobins/socat/
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
|
max-request: 3
|
||||||
tags: code,linux,socat,privesc
|
tags: code,linux,socat,privesc
|
||||||
|
|
||||||
self-contained: true
|
self-contained: true
|
||||||
|
|
|
@ -10,6 +10,7 @@ info:
|
||||||
- https://gtfobins.github.io/gtfobins/softlimit/
|
- https://gtfobins.github.io/gtfobins/softlimit/
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
|
max-request: 3
|
||||||
tags: code,linux,softlimit,privesc
|
tags: code,linux,softlimit,privesc
|
||||||
|
|
||||||
self-contained: true
|
self-contained: true
|
||||||
|
|
|
@ -10,6 +10,7 @@ info:
|
||||||
- https://gtfobins.github.io/gtfobins/sqlite3/
|
- https://gtfobins.github.io/gtfobins/sqlite3/
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
|
max-request: 3
|
||||||
tags: code,linux,sqlite3,privesc
|
tags: code,linux,sqlite3,privesc
|
||||||
|
|
||||||
self-contained: true
|
self-contained: true
|
||||||
|
|
|
@ -10,6 +10,7 @@ info:
|
||||||
- https://gtfobins.github.io/gtfobins/ssh-agent/
|
- https://gtfobins.github.io/gtfobins/ssh-agent/
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
|
max-request: 3
|
||||||
tags: code,linux,ssh-agent,privesc
|
tags: code,linux,ssh-agent,privesc
|
||||||
|
|
||||||
self-contained: true
|
self-contained: true
|
||||||
|
|
|
@ -10,6 +10,7 @@ info:
|
||||||
- https://gtfobins.github.io/gtfobins/sshpass/
|
- https://gtfobins.github.io/gtfobins/sshpass/
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
|
max-request: 3
|
||||||
tags: code,linux,sshpass,privesc
|
tags: code,linux,sshpass,privesc
|
||||||
|
|
||||||
self-contained: true
|
self-contained: true
|
||||||
|
|
|
@ -10,6 +10,7 @@ info:
|
||||||
- https://gtfobins.github.io/gtfobins/stdbuf/
|
- https://gtfobins.github.io/gtfobins/stdbuf/
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
|
max-request: 3
|
||||||
tags: code,linux,stdbuf,privesc
|
tags: code,linux,stdbuf,privesc
|
||||||
|
|
||||||
self-contained: true
|
self-contained: true
|
||||||
|
|
|
@ -9,6 +9,7 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- https://gtfobins.github.io/gtfobins/strace/
|
- https://gtfobins.github.io/gtfobins/strace/
|
||||||
metadata:
|
metadata:
|
||||||
|
max-request: 3
|
||||||
verified: true
|
verified: true
|
||||||
tags: code,linux,strace,privesc
|
tags: code,linux,strace,privesc
|
||||||
|
|
||||||
|
|
|
@ -10,6 +10,7 @@ info:
|
||||||
- https://gtfobins.github.io/gtfobins/tar/
|
- https://gtfobins.github.io/gtfobins/tar/
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
|
max-request: 3
|
||||||
tags: code,linux,tar,privesc
|
tags: code,linux,tar,privesc
|
||||||
|
|
||||||
self-contained: true
|
self-contained: true
|
||||||
|
|
|
@ -10,6 +10,7 @@ info:
|
||||||
- https://gtfobins.github.io/gtfobins/tcsh/
|
- https://gtfobins.github.io/gtfobins/tcsh/
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
|
max-request: 3
|
||||||
tags: code,linux,tcsh,privesc
|
tags: code,linux,tcsh,privesc
|
||||||
|
|
||||||
self-contained: true
|
self-contained: true
|
||||||
|
|
|
@ -10,6 +10,7 @@ info:
|
||||||
- https://gtfobins.github.io/gtfobins/time/
|
- https://gtfobins.github.io/gtfobins/time/
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
|
max-request: 3
|
||||||
tags: code,linux,time,privesc
|
tags: code,linux,time,privesc
|
||||||
|
|
||||||
self-contained: true
|
self-contained: true
|
||||||
|
|
|
@ -10,6 +10,7 @@ info:
|
||||||
- https://gtfobins.github.io/gtfobins/timeout/
|
- https://gtfobins.github.io/gtfobins/timeout/
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
|
max-request: 3
|
||||||
tags: code,linux,timeout,privesc
|
tags: code,linux,timeout,privesc
|
||||||
|
|
||||||
self-contained: true
|
self-contained: true
|
||||||
|
|
|
@ -10,6 +10,7 @@ info:
|
||||||
- https://gtfobins.github.io/gtfobins/tmate/
|
- https://gtfobins.github.io/gtfobins/tmate/
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
|
max-request: 3
|
||||||
tags: code,linux,tmate,privesc
|
tags: code,linux,tmate,privesc
|
||||||
|
|
||||||
self-contained: true
|
self-contained: true
|
||||||
|
|
|
@ -9,6 +9,7 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- https://gtfobins.github.io/gtfobins/torify/
|
- https://gtfobins.github.io/gtfobins/torify/
|
||||||
metadata:
|
metadata:
|
||||||
|
max-request: 3
|
||||||
verified: true
|
verified: true
|
||||||
tags: code,linux,torify,privesc
|
tags: code,linux,torify,privesc
|
||||||
|
|
||||||
|
|
|
@ -10,6 +10,7 @@ info:
|
||||||
- https://gtfobins.github.io/gtfobins/torsocks/
|
- https://gtfobins.github.io/gtfobins/torsocks/
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
|
max-request: 3
|
||||||
tags: code,linux,torsocks,privesc
|
tags: code,linux,torsocks,privesc
|
||||||
|
|
||||||
self-contained: true
|
self-contained: true
|
||||||
|
|
|
@ -10,6 +10,7 @@ info:
|
||||||
- https://gtfobins.github.io/gtfobins/unshare/
|
- https://gtfobins.github.io/gtfobins/unshare/
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
|
max-request: 3
|
||||||
tags: code,linux,unshare,privesc
|
tags: code,linux,unshare,privesc
|
||||||
|
|
||||||
self-contained: true
|
self-contained: true
|
||||||
|
|
|
@ -10,6 +10,7 @@ info:
|
||||||
- https://gtfobins.github.io/gtfobins/vi/
|
- https://gtfobins.github.io/gtfobins/vi/
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
|
max-request: 3
|
||||||
tags: code,linux,vi,privesc
|
tags: code,linux,vi,privesc
|
||||||
|
|
||||||
self-contained: true
|
self-contained: true
|
||||||
|
|
|
@ -9,6 +9,7 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- https://gtfobins.github.io/gtfobins/view/
|
- https://gtfobins.github.io/gtfobins/view/
|
||||||
metadata:
|
metadata:
|
||||||
|
max-request: 3
|
||||||
verified: true
|
verified: true
|
||||||
tags: code,linux,view,privesc
|
tags: code,linux,view,privesc
|
||||||
|
|
||||||
|
|
|
@ -10,6 +10,7 @@ info:
|
||||||
- https://gtfobins.github.io/gtfobins/vim/
|
- https://gtfobins.github.io/gtfobins/vim/
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
|
max-request: 3
|
||||||
tags: code,linux,vim,privesc
|
tags: code,linux,vim,privesc
|
||||||
|
|
||||||
self-contained: true
|
self-contained: true
|
||||||
|
|
|
@ -9,6 +9,7 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- https://gtfobins.github.io/gtfobins/xargs/
|
- https://gtfobins.github.io/gtfobins/xargs/
|
||||||
metadata:
|
metadata:
|
||||||
|
max-request: 3
|
||||||
verified: true
|
verified: true
|
||||||
tags: code,linux,xargs,privesc
|
tags: code,linux,xargs,privesc
|
||||||
|
|
||||||
|
|
|
@ -10,6 +10,7 @@ info:
|
||||||
- https://gtfobins.github.io/gtfobins/xdg-user-dir/
|
- https://gtfobins.github.io/gtfobins/xdg-user-dir/
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
|
max-request: 3
|
||||||
tags: code,linux,xdg-user-dir,privesc
|
tags: code,linux,xdg-user-dir,privesc
|
||||||
|
|
||||||
self-contained: true
|
self-contained: true
|
||||||
|
|
|
@ -10,6 +10,7 @@ info:
|
||||||
- https://gtfobins.github.io/gtfobins/yash/
|
- https://gtfobins.github.io/gtfobins/yash/
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
|
max-request: 3
|
||||||
tags: code,linux,yash,privesc
|
tags: code,linux,yash,privesc
|
||||||
|
|
||||||
self-contained: true
|
self-contained: true
|
||||||
|
|
|
@ -10,6 +10,7 @@ info:
|
||||||
- https://gtfobins.github.io/gtfobins/zsh/
|
- https://gtfobins.github.io/gtfobins/zsh/
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
|
max-request: 3
|
||||||
tags: code,linux,zsh,privesc
|
tags: code,linux,zsh,privesc
|
||||||
|
|
||||||
self-contained: true
|
self-contained: true
|
||||||
|
|
|
@ -7,6 +7,7 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- https://book.hacktricks.xyz/linux-hardening/privilege-escalation#writable-etc-shadow
|
- https://book.hacktricks.xyz/linux-hardening/privilege-escalation#writable-etc-shadow
|
||||||
metadata:
|
metadata:
|
||||||
|
max-request: 2
|
||||||
verified: true
|
verified: true
|
||||||
tags: code,linux,privesc
|
tags: code,linux,privesc
|
||||||
|
|
||||||
|
|
|
@ -8,6 +8,7 @@ info:
|
||||||
- https://book.hacktricks.xyz/linux-hardening/privilege-escalation#etc-sudoers-etc-sudoers.d
|
- https://book.hacktricks.xyz/linux-hardening/privilege-escalation#etc-sudoers-etc-sudoers.d
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
|
max-request: 2
|
||||||
tags: code,linux,privesc
|
tags: code,linux,privesc
|
||||||
|
|
||||||
self-contained: true
|
self-contained: true
|
||||||
|
|
|
@ -16,6 +16,7 @@ info:
|
||||||
cwe-id: CWE-350
|
cwe-id: CWE-350
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
|
max-request: 2
|
||||||
tags: redirect,dns,network
|
tags: redirect,dns,network
|
||||||
|
|
||||||
dns:
|
dns:
|
||||||
|
|
|
@ -13,7 +13,7 @@ info:
|
||||||
classification:
|
classification:
|
||||||
cve-id: CVE-2018-10942
|
cve-id: CVE-2018-10942
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 2
|
max-request: 8
|
||||||
tags: prestashop,attributewizardpro,intrusive,file-upload
|
tags: prestashop,attributewizardpro,intrusive,file-upload
|
||||||
|
|
||||||
variables:
|
variables:
|
||||||
|
|
|
@ -6,25 +6,26 @@ info:
|
||||||
severity: medium
|
severity: medium
|
||||||
description: |
|
description: |
|
||||||
A flaw was found in keycloak in versions prior to 13.0.0. The client registration endpoint allows fetching information about PUBLIC clients (like client secret) without authentication which could be an issue if the same PUBLIC client changed to CONFIDENTIAL later. The highest threat from this vulnerability is to data confidentiality.
|
A flaw was found in keycloak in versions prior to 13.0.0. The client registration endpoint allows fetching information about PUBLIC clients (like client secret) without authentication which could be an issue if the same PUBLIC client changed to CONFIDENTIAL later. The highest threat from this vulnerability is to data confidentiality.
|
||||||
|
reference:
|
||||||
|
- https://bugzilla.redhat.com/show_bug.cgi?id=1906797
|
||||||
|
- https://nvd.nist.gov/vuln/detail/CVE-2020-27838
|
||||||
impact: |
|
impact: |
|
||||||
The vulnerability allows an attacker to gain sensitive information from the KeyCloak server.
|
The vulnerability allows an attacker to gain sensitive information from the KeyCloak server.
|
||||||
remediation: |
|
remediation: |
|
||||||
Apply the latest security patches or updates provided by the KeyCloak vendor.
|
Apply the latest security patches or updates provided by the KeyCloak vendor.
|
||||||
reference:
|
|
||||||
- https://bugzilla.redhat.com/show_bug.cgi?id=1906797
|
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2020-27838
|
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
|
||||||
cvss-score: 6.5
|
cvss-score: 6.5
|
||||||
cve-id: CVE-2020-27838
|
cve-id: CVE-2020-27838
|
||||||
cwe-id: CWE-287
|
cwe-id: CWE-287
|
||||||
|
cpe: cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*
|
||||||
epss-score: 0.00154
|
epss-score: 0.00154
|
||||||
epss-percentile: 0.5163
|
epss-percentile: 0.5163
|
||||||
cpe: cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*
|
|
||||||
metadata:
|
metadata:
|
||||||
vendor: redhat
|
vendor: redhat
|
||||||
product: keycloak
|
product: keycloak
|
||||||
shodan-query: title:"keycloak"
|
shodan-query: "title:\"keycloak\""
|
||||||
|
max-request: 1
|
||||||
tags: cve,cve2020,keyclock,exposure
|
tags: cve,cve2020,keyclock,exposure
|
||||||
|
|
||||||
http:
|
http:
|
||||||
|
|
|
@ -17,14 +17,15 @@ info:
|
||||||
cvss-score: 7.5
|
cvss-score: 7.5
|
||||||
cve-id: CVE-2022-47501
|
cve-id: CVE-2022-47501
|
||||||
cwe-id: CWE-22
|
cwe-id: CWE-22
|
||||||
|
cpe: cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*
|
||||||
epss-score: 0.00183
|
epss-score: 0.00183
|
||||||
epss-percentile: 0.55601
|
epss-percentile: 0.55601
|
||||||
cpe: cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*
|
|
||||||
metadata:
|
metadata:
|
||||||
vendor: apache
|
|
||||||
product: ofbiz
|
product: ofbiz
|
||||||
shodan-query: html:"OFBiz"
|
shodan-query: "html:\"OFBiz\""
|
||||||
fofa-query: app="Apache_OFBiz"
|
fofa-query: "app=\"Apache_OFBiz\""
|
||||||
|
max-request: 2
|
||||||
|
vendor: apache
|
||||||
tags: cve,cve2022,apache,ofbiz,lfi
|
tags: cve,cve2022,apache,ofbiz,lfi
|
||||||
|
|
||||||
http:
|
http:
|
||||||
|
|
|
@ -16,8 +16,9 @@ info:
|
||||||
cpe: cpe:2.3:a:ivanti:connect_secure:9.0:*:*:*:*:*:*:*
|
cpe: cpe:2.3:a:ivanti:connect_secure:9.0:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
vendor: ivanti
|
vendor: ivanti
|
||||||
product: connect_secure
|
product: "connect_secure"
|
||||||
shodan-query: html:"welcome.cgi?p=logo"
|
shodan-query: "html:\"welcome.cgi?p=logo\""
|
||||||
|
max-request: 1
|
||||||
tags: cve,cve2023,kev,auth-bypass,ivanti
|
tags: cve,cve2023,kev,auth-bypass,ivanti
|
||||||
|
|
||||||
http:
|
http:
|
||||||
|
|
|
@ -14,12 +14,12 @@ info:
|
||||||
cvss-score: 8.6
|
cvss-score: 8.6
|
||||||
cve-id: CVE-2023-47211
|
cve-id: CVE-2023-47211
|
||||||
cwe-id: CWE-22
|
cwe-id: CWE-22
|
||||||
epss-score: 0.000610000
|
|
||||||
epss-percentile: 0.238320000
|
|
||||||
cpe: cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:*:*:*:*:*:*:*:*
|
cpe: cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:*:*:*:*:*:*:*:*
|
||||||
|
epss-score: 0.00061
|
||||||
|
epss-percentile: 0.23832
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 3
|
||||||
shodan-query: http.title:"OpManager Plus"
|
shodan-query: "http.title:\"OpManager Plus\""
|
||||||
tags: cve,cve2023,zoho,manageengine,authenticated,traversal,lfi
|
tags: cve,cve2023,zoho,manageengine,authenticated,traversal,lfi
|
||||||
|
|
||||||
http:
|
http:
|
||||||
|
|
|
@ -7,15 +7,16 @@ info:
|
||||||
description: |
|
description: |
|
||||||
Exposure of Sensitive Information to an Unauthorized Actor Vulnerability in Apache Solr.
|
Exposure of Sensitive Information to an Unauthorized Actor Vulnerability in Apache Solr.
|
||||||
The Solr Metrics API publishes all unprotected environment variables available to each Apache Solr instance. Users can specify which environment variables to hide, however, the default list is designed to work for known secret Java system properties. Environment variables cannot be strictly defined in Solr, like Java system properties can be, and may be set for the entire host,unlike Java system properties which are set per-Java-proccess.
|
The Solr Metrics API publishes all unprotected environment variables available to each Apache Solr instance. Users can specify which environment variables to hide, however, the default list is designed to work for known secret Java system properties. Environment variables cannot be strictly defined in Solr, like Java system properties can be, and may be set for the entire host,unlike Java system properties which are set per-Java-proccess.
|
||||||
impact: |
|
|
||||||
This vulnerability can lead to the exposure of sensitive information, potentially allowing an attacker to gain unauthorized access or perform further attacks.
|
|
||||||
remediation: Users are recommended to upgrade to version 9.3.0 or later, in which environment variables are not published via the Metrics API.
|
|
||||||
reference:
|
reference:
|
||||||
- https://solr.apache.org/security.html#cve-2023-50290-apache-solr-allows-read-access-to-host-environment-variables
|
- https://solr.apache.org/security.html#cve-2023-50290-apache-solr-allows-read-access-to-host-environment-variables
|
||||||
- https://x.com/sirifu4k1/status/1746755165066236216?s=20
|
- https://x.com/sirifu4k1/status/1746755165066236216?s=20
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2023-50290
|
- https://nvd.nist.gov/vuln/detail/CVE-2023-50290
|
||||||
|
impact: |
|
||||||
|
This vulnerability can lead to the exposure of sensitive information, potentially allowing an attacker to gain unauthorized access or perform further attacks.
|
||||||
|
remediation: Users are recommended to upgrade to version 9.3.0 or later, in which environment variables are not published via the Metrics API.
|
||||||
metadata:
|
metadata:
|
||||||
shodan-query: title:"Apache Solr"
|
shodan-query: "title:\"Apache Solr\""
|
||||||
|
max-request: 1
|
||||||
tags: cve,cve2023,apache,solr,exposure
|
tags: cve,cve2023,apache,solr,exposure
|
||||||
|
|
||||||
http:
|
http:
|
||||||
|
|
|
@ -18,7 +18,7 @@ info:
|
||||||
cvss-score: 9.8
|
cvss-score: 9.8
|
||||||
cve-id: CVE-2023-6875
|
cve-id: CVE-2023-6875
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 3
|
||||||
verified: true
|
verified: true
|
||||||
publicwww-query: "/wp-content/plugins/post-smtp"
|
publicwww-query: "/wp-content/plugins/post-smtp"
|
||||||
tags: cve,cve2023,wp,wp-plugin,wordpress,smtp,mailer,auth-bypass
|
tags: cve,cve2023,wp,wp-plugin,wordpress,smtp,mailer,auth-bypass
|
||||||
|
|
|
@ -14,9 +14,10 @@ info:
|
||||||
cwe-id: CWE-77
|
cwe-id: CWE-77
|
||||||
cpe: cpe:2.3:a:ivanti:connect_secure:9.0:*:*:*:*:*:*:*
|
cpe: cpe:2.3:a:ivanti:connect_secure:9.0:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
|
shodan-query: "html:\"welcome.cgi?p=logo\""
|
||||||
|
max-request: 1
|
||||||
vendor: ivanti
|
vendor: ivanti
|
||||||
product: connect_secure
|
product: "connect_secure"
|
||||||
shodan-query: html:"welcome.cgi?p=logo"
|
|
||||||
tags: cve,cve2024,kev,rce,ivanti
|
tags: cve,cve2024,kev,rce,ivanti
|
||||||
|
|
||||||
http:
|
http:
|
||||||
|
|
|
@ -5,12 +5,12 @@ info:
|
||||||
author: savik
|
author: savik
|
||||||
severity: critical
|
severity: critical
|
||||||
description: |
|
description: |
|
||||||
Allows attacker to log in and execute RCE on the Node-Red panel using the default credentials.
|
Allows attacker to log in and execute RCE on the Node-Red panel using the default credentials.
|
||||||
reference:
|
reference:
|
||||||
- https://quentinkaiser.be/pentesting/2018/09/07/node-red-rce/
|
- https://quentinkaiser.be/pentesting/2018/09/07/node-red-rce/
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
|
||||||
verified: true
|
verified: true
|
||||||
|
max-request: 1
|
||||||
shodan-query: http.favicon.hash:321591353
|
shodan-query: http.favicon.hash:321591353
|
||||||
tags: default-login,node-red,dashboard
|
tags: default-login,node-red,dashboard
|
||||||
|
|
||||||
|
|
|
@ -9,9 +9,9 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- https://ironmansoftware.com/powershell-universal
|
- https://ironmansoftware.com/powershell-universal
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
|
||||||
shodan-query: html:"PowerShell Universal"
|
|
||||||
verified: true
|
verified: true
|
||||||
|
max-request: 3
|
||||||
|
shodan-query: "html:\"PowerShell Universal\""
|
||||||
tags: default-login,powershell-universal
|
tags: default-login,powershell-universal
|
||||||
|
|
||||||
http:
|
http:
|
||||||
|
|
|
@ -7,8 +7,8 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- http://autoset.net/xe/
|
- http://autoset.net/xe/
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
|
||||||
verified: true
|
verified: true
|
||||||
|
max-request: 1
|
||||||
shodan-query: title:"AutoSet"
|
shodan-query: title:"AutoSet"
|
||||||
tags: tech,php,autoset,apache
|
tags: tech,php,autoset,apache
|
||||||
|
|
||||||
|
|
|
@ -8,7 +8,8 @@ info:
|
||||||
- http://compalex.net/
|
- http://compalex.net/
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
shodan-query: title:"COMPALEX"
|
max-request: 15
|
||||||
|
shodan-query: "title:\"COMPALEX\""
|
||||||
tags: tech,php,compalex,sql
|
tags: tech,php,compalex,sql
|
||||||
|
|
||||||
http:
|
http:
|
||||||
|
|
|
@ -6,8 +6,8 @@ info:
|
||||||
severity: info
|
severity: info
|
||||||
description: Doris panel detection template.
|
description: Doris panel detection template.
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
|
||||||
verified: true
|
verified: true
|
||||||
|
max-request: 1
|
||||||
shodan-query: http.favicon.hash:24048806
|
shodan-query: http.favicon.hash:24048806
|
||||||
tags: doris,panel,login,detect
|
tags: doris,panel,login,detect
|
||||||
|
|
||||||
|
|
|
@ -9,8 +9,8 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- https://github.com/bensheldon/good_job
|
- https://github.com/bensheldon/good_job
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 2
|
|
||||||
verified: true
|
verified: true
|
||||||
|
max-request: 2
|
||||||
tags: unauth,panel,goodjob
|
tags: unauth,panel,goodjob
|
||||||
|
|
||||||
http:
|
http:
|
||||||
|
|
|
@ -9,8 +9,8 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- https://lomnido.com/
|
- https://lomnido.com/
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
|
||||||
verified: true
|
verified: true
|
||||||
|
max-request: 1
|
||||||
shodan-query: http.title:"Lomnido Login"
|
shodan-query: http.title:"Lomnido Login"
|
||||||
tags: lomnido,panel,login,detect
|
tags: lomnido,panel,login,detect
|
||||||
|
|
||||||
|
|
|
@ -9,11 +9,10 @@ info:
|
||||||
- https://securenvoy.com/
|
- https://securenvoy.com/
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||||
cvss-score: 0
|
|
||||||
cwe-id: CWE-200
|
cwe-id: CWE-200
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 4
|
||||||
shodan-query: http.title:"securenvoy"
|
shodan-query: "http.title:\"securenvoy\""
|
||||||
tags: panel,securenvoy
|
tags: panel,securenvoy
|
||||||
|
|
||||||
http:
|
http:
|
||||||
|
|
|
@ -10,8 +10,8 @@ info:
|
||||||
cvss-score: 0
|
cvss-score: 0
|
||||||
cwe-id: CWE-200
|
cwe-id: CWE-200
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 2
|
|
||||||
verified: true
|
verified: true
|
||||||
|
max-request: 2
|
||||||
shodan-query: http.favicon.hash:-919788577
|
shodan-query: http.favicon.hash:-919788577
|
||||||
tags: panel,vault,detect
|
tags: panel,vault,detect
|
||||||
|
|
||||||
|
|
|
@ -6,7 +6,7 @@ info:
|
||||||
severity: medium
|
severity: medium
|
||||||
description: PHP Source File is disclosed to external users.
|
description: PHP Source File is disclosed to external users.
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1222
|
max-request: 1512
|
||||||
tags: exposure,backup,php,disclosure,fuzz
|
tags: exposure,backup,php,disclosure,fuzz
|
||||||
|
|
||||||
http:
|
http:
|
||||||
|
|
|
@ -10,7 +10,7 @@ info:
|
||||||
cvss-score: 5.3
|
cvss-score: 5.3
|
||||||
cwe-id: CWE-200
|
cwe-id: CWE-200
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 6
|
max-request: 7
|
||||||
tags: exposure,backup
|
tags: exposure,backup
|
||||||
|
|
||||||
http:
|
http:
|
||||||
|
|
|
@ -10,7 +10,7 @@ info:
|
||||||
cvss-score: 5.3
|
cvss-score: 5.3
|
||||||
cwe-id: CWE-200
|
cwe-id: CWE-200
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 20
|
max-request: 21
|
||||||
tags: exposure,backup,mysql
|
tags: exposure,backup,mysql
|
||||||
|
|
||||||
http:
|
http:
|
||||||
|
|
|
@ -10,7 +10,7 @@ info:
|
||||||
cvss-score: 5.3
|
cvss-score: 5.3
|
||||||
cwe-id: CWE-200
|
cwe-id: CWE-200
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 650
|
max-request: 1440
|
||||||
tags: exposure,backup
|
tags: exposure,backup
|
||||||
|
|
||||||
http:
|
http:
|
||||||
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue