daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #10724 from projectdiscovery/missing-cpe-tag 

Add missing cpes, vendor and product information
patch-11
Prince Chaddha 2024-09-12 12:11:52 +07:00 committed by GitHub
parent da50c1823e 7d276ebee0
commit 5df3467244
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1077 changed files with 5438 additions and 1153 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
http/cnvd/2020/CNVD-2020-63964.yaml
View File

@ -8,8 +8,12 @@ info:
jshERP that can reveal sensitive information including system credentials without credentials.
reference:
- https://cn-sec.com/archives/1798444.html
classification:
cpe: cpe:2.3:a:jishenghua:jsherp:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: jishenghua
product: jsherp
shodan-query: http.favicon.hash:-1298131932
fofa-query: jshERP-boot
tags: cnvd,cnvd2020,jsherp,disclosure
@ -36,4 +40,5 @@ http:
- type: status
status:
- 200
# digest: 490a00463044022001094e317be5b989e3d7461dd099453f1237356ce28affa5ee58239edd6affa502205957345e5569e5b78bc928736bd415c0445ca550661c57cd1e27f9d66d6520a3:922c64590222798bb761d5b6d8e72950

3
http/cnvd/2021/CNVD-2021-14536.yaml
View File

@ -11,9 +11,12 @@ info:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
cvss-score: 8.3
cwe-id: CWE-522
cpe: cpe:2.3:h:ruijie:rg-uac:*:*:*:*:*:*:*:*
metadata:
max-request: 1
fofa-query: title="RG-UAC登录页面"
product: rg-uac
vendor: ruijie
tags: cnvd2021,cnvd,ruijie,disclosure
http:

5
http/cnvd/2021/CNVD-2021-15822.yaml
View File

@ -8,9 +8,13 @@ info:
ShopXO is an open source enterprise-level open source e-commerce system. ShopXO has an arbitrary file reading vulnerability, which can be used by attackers to obtain sensitive information.
reference:
- https://mp.weixin.qq.com/s/69cDWCDoVXRhehqaHPgYog
classification:
cpe: cpe:2.3:a:shopxo:shopxo:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: shopxo
product: shopxo
shodan-query: title:"ShopXO企业级B2C电商系统提供商"
fofa-query: app="ShopXO企业级B2C电商系统提供商"
tags: cnvd2021,cnvd,shopxo,lfi
@ -31,4 +35,5 @@ http:
- type: status
status:
- 200
# digest: 490a0046304402206735e750a62b437583ca1e1cae33666b4c2ce3b8a8310c3d1212a98fcb018a69022066c8a339f06f76b3df20a5c624b054d356f219e1e77661921c541dc2d7ee4dc5:922c64590222798bb761d5b6d8e72950

3
http/cnvd/2021/CNVD-2021-28277.yaml
View File

@ -12,9 +12,12 @@ info:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
cvss-score: 8.6
cwe-id: CWE-22
cpe: cpe:2.3:a:landray:landray_office_automation:*:*:*:*:*:*:*:*
metadata:
max-request: 2
fofa-query: app="Landray OA system"
product: landray_office_automation
vendor: landray
tags: cnvd,cnvd2021,landray,lfi
http:

5
http/cnvd/2021/CNVD-2021-33202.yaml
View File

@ -9,11 +9,16 @@ info:
reference:
- https://github.com/PeiQi0/PeiQi-WIKI-Book/blob/main/docs/wiki/oa/%E6%B3%9B%E5%BE%AEOA/%E6%B3%9B%E5%BE%AEOA%20E-Cology%20LoginSSO.jsp%20SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E%20CNVD-2021-33202.md
- https://www.cnblogs.com/0day-li/p/14637680.html
classification:
cpe: cpe:2.3:a:weaver:e-cology:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
fofa-query: app="泛微-协同办公OA"
product: e-cology
vendor: weaver
tags: cnvd2021,cnvd,e-cology,sqli
variables:
num: "999999999"

3
http/cnvd/2022/CNVD-2022-42853.yaml
View File

@ -13,11 +13,14 @@ info:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10
cwe-id: CWE-89
cpe: cpe:2.3:a:easycorp:zentao:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
shodan-query: http.title:"zentao"
fofa-query: "Zentao"
product: zentao
vendor: easycorp
tags: cnvd,cnvd2022,zentao,sqli
variables:
num: "999999999"

4
http/cnvd/2022/CNVD-2022-43245.yaml
View File

@ -6,9 +6,13 @@ info:
severity: high
description: |
e-office is a standard collaborative mobile office platform. Ltd. e-office has an arbitrary file reading vulnerability, which can be exploited by attackers to obtain sensitive information.
classification:
cpe: cpe:2.3:a:weaver:e-office:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: weaver
product: e-office
fofa-query: app="泛微-协同办公OA"
tags: cnvd,cnvd2022,weaver,e-office,oa,lfi

5
http/cnvd/2024/CNVD-2024-15077.yaml
View File

@ -9,9 +9,13 @@ info:
reference:
- https://github.com/wy876/POC/blob/main/AJ-Report%E5%BC%80%E6%BA%90%E6%95%B0%E6%8D%AE%E5%A4%A7%E5%B1%8F%E5%AD%98%E5%9C%A8%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E.md
- https://github.com/vulhub/vulhub/blob/master/aj-report/CNVD-2024-15077/README.md
classification:
cpe: cpe:2.3:a:anji-plus:aj-report:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: anji-plus
product: aj-report
fofa-query: title="AJ-Report"
tags: cnvd,cnvd2024,aj-report,rce
@ -42,4 +46,5 @@ http:
- type: status
status:
- 200
# digest: 4a0a00473045022100a0ad6d10ef5ed64fff1a44a4efb42b8c18de347907d77e68fec2a9f796030e8c022003c9c9bcfc6d56d3a3c7988f48874841753487e2ce57d91740ffbe99e3627448:922c64590222798bb761d5b6d8e72950

4
http/credential-stuffing/self-hosted/grafana-login-check.yaml
View File

@ -7,10 +7,14 @@ info:
description: Checks for a valid login on self hosted Grafana instance.
reference:
- https://owasp.org/www-community/attacks/Credential_stuffing
classification:
cpe: cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*
metadata:
max-request: 1
shodan-query: title:"Grafana"
fofa-query: title="Grafana"
product: grafana
vendor: grafana
tags: self-hosted,creds-stuffing,login-check,grafana
variables:
username: "{{username}}"

3
http/cves/2021/CVE-2021-27748.yaml
View File

@ -16,10 +16,13 @@ info:
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27748
classification:
cve-id: CVE-2021-27748
cpe: cpe:2.3:a:ibm:websphere:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 3
shodan-query: http.html:"IBM WebSphere Portal"
product: websphere
vendor: ibm
tags: cve2021,cve,hcl,ibm,ssrf,websphere
flow: http(1) && http(2)

3
http/cves/2022/CVE-2022-29299.yaml
View File

@ -19,10 +19,13 @@ info:
cve-id: CVE-2022-29299
epss-score: 0.00175
epss-percentile: 0.5456
cpe: cpe:2.3:o:contec:solarview_compact_firmware:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
shodan-query: http.favicon.hash:-244067125
product: solarview_compact_firmware
vendor: contec
tags: cve2022,cve,xss,solarview,edb
http:

3
http/cves/2023/CVE-2023-1434.yaml
View File

@ -16,10 +16,13 @@ info:
classification:
cve-id: CVE-2023-1434
cwe-id: CWE-79
cpe: cpe:2.3:a:odoo:odoo:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
shodan-query: title:"Odoo"
product: odoo
vendor: odoo
tags: cve2023,cve,odoo,xss
http:

3
http/cves/2023/CVE-2023-24367.yaml
View File

@ -21,10 +21,13 @@ info:
cvss-score: 6.1
cve-id: CVE-2023-24367
cwe-id: CWE-79
cpe: cpe:2.3:a:temenos:t24:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
shodan-query: title:"T24 Sign in"
product: t24
vendor: temenos
tags: cve,cve2023,xss,temenos
http:

3
http/cves/2023/CVE-2023-32117.yaml
View File

@ -16,10 +16,13 @@ info:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
cvss-score: 7.3
cve-id: CVE-2023-32117
cpe: cpe:2.3:a:softlabbd:integrate_google_drive:*:*:*:*:wordpress:*:*:*
metadata:
verified: true
max-request: 1
publicwww-query: "/wp-content/plugins/integrate-google-drive/"
product: integrate_google_drive
vendor: softlabbd
tags: cve,cve2023,wordpress,wpscan,wp-plugin,wp,integrate-google-drive
http:

3
http/cves/2023/CVE-2023-34020.yaml
View File

@ -17,10 +17,13 @@ info:
cwe-id: CWE-601
epss-score: 0.00076
epss-percentile: 0.32361
cpe: cpe:2.3:a:uncannyowl:uncanny_toolkit_for_learndash:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
publicwww-query: "/wp-content/plugins/uncanny-learndash-toolkit/"
product: uncanny_toolkit_for_learndash
vendor: uncannyowl
tags: cve2023,cve,wordpress,uncanny-learndash-toolkit,wpscan,redirect
http:

9
http/cves/2023/CVE-2023-42344.yaml
View File

@ -10,9 +10,13 @@ info:
reference:
- https://blog.qualys.com/product-tech/2023/12/08/opencms-unauthenticated-xxe-vulnerability-cve-2023-42344
- https://labs.watchtowr.com/xxe-you-can-depend-on-me-opencms/
classification:
cpe: cpe:2.3:a:alkacon:opencms:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 2
vendor: alkacon
product: opencms
fofa-query: "OpenCms-9.5.3"
tags: cve,cve2023,xxe,opencms
@ -21,13 +25,15 @@ http:
path:
- "{{BaseURL}}/opencms/cmisatom/cmis-online/query"
- "{{BaseURL}}/cmisatom/cmis-online/query"
headers:
Content-Type: "application/xml;charset=UTF-8"
Referer: "{{RootURL}}"
body: |
<?xml version='1.0' encoding='UTF-8'?><!DOCTYPE root [<!ENTITY test SYSTEM 'file:///etc/passwd'>]><cmis:query xmlns:cmis="<http://docs.oasis-open.org/ns/cmis/core/200908/>"><cmis:statement>&test;</cmis:statement><cmis:searchAllVersions>false</cmis:searchAllVersions><cmis:includeAllowableActions>false</cmis:includeAllowableActions><cmis:includeRelationships>none</cmis:includeRelationships><cmis:renditionFilter>cmis:none</cmis:renditionFilter><cmis:maxItems>100</cmis:maxItems><cmis:skipCount>0</cmis:skipCount></cmis:query>
stop-at-first-match: true
matchers-condition: and
matchers:
- type: regex
@ -36,4 +42,5 @@ http:
- "root:.*:0:0:"
- "invalidArgument"
condition: and
# digest: 4b0a00483046022100f7dbfd49302b6ff73e5301cdb82e1fea60540cdbacb1e9a04069885d75bbc145022100c7ec2bc827d6116bdc018f12ea636664f6d8688600854967a7d4cc2734c100d4:922c64590222798bb761d5b6d8e72950

3
http/cves/2023/CVE-2023-47115.yaml
View File

@ -21,10 +21,13 @@ info:
cvss-score: 7.1
cve-id: CVE-2023-47115
cwe-id: CWE-79
cpe: cpe:2.3:a:humansignal:label_studio:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 6
shodan-query: http.favicon.hash:-1649949475
product: label_studio
vendor: humansignal
tags: cve,cve2023,xss,authenticated,intrusive,label-studio
http:

3
http/cves/2023/CVE-2023-47218.yaml
View File

@ -19,10 +19,13 @@ info:
cwe-id: CWE-77
epss-score: 0.00305
epss-percentile: 0.69699
cpe: cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 2
shodan-query: ssl.cert.issuer.cn:"QNAP NAS",title:"QNAP Turbo NAS"
product: qts
vendor: qnap
tags: cve,cve2023,qnap,qts,quts,rce,intrusive
variables:
file: '{{rand_base(6)}}'

3
http/cves/2023/CVE-2023-48777.yaml
View File

@ -17,11 +17,14 @@ info:
cwe-id: CWE-434
epss-score: 0.00054
epss-percentile: 0.21518
cpe: cpe:2.3:a:elementor:website_builder:*:*:*:*:wordpress:*:*:*
metadata:
verified: true
max-request: 4
framework: wordpress
publicwww-query: "/wp-content/plugins/elementor/"
product: website_builder
vendor: elementor
tags: cve,cve2023,elementor,file-upload,intrusive,rce,wpscan,wordpress,wp-plugin,authenticated
variables:
filename: "{{rand_base(6)}}"

3
http/cves/2024/CVE-2024-1071.yaml
View File

@ -20,6 +20,7 @@ info:
cwe-id: CWE-89
epss-score: 0.00063
epss-percentile: 0.26569
cpe: cpe:2.3:a:ultimatemember:ultimate_member:*:*:*:*:wordpress:*:*:*
metadata:
verified: true
max-request: 2
@ -27,6 +28,8 @@ info:
fofa-query: body="/wp-content/plugins/ultimate-member"
publicwww-query: "/wp-content/plugins/ultimate-member/"
zoomeye-query: app:"WordPress Ultimate Member Plugin"
product: ultimate_member
vendor: ultimatemember
tags: cve,cve2024,ultimate-member,wpscan,wordpress,wp-plugin,sqli
http:

3
http/cves/2024/CVE-2024-1183.yaml
View File

@ -16,10 +16,13 @@ info:
cwe-id: CWE-601
epss-score: 0.00076
epss-percentile: 0.32361
cpe: cpe:2.3:a:gradio_project:gradio:*:*:*:*:python:*:*:*
metadata:
verified: true
max-request: 1
shodan-query: html:"__gradio_mode__"
product: gradio
vendor: gradio_project
tags: cve,cve2024,ssrf,oast,gradio
http:

3
http/cves/2024/CVE-2024-1380.yaml
View File

@ -17,10 +17,13 @@ info:
cve-id: CVE-2024-1380
epss-score: 0.00043
epss-percentile: 0.0866
cpe: cpe:2.3:a:relevanssi:relevanssi:*:*:*:*:wordpress:*:*:*
metadata:
verified: true
max-request: 1
fofa-query: "/wp-content/plugins/relevanssi/"
product: relevanssi
vendor: relevanssi
tags: cve,cve2024,wp,wordpress,wp-plugin,relevanssi,exposure
http:

3
http/cves/2024/CVE-2024-1561.yaml
View File

@ -24,10 +24,13 @@ info:
cwe-id: CWE-29
epss-score: 0.00087
epss-percentile: 0.36659
cpe: cpe:2.3:a:gradio_project:gradio:*:*:*:*:python:*:*:*
metadata:
verified: true
max-request: 2
shodan-query: html:"__gradio_mode__"
product: gradio
vendor: gradio_project
tags: cve,cve2024,intrusive,unauth,gradio,lfi,lfr
http:

3
http/cves/2024/CVE-2024-1698.yaml
View File

@ -18,10 +18,13 @@ info:
cve-id: CVE-2024-1698
epss-score: 0.00045
epss-percentile: 0.12615
cpe: cpe:2.3:a:wpdeveloper:notificationx:*:*:*:*:wordpress:*:*:*
metadata:
verified: true
max-request: 1
fofa-query: body="/wp-content/plugins/notificationx"
product: notificationx
vendor: wpdeveloper
tags: cve,cve2024,wpscan,wordpress,wp-plugin,notificationx,sqli
http:

3
http/cves/2024/CVE-2024-20767.yaml
View File

@ -19,10 +19,13 @@ info:
cwe-id: CWE-284
epss-score: 0.08221
epss-percentile: 0.94345
cpe: cpe:2.3:a:adobe:coldfusion:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 2
shodan-query: http.component:"Adobe ColdFusion"
product: coldfusion
vendor: adobe
tags: cve,cve2024,adobe,coldfusion,lfr
http:

3
http/cves/2024/CVE-2024-21683.yaml
View File

@ -19,10 +19,13 @@ info:
cwe-id: CWE-78
epss-score: 0.00043
epss-percentile: 0.0866
cpe: cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 3
fofa-query: "app=\"ATLASSIAN-Confluence\""
product: confluence_data_center
vendor: atlassian
tags: cve,cve2024,atlassian,confluence,rce,authenticated,intrusive
variables:
username: "{{username}}"

2
http/cves/2024/CVE-2024-23163.yaml
View File

@ -16,12 +16,14 @@ info:
cvss-score: 9.8
cve-id: CVE-2024-23163
cwe-id: CWE-287
cpe: cpe:2.3:a:gestsup:gestsup:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: gestsup
fofa-query: title="GestSup"
shodan-query: http.favicon.hash:-283003760
product: gestsup
tags: cve,cve2024,account-takeover,gestsup
variables:

3
http/cves/2024/CVE-2024-24809.yaml
View File

@ -17,10 +17,13 @@ info:
cwe-id: CWE-27
epss-score: 0.00043
epss-percentile: 0.09551
cpe: cpe:2.3:a:traccar:traccar:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
shodan-query: html:"Traccar"
product: traccar
vendor: traccar
tags: cve,cve2024,traccar,rce,intrusive,file-upload
variables:

3
http/cves/2024/CVE-2024-27199.yaml
View File

@ -13,10 +13,13 @@ info:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
cvss-score: 7.3
cwe-id: CWE-23
cpe: cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 3
shodan-query: http.component:"TeamCity"
product: teamcity
vendor: jetbrains
tags: cve,cve2024,teamcity,jetbrains,auth-bypass
http:

5
http/cves/2024/CVE-2024-27564.yaml
View File

@ -9,9 +9,13 @@ info:
reference:
- https://github.com/dirk1983/chatgpt/issues/114
- https://nvd.nist.gov/vuln/detail/CVE-2024-27564
classification:
cpe: cpe:2.3:a:chanzhaoyu:chatgpt_web:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 2
vendor: chanzhaoyu
product: chatgpt_web
fofa-query: "title=\"ChatGPT个人专用版\""
tags: cve,cve2024,chatgpt,ssrf,oast,oos,lfi
@ -38,4 +42,5 @@ http:
- contains(header, "image/jpeg")
- status_code == 200
condition: and
# digest: 490a0046304402205ae8c7b8e367577b1052683aa4b48d038bc2308c7299d24c0f6530b33b0ac9af022058dcc4c45ed777943b6e87ac9605afbd095f2bad41f6963d208ad6f85e702375:922c64590222798bb761d5b6d8e72950

3
http/cves/2024/CVE-2024-29269.yaml
View File

@ -18,9 +18,12 @@ info:
cve-id: CVE-2024-29269
epss-score: 0.00054
epss-percentile: 0.21518
cpe: cpe:2.3:h:telesquare:tlr-2005ksh:*:*:*:*:*:*:*:*
metadata:
max-request: 1
shodan-query: title:"Login to TLR-2005KSH"
product: tlr-2005ksh
vendor: telesquare
tags: cve,cve2024,telesquare,tlr,rce
http:

3
http/cves/2024/CVE-2024-29868.yaml
View File

@ -18,10 +18,13 @@ info:
classification:
cve-id: CVE-2024-29868
cwe-id: CWE-338
cpe: cpe:2.3:a:apache:streampipes:*:*:*:*:*:*:*:*
metadata:
max-request: 2
shodan-query: http.title:"apache streampipes"
fofa-query: title="apache streampipes"
product: streampipes
vendor: apache
tags: cve,cve2024,apache,streampipes,account-takeover
flow: http(1) && http(2)

3
http/cves/2024/CVE-2024-3136.yaml
View File

@ -21,10 +21,13 @@ info:
cve-id: CVE-2024-3136
epss-score: 0.00065
epss-percentile: 0.28259
cpe: cpe:2.3:a:stylemixthemes:masterstudy_lms:*:*:*:*:wordpress:*:*:*
metadata:
verified: true
max-request: 2
publicwww-query: "/wp-content/plugins/masterstudy-lms-learning-management-system"
product: masterstudy_lms
vendor: stylemixthemes
tags: cve,cve2024,wp,wordpress,unauth,lfi
variables:
randomstr: "{{randstr_1}}"

3
http/cves/2024/CVE-2024-31850.yaml
View File

@ -17,10 +17,13 @@ info:
cwe-id: CWE-22
epss-score: 0.00053
epss-percentile: 0.21091
cpe: cpe:2.3:a:cdata:arc:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 2
shodan-query: "title:\"CData Arc\""
product: arc
vendor: cdata
tags: cve,cve2024,cdata,lfi
flow: http(1) && http(2)

3
http/cves/2024/CVE-2024-32113.yaml
View File

@ -19,10 +19,13 @@ info:
cve-id: CVE-2024-32113
epss-score: 0.00115
epss-percentile: 0.45112
cpe: cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
fofa-query: app="Apache_OFBiz"
product: ofbiz
vendor: apache
tags: cve,cve2024,apache,obiz,rce
http:

3
http/cves/2024/CVE-2024-32399.yaml
View File

@ -15,10 +15,13 @@ info:
classification:
epss-score: 0.00053
epss-percentile: 0.21091
cpe: cpe:2.3:a:raidenmaild:raidenmaild:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
shodan-query: html:"RaidenMAILD"
product: raidenmaild
vendor: raidenmaild
tags: cve,cve2024,lfi,raiden,mail,server
http:

3
http/cves/2024/CVE-2024-32709.yaml
View File

@ -18,10 +18,13 @@ info:
cwe-id: CWE-89
epss-score: 0.00043
epss-percentile: 0.0866
cpe: cpe:2.3:a:plechevandrey:wp-recall:*:*:*:*:wordpress:*:*:*
metadata:
verified: true
max-request: 1
publicwww-query: "/wp-content/plugins/wp-recall/"
product: wp-recall
vendor: plechevandrey
tags: cve,cve2024,wp-plugin,wp-recall,wordpress,wp,sqli
variables:

3
http/cves/2024/CVE-2024-3274.yaml
View File

@ -17,10 +17,13 @@ info:
cwe-id: CWE-200
epss-score: 0.00045
epss-percentile: 0.15047
cpe: cpe:2.3:h:dlink:dns-320l:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
fofa-query: body="Text:In order to access the ShareCenter"
product: dns-320l
vendor: dlink
tags: cve,cve2024,dlink,exposure
http:

3
http/cves/2024/CVE-2024-33113.yaml
View File

@ -12,10 +12,13 @@ info:
classification:
epss-score: 0.00043
epss-percentile: 0.0866
cpe: cpe:2.3:h:dlink:dir-845l:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
shodan-query: "DIR-845L"
product: dir-845l
vendor: dlink
tags: cve,cve2024,dlink,info-leak
http:

6
http/cves/2024/CVE-2024-33288.yaml
View File

@ -9,9 +9,13 @@ info:
reference:
- https://en.0day.today/exploit/39610
- https://www.sourcecodester.com/sql/17287/prison-management-system.html
classification:
cpe: cpe:2.3:a:prison_management_system_project:prison_management_system:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 2
vendor: prison_management_system_project
product: prison_management_system
shodan-query: title:"Prison Management System"
tags: cve,cve2024,cms,sqli
@ -23,7 +27,6 @@ http:
Content-Type: application/x-www-form-urlencoded
txtusername=admin%27+or+%271%27+%3D%271&txtpassword={{randstr}}&btnlogin=
- |
GET /Admin/index.php HTTP/1.1
Host: {{Hostname}}
@ -40,4 +43,5 @@ http:
- type: status
status:
- 200
# digest: 4b0a00483046022100859ec311a5b87c8613179df918539075c5fd10a9d17a0273f0970d74ab5ea0e90221008c39c278e0ce4d1b08af7daa3356e7901998adf7c17a2919323d4a935efff082:922c64590222798bb761d5b6d8e72950

3
http/cves/2024/CVE-2024-33605.yaml
View File

@ -17,10 +17,13 @@ info:
cvss-score: 7.5
cve-id: CVE-2024-33605
cwe-id: CWE-22
cpe: cpe:2.3:o:sharp:mx-3550v_firmware:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
shodan-query: "Set-Cookie: MFPSESSIONID="
product: mx-3550v_firmware
vendor: sharp
tags: cve,cve2024,sharp,printer,traversal
http:

3
http/cves/2024/CVE-2024-34102.yaml
View File

@ -14,10 +14,13 @@ info:
cvss-score: 9.8
cve-id: CVE-2024-34102
cwe-id: CWE-611
cpe: cpe:2.3:a:adobe:magento:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
fofa-query: app="Adobe-Magento"
product: magento
vendor: adobe
tags: cve,cve2024,adobe,magento,xxe
http:

7
http/cves/2024/CVE-2024-34982.yaml
View File

@ -10,14 +10,16 @@ info:
- https://github.com/n2ryx/CVE/blob/main/Lylme_pagev1.9.5.md
- https://github.com/tanjiti/sec_profile
- https://github.com/ATonysan/poc-exp/blob/main/60NavigationPage_CVE-2024-34982_ArbitraryFileUploads.py
classification:
cpe: cpe:2.3:a:lylme:lylme_spage:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: lylme
product: lylme_spage
fofa-query: icon_hash="-282504889"
tags: cve,cve2024,lylme-spage,rce,intrusive
flow: http(1) && http(2)
variables:
string: "{{randstr}}"
filename: "{{to_lower(rand_text_alpha(5))}}"
@ -69,4 +71,5 @@ http:
- 'contains(body, "{{string}}" )'
- 'contains(header, "text/html")'
condition: and
# digest: 4a0a004730450220440784f1e1d309bfb1eee99fbcaf02afe7bfa185b48f07233df0f14cac9e9d9b0221009072b53098bb58d0d3efd14db1a3fc5f7b0b4593a0426fa060db0c42edd6f029:922c64590222798bb761d5b6d8e72950

7
http/cves/2024/CVE-2024-3552.yaml
View File

@ -10,16 +10,18 @@ info:
reference:
- https://vulners.com/wpvulndb/CVE-2024-3552
- https://wpscan.com/vulnerability/34b03ee4-de81-4fec-9f3d-e1bd5b94d136/
classification:
cpe: cpe:2.3:a:salephpscripts:web_directory_free:*:*:*:*:wordpress:*:*:*
metadata:
verified: true
max-request: 1
vendor: salephpscripts
product: web_directory_free
publicwww-query: "/wp-content/plugins/web-directory-free"
tags: cve,cve2024,wordpress,wp-plugin,wpscan,wp,web-directory-free
flow: http(1) && http(2)
http:
- raw:
- |
GET / HTTP/1.1
@ -47,4 +49,5 @@ http:
- 'status_code == 200'
- regex('^\[\]$', body)
condition: and
# digest: 4a0a0047304502205f1531596b6325ac2d986cd6245136e53aa97e8a3978b6a394bffeb78042691602210093b20af969ed64d70d37d6bcea2a4ea4e185ec3d9814c49ec0e4ed34262d6ba6:922c64590222798bb761d5b6d8e72950

3
http/cves/2024/CVE-2024-36104.yaml
View File

@ -19,10 +19,13 @@ info:
cwe-id: CWE-22
epss-score: 0.00045
epss-percentile: 0.16306
cpe: cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
fofa-query: app="Apache_OFBiz"
product: ofbiz
vendor: apache
tags: cve,cve2024,apache,obiz,lfi
http:

6
http/cves/2024/CVE-2024-36837.yaml
View File

@ -9,12 +9,15 @@ info:
reference:
- https://github.com/phtcloud-dev/CVE-2024-36837
- https://nvd.nist.gov/vuln/detail/CVE-2024-36837
classification:
cpe: cpe:2.3:a:crmeb:crmeb:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: crmeb
product: crmeb
fofa-query: title="CRMEB"
tags: cve,cve2024,crmeb,sqli
variables:
num: "{{rand_int(9000000, 9999999)}}"
@ -40,4 +43,5 @@ http:
- type: status
status:
- 200
# digest: 490a0046304402203044d17d81b224dafab0f052edc09852ae126401a2350dcbed817e3a8d32b6840220266a399dff53e7dd81a0eeea14d4f29ab5039fee825cd84700698d76b30c8e7f:922c64590222798bb761d5b6d8e72950

6
http/cves/2024/CVE-2024-37032.yaml
View File

@ -10,9 +10,13 @@ info:
- https://www.wiz.io/blog/probllama-ollama-vulnerability-cve-2024-37032
- https://nvd.nist.gov/vuln/detail/CVE-2024-37032
- https://github.com/Bi0x/CVE-2024-37032
classification:
cpe: cpe:2.3:a:ollama:ollama:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: ollama
product: ollama
shodan-query: ollama
tags: cve,cve2024,ollama,rce
@ -24,7 +28,6 @@ http:
Content-Type: application/json
{"name": "http://{{interactsh-url}}/rogue/{{randstr}}", "insecure": true}
- |
POST /api/push HTTP/1.1
Host: {{Hostname}}
@ -38,4 +41,5 @@ http:
- contains(interactsh_protocol, 'http')
- contains_all(header, 'application/x-ndjson') && contains(body_2, 'retrieving manifest')
condition: and
# digest: 4a0a00473045022100a5fa33a756b90484a6e38030d236f0441e68f5e0568a583ecbce5ccc179ec12e022067ed5562eb8a263a887821208641b1c7337d73b10359302495c184e4d1145db2:922c64590222798bb761d5b6d8e72950

5
http/cves/2024/CVE-2024-37152.yaml
View File

@ -9,9 +9,13 @@ info:
reference:
- https://github.com/argoproj/argo-cd/security/advisories/GHSA-87p9-x75h-p4j2
- https://nvd.nist.gov/vuln/detail/CVE-2024-37152
classification:
cpe: cpe:2.3:a:argoproj:argo_cd:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: argoproj
product: argo_cd
shodan-query: html:"Argo CD"
tags: cve,cve2024,argo-cd,info-leak
@ -38,4 +42,5 @@ http:
- type: status
status:
- 200
# digest: 4b0a00483046022100ff51e4d4de0176d7b75272c7382661952fa7f28124b1a6113d2d52675ba7d7ca022100dc729bfc997db746bf206fe0a1ae9ef36b3af92ebad27d690c90a41b636944aa:922c64590222798bb761d5b6d8e72950

3
http/cves/2024/CVE-2024-38288.yaml
View File

@ -12,10 +12,13 @@ info:
classification:
epss-score: 0.00043
epss-percentile: 0.09357
cpe: cpe:2.3:a:rhubcom:turbomeeting:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 2
shodan-query: html:"TurboMeeting"
product: turbomeeting
vendor: rhubcom
tags: cve,cve2024,rce,turbomeeting,authenticated
variables:

6
http/cves/2024/CVE-2024-38289.yaml
View File

@ -8,9 +8,13 @@ info:
A Boolean-based SQL injection vulnerability in the "RHUB TurboMeeting" web application. This vulnerability could allow an attacker to execute arbitrary SQL commands on the database server, potentially allowing them to access sensitive data or compromise the server.
reference:
- https://github.com/google/security-research/security/advisories/GHSA-vx5j-8pgx-v42v
classification:
cpe: cpe:2.3:a:rhubcom:turbomeeting:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 2
vendor: rhubcom
product: turbomeeting
shodan-query: html:"TurboMeeting"
tags: cve,cve2024,sqli,turbomeeting
@ -22,7 +26,6 @@ http:
Content-Type: application/x-www-form-urlencoded
meeting_id=1'/**/OR/**/1=1/**/UNION/**/select/**/password/**/from/**/employee/**/where/**/email='admin'/**/AND/**/substr(password,2,1)='b'/**
- |
POST /as/wapi/vmp HTTP/1.1
Host: {{Hostname}}
@ -41,4 +44,5 @@ http:
part: body_2
words:
- '<__Status__>FAILED</__Status__>'
# digest: 490a0046304402200529dc5c8778e012e9cbb7ffa30d733dc1c0587b432825bef1f5231c3e8986c30220102ab38598176c7395f39eb02a1ab74dc442f237b847feb8dc497b297446afa6:922c64590222798bb761d5b6d8e72950

3
http/cves/2024/CVE-2024-38856.yaml
View File

@ -15,10 +15,13 @@ info:
classification:
epss-score: 0.00045
epss-percentile: 0.16306
cpe: cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
fofa-query: app="Apache_OFBiz"
product: ofbiz
vendor: apache
tags: cve,cve2024,ofbiz,apache,rce,kev
http:

6
http/cves/2024/CVE-2024-3922.yaml
View File

@ -13,12 +13,15 @@ info:
reference:
- https://dokan.co/docs/wordpress/changelog/
- https://nvd.nist.gov/vuln/detail/CVE-2024-3922
classification:
cpe: cpe:2.3:a:wedevs:dokan:*:*:*:*:wordpress:*:*:*
metadata:
verified: true
max-request: 2
vendor: wedevs
product: dokan
publicwww-query: "/wp-content/plugins/dokan-pro/"
tags: cve,cve2024,dokan,wp-plugin,wordpress,wp,dokan-pro,sqli
flow: http(1) && http(2)
http:
@ -47,4 +50,5 @@ http:
- 'duration>=6'
- 'status_code == 302'
condition: and
# digest: 4a0a00473045022100dddd0ec4841ea543e8407a98030b788b48c7c9ed9dd3effa76716f9339223b8a022076cb03daa28b52dab09d0014ed45363b0db7d14951be1ec39218c42cc49ee34f:922c64590222798bb761d5b6d8e72950

3
http/cves/2024/CVE-2024-39907.yaml
View File

@ -15,10 +15,13 @@ info:
cwe-id: CWE-89
epss-score: 0.00043
epss-percentile: 0.09387
cpe: cpe:2.3:a:fit2cloud:1panel:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 2
fofa-query: icon_hash="1300107149" || icon_hash="1453309674" || cert.issuer.cn="1Panel Intermediate CA"
product: 1panel
vendor: fit2cloud
tags: cve,cve2024,sqli,1panel,authenticated
variables:

3
http/cves/2024/CVE-2024-41107.yaml
View File

@ -15,10 +15,13 @@ info:
classification:
epss-score: 0.00046
epss-percentile: 0.16798
cpe: cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
fofa-query: app="APACHE-CloudStack"
product: cloudstack
vendor: apache
tags: cve,cve2024,apache,cloudstack,auth-bypass
variables:

3
http/cves/2024/CVE-2024-43425.yaml
View File

@ -14,10 +14,13 @@ info:
classification:
cvss-score: 9.8
cve-id: CVE-2024-43425
cpe: cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
shodan-query: title:"Moodle"
product: moodle
vendor: moodle
tags: cve,cve2024,moodile,rce,authenticated
flow: http(1) && http(2) && http(3) && http(4) && http(5) && http(6)

3
http/cves/2024/CVE-2024-4348.yaml
View File

@ -19,10 +19,13 @@ info:
cwe-id: CWE-79
epss-score: 0.00065
epss-percentile: 0.28259
cpe: cpe:2.3:a:oscommerce:oscommerce:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 2
shodan-query: html:"osCommerce"
product: oscommerce
vendor: oscommerce
tags: packetstorm,xss,rxss,oscommerce,cve2024,cve
http:

4
http/cves/2024/CVE-2024-4358.yaml
View File

@ -12,10 +12,14 @@ info:
- https://summoning.team/blog/progress-report-server-rce-cve-2024-4358-cve-2024-1800/
- https://github.com/sinsinology/CVE-2024-4358
- https://docs.telerik.com/report-server/knowledge-base/registration-auth-bypass-cve-2024-4358
classification:
cpe: cpe:2.3:a:progress:telerik_report_server:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 2
shodan-query: title:"Log in | Telerik Report Server"
product: telerik_report_server
vendor: progress
tags: cve,cve2024,telerik,progress,auth-bypass,instrusive
variables:
user: "{{rand_base(6)}}"

3
http/cves/2024/CVE-2024-4434.yaml
View File

@ -17,10 +17,13 @@ info:
cve-id: CVE-2024-4434
epss-score: 0.00063
epss-percentile: 0.2659
cpe: cpe:2.3:a:thimpress:learnpress:*:*:*:*:wordpress:*:*:*
metadata:
verified: true
max-request: 2
publicwww-query: "/wp-content/plugins/learnpress"
product: learnpress
vendor: thimpress
tags: cve,cve2024,wp,wp-plugin,wordpress,sqli,learnpress
variables:

3
http/cves/2024/CVE-2024-4443.yaml
View File

@ -21,10 +21,13 @@ info:
cve-id: CVE-2024-4443
epss-score: 0.00063
epss-percentile: 0.27036
cpe: cpe:2.3:a:businessdirectoryplugin:business_directory:*:*:*:*:wordpress:*:*:*
metadata:
verified: true
max-request: 1
publicwww-query: "/wp-content/plugins/business-directory-plugin/"
product: business_directory
vendor: businessdirectoryplugin
tags: cve,cve2024,sqli,business-directory,wordpress,wp-plugin
http:

3
http/cves/2024/CVE-2024-4885.yaml
View File

@ -20,10 +20,13 @@ info:
cwe-id: CWE-22
epss-score: 0.00066
epss-percentile: 0.29461
cpe: cpe:2.3:a:progress:whatsup_gold:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
shodan-query: html:"WhatsUp Gold"
product: whatsup_gold
vendor: progress
tags: cve,cve2024,rce,progress,whatsup,lfi
http:

3
http/cves/2024/CVE-2024-5315.yaml
View File

@ -18,10 +18,13 @@ info:
cwe-id: CWE-89
epss-score: 0.00043
epss-percentile: 0.09367
cpe: cpe:2.3:a:dolibarr:dolibarr_erp\\/crm:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
shodan-query: http.title:"Dolibarr"
product: dolibarr_erp\\/crm
vendor: dolibarr
tags: cve,cve2024,dolibarr,erp,sqli,authenticated
variables:

3
http/cves/2024/CVE-2024-5522.yaml
View File

@ -16,10 +16,13 @@ info:
cve-id: CVE-2024-5522
epss-score: 0.04
epss-percentile: 9
cpe: cpe:2.3:a:bplugins:html5_video_player:*:*:*:*:wordpress:*:*:*
metadata:
verified: true
max-request: 1
publicwww-query: "/wp-content/plugins/html5-video-player"
product: html5_video_player
vendor: bplugins
tags: wpscan,cve,cve2024,wordpress,wp-plugin,wp,sqli,html5-video-player
variables:

3
http/cves/2024/CVE-2024-6028.yaml
View File

@ -15,10 +15,13 @@ info:
cvss-score: 9.8
cve-id: CVE-2024-6028
cwe-id: CWE-89
cpe: cpe:2.3:a:ays-pro:quiz_maker:*:*:*:*:wordpress:*:*:*
metadata:
verified: true
max-request: 1
publicwww-query: "/wp-content/plugins/quiz-maker/"
product: quiz_maker
vendor: ays-pro
tags: cve,cve2024,wordpress,wp,wp-plugin,quiz-maker,sqli
http:

3
http/cves/2024/CVE-2024-6396.yaml
View File

@ -11,10 +11,13 @@ info:
cvss-score: 9.8
cve-id: CVE-2024-6396
cwe-id: CWE-29
cpe: cpe:2.3:a:aimstack:aim:*:*:*:*:*:*:*:*
metadata:
max-request: 3
verified: true
fofa-query: icon_hash="-1047157256"
product: aim
vendor: aimstack
tags: cve,cve2024,aim,aimhubio,file-write
variables:

3
http/cves/2024/CVE-2024-6646.yaml
View File

@ -19,8 +19,11 @@ info:
cwe-id: CWE-200
epss-score: 0.00045
epss-percentile: 0.16001
cpe: cpe:2.3:h:netgear:wn604:*:*:*:*:*:*:*:*
metadata:
fofa-query: title=="Netgear"
product: wn604
vendor: netgear
tags: cve,cve2024,netgear
http:

3
http/cves/2024/CVE-2024-6670.yaml
View File

@ -17,10 +17,13 @@ info:
cwe-id: CWE-89
epss-score: 0.00043
epss-percentile: 0.09569
cpe: cpe:2.3:a:progress:whatsup_gold:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 4
shodan-query: title:"WhatsUp Gold" http.favicon.hash:-2107233094
product: whatsup_gold
vendor: progress
tags: cve,cve2024,whatsup-gold,auth-bypass,sqli,intrusive
flow: |

7
http/cves/2024/CVE-2024-6781.yaml
View File

@ -8,10 +8,14 @@ info:
Arbitrary file read via Calibres content server in Calibre <= 7.14.0.
reference:
- https://starlabs.sg/advisories/24/24-6781/
classification:
cpe: cpe:2.3:a:calibre-ebook:calibre:*:*:*:*:*:*:*:*
metadata:
verified: true
vendor: calibre-ebook
product: calibre
shodan-query: html:"Calibre"
fofa-query: "Server: calibre"
verified: true
max-requeset: 1
tags: cve,cve2024,calibre,lfi
@ -53,4 +57,5 @@ http:
- type: status
status:
- 200
# digest: 490a0046304402202ca6fce004009bb7f0650dea15c513da500a417c0c88ac7b0e5e45f237a4e7db022076d6e09297483225abdcab453844dd78e248409367b78b3e4b02e80034988c3d:922c64590222798bb761d5b6d8e72950

5
http/cves/2024/CVE-2024-6782.yaml
View File

@ -8,8 +8,12 @@ info:
Unauthenticated remote code execution via Calibres content server in Calibre <= 7.14.0.
reference:
- https://starlabs.sg/advisories/24/24-6781/
classification:
cpe: cpe:2.3:a:calibre-ebook:calibre:*:*:*:*:*:*:*:*
metadata:
verified: true
vendor: calibre-ebook
product: calibre
shodan-query: html:"Calibre"
fofa-query: "Server: calibre"
max-requeset: 1
@ -59,4 +63,5 @@ http:
- type: status
status:
- 200
# digest: 4b0a00483046022100ab0c6eb74bbcbd25752d1cb038e1250aae3a1ca7939f89b55c54300ce331fb7f022100e4d96a62a8a103243f43549987b0cbd496172100fa325a425975b072d0482332:922c64590222798bb761d5b6d8e72950

5
http/cves/2024/CVE-2024-6922.yaml
View File

@ -12,13 +12,18 @@ info:
- https://www.automationanywhere.com/products/automation-360
- https://www.rapid7.com/blog/post/2024/07/26/cve-2024-6922-automation-anywhere-automation-360-server-side-request-forgery/
- https://nvd.nist.gov/vuln/detail/CVE-2024-6922
classification:
cpe: cpe:2.3:a:automationanywhere:automation_360:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
shodan-query: http.favicon.hash:-1005691603
fofa-query: icon_hash="-1005691603"
product: automation_360
vendor: automationanywhere
tags: cve,cve2024,ssrf,oast,automation,anywhere
http:
- raw:
- |

3
http/default-logins/abb/cs141-default-login.yaml
View File

@ -9,9 +9,12 @@ info:
- https://www.generex.de/media/pages/packages/documents/manuals/f65348d5b6-1628841637/manual_CS141_en.pdf
classification:
cwe-id: CWE-798
cpe: cpe:2.3:h:generex:cs141:*:*:*:*:*:*:*:*
metadata:
max-request: 3
shodan-query: http.html:"CS141"
product: cs141
vendor: generex
tags: hiawatha,iot,default-login
http:

3
http/default-logins/aem/aem-default-login.yaml
View File

@ -11,9 +11,12 @@ info:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
cvss-score: 8.3
cwe-id: CWE-522
cpe: cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
metadata:
max-request: 8
shodan-query: http.component:"Adobe Experience Manager"
product: experience_manager
vendor: adobe
tags: aem,default-login,adobe
http:

3
http/default-logins/aem/aem-felix-console.yaml
View File

@ -12,11 +12,14 @@ info:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
cvss-score: 8.3
cwe-id: CWE-522
cpe: cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*
metadata:
max-request: 2
shodan-query:
- http.title:"AEM Sign In"
- http.component:"Adobe Experience Manager"
product: experience_manager_cloud_service
vendor: adobe
tags: default-login,misconfig,aem,adobe
http:

7
http/default-logins/apache/apache-apollo-default-login.yaml
View File

@ -4,12 +4,15 @@ info:
name: Apache Apollo - Default Login
author: ritikchaddha
severity: high
classification:
cpe: cpe:2.3:a:apache:activemq_apollo:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: apache
product: activemq_apollo
shodan-query: title:"Apache Apollo"
tags: apache,apollo,default-login,misconfig
variables:
username: 'admin'
password: 'admin'
@ -22,7 +25,6 @@ http:
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
username={{username}}&password={{password}}
- |
GET /console/index.html HTTP/1.1
Host: {{Hostname}}
@ -45,4 +47,5 @@ http:
- type: status
status:
- 200
# digest: 490a004630440220316d56568350165547ed1cb488565e14ecae67a775aea47af5d671124b563a5b022040877ad8cc3beae83a8717a9b7d014c5216d3b5acabd097d97d2cdeea26ee151:922c64590222798bb761d5b6d8e72950

7
http/default-logins/apache/cloudstack-default-login.yaml
View File

@ -6,9 +6,13 @@ info:
severity: high
description: |
CloudStack instance discovered using weak default credentials, allows the attacker to gain admin privilege.
classification:
cpe: cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: apache
product: cloudstack
shodan-query: http.title:"Apache CloudStack"
tags: default-login,apache,cloudstack
@ -23,13 +27,11 @@ http:
command=login&username={{username}}&password={{password}}&domain=%2F&response=json
attack: pitchfork
payloads:
username:
- admin
password:
- password
host-redirects: true
matchers:
- type: dsl
@ -38,4 +40,5 @@ http:
- "contains(content_type, 'application/json')"
- "contains_all(body, 'sessionkey','domainid','userid')"
condition: and
# digest: 4a0a00473045022100e14781f645e94e9addfd689f626c0fd7410a4c6abab76c419506a12a7e77b3c702203e536f8fc02f29d3744e77e3403890bbb63998656b7582421280bb32f31466a9:922c64590222798bb761d5b6d8e72950

3
http/default-logins/apache/dolphinscheduler-default-login.yaml
View File

@ -11,9 +11,12 @@ info:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
cvss-score: 8.3
cwe-id: CWE-522
cpe: cpe:2.3:a:apache:dolphinscheduler:*:*:*:*:*:*:*:*
metadata:
max-request: 1
shodan-query: http.title:"DolphinScheduler"
product: dolphinscheduler
vendor: apache
tags: apache,dolphinscheduler,default-login,oss
http:

3
http/default-logins/apache/karaf-default-login.yaml
View File

@ -11,10 +11,13 @@ info:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
cvss-score: 8.3
cwe-id: CWE-522
cpe: cpe:2.3:a:apache:karaf:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
shodan-query: realm="karaf"
product: karaf
vendor: apache
tags: default-login,apache,karaf
http:

4
http/default-logins/apache/kylin-default-login.yaml
View File

@ -9,9 +9,13 @@ info:
reference:
- https://github.com/hanc00l/pocGoby2Xray/blob/main/xraypoc/Apache_Kylin_Console_Default_password.yml
- https://github.com/Wker666/Demo/blob/main/script/%E6%BC%8F%E6%B4%9E%E6%8E%A2%E6%B5%8B/Kylin/Apache%20Kylin%20Console%20%E6%8E%A7%E5%88%B6%E5%8F%B0%E5%BC%B1%E5%8F%A3%E4%BB%A4.wker
classification:
cpe: cpe:2.3:a:apache:kylin:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 6
vendor: apache
product: kylin
fofa-query: app="APACHE-kylin"
tags: kylin,default-login,apache

3
http/default-logins/apache/ranger-default-login.yaml
View File

@ -11,9 +11,12 @@ info:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
cvss-score: 8.3
cwe-id: CWE-522
cpe: cpe:2.3:a:apache:ranger:*:*:*:*:*:*:*:*
metadata:
max-request: 1
shodan-query: http.title:"Ranger - Sign In"
product: ranger
vendor: apache
tags: apache,ranger,default-login
http:

4
http/default-logins/apache/tomcat-default-login.yaml
View File

@ -8,8 +8,12 @@ info:
reference:
- https://www.rapid7.com/db/vulnerabilities/apache-tomcat-default-ovwebusr-password/
- https://github.com/danielmiessler/SecLists/blob/master/Passwords/Default-Credentials/tomcat-betterdefaultpasslist.txt
classification:
cpe: cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
metadata:
max-request: 405
vendor: apache
product: tomcat
shodan-query: title:"Apache Tomcat"
tags: tomcat,apache,default-login

3
http/default-logins/apollo/apollo-default-login.yaml
View File

@ -11,9 +11,12 @@ info:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
cvss-score: 8.3
cwe-id: CWE-522
cpe: cpe:2.3:a:ctrip:apollo:*:*:*:*:*:*:*:*
metadata:
max-request: 2
shodan-query: http.favicon.hash:11794165
product: apollo
vendor: ctrip
tags: apollo,default-login
http:

5
http/default-logins/asus/asus-rtn16-default-login.yaml
View File

@ -6,9 +6,13 @@ info:
severity: high
description: |
ASUS RT-N16 contains a default login vulnerability. Default admin login password 'admin' was found.
classification:
cpe: cpe:2.3:h:asus:rt-n16:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: asus
product: rt-n16
shodan-query: "RT-N16"
tags: default-login,asus,rt-n16
@ -40,4 +44,5 @@ http:
- type: status
status:
- 200
# digest: 4a0a0047304502200b8798bc6edb6d74920650e18ac885759f155e31874f0c2ae1ab825e5f9ab621022100ea2e7c324d3921ccc0dcb7436c5e57ae3aec0e3396d4c5cf1f7a010f6e688192:922c64590222798bb761d5b6d8e72950

3
http/default-logins/azkaban/azkaban-default-login.yaml
View File

@ -7,9 +7,12 @@ info:
description: Azkaban is a batch workflow job scheduler created at LinkedIn to run Hadoop jobs. Default web client credentials were discovered.
classification:
cwe-id: CWE-798
cpe: cpe:2.3:a:azkaban_project:azkaban:*:*:*:*:*:*:*:*
metadata:
max-request: 1
shodan-query: http.title:"Azkaban Web Client"
product: azkaban
vendor: azkaban_project
tags: default-login,azkaban
http:

8
http/default-logins/barco-clickshare-default-login.yaml
View File

@ -6,8 +6,12 @@ info:
severity: high
description: |
Barco ClickShare contains a default login vulnerability. Default login password 'admin' was found.
classification:
cpe: cpe:2.3:o:barco:clickshare_cs-100_huddle_firmware:*:*:*:*:*:*:*:*
metadata:
max-request: 3
vendor: barco
product: clickshare_cs-100_huddle_firmware
shodan-query: "ClickShareSession"
tags: default-login,barco,clickshare
@ -16,14 +20,12 @@ http:
- |
GET /login HTTP/1.1
Host: {{Hostname}}
- |
POST /login/log_me_in HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
csrf_protection_token={{token}}&username={{username}}&password={{password}}&eula_accepted=true
- |
GET /configuration_wizard HTTP/1.1
Host: {{Hostname}}
@ -34,7 +36,6 @@ http:
- admin
password:
- admin
matchers:
- type: dsl
dsl:
@ -51,4 +52,5 @@ http:
regex:
- '="csrf_protection_token" value="([0-9a-z]+)" \/>'
internal: true
# digest: 490a004630440220110d1053dd5b584c6b956c2a7dd5cab571c2d140f37443d9e2c36d2897de6278022019c145b0a677c04a818d1cf14b7150105adb9ad64809c40f071a61232af232ef:922c64590222798bb761d5b6d8e72950

4
http/default-logins/batflat/batflat-default-login.yaml
View File

@ -9,9 +9,13 @@ info:
reference:
- https://www.exploitalert.com/view-details.html?id=34749
- https://cxsecurity.com/issue/WLB-2020010100
classification:
cpe: cpe:2.3:a:batflat:batflat:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: batflat
product: batflat
google-query: intext:"Powered by Batflat."
tags: default-login,batflat

4
http/default-logins/bloofoxcms-default-login.yaml
View File

@ -9,9 +9,13 @@ info:
reference:
- https://www.bloofox.com/automated_setup.113.html
- https://www.bloofox.com
classification:
cpe: cpe:2.3:a:bloofox:bloofoxcms:*:*:*:*:*:*:*:*
metadata:
verified: "true"
max-request: 1
vendor: bloofox
product: bloofoxcms
fofa-query: "Powered by bloofoxCMS"
tags: bloofox,cms,default-login

3
http/default-logins/cobbler/hue-default-credential.yaml
View File

@ -11,9 +11,12 @@ info:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
cvss-score: 8.3
cwe-id: CWE-522
cpe: cpe:2.3:a:cloudera:hue:*:*:*:*:*:*:*:*
metadata:
max-request: 8
shodan-query: title:"Hue - Welcome to Hue"
product: hue
vendor: cloudera
tags: hue,default-login,oss,cloudera
http:

3
http/default-logins/couchdb/couchdb-default-login.yaml
View File

@ -10,10 +10,13 @@ info:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
cvss-score: 8.3
cwe-id: CWE-522
cpe: cpe:2.3:a:apache:couchdb:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 16
fofa-query: app="APACHE-CouchDB"
product: couchdb
vendor: apache
tags: default-login,couchdb,misconfig
http:

8
http/default-logins/crushftp/crushftp-anonymous-login.yaml
View File

@ -6,9 +6,13 @@ info:
severity: high
description: |
CrushFTP Anonymous login credentials were discovered.
classification:
cpe: cpe:2.3:a:crushftp:crushftp:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 2
vendor: crushftp
product: crushftp
shodan-query: html:"CrushFTP"
tags: default-logins,anonymous,crushftp,default-login
@ -17,8 +21,6 @@ http:
- |
GET /WebInterface/ HTTP/1.1
Host: {{Hostname}}
- |
POST /WebInterface/function/ HTTP/1.1
Host: {{Hostname}}
@ -38,7 +40,6 @@ http:
words:
- "text/xml"
extractors:
- type: regex
name: auth
@ -47,4 +48,5 @@ http:
group: 1
regex:
- 'currentAuth=([0-9a-zA-Z]+)'
# digest: 4a0a0047304502200c5a041237930d9a2d13bbdd1937389e71363cf051dc4e6811eaa132f7484060022100b71429de7b114bd8165650fc5ef949e6ab6138c5dd79e57fb16c60fa32c18ada:922c64590222798bb761d5b6d8e72950

10
http/default-logins/crushftp/crushftp-default-login.yaml
View File

@ -6,9 +6,13 @@ info:
severity: high
description: |
CrushFTP default login credentials were discovered.
classification:
cpe: cpe:2.3:a:crushftp:crushftp:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 2
vendor: crushftp
product: crushftp
shodan-query: html:"CrushFTP"
tags: default-login,crushftp
@ -17,8 +21,6 @@ http:
- |
GET /WebInterface/ HTTP/1.1
Host: {{Hostname}}
- |
POST /WebInterface/function/ HTTP/1.1
Host: {{Hostname}}
@ -27,15 +29,14 @@ http:
command=login&username={{username}}&password={{password}}&encoded=true&language=en&random=0.34712915617878926
attack: pitchfork
payloads:
username:
- crushadmin
password:
- crushadmin
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
@ -56,4 +57,5 @@ http:
group: 1
regex:
- 'currentAuth=([0-9a-zA-Z]+)'
# digest: 4a0a0047304502206cda74422b8792aa62859df68d922613d4db22ba6e374a674cc2896bb813426f0221008cd32f2eb5cdc98370da14ba0f39a260c3868ac8bd6bbc336c08d41f3122b9a4:922c64590222798bb761d5b6d8e72950

5
http/default-logins/dataease/dataease-default-login.yaml
View File

@ -9,9 +9,13 @@ info:
As a result, many Dataease can log in with this built-in account.
reference:
- https://github.com/dataease/dataease/issues/5995
classification:
cpe: cpe:2.3:a:dataease_project:dataease:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: dataease_project
product: dataease
shodan-query: html:"Dataease"
tags: default-login,dataease
@ -42,4 +46,5 @@ http:
- type: status
status:
- 200
# digest: 4a0a00473045022100f845a84ad7189dffccd1afea970ebb8f5e601b044da1562e014ab66c8f70e3a9022066c79ccdd3db85aae25fffd20633c098d785a2769347ea37c120f0fb36b1fc0e:922c64590222798bb761d5b6d8e72950

3
http/default-logins/datahub/datahub-metadata-default-login.yaml
View File

@ -11,10 +11,13 @@ info:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
cvss-score: 8.3
cwe-id: CWE-522
cpe: cpe:2.3:a:datahub_project:datahub:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
shodan-query: http.title:"DataHub"
product: datahub
vendor: datahub_project
tags: datahub,default-login
http:

3
http/default-logins/dataiku/dataiku-default-login.yaml
View File

@ -11,10 +11,13 @@ info:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
cvss-score: 8.3
cwe-id: CWE-522
cpe: cpe:2.3:a:dataiku:data_science_studio:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
shodan-query: title:"dataiku"
product: data_science_studio
vendor: dataiku
tags: default-login,dataiku
http:

4
http/default-logins/elasticsearch/elasticsearch-default-login.yaml
View File

@ -9,9 +9,13 @@ info:
reference:
- https://www.alibabacloud.com/blog/what-is-the-default-username-and-password-for-elasticsearch_599610
- https://www.elastic.co/guide/en/elasticsearch/reference/current/built-in-users.html
classification:
cpe: cpe:2.3:a:elastic:elasticsearch:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: elastic
product: elasticsearch
shodan-query: http.title:"Elastic" || http.favicon.hash:1328449667
tags: default-login,elasticsearch

4
http/default-logins/esafenet-cdg-default-login.yaml
View File

@ -6,9 +6,13 @@ info:
severity: high
description: |
Esafenet electronic document security management system default credentials were discovered.
classification:
cpe: cpe:2.3:a:esafenet:cdg:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 32
vendor: esafenet
product: cdg
fofa-query: esafenet
tags: esafenet,cdg,default-login

4
http/default-logins/eurotel/etl3100-default-login.yaml
View File

@ -9,9 +9,13 @@ info:
reference:
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5782.php
- https://www.exploit-db.com/exploits/51684
classification:
cpe: cpe:2.3:h:eurotel:etl3100:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 2
vendor: eurotel
product: etl3100
shodan-query: html:"ETL3100"
fofa-query: body="ETL3100"
tags: misconfig,default-login,eurotel

4
http/default-logins/feiyuxing/feiyuxing-default-login.yaml
View File

@ -8,9 +8,13 @@ info:
Attackers can log in through admin:admin, check the system status, and configure the device.
reference:
- https://github.com/wushigudan/poc/blob/main/%E9%A3%9E%E9%B1%BC%E6%98%9F%E9%BB%98%E8%AE%A4%E5%AF%86%E7%A0%81.py
classification:
cpe: cpe:2.3:h:feiyuxing:vec40g:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: feiyuxing
product: vec40g
fofa-query: title="飞鱼星企业级智能上网行为管理系统"
tags: feiyuxing,default-login,iot

4
http/default-logins/franklin-fueling-default-login.yaml
View File

@ -8,9 +8,13 @@ info:
A default password vulnerability refers to a security flaw that arises when a system or device is shipped or set up with a pre-configured, default password that is commonly known or easily guessable.
reference:
- https://www.exploitalert.com/view-details.html?id=39466
classification:
cpe: cpe:2.3:o:franklinfueling:ts-550_evo_firmware:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: franklinfueling
product: ts-550_evo_firmware
google-query: inurl:"relay_status.html"
tags: default-login,franklin

8
http/default-logins/fuji-xerox/fuji-xerox-default-login.yaml
View File

@ -8,10 +8,13 @@ info:
This template checks for the default credentials (username: 11111, password: x-admin) on Fuji Xerox ApeosPort series printers. If the credentials are valid, the response will have a 200 HTTP status code. Tested on a Fuji Xerox ApeosPort-V C2275 T2.
reference:
- https://4it.com.au/kb/article/fuji-xerox-default-password/
classification:
cpe: cpe:2.3:h:fujixerox:apeosport-v_c3375:*:*:*:*:*:*:*:*
metadata:
max-request: 1
verified: true
vendor: fuji-xerox
max-request: 1
vendor: fujixerox
product: apeosport-v_c3375
fofa-query: '"prop.htm" && "docucentre"'
tags: default-login,fuji,fuji-xerox,printer
@ -36,4 +39,5 @@ http:
- type: status
status:
- 200
# digest: 4a0a00473045022021dddab097e239a58636b5c6b839cb7e8e8217298f30238bc710a0d23916c515022100a53010047899140f9321c168495bd9117f6b5989d5a0c51d773d10034cfac106:922c64590222798bb761d5b6d8e72950

3
http/default-logins/geoserver/geoserver-default-login.yaml
View File

@ -11,10 +11,13 @@ info:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
cvss-score: 8.3
cwe-id: CWE-522
cpe: cpe:2.3:a:geoserver:geoserver:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 2
fofa-query: app="GeoServer"
product: geoserver
vendor: geoserver
tags: geoserver,default-login
http:

7
http/default-logins/gitblit/gitblit-default-login.yaml
View File

@ -8,9 +8,13 @@ info:
Gitblit Default login credentials were discovered.
reference:
- https://www.gitblit.com/administration.html
classification:
cpe: cpe:2.3:a:gitblit:gitblit:*:*:*:*:*:*:*:*
metadata:
max-request: 1
verified: true
max-request: 1
vendor: gitblit
product: gitblit
shodan-query: title:"Gitblit"
tags: gitblit,default-login
@ -46,4 +50,5 @@ http:
- type: dsl
dsl:
- "len(body) == 0"
# digest: 4a0a004730450220691d3ee89f1594b342246ca8ab8be803b73a21e02aba3351ad7b37b30b3f6212022100cc37beb5ccfc7c249f775ab36ff557cd283ed426c4481be17cf0ac8c03dd6307:922c64590222798bb761d5b6d8e72950

Some files were not shown because too many files have changed in this diff Show More