From 5eb6b79331c7b2c255e0c105643ca1c5a1f0cb9e Mon Sep 17 00:00:00 2001
From: MostInterestingBotInTheWorld
<98333686+MostInterestingBotInTheWorld@users.noreply.github.com>
Date: Wed, 18 May 2022 16:58:07 -0400
Subject: [PATCH] Dashboard Content Enhancements (#4426)
Dashboard Content Enhancements
---
cnvd/2020/CNVD-2020-46552.yaml | 12 ++++++++++--
cves/2010/CVE-2010-4239.yaml | 6 ++++--
cves/2018/CVE-2018-16716.yaml | 4 +++-
cves/2019/CVE-2019-0230.yaml | 3 +--
cves/2019/CVE-2019-16920.yaml | 1 +
cves/2020/CVE-2020-12800.yaml | 2 +-
cves/2020/CVE-2020-13942.yaml | 2 +-
cves/2021/CVE-2021-25281.yaml | 7 +++++--
cves/2021/CVE-2021-26084.yaml | 9 ++++-----
cves/2021/CVE-2021-26295.yaml | 9 +++++++--
cves/2021/CVE-2021-27132.yaml | 7 +++++--
cves/2021/CVE-2021-27561.yaml | 8 +++++---
cves/2021/CVE-2021-27651.yaml | 8 +++++---
cves/2021/CVE-2021-27850.yaml | 6 ++++--
cves/2021/CVE-2021-27905.yaml | 9 ++++++---
cves/2021/CVE-2021-27931.yaml | 7 ++++---
cves/2021/CVE-2021-28918.yaml | 9 +++++----
cves/2021/CVE-2021-29203.yaml | 6 ++++--
cves/2021/CVE-2021-29441.yaml | 6 ++++--
cves/2021/CVE-2021-30461.yaml | 9 ++++++---
cves/2021/CVE-2021-3129.yaml | 8 +++++---
cves/2021/CVE-2021-31856.yaml | 7 +++++--
cves/2021/CVE-2021-32172.yaml | 6 ++++--
cves/2021/CVE-2021-32305.yaml | 6 ++++--
cves/2021/CVE-2021-33221.yaml | 7 +++++--
cves/2021/CVE-2021-33357.yaml | 10 ++++++----
cves/2021/CVE-2021-33564.yaml | 7 +++++--
cves/2021/CVE-2021-3378.yaml | 10 +++++-----
cves/2021/CVE-2021-36356.yaml | 4 +++-
cves/2021/CVE-2021-44077.yaml | 5 ++++-
cves/2021/CVE-2021-44515.yaml | 8 ++++++--
cves/2021/CVE-2021-46422.yaml | 8 +++++---
cves/2021/CVE-2021-46424.yaml | 6 ++++--
cves/2022/CVE-2022-0482.yaml | 8 +++++---
cves/2022/CVE-2022-0540.yaml | 6 ++++--
cves/2022/CVE-2022-0543.yaml | 6 +++---
cves/2022/CVE-2022-0591.yaml | 6 ++++--
cves/2022/CVE-2022-1020.yaml | 6 ++++--
cves/2022/CVE-2022-1598.yaml | 2 ++
cves/2022/CVE-2022-30489.yaml | 5 ++++-
cves/2022/CVE-2022-30525.yaml | 2 ++
workflows/yonyou-nc-workflow.yaml | 4 ++--
42 files changed, 176 insertions(+), 91 deletions(-)
diff --git a/cnvd/2020/CNVD-2020-46552.yaml b/cnvd/2020/CNVD-2020-46552.yaml
index 690f94e80f..02a98ac205 100644
--- a/cnvd/2020/CNVD-2020-46552.yaml
+++ b/cnvd/2020/CNVD-2020-46552.yaml
@@ -1,13 +1,19 @@
id: CNVD-2020-46552
+
info:
- name: Sangfor EDR Tool - Remote Code Execution
+ name: Sangfor EDR - Remote Code Execution
author: ritikchaddha
severity: critical
- description: There is a RCE vulnerability in Sangfor Endpoint Monitoring and Response Platform (EDR). An attacker could exploit this vulnerability by constructing an HTTP request, and an attacker who successfully exploited this vulnerability could execute arbitrary commands on the target host.
+ description: Sangfor Endpoint Monitoring and Response Platform (EDR) contains a remote code execution vulnerability. An attacker could exploit this vulnerability by constructing an HTTP request which could execute arbitrary commands on the target host.
reference:
- https://www.modb.pro/db/144475
- https://blog.csdn.net/bigblue00/article/details/108434009
- https://cn-sec.com/archives/721509.html
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
+ cvss-score: 10.0
+ cve-id:
+ cwe-id: CWE-77
tags: cnvd,cnvd2020,sangfor,rce
requests:
@@ -23,3 +29,5 @@ requests:
- 'contains(body, "Log Helper")'
- 'status_code == 200'
condition: and
+
+# Enhanced by mp on 2022/05/18
diff --git a/cves/2010/CVE-2010-4239.yaml b/cves/2010/CVE-2010-4239.yaml
index 5018ed8d56..c2b4d8c476 100644
--- a/cves/2010/CVE-2010-4239.yaml
+++ b/cves/2010/CVE-2010-4239.yaml
@@ -4,12 +4,12 @@ info:
name: Tiki Wiki CMS Groupware 5.2 - Local File Inclusion
author: 0x_akoko
severity: critical
- description: Tiki Wiki CMS Groupware 5.2 has Local File Inclusion
+ description: Tiki Wiki CMS Groupware 5.2 is susceptible to a local file inclusion vulnerability.
reference:
- https://dl.packetstormsecurity.net/1009-exploits/tikiwiki52-lfi.txt
- - https://www.cvedetails.com/cve/CVE-2010-4239
- https://www.openwall.com/lists/oss-security/2010/11/22/9
- https://security-tracker.debian.org/tracker/CVE-2010-4239
+ - https://nvd.nist.gov/vuln/detail/CVE-2010-4239
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
@@ -30,3 +30,5 @@ requests:
- "fonts"
- "extensions"
condition: and
+
+# Enhanced by mp on 2022/05/18
diff --git a/cves/2018/CVE-2018-16716.yaml b/cves/2018/CVE-2018-16716.yaml
index 5a027e89ea..b74af567f1 100644
--- a/cves/2018/CVE-2018-16716.yaml
+++ b/cves/2018/CVE-2018-16716.yaml
@@ -4,7 +4,7 @@ info:
name: NCBI ToolBox - Directory Traversal
author: 0x_Akoko
severity: critical
- description: A path traversal vulnerability exists in viewcgi.c in the 2.0.7 through 2.2.26 legacy versions of the NCBI ToolBox, which may result in reading of arbitrary files (i.e., significant information disclosure) or file deletion via the nph-viewgif.cgi query string.
+ description: NCBI ToolBox 2.0.7 through 2.2.26 legacy versions contain a path traversal vulnerability via viewcgi.cgi which may result in reading of arbitrary files (i.e., significant information disclosure) or file deletion via the nph-viewgif.cgi query string.
reference:
- https://github.com/grymer/CVE/blob/master/CVE-2018-16716.md
- https://nvd.nist.gov/vuln/detail/CVE-2018-16716
@@ -29,3 +29,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by mp on 2022/05/18
diff --git a/cves/2019/CVE-2019-0230.yaml b/cves/2019/CVE-2019-0230.yaml
index 0f043c53dd..071708b088 100644
--- a/cves/2019/CVE-2019-0230.yaml
+++ b/cves/2019/CVE-2019-0230.yaml
@@ -6,11 +6,10 @@ info:
severity: critical
description: Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation when evaluated on raw user input in tag attributes, which may lead to remote code execution.
reference:
+ - https://nvd.nist.gov/vuln/detail/CVE-2019-0230
- https://cwiki.apache.org/confluence/display/WW/S2-059
- https://www.tenable.com/blog/cve-2019-0230-apache-struts-potential-remote-code-execution-vulnerability
- - https://cwiki.apache.org/confluence/display/ww/s2-059
- http://packetstormsecurity.com/files/160108/Apache-Struts-2.5.20-Double-OGNL-Evaluation.html
- - https://nvd.nist.gov/vuln/detail/CVE-2019-0230
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
diff --git a/cves/2019/CVE-2019-16920.yaml b/cves/2019/CVE-2019-16920.yaml
index 16cdedbd86..72a8c222a8 100644
--- a/cves/2019/CVE-2019-16920.yaml
+++ b/cves/2019/CVE-2019-16920.yaml
@@ -6,6 +6,7 @@ info:
severity: critical
description: D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565 contain an unauthenticated remote code execution vulnerability. The issue occurs when the attacker sends an arbitrary input to a "PingTest" device common gateway interface that could lead to common injection. An attacker who successfully triggers the command injection could achieve full system compromise. Later, it was independently found that these issues also affected; DIR-855L, DAP-1533, DIR-862L, DIR-615, DIR-835, and DIR-825.
reference:
+ - https://nvd.nist.gov/vuln/detail/CVE-2019-16920
- https://github.com/pwnhacker0x18/CVE-2019-16920-MassPwn3r
- https://fortiguard.com/zeroday/FG-VD-19-117
- https://www.seebug.org/vuldb/ssvid-98079
diff --git a/cves/2020/CVE-2020-12800.yaml b/cves/2020/CVE-2020-12800.yaml
index bc29d6d558..78797b30fb 100644
--- a/cves/2020/CVE-2020-12800.yaml
+++ b/cves/2020/CVE-2020-12800.yaml
@@ -7,10 +7,10 @@ info:
description: |
WordPress Contact Form 7 before 1.3.3.3 allows unrestricted file upload and remote code execution by setting supported_type to php% and uploading a .php% file.
reference:
+ - https://nvd.nist.gov/vuln/detail/CVE-2020-12800
- https://github.com/amartinsec/CVE-2020-12800
- https://packetstormsecurity.com/files/157951/WordPress-Drag-And-Drop-Multi-File-Uploader-Remote-Code-Execution.html
- https://wordpress.org/plugins/drag-and-drop-multiple-file-upload-contact-form-7/#developers
- - https://nvd.nist.gov/vuln/detail/CVE-2020-12800
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
diff --git a/cves/2020/CVE-2020-13942.yaml b/cves/2020/CVE-2020-13942.yaml
index 9142e38fd2..c7148c6357 100644
--- a/cves/2020/CVE-2020-13942.yaml
+++ b/cves/2020/CVE-2020-13942.yaml
@@ -12,9 +12,9 @@ info:
reference:
- https://securityboulevard.com/2020/11/apache-unomi-cve-2020-13942-rce-vulnerabilities-discovered/
- https://twitter.com/chybeta/status/1328912309440311297
+ - https://nvd.nist.gov/vuln/detail/CVE-2020-13942
- http://unomi.apache.org./security/cve-2020-13942.txt
- https://lists.apache.org/thread.html/r4a8fa91836687eaca42b5420a778ca8c8fd3a3740e4cf4401acc9118@%3Cusers.unomi.apache.org%3E
- - https://nvd.nist.gov/vuln/detail/CVE-2020-13942
remediation: Apache Unomi users should upgrade to 1.5.2 or later.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
diff --git a/cves/2021/CVE-2021-25281.yaml b/cves/2021/CVE-2021-25281.yaml
index c08ebf20ae..8a2c51684d 100644
--- a/cves/2021/CVE-2021-25281.yaml
+++ b/cves/2021/CVE-2021-25281.yaml
@@ -1,13 +1,14 @@
id: CVE-2021-25281
info:
- name: SaltStack wheel_async unauth access
+ name: SaltStack Salt <3002.5 - Auth Bypass
author: madrobot
severity: critical
- description: The SaltAPI does not honor eauth credentials for the wheel_async client. Thus, an attacker can remotely run any wheel modules on the master.
+ description: SaltStack Salt before 3002.5 does not honor eauth credentials for the wheel_async client, allowing attackers to remotely run any wheel modules on the master.
reference:
- http://hackdig.com/02/hack-283902.htm
- https://dozer.nz/posts/saltapi-vulns
+ - https://nvd.nist.gov/vuln/detail/CVE-2021-25281
- https://github.com/saltstack/salt/releases
- https://www.saltstack.com/blog/active-saltstack-cve-announced-2021-jan-21/
classification:
@@ -41,3 +42,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by mp on 2022/05/17
diff --git a/cves/2021/CVE-2021-26084.yaml b/cves/2021/CVE-2021-26084.yaml
index 961844bbd9..258235b1d3 100644
--- a/cves/2021/CVE-2021-26084.yaml
+++ b/cves/2021/CVE-2021-26084.yaml
@@ -1,13 +1,10 @@
id: CVE-2021-26084
info:
- name: Confluence Server OGNL injection - RCE
+ name: Confluence Server - Remote Code Execution
author: dhiyaneshDk,philippedelteil
severity: critical
- description: In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an authenticated user, and in some instances an unauthenticated user, to execute arbitrary
- code on a Confluence Server or Data Center instance. The vulnerable endpoints can be accessed by a non-administrator user or unauthenticated user if 'Allow people to sign up to create their account' is enabled.
- To check whether this is enabled go to COG > User Management > User Signup Options. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from
- version 7.12.0 before 7.12.5.
+ description: Confluence Server and Data Center contain an OGNL injection vulnerability that could allow an authenticated user, and in some instances an unauthenticated user, to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5. The vulnerable endpoints can be accessed by a non-administrator user or unauthenticated user if 'Allow people to sign up to create their account' is enabled. To check whether this is enabled go to COG > User Management > User Signup Options.
reference:
- https://jira.atlassian.com/browse/CONFSERVER-67940
- https://github.com/httpvoid/CVE-Reverse/tree/master/CVE-2021-26084
@@ -58,3 +55,5 @@ requests:
part: body
words:
- 'value="aaaa{140592=null}'
+
+# Enhanced by mp on 2022/05/17
diff --git a/cves/2021/CVE-2021-26295.yaml b/cves/2021/CVE-2021-26295.yaml
index 7242d4d998..39cc8c8c22 100644
--- a/cves/2021/CVE-2021-26295.yaml
+++ b/cves/2021/CVE-2021-26295.yaml
@@ -1,7 +1,7 @@
id: CVE-2021-26295
info:
- name: Apache OFBiz RMI Deserialization - Remote Code Execution
+ name: Apache OFBiz <17.12.06 - Arbitrary Code Execution
author: madrobot
severity: critical
description: |
@@ -11,6 +11,8 @@ info:
- https://packetstormsecurity.com/files/162104/Apache-OFBiz-SOAP-Java-Deserialization.html
- https://github.com/zhzyker/exphub/tree/master/ofbiz
- https://lists.apache.org/thread.html/r3c1802eaf34aa78a61b4e8e044c214bc94accbd28a11f3a276586a31%40%3Cuser.ofbiz.apache.org%3E
+ - https://lists.apache.org/thread.html/r6e4579c4ebf7efeb462962e359501c6ca4045687f12212551df2d607@%3Cnotifications.ofbiz.apache.org%3E
+ - https://nvd.nist.gov/vuln/detail/CVE-2021-26295
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
@@ -51,8 +53,11 @@ requests:
part: body
words:
- "errorMessage"
+ condition: and
- type: word
part: header
words:
- - "OFBiz.Visitor="
\ No newline at end of file
+ - "OFBiz.Visitor="
+
+# Enhanced by mp on 2022/05/17
diff --git a/cves/2021/CVE-2021-27132.yaml b/cves/2021/CVE-2021-27132.yaml
index d61addb02a..7f46e618ad 100644
--- a/cves/2021/CVE-2021-27132.yaml
+++ b/cves/2021/CVE-2021-27132.yaml
@@ -1,13 +1,14 @@
id: CVE-2021-27132
info:
- name: CRLF Injection - Sercomm VD625
+ name: Sercomm VD625 Smart Modems - CRLF Injection
author: geeknik
severity: critical
- description: Sercomm AGCOMBO VD625 Smart Modems with firmware version AGSOT_2.1.0 are vulnerable to CRLF Injection via the Content-Disposition header - https://cybertuz.com/blog/post/crlf-injection-CVE-2021-27132
+ description: Sercomm AGCOMBO VD625 Smart Modems with firmware version AGSOT_2.1.0 are vulnerable to Carriage Return Line Feed (CRLF) injection via the Content-Disposition header.
reference:
- https://cybertuz.com/blog/post/crlf-injection-CVE-2021-27132
- http://sercomm.com
+ - https://nvd.nist.gov/vuln/detail/CVE-2021-27132
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
@@ -35,3 +36,5 @@ requests:
- "X-XSS-Protection:0"
part: header
condition: and
+
+# Enhanced by mp on 2022/05/17
diff --git a/cves/2021/CVE-2021-27561.yaml b/cves/2021/CVE-2021-27561.yaml
index 1af1a16437..67b8a7ad90 100644
--- a/cves/2021/CVE-2021-27561.yaml
+++ b/cves/2021/CVE-2021-27561.yaml
@@ -1,13 +1,13 @@
id: CVE-2021-27561
info:
- name: YeaLink DM PreAuth RCE
+ name: YeaLink DM 3.6.0.20 - Remote Command Injection
author: shifacyclewala,hackergautam
severity: critical
- description: A malicious actor can trigger Unauthenticated Remote Code Execution
+ description: Yealink Device Management (DM) 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall/zone/services URI, without authentication.
reference:
- https://ssd-disclosure.com/ssd-advisory-yealink-dm-pre-auth-root-level-rce/
- - https://ssd-disclosure.com/?p=4688
+ - https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-27561
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
@@ -43,3 +43,5 @@ requests:
- type: regex
regex:
- "(u|g)id=.*"
+
+# Enhanced by mp on 2022/05/17
diff --git a/cves/2021/CVE-2021-27651.yaml b/cves/2021/CVE-2021-27651.yaml
index 6d16b1cda9..12c81fa998 100644
--- a/cves/2021/CVE-2021-27651.yaml
+++ b/cves/2021/CVE-2021-27651.yaml
@@ -1,10 +1,10 @@
id: CVE-2021-27651
info:
- name: Pega Infinity Authentication bypass
+ name: Pega Infinity - Authentication Bypass
author: idealphase
severity: critical
- description: In versions 8.2.1 through 8.5.2 of Pega Infinity, the password reset functionality for local accounts can be used to bypass local authentication checks.
+ description: Pega Infinity versions 8.2.1 through 8.5.2 contain an authentication bypass vulnerability because the password reset functionality for local accounts can be used to bypass local authentication checks.
reference:
- https://github.com/samwcyo/CVE-2021-27651-PoC/blob/main/RCE.md
- https://nvd.nist.gov/vuln/detail/CVE-2021-27651
@@ -44,4 +44,6 @@ requests:
- type: regex
regex:
- 'Pega 8\.(?:2\.[1-9]|3\.[0-9]|4\.[0-9]|5\.[0-2])'
- part: body
\ No newline at end of file
+ part: body
+
+# Enhanced by mp on 2022/05/17
diff --git a/cves/2021/CVE-2021-27850.yaml b/cves/2021/CVE-2021-27850.yaml
index fa26bfb893..913394f5e4 100644
--- a/cves/2021/CVE-2021-27850.yaml
+++ b/cves/2021/CVE-2021-27850.yaml
@@ -1,11 +1,11 @@
id: CVE-2021-27850
info:
- name: Apache Tapestry - Arbitrary class download
+ name: Apache Tapestry - Remote Code Execution
author: pdteam
severity: critical
description: |
- A critical unauthenticated remote code execution vulnerability was found all recent versions of Apache Tapestry. The affected versions include 5.4.5, 5.5.0, 5.6.2 and 5.7.0. The vulnerability I have found is a bypass of the fix for CVE-2019-0195. Recap: Before the fix of CVE-2019-0195 it was possible to download arbitrary class files from the classpath by providing a crafted asset file URL.
+ Apache Tapestry contains a critical unauthenticated remote code execution vulnerability. Affected versions include 5.4.5, 5.5.0, 5.6.2 and 5.7.0. Note that this vulnerability is a bypass of the fix for CVE-2019-0195. Before that fix it was possible to download arbitrary class files from the classpath by providing a crafted asset file URL.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2021-27850
- https://lists.apache.org/thread.html/r237ff7f286bda31682c254550c1ebf92b0ec61329b32fbeb2d1c8751%40%3Cusers.tapestry.apache.org%3E
@@ -56,3 +56,5 @@ requests:
- 'webtools'
part: body
condition: and
+
+# Enhanced by mp on 2022/05/17
diff --git a/cves/2021/CVE-2021-27905.yaml b/cves/2021/CVE-2021-27905.yaml
index cd24cb57d8..7cca79cf62 100644
--- a/cves/2021/CVE-2021-27905.yaml
+++ b/cves/2021/CVE-2021-27905.yaml
@@ -1,10 +1,11 @@
id: CVE-2021-27905
info:
- name: Apache Solr <= 8.8.1 SSRF
+ name: Apache Solr <=8.8.1 - Server-Side Request Forgery
author: hackergautam
severity: critical
- description: The ReplicationHandler (normally registered at "/replication" under a Solr core) in Apache Solr has a "masterUrl" (also "leaderUrl" alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. To prevent a SSRF vulnerability, Solr ought to check these parameters against a similar configuration it uses for the "shards" parameter. Prior to this bug getting fixed, it did not. This problem affects essentially all Solr versions prior to it getting fixed in 8.8.2.
+ description: Apache Solr versions 8.8.1 and prior contain a server-side request forgery vulnerability. The ReplicationHandler (normally registered at "/replication" under a Solr core) in Apache Solr has a "masterUrl" (also "leaderUrl" alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. To prevent a SSRF vulnerability, Solr ought to check these parameters against a similar configuration it uses for the "shards" parameter.
+ remediation: This issue is resolved in Apache Solr 8.8.2 and later.
reference:
- https://www.anquanke.com/post/id/238201
- https://ubuntu.com/security/CVE-2021-27905
@@ -43,4 +44,6 @@ requests:
- type: word
words:
- 'OK'
- part: body
\ No newline at end of file
+ part: body
+
+# Enhanced by mp on 2022/05/17
diff --git a/cves/2021/CVE-2021-27931.yaml b/cves/2021/CVE-2021-27931.yaml
index 2c8b3c0896..a426c5d084 100644
--- a/cves/2021/CVE-2021-27931.yaml
+++ b/cves/2021/CVE-2021-27931.yaml
@@ -1,11 +1,10 @@
id: CVE-2021-27931
info:
- name: LumisXP Blind XXE
+ name: LumisXP <10.0.0 - Blind XML External Entity Attack
author: alph4byt3
severity: critical
- description: LumisXP (aka Lumis Experience Platform) before 10.0.0 allows unauthenticated blind XXE via an API request to PageControllerXml.jsp. One can send a request crafted with an XXE payload and achieve outcomes
- such as reading local server files or denial of service.
+ description: LumisXP (aka Lumis Experience Platform) before 10.0.0 allows unauthenticated blind XML external entity (XXE) attacks via an API request to PageControllerXml.jsp. One can send a request crafted with an XXE payload and achieve outcomes such as reading local server files or denial of service.
reference:
- https://github.com/sl4cky/LumisXP-XXE---POC/blob/main/poc.txt
- https://nvd.nist.gov/vuln/detail/CVE-2021-27931
@@ -36,3 +35,5 @@ requests:
part: interactsh_protocol # Confirms the HTTP Interaction
words:
- "http"
+
+# Enhanced by mp on 2022/05/17
diff --git a/cves/2021/CVE-2021-28918.yaml b/cves/2021/CVE-2021-28918.yaml
index 433d761f0d..6b8216e23c 100644
--- a/cves/2021/CVE-2021-28918.yaml
+++ b/cves/2021/CVE-2021-28918.yaml
@@ -1,15 +1,14 @@
id: CVE-2021-28918
info:
- name: Netmask NPM Package SSRF
+ name: Netmask NPM Package - Server-Side Request Forgery
author: johnjhacking
severity: critical
- description: Improper input validation of octal strings in netmask npm package allows unauthenticated remote attackers to perform indeterminate SSRF, RFI, and LFI attacks on many of the dependent packages. A remote unauthenticated attacker can bypass packages relying on netmask to filter IPs and reach critical VPN or LAN hosts.
+ description: Netmask NPM Package is susceptible to server-side request forgery because of improper input validation of octal strings in netmask npm package. This allows unauthenticated remote attackers to perform indeterminate SSRF, remote file inclusion, and local file inclusion attacks on many of the dependent packages. A remote unauthenticated attacker can bypass packages relying on netmask to filter IPs and reach critical VPN or LAN hosts.
reference:
- https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-011.md
- - https://nvd.nist.gov/vuln/detail/CVE-2021-28918
- https://github.com/advisories/GHSA-pch5-whg9-qr2r
- - https://github.com/rs/node-netmask
+ - https://nvd.nist.gov/vuln/detail/CVE-2021-28918
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
cvss-score: 9.1
@@ -37,3 +36,5 @@ requests:
- type: regex
regex:
- "root:.*:0:0:"
+
+# Enhanced by mp on 2022/05/17
diff --git a/cves/2021/CVE-2021-29203.yaml b/cves/2021/CVE-2021-29203.yaml
index 8fd26b6280..2189884675 100644
--- a/cves/2021/CVE-2021-29203.yaml
+++ b/cves/2021/CVE-2021-29203.yaml
@@ -1,10 +1,10 @@
id: CVE-2021-29203
info:
- name: HPE Edgeline Infrastructure Manager v1.21 Authentication Bypass
+ name: HPE Edgeline Infrastructure Manager <1.22 - Authentication Bypass
author: madrobot
severity: critical
- description: A security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software, prior to version 1.22. The vulnerability could be remotely exploited to bypass remote authentication leading to execution of arbitrary commands, gaining privileged access, causing denial of service, and changing the configuration. HPE has released a software update to resolve the vulnerability in the HPE Edgeline Infrastructure Manager.
+ description: HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software, prior to version 1.22 contains an authentication bypass vulnerability which could be remotely exploited to bypass remote authentication and possibly lead to execution of arbitrary commands, gaining privileged access, causing denial of service, and changing the configuration.
reference:
- https://www.tenable.com/security/research/tra-2021-15
- https://nvd.nist.gov/vuln/detail/CVE-2021-29203
@@ -52,3 +52,5 @@ requests:
part: body
words:
- "Base.1.0.Created"
+
+# Enhanced by mp on 2022/05/17
diff --git a/cves/2021/CVE-2021-29441.yaml b/cves/2021/CVE-2021-29441.yaml
index 35d7facf94..7ff1c835a5 100644
--- a/cves/2021/CVE-2021-29441.yaml
+++ b/cves/2021/CVE-2021-29441.yaml
@@ -1,7 +1,7 @@
id: CVE-2021-29441
info:
- name: Nacos prior to 1.4.1 Authentication Bypass
+ name: Nacos <1.4.1 - Authentication Bypass
author: dwisiswant0
severity: critical
description: |
@@ -55,4 +55,6 @@ requests:
- type: word
words:
- "application/json"
- part: header
\ No newline at end of file
+ part: header
+
+# Enhanced by mp on 2022/05/17
diff --git a/cves/2021/CVE-2021-30461.yaml b/cves/2021/CVE-2021-30461.yaml
index 16812b85f1..5d82257613 100644
--- a/cves/2021/CVE-2021-30461.yaml
+++ b/cves/2021/CVE-2021-30461.yaml
@@ -1,13 +1,14 @@
id: CVE-2021-30461
info:
- name: VoipMonitor Pre-Auth-RCE
+ name: VoipMonitor <24.61 - Remote Code Execution
author: shifacyclewala,hackergautam
severity: critical
- description: Use of user supplied data, arriving via web interface allows remote unauthenticated users to trigger a remote PHP code execution vulnerability in VoIPmonitor.
+ description: |
+ VoipMonitor prior to 24.61 is susceptible to remote code execution vulnerabilities because of its use of user supplied data via its web interface, allowing remote unauthenticated users to trigger a remote PHP code execution vulnerability.
reference:
- https://ssd-disclosure.com/ssd-advisory-voipmonitor-unauth-rce/
- - https://ssd-disclosure.com/ssd-advisory--voipmonitor-unauth-rce
+ - https://nvd.nist.gov/vuln/detail/CVE-2021-30461
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
@@ -39,3 +40,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by mp on 2022/05/17
diff --git a/cves/2021/CVE-2021-3129.yaml b/cves/2021/CVE-2021-3129.yaml
index 3f89bea6c8..d3581dd7e3 100644
--- a/cves/2021/CVE-2021-3129.yaml
+++ b/cves/2021/CVE-2021-3129.yaml
@@ -1,14 +1,14 @@
id: CVE-2021-3129
info:
- name: Laravel <= v8.4.2 Debug Mode - Remote Code Execution
+ name: Laravel with Ignition <= v8.4.2 Debug Mode - Remote Code Execution
author: z3bd,pdteam
severity: critical
- description: Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents(). This is exploitable on sites using debug mode with Laravel before 8.4.2.
+ description: Laravel version 8.4.2 and before with Ignition before 2.5.2 allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents(). This is exploitable on sites using debug mode with Laravel before 8.4.2.
reference:
- https://www.ambionics.io/blog/laravel-debug-rce
- https://github.com/vulhub/vulhub/tree/master/laravel/CVE-2021-3129
- - https://github.com/facade/ignition/pull/334
+ - https://nvd.nist.gov/vuln/detail/CVE-2021-3129
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
@@ -84,3 +84,5 @@ requests:
- type: regex
regex:
- "(u|g)id=.*"
+
+# Enhanced by mp on 2022/05/17
diff --git a/cves/2021/CVE-2021-31856.yaml b/cves/2021/CVE-2021-31856.yaml
index 91032dcfc2..e087dac85d 100644
--- a/cves/2021/CVE-2021-31856.yaml
+++ b/cves/2021/CVE-2021-31856.yaml
@@ -1,10 +1,11 @@
id: CVE-2021-31856
info:
- name: Layer5 Meshery 0.5.2 SQLi
+ name: Layer5 Meshery 0.5.2 - SQL Injection
author: princechaddha
severity: critical
- description: A SQL Injection vulnerability in the REST API in Layer5 Meshery 0.5.2 allows an attacker to execute arbitrary SQL commands via the /experimental/patternfiles endpoint (order parameter in GetMesheryPatterns in models/meshery_pattern_persister.go).
+ description: Layer5 Meshery 0.5.2 contains a SQL injection vulnerability in the REST API that allows an attacker to execute arbitrary SQL commands via the /experimental/patternfiles endpoint (order parameter in GetMesheryPatterns
+ in models/meshery_pattern_persister.go).
reference:
- https://github.com/ssst0n3/CVE-2021-31856
- https://nvd.nist.gov/vuln/detail/CVE-2021-31856
@@ -33,3 +34,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by mp on 2022/05/17
diff --git a/cves/2021/CVE-2021-32172.yaml b/cves/2021/CVE-2021-32172.yaml
index 71b8fb8464..e5bbb54bfc 100644
--- a/cves/2021/CVE-2021-32172.yaml
+++ b/cves/2021/CVE-2021-32172.yaml
@@ -1,10 +1,10 @@
id: CVE-2021-32172
info:
- name: Maian Cart 3.8 preauth RCE
+ name: Maian Cart <=3.8 - Remote Code Execution
author: pdteam
severity: critical
- description: A severe vulnerability has been kindly reported to me by security advisor DreyAnd. The issue concerns the elFinder file manager plugin in Maian Cart and it affects all versions from 3.0 to 3.8.
+ description: Maian Cart 3.0 to 3.8 via the elFinder file manager plugin contains a remote code execution vulnerability.
reference:
- https://dreyand.github.io/maian-cart-rce/
- https://github.com/DreyAnd/maian-cart-rce
@@ -53,3 +53,5 @@ requests:
- 'contains(body_3, "{{randstr_1}}")'
- "status_code_3 == 200"
condition: and
+
+# Enhanced by mp on 2022/05/18
diff --git a/cves/2021/CVE-2021-32305.yaml b/cves/2021/CVE-2021-32305.yaml
index 79b097e71f..45fb64b4ce 100644
--- a/cves/2021/CVE-2021-32305.yaml
+++ b/cves/2021/CVE-2021-32305.yaml
@@ -1,15 +1,15 @@
id: CVE-2021-32305
info:
- name: Websvn 2.6.0 - Remote Code Execution (Unauthenticated)
+ name: Websvn <2.6.1 - Remote Code Execution
author: gy741
severity: critical
description: WebSVN before 2.6.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the search parameter.
reference:
- - https://nvd.nist.gov/vuln/detail/CVE-2021-32305
- https://packetstormsecurity.com/files/163225/Websvn-2.6.0-Remote-Code-Execution.html
- https://github.com/websvnphp/websvn/pull/142
- http://packetstormsecurity.com/files/163225/Websvn-2.6.0-Remote-Code-Execution.html
+ - https://nvd.nist.gov/vuln/detail/CVE-2021-32305
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
@@ -30,3 +30,5 @@ requests:
part: interactsh_protocol # Confirms the HTTP Interaction
words:
- "http"
+
+# Enhanced by mp on 2022/05/18
diff --git a/cves/2021/CVE-2021-33221.yaml b/cves/2021/CVE-2021-33221.yaml
index a4294e5273..3b6825a4ed 100644
--- a/cves/2021/CVE-2021-33221.yaml
+++ b/cves/2021/CVE-2021-33221.yaml
@@ -1,14 +1,15 @@
id: CVE-2021-33221
info:
- name: CommScope Ruckus IoT Controller Unauthenticated Service Details
+ name: CommScope Ruckus IoT Controller - Information Disclosure
author: geeknik
severity: critical
- description: A 'service details' API endpoint discloses system and configuration information to an attacker without requiring authentication. This information includes DNS and NTP servers that the devices use for time and host resolution. It also includes the internal hostname and IoT Controller version. A fully configured device in production may leak other, more sensitive information (API keys and tokens).
+ description: CommScope Ruckus IoT Controller is susceptible to information disclosure vulnerabilities because a 'service details' API endpoint discloses system and configuration information to an attacker without requiring authentication. This information includes DNS and NTP servers that the devices use for time and host resolution. It also includes the internal hostname and IoT Controller version. A fully configured device in production may leak other, more sensitive information (API keys and tokens).
reference:
- https://www.commscope.com/globalassets/digizuite/917216-faq-security-advisory-id-20210525-v1-0.pdf
- http://seclists.org/fulldisclosure/2021/May/72
- https://korelogic.com/advisories.html
+ - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33221
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
@@ -38,3 +39,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by mp on 2022/05/18
diff --git a/cves/2021/CVE-2021-33357.yaml b/cves/2021/CVE-2021-33357.yaml
index a29bf15f9b..cb52ddd4ea 100644
--- a/cves/2021/CVE-2021-33357.yaml
+++ b/cves/2021/CVE-2021-33357.yaml
@@ -1,16 +1,16 @@
id: CVE-2021-33357
info:
- name: RaspAP <= 2.6.5 - Remote Code Execution
+ name: RaspAP <=2.6.5 - Remote Command Injection
author: pikpikcu,pdteam
severity: critical
description: |
- RaspAP 2.6 to 2.6.5 in the "iface" GET parameter in /ajax/networking/get_netcfg.php, when the "iface" parameter value contains special characters such as ";" which enables an unauthenticated attacker to execute arbitrary OS commands.
+ RaspAP 2.6 to 2.6.5 allows unauthenticated attackers to execute arbitrary OS commands via the "iface" GET parameter in /ajax/networking/get_netcfg.php, when the "iface" parameter value contains special characters such as ";".
reference:
- https://checkmarx.com/blog/chained-raspap-vulnerabilities-grant-root-level-access/
- https://gist.github.com/omriinbar/52c000c02a6992c6ce68d531195f69cf
- - https://nvd.nist.gov/vuln/detail/CVE-2021-33357
- https://github.com/RaspAP/raspap-webgui
+ - https://nvd.nist.gov/vuln/detail/CVE-2021-33357
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
@@ -39,4 +39,6 @@ requests:
part: interactsh_request
group: 1
regex:
- - 'GET \/([a-z-]+) HTTP'
\ No newline at end of file
+ - 'GET \/([a-z-]+) HTTP'
+
+# Enhanced by mp on 2022/05/18
diff --git a/cves/2021/CVE-2021-33564.yaml b/cves/2021/CVE-2021-33564.yaml
index e99d537b51..f8c09008f5 100644
--- a/cves/2021/CVE-2021-33564.yaml
+++ b/cves/2021/CVE-2021-33564.yaml
@@ -1,15 +1,16 @@
id: CVE-2021-33564
info:
- name: Argument Injection in Ruby Dragonfly
+ name: Ruby Dragonfly <1.4.0 - Remote Code Execution
author: 0xsapra
severity: critical
- description: An argument injection vulnerability in the Dragonfly gem before 1.4.0 for Ruby allows remote attackers to read and write to arbitrary files via a crafted URL when the verify_url option is disabled. This may lead to code execution. The problem occurs because the generate and process features mishandle use of the ImageMagick convert utility.
+ description: Ruby Dragonfly before 1.4.0 contains an argument injection vulnerability that allows remote attackers to read and write to arbitrary files via a crafted URL when the verify_url option is disabled. This may lead to code execution. The problem occurs because the generate and process features mishandle use of the ImageMagick convert utility.
reference:
- https://zxsecurity.co.nz/research/argunment-injection-ruby-dragonfly/
- https://github.com/markevans/dragonfly/compare/v1.3.0...v1.4.0
- https://github.com/markevans/dragonfly/commit/25399297bb457f7fcf8e3f91e85945b255b111b5
- https://github.com/mlr0p/CVE-2021-33564
+ - https://nvd.nist.gov/vuln/detail/CVE-2021-33564
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
@@ -31,3 +32,5 @@ requests:
- type: regex
regex:
- "root:.*:0:0:"
+
+# Enhanced by mp on 2022/05/18
diff --git a/cves/2021/CVE-2021-3378.yaml b/cves/2021/CVE-2021-3378.yaml
index f44e50ac50..8ae13590a4 100644
--- a/cves/2021/CVE-2021-3378.yaml
+++ b/cves/2021/CVE-2021-3378.yaml
@@ -1,13 +1,11 @@
id: CVE-2021-3378
info:
- name: FortiLogger Unauthenticated Arbitrary File Upload
+ name: FortiLogger 4.4.2.2 - Arbitrary File Upload
author: dwisiswant0
severity: critical
description: |
- This template detects an unauthenticated arbitrary file upload
- via insecure POST request. It has been tested on version 4.4.2.2 in
- Windows 10 Enterprise.
+ FortiLogger 4.4.2.2 is affected by arbitrary file upload issues. Attackers can send a "Content-Type: image/png" header to Config/SaveUploadedHotspotLogoFile and then Assets/temp/hotspot/img/logohotspot.asp.
reference:
- https://erberkan.github.io/2021/cve-2021-3378/
- https://github.com/erberkan/fortilogger_arbitrary_fileupload
@@ -58,4 +56,6 @@ requests:
- "text/plain"
- "ASP.NET"
condition: and
- part: header
\ No newline at end of file
+ part: header
+
+# Enhanced by mp on 2022/05/18
diff --git a/cves/2021/CVE-2021-36356.yaml b/cves/2021/CVE-2021-36356.yaml
index 1bcb597522..af120b662f 100644
--- a/cves/2021/CVE-2021-36356.yaml
+++ b/cves/2021/CVE-2021-36356.yaml
@@ -1,7 +1,7 @@
id: CVE-2021-36356
info:
- name: Kramer VIAware RCE
+ name: Kramer VIAware - Remote Code Execution
author: gy741
severity: critical
description: KRAMER VIAware through August 2021 allows remote attackers to execute arbitrary code because ajaxPages/writeBrowseFilePathAjax.php accepts arbitrary executable pathnames.
@@ -35,3 +35,5 @@ requests:
part: interactsh_protocol
words:
- "http"
+
+# Enhanced by mp on 2022/05/18
diff --git a/cves/2021/CVE-2021-44077.yaml b/cves/2021/CVE-2021-44077.yaml
index 0f49c0e028..a3fb47f535 100644
--- a/cves/2021/CVE-2021-44077.yaml
+++ b/cves/2021/CVE-2021-44077.yaml
@@ -10,6 +10,7 @@ info:
- https://unit42.paloaltonetworks.com/tiltedtemple-manageengine-servicedesk-plus/
- https://github.com/horizon3ai/CVE-2021-44077
- https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/manageengine_servicedesk_plus_cve_2021_44077.rb
+ - https://nvd.nist.gov/vuln/detail/CVE-2021-44077
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
@@ -30,4 +31,6 @@ requests:
- type: status
status:
- - 200
\ No newline at end of file
+ - 200
+
+# Enhanced by mp on 2022/05/18
diff --git a/cves/2021/CVE-2021-44515.yaml b/cves/2021/CVE-2021-44515.yaml
index 339271db14..040d2b7fb9 100644
--- a/cves/2021/CVE-2021-44515.yaml
+++ b/cves/2021/CVE-2021-44515.yaml
@@ -4,17 +4,19 @@ info:
name: Zoho ManageEngine Desktop Central - Remote Code Execution
author: Adam Crosser
severity: critical
- description: Zoho Desktop Central contains an authentication bypass vulnerability that could allow an attacker to execute arbitrary code in the Desktop Central MSP server.
+ description: Zoho ManageEngine Desktop Central contains an authentication bypass vulnerability that could allow an attacker to execute arbitrary code in the Desktop Central MSP server.
reference:
- https://www.cisa.gov/uscert/ncas/current-activity/2021/12/10/cisa-adds-13-known-exploited-vulnerabilities-catalog
- https://srcincite.io/blog/2022/01/20/zohowned-a-critical-authentication-bypass-on-zoho-manageengine-desktop-central.html
- https://attackerkb.com/topics/rJw4DFI2RQ/cve-2021-44515/rapid7-analysis
- https://pitstop.manageengine.com/portal/en/community/topic/an-authentication-bypass-vulnerability-identified-and-fixed-in-desktop-central-and-desktop-central-msp
+ - https://nvd.nist.gov/vuln/detail/CVE-2021-44515
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2021-44515
cwe-id: CWE-287
+ remediation: For Enterprise builds 10.1.2127.17 and earlier, upgrade to 10.1.2127.18. For Enterprise builds 10.1.2128.0 through 10.1.2137.2, upgrade to 10.1.2137.3. For MSP builds 10.1.2127.17 and earlier, upgrade to 10.1.2127.18. For MSP builds 10.1.2128.0 through 10.1.2137.2, upgrade to 10.1.2137.3.
tags: cve,cve2021,cisa,zoho,rce,manageengine
requests:
@@ -37,4 +39,6 @@ requests:
- type: word
part: header
words:
- - "UEMJSESSIONID="
\ No newline at end of file
+ - "UEMJSESSIONID="
+
+# Enhanced by mp on 2022/05/18
diff --git a/cves/2021/CVE-2021-46422.yaml b/cves/2021/CVE-2021-46422.yaml
index b696388cd7..33aa2439bb 100644
--- a/cves/2021/CVE-2021-46422.yaml
+++ b/cves/2021/CVE-2021-46422.yaml
@@ -1,15 +1,15 @@
id: CVE-2021-46422
info:
- name: SDT-CW3B1 1.1.0 - OS command injection
+ name: SDT-CW3B1 1.1.0 - OS Command Injection
author: badboycxcc
severity: critical
description: |
Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vulnerability that allows a remote attacker to execute OS commands without any authentication.
reference:
- https://www.exploit-db.com/exploits/50936
- - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46422
- - https://drive.google.com/drive/folders/1YJlVlb4SlTEGONzIjiMwd2P7ucP_Pm7T?usp=sharing
+ - https://drive.google.com/drive/folders/1YJlVlb4SlTEGONzIjiMwd2P7ucP_Pm7T?
+ - https://nvd.nist.gov/vuln/detail/CVE-2021-46422
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
@@ -32,3 +32,5 @@ requests:
part: body
regex:
- "root:.*:0:0:"
+
+# Enhanced by mp on 2022/05/18
diff --git a/cves/2021/CVE-2021-46424.yaml b/cves/2021/CVE-2021-46424.yaml
index b38d876e56..1ff5eb9003 100644
--- a/cves/2021/CVE-2021-46424.yaml
+++ b/cves/2021/CVE-2021-46424.yaml
@@ -1,15 +1,15 @@
id: CVE-2021-46424
info:
- name: TLR-2005KSH - Arbitrary File Delete
+ name: Telesquare TLR-2005KSH 1.0.0 - Arbitrary File Delete
author: gy741
severity: critical
description: Telesquare TLR-2005KSH 1.0.0 is affected by an arbitrary file deletion vulnerability that allows a remote attacker to delete any file, even system internal files, via a DELETE request.
reference:
- https://dl.packetstormsecurity.net/2205-exploits/tlr2005ksh-filedelete.txt
- - https://nvd.nist.gov/vuln/detail/CVE-2021-46424
- https://drive.google.com/drive/folders/1_e3eJ8fzhCWnCkoRpbLoyQecuKkPR4OD?usp=sharing
- http://packetstormsecurity.com/files/167127/TLR-2005KSH-Arbitrary-File-Delete.html
+ - https://nvd.nist.gov/vuln/detail/CVE-2021-46424
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
cvss-score: 9.1
@@ -40,3 +40,5 @@ requests:
- type: dsl
dsl:
- "status_code_1 == 200 && status_code_2 == 204 && status_code_3 == 404"
+
+# Enhanced by mp on 2022/05/18
diff --git a/cves/2022/CVE-2022-0482.yaml b/cves/2022/CVE-2022-0482.yaml
index b450d39490..9e6755261d 100644
--- a/cves/2022/CVE-2022-0482.yaml
+++ b/cves/2022/CVE-2022-0482.yaml
@@ -1,16 +1,16 @@
id: CVE-2022-0482
info:
- name: Easy!Appointments Broken Access Control
+ name: Easy!Appointments <1.4.3 - Broken Access Control
author: francescocarlucci,opencirt
severity: critical
description: |
- Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository alextselegidis/easyappointments prior to 1.4.3.
+ Easy!Appointments prior to 1.4.3 allows exposure of Private Personal Information to an unauthorized actor via the GitHub repository alextselegidis/easyappointments.
reference:
- https://huntr.dev/bounties/2fe771ef-b615-45ef-9b4d-625978042e26/
- - https://nvd.nist.gov/vuln/detail/CVE-2022-0482
- https://github.com/alextselegidis/easyappointments
- https://opencirt.com/hacking/securing-easy-appointments-cve-2022-0482/
+ - https://nvd.nist.gov/vuln/detail/CVE-2022-0482
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
cvss-score: 9.1
@@ -53,3 +53,5 @@ requests:
- '"appointments":'
- '"unavailables":'
condition: and
+
+# Enhanced by mp on 2022/05/18
diff --git a/cves/2022/CVE-2022-0540.yaml b/cves/2022/CVE-2022-0540.yaml
index 7b42b0d945..0300df4213 100644
--- a/cves/2022/CVE-2022-0540.yaml
+++ b/cves/2022/CVE-2022-0540.yaml
@@ -1,11 +1,11 @@
id: CVE-2022-0540
info:
- name: Atlassian Jira Seraph- Authentication Bypass
+ name: Atlassian Jira Seraph - Authentication Bypass
author: DhiyaneshDK
severity: critical
description: |
- A vulnerability in Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP request. This affects Atlassian Jira Server and Data Center versions before 8.13.18, versions 8.14.0 and later before 8.20.6, and versions 8.21.0 and later before 8.22.0. This also affects Atlassian Jira Service Management Server and Data Center versions before 4.13.18, versions 4.14.0 and later before 4.20.6, and versions 4.21.0 and later before 4.22.0.
+ Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP request. This affects Atlassian Jira Server and Data Center versions before 8.13.18, versions 8.14.0 and later before 8.20.6, and versions 8.21.0 and later before 8.22.0. This also affects Atlassian Jira Service Management Server and Data Center versions before 4.13.18, versions 4.14.0 and later before 4.20.6, and versions 4.21.0 and later before 4.22.0.
reference:
- https://blog.viettelcybersecurity.com/cve-2022-0540-authentication-bypass-in-seraph/
- https://nvd.nist.gov/vuln/detail/CVE-2022-0540
@@ -34,3 +34,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by mp on 2022/05/18
diff --git a/cves/2022/CVE-2022-0543.yaml b/cves/2022/CVE-2022-0543.yaml
index 3c48491df2..8db0488010 100644
--- a/cves/2022/CVE-2022-0543.yaml
+++ b/cves/2022/CVE-2022-0543.yaml
@@ -1,7 +1,7 @@
id: CVE-2022-0543
info:
- name: Redis Sandbox Escape RCE
+ name: Redis Sandbox Escape - Remote Code Execution
author: dwisiswant0
severity: critical
description: |
@@ -9,8 +9,6 @@ info:
vulnerability was introduced by Debian and Ubuntu Redis packages that
insufficiently sanitized the Lua environment. The maintainers failed to
disable the package interface, allowing attackers to load arbitrary libraries.
-
- Taken from rapid7/metasploit-framework#16504.
reference:
- https://www.ubercomp.com/posts/2022-01-20_redis_on_debian_rce
- https://attackerkb.com/topics/wyA1c1HIC8/cve-2022-0543/rapid7-analysis#rapid7-analysis
@@ -37,3 +35,5 @@ network:
- type: regex
regex:
- "root:.*:0:0:"
+
+# Enhanced by mp on 2022/05/18
diff --git a/cves/2022/CVE-2022-0591.yaml b/cves/2022/CVE-2022-0591.yaml
index 63be423ad1..6f32f5bea4 100644
--- a/cves/2022/CVE-2022-0591.yaml
+++ b/cves/2022/CVE-2022-0591.yaml
@@ -1,10 +1,10 @@
id: CVE-2022-0591
info:
- name: Formcraft3 < 3.8.28 - Unauthenticated SSRF
+ name: Formcraft3 <3.8.28 - Server-Side Request Forgery
author: Akincibor
severity: critical
- description: The plugin does not validate the URL parameter in the formcraft3_get AJAX action, leading to SSRF issues exploitable by unauthenticated users.
+ description: Formcraft3 before version 3.8.2 does not validate the URL parameter in the formcraft3_get AJAX action, leading to server-side request forgery issues exploitable by unauthenticated users.
reference:
- https://wpscan.com/vulnerability/b5303e63-d640-4178-9237-d0f524b13d47
- https://nvd.nist.gov/vuln/detail/CVE-2022-0591
@@ -25,3 +25,5 @@ requests:
part: interactsh_protocol # Confirms the HTTP Interaction
words:
- "http"
+
+# Enhanced by mp on 2022/05/18
diff --git a/cves/2022/CVE-2022-1020.yaml b/cves/2022/CVE-2022-1020.yaml
index 4205dd83ae..5527072978 100644
--- a/cves/2022/CVE-2022-1020.yaml
+++ b/cves/2022/CVE-2022-1020.yaml
@@ -1,10 +1,10 @@
id: CVE-2022-1020
info:
- name: Woo Product Table < 3.1.2 - Unauthenticated Arbitrary Function Call
+ name: WordPress WooCommerce <3.1.2 - Arbitrary Function Call
author: Akincibor
severity: critical
- description: The Product Table for WooCommerce (wooproducttable) WordPress plugin before 3.1.2 does not have authorisation and CSRF checks in the wpt_admin_update_notice_option AJAX action (available to both unauthenticated and authenticated users), as well as does not validate the callback parameter, allowing unauthenticated attackers to call arbitrary functions with either none or one user controlled argument
+ description: WordPress WooCommerce plugin before 3.1.2 does not have authorisation and CSRF checks in the wpt_admin_update_notice_option AJAX action (available to both unauthenticated and authenticated users), as well as does not validate the callback parameter, allowing unauthenticated attackers to call arbitrary functions with either none or one user controlled argument.
reference:
- https://wpscan.com/vulnerability/04fe89b3-8ad1-482f-a96d-759d1d3a0dd5
- https://nvd.nist.gov/vuln/detail/CVE-2022-1020
@@ -42,3 +42,5 @@ requests:
group: 1
regex:
- '>PHP Version <\/td>| ([0-9.]+)'
+
+# Enhanced by mp on 2022/05/18
diff --git a/cves/2022/CVE-2022-1598.yaml b/cves/2022/CVE-2022-1598.yaml
index 3c18f4887e..22e863a639 100644
--- a/cves/2022/CVE-2022-1598.yaml
+++ b/cves/2022/CVE-2022-1598.yaml
@@ -11,6 +11,8 @@ info:
reference:
- https://wpscan.com/vulnerability/faff9484-9fc7-4300-bdad-9cd8a30a9a4e
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1597
+ classification:
+ cve-id: CVE-2022-1598
metadata:
verified: true
google-dork: inurl:/wp-content/plugins/wpqa
diff --git a/cves/2022/CVE-2022-30489.yaml b/cves/2022/CVE-2022-30489.yaml
index 4895fbdb09..e8a55ffaef 100644
--- a/cves/2022/CVE-2022-30489.yaml
+++ b/cves/2022/CVE-2022-30489.yaml
@@ -4,7 +4,8 @@ info:
name: Wavlink Wn535g3 - POST XSS
author: For3stCo1d
severity: high
- description: WAVLINK WN535 G3 was discovered to contain a cross-site scripting (XSS) vulnerability via the hostname parameter at /cgi-bin/login.cgi.
+ description: |
+ WAVLINK WN535 G3 was discovered to contain a cross-site scripting (XSS) vulnerability via the hostname parameter at /cgi-bin/login.cgi.
reference:
- https://github.com/badboycxcc/XSS-CVE-2022-30489
- https://nvd.nist.gov/vuln/detail/CVE-2022-30489
@@ -12,6 +13,8 @@ info:
metadata:
shodan-query: http.title:"Wi-Fi APP Login"
verified: "true"
+ classification:
+ cve-id: CVE-2022-30489
tags: xss,cve2022,wavlink,cve,router,iot
requests:
diff --git a/cves/2022/CVE-2022-30525.yaml b/cves/2022/CVE-2022-30525.yaml
index 0ad6622783..26f6610bda 100644
--- a/cves/2022/CVE-2022-30525.yaml
+++ b/cves/2022/CVE-2022-30525.yaml
@@ -13,6 +13,8 @@ info:
- https://www.zyxel.com/support/Zyxel-security-advisory-for-OS-command-injection-vulnerability-of-firewalls.shtml
metadata:
shodan-query: title:"USG FLEX 100","USG FLEX 100w","USG FLEX 200","USG FLEX 500","USG FLEX 700","USG FLEX 50","USG FLEX 50w","ATP100","ATP200","ATP500","ATP700"
+ classification:
+ cve-id: CVE-2022-30525
tags: rce,zyxel,cve,cve2022,firewall,unauth
requests:
diff --git a/workflows/yonyou-nc-workflow.yaml b/workflows/yonyou-nc-workflow.yaml
index 4d0e27a715..e725d45706 100644
--- a/workflows/yonyou-nc-workflow.yaml
+++ b/workflows/yonyou-nc-workflow.yaml
@@ -3,11 +3,11 @@ id: yonyou-ufida-nc-workflow
info:
name: Yonyou Ufida NC Security Checks
author: Arm!tage
- description: A simple workflow that runs all yonyou ufida nc related nuclei templates on a given target.
+ description: A simple workflow that runs all Yonyou Network Technology Co. (Ufida) NC related nuclei templates on a given target.
workflows:
- template: technologies/fingerprinthub-web-fingerprints.yaml
matchers:
- name: yonyou-ism
subtemplates:
- - tags: yonyou
\ No newline at end of file
+ - tags: yonyou
|