daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Dashboard Content Enhancements (#6526) 

Dashboard Content Enhancements
patch-1
MostInterestingBotInTheWorld 2023-01-16 12:41:15 -05:00 committed by GitHub
parent 986d78fe6a
commit 643700ca28
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
144 changed files with 971 additions and 242 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
cves/2016/CVE-2016-6601.yaml
View File

@ -1,10 +1,10 @@
id: CVE-2016-6601
info:
name: ZOHO WebNMS Framework 5.2 and 5.2 SP1 - Directory Traversal
name: ZOHO WebNMS Framework <5.2 SP1 - Local File Inclusion
author: 0x_Akoko
severity: high
description: Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parameter to servlets/FetchFile
description: ZOHO WebNMS Framework before version 5.2 SP1 is vulnerable local file inclusion which allows an attacker to read arbitrary files via a .. (dot dot) in the fileName parameter to servlets/FetchFile.
reference:
- https://github.com/pedrib/PoC/blob/master/advisories/webnms-5.2-sp1-pwn.txt
- https://www.exploit-db.com/exploits/40229/
@ -30,3 +30,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2023/01/15

8
cves/2017/CVE-2017-14186.yaml
View File

@ -1,16 +1,16 @@
id: CVE-2017-14186
info:
name: FortiGate SSL VPN Web Portal - Cross Site Scripting
name: FortiGate FortiOS SSL VPN Web Portal - Cross-Site Scripting
author: johnk3r
severity: medium
description: |
Failure to sanitize the login redir parameter in the SSL-VPN web portal may allow an attacker to perform a Cross-site Scripting (XSS) or an URL Redirection attack.
FortiGate FortiOS through SSL VPN Web Portal contains a cross-site scripting vulnerability. The login redir parameter is not santized, so an attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks such as a URL redirect. Affected versions are 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, and 5.4 and below.
reference:
- https://www.fortiguard.com/psirt/FG-IR-17-242
- https://nvd.nist.gov/vuln/detail/CVE-2017-14186
- https://fortiguard.com/advisory/FG-IR-17-242
- https://web.archive.org/web/20210801135714/http://www.securitytracker.com/id/1039891
- https://nvd.nist.gov/vuln/detail/CVE-2017-14186
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.4
@ -40,3 +40,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2023/01/11

4
cves/2018/CVE-2018-17246.yaml
View File

@ -7,9 +7,9 @@ info:
description: Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request that will attempt to execute JavaScript which could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.
reference:
- https://github.com/vulhub/vulhub/blob/master/kibana/CVE-2018-17246/README.md
- https://nvd.nist.gov/vuln/detail/CVE-2018-17246
- https://www.elastic.co/community/security
- https://discuss.elastic.co/t/elastic-stack-6-4-3-and-5-6-13-security-update/155594
- https://nvd.nist.gov/vuln/detail/CVE-2018-17246
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
@ -41,3 +41,5 @@ requests:
part: header
words:
- "application/json"
# Enhanced by mp on 2023/01/15

6
cves/2019/CVE-2019-12616.yaml
View File

@ -1,10 +1,10 @@
id: CVE-2019-12616
info:
name: phpMyAdmin < 4.9.0 - CSRF
name: phpMyAdmin <4.9.0 - Cross-Site Request Forgery
author: Mohammedsaneem,philippedelteil,daffainfo
severity: medium
description: A vulnerability was found that allows an attacker to trigger a CSRF attack against a phpMyAdmin user. The attacker can trick the user, for instance through a broken <img> tag pointing at the victim's phpMyAdmin database, and the attacker can potentially deliver a payload (such as a specific INSERT or DELETE statement) through the victim.
description: phpMyAdmin before 4.9.0 is susceptible to cross-site request forgery. An attacker can utilize a broken <img> tag which points at the victim's phpMyAdmin database, thus leading to potential delivery of a payload, such as a specific INSERT or DELETE statement.
reference:
- https://www.phpmyadmin.net/security/PMASA-2019-4/
- https://www.exploit-db.com/exploits/46982
@ -50,3 +50,5 @@ requests:
group: 1
regex:
- '\?v=([0-9.]+)'
# Enhanced by md on 2023/01/11

8
cves/2019/CVE-2019-14530.yaml
View File

@ -1,16 +1,16 @@
id: CVE-2019-14530
info:
name: OpenEMR < 5.0.2 - Path Traversal
name: OpenEMR <5.0.2 - Local File Inclusion
author: TenBird
severity: high
description: |
An issue was discovered in custom/ajax_download.php in OpenEMR before 5.0.2 via the fileName parameter. An attacker can download any file (that is readable by the user www-data) from server storage. If the requested file is writable for the www-data user and the directory /var/www/openemr/sites/default/documents/cqm_qrda/ exists, it will be deleted from server.
OpenEMR before 5.0.2 is vulnerable to local file inclusion via the fileName parameter in custom/ajax_download.php. An attacker can download any file (that is readable by the web server user) from server storage. If the requested file is writable for the web server user and the directory /var/www/openemr/sites/default/documents/cqm_qrda/ exists, the file will be deleted from server.
reference:
- https://www.exploit-db.com/exploits/50037
- https://github.com/openemr/openemr/archive/refs/tags/v5_0_1_7.zip
- https://nvd.nist.gov/vuln/detail/CVE-2019-14530
- https://github.com/openemr/openemr/pull/2592
- https://nvd.nist.gov/vuln/detail/CVE-2019-14530
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.8
@ -50,3 +50,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2023/01/15

6
cves/2021/CVE-2021-20323.yaml
View File

@ -1,11 +1,11 @@
id: CVE-2021-20323
info:
name: Keycloak < 18.0.0 - Cross Site Scripting
name: Keycloak 10.0.0 - 18.0.0 - Cross-Site Scripting
author: ndmalc
severity: medium
description: |
Keycloak before 18.0.0 and after 10.0.0 allows a reflected XSS on client-registrations endpoint. On POST request, when a request is submitted, the application does not sanitize unknown attribute name before including it in the error response with a 'Content-Type' of text/hml. Once reflected, the response is interpreted as html. This can be performed on any realm present on the Keycloak instance. Currently, due to the bug requiring Content-Type application/json and is submitted via a POST, there is no common path to exploit that have a user impact.
Keycloak 10.0.0 to 18.0.0 contains a cross-site scripting vulnerability via the client-registrations endpoint. On a POST request, the application does not sanitize an unknown attribute name before including it in the error response with a 'Content-Type' of text/hml. Once reflected, the response is interpreted as HTML. This can be performed on any realm present on the Keycloak instance. Since the bug requires Content-Type application/json and is submitted via a POST, there is no common path to exploit that has a user impact.
reference:
- https://github.com/keycloak/keycloak/security/advisories/GHSA-m98g-63qj-fp8j
- https://bugzilla.redhat.com/show_bug.cgi?id=2013577
@ -52,3 +52,5 @@ requests:
- type: status
status:
- 400
# Enhanced by md on 2023/01/06

2
miscellaneous/unpatched-coldfusion.yaml → cves/2021/CVE-2021-21087.yaml
View File

@ -1,4 +1,4 @@
id: unpatched-coldfusion
id: CVE-2021-21087
info:
name: Adobe ColdFusion - Remote Code Execution

11
cves/2021/CVE-2021-24227.yaml
View File

@ -1,18 +1,15 @@
id: CVE-2021-24227
info:
name: Patreon WordPress < 1.7.0 - Unauthenticated Local File Disclosure
name: Patreon WordPress <1.7.0 - Unauthenticated Local File Inclusion
author: theamanrawat
severity: high
description: The Jetpack Scan team identified a Local File Disclosure vulnerability
in the Patreon WordPress plugin before 1.7.0 that could be abused by anyone visiting
the site. Using this attack vector, an attacker could leak important internal
files like wp-config.php, which contains database credentials and cryptographic
keys used in the generation of nonces and cookies.
description: Patreon WordPress before version 1.7.0 is vulnerable to unauthenticated local file inclusion that could be abused by anyone visiting the site. Exploitation by an attacker could leak important internal files like wp-config.php, which contains database credentials and cryptographic keys used in the generation of nonces and cookies.
reference:
- https://wpscan.com/vulnerability/f62df02d-7678-440f-84a1-ddbf09364016
- https://wordpress.org/plugins/patreon-connect/
- https://jetpack.com/2021/03/26/vulnerabilities-found-in-patreon-wordpress-plugin/
- https://nvd.nist.gov/vuln/detail/CVE-2021-24227
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
@ -34,3 +31,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2023/01/15

8
cves/2021/CVE-2021-24827.yaml
View File

@ -1,16 +1,16 @@
id: CVE-2021-24827
info:
name: Asgaros Forum < 1.15.13 - Unauthenticated SQL Injection
name: WordPress Asgaros Forum <1.15.13 - SQL Injection
author: theamanrawat
severity: critical
description: |
The Asgaros Forum WordPress plugin before 1.15.13 does not validate and escape user input when subscribing to a topic before using it in a SQL statement, leading to an unauthenticated SQL injection issue.
WordPress Asgaros Forum plugin before 1.15.13 is susceptible to SQL injection. The plugin does not validate and escape user input when subscribing to a topic before using it in a SQL statement. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
reference:
- https://wpscan.com/vulnerability/36cc5151-1d5e-4874-bcec-3b6326235db1
- https://wordpress.org/plugins/asgaros-forum/
- https://nvd.nist.gov/vuln/detail/CVE-2021-24827
- https://plugins.trac.wordpress.org/changeset/2611560/asgaros-forum
- https://nvd.nist.gov/vuln/detail/CVE-2021-24827
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
@ -35,3 +35,5 @@ requests:
- 'contains(content_type, "text/html")'
- 'contains(body, "asgarosforum")'
condition: and
# Enhanced by md on 2023/01/06

6
cves/2021/CVE-2021-24946.yaml
View File

@ -1,11 +1,11 @@
id: CVE-2021-24946
info:
name: Modern Events Calendar < 6.1.5 - Blind SQL Injection
name: WordPress Modern Events Calendar <6.1.5 - Blind SQL Injection
author: theamanrawat
severity: critical
description: |
The plugin does not sanitise and escape the time parameter before using it in a SQL statement in the mec_load_single_page AJAX action, available to unauthenticated users, leading to an unauthenticated SQL injection issue.
WordPress Modern Events Calendar plugin before 6.1.5 is susceptible to blind SQL injection. The plugin does not sanitize and escape the time parameter before using it in a SQL statement in the mec_load_single_page AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
reference:
- https://wpscan.com/vulnerability/09871847-1d6a-4dfe-8a8c-f2f53ff87445
- https://wordpress.org/plugins/modern-events-calendar-lite/
@ -34,3 +34,5 @@ requests:
- 'contains(content_type, "text/html")'
- 'contains(body, "The event is finished") || contains(body, "been a critical error")'
condition: and
# Enhanced by md on 2023/01/06

6
cves/2021/CVE-2021-25099.yaml
View File

@ -1,11 +1,11 @@
id: CVE-2021-25099
info:
name: Give < 2.17.3 - Cross-Site Scripting
name: WordPress GiveWP <2.17.3 - Cross-Site Scripting
author: theamanrawat
severity: medium
description: |
The GiveWP WordPress plugin before 2.17.3 does not sanitise and escape the form_id parameter before outputting it back in the response of an unauthenticated request via the give_checkout_login AJAX action, leading to a Reflected Cross-Site Scripting.
WordPress GiveWP plugin before 2.17.3 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape the form_id parameter before returning it in the response of an unauthenticated request via the give_checkout_login AJAX action. An attacker can inject arbitrary script in the browser of a user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
reference:
- https://wpscan.com/vulnerability/87a64b27-23a3-40f5-a3d8-0650975fee6f
- https://wordpress.org/plugins/give/
@ -36,3 +36,5 @@ requests:
- 'contains(body, "<script>alert(document.domain)</script>")'
- 'contains(body, "give_user_login")'
condition: and
# Enhanced by md on 2023/01/06

0
vulnerabilities/other/ms-exchange-server-reflected-xss.yaml → cves/2021/CVE-2021-31195.yaml
View File

6
cves/2021/CVE-2021-35380.yaml
View File

@ -1,11 +1,11 @@
id: CVE-2021-35380
info:
name: TermTalk Server 3.24.0.2 - Unauthenticated Arbitrary File Read
name: TermTalk Server 3.24.0.2 - Local File Inclusion
author: fxploit
severity: high
description: |
A Directory Traversal vulnerability exists in Solari di Udine TermTalk Server (TTServer) 3.24.0.2, which lets an unauthenticated malicious user gain access to the files on the remote system by gaining access to the relative path of the file they want to download.
TermTalk Server (TTServer) 3.24.0.2 is vulnerable to file inclusion which allows unauthenticated malicious user to gain access to the files on the remote system by providing the relative path of the file they want to retrieve.
reference:
- https://www.swascan.com/solari-di-udine/
- https://www.exploit-db.com/exploits/50638
@ -30,3 +30,5 @@ requests:
- "fonts"
- "extensions"
condition: and
# Enhanced by mp on 2023/01/15

7
cves/2021/CVE-2021-40661.yaml
View File

@ -1,15 +1,16 @@
id: CVE-2021-40661
info:
name: IND780 - Directory Traversal
name: IND780 - Local File Inclusion
author: For3stCo1d
severity: high
description: |
A remote, unauthenticated, directory traversal vulnerability was identified within the web interface used by IND780 Advanced Weighing Terminals Build 8.0.07 March 19, 2018 (SS Label 'IND780_8.0.07'), Version 7.2.10 June 18, 2012 (SS Label 'IND780_7.2.10'). It was possible to traverse the folders of the affected host by providing a traversal path to the 'webpage' parameter in AutoCE.ini This could allow a remote unauthenticated adversary to access additional files on the affected system. This could also allow the adversary to perform further enumeration against the affected host to identify the versions of the systems in use, in order to launch further attacks in future.
IND780 Advanced Weighing Terminals Build 8.0.07 March 19, 2018 (SS Label 'IND780_8.0.07'), Version 7.2.10 June 18, 2012 (SS Label 'IND780_7.2.10') is vulnerable to unauthenticated local file inclusion. It is possible to traverse the folders of the affected host by providing a relative path to the 'webpage' parameter in AutoCE.ini. This could allow a remote attacker to access additional files on the affected system.
reference:
- https://sidsecure.au/blog/cve-2021-40661/?_sm_pdc=1&_sm_rid=MRRqb4KBDnjBMJk24b40LMS3SKqPMqb4KVn32Kr
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40661
- https://www.mt.com/au/en/home/products/Industrial_Weighing_Solutions/Terminals-and-Controllers/terminals-bench-floor-scales/advanced-bench-floor-applications/IND780/IND780_.html#overviewpm
- https://nvd.nist.gov/vuln/detail/CVE-2021-40661
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
@ -38,3 +39,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2023/01/15

8
cves/2021/CVE-2021-43421.yaml
View File

@ -1,15 +1,15 @@
id: CVE-2021-43421
info:
name: Studio-42 elFinder < 2.1.60 - Arbitrary File Upload
name: Studio-42 elFinder <2.1.60 - Arbitrary File Upload
author: akincibor
severity: critical
description: |
A File Upload vulnerability exists in Studio-42 elFinder 2.0.4 to 2.1.59 via connector.minimal.php, which allows a remote malicious user to upload arbitrary files and execute PHP code.
Studio-42 elFinder 2.0.4 to 2.1.59 is vulnerable to unauthenticated file upload via connector.minimal.php which could allow a remote user to upload arbitrary files and execute PHP code.
reference:
- https://github.com/Studio-42/elFinder/issues/3429
- https://nvd.nist.gov/vuln/detail/CVE-2021-43421
- https://twitter.com/infosec_90/status/1455180286354919425
- https://nvd.nist.gov/vuln/detail/CVE-2021-43421
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
@ -50,3 +50,5 @@ requests:
regex:
- '"hash"\:"(.*?)"\,'
internal: true
# Enhanced by mp on 2023/01/15

6
cves/2021/CVE-2021-43734.yaml
View File

@ -1,11 +1,11 @@
id: CVE-2021-43734
info:
name: kkFileview v4.0.0 - Directory Traversal
name: kkFileview v4.0.0 - Local File Inclusion
author: arafatansari
severity: high
description: |
kkFileview v4.0.0 has arbitrary file read through a directory traversal vulnerability which may lead to sensitive file leak on related host.
kkFileview v4.0.0 is vulnerable to local file inclusion which may lead to a sensitive file leak on a related host.
reference:
- https://github.com/kekingcn/kkFileView/issues/304
- https://nvd.nist.gov/vuln/detail/CVE-2021-43734
@ -37,3 +37,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2023/01/15

7
cves/2021/CVE-2021-44451.yaml
View File

@ -1,11 +1,12 @@
id: CVE-2021-44451
info:
name: Apache Superset - Default Login
name: Apache Superset <=1.3.2 - Default Login
author: dhiyaneshDK
severity: medium
description: |
Apache Superset up to and including 1.3.2 allowed for registered database connections password leak for authenticated users. This information could be accessed in a non-trivial way.
Apache Superset through 1.3.2 contains a default login vulnerability via registered database connections for authenticated users. An attacker can obtain access to user accounts and thereby obtain sensitive information, modify data, and/or execute unauthorized operations.
remediation: Upgrade to Apache Superset 1.4.0 or higher.
reference:
- https://github.com/detectify/ugly-duckling/blob/master/modules/crowdsourced/apache-superset-default-credentials.json
- https://lists.apache.org/thread/xww1pccs2ckb5506wrf1v4lmxg198vkb
@ -66,3 +67,5 @@ requests:
regex:
- 'name="csrf_token" type="hidden" value="(.*)"'
internal: true
# Enhanced by md on 2023/01/06

6
cves/2022/CVE-2022-0784.yaml
View File

@ -1,11 +1,11 @@
id: CVE-2022-0784
info:
name: Title Experiments Free < 9.0.1 - Unauthenticated SQLi
name: WordPress Title Experiments Free <9.0.1 - SQL Injection
author: theamanrawat
severity: critical
description: |
The Title Experiments Free WordPress plugin before 9.0.1 does not sanitise and escape the id parameter before using it in a SQL statement via the wpex_titles AJAX action (available to unauthenticated users), leading to an unauthenticated SQL injection.
WordPress Title Experiments Free plugin before 9.0.1 contains a SQL injection vulnerability. The plugin does not sanitize and escape the id parameter before using it in a SQL statement via the wpex_titles AJAX action, available to unauthenticated users. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
reference:
- https://wpscan.com/vulnerability/6672b59f-14bc-4a22-9e0b-fcab4e01d97f
- https://wordpress.org/plugins/wp-experiments-free/
@ -37,3 +37,5 @@ requests:
- 'contains(content_type, "text/html")'
- 'contains(body, "{\"images\":")'
condition: and
# Enhanced by md on 2023/01/06

6
cves/2022/CVE-2022-0786.yaml
View File

@ -1,11 +1,11 @@
id: CVE-2022-0786
info:
name: KiviCare < 2.3.9 - Unauthenticated SQLi
name: WordPress KiviCare <2.3.9 - SQL Injection
author: theamanrawat
severity: critical
description: |
The plugin does not sanitise and escape some parameters before using them in SQL statements via the ajax_post AJAX action with the get_doctor_details route, leading to SQL Injections exploitable by unauthenticated users.
WordPress KiviCare plugin before 2.3.9 contains a SQL injection vulnerability. The plugin does not sanitize and escape some parameters before using them in SQL statements via the ajax_post AJAX action with the get_doctor_details route. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
reference:
- https://wpscan.com/vulnerability/53f493e9-273b-4349-8a59-f2207e8f8f30
- https://wordpress.org/plugins/kivicare-clinic-management-system/
@ -34,3 +34,5 @@ requests:
- 'contains(content_type, "text/html")'
- 'contains(body, "Doctor details")'
condition: and
# Enhanced by md on 2023/01/06

6
cves/2022/CVE-2022-0826.yaml
View File

@ -1,11 +1,11 @@
id: CVE-2022-0826
info:
name: WP Video Gallery <= 1.7.1 - Unauthenticated SQLi
name: WordPress WP Video Gallery <=1.7.1 - SQL Injection
author: theamanrawat
severity: critical
description: |
The WP Video Gallery WordPress plugin through 1.7.1 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users.
WordPress WP Video Gallery plugin through 1.7.1 contains a SQL injection vulnerability. The plugin does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
reference:
- https://wpscan.com/vulnerability/7a3eed3b-c643-4e24-b833-eba60ab631c5
- https://wordpress.org/plugins/wp-video-gallery-free/
@ -37,3 +37,5 @@ requests:
- 'contains(content_type, "text/html")'
- 'contains(body, "Registred videos :")'
condition: and
# Enhanced by md on 2023/01/06

8
cves/2022/CVE-2022-0948.yaml
View File

@ -1,16 +1,16 @@
id: CVE-2022-0948
info:
name: Order Listener for WooCommerce < 3.2.2 - Unauthenticated SQLi
name: WordPress Order Listener for WooCommerce <3.2.2 - SQL Injection
author: theamanrawat
severity: critical
description: |
The Order Listener for WooCommerce WordPress plugin before 3.2.2 does not sanitise and escape the id parameter before using it in a SQL statement via a REST route available to unauthenticated users, leading to an SQL injection.
WordPress Order Listener for WooCommerce plugin before 3.2.2 contains a SQL injection vulnerability. The plugin does not sanitize and escape the id parameter before using it in a SQL statement via a REST route. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
reference:
- https://wpscan.com/vulnerability/daad48df-6a25-493f-9d1d-17b897462576
- https://wordpress.org/plugins/woc-order-alert/
- https://nvd.nist.gov/vuln/detail/CVE-2022-0948
- https://plugins.trac.wordpress.org/changeset/2707223
- https://nvd.nist.gov/vuln/detail/CVE-2022-0948
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
@ -43,3 +43,5 @@ requests:
- 'contains(content_type_1, "application/json")'
- 'contains(body_2, "olistener-action.olistener-controller")'
condition: and
# Enhanced by md on 2023/01/06

6
cves/2022/CVE-2022-1595.yaml
View File

@ -1,11 +1,11 @@
id: CVE-2022-1595
info:
name: HC Custom WP-Admin URL - 1.4 - Unauthenticated Secret URL Disclosure
name: WordPress HC Custom WP-Admin URL <=1.4 - Admin Login URL Disclosure
author: theamanrawat
severity: medium
description: |
The HC Custom WP-Admin URL WordPress plugin through 1.4 leaks the secret login URL when sending a specific crafted request.
WordPress HC Custom WP-Admin URL plugin through 1.4 leaks the secret login URL when sending a specially crafted request, thereby allowing an attacker to discover the administrative login URL.
reference:
- https://wpscan.com/vulnerability/0218c90c-8f79-4f37-9a6f-60cf2f47d47b
- https://wordpress.org/plugins/hc-custom-wp-admin-url/
@ -38,3 +38,5 @@ requests:
- type: status
status:
- 302
# Enhanced by md on 2023/01/06

7
cves/2022/CVE-2022-23854.yaml
View File

@ -1,13 +1,14 @@
id: CVE-2022-23854
info:
name: AVEVA InTouch Access Anywhere Secure Gateway - Path Traversal
name: AVEVA InTouch Access Anywhere Secure Gateway - Local File Inclusion
author: For3stCo1d
severity: high
description: |
AVEVA Group plc is a marine and plant engineering IT company headquartered in Cambridge, England. AVEVA software is used in many sectors, including on- and off-shore oil and gas processing, chemicals, pharmaceuticals, nuclear and conventional power generation, nuclear fuel reprocessing, recycling and shipbuilding (https://www.aveva.com).
AVEVA InTouch Access Anywhere Secure Gateway is vulnerable to local file inclusion.
reference:
- https://packetstormsecurity.com/files/cve/CVE-2022-23854
- https://www.aveva.com
- https://crisec.de/advisory-aveva-intouch-access-anywhere-secure-gateway-path-traversal
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23854
- https://www.cisa.gov/uscert/ics/advisories/icsa-22-342-02
@ -42,3 +43,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2023/01/15

10
cves/2022/CVE-2022-26138.yaml
View File

@ -1,16 +1,16 @@
id: CVE-2022-26138
info:
name: Questions For Confluence - Hardcoded Credentials
name: Atlassian Questions For Confluence - Hardcoded Credentials
author: HTTPVoid
severity: critical
description: |
A remote, unauthenticated attacker with knowledge of the hardcoded password could exploit this to log into Confluence and access all content accessible to users in the confluence-users group.
Atlassian Questions For Confluence contains a hardcoded credentials vulnerability. When installing versions 2.7.34, 2.7.35, and 3.0.2, a Confluence user account is created in the confluence-users group with the username disabledsystemuser and a hardcoded password. A remote, unauthenticated attacker with knowledge of the hardcoded password can exploit this vulnerability to log into Confluence and access all content accessible to users in the confluence-users group.
reference:
- https://twitter.com/fluepke/status/1549892089181257729
- https://confluence.atlassian.com/doc/questions-for-confluence-security-advisory-2022-07-20-1142446709.html
- https://nvd.nist.gov/vuln/detail/CVE-2022-26138
- https://confluence.atlassian.com/doc/confluence-security-advisory-2022-07-20-1142446709.html
- https://nvd.nist.gov/vuln/detail/CVE-2022-26138
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
@ -39,4 +39,6 @@ requests:
matchers:
- type: dsl
dsl:
- 'location == "/httpvoid.action"'
- 'location == "/httpvoid.action"'
# Enhanced by md on 2023/01/06

9
cves/2022/CVE-2022-27593.yaml
View File

@ -1,16 +1,15 @@
id: CVE-2022-27593
info:
name: QNAP QTS Photo Station External Reference
name: QNAP QTS Photo Station External Reference - Local File Inclusion
author: allenwest24
severity: critical
description: |
An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, This could allow an attacker to modify system files. We have already fixed the vulnerability in the following versions: QTS 5.0.1: Photo Station 6.1.2 and later QTS 5.0.0/4.5.x: Photo Station 6.0.22 and later QTS 4.3.6: Photo Station 5.7.18 and later QTS 4.3.3: Photo Station 5.4.15 and later QTS 4.2.6: Photo Station 5.2.14 and later
QNAP QTS Photo Station External Reference is vulnerable to local file inclusion via an externally controlled reference to a resource vulnerability. If exploited, this could allow an attacker to modify system files. The vulnerability is fixed in the following versions: QTS 5.0.1: Photo Station 6.1.2 and later QTS 5.0.0/4.5.x: Photo Station 6.0.22 and later QTS 4.3.6: Photo Station 5.7.18 and later QTS 4.3.3: Photo Station 5.4.15 and later QTS 4.2.6: Photo Station 5.2.14 and later.
reference:
- https://attackerkb.com/topics/7We3SjEYVo/cve-2022-27593
- https://www.qnap.com/en/security-advisory/qsa-22-24
- https://nvd.nist.gov/vuln/detail/CVE-2022-27593
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27593
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
cvss-score: 9.1
@ -38,4 +37,6 @@ requests:
- type: status
status:
- 200
- 200
# Enhanced by mp on 2023/01/15

8
cves/2022/CVE-2022-2863.yaml
View File

@ -1,15 +1,15 @@
id: CVE-2022-2863
info:
name: WordPress WPvivid Backup < 0.9.76 - Local File Inclusion
name: WordPress WPvivid Backup <0.9.76 - Local File Inclusion
author: tehtbl
severity: medium
description: The plugin does not sanitise and validate a parameter before using it to read the content of a file, allowing high privilege users to read any file from the web server via a Traversal attack.
description: WordPress WPvivid Backup version 0.9.76 is vulnerable to local file inclusion because the plugin does not sanitize and validate a parameter before using it to read the content of a file, allowing high privilege users to read any file from the web server.
reference:
- https://seclists.org/fulldisclosure/2022/Oct/0
- https://wpscan.com/vulnerability/cb6a3304-2166-47a0-a011-4dcacaa133e5
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2863
- http://packetstormsecurity.com/files/168616/WordPress-WPvivid-Backup-Path-Traversal.html
- https://nvd.nist.gov/vuln/detail/CVE-2022-2863
remediation: Upgrade to version 0.9.76 or later.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
@ -56,3 +56,5 @@ requests:
regex:
- '"_ajax_nonce":"([0-9a-z]+)"'
internal: true
# Enhanced by mp on 2023/01/15

7
cves/2022/CVE-2022-31656.yaml
View File

@ -1,15 +1,14 @@
id: CVE-2022-31656
info:
name: VMware - Authentication Bypass
name: VMware - Local File Inclusion
author: DhiyaneshDk
severity: critical
description: |
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.
VMware Workspace ONE Access, Identity Manager, and Realize Automation are vulnerable to local file inclusion because they contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.
reference:
- https://petrusviet.medium.com/dancing-on-the-architecture-of-vmware-workspace-one-access-eng-ad592ae1b6dd
- https://www.vmware.com/security/advisories/VMSA-2022-0021.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31656
- https://nvd.nist.gov/vuln/detail/CVE-2022-31656
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
@ -43,3 +42,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2023/01/15

8
cves/2022/CVE-2022-31793.yaml
View File

@ -1,16 +1,14 @@
id: CVE-2022-31793
info:
name: muhttpd <= 1.1.5 - Path traversal
name: muhttpd <=1.1.5 - Local Inclusion
author: scent2d
severity: high
description: |
A Path traversal vulnerability exists in versions muhttpd 1.1.5 and earlier. The vulnerability is directly requestable to files within the file system.
muhttpd 1.1.5 and before are vulnerable to unauthenticated local file inclusion. The vulnerability allows retrieval of files from the file system.
reference:
- https://derekabdine.com/blog/2022-arris-advisory.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31793
- https://nvd.nist.gov/vuln/detail/CVE-2022-31793
- https://derekabdine.com/blog/2022-arris-advisory
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
@ -36,3 +34,5 @@ network:
encoding: hex
words:
- "726f6f743a"
# Enhanced by mp on 2023/01/15

6
cves/2022/CVE-2022-34121.yaml
View File

@ -5,11 +5,11 @@ info:
author: edoardottt
severity: high
description: |
Cuppa CMS v1.0 was discovered to contain a local file inclusion (LFI) vulnerability via the component /templates/default/html/windows/right.php.
Cuppa CMS v1.0 is vulnerable to local file inclusion via the component /templates/default/html/windows/right.php.
reference:
- https://github.com/hansmach1ne/MyExploits/tree/main/LFI_in_CuppaCMS_templates
- https://nvd.nist.gov/vuln/detail/CVE-2022-34121
- https://github.com/CuppaCMS/CuppaCMS/issues/18
- https://nvd.nist.gov/vuln/detail/CVE-2022-34121
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
@ -37,3 +37,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2023/01/15

7
cves/2022/CVE-2022-35413.yaml
View File

@ -1,15 +1,16 @@
id: CVE-2022-35413
info:
name: Wapples Web Application Firewall - Hardcoded credentials
name: WAPPLES Web Application Firewall <=6.0 - Hardcoded Credentials
author: For3stCo1d
severity: critical
description: |
WAPPLES through 6.0 has a hardcoded systemi account accessible via db/wp.no1 (as configured in the /opt/penta/wapples/script/wcc_auto_scaling.py file). A threat actor could use this account to access the system configuration and confidential information (such as SSL keys) via an HTTPS request to the /webapi/ URI on port 443 or 5001.
WAPPLES Web Application Firewall through 6.0 contains a hardcoded credentials vulnerability. It contains a hardcoded system account accessible via db/wp.no1, as configured in the /opt/penta/wapples/script/wcc_auto_scaling.py file. An attacker can use this account to access system configuration and confidential information, such as SSL keys, via an HTTPS request to the /webapi/ URI on port 443 or 5001.
reference:
- https://medium.com/@_sadshade/wapples-web-application-firewall-multiple-vulnerabilities-35bdee52c8fb
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35413
- https://azuremarketplace.microsoft.com/en/marketplace/apps/penta-security-systems-inc.wapples_sa_v6?tab=Overview
- https://nvd.nist.gov/vuln/detail/CVE-2022-35413
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
@ -53,3 +54,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2023/01/06

8
cves/2022/CVE-2022-36642.yaml
View File

@ -1,15 +1,15 @@
id: CVE-2022-36642
info:
name: Omnia MPX 1.5.0+r1 - Path Traversal
name: Omnia MPX 1.5.0+r1 - Local File Inclusion
author: arafatansari,ritikchaddha,For3stCo1d
severity: critical
description: |
A local file disclosure vulnerability in /appConfig/userDB.json of Telos Alliance Omnia MPX Node through 1.5.0+r1 allows attackers to escalate privileges to root and execute arbitrary commands.
Telos Alliance Omnia MPX Node through 1.5.0+r1 is vulnerable to local file inclusion via logs/downloadMainLog. By retrieving userDB.json allows an attacker to retrieve cleartext credentials and escalate privileges via the control panel.
reference:
- https://www.exploit-db.com/exploits/50996
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36642
- https://cyber-guy.gitbook.io/cyber-guy/pocs/omnia-node-mpx-auth-bypass-via-lfd
- https://nvd.nist.gov/vuln/detail/CVE-2022-36642
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
@ -41,3 +41,5 @@ requests:
- '"mustChangePwd":'
- '"roleUser":'
condition: and
# Enhanced by mp on 2023/01/15

8
cves/2022/CVE-2022-37299.yaml
View File

@ -1,14 +1,14 @@
id: CVE-2022-37299
info:
name: Shirne CMS 1.2.0. - Path Traversal
name: Shirne CMS 1.2.0 - Local File Inclusion
author: pikpikcu
severity: medium
description: Shirne CMS 1.2.0 There is a Path Traversal vulnerability which could cause arbitrary file read via /static/ueditor/php/controller.php
description: Shirne CMS 1.2.0 is vulnerable to local file inclusion which could cause arbitrary file read via /static/ueditor/php/controller.php.
reference:
- https://twitter.com/pikpikcu/status/1568316864690028544
- https://nvd.nist.gov/vuln/detail/CVE-2022-37299
- https://gitee.com/shirnecn/ShirneCMS/issues/I5JRHJ?from=project-issue
- https://nvd.nist.gov/vuln/detail/CVE-2022-37299
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
cvss-score: 6.5
@ -38,3 +38,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2023/01/15

10
cves/2022/CVE-2022-3768.yaml
View File

@ -1,17 +1,17 @@
id: CVE-2022-3768
info:
name: WPSmartContracts < 1.3.12 - Author SQLi
name: WordPress WPSmartContracts <1.3.12 - SQL Injection
author: Hardik-Solanki
severity: high
description: |
The WPSmartContracts WordPress plugin before 1.3.12 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as author
WordPress WPSmartContracts plugin before 1.3.12 contains a SQL injection vulnerability. The plugin does not properly sanitize and escape a parameter before using it in a SQL statement. An attacker with a role as low as author can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations.
reference:
- https://wpscan.com/vulnerability/1d8bf5bb-5a17-49b7-a5ba-5f2866e1f8a3
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3768
- https://nvd.nist.gov/vuln/detail/CVE-2022-3768
- https://cve.report/CVE-2022-3768
remediation: Fixed in version 1.3.12
- https://nvd.nist.gov/vuln/detail/CVE-2022-3768
remediation: Fixed in version 1.3.12.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.8
@ -45,3 +45,5 @@ requests:
- 'contains(content_type_2, "text/html")'
- 'contains(body_2, "Batch Mint NFTs")'
condition: and
# Enhanced by md on 2023/01/06

5
cves/2022/CVE-2022-38794.yaml
View File

@ -5,10 +5,9 @@ info:
author: pikpikcu
severity: high
description: |
Zaver through 2020-12-15 allows directory traversal via the GET /.. substring.
Zaver through 2020-12-15 is vulnerable to local file inclusion via the GET /.. substring.
reference:
- https://github.com/zyearn/zaver/issues/22
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38794
- https://nvd.nist.gov/vuln/detail/CVE-2022-38794
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
@ -32,3 +31,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2023/01/15

6
cves/2022/CVE-2022-4050.yaml
View File

@ -1,11 +1,11 @@
id: CVE-2022-4050
info:
name: JoomSport < 5.2.8 - Unauthenticated SQLi
name: WordPress JoomSport <5.2.8 - SQL Injection
author: theamanrawat
severity: critical
description: |
The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users.
WordPress JoomSport plugin before 5.2.8 contains a SQL injection vulnerability. The plugin does not properly sanitize and escape a parameter before using it in a SQL statement. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations.
reference:
- https://wpscan.com/vulnerability/5c96bb40-4c2d-4e91-8339-e0ddce25912f
- https://wordpress.org/plugins/joomsport-sports-league-results-management/
@ -37,3 +37,5 @@ requests:
- 'contains(content_type, "text/html")'
- 'contains(body, "jscaruselcont jsview2")'
condition: and
# Enhanced by md on 2023/01/06

6
cves/2022/CVE-2022-40734.yaml
View File

@ -1,11 +1,11 @@
id: CVE-2022-40734
info:
name: UniSharp aka Laravel Filemanager v2.5.1 - Directory Traversal
name: Laravel Filemanager v2.5.1 - Local File Inclusion
author: arafatansari
severity: medium
description: |
UniSharp laravel-filemanager (aka Laravel Filemanager) through 2.5.1 allows download?working_dir=%2F.. directory traversal to read arbitrary files.
Laravel Filemanager (aka UniSharp) through version 2.5.1 is vulnerable to local file inclusion via download?working_dir=%2F.
reference:
- https://github.com/UniSharp/laravel-filemanager/issues/1150
- https://nvd.nist.gov/vuln/detail/CVE-2022-40734
@ -30,3 +30,5 @@ requests:
- type: regex
regex:
- "root:[x*]:0:0"
# Enhanced by mp on 2023/01/15

4
cves/2022/CVE-2022-40881.yaml
View File

@ -5,7 +5,7 @@ info:
author: For3stCo1d
severity: critical
description: |
SolarView Compact 6.00 was discovered to contain a command injection vulnerability via network_test.php
SolarView Compact 6.00 is vulnerable to a command injection via network_test.php.
reference:
- https://github.com/Timorlover/SolarView_Compact_6.0_rce_via_network_test.php
- https://github.com/advisories/GHSA-wx3r-88rg-whxq
@ -42,3 +42,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2023/01/15

8
cves/2022/CVE-2022-41840.yaml
View File

@ -1,16 +1,16 @@
id: CVE-2022-41840
info:
name: Welcart eCommerce <= 2.7.7 - Unauth Directory Traversal
name: Welcart eCommerce <=2.7.7 - Local File Inclusion
author: theamanrawat
severity: critical
description: |
Unauth. Directory Traversal vulnerability in Welcart eCommerce plugin <= 2.7.7 on WordPress.
Welcart eCommerce 2.7.7 and before are vulnerable to unauthenticated local file inclusion.
reference:
- https://patchstack.com/database/vulnerability/usc-e-shop/wordpress-welcart-e-commerce-plugin-2-7-7-unauth-directory-traversal-vulnerability
- https://wordpress.org/plugins/usc-e-shop/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41840
- https://patchstack.com/database/vulnerability/usc-e-shop/wordpress-welcart-e-commerce-plugin-2-7-7-unauth-directory-traversal-vulnerability?_s_id=cve
- https://nvd.nist.gov/vuln/detail/CVE-2022-41840
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
@ -40,3 +40,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2023/01/15

8
cves/2022/CVE-2022-4260.yaml
View File

@ -1,16 +1,16 @@
id: CVE-2022-4260
info:
name: WP-Ban < 1.69.1 - Admin Stored XSS
name: WordPress WP-Ban <1.69.1 - Stored Cross-Site Scripting
author: Hardik-Solanki
severity: medium
description: |
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
WordPress WP-Ban plugin before 1.69.1 contains a stored cross-site scripting vulnerability. The plugin does not sanitize and escape some of its settings, which can allow high-privilege users to steal cookie-based authentication credentials and launch other attacks. This vulnerability can be exploited even when the unfiltered_html capability is disallowed, for example in multisite setup.
remediation: Fixed in version 1.69.1.
reference:
- https://wpscan.com/vulnerability/d0cf24be-df87-4e1f-aae7-e9684c88e7db
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4260
- https://drive.google.com/file/d/11nQ21cQ9irajYqNqsQtNrLJOkeRcwCXn/view?usp=drivesdk
remediation: Fixed in version 1.69.1
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
cvss-score: 4.8
@ -66,3 +66,5 @@ requests:
regex:
- '_wpnonce=([0-9a-z]+)'
internal: true
# Enhanced by md on 2023/01/06

7
cves/2022/CVE-2022-46381.yaml
View File

@ -1,14 +1,15 @@
id: CVE-2022-46381
info:
name: Certain Linear eMerge E3-Series - Cross Site Scripting
name: Linear eMerge E3-Series - Cross-Site Scripting
author: arafatansari
severity: medium
description: |
Certain Linear eMerge E3-Series devices are vulnerable to XSS via the type parameter (e.g., to the badging/badge_template_v0.php component). This affects 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e.
Linear eMerge E3-Series devices contain a cross-site scripting vulnerability via the type parameter, e.g., to the badging/badge_template_v0.php component. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site and thus steal cookie-based authentication credentials and launch other attacks. This affects versions 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e.
reference:
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46381
- https://github.com/omarhashem123/Security-Research/blob/main/CVE-2022-46381/CVE-2022-46381.txt
- https://nvd.nist.gov/vuln/detail/CVE-2022-46381
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -35,3 +36,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2023/01/06

10
default-logins/3com/3com-nj2000-default-login.yaml
View File

@ -1,12 +1,16 @@
id: 3com-nj2000-default-login
info:
name: 3COM NJ2000 Default Login
name: 3COM NJ2000 - Default Login
author: daffainfo
severity: high
description: 3COM NJ2000 default admin credentials were discovered.
description: 3COM NJ2000 contains a default login vulnerability. Default admin login password of 'password' was found. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
reference:
- https://www.manualslib.com/manual/204158/3com-Intellijack-Nj2000.html?page=12
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
cvss-score: 8.3
cwe-id: CWE-522
metadata:
verified: true
shodan-query: http.title:"ManageEngine Password"
@ -34,3 +38,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2023/01/06

10
default-logins/aem/aem-felix-console.yaml
View File

@ -1,13 +1,17 @@
id: aem-felix-console
info:
name: AEM Felix Console
name: Adobe Experience Manager Felix Console - Default Login
author: DhiyaneshDk
severity: high
description: Felix Console is exposed, you may get RCE by installing OSGI bundle.
description: Adobe Experience Manager Felix Console contains a default admin login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations. Remote code execution may also be possible via installation of OSGI bundle.
reference:
- https://github.com/0ang3el/aem-hacker/blob/master/aem_hacker.py
- https://github.com/0ang3el/aem-rce-bundle
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
cvss-score: 8.3
cwe-id: CWE-522
metadata:
shodan-query:
- http.title:"AEM Sign In"
@ -45,3 +49,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2023/01/06

10
default-logins/apache/karaf-default-login.yaml
View File

@ -1,12 +1,16 @@
id: karaf-default-login
info:
name: Apache Karaf Default Login
name: Apache Karaf - Default Login
author: s0obi
severity: high
description: Apache Karaf default login credentials were discovered.
description: Apache Karaf contains a default login vulnerability. Default login credentials were detected. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
reference:
- https://karaf.apache.org/manual/latest/webconsole
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
cvss-score: 8.3
cwe-id: CWE-522
metadata:
verified: true
shodan-query: realm="karaf"
@ -34,3 +38,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2023/01/06

12
default-logins/apache/ranger-default-login.yaml
View File

@ -1,10 +1,16 @@
id: ranger-default-login
info:
name: Apache Ranger Default Login
name: Apache Ranger - Default Login
author: For3stCo1d
severity: high
reference: https://github.com/apache/ranger
description: Apache Ranger contains a default login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
reference:
- https://github.com/apache/ranger
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
cvss-score: 8.3
cwe-id: CWE-522
metadata:
shodan-query: http.title:"Ranger - Sign In"
tags: apache,ranger,default-login
@ -37,3 +43,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2023/01/06

6
default-logins/audiocodes/audiocodes-default-login.yaml
View File

@ -1,10 +1,10 @@
id: audiocodes-default-login
info:
name: Audiocodes 310HD, 320HD, 420HD, 430HD & 440HD Default Login
name: AudioCodes 310HD, 320HD, 420HD, 430HD & 440HD - Default Login
author: d4vy
severity: high
description: Audiocodes 310HD, 320HD, 420HD, 430HD & 440HD default login credentials were discovered.
description: AudioCodes devices 310HD, 320HD, 420HD, 430HD & 440HD contain a default login vulnerability. Default login credentials were discovered. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
reference:
- https://wiki.freepbx.org/display/FPG/Supported+Devices-Audio+Codes#:~:text=Reset%20to%20Factory%20Defaults,-Press%20the%20Menu&text=Then%2C%20enter%20the%20Admin%20password,is%20%221234%22%20by%20default
classification:
@ -43,3 +43,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2023/01/06

9
default-logins/datahub/datahub-metadata-default-login.yaml
View File

@ -1,11 +1,16 @@
id: datahub-metadata-default-login
info:
name: DataHub Metadata Default Login
name: DataHub Metadata - Default Login
author: queencitycyber
severity: high
description: DataHub Metadata contains a default login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
reference:
- https://github.com/datahub-project/datahub/blob/master/docs/rfc/active/access-control/access-control.md
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
cvss-score: 8.3
cwe-id: CWE-522
metadata:
verified: true
shodan-query: http.title:"DataHub"
@ -37,3 +42,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2023/01/06

10
default-logins/dataiku/dataiku-default-login.yaml
View File

@ -1,12 +1,16 @@
id: dataiku-default-login
info:
name: Dataiku Default Login
name: Dataiku - Default Login
author: random-robbie
severity: high
description: Dataiku default login which allows SSRF/RCE etc.
description: Dataiku contains a default login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations. This vulnerability may also lead to server-side request forgery and/or remote code execution.
reference:
- https://www.dataiku.com
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
cvss-score: 8.3
cwe-id: CWE-522
metadata:
verified: true
shodan-query: title:"dataiku"
@ -31,3 +35,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2023/01/06

5
default-logins/hybris/hybris-default-login.yaml
View File

@ -1,9 +1,10 @@
id: hybris-default-login
info:
name: Hybris Default Login
name: Hybris - Default Login
author: princechaddha
severity: high
description: Hybris contains a default login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
cvss-score: 8.3
@ -60,3 +61,5 @@ requests:
group: 1
regex:
- '<meta name="_csrf" content="([a-z0-9-]+)" \/>'
# Enhanced by md on 2023/01/06

10
default-logins/kanboard-default-login.yaml
View File

@ -1,14 +1,18 @@
id: kanboard-default-login
info:
name: Kanboard Default Login
name: Kanboard - Default Login
author: shelled
severity: high
description: Kanboard default login was discovered.
description: Kanboard contains a default login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
reference:
- https://twitter.com/0x_rood/status/1607068644634157059
- https://github.com/kanboard/kanboard
- https://docs.kanboard.org/v1/admin/installation/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
cvss-score: 8.3
cwe-id: CWE-522
metadata:
verified: true
shodan-query: http.favicon.hash:2056442365
@ -58,3 +62,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2023/01/06

9
default-logins/kettle/kettle-default-login.yaml
View File

@ -1,9 +1,14 @@
id: kettle-default-login
info:
name: Kettle Default Login
name: Kettle - Default Login
author: For3stCo1d
severity: medium
description: Kettle contains a default login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
cvss-score: 5.8
cwe-id: CWE-522
metadata:
verified: true
shodan-query: basic realm="Kettle"
@ -33,3 +38,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2023/01/06

9
default-logins/lutron/lutron-default-login.yaml
View File

@ -1,12 +1,17 @@
id: lutron-default-login
info:
name: Lutron Device Default Login
name: Lutron - Default Login
author: geeknik
severity: high
description: Multiple Lutron devices contain a default login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
reference:
- https://www.lutron.com
- https://vulners.com/openvas/OPENVAS:1361412562310113206
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
cvss-score: 5.8
cwe-id: CWE-522
tags: default-login,lutron,iot
requests:
@ -39,3 +44,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2023/01/06

6
default-logins/mobotix/mobotix-default-login.yaml
View File

@ -1,10 +1,10 @@
id: mobotix-default-credentials
info:
name: Mobotix Webcam Default Admin Credentials
name: Mobotix - Default Login
author: robotshell
severity: high
description: Mobotix Camera default admin login credentials.
description: Mobotix contains a default admin login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
reference:
- https://www.mobotix.com/sites/default/files/2020-01/mx_RM_CameraSoftwareManual_en_200131.pdf
classification:
@ -40,3 +40,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2023/01/06

10
default-logins/nsicg/nsicg-default-login.yaml
View File

@ -1,13 +1,17 @@
id: nsicg-default-login
info:
name: Ns-icg Default Login
name: Netentsec NS-ICG - Default Login
author: pikpikcu
severity: high
description: |
There is a weak password vulnerability in NetentSec Internet Control Gateway ns-icg of Beijing NetentScience and Technology Co., Ltd., which allows attackers to successfully log in to the system and obtain sensitive information by exploiting this loophole.
Netentsec NS-ICG contains a default login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
reference: |
- https://www.cnvd.org.cn/flaw/show/CNVD-2016-08603
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
cvss-score: 8.3
cwe-id: CWE-522
metadata:
verified: true
fofa-query: "NS-ICG"
@ -46,3 +50,5 @@ requests:
- 'status_code_2 == 200'
- contains(body_2, "var loguser = \'ns25000")
condition: and
# Enhanced by md on 2023/01/09

6
default-logins/oracle/peoplesoft-default-login.yaml
View File

@ -1,10 +1,10 @@
id: peoplesoft-default-login
info:
name: Oracle PeopleSoft Default Login
name: Oracle PeopleSoft - Default Login
author: LogicalHunter
severity: high
description: Oracle peoplesoft default admin credentials were discovered.
description: Oracle PeopleSoft contains a default admin login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
reference:
- https://www.oracle.com/applications/peoplesoft/
- https://erpscan.io/press-center/blog/peoplesoft-default-accounts/
@ -81,3 +81,5 @@ requests:
- type: status
status:
- 302
# Enhanced by md on 2023/01/09

9
default-logins/others/kingsoft-v8-default-login.yaml
View File

@ -1,11 +1,16 @@
id: kingsoft-v8-default-login
info:
name: Kingsoft V8 Default Login
name: Kingsoft 8 - Default Login
author: ritikchaddha
severity: high
description: Kingsoft version 8 contains a default login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
reference:
- https://idc.wanyunshuju.com/aqld/2123.html
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
cvss-score: 8.3
cwe-id: CWE-522
tags: kingsoft,default-login
requests:
@ -37,3 +42,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2023/01/09

6
default-logins/others/opencats-default-login.yaml
View File

@ -1,10 +1,10 @@
id: opencats-default-login
info:
name: OpenCATS Default Login
name: OpenCATS - Default Login
author: arafatansari
severity: high
description: OpenCATS default admin login information was discovered.
description: OpenCATS contains a default admin login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
cvss-score: 8.3
@ -52,3 +52,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2023/01/09

11
default-logins/phpmyadmin/phpmyadmin-default-login.yaml
View File

@ -1,18 +1,21 @@
id: phpmyadmin-default-login
info:
name: phpMyAdmin Default Login
name: phpMyAdmin - Default Login
author: Natto97
severity: high
description: phpMyAdmin default admin credentials were discovered
description: phpMyAdmin contains a default login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
reference:
- https://www.phpmyadmin.net
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
cvss-score: 8.3
cwe-id: CWE-522
metadata:
verified: true
shodan-query: http.title:phpMyAdmin
tags: default-login,phpmyadmin
requests:
- raw:
- |
@ -71,3 +74,5 @@ requests:
- status_code_2 == 302
- contains(all_headers_2, 'index.php?collation_connection=utf8mb4_unicode_ci') || contains(all_headers_2, '/index.php?route=/&route=%2F')
condition: and
# Enhanced by md on 2023/01/09

6
default-logins/prtg/prtg-default-login.yaml
View File

@ -1,10 +1,10 @@
id: prtg-default-login
info:
name: PRTG Network Monitor Default Login
name: PRTG Network Monitor - Hardcoded Credentials
author: johnk3r
severity: high
description: PRTG default admin credentials were discovered.
description: PRTG Network Monitor contains a hardcoded credential vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
reference:
- https://www.paessler.com/manuals/prtg/login
classification:
@ -41,3 +41,5 @@ requests:
- type: status
status:
- 302
# Enhanced by md on 2023/01/09

13
default-logins/ruckus/ruckus-wireless-default-login.yaml
View File

@ -1,14 +1,19 @@
id: ruckus-wireless-default-login
info:
name: Ruckus Wireless Admin Default Login Credential
name: Ruckus Wireless - Default Login
author: pussycat0x
severity: critical
description: Ruckus Wireless router contains a default admin login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
reference:
- https://docs.commscope.com/bundle/fastiron-08092-securityguide/page/GUID-32D3BB01-E600-4FBE-B555-7570B5024D34.html
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
cvss-score: 8.3
cwe-id: CWE-522
metadata:
verified: true
shodan-query: title:"ruckus"
reference:
- https://docs.commscope.com/bundle/fastiron-08092-securityguide/page/GUID-32D3BB01-E600-4FBE-B555-7570B5024D34.html
tags: default-login,router,ruckus
requests:
@ -42,3 +47,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2023/01/09

10
default-logins/samsung/samsung-printer-default-login.yaml
View File

@ -1,13 +1,17 @@
id: samsung-printer-default-login
info:
name: Samsung Printer Default Login
name: Samsung Printer - Default Login
author: gy741
severity: high
description: |
Samsung Printer default login credentials were discovered.
Samsung printers contain a default admin login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
reference:
- https://support.hp.com/gb-en/document/c05591673
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
cvss-score: 8.3
cwe-id: CWE-522
metadata:
verified: true
shodan-query: title:"SyncThru Web Service"
@ -45,3 +49,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2023/01/09

10
default-logins/tiny-file-manager-default-login.yaml
View File

@ -1,13 +1,17 @@
id: tiny-filemanager-default-login
info:
name: Tiny File Manager Default Login
name: Tiny File Manager - Default Login
author: shelled
severity: high
description: Tiny File Manager default login was discovered.
description: Tiny File Manager contains a default login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
reference:
- https://github.com/prasathmani/tinyfilemanager
- https://tinyfilemanager.github.io/docs/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
cvss-score: 8.3
cwe-id: CWE-522
metadata:
verified: true
shodan-query: html:"Tiny File Manager"
@ -61,3 +65,5 @@ requests:
regex:
- '([a-f0-9]{64})'
internal: true
# Enhanced by md on 2023/01/09

10
default-logins/tooljet/tooljet-default-login.yaml
View File

@ -1,13 +1,17 @@
id: tooljet-default-login
info:
name: ToolJet Default Login Credential
name: ToolJet - Default Login
author: random-robbie
severity: high
description: |
toolJet is an open-source low-code framework to build and deploy custom internal tools. ToolJet can connect to your data sources such as databases ( PostgreSQL, MongoDB, MS SQL Server, Snowflake, , BigQuery, etc ), API/GraphQL endpoints, SaaS tools ( Airtable, Stripe, Google Sheets, etc ) and cloud object storage services ( AWS S3, Google Cloud Storage and Minio )
ToolJet contains a default login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
reference:
- https://docs.tooljet.com/docs/contributing-guide/setup/docker/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
cvss-score: 8.3
cwe-id: CWE-522
metadata:
verified: true
shodan-query: title:"tooljet"
@ -46,3 +50,5 @@ requests:
- type: status
status:
- 201
# Enhanced by md on 2023/01/09

9
default-logins/versa/versa-flexvnf-default-login.yaml
View File

@ -1,11 +1,16 @@
id: versa-flexvnf-default-login
info:
name: Versa FlexVNF Web-UI - Default Login
name: Versa FlexVNF - Default Login
author: c-sh0
severity: high
description: Versa FlexVNF contains a default login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
reference:
- https://versa-networks.com/products/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
cvss-score: 8.3
cwe-id: CWE-522
metadata:
verified: true
shodan-query: title:"Flex VNF Web-UI"
@ -55,3 +60,5 @@ requests:
part: header
regex:
- '(?i)Set-Cookie: XSRF-TOKEN=([A-Za-z0-9_.-]+)'
# Enhanced by md on 2023/01/09

10
default-logins/xnat/xnat-default-login.yaml
View File

@ -1,12 +1,16 @@
id: xnat-default-login
info:
name: XNAT Default Login
name: XNAT - Default Login
author: 0x_Akoko
severity: high
description: XNAT default login information (admin/admin) was discovered.
description: XNAT contains an admin default login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
reference:
- https://wiki.xnat.org/documentation/xnat-administration/xnat-setup-first-time-configuration#:~:text=Log%20in%20with%20the%20username%20admin%20and%20password%20admin
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
cvss-score: 8.3
cwe-id: CWE-522
metadata:
verified: true
shodan-query: http.title:"XNAT"
@ -40,3 +44,5 @@ requests:
- type: status
status:
- 302
# Enhanced by md on 2023/01/09

6
default-logins/xui-weak-login.yaml
View File

@ -1,11 +1,11 @@
id: xui-weak-login
info:
name: X-UI Login Default Login
name: X-UI - Default Login
author: dali
severity: high
description: |
X-UI Default Login Credentials.
X-UI contains default credentials. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
reference:
- https://github.com/vaxilu/x-ui
- https://seakfind.github.io/2021/10/10/X-UI/#:~:text=By%20default%2C%20the%20login%20user,the%20password%20is%20also%20admin%20.
@ -46,3 +46,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2023/01/09

9
exposed-panels/atlantis-detect.yaml
View File

@ -1,11 +1,16 @@
id: atlantis-detect
info:
name: Atlantis Detect
name: Atlantis Panel - Detect
author: jonathanwalker
severity: info
description: Atlantis panel was detected.
reference:
- https://github.com/runatlantis/atlantis
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
verified: true
shodan-query: http.favicon.hash:-1706783005
@ -28,3 +33,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2023/01/09

12
exposed-panels/cacti-panel.yaml
View File

@ -1,10 +1,16 @@
id: cacti-panel
info:
name: Cacti Login Panel
name: Cacti Login Panel - Detect
author: geeknik,daffainfo
severity: info
description: Cacti is a complete network graphing solution -- https://www.cacti.net/
description: Cacti login panel was detected.
reference:
- https://www.cacti.net/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: tech,cacti,login
requests:
@ -38,3 +44,5 @@ requests:
group: 1
regex:
- "<div class='versionInfo'>Version (.*) |"
# Enhanced by md on 2023/01/09

9
exposed-panels/checkmk-login.yaml
View File

@ -1,9 +1,14 @@
id: checkmk-login
info:
name: Check MK Login Detect
name: Checkmk Login Panel - Detect
author: princechaddha
severity: info
description: Checkmk login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: login,tech,synology,rackstation
requests:
@ -30,3 +35,5 @@ requests:
regex:
- '<div id="version">([0-9.a-z]+)<\/div>'
- '<div id="foot">Version: ([0-9.a-z]+)'
# Enhanced by md on 2023/01/09

9
exposed-panels/e-mobile-panel.yaml
View File

@ -1,12 +1,17 @@
id: e-mobile-panel
info:
name: E-mobile Panel Detect
name: E-mobile Panel - Detect
author: ritikchaddha
severity: info
description: E-mobile panel was detected.
metadata:
verified: true
shodan-query: http.html:"E-Mobile&nbsp"
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: panel,e-mobile
requests:
@ -36,3 +41,5 @@ requests:
group: 1
regex:
- 'E-Mobile&nbsp;([0-9.]+)'
# Enhanced by cs 2023/01/09

9
exposed-panels/edgeos-login.yaml
View File

@ -1,9 +1,14 @@
id: edgeos-login
info:
name: EdgeOS login Detect
name: EdgeOS Login Panel - Detect
author: princechaddha
severity: info
description: EdgeOS login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: login,tech,edgeos,edgemax
requests:
@ -21,3 +26,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2023/01/09

8
exposed-panels/fatpipe-ipvpn-panel.yaml
View File

@ -1,11 +1,15 @@
id: fatpipe-ipvpn-panel
info:
name: FatPipe IPVPN® Panel Detect
name: FatPipe IPVPN® Panel - Detect
author: dwisiswant0
severity: info
reference:
- https://www.fatpipeinc.com/products/index.php
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: panel,ipvpn,fatpipe
requests:
@ -29,3 +33,5 @@ requests:
group: 1
regex:
- '<h5>([0-9.a-z]+)<\/h5>'
# Enhanced by cs 2023/01/09

8
exposed-panels/ictprotege-login-panel.yaml
View File

@ -1,12 +1,16 @@
id: ictprotege-login-panel
info:
name: ICT Protege WX Login Panel
name: ICT Protege WX Login Panel - Detect
author: ritikchaddha
severity: info
metadata:
verified: true
shodan-query: title:"ICT Protege WX&reg;"
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: panel,ictprotege
requests:
@ -24,3 +28,5 @@ requests:
- type: status
status:
- 200
# Enhanced by cs 2023/01/09

8
exposed-panels/kanboard-login.yaml
View File

@ -1,11 +1,13 @@
id: kanboard-login
info:
name: Kanboard Login Panel
name: Kanboard Login Panel - Detect
author: DhiyaneshDK
severity: info
description: A Kanboard login panel was detected.
description: Kanboard login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
verified: true
@ -28,3 +30,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2023/01/09

9
exposed-panels/lenovo-fp-panel.yaml
View File

@ -1,9 +1,14 @@
id: lenovo-fp-panel
info:
name: Lenovo Fan and Power Controller Panel
name: Lenovo Fan Power Controller Login Panel - Detect
author: megamansec
severity: info
description: Lenovo Fan Power Controller login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
verified: true
shodan-query: http.html:"Avocent Corporation and its affiliates"
@ -28,3 +33,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2023/01/09

10
exposed-panels/luci-login-detection.yaml
View File

@ -1,10 +1,14 @@
id: luci-login-detection
info:
name: LuCi Login Detector
name: LuCi Login Panel - Detect
author: aashiq
severity: info
description: Searches for LuCi Login pages by attempting to query the cgi-bin endpoint
description: LuCi login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: login
requests:
@ -21,3 +25,5 @@ requests:
- type: word
words:
- "Authorization Required"
# Enhanced by md on 2023/01/09

9
exposed-panels/mpftvc-admin-panel.yaml
View File

@ -1,9 +1,14 @@
id: mpftvc-admin-panel
info:
name: MPFTVC Admin Login Panel
name: MPFTVC Admin Login Panel - Detect
author: Hardik-Solanki
severity: info
description: MPFTVC admin login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
verified: true
shodan-query: title:"AdminLogin - MPFTVC"
@ -23,3 +28,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2023/01/09

10
exposed-panels/netsparker-panel.yaml
View File

@ -1,13 +1,17 @@
id: netsparker-panel
info:
name: Netsparker Panel
name: Netsparker Login Panel - Detect
author: pussycat0x
severity: info
description: |
Netsparker is a fully configurable Enterprise Dynamic Application Security Testing (DAST) tool. A DAST tool communicates with a web application using the web front-end in order to identify potential security vulnerabilities in the web application.
Netsparker login panel was detected.
reference:
- https://www.invicti.com/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
verified: true
shodan-query: http.title:"Sign in to Netsparker Enterprise"
@ -30,3 +34,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2023/01/09

8
exposed-panels/ocomon-panel.yaml
View File

@ -1,7 +1,7 @@
id: ocomon-panel
info:
name: OcoMon Login Panel
name: OcoMon Login Panel - Detect
author: dogasantos
severity: info
description: a tiny helpdesk system written in php
@ -10,6 +10,10 @@ info:
metadata:
verified: true
shodan-query: http.html:"OcoMon"
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: panel,ocomon,oss
requests:
@ -37,3 +41,5 @@ requests:
regex:
- 'Versão: ([0-9.]+)'
- 'Versão:&nbsp;([0-9.]+)'
# Enhanced by cs 2023/01/09

8
exposed-panels/opengear-panel.yaml
View File

@ -1,10 +1,14 @@
id: opengear-panel
info:
name: Opengear Management Console Login Panel
name: Opengear Management Console Login Panel - Detect
author: ffffffff0x,daffainfo
severity: info
reference: https://opengear.com/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
verified: true
fofa-query: app="opengear-Management-Console"
@ -28,3 +32,5 @@ requests:
- type: status
status:
- 200
# Enhnanced by cs 2023/01/09

8
exposed-panels/redhat/redhat-satellite-panel.yaml
View File

@ -1,9 +1,13 @@
id: redhat-satellite-panel
info:
name: Red Hat Satellite Panel
name: Red Hat Satellite Panel - Detect
author: princechaddha
severity: info
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
verified: true
shodan-query: http.html:"redhat" "Satellite"
@ -35,3 +39,5 @@ requests:
group: 1
regex:
- '&quot;version&quot;:&quot;([0-9.]+)&quot;,'
# Enhanced by cs 2023/01/09

8
exposed-panels/remedy-axis-login.yaml
View File

@ -1,9 +1,13 @@
id: remedy-axis-login
info:
name: Remedy Axis Login
name: Remedy Axis Login Panel - Detect
author: tess
severity: info
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
shodan-query: http.html:"BMC Remedy"
verified: true
@ -28,3 +32,5 @@ requests:
- "BMC Remedy"
- "BMC Smart Reporting"
condition: or
# Enhanced by cs 2023/01/09

10
exposed-panels/ruckus-unleashed-panel.yaml
View File

@ -1,12 +1,16 @@
id: ruckus-unleashed-panel
info:
name: Ruckus Wireless Unleashed Login Panel
name: Ruckus Wireless Unleashed Login Panel - Detect
author: idealphase
severity: info
description: RUCKUS builds and delivers purpose-driven networks that perform in the tough environments of the industries we serve. Together with our trusted go-to-market partners, we empower our customers to deliver exceptional experiences to the guests, students, residents, citizens and employees who are counting on them.
description: Ruckus Wireless Unleashed login panel was detected.
reference:
- https://www.commscope.com/ruckus/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
shodan-query: http.title:"Unleashed Login"
google-query: intitle:"Unleashed Login"
@ -33,3 +37,5 @@ requests:
group: 1
regex:
- '<link href="css\/font-awesome\.min\.css\?(.+)" rel="stylesheet">'
# Enhanced by md on 2023/01/09

14
exposed-panels/sap-netweaver-portal.yaml
View File

@ -1,11 +1,17 @@
id: sap-netweaver-portal
# SAP Netweaver default creds - SAP*/06071992 or TMSADM/$1Pawd2&
info:
name: SAP NetWeaver Portal
name: SAP NetWeaver Portal - Detect
author: organiccrap
severity: info
description: SAP NetWeaver Portal login has been detected. Note that NetWeaver has multiple default passwords as listed in the references.
reference:
- https://www.sap.com/products/technology-platform/netweaver.html
- https://www.cisoplatform.com/profiles/blogs/sap-netweaver-abap-security-configuration-part-2-default
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: panel,sap
requests:
@ -17,3 +23,5 @@ requests:
words:
- "<title>SAP&#x20;NetWeaver&#x20;Portal</title>"
part: body
# Enhanced by cs 2023/01/09

12
exposed-panels/sapfiori-panel.yaml
View File

@ -1,10 +1,14 @@
id: sapfiori-panel
info:
name: SAP Fiori Instance Detection Template
name: SAP Fiori Login Panel - Detect
author: righettod
severity: info
description: Try to detect the presence of a SAP Fiori instance via the login page
description: SAP Fiori login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: panel,sap,fiori
requests:
@ -27,4 +31,6 @@ requests:
- "UIPPortalPath"
- "/irj/portal/fiori"
part: body
condition: and
condition: and
# Enhanced by md on 2023/01/09

9
exposed-panels/sas-login-panel.yaml
View File

@ -1,9 +1,14 @@
id: sas-login-panel
info:
name: SAS Login Panel
name: SAS Login Panel - Detect
author: ritikchaddha
severity: info
description: SAS login panel has been detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
verified: true
shodan-query: http.favicon.hash:957255151
@ -24,3 +29,5 @@ requests:
- type: status
status:
- 200
# Enhanced by cs 2023/01/09

9
exposed-panels/sauter-login.yaml
View File

@ -1,11 +1,16 @@
id: sauter-login
info:
name: Sauter moduWeb - Login
name: Sauter moduWeb Login Panel - Detect
author: DhiyaneshDk
severity: info
description: Sauter moduWeb login panel was detected.
reference:
- https://www.exploit-db.com/ghdb/6883
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: panel,sauter,edb
requests:
@ -23,3 +28,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2023/01/09

10
exposed-panels/scs-landfill-control.yaml
View File

@ -1,12 +1,16 @@
id: scs-landfill-control
info:
name: SCS Landfill Remote Monitoring Control
name: SCS Remote Monitoring and Control Login Panel - Detect
author: geeknik
severity: info
description: SCS RMC is the IoT for landfills, manufacturing, and industrial facilities that provides real-time viewing, analysis, and control of equipment and systems critical to production and safe operations remotely.
description: SCS Remote Monitoring and Control login panel was detected.
reference:
- https://www.scsengineers.com/services/remote-monitoring-control/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: panel,scs,rmc,iot
requests:
@ -25,3 +29,5 @@ requests:
- "<title>Log in to SCS RMC®</title>"
- "SCS RMC®</div>"
condition: and
# Enhanced by md on 2023/01/09

9
exposed-panels/seafile-panel.yaml
View File

@ -1,14 +1,19 @@
id: seafile-panel
info:
name: Seafile Panel
name: Seafile Panel - Detect
author: TechbrunchFR
severity: info
description: Seafile panel was detected.
metadata:
shodan-query: http.favicon.hash:1552322396
reference:
- https://www.seafile.com/en/home/
- https://github.com/haiwen/seafile
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: sefile,panel
requests:
@ -21,3 +26,5 @@ requests:
- type: dsl
dsl:
- "status_code==200 && (\"1552322396\" == mmh3(base64_py(body)))"
# Enhanced by md on 2023/01/09

9
exposed-panels/seats-login.yaml
View File

@ -1,9 +1,14 @@
id: seats-login
info:
name: Seats login
name: Seats Login Panel - Detect
author: dhiyaneshDK
severity: info
description: Seats login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: panel
requests:
@ -19,3 +24,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2023/01/09

9
exposed-panels/secmail-detect.yaml
View File

@ -1,9 +1,14 @@
id: secmail-detect
info:
name: SecMail - secure email Detect
name: SecMail Login Panel - Detect
author: johnk3r
severity: info
description: SecMail login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
shodan-query: secmail
tags: secmail,panel
@ -23,3 +28,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2023/01/09

9
exposed-panels/secnet-ac-panel.yaml
View File

@ -1,9 +1,14 @@
id: secnet-ac-panel
info:
name: Secnet ac Panel Detect
name: SecNet Login Panel - Detect
author: ritikchaddha
severity: info
description: SecNet login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: secnet-ac,panel
requests:
@ -21,3 +26,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2023/01/09

9
exposed-panels/secure-login-panel.yaml
View File

@ -1,9 +1,14 @@
id: secure-login-panel
info:
name: Secure Login Service Detector
name: Secure Login Service Login Panel - Detect
author: dhiyaneshDK
severity: info
description: Secure Login Service login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
shodan-query: http.title:"Secure Login Service"
tags: panel,sls,login,service
@ -22,3 +27,5 @@ requests:
- type: word
words:
- "<title>Secure Login Service</title>"
# Enhanced by md on 2023/01/09

9
exposed-panels/securenvoy-panel.yaml
View File

@ -1,9 +1,14 @@
id: securenvoy-panel
info:
name: SecurEnvoy Admin Login
name: SecurEnvoy Admin Login Panel - Detect
author: 0xrod
severity: info
description: SecurEnvoy admin login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: panel,securenvoy
requests:
@ -21,3 +26,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2023/01/09

9
exposed-panels/securepoint-utm.yaml
View File

@ -1,9 +1,14 @@
id: securepoint-utm
info:
name: Securepoint UTM Admin Panel
name: Securepoint UTM Admin Panel - Detect
author: pussycat0x
severity: info
description: Securepoint UTM admin panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
fofa-dork: 'app="Securepoint-UTM-v11-Admin-Interface-11.8.8.8"'
tags: securepoint,panel
@ -30,3 +35,5 @@ requests:
group: 1
regex:
- '\- Admin Interface \- ([0-9. (a-z)]+)<\/title>'
# Enhanced by md on 2023/01/09

9
exposed-panels/securityspy-detect.yaml
View File

@ -1,9 +1,14 @@
id: securityspy-detect
info:
name: SecuritySpy Camera Detect
name: SecuritySpy Camera Panel - Detect
author: pussycat0x
severity: medium
description: SecuritySpy Camera panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
shodan-dork: 'title:SecuritySpy'
tags: unauth,iot,securityspy,panel,camera
@ -23,3 +28,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2023/01/09

9
exposed-panels/sitecore-login-panel.yaml
View File

@ -1,9 +1,14 @@
id: sitecore-login-panel
info:
name: Sitecore Login Panel
name: Sitecore Admin Login Panel - Detect
author: b4uh0lz
severity: info
description: Sitecore admin login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: panel,sitecore,login
requests:
@ -21,3 +26,5 @@ requests:
words:
- "Sitecore Login"
part: body
# Enhanced by md on 2023/01/15

9
exposed-panels/sitecore-login.yaml
View File

@ -1,9 +1,14 @@
id: sitecore-login
info:
name: SiteCore Login
name: Sitecore Login Panel - Detect
author: dhiyaneshDK
severity: info
description: Sitecore login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
shodan-query: http.title:"Welcome to Sitecore"
tags: panel,sitecore
@ -22,3 +27,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2023/01/15

9
exposed-panels/siteomat-login.yaml
View File

@ -1,11 +1,16 @@
id: siteomat-loader
info:
name: Orpak SiteOmat login portals
name: Orpak SiteOmat Login Panel - Detect
author: dhiyaneshDK
severity: info
description: Orpak SiteOmat login panel was detected.
reference:
- https://www.exploit-db.com/ghdb/6624
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: siteomat,login,edb,panel
requests:
@ -21,3 +26,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2023/01/15

9
exposed-panels/skycaiji-admin-panel.yaml
View File

@ -1,9 +1,14 @@
id: skycaiji-admin-panel
info:
name: SkyCaiji Admin Panel
name: SkyCaiji Admin Panel - Detect
author: princechaddha
severity: info
description: SkyCaiji admin panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: panel,tech,skycaiji
requests:
@ -31,3 +36,5 @@ requests:
group: 1
regex:
- 'com">SkyCaiji<\/a> ([A-Z0-9.]+) 后台管理<\/p>'
# Enhanced by md on 2023/01/15

9
exposed-panels/slocum-login.yaml
View File

@ -1,9 +1,14 @@
id: slocum-login
info:
name: Slocum Fleet Mission Control Login
name: Slocum Fleet Mission Control Login Panel - Detect
author: pussycat0x
severity: info
description: Slocum Fleet Mission Control login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: panel,tech,slocum
requests:
@ -20,3 +25,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2023/01/15

Some files were not shown because too many files have changed in this diff Show More