Dashboard Content Enhancements (#6526)

Dashboard Content Enhancements

cves/2016/CVE-2016-6601.yaml

@@ -1,10 +1,10 @@
 id: CVE-2016-6601
 
 info:
-  name: ZOHO WebNMS Framework 5.2 and 5.2 SP1 - Directory Traversal
+  name: ZOHO WebNMS Framework <5.2 SP1 - Local File Inclusion
   author: 0x_Akoko
   severity: high
-  description: Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parameter to servlets/FetchFile
+  description: ZOHO WebNMS Framework before version 5.2 SP1 is vulnerable local file inclusion which allows an attacker to read arbitrary files via a .. (dot dot) in the fileName parameter to servlets/FetchFile.
   reference:
     - https://github.com/pedrib/PoC/blob/master/advisories/webnms-5.2-sp1-pwn.txt
     - https://www.exploit-db.com/exploits/40229/
@@ -30,3 +30,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2023/01/15

cves/2017/CVE-2017-14186.yaml

@@ -1,16 +1,16 @@
 id: CVE-2017-14186
 
 info:
-  name: FortiGate SSL VPN Web Portal - Cross Site Scripting
+  name: FortiGate FortiOS SSL VPN Web Portal - Cross-Site Scripting
   author: johnk3r
   severity: medium
   description: |
-    Failure to sanitize the login redir parameter in the SSL-VPN web portal may allow an attacker to perform a Cross-site Scripting (XSS) or an URL Redirection attack.
+    FortiGate FortiOS through SSL VPN Web Portal contains a cross-site scripting vulnerability. The login redir parameter is not santized, so an attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks such as a URL redirect. Affected versions are 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, and 5.4 and below.
   reference:
     - https://www.fortiguard.com/psirt/FG-IR-17-242
-    - https://nvd.nist.gov/vuln/detail/CVE-2017-14186
     - https://fortiguard.com/advisory/FG-IR-17-242
     - https://web.archive.org/web/20210801135714/http://www.securitytracker.com/id/1039891
+    - https://nvd.nist.gov/vuln/detail/CVE-2017-14186
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 5.4
@@ -40,3 +40,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by md on 2023/01/11

cves/2018/CVE-2018-17246.yaml

@@ -7,9 +7,9 @@ info:
   description: Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request that will attempt to execute JavaScript which could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.
   reference:
     - https://github.com/vulhub/vulhub/blob/master/kibana/CVE-2018-17246/README.md
-    - https://nvd.nist.gov/vuln/detail/CVE-2018-17246
     - https://www.elastic.co/community/security
     - https://discuss.elastic.co/t/elastic-stack-6-4-3-and-5-6-13-security-update/155594
+    - https://nvd.nist.gov/vuln/detail/CVE-2018-17246
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.8
@@ -41,3 +41,5 @@ requests:
         part: header
         words:
           - "application/json"
+
+# Enhanced by mp on 2023/01/15

cves/2019/CVE-2019-12616.yaml

@@ -1,10 +1,10 @@
 id: CVE-2019-12616
 
 info:
-  name: phpMyAdmin < 4.9.0 - CSRF
+  name: phpMyAdmin <4.9.0 - Cross-Site Request Forgery
   author: Mohammedsaneem,philippedelteil,daffainfo
   severity: medium
-  description: A vulnerability was found that allows an attacker to trigger a CSRF attack against a phpMyAdmin user. The attacker can trick the user, for instance through a broken <img> tag pointing at the victim's phpMyAdmin database, and the attacker can potentially deliver a payload (such as a specific INSERT or DELETE statement) through the victim.
+  description: phpMyAdmin before 4.9.0 is susceptible to cross-site request forgery. An attacker can utilize a broken <img> tag which points at the victim's phpMyAdmin database, thus leading to potential delivery of a payload, such as a specific INSERT or DELETE statement.
   reference:
     - https://www.phpmyadmin.net/security/PMASA-2019-4/
     - https://www.exploit-db.com/exploits/46982
@@ -50,3 +50,5 @@ requests:
         group: 1
         regex:
           - '\?v=([0-9.]+)'
+
+# Enhanced by md on 2023/01/11

cves/2019/CVE-2019-14530.yaml

@@ -1,16 +1,16 @@
 id: CVE-2019-14530
 
 info:
-  name: OpenEMR < 5.0.2 - Path Traversal
+  name: OpenEMR <5.0.2 - Local File Inclusion
   author: TenBird
   severity: high
   description: |
-    An issue was discovered in custom/ajax_download.php in OpenEMR before 5.0.2 via the fileName parameter. An attacker can download any file (that is readable by the user www-data) from server storage. If the requested file is writable for the www-data user and the directory /var/www/openemr/sites/default/documents/cqm_qrda/ exists, it will be deleted from server.
+    OpenEMR before 5.0.2 is vulnerable to local file inclusion via the fileName parameter in custom/ajax_download.php. An attacker can download any file (that is readable by the web server user) from server storage. If the requested file is writable for the web server user and the directory /var/www/openemr/sites/default/documents/cqm_qrda/ exists, the file will be deleted from server.
   reference:
     - https://www.exploit-db.com/exploits/50037
     - https://github.com/openemr/openemr/archive/refs/tags/v5_0_1_7.zip
-    - https://nvd.nist.gov/vuln/detail/CVE-2019-14530
     - https://github.com/openemr/openemr/pull/2592
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-14530
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 8.8
@@ -50,3 +50,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2023/01/15

cves/2021/CVE-2021-20323.yaml

@@ -1,11 +1,11 @@
 id: CVE-2021-20323
 
 info:
-  name: Keycloak < 18.0.0 - Cross Site Scripting
+  name: Keycloak 10.0.0 - 18.0.0 - Cross-Site Scripting
   author: ndmalc
   severity: medium
   description: |
-    Keycloak before 18.0.0 and after 10.0.0 allows a reflected XSS on client-registrations endpoint. On POST request, when a request is submitted, the application does not sanitize unknown attribute name before including it in the error response with a 'Content-Type' of text/hml. Once reflected, the response is interpreted as html. This can be performed on any realm present on the Keycloak instance. Currently, due to the bug requiring Content-Type application/json and is submitted via a POST, there is no common path to exploit that have a user impact.
+    Keycloak 10.0.0 to 18.0.0 contains a cross-site scripting vulnerability via the client-registrations endpoint. On a POST request, the application does not sanitize an unknown attribute name before including it in the error response with a 'Content-Type' of text/hml. Once reflected, the response is interpreted as HTML. This can be performed on any realm present on the Keycloak instance. Since the bug requires Content-Type application/json and is submitted via a POST, there is no common path to exploit that has a user impact.
   reference:
     - https://github.com/keycloak/keycloak/security/advisories/GHSA-m98g-63qj-fp8j
     - https://bugzilla.redhat.com/show_bug.cgi?id=2013577
@@ -52,3 +52,5 @@ requests:
       - type: status
         status:
           - 400
+
+# Enhanced by md on 2023/01/06

cves/2021/CVE-2021-21087.yaml

@@ -1,4 +1,4 @@
-id: unpatched-coldfusion
+id: CVE-2021-21087
 
 info:
   name: Adobe ColdFusion - Remote Code Execution

cves/2021/CVE-2021-24227.yaml

@@ -1,18 +1,15 @@
 id: CVE-2021-24227
 
 info:
-  name: Patreon WordPress < 1.7.0 - Unauthenticated Local File Disclosure
+  name: Patreon WordPress  <1.7.0 - Unauthenticated Local File Inclusion
   author: theamanrawat
   severity: high
-  description: The Jetpack Scan team identified a Local File Disclosure vulnerability
+  description: Patreon WordPress before version 1.7.0 is vulnerable to unauthenticated local file inclusion that could be abused by anyone visiting the site. Exploitation by an attacker could leak important internal files like wp-config.php, which contains database credentials and cryptographic keys used in the generation of nonces and cookies.
-    in the Patreon WordPress plugin before 1.7.0 that could be abused by anyone visiting
-    the site. Using this attack vector, an attacker could leak important internal
-    files like wp-config.php, which contains database credentials and cryptographic
-    keys used in the generation of nonces and cookies.
   reference:
     - https://wpscan.com/vulnerability/f62df02d-7678-440f-84a1-ddbf09364016
     - https://wordpress.org/plugins/patreon-connect/
     - https://jetpack.com/2021/03/26/vulnerabilities-found-in-patreon-wordpress-plugin/
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-24227
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
     cvss-score: 7.5
@@ -34,3 +31,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2023/01/15

cves/2021/CVE-2021-24827.yaml

@@ -1,16 +1,16 @@
 id: CVE-2021-24827
 
 info:
-  name: Asgaros Forum < 1.15.13 - Unauthenticated SQL Injection
+  name: WordPress Asgaros Forum <1.15.13 - SQL Injection
   author: theamanrawat
   severity: critical
   description: |
-    The Asgaros Forum WordPress plugin before 1.15.13 does not validate and escape user input when subscribing to a topic before using it in a SQL statement, leading to an unauthenticated SQL injection issue.
+    WordPress Asgaros Forum plugin before 1.15.13 is susceptible to SQL injection. The plugin does not validate and escape user input when subscribing to a topic before using it in a SQL statement. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
   reference:
     - https://wpscan.com/vulnerability/36cc5151-1d5e-4874-bcec-3b6326235db1
     - https://wordpress.org/plugins/asgaros-forum/
-    - https://nvd.nist.gov/vuln/detail/CVE-2021-24827
     - https://plugins.trac.wordpress.org/changeset/2611560/asgaros-forum
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-24827
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.8
@@ -35,3 +35,5 @@ requests:
           - 'contains(content_type, "text/html")'
           - 'contains(body, "asgarosforum")'
         condition: and
+
+# Enhanced by md on 2023/01/06

cves/2021/CVE-2021-24946.yaml

@@ -1,11 +1,11 @@
 id: CVE-2021-24946
 
 info:
-  name: Modern Events Calendar < 6.1.5 - Blind SQL Injection
+  name: WordPress Modern Events Calendar <6.1.5 - Blind SQL Injection
   author: theamanrawat
   severity: critical
   description: |
-    The plugin does not sanitise and escape the time parameter before using it in a SQL statement in the mec_load_single_page AJAX action, available to unauthenticated users, leading to an unauthenticated SQL injection issue.
+    WordPress Modern Events Calendar plugin before 6.1.5 is susceptible to blind SQL injection. The plugin does not sanitize and escape the time parameter before using it in a SQL statement in the mec_load_single_page AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
   reference:
     - https://wpscan.com/vulnerability/09871847-1d6a-4dfe-8a8c-f2f53ff87445
     - https://wordpress.org/plugins/modern-events-calendar-lite/
@@ -34,3 +34,5 @@ requests:
           - 'contains(content_type, "text/html")'
           - 'contains(body, "The event is finished") || contains(body, "been a critical error")'
         condition: and
+
+# Enhanced by md on 2023/01/06

cves/2021/CVE-2021-25099.yaml

@@ -1,11 +1,11 @@
 id: CVE-2021-25099
 
 info:
-  name: Give < 2.17.3 - Cross-Site Scripting
+  name: WordPress GiveWP <2.17.3 - Cross-Site Scripting
   author: theamanrawat
   severity: medium
   description: |
-    The GiveWP WordPress plugin before 2.17.3 does not sanitise and escape the form_id parameter before outputting it back in the response of an unauthenticated request via the give_checkout_login AJAX action, leading to a Reflected Cross-Site Scripting.
+    WordPress GiveWP plugin before 2.17.3 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape the form_id parameter before returning it in the response of an unauthenticated request via the give_checkout_login AJAX action. An attacker can inject arbitrary script in the browser of a user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
   reference:
     - https://wpscan.com/vulnerability/87a64b27-23a3-40f5-a3d8-0650975fee6f
     - https://wordpress.org/plugins/give/
@@ -36,3 +36,5 @@ requests:
           - 'contains(body, "<script>alert(document.domain)</script>")'
           - 'contains(body, "give_user_login")'
         condition: and
+
+# Enhanced by md on 2023/01/06

cves/2021/CVE-2021-35380.yaml

@@ -1,11 +1,11 @@
 id: CVE-2021-35380
 
 info:
-  name: TermTalk Server 3.24.0.2 - Unauthenticated Arbitrary File Read
+  name: TermTalk Server 3.24.0.2 - Local File Inclusion
   author: fxploit
   severity: high
   description: |
-    A Directory Traversal vulnerability exists in Solari di Udine TermTalk Server (TTServer) 3.24.0.2, which lets an unauthenticated malicious user gain access to the files on the remote system by gaining access to the relative path of the file they want to download.
+    TermTalk Server (TTServer) 3.24.0.2 is vulnerable to file inclusion which allows unauthenticated malicious user to gain access to the files on the remote system by providing the relative path of the file they want to retrieve.
   reference:
     - https://www.swascan.com/solari-di-udine/
     - https://www.exploit-db.com/exploits/50638
@@ -30,3 +30,5 @@ requests:
           - "fonts"
           - "extensions"
         condition: and
+
+# Enhanced by mp on 2023/01/15

cves/2021/CVE-2021-40661.yaml

@@ -1,15 +1,16 @@
 id: CVE-2021-40661
 
 info:
-  name: IND780 - Directory Traversal
+  name: IND780 - Local File Inclusion
   author: For3stCo1d
   severity: high
   description: |
-    A remote, unauthenticated, directory traversal vulnerability was identified within the web interface used by IND780 Advanced Weighing Terminals Build 8.0.07 March 19, 2018 (SS Label 'IND780_8.0.07'), Version 7.2.10 June 18, 2012 (SS Label 'IND780_7.2.10'). It was possible to traverse the folders of the affected host by providing a traversal path to the 'webpage' parameter in AutoCE.ini This could allow a remote unauthenticated adversary to access additional files on the affected system. This could also allow the adversary to perform further enumeration against the affected host to identify the versions of the systems in use, in order to launch further attacks in future.
+    IND780 Advanced Weighing Terminals Build 8.0.07 March 19, 2018 (SS Label 'IND780_8.0.07'), Version 7.2.10 June 18, 2012 (SS Label 'IND780_7.2.10') is vulnerable to unauthenticated local file inclusion. It is possible to traverse the folders of the affected host by providing a relative path to the 'webpage' parameter in AutoCE.ini. This could allow a remote attacker to access additional files on the affected system.
   reference:
     - https://sidsecure.au/blog/cve-2021-40661/?_sm_pdc=1&_sm_rid=MRRqb4KBDnjBMJk24b40LMS3SKqPMqb4KVn32Kr
     - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40661
     - https://www.mt.com/au/en/home/products/Industrial_Weighing_Solutions/Terminals-and-Controllers/terminals-bench-floor-scales/advanced-bench-floor-applications/IND780/IND780_.html#overviewpm
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-40661
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
     cvss-score: 7.5
@@ -38,3 +39,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2023/01/15

cves/2021/CVE-2021-43421.yaml

@@ -1,15 +1,15 @@
 id: CVE-2021-43421
 
 info:
-  name: Studio-42 elFinder < 2.1.60 - Arbitrary File Upload
+  name: Studio-42 elFinder <2.1.60 - Arbitrary File Upload
   author: akincibor
   severity: critical
   description: |
-    A File Upload vulnerability exists in Studio-42 elFinder 2.0.4 to 2.1.59 via connector.minimal.php, which allows a remote malicious user to upload arbitrary files and execute PHP code.
+    Studio-42 elFinder 2.0.4 to 2.1.59 is vulnerable to unauthenticated file upload via connector.minimal.php which could allow a remote user to upload arbitrary files and execute PHP code.
   reference:
     - https://github.com/Studio-42/elFinder/issues/3429
-    - https://nvd.nist.gov/vuln/detail/CVE-2021-43421
     - https://twitter.com/infosec_90/status/1455180286354919425
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-43421
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.8
@@ -50,3 +50,5 @@ requests:
         regex:
           - '"hash"\:"(.*?)"\,'
         internal: true
+
+# Enhanced by mp on 2023/01/15

cves/2021/CVE-2021-43734.yaml

@@ -1,11 +1,11 @@
 id: CVE-2021-43734
 
 info:
-  name: kkFileview v4.0.0 - Directory Traversal
+  name: kkFileview v4.0.0 - Local File Inclusion
   author: arafatansari
   severity: high
   description: |
-    kkFileview v4.0.0 has arbitrary file read through a directory traversal vulnerability which may lead to sensitive file leak on related host.
+    kkFileview v4.0.0 is vulnerable to local file inclusion which may lead to a sensitive file leak on a related host.
   reference:
     - https://github.com/kekingcn/kkFileView/issues/304
     - https://nvd.nist.gov/vuln/detail/CVE-2021-43734
@@ -37,3 +37,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2023/01/15

cves/2021/CVE-2021-44451.yaml

@@ -1,11 +1,12 @@
 id: CVE-2021-44451
 
 info:
-  name: Apache Superset - Default Login
+  name: Apache Superset <=1.3.2 - Default Login
   author: dhiyaneshDK
   severity: medium
   description: |
-    Apache Superset up to and including 1.3.2 allowed for registered database connections password leak for authenticated users. This information could be accessed in a non-trivial way.
+    Apache Superset through 1.3.2 contains a default login vulnerability via registered database connections for authenticated users. An attacker can obtain access to user accounts and thereby obtain sensitive information, modify data, and/or execute unauthorized operations.
+  remediation: Upgrade to Apache Superset 1.4.0 or higher.
   reference:
     - https://github.com/detectify/ugly-duckling/blob/master/modules/crowdsourced/apache-superset-default-credentials.json
     - https://lists.apache.org/thread/xww1pccs2ckb5506wrf1v4lmxg198vkb
@@ -66,3 +67,5 @@ requests:
         regex:
           - 'name="csrf_token" type="hidden" value="(.*)"'
         internal: true
+
+# Enhanced by md on 2023/01/06

cves/2022/CVE-2022-0784.yaml

@@ -1,11 +1,11 @@
 id: CVE-2022-0784
 
 info:
-  name: Title Experiments Free < 9.0.1 - Unauthenticated SQLi
+  name: WordPress Title Experiments Free <9.0.1 - SQL Injection
   author: theamanrawat
   severity: critical
   description: |
-    The Title Experiments Free WordPress plugin before 9.0.1 does not sanitise and escape the id parameter before using it in a SQL statement via the wpex_titles AJAX action (available to unauthenticated users), leading to an unauthenticated SQL injection.
+    WordPress Title Experiments Free plugin before 9.0.1 contains a SQL injection vulnerability. The plugin does not sanitize and escape the id parameter before using it in a SQL statement via the wpex_titles AJAX action, available to unauthenticated users. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
   reference:
     - https://wpscan.com/vulnerability/6672b59f-14bc-4a22-9e0b-fcab4e01d97f
     - https://wordpress.org/plugins/wp-experiments-free/
@@ -37,3 +37,5 @@ requests:
           - 'contains(content_type, "text/html")'
           - 'contains(body, "{\"images\":")'
         condition: and
+
+# Enhanced by md on 2023/01/06

cves/2022/CVE-2022-0786.yaml

@@ -1,11 +1,11 @@
 id: CVE-2022-0786
 
 info:
-  name: KiviCare < 2.3.9 - Unauthenticated SQLi
+  name: WordPress KiviCare <2.3.9 - SQL Injection
   author: theamanrawat
   severity: critical
   description: |
-    The plugin does not sanitise and escape some parameters before using them in SQL statements via the ajax_post AJAX action with the get_doctor_details route, leading to SQL Injections exploitable by unauthenticated users.
+    WordPress KiviCare plugin before 2.3.9 contains a SQL injection vulnerability. The plugin does not sanitize and escape some parameters before using them in SQL statements via the ajax_post AJAX action with the get_doctor_details route. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
   reference:
     - https://wpscan.com/vulnerability/53f493e9-273b-4349-8a59-f2207e8f8f30
     - https://wordpress.org/plugins/kivicare-clinic-management-system/
@@ -34,3 +34,5 @@ requests:
           - 'contains(content_type, "text/html")'
           - 'contains(body, "Doctor details")'
         condition: and
+
+# Enhanced by md on 2023/01/06

cves/2022/CVE-2022-0826.yaml

@@ -1,11 +1,11 @@
 id: CVE-2022-0826
 
 info:
-  name: WP Video Gallery <= 1.7.1 - Unauthenticated SQLi
+  name: WordPress WP Video Gallery <=1.7.1 - SQL Injection
   author: theamanrawat
   severity: critical
   description: |
-    The WP Video Gallery WordPress plugin through 1.7.1 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users.
+    WordPress WP Video Gallery plugin through 1.7.1 contains a SQL injection vulnerability. The plugin does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
   reference:
     - https://wpscan.com/vulnerability/7a3eed3b-c643-4e24-b833-eba60ab631c5
     - https://wordpress.org/plugins/wp-video-gallery-free/
@@ -37,3 +37,5 @@ requests:
           - 'contains(content_type, "text/html")'
           - 'contains(body, "Registred videos :")'
         condition: and
+
+# Enhanced by md on 2023/01/06

cves/2022/CVE-2022-0948.yaml

@@ -1,16 +1,16 @@
 id: CVE-2022-0948
 
 info:
-  name: Order Listener for WooCommerce < 3.2.2 - Unauthenticated SQLi
+  name: WordPress Order Listener for WooCommerce <3.2.2 - SQL Injection
   author: theamanrawat
   severity: critical
   description: |
-    The Order Listener for WooCommerce WordPress plugin before 3.2.2 does not sanitise and escape the id parameter before using it in a SQL statement via a REST route available to unauthenticated users, leading to an SQL injection.
+    WordPress Order Listener for WooCommerce plugin before 3.2.2 contains a SQL injection vulnerability. The plugin does not sanitize and escape the id parameter before using it in a SQL statement via a REST route. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
   reference:
     - https://wpscan.com/vulnerability/daad48df-6a25-493f-9d1d-17b897462576
     - https://wordpress.org/plugins/woc-order-alert/
-    - https://nvd.nist.gov/vuln/detail/CVE-2022-0948
     - https://plugins.trac.wordpress.org/changeset/2707223
+    - https://nvd.nist.gov/vuln/detail/CVE-2022-0948
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.8
@@ -43,3 +43,5 @@ requests:
           - 'contains(content_type_1, "application/json")'
           - 'contains(body_2, "olistener-action.olistener-controller")'
         condition: and
+
+# Enhanced by md on 2023/01/06

cves/2022/CVE-2022-1595.yaml

@@ -1,11 +1,11 @@
 id: CVE-2022-1595
 
 info:
-  name: HC Custom WP-Admin URL - 1.4 - Unauthenticated Secret URL Disclosure
+  name: WordPress HC Custom WP-Admin URL <=1.4 - Admin Login URL Disclosure
   author: theamanrawat
   severity: medium
   description: |
-    The HC Custom WP-Admin URL WordPress plugin through 1.4 leaks the secret login URL when sending a specific crafted request.
+    WordPress HC Custom WP-Admin URL plugin through 1.4 leaks the secret login URL when sending a specially crafted request, thereby allowing an attacker to discover the administrative login URL.
   reference:
     - https://wpscan.com/vulnerability/0218c90c-8f79-4f37-9a6f-60cf2f47d47b
     - https://wordpress.org/plugins/hc-custom-wp-admin-url/
@@ -38,3 +38,5 @@ requests:
       - type: status
         status:
           - 302
+
+# Enhanced by md on 2023/01/06

cves/2022/CVE-2022-23854.yaml

@@ -1,13 +1,14 @@
 id: CVE-2022-23854
 
 info:
-  name: AVEVA InTouch Access Anywhere Secure Gateway - Path Traversal
+  name: AVEVA InTouch Access Anywhere Secure Gateway - Local File Inclusion
   author: For3stCo1d
   severity: high
   description: |
-    AVEVA Group plc is a marine and plant engineering IT company headquartered in Cambridge, England. AVEVA software is used in many sectors, including on- and off-shore oil and gas processing, chemicals, pharmaceuticals, nuclear and conventional power generation, nuclear fuel reprocessing, recycling and shipbuilding (https://www.aveva.com).
+    AVEVA InTouch Access Anywhere Secure Gateway is vulnerable to local file inclusion.
   reference:
     - https://packetstormsecurity.com/files/cve/CVE-2022-23854
+    - https://www.aveva.com
     - https://crisec.de/advisory-aveva-intouch-access-anywhere-secure-gateway-path-traversal
     - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23854
     - https://www.cisa.gov/uscert/ics/advisories/icsa-22-342-02
@@ -42,3 +43,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2023/01/15

cves/2022/CVE-2022-26138.yaml

@@ -1,16 +1,16 @@
 id: CVE-2022-26138
 
 info:
-  name: Questions For Confluence - Hardcoded Credentials
+  name: Atlassian Questions For Confluence - Hardcoded Credentials
   author: HTTPVoid
   severity: critical
   description: |
-    A remote, unauthenticated attacker with knowledge of the hardcoded password could exploit this to log into Confluence and access all content accessible to users in the confluence-users group.
+    Atlassian Questions For Confluence contains a hardcoded credentials vulnerability. When installing versions 2.7.34, 2.7.35, and 3.0.2, a Confluence user account is created in the confluence-users group with the username disabledsystemuser and a hardcoded password. A remote, unauthenticated attacker with knowledge of the hardcoded password can exploit this vulnerability to log into Confluence and access all content accessible to users in the confluence-users group.
   reference:
     - https://twitter.com/fluepke/status/1549892089181257729
     - https://confluence.atlassian.com/doc/questions-for-confluence-security-advisory-2022-07-20-1142446709.html
-    - https://nvd.nist.gov/vuln/detail/CVE-2022-26138
     - https://confluence.atlassian.com/doc/confluence-security-advisory-2022-07-20-1142446709.html
+    - https://nvd.nist.gov/vuln/detail/CVE-2022-26138
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.8
@@ -40,3 +40,5 @@ requests:
       - type: dsl
         dsl:
           - 'location == "/httpvoid.action"'
+
+# Enhanced by md on 2023/01/06

cves/2022/CVE-2022-27593.yaml

@@ -1,16 +1,15 @@
 id: CVE-2022-27593
 
 info:
-  name: QNAP QTS Photo Station External Reference
+  name: QNAP QTS Photo Station External Reference - Local File Inclusion
   author: allenwest24
   severity: critical
   description: |
-    An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, This could allow an attacker to modify system files. We have already fixed the vulnerability in the following versions: QTS 5.0.1: Photo Station 6.1.2 and later QTS 5.0.0/4.5.x: Photo Station 6.0.22 and later QTS 4.3.6: Photo Station 5.7.18 and later QTS 4.3.3: Photo Station 5.4.15 and later QTS 4.2.6: Photo Station 5.2.14 and later
+    QNAP QTS Photo Station External Reference is vulnerable to local file inclusion via an externally controlled reference to a resource vulnerability. If exploited, this could allow an attacker to modify system files. The vulnerability is fixed in the following versions: QTS 5.0.1: Photo Station 6.1.2 and later QTS 5.0.0/4.5.x: Photo Station 6.0.22 and later QTS 4.3.6: Photo Station 5.7.18 and later QTS 4.3.3: Photo Station 5.4.15 and later QTS 4.2.6: Photo Station 5.2.14 and later.
   reference:
     - https://attackerkb.com/topics/7We3SjEYVo/cve-2022-27593
     - https://www.qnap.com/en/security-advisory/qsa-22-24
     - https://nvd.nist.gov/vuln/detail/CVE-2022-27593
-    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27593
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
     cvss-score: 9.1
@@ -39,3 +38,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2023/01/15

cves/2022/CVE-2022-2863.yaml

@@ -1,15 +1,15 @@
 id: CVE-2022-2863
 
 info:
-  name: WordPress WPvivid Backup < 0.9.76 - Local File Inclusion
+  name: WordPress WPvivid Backup <0.9.76 - Local File Inclusion
   author: tehtbl
   severity: medium
-  description: The plugin does not sanitise and validate a parameter before using it to read the content of a file, allowing high privilege users to read any file from the web server via a Traversal attack.
+  description: WordPress WPvivid Backup version 0.9.76 is vulnerable to local file inclusion because the plugin does not sanitize and validate a parameter before using it to read the content of a file, allowing high privilege users to read any file from the web server.
   reference:
     - https://seclists.org/fulldisclosure/2022/Oct/0
     - https://wpscan.com/vulnerability/cb6a3304-2166-47a0-a011-4dcacaa133e5
-    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2863
     - http://packetstormsecurity.com/files/168616/WordPress-WPvivid-Backup-Path-Traversal.html
+    - https://nvd.nist.gov/vuln/detail/CVE-2022-2863
   remediation: Upgrade to version 0.9.76 or later.
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
@@ -56,3 +56,5 @@ requests:
         regex:
           - '"_ajax_nonce":"([0-9a-z]+)"'
         internal: true
+
+# Enhanced by mp on 2023/01/15

cves/2022/CVE-2022-31656.yaml

@@ -1,15 +1,14 @@
 id: CVE-2022-31656
 
 info:
-  name: VMware - Authentication Bypass
+  name: VMware - Local File Inclusion
   author: DhiyaneshDk
   severity: critical
   description: |
-    VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.
+    VMware Workspace ONE Access, Identity Manager, and Realize Automation are vulnerable to local file inclusion because they contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.
   reference:
     - https://petrusviet.medium.com/dancing-on-the-architecture-of-vmware-workspace-one-access-eng-ad592ae1b6dd
     - https://www.vmware.com/security/advisories/VMSA-2022-0021.html
-    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31656
     - https://nvd.nist.gov/vuln/detail/CVE-2022-31656
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
@@ -43,3 +42,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2023/01/15

cves/2022/CVE-2022-31793.yaml

@@ -1,16 +1,14 @@
 id: CVE-2022-31793
 
 info:
-  name: muhttpd <= 1.1.5 - Path traversal
+  name: muhttpd <=1.1.5 - Local Inclusion
   author: scent2d
   severity: high
   description: |
-    A Path traversal vulnerability exists in versions muhttpd 1.1.5 and earlier. The vulnerability is directly requestable to files within the file system.
+    muhttpd 1.1.5 and before are vulnerable to unauthenticated local file inclusion. The vulnerability allows retrieval of files from the file system.
   reference:
     - https://derekabdine.com/blog/2022-arris-advisory.html
-    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31793
     - https://nvd.nist.gov/vuln/detail/CVE-2022-31793
-    - https://derekabdine.com/blog/2022-arris-advisory
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
     cvss-score: 7.5
@@ -36,3 +34,5 @@ network:
         encoding: hex
         words:
           - "726f6f743a"
+
+# Enhanced by mp on 2023/01/15

cves/2022/CVE-2022-34121.yaml

@@ -5,11 +5,11 @@ info:
   author: edoardottt
   severity: high
   description: |
-    Cuppa CMS v1.0 was discovered to contain a local file inclusion (LFI) vulnerability via the component /templates/default/html/windows/right.php.
+    Cuppa CMS v1.0 is vulnerable to local file inclusion via the component /templates/default/html/windows/right.php.
   reference:
     - https://github.com/hansmach1ne/MyExploits/tree/main/LFI_in_CuppaCMS_templates
-    - https://nvd.nist.gov/vuln/detail/CVE-2022-34121
     - https://github.com/CuppaCMS/CuppaCMS/issues/18
+    - https://nvd.nist.gov/vuln/detail/CVE-2022-34121
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
     cvss-score: 7.5
@@ -37,3 +37,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2023/01/15

cves/2022/CVE-2022-35413.yaml

@@ -1,15 +1,16 @@
 id: CVE-2022-35413
 
 info:
-  name: Wapples Web Application Firewall - Hardcoded credentials
+  name: WAPPLES Web Application Firewall <=6.0 - Hardcoded Credentials
   author: For3stCo1d
   severity: critical
   description: |
-    WAPPLES through 6.0 has a hardcoded systemi account accessible via db/wp.no1 (as configured in the /opt/penta/wapples/script/wcc_auto_scaling.py file). A threat actor could use this account to access the system configuration and confidential information (such as SSL keys) via an HTTPS request to the /webapi/ URI on port 443 or 5001.
+    WAPPLES Web Application Firewall through 6.0 contains a hardcoded credentials vulnerability. It contains a hardcoded system account accessible via db/wp.no1, as configured in the /opt/penta/wapples/script/wcc_auto_scaling.py file. An attacker can use this account to access system configuration and confidential information, such as SSL keys, via an HTTPS request to the /webapi/ URI on port 443 or 5001.
   reference:
     - https://medium.com/@_sadshade/wapples-web-application-firewall-multiple-vulnerabilities-35bdee52c8fb
     - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35413
     - https://azuremarketplace.microsoft.com/en/marketplace/apps/penta-security-systems-inc.wapples_sa_v6?tab=Overview
+    - https://nvd.nist.gov/vuln/detail/CVE-2022-35413
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.8
@@ -53,3 +54,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by md on 2023/01/06

cves/2022/CVE-2022-36642.yaml

@@ -1,15 +1,15 @@
 id: CVE-2022-36642
 
 info:
-  name: Omnia MPX 1.5.0+r1 - Path Traversal
+  name: Omnia MPX 1.5.0+r1 - Local File Inclusion
   author: arafatansari,ritikchaddha,For3stCo1d
   severity: critical
   description: |
-    A local file disclosure vulnerability in /appConfig/userDB.json of Telos Alliance Omnia MPX Node through 1.5.0+r1 allows attackers to escalate privileges to root and execute arbitrary commands.
+    Telos Alliance Omnia MPX Node through 1.5.0+r1 is vulnerable to local file inclusion via logs/downloadMainLog. By retrieving userDB.json allows an attacker to retrieve cleartext credentials and escalate privileges via the control panel.
   reference:
     - https://www.exploit-db.com/exploits/50996
-    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36642
     - https://cyber-guy.gitbook.io/cyber-guy/pocs/omnia-node-mpx-auth-bypass-via-lfd
+    - https://nvd.nist.gov/vuln/detail/CVE-2022-36642
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.8
@@ -41,3 +41,5 @@ requests:
           - '"mustChangePwd":'
           - '"roleUser":'
         condition: and
+
+# Enhanced by mp on 2023/01/15

cves/2022/CVE-2022-37299.yaml

@@ -1,14 +1,14 @@
 id: CVE-2022-37299
 
 info:
-  name: Shirne CMS 1.2.0. - Path Traversal
+  name: Shirne CMS 1.2.0 - Local File Inclusion
   author: pikpikcu
   severity: medium
-  description: Shirne CMS 1.2.0 There is a Path Traversal vulnerability which could cause arbitrary file read via /static/ueditor/php/controller.php
+  description: Shirne CMS 1.2.0 is vulnerable to local file inclusion which could cause arbitrary file read via /static/ueditor/php/controller.php.
   reference:
     - https://twitter.com/pikpikcu/status/1568316864690028544
-    - https://nvd.nist.gov/vuln/detail/CVE-2022-37299
     - https://gitee.com/shirnecn/ShirneCMS/issues/I5JRHJ?from=project-issue
+    - https://nvd.nist.gov/vuln/detail/CVE-2022-37299
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
     cvss-score: 6.5
@@ -38,3 +38,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2023/01/15

cves/2022/CVE-2022-3768.yaml

@@ -1,17 +1,17 @@
 id: CVE-2022-3768
 
 info:
-  name: WPSmartContracts < 1.3.12 - Author SQLi
+  name: WordPress WPSmartContracts <1.3.12 - SQL Injection
   author: Hardik-Solanki
   severity: high
   description: |
-    The WPSmartContracts WordPress plugin before 1.3.12 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as author
+    WordPress WPSmartContracts plugin before 1.3.12 contains a SQL injection vulnerability. The plugin does not properly sanitize and escape a parameter before using it in a SQL statement. An attacker with a role as low as author can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations.
   reference:
     - https://wpscan.com/vulnerability/1d8bf5bb-5a17-49b7-a5ba-5f2866e1f8a3
     - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3768
-    - https://nvd.nist.gov/vuln/detail/CVE-2022-3768
     - https://cve.report/CVE-2022-3768
-  remediation: Fixed in version 1.3.12
+    - https://nvd.nist.gov/vuln/detail/CVE-2022-3768
+  remediation: Fixed in version 1.3.12.
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 8.8
@@ -45,3 +45,5 @@ requests:
           - 'contains(content_type_2, "text/html")'
           - 'contains(body_2, "Batch Mint NFTs")'
         condition: and
+
+# Enhanced by md on 2023/01/06

cves/2022/CVE-2022-38794.yaml

@@ -5,10 +5,9 @@ info:
   author: pikpikcu
   severity: high
   description: |
-    Zaver through 2020-12-15 allows directory traversal via the GET /.. substring.
+    Zaver through 2020-12-15  is vulnerable to local file inclusion via the GET /.. substring.
   reference:
     - https://github.com/zyearn/zaver/issues/22
-    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38794
     - https://nvd.nist.gov/vuln/detail/CVE-2022-38794
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
@@ -32,3 +31,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2023/01/15

cves/2022/CVE-2022-4050.yaml

@@ -1,11 +1,11 @@
 id: CVE-2022-4050
 
 info:
-  name: JoomSport < 5.2.8 - Unauthenticated SQLi
+  name: WordPress JoomSport <5.2.8 - SQL Injection
   author: theamanrawat
   severity: critical
   description: |
-    The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users.
+    WordPress JoomSport plugin before 5.2.8 contains a SQL injection vulnerability. The plugin does not properly sanitize and escape a parameter before using it in a SQL statement. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations.
   reference:
     - https://wpscan.com/vulnerability/5c96bb40-4c2d-4e91-8339-e0ddce25912f
     - https://wordpress.org/plugins/joomsport-sports-league-results-management/
@@ -37,3 +37,5 @@ requests:
           - 'contains(content_type, "text/html")'
           - 'contains(body, "jscaruselcont jsview2")'
         condition: and
+
+# Enhanced by md on 2023/01/06

cves/2022/CVE-2022-40734.yaml

@@ -1,11 +1,11 @@
 id: CVE-2022-40734
 
 info:
-  name: UniSharp aka Laravel Filemanager v2.5.1 - Directory Traversal
+  name: Laravel Filemanager v2.5.1 - Local File Inclusion
   author: arafatansari
   severity: medium
   description: |
-    UniSharp laravel-filemanager (aka Laravel Filemanager) through 2.5.1 allows download?working_dir=%2F.. directory traversal to read arbitrary files.
+    Laravel Filemanager (aka UniSharp) through version 2.5.1 is vulnerable to local file inclusion via download?working_dir=%2F.
   reference:
     - https://github.com/UniSharp/laravel-filemanager/issues/1150
     - https://nvd.nist.gov/vuln/detail/CVE-2022-40734
@@ -30,3 +30,5 @@ requests:
       - type: regex
         regex:
           - "root:[x*]:0:0"
+
+# Enhanced by mp on 2023/01/15

cves/2022/CVE-2022-40881.yaml

@@ -5,7 +5,7 @@ info:
   author: For3stCo1d
   severity: critical
   description: |
-    SolarView Compact 6.00 was discovered to contain a command injection vulnerability via network_test.php
+    SolarView Compact 6.00 is vulnerable to a command injection via network_test.php.
   reference:
     - https://github.com/Timorlover/SolarView_Compact_6.0_rce_via_network_test.php
     - https://github.com/advisories/GHSA-wx3r-88rg-whxq
@@ -42,3 +42,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2023/01/15

cves/2022/CVE-2022-41840.yaml

@@ -1,16 +1,16 @@
 id: CVE-2022-41840
 
 info:
-  name: Welcart eCommerce <= 2.7.7 - Unauth Directory Traversal
+  name: Welcart eCommerce <=2.7.7 - Local File Inclusion
   author: theamanrawat
   severity: critical
   description: |
-    Unauth. Directory Traversal vulnerability in Welcart eCommerce plugin <= 2.7.7 on WordPress.
+    Welcart eCommerce 2.7.7 and before are vulnerable to unauthenticated local file inclusion.
   reference:
     - https://patchstack.com/database/vulnerability/usc-e-shop/wordpress-welcart-e-commerce-plugin-2-7-7-unauth-directory-traversal-vulnerability
     - https://wordpress.org/plugins/usc-e-shop/
-    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41840
     - https://patchstack.com/database/vulnerability/usc-e-shop/wordpress-welcart-e-commerce-plugin-2-7-7-unauth-directory-traversal-vulnerability?_s_id=cve
+    - https://nvd.nist.gov/vuln/detail/CVE-2022-41840
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.8
@@ -40,3 +40,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2023/01/15

cves/2022/CVE-2022-4260.yaml

@@ -1,16 +1,16 @@
 id: CVE-2022-4260
 
 info:
-  name: WP-Ban < 1.69.1 - Admin Stored XSS
+  name: WordPress WP-Ban <1.69.1 - Stored Cross-Site Scripting
   author: Hardik-Solanki
   severity: medium
   description: |
-    The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
+    WordPress WP-Ban plugin before 1.69.1 contains a stored cross-site scripting vulnerability. The plugin does not sanitize and escape some of its settings, which can allow high-privilege users to steal cookie-based authentication credentials and launch other attacks. This vulnerability can be exploited even when the unfiltered_html capability is disallowed, for example in multisite setup.
+  remediation: Fixed in version 1.69.1.
   reference:
     - https://wpscan.com/vulnerability/d0cf24be-df87-4e1f-aae7-e9684c88e7db
     - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4260
     - https://drive.google.com/file/d/11nQ21cQ9irajYqNqsQtNrLJOkeRcwCXn/view?usp=drivesdk
-  remediation: Fixed in version 1.69.1
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 4.8
@@ -66,3 +66,5 @@ requests:
         regex:
           - '_wpnonce=([0-9a-z]+)'
         internal: true
+
+# Enhanced by md on 2023/01/06

cves/2022/CVE-2022-46381.yaml

@@ -1,14 +1,15 @@
 id: CVE-2022-46381
 
 info:
-  name: Certain Linear eMerge E3-Series - Cross Site Scripting
+  name: Linear eMerge E3-Series - Cross-Site Scripting
   author: arafatansari
   severity: medium
   description: |
-    Certain Linear eMerge E3-Series devices are vulnerable to XSS via the type parameter (e.g., to the badging/badge_template_v0.php component). This affects 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e.
+    Linear eMerge E3-Series devices contain a cross-site scripting vulnerability via the type parameter, e.g., to the badging/badge_template_v0.php component. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site and thus steal cookie-based authentication credentials and launch other attacks. This affects versions 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e.
   reference:
     - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46381
     - https://github.com/omarhashem123/Security-Research/blob/main/CVE-2022-46381/CVE-2022-46381.txt
+    - https://nvd.nist.gov/vuln/detail/CVE-2022-46381
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -35,3 +36,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by md on 2023/01/06

default-logins/3com/3com-nj2000-default-login.yaml

@@ -1,12 +1,16 @@
 id: 3com-nj2000-default-login
 
 info:
-  name: 3COM NJ2000 Default Login
+  name: 3COM NJ2000 - Default Login
   author: daffainfo
   severity: high
-  description: 3COM NJ2000 default admin credentials were discovered.
+  description: 3COM NJ2000 contains a default login vulnerability. Default admin login password of 'password' was found. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
   reference:
     - https://www.manualslib.com/manual/204158/3com-Intellijack-Nj2000.html?page=12
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
+    cvss-score: 8.3
+    cwe-id: CWE-522
   metadata:
     verified: true
     shodan-query: http.title:"ManageEngine Password"
@@ -34,3 +38,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by md on 2023/01/06

default-logins/aem/aem-felix-console.yaml

@@ -1,13 +1,17 @@
 id: aem-felix-console
 
 info:
-  name: AEM Felix Console
+  name: Adobe Experience Manager Felix Console - Default Login
   author: DhiyaneshDk
   severity: high
-  description: Felix Console is exposed, you may get RCE by installing OSGI bundle.
+  description: Adobe Experience Manager Felix Console contains a default admin login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations. Remote code execution may also be possible via installation of OSGI bundle.
   reference:
     - https://github.com/0ang3el/aem-hacker/blob/master/aem_hacker.py
     - https://github.com/0ang3el/aem-rce-bundle
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
+    cvss-score: 8.3
+    cwe-id: CWE-522
   metadata:
     shodan-query:
       - http.title:"AEM Sign In"
@@ -45,3 +49,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by md on 2023/01/06

default-logins/apache/karaf-default-login.yaml

@@ -1,12 +1,16 @@
 id: karaf-default-login
 
 info:
-  name: Apache Karaf Default Login
+  name: Apache Karaf - Default Login
   author: s0obi
   severity: high
-  description: Apache Karaf default login credentials were discovered.
+  description: Apache Karaf contains a default login vulnerability. Default login credentials were detected. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
   reference:
     - https://karaf.apache.org/manual/latest/webconsole
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
+    cvss-score: 8.3
+    cwe-id: CWE-522
   metadata:
     verified: true
     shodan-query: realm="karaf"
@@ -34,3 +38,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by md on 2023/01/06

default-logins/apache/ranger-default-login.yaml

@@ -1,10 +1,16 @@
 id: ranger-default-login
 
 info:
-  name: Apache Ranger Default Login
+  name: Apache Ranger - Default Login
   author: For3stCo1d
   severity: high
-  reference: https://github.com/apache/ranger
+  description: Apache Ranger contains a default login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
+  reference:
+    - https://github.com/apache/ranger
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
+    cvss-score: 8.3
+    cwe-id: CWE-522
   metadata:
     shodan-query: http.title:"Ranger - Sign In"
   tags: apache,ranger,default-login
@@ -37,3 +43,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by md on 2023/01/06

default-logins/audiocodes/audiocodes-default-login.yaml

@@ -1,10 +1,10 @@
 id: audiocodes-default-login
 
 info:
-  name: Audiocodes 310HD, 320HD, 420HD, 430HD & 440HD Default Login
+  name: AudioCodes 310HD, 320HD, 420HD, 430HD & 440HD - Default Login
   author: d4vy
   severity: high
-  description: Audiocodes 310HD, 320HD, 420HD, 430HD & 440HD default login credentials were discovered.
+  description: AudioCodes devices 310HD, 320HD, 420HD, 430HD & 440HD contain a default login vulnerability. Default login credentials were discovered. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
   reference:
     - https://wiki.freepbx.org/display/FPG/Supported+Devices-Audio+Codes#:~:text=Reset%20to%20Factory%20Defaults,-Press%20the%20Menu&text=Then%2C%20enter%20the%20Admin%20password,is%20%221234%22%20by%20default
   classification:
@@ -43,3 +43,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by md on 2023/01/06

default-logins/datahub/datahub-metadata-default-login.yaml

@@ -1,11 +1,16 @@
 id: datahub-metadata-default-login
 
 info:
-  name: DataHub Metadata Default Login
+  name: DataHub Metadata - Default Login
   author: queencitycyber
   severity: high
+  description: DataHub Metadata contains a default login vulnerability.  An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
   reference:
     - https://github.com/datahub-project/datahub/blob/master/docs/rfc/active/access-control/access-control.md
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
+    cvss-score: 8.3
+    cwe-id: CWE-522
   metadata:
     verified: true
     shodan-query: http.title:"DataHub"
@@ -37,3 +42,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by md on 2023/01/06

default-logins/dataiku/dataiku-default-login.yaml

@@ -1,12 +1,16 @@
 id: dataiku-default-login
 
 info:
-  name: Dataiku Default Login
+  name: Dataiku - Default Login
   author: random-robbie
   severity: high
-  description: Dataiku default login which allows SSRF/RCE etc.
+  description: Dataiku contains a default login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations. This vulnerability may also lead to server-side request forgery and/or remote code execution.
   reference:
     - https://www.dataiku.com
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
+    cvss-score: 8.3
+    cwe-id: CWE-522
   metadata:
     verified: true
     shodan-query: title:"dataiku"
@@ -31,3 +35,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by md on 2023/01/06

default-logins/hybris/hybris-default-login.yaml

@@ -1,9 +1,10 @@
 id: hybris-default-login
 
 info:
-  name: Hybris Default Login
+  name: Hybris - Default Login
   author: princechaddha
   severity: high
+  description: Hybris contains a default login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
     cvss-score: 8.3
@@ -60,3 +61,5 @@ requests:
         group: 1
         regex:
           - '<meta name="_csrf" content="([a-z0-9-]+)" \/>'
+
+# Enhanced by md on 2023/01/06

default-logins/kanboard-default-login.yaml

@@ -1,14 +1,18 @@
 id: kanboard-default-login
 
 info:
-  name: Kanboard Default Login
+  name: Kanboard - Default Login
   author: shelled
   severity: high
-  description: Kanboard default login was discovered.
+  description: Kanboard contains a default login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
   reference:
     - https://twitter.com/0x_rood/status/1607068644634157059
     - https://github.com/kanboard/kanboard
     - https://docs.kanboard.org/v1/admin/installation/
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
+    cvss-score: 8.3
+    cwe-id: CWE-522
   metadata:
     verified: true
     shodan-query: http.favicon.hash:2056442365
@@ -58,3 +62,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by md on 2023/01/06

default-logins/kettle/kettle-default-login.yaml

@@ -1,9 +1,14 @@
 id: kettle-default-login
 
 info:
-  name: Kettle Default Login
+  name: Kettle - Default Login
   author: For3stCo1d
   severity: medium
+  description: Kettle contains a default login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
+    cvss-score: 5.8
+    cwe-id: CWE-522
   metadata:
     verified: true
     shodan-query: basic realm="Kettle"
@@ -33,3 +38,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by md on 2023/01/06

default-logins/lutron/lutron-default-login.yaml

@@ -1,12 +1,17 @@
 id: lutron-default-login
 
 info:
-  name: Lutron Device Default Login
+  name: Lutron - Default Login
   author: geeknik
   severity: high
+  description: Multiple Lutron devices contain a default login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
   reference:
     - https://www.lutron.com
     - https://vulners.com/openvas/OPENVAS:1361412562310113206
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
+    cvss-score: 5.8
+    cwe-id: CWE-522
   tags: default-login,lutron,iot
 
 requests:
@@ -39,3 +44,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by md on 2023/01/06

default-logins/mobotix/mobotix-default-login.yaml

@@ -1,10 +1,10 @@
 id: mobotix-default-credentials
 
 info:
-  name: Mobotix Webcam Default Admin Credentials
+  name: Mobotix - Default Login
   author: robotshell
   severity: high
-  description: Mobotix Camera default admin login credentials.
+  description: Mobotix contains a default admin login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
   reference:
     - https://www.mobotix.com/sites/default/files/2020-01/mx_RM_CameraSoftwareManual_en_200131.pdf
   classification:
@@ -40,3 +40,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by md on 2023/01/06

default-logins/nsicg/nsicg-default-login.yaml

@@ -1,13 +1,17 @@
 id: nsicg-default-login
 
 info:
-  name: Ns-icg Default Login
+  name: Netentsec NS-ICG - Default Login
   author: pikpikcu
   severity: high
   description: |
-    There is a weak password vulnerability in NetentSec Internet Control Gateway ns-icg of Beijing NetentScience and Technology Co., Ltd., which allows attackers to successfully log in to the system and obtain sensitive information by exploiting this loophole.
+    Netentsec NS-ICG contains a default login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
   reference: |
     - https://www.cnvd.org.cn/flaw/show/CNVD-2016-08603
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
+    cvss-score: 8.3
+    cwe-id: CWE-522
   metadata:
     verified: true
     fofa-query: "NS-ICG"
@@ -46,3 +50,5 @@ requests:
           - 'status_code_2 == 200'
           - contains(body_2, "var loguser = \'ns25000")
         condition: and
+
+# Enhanced by md on 2023/01/09

default-logins/oracle/peoplesoft-default-login.yaml

@@ -1,10 +1,10 @@
 id: peoplesoft-default-login
 
 info:
-  name: Oracle PeopleSoft Default Login
+  name: Oracle PeopleSoft - Default Login
   author: LogicalHunter
   severity: high
-  description: Oracle peoplesoft default admin credentials were discovered.
+  description: Oracle PeopleSoft contains a default admin login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
   reference:
     - https://www.oracle.com/applications/peoplesoft/
     - https://erpscan.io/press-center/blog/peoplesoft-default-accounts/
@@ -81,3 +81,5 @@ requests:
       - type: status
         status:
           - 302
+
+# Enhanced by md on 2023/01/09

default-logins/others/kingsoft-v8-default-login.yaml

@@ -1,11 +1,16 @@
 id: kingsoft-v8-default-login
 
 info:
-  name: Kingsoft V8 Default Login
+  name: Kingsoft 8 - Default Login
   author: ritikchaddha
   severity: high
+  description: Kingsoft version 8 contains a default login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
   reference:
     - https://idc.wanyunshuju.com/aqld/2123.html
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
+    cvss-score: 8.3
+    cwe-id: CWE-522
   tags: kingsoft,default-login
 
 requests:
@@ -37,3 +42,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by md on 2023/01/09

default-logins/others/opencats-default-login.yaml

@@ -1,10 +1,10 @@
 id: opencats-default-login
 
 info:
-  name: OpenCATS Default Login
+  name: OpenCATS - Default Login
   author: arafatansari
   severity: high
-  description: OpenCATS default admin login information was discovered.
+  description: OpenCATS contains a default admin login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
     cvss-score: 8.3
@@ -52,3 +52,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by md on 2023/01/09

default-logins/phpmyadmin/phpmyadmin-default-login.yaml

@@ -1,18 +1,21 @@
 id: phpmyadmin-default-login
 
 info:
-  name: phpMyAdmin Default Login
+  name: phpMyAdmin - Default Login
   author: Natto97
   severity: high
-  description: phpMyAdmin default admin credentials were discovered
+  description: phpMyAdmin contains a default login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
   reference:
     - https://www.phpmyadmin.net
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
+    cvss-score: 8.3
+    cwe-id: CWE-522
   metadata:
     verified: true
     shodan-query: http.title:phpMyAdmin
   tags: default-login,phpmyadmin
 
-
 requests:
   - raw:
       - |
@@ -71,3 +74,5 @@ requests:
           - status_code_2 == 302
           - contains(all_headers_2, 'index.php?collation_connection=utf8mb4_unicode_ci') || contains(all_headers_2, '/index.php?route=/&route=%2F')
         condition: and
+
+# Enhanced by md on 2023/01/09

default-logins/prtg/prtg-default-login.yaml

@@ -1,10 +1,10 @@
 id: prtg-default-login
 
 info:
-  name: PRTG Network Monitor Default Login
+  name: PRTG Network Monitor - Hardcoded Credentials
   author: johnk3r
   severity: high
-  description: PRTG default admin credentials were discovered.
+  description: PRTG Network Monitor contains a hardcoded credential vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
   reference:
     - https://www.paessler.com/manuals/prtg/login
   classification:
@@ -41,3 +41,5 @@ requests:
       - type: status
         status:
           - 302
+
+# Enhanced by md on 2023/01/09

default-logins/ruckus/ruckus-wireless-default-login.yaml

@@ -1,14 +1,19 @@
 id: ruckus-wireless-default-login
 
 info:
-  name: Ruckus Wireless Admin Default Login Credential
+  name: Ruckus Wireless - Default Login
   author: pussycat0x
   severity: critical
+  description: Ruckus Wireless router contains a default admin login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
+  reference:
+    - https://docs.commscope.com/bundle/fastiron-08092-securityguide/page/GUID-32D3BB01-E600-4FBE-B555-7570B5024D34.html
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
+    cvss-score: 8.3
+    cwe-id: CWE-522
   metadata:
     verified: true
     shodan-query: title:"ruckus"
-  reference:
-    - https://docs.commscope.com/bundle/fastiron-08092-securityguide/page/GUID-32D3BB01-E600-4FBE-B555-7570B5024D34.html
   tags: default-login,router,ruckus
 
 requests:
@@ -42,3 +47,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by md on 2023/01/09

default-logins/samsung/samsung-printer-default-login.yaml

@@ -1,13 +1,17 @@
 id: samsung-printer-default-login
 
 info:
-  name: Samsung Printer Default Login
+  name: Samsung Printer - Default Login
   author: gy741
   severity: high
   description: |
-    Samsung Printer default login credentials were discovered.
+    Samsung printers contain a default admin login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
   reference:
     - https://support.hp.com/gb-en/document/c05591673
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
+    cvss-score: 8.3
+    cwe-id: CWE-522
   metadata:
     verified: true
     shodan-query: title:"SyncThru Web Service"
@@ -45,3 +49,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by md on 2023/01/09

default-logins/tiny-file-manager-default-login.yaml

@@ -1,13 +1,17 @@
 id: tiny-filemanager-default-login
 
 info:
-  name: Tiny File Manager Default Login
+  name: Tiny File Manager - Default Login
   author: shelled
   severity: high
-  description: Tiny File Manager default login was discovered.
+  description: Tiny File Manager contains a default login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
   reference:
     - https://github.com/prasathmani/tinyfilemanager
     - https://tinyfilemanager.github.io/docs/
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
+    cvss-score: 8.3
+    cwe-id: CWE-522
   metadata:
     verified: true
     shodan-query: html:"Tiny File Manager"
@@ -61,3 +65,5 @@ requests:
         regex:
           - '([a-f0-9]{64})'
         internal: true
+
+# Enhanced by md on 2023/01/09

default-logins/tooljet/tooljet-default-login.yaml

@@ -1,13 +1,17 @@
 id: tooljet-default-login
 
 info:
-  name: ToolJet Default Login Credential
+  name: ToolJet - Default Login
   author: random-robbie
   severity: high
   description: |
-    toolJet is an open-source low-code framework to build and deploy custom internal tools. ToolJet can connect to your data sources such as databases ( PostgreSQL, MongoDB, MS SQL Server, Snowflake, , BigQuery, etc ), API/GraphQL endpoints, SaaS tools ( Airtable, Stripe, Google Sheets, etc ) and cloud object storage services ( AWS S3, Google Cloud Storage and Minio )
+    ToolJet contains a default login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
   reference:
     - https://docs.tooljet.com/docs/contributing-guide/setup/docker/
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
+    cvss-score: 8.3
+    cwe-id: CWE-522
   metadata:
     verified: true
     shodan-query: title:"tooljet"
@@ -46,3 +50,5 @@ requests:
       - type: status
         status:
           - 201
+
+# Enhanced by md on 2023/01/09

default-logins/versa/versa-flexvnf-default-login.yaml

@@ -1,11 +1,16 @@
 id: versa-flexvnf-default-login
 
 info:
-  name: Versa FlexVNF Web-UI - Default Login
+  name: Versa FlexVNF - Default Login
   author: c-sh0
   severity: high
+  description: Versa FlexVNF contains a default login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
   reference:
     - https://versa-networks.com/products/
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
+    cvss-score: 8.3
+    cwe-id: CWE-522
   metadata:
     verified: true
     shodan-query: title:"Flex VNF Web-UI"
@@ -55,3 +60,5 @@ requests:
         part: header
         regex:
           - '(?i)Set-Cookie: XSRF-TOKEN=([A-Za-z0-9_.-]+)'
+
+# Enhanced by md on 2023/01/09

default-logins/xnat/xnat-default-login.yaml

@@ -1,12 +1,16 @@
 id: xnat-default-login
 
 info:
-  name: XNAT Default Login
+  name: XNAT - Default Login
   author: 0x_Akoko
   severity: high
-  description: XNAT default login information (admin/admin) was discovered.
+  description: XNAT contains an admin default login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
   reference:
     - https://wiki.xnat.org/documentation/xnat-administration/xnat-setup-first-time-configuration#:~:text=Log%20in%20with%20the%20username%20admin%20and%20password%20admin
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
+    cvss-score: 8.3
+    cwe-id: CWE-522
   metadata:
     verified: true
     shodan-query: http.title:"XNAT"
@@ -40,3 +44,5 @@ requests:
       - type: status
         status:
           - 302
+
+# Enhanced by md on 2023/01/09

default-logins/xui-weak-login.yaml

@@ -1,11 +1,11 @@
 id: xui-weak-login
 
 info:
-  name: X-UI Login Default Login
+  name: X-UI - Default Login
   author: dali
   severity: high
   description: |
-    X-UI Default Login Credentials.
+    X-UI contains default credentials. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
   reference:
     - https://github.com/vaxilu/x-ui
     - https://seakfind.github.io/2021/10/10/X-UI/#:~:text=By%20default%2C%20the%20login%20user,the%20password%20is%20also%20admin%20.
@@ -46,3 +46,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by md on 2023/01/09

exposed-panels/atlantis-detect.yaml

@@ -1,11 +1,16 @@
 id: atlantis-detect
 
 info:
-  name: Atlantis Detect
+  name: Atlantis Panel - Detect
   author: jonathanwalker
   severity: info
+  description: Atlantis panel was detected.
   reference:
     - https://github.com/runatlantis/atlantis
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+    cvss-score: 0.0
+    cwe-id: CWE-200
   metadata:
     verified: true
     shodan-query: http.favicon.hash:-1706783005
@@ -28,3 +33,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by md on 2023/01/09

exposed-panels/cacti-panel.yaml

@@ -1,10 +1,16 @@
 id: cacti-panel
 
 info:
-  name: Cacti Login Panel
+  name: Cacti Login Panel - Detect
   author: geeknik,daffainfo
   severity: info
-  description: Cacti is a complete network graphing solution -- https://www.cacti.net/
+  description: Cacti login panel was detected.
+  reference:
+    - https://www.cacti.net/
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+    cvss-score: 0.0
+    cwe-id: CWE-200
   tags: tech,cacti,login
 
 requests:
@@ -38,3 +44,5 @@ requests:
         group: 1
         regex:
           - "<div class='versionInfo'>Version (.*) |"
+
+# Enhanced by md on 2023/01/09

exposed-panels/checkmk-login.yaml

@@ -1,9 +1,14 @@
 id: checkmk-login
 
 info:
-  name: Check MK Login Detect
+  name: Checkmk Login Panel - Detect
   author: princechaddha
   severity: info
+  description: Checkmk login panel was detected.
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+    cvss-score: 0.0
+    cwe-id: CWE-200
   tags: login,tech,synology,rackstation
 
 requests:
@@ -30,3 +35,5 @@ requests:
         regex:
           - '<div id="version">([0-9.a-z]+)<\/div>'
           - '<div id="foot">Version: ([0-9.a-z]+)'
+
+# Enhanced by md on 2023/01/09

exposed-panels/e-mobile-panel.yaml

@@ -1,12 +1,17 @@
 id: e-mobile-panel
 
 info:
-  name: E-mobile Panel Detect
+  name: E-mobile Panel - Detect
   author: ritikchaddha
   severity: info
+  description: E-mobile panel was detected.
   metadata:
     verified: true
     shodan-query: http.html:"E-Mobile&nbsp"
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+    cvss-score: 0.0
+    cwe-id: CWE-200
   tags: panel,e-mobile
 
 requests:
@@ -36,3 +41,5 @@ requests:
         group: 1
         regex:
           - 'E-Mobile ([0-9.]+)'
+
+# Enhanced by cs 2023/01/09

exposed-panels/edgeos-login.yaml

@@ -1,9 +1,14 @@
 id: edgeos-login
 
 info:
-  name: EdgeOS login Detect
+  name: EdgeOS Login Panel - Detect
   author: princechaddha
   severity: info
+  description: EdgeOS login panel was detected.
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+    cvss-score: 0.0
+    cwe-id: CWE-200
   tags: login,tech,edgeos,edgemax
 
 requests:
@@ -21,3 +26,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by md on 2023/01/09

exposed-panels/fatpipe-ipvpn-panel.yaml

@@ -1,11 +1,15 @@
 id: fatpipe-ipvpn-panel
 
 info:
-  name: FatPipe IPVPN® Panel Detect
+  name: FatPipe IPVPN® Panel - Detect
   author: dwisiswant0
   severity: info
   reference:
     - https://www.fatpipeinc.com/products/index.php
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+    cvss-score: 0.0
+    cwe-id: CWE-200
   tags: panel,ipvpn,fatpipe
 
 requests:
@@ -29,3 +33,5 @@ requests:
         group: 1
         regex:
           - '<h5>([0-9.a-z]+)<\/h5>'
+
+# Enhanced by cs 2023/01/09

exposed-panels/ictprotege-login-panel.yaml

@@ -1,12 +1,16 @@
 id: ictprotege-login-panel
 
 info:
-  name: ICT Protege WX Login Panel
+  name: ICT Protege WX Login Panel - Detect
   author: ritikchaddha
   severity: info
   metadata:
     verified: true
     shodan-query: title:"ICT Protege WX®"
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+    cvss-score: 0.0
+    cwe-id: CWE-200
   tags: panel,ictprotege
 
 requests:
@@ -24,3 +28,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by cs 2023/01/09

exposed-panels/kanboard-login.yaml

@@ -1,11 +1,13 @@
 id: kanboard-login
 
 info:
-  name: Kanboard Login Panel
+  name: Kanboard Login Panel - Detect
   author: DhiyaneshDK
   severity: info
-  description: A Kanboard login panel was detected.
+  description: Kanboard login panel was detected.
   classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+    cvss-score: 0.0
     cwe-id: CWE-200
   metadata:
     verified: true
@@ -28,3 +30,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by md on 2023/01/09

exposed-panels/lenovo-fp-panel.yaml

@@ -1,9 +1,14 @@
 id: lenovo-fp-panel
 
 info:
-  name: Lenovo Fan and Power Controller Panel
+  name: Lenovo Fan Power Controller Login Panel - Detect
   author: megamansec
   severity: info
+  description: Lenovo Fan Power Controller login panel was detected.
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+    cvss-score: 0.0
+    cwe-id: CWE-200
   metadata:
     verified: true
     shodan-query: http.html:"Avocent Corporation and its affiliates"
@@ -28,3 +33,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by md on 2023/01/09

exposed-panels/luci-login-detection.yaml

@@ -1,10 +1,14 @@
 id: luci-login-detection
 
 info:
-  name: LuCi Login Detector
+  name: LuCi Login Panel - Detect
   author: aashiq
   severity: info
-  description: Searches for LuCi Login pages by attempting to query the cgi-bin endpoint
+  description: LuCi login panel was detected.
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+    cvss-score: 0.0
+    cwe-id: CWE-200
   tags: login
 
 requests:
@@ -21,3 +25,5 @@ requests:
       - type: word
         words:
           - "Authorization Required"
+
+# Enhanced by md on 2023/01/09

exposed-panels/mpftvc-admin-panel.yaml

@@ -1,9 +1,14 @@
 id: mpftvc-admin-panel
 
 info:
-  name: MPFTVC Admin Login Panel
+  name: MPFTVC Admin Login Panel - Detect
   author: Hardik-Solanki
   severity: info
+  description: MPFTVC admin login panel was detected.
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+    cvss-score: 0.0
+    cwe-id: CWE-200
   metadata:
     verified: true
     shodan-query: title:"AdminLogin - MPFTVC"
@@ -23,3 +28,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by md on 2023/01/09

exposed-panels/netsparker-panel.yaml

@@ -1,13 +1,17 @@
 id: netsparker-panel
 
 info:
-  name: Netsparker Panel
+  name: Netsparker Login Panel - Detect
   author: pussycat0x
   severity: info
   description: |
-    Netsparker is a fully configurable Enterprise Dynamic Application Security Testing (DAST) tool. A DAST tool communicates with a web application using the web front-end in order to identify potential security vulnerabilities in the web application.
+    Netsparker login panel was detected.
   reference:
     - https://www.invicti.com/
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+    cvss-score: 0.0
+    cwe-id: CWE-200
   metadata:
     verified: true
     shodan-query: http.title:"Sign in to Netsparker Enterprise"
@@ -30,3 +34,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by md on 2023/01/09

exposed-panels/ocomon-panel.yaml

@@ -1,7 +1,7 @@
 id: ocomon-panel
 
 info:
-  name: OcoMon Login Panel
+  name: OcoMon Login Panel - Detect
   author: dogasantos
   severity: info
   description: a tiny helpdesk system written in php
@@ -10,6 +10,10 @@ info:
   metadata:
     verified: true
     shodan-query: http.html:"OcoMon"
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+    cvss-score: 0.0
+    cwe-id: CWE-200
   tags: panel,ocomon,oss
 
 requests:
@@ -37,3 +41,5 @@ requests:
         regex:
           - 'Versão: ([0-9.]+)'
           - 'Versão: ([0-9.]+)'
+
+# Enhanced by cs 2023/01/09

exposed-panels/opengear-panel.yaml

@@ -1,10 +1,14 @@
 id: opengear-panel
 
 info:
-  name: Opengear Management Console Login Panel
+  name: Opengear Management Console Login Panel - Detect
   author: ffffffff0x,daffainfo
   severity: info
   reference: https://opengear.com/
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+    cvss-score: 0.0
+    cwe-id: CWE-200
   metadata:
     verified: true
     fofa-query: app="opengear-Management-Console"
@@ -28,3 +32,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhnanced by cs 2023/01/09

exposed-panels/redhat/redhat-satellite-panel.yaml

@@ -1,9 +1,13 @@
 id: redhat-satellite-panel
 
 info:
-  name: Red Hat Satellite Panel
+  name: Red Hat Satellite Panel - Detect
   author: princechaddha
   severity: info
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+    cvss-score: 0.0
+    cwe-id: CWE-200
   metadata:
     verified: true
     shodan-query: http.html:"redhat" "Satellite"
@@ -35,3 +39,5 @@ requests:
         group: 1
         regex:
           - '"version":"([0-9.]+)",'
+
+# Enhanced by cs 2023/01/09

exposed-panels/remedy-axis-login.yaml

@@ -1,9 +1,13 @@
 id: remedy-axis-login
 
 info:
-  name: Remedy Axis Login
+  name: Remedy Axis Login Panel - Detect
   author: tess
   severity: info
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+    cvss-score: 0.0
+    cwe-id: CWE-200
   metadata:
     shodan-query: http.html:"BMC Remedy"
     verified: true
@@ -28,3 +32,5 @@ requests:
           - "BMC Remedy"
           - "BMC Smart Reporting"
         condition: or
+
+# Enhanced by cs 2023/01/09

exposed-panels/ruckus-unleashed-panel.yaml

@@ -1,12 +1,16 @@
 id: ruckus-unleashed-panel
 
 info:
-  name: Ruckus Wireless Unleashed Login Panel
+  name: Ruckus Wireless Unleashed Login Panel - Detect
   author: idealphase
   severity: info
-  description: RUCKUS builds and delivers purpose-driven networks that perform in the tough environments of the industries we serve. Together with our trusted go-to-market partners, we empower our customers to deliver exceptional experiences to the guests, students, residents, citizens and employees who are counting on them.
+  description: Ruckus Wireless Unleashed login panel was detected.
   reference:
     - https://www.commscope.com/ruckus/
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+    cvss-score: 0.0
+    cwe-id: CWE-200
   metadata:
     shodan-query: http.title:"Unleashed Login"
     google-query: intitle:"Unleashed Login"
@@ -33,3 +37,5 @@ requests:
         group: 1
         regex:
           - '<link href="css\/font-awesome\.min\.css\?(.+)" rel="stylesheet">'
+
+# Enhanced by md on 2023/01/09

exposed-panels/sap-netweaver-portal.yaml

@@ -1,11 +1,17 @@
 id: sap-netweaver-portal
 
-# SAP Netweaver default creds - SAP*/06071992 or TMSADM/$1Pawd2&
-
 info:
-  name: SAP NetWeaver Portal
+  name: SAP NetWeaver Portal - Detect
   author: organiccrap
   severity: info
+  description: SAP NetWeaver Portal login has been detected. Note that NetWeaver has multiple default passwords as listed in the references.
+  reference:
+    - https://www.sap.com/products/technology-platform/netweaver.html
+    - https://www.cisoplatform.com/profiles/blogs/sap-netweaver-abap-security-configuration-part-2-default
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+    cvss-score: 0.0
+    cwe-id: CWE-200
   tags: panel,sap
 
 requests:
@@ -17,3 +23,5 @@ requests:
         words:
           - "<title>SAP&#x20;NetWeaver&#x20;Portal</title>"
         part: body
+
+# Enhanced by cs 2023/01/09

exposed-panels/sapfiori-panel.yaml

@@ -1,10 +1,14 @@
 id: sapfiori-panel
 
 info:
-  name: SAP Fiori Instance Detection Template
+  name: SAP Fiori Login Panel - Detect
   author: righettod
   severity: info
-  description: Try to detect the presence of a SAP Fiori instance via the login page
+  description: SAP Fiori login panel was detected.
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+    cvss-score: 0.0
+    cwe-id: CWE-200
   tags: panel,sap,fiori
 
 requests:
@@ -28,3 +32,5 @@ requests:
           - "/irj/portal/fiori"
         part: body
         condition: and
+
+# Enhanced by md on 2023/01/09

exposed-panels/sas-login-panel.yaml

@@ -1,9 +1,14 @@
 id: sas-login-panel
 
 info:
-  name: SAS Login Panel
+  name: SAS Login Panel - Detect
   author: ritikchaddha
   severity: info
+  description: SAS login panel has been detected.
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+    cvss-score: 0.0
+    cwe-id: CWE-200
   metadata:
     verified: true
     shodan-query: http.favicon.hash:957255151
@@ -24,3 +29,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by cs 2023/01/09

exposed-panels/sauter-login.yaml

@@ -1,11 +1,16 @@
 id: sauter-login
 
 info:
-  name: Sauter moduWeb - Login
+  name: Sauter moduWeb Login Panel - Detect
   author: DhiyaneshDk
   severity: info
+  description: Sauter moduWeb login panel was detected.
   reference:
     - https://www.exploit-db.com/ghdb/6883
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+    cvss-score: 0.0
+    cwe-id: CWE-200
   tags: panel,sauter,edb
 
 requests:
@@ -23,3 +28,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by md on 2023/01/09

exposed-panels/scs-landfill-control.yaml

@@ -1,12 +1,16 @@
 id: scs-landfill-control
 
 info:
-  name: SCS Landfill Remote Monitoring Control
+  name: SCS Remote Monitoring and Control Login Panel - Detect
   author: geeknik
   severity: info
-  description: SCS RMC is the IoT for landfills, manufacturing, and industrial facilities that provides real-time viewing, analysis, and control of equipment and systems critical to production and safe operations remotely.
+  description: SCS Remote Monitoring and Control login panel was detected.
   reference:
     - https://www.scsengineers.com/services/remote-monitoring-control/
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+    cvss-score: 0.0
+    cwe-id: CWE-200
   tags: panel,scs,rmc,iot
 
 requests:
@@ -25,3 +29,5 @@ requests:
           - "<title>Log in to SCS RMC®</title>"
           - "SCS RMC®</div>"
         condition: and
+
+# Enhanced by md on 2023/01/09

exposed-panels/seafile-panel.yaml

@@ -1,14 +1,19 @@
 id: seafile-panel
 
 info:
-  name: Seafile Panel
+  name: Seafile Panel - Detect
   author: TechbrunchFR
   severity: info
+  description: Seafile panel was detected.
   metadata:
     shodan-query: http.favicon.hash:1552322396
   reference:
     - https://www.seafile.com/en/home/
     - https://github.com/haiwen/seafile
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+    cvss-score: 0.0
+    cwe-id: CWE-200
   tags: sefile,panel
 
 requests:
@@ -21,3 +26,5 @@ requests:
       - type: dsl
         dsl:
           - "status_code==200 && (\"1552322396\" == mmh3(base64_py(body)))"
+
+# Enhanced by md on 2023/01/09

exposed-panels/seats-login.yaml

@@ -1,9 +1,14 @@
 id: seats-login
 
 info:
-  name: Seats login
+  name: Seats Login Panel - Detect
   author: dhiyaneshDK
   severity: info
+  description: Seats login panel was detected.
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+    cvss-score: 0.0
+    cwe-id: CWE-200
   tags: panel
 
 requests:
@@ -19,3 +24,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by md on 2023/01/09

exposed-panels/secmail-detect.yaml

@@ -1,9 +1,14 @@
 id: secmail-detect
 
 info:
-  name: SecMail - secure email Detect
+  name: SecMail Login Panel - Detect
   author: johnk3r
   severity: info
+  description: SecMail login panel was detected.
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+    cvss-score: 0.0
+    cwe-id: CWE-200
   metadata:
     shodan-query: secmail
   tags: secmail,panel
@@ -23,3 +28,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by md on 2023/01/09

exposed-panels/secnet-ac-panel.yaml

@@ -1,9 +1,14 @@
 id: secnet-ac-panel
 
 info:
-  name: Secnet ac Panel Detect
+  name: SecNet Login Panel - Detect
   author: ritikchaddha
   severity: info
+  description: SecNet login panel was detected.
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+    cvss-score: 0.0
+    cwe-id: CWE-200
   tags: secnet-ac,panel
 
 requests:
@@ -21,3 +26,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by md on 2023/01/09

exposed-panels/secure-login-panel.yaml

@@ -1,9 +1,14 @@
 id: secure-login-panel
 
 info:
-  name: Secure Login Service Detector
+  name: Secure Login Service Login Panel - Detect
   author: dhiyaneshDK
   severity: info
+  description: Secure Login Service login panel was detected.
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+    cvss-score: 0.0
+    cwe-id: CWE-200
   metadata:
     shodan-query: http.title:"Secure Login Service"
   tags: panel,sls,login,service
@@ -22,3 +27,5 @@ requests:
       - type: word
         words:
           - "<title>Secure Login Service</title>"
+
+# Enhanced by md on 2023/01/09

exposed-panels/securenvoy-panel.yaml

@@ -1,9 +1,14 @@
 id: securenvoy-panel
 
 info:
-  name: SecurEnvoy Admin Login
+  name: SecurEnvoy Admin Login Panel - Detect
   author: 0xrod
   severity: info
+  description: SecurEnvoy admin login panel was detected.
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+    cvss-score: 0.0
+    cwe-id: CWE-200
   tags: panel,securenvoy
 
 requests:
@@ -21,3 +26,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by md on 2023/01/09

exposed-panels/securepoint-utm.yaml

@@ -1,9 +1,14 @@
 id: securepoint-utm
 
 info:
-  name: Securepoint UTM Admin Panel
+  name: Securepoint UTM Admin Panel - Detect
   author: pussycat0x
   severity: info
+  description: Securepoint UTM admin panel was detected.
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+    cvss-score: 0.0
+    cwe-id: CWE-200
   metadata:
     fofa-dork: 'app="Securepoint-UTM-v11-Admin-Interface-11.8.8.8"'
   tags: securepoint,panel
@@ -30,3 +35,5 @@ requests:
         group: 1
         regex:
           - '\- Admin Interface \- ([0-9. (a-z)]+)<\/title>'
+
+# Enhanced by md on 2023/01/09

exposed-panels/securityspy-detect.yaml

@@ -1,9 +1,14 @@
 id: securityspy-detect
 
 info:
-  name: SecuritySpy Camera Detect
+  name: SecuritySpy Camera Panel - Detect
   author: pussycat0x
   severity: medium
+  description: SecuritySpy Camera panel was detected.
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+    cvss-score: 0.0
+    cwe-id: CWE-200
   metadata:
     shodan-dork: 'title:SecuritySpy'
   tags: unauth,iot,securityspy,panel,camera
@@ -23,3 +28,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by md on 2023/01/09

exposed-panels/sitecore-login-panel.yaml

@@ -1,9 +1,14 @@
 id: sitecore-login-panel
 
 info:
-  name: Sitecore Login Panel
+  name: Sitecore Admin Login Panel - Detect
   author: b4uh0lz
   severity: info
+  description: Sitecore admin login panel was detected.
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+    cvss-score: 0.0
+    cwe-id: CWE-200
   tags: panel,sitecore,login
 
 requests:
@@ -21,3 +26,5 @@ requests:
         words:
           - "Sitecore Login"
         part: body
+
+# Enhanced by md on 2023/01/15

exposed-panels/sitecore-login.yaml

@@ -1,9 +1,14 @@
 id: sitecore-login
 
 info:
-  name: SiteCore Login
+  name: Sitecore Login Panel - Detect
   author: dhiyaneshDK
   severity: info
+  description: Sitecore login panel was detected.
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+    cvss-score: 0.0
+    cwe-id: CWE-200
   metadata:
     shodan-query: http.title:"Welcome to Sitecore"
   tags: panel,sitecore
@@ -22,3 +27,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by md on 2023/01/15

exposed-panels/siteomat-login.yaml

@@ -1,11 +1,16 @@
 id: siteomat-loader
 
 info:
-  name: Orpak SiteOmat login portals
+  name: Orpak SiteOmat Login Panel - Detect
   author: dhiyaneshDK
   severity: info
+  description: Orpak SiteOmat login panel was detected.
   reference:
     - https://www.exploit-db.com/ghdb/6624
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+    cvss-score: 0.0
+    cwe-id: CWE-200
   tags: siteomat,login,edb,panel
 
 requests:
@@ -21,3 +26,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by md on 2023/01/15

exposed-panels/skycaiji-admin-panel.yaml

@@ -1,9 +1,14 @@
 id: skycaiji-admin-panel
 
 info:
-  name: SkyCaiji Admin Panel
+  name: SkyCaiji Admin Panel - Detect
   author: princechaddha
   severity: info
+  description: SkyCaiji admin panel was detected.
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+    cvss-score: 0.0
+    cwe-id: CWE-200
   tags: panel,tech,skycaiji
 
 requests:
@@ -31,3 +36,5 @@ requests:
         group: 1
         regex:
           - 'com">SkyCaiji<\/a> ([A-Z0-9.]+) 后台管理<\/p>'
+
+# Enhanced by md on 2023/01/15

exposed-panels/slocum-login.yaml

@@ -1,9 +1,14 @@
 id: slocum-login
 
 info:
-  name: Slocum Fleet Mission Control Login
+  name: Slocum Fleet Mission Control Login Panel - Detect
   author: pussycat0x
   severity: info
+  description: Slocum Fleet Mission Control login panel was detected.
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+    cvss-score: 0.0
+    cwe-id: CWE-200
   tags: panel,tech,slocum
 
 requests:
@@ -20,3 +25,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by md on 2023/01/15