Dashboard Content Enhancements (#6526)

Dashboard Content Enhancements
patch-1
MostInterestingBotInTheWorld 2023-01-16 12:41:15 -05:00 committed by GitHub
parent 986d78fe6a
commit 643700ca28
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
144 changed files with 971 additions and 242 deletions

View File

@ -1,10 +1,10 @@
id: CVE-2016-6601 id: CVE-2016-6601
info: info:
name: ZOHO WebNMS Framework 5.2 and 5.2 SP1 - Directory Traversal name: ZOHO WebNMS Framework <5.2 SP1 - Local File Inclusion
author: 0x_Akoko author: 0x_Akoko
severity: high severity: high
description: Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parameter to servlets/FetchFile description: ZOHO WebNMS Framework before version 5.2 SP1 is vulnerable local file inclusion which allows an attacker to read arbitrary files via a .. (dot dot) in the fileName parameter to servlets/FetchFile.
reference: reference:
- https://github.com/pedrib/PoC/blob/master/advisories/webnms-5.2-sp1-pwn.txt - https://github.com/pedrib/PoC/blob/master/advisories/webnms-5.2-sp1-pwn.txt
- https://www.exploit-db.com/exploits/40229/ - https://www.exploit-db.com/exploits/40229/
@ -30,3 +30,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2023/01/15

View File

@ -1,16 +1,16 @@
id: CVE-2017-14186 id: CVE-2017-14186
info: info:
name: FortiGate SSL VPN Web Portal - Cross Site Scripting name: FortiGate FortiOS SSL VPN Web Portal - Cross-Site Scripting
author: johnk3r author: johnk3r
severity: medium severity: medium
description: | description: |
Failure to sanitize the login redir parameter in the SSL-VPN web portal may allow an attacker to perform a Cross-site Scripting (XSS) or an URL Redirection attack. FortiGate FortiOS through SSL VPN Web Portal contains a cross-site scripting vulnerability. The login redir parameter is not santized, so an attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks such as a URL redirect. Affected versions are 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, and 5.4 and below.
reference: reference:
- https://www.fortiguard.com/psirt/FG-IR-17-242 - https://www.fortiguard.com/psirt/FG-IR-17-242
- https://nvd.nist.gov/vuln/detail/CVE-2017-14186
- https://fortiguard.com/advisory/FG-IR-17-242 - https://fortiguard.com/advisory/FG-IR-17-242
- https://web.archive.org/web/20210801135714/http://www.securitytracker.com/id/1039891 - https://web.archive.org/web/20210801135714/http://www.securitytracker.com/id/1039891
- https://nvd.nist.gov/vuln/detail/CVE-2017-14186
classification: classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.4 cvss-score: 5.4
@ -40,3 +40,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by md on 2023/01/11

View File

@ -7,9 +7,9 @@ info:
description: Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request that will attempt to execute JavaScript which could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system. description: Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request that will attempt to execute JavaScript which could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.
reference: reference:
- https://github.com/vulhub/vulhub/blob/master/kibana/CVE-2018-17246/README.md - https://github.com/vulhub/vulhub/blob/master/kibana/CVE-2018-17246/README.md
- https://nvd.nist.gov/vuln/detail/CVE-2018-17246
- https://www.elastic.co/community/security - https://www.elastic.co/community/security
- https://discuss.elastic.co/t/elastic-stack-6-4-3-and-5-6-13-security-update/155594 - https://discuss.elastic.co/t/elastic-stack-6-4-3-and-5-6-13-security-update/155594
- https://nvd.nist.gov/vuln/detail/CVE-2018-17246
classification: classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8 cvss-score: 9.8
@ -41,3 +41,5 @@ requests:
part: header part: header
words: words:
- "application/json" - "application/json"
# Enhanced by mp on 2023/01/15

View File

@ -1,10 +1,10 @@
id: CVE-2019-12616 id: CVE-2019-12616
info: info:
name: phpMyAdmin < 4.9.0 - CSRF name: phpMyAdmin <4.9.0 - Cross-Site Request Forgery
author: Mohammedsaneem,philippedelteil,daffainfo author: Mohammedsaneem,philippedelteil,daffainfo
severity: medium severity: medium
description: A vulnerability was found that allows an attacker to trigger a CSRF attack against a phpMyAdmin user. The attacker can trick the user, for instance through a broken <img> tag pointing at the victim's phpMyAdmin database, and the attacker can potentially deliver a payload (such as a specific INSERT or DELETE statement) through the victim. description: phpMyAdmin before 4.9.0 is susceptible to cross-site request forgery. An attacker can utilize a broken <img> tag which points at the victim's phpMyAdmin database, thus leading to potential delivery of a payload, such as a specific INSERT or DELETE statement.
reference: reference:
- https://www.phpmyadmin.net/security/PMASA-2019-4/ - https://www.phpmyadmin.net/security/PMASA-2019-4/
- https://www.exploit-db.com/exploits/46982 - https://www.exploit-db.com/exploits/46982
@ -50,3 +50,5 @@ requests:
group: 1 group: 1
regex: regex:
- '\?v=([0-9.]+)' - '\?v=([0-9.]+)'
# Enhanced by md on 2023/01/11

View File

@ -1,16 +1,16 @@
id: CVE-2019-14530 id: CVE-2019-14530
info: info:
name: OpenEMR < 5.0.2 - Path Traversal name: OpenEMR <5.0.2 - Local File Inclusion
author: TenBird author: TenBird
severity: high severity: high
description: | description: |
An issue was discovered in custom/ajax_download.php in OpenEMR before 5.0.2 via the fileName parameter. An attacker can download any file (that is readable by the user www-data) from server storage. If the requested file is writable for the www-data user and the directory /var/www/openemr/sites/default/documents/cqm_qrda/ exists, it will be deleted from server. OpenEMR before 5.0.2 is vulnerable to local file inclusion via the fileName parameter in custom/ajax_download.php. An attacker can download any file (that is readable by the web server user) from server storage. If the requested file is writable for the web server user and the directory /var/www/openemr/sites/default/documents/cqm_qrda/ exists, the file will be deleted from server.
reference: reference:
- https://www.exploit-db.com/exploits/50037 - https://www.exploit-db.com/exploits/50037
- https://github.com/openemr/openemr/archive/refs/tags/v5_0_1_7.zip - https://github.com/openemr/openemr/archive/refs/tags/v5_0_1_7.zip
- https://nvd.nist.gov/vuln/detail/CVE-2019-14530
- https://github.com/openemr/openemr/pull/2592 - https://github.com/openemr/openemr/pull/2592
- https://nvd.nist.gov/vuln/detail/CVE-2019-14530
classification: classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.8 cvss-score: 8.8
@ -50,3 +50,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2023/01/15

View File

@ -1,11 +1,11 @@
id: CVE-2021-20323 id: CVE-2021-20323
info: info:
name: Keycloak < 18.0.0 - Cross Site Scripting name: Keycloak 10.0.0 - 18.0.0 - Cross-Site Scripting
author: ndmalc author: ndmalc
severity: medium severity: medium
description: | description: |
Keycloak before 18.0.0 and after 10.0.0 allows a reflected XSS on client-registrations endpoint. On POST request, when a request is submitted, the application does not sanitize unknown attribute name before including it in the error response with a 'Content-Type' of text/hml. Once reflected, the response is interpreted as html. This can be performed on any realm present on the Keycloak instance. Currently, due to the bug requiring Content-Type application/json and is submitted via a POST, there is no common path to exploit that have a user impact. Keycloak 10.0.0 to 18.0.0 contains a cross-site scripting vulnerability via the client-registrations endpoint. On a POST request, the application does not sanitize an unknown attribute name before including it in the error response with a 'Content-Type' of text/hml. Once reflected, the response is interpreted as HTML. This can be performed on any realm present on the Keycloak instance. Since the bug requires Content-Type application/json and is submitted via a POST, there is no common path to exploit that has a user impact.
reference: reference:
- https://github.com/keycloak/keycloak/security/advisories/GHSA-m98g-63qj-fp8j - https://github.com/keycloak/keycloak/security/advisories/GHSA-m98g-63qj-fp8j
- https://bugzilla.redhat.com/show_bug.cgi?id=2013577 - https://bugzilla.redhat.com/show_bug.cgi?id=2013577
@ -52,3 +52,5 @@ requests:
- type: status - type: status
status: status:
- 400 - 400
# Enhanced by md on 2023/01/06

View File

@ -1,4 +1,4 @@
id: unpatched-coldfusion id: CVE-2021-21087
info: info:
name: Adobe ColdFusion - Remote Code Execution name: Adobe ColdFusion - Remote Code Execution

View File

@ -1,18 +1,15 @@
id: CVE-2021-24227 id: CVE-2021-24227
info: info:
name: Patreon WordPress < 1.7.0 - Unauthenticated Local File Disclosure name: Patreon WordPress <1.7.0 - Unauthenticated Local File Inclusion
author: theamanrawat author: theamanrawat
severity: high severity: high
description: The Jetpack Scan team identified a Local File Disclosure vulnerability description: Patreon WordPress before version 1.7.0 is vulnerable to unauthenticated local file inclusion that could be abused by anyone visiting the site. Exploitation by an attacker could leak important internal files like wp-config.php, which contains database credentials and cryptographic keys used in the generation of nonces and cookies.
in the Patreon WordPress plugin before 1.7.0 that could be abused by anyone visiting
the site. Using this attack vector, an attacker could leak important internal
files like wp-config.php, which contains database credentials and cryptographic
keys used in the generation of nonces and cookies.
reference: reference:
- https://wpscan.com/vulnerability/f62df02d-7678-440f-84a1-ddbf09364016 - https://wpscan.com/vulnerability/f62df02d-7678-440f-84a1-ddbf09364016
- https://wordpress.org/plugins/patreon-connect/ - https://wordpress.org/plugins/patreon-connect/
- https://jetpack.com/2021/03/26/vulnerabilities-found-in-patreon-wordpress-plugin/ - https://jetpack.com/2021/03/26/vulnerabilities-found-in-patreon-wordpress-plugin/
- https://nvd.nist.gov/vuln/detail/CVE-2021-24227
classification: classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5 cvss-score: 7.5
@ -34,3 +31,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2023/01/15

View File

@ -1,16 +1,16 @@
id: CVE-2021-24827 id: CVE-2021-24827
info: info:
name: Asgaros Forum < 1.15.13 - Unauthenticated SQL Injection name: WordPress Asgaros Forum <1.15.13 - SQL Injection
author: theamanrawat author: theamanrawat
severity: critical severity: critical
description: | description: |
The Asgaros Forum WordPress plugin before 1.15.13 does not validate and escape user input when subscribing to a topic before using it in a SQL statement, leading to an unauthenticated SQL injection issue. WordPress Asgaros Forum plugin before 1.15.13 is susceptible to SQL injection. The plugin does not validate and escape user input when subscribing to a topic before using it in a SQL statement. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
reference: reference:
- https://wpscan.com/vulnerability/36cc5151-1d5e-4874-bcec-3b6326235db1 - https://wpscan.com/vulnerability/36cc5151-1d5e-4874-bcec-3b6326235db1
- https://wordpress.org/plugins/asgaros-forum/ - https://wordpress.org/plugins/asgaros-forum/
- https://nvd.nist.gov/vuln/detail/CVE-2021-24827
- https://plugins.trac.wordpress.org/changeset/2611560/asgaros-forum - https://plugins.trac.wordpress.org/changeset/2611560/asgaros-forum
- https://nvd.nist.gov/vuln/detail/CVE-2021-24827
classification: classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8 cvss-score: 9.8
@ -35,3 +35,5 @@ requests:
- 'contains(content_type, "text/html")' - 'contains(content_type, "text/html")'
- 'contains(body, "asgarosforum")' - 'contains(body, "asgarosforum")'
condition: and condition: and
# Enhanced by md on 2023/01/06

View File

@ -1,11 +1,11 @@
id: CVE-2021-24946 id: CVE-2021-24946
info: info:
name: Modern Events Calendar < 6.1.5 - Blind SQL Injection name: WordPress Modern Events Calendar <6.1.5 - Blind SQL Injection
author: theamanrawat author: theamanrawat
severity: critical severity: critical
description: | description: |
The plugin does not sanitise and escape the time parameter before using it in a SQL statement in the mec_load_single_page AJAX action, available to unauthenticated users, leading to an unauthenticated SQL injection issue. WordPress Modern Events Calendar plugin before 6.1.5 is susceptible to blind SQL injection. The plugin does not sanitize and escape the time parameter before using it in a SQL statement in the mec_load_single_page AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
reference: reference:
- https://wpscan.com/vulnerability/09871847-1d6a-4dfe-8a8c-f2f53ff87445 - https://wpscan.com/vulnerability/09871847-1d6a-4dfe-8a8c-f2f53ff87445
- https://wordpress.org/plugins/modern-events-calendar-lite/ - https://wordpress.org/plugins/modern-events-calendar-lite/
@ -34,3 +34,5 @@ requests:
- 'contains(content_type, "text/html")' - 'contains(content_type, "text/html")'
- 'contains(body, "The event is finished") || contains(body, "been a critical error")' - 'contains(body, "The event is finished") || contains(body, "been a critical error")'
condition: and condition: and
# Enhanced by md on 2023/01/06

View File

@ -1,11 +1,11 @@
id: CVE-2021-25099 id: CVE-2021-25099
info: info:
name: Give < 2.17.3 - Cross-Site Scripting name: WordPress GiveWP <2.17.3 - Cross-Site Scripting
author: theamanrawat author: theamanrawat
severity: medium severity: medium
description: | description: |
The GiveWP WordPress plugin before 2.17.3 does not sanitise and escape the form_id parameter before outputting it back in the response of an unauthenticated request via the give_checkout_login AJAX action, leading to a Reflected Cross-Site Scripting. WordPress GiveWP plugin before 2.17.3 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape the form_id parameter before returning it in the response of an unauthenticated request via the give_checkout_login AJAX action. An attacker can inject arbitrary script in the browser of a user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
reference: reference:
- https://wpscan.com/vulnerability/87a64b27-23a3-40f5-a3d8-0650975fee6f - https://wpscan.com/vulnerability/87a64b27-23a3-40f5-a3d8-0650975fee6f
- https://wordpress.org/plugins/give/ - https://wordpress.org/plugins/give/
@ -36,3 +36,5 @@ requests:
- 'contains(body, "<script>alert(document.domain)</script>")' - 'contains(body, "<script>alert(document.domain)</script>")'
- 'contains(body, "give_user_login")' - 'contains(body, "give_user_login")'
condition: and condition: and
# Enhanced by md on 2023/01/06

View File

@ -1,11 +1,11 @@
id: CVE-2021-35380 id: CVE-2021-35380
info: info:
name: TermTalk Server 3.24.0.2 - Unauthenticated Arbitrary File Read name: TermTalk Server 3.24.0.2 - Local File Inclusion
author: fxploit author: fxploit
severity: high severity: high
description: | description: |
A Directory Traversal vulnerability exists in Solari di Udine TermTalk Server (TTServer) 3.24.0.2, which lets an unauthenticated malicious user gain access to the files on the remote system by gaining access to the relative path of the file they want to download. TermTalk Server (TTServer) 3.24.0.2 is vulnerable to file inclusion which allows unauthenticated malicious user to gain access to the files on the remote system by providing the relative path of the file they want to retrieve.
reference: reference:
- https://www.swascan.com/solari-di-udine/ - https://www.swascan.com/solari-di-udine/
- https://www.exploit-db.com/exploits/50638 - https://www.exploit-db.com/exploits/50638
@ -30,3 +30,5 @@ requests:
- "fonts" - "fonts"
- "extensions" - "extensions"
condition: and condition: and
# Enhanced by mp on 2023/01/15

View File

@ -1,15 +1,16 @@
id: CVE-2021-40661 id: CVE-2021-40661
info: info:
name: IND780 - Directory Traversal name: IND780 - Local File Inclusion
author: For3stCo1d author: For3stCo1d
severity: high severity: high
description: | description: |
A remote, unauthenticated, directory traversal vulnerability was identified within the web interface used by IND780 Advanced Weighing Terminals Build 8.0.07 March 19, 2018 (SS Label 'IND780_8.0.07'), Version 7.2.10 June 18, 2012 (SS Label 'IND780_7.2.10'). It was possible to traverse the folders of the affected host by providing a traversal path to the 'webpage' parameter in AutoCE.ini This could allow a remote unauthenticated adversary to access additional files on the affected system. This could also allow the adversary to perform further enumeration against the affected host to identify the versions of the systems in use, in order to launch further attacks in future. IND780 Advanced Weighing Terminals Build 8.0.07 March 19, 2018 (SS Label 'IND780_8.0.07'), Version 7.2.10 June 18, 2012 (SS Label 'IND780_7.2.10') is vulnerable to unauthenticated local file inclusion. It is possible to traverse the folders of the affected host by providing a relative path to the 'webpage' parameter in AutoCE.ini. This could allow a remote attacker to access additional files on the affected system.
reference: reference:
- https://sidsecure.au/blog/cve-2021-40661/?_sm_pdc=1&_sm_rid=MRRqb4KBDnjBMJk24b40LMS3SKqPMqb4KVn32Kr - https://sidsecure.au/blog/cve-2021-40661/?_sm_pdc=1&_sm_rid=MRRqb4KBDnjBMJk24b40LMS3SKqPMqb4KVn32Kr
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40661 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40661
- https://www.mt.com/au/en/home/products/Industrial_Weighing_Solutions/Terminals-and-Controllers/terminals-bench-floor-scales/advanced-bench-floor-applications/IND780/IND780_.html#overviewpm - https://www.mt.com/au/en/home/products/Industrial_Weighing_Solutions/Terminals-and-Controllers/terminals-bench-floor-scales/advanced-bench-floor-applications/IND780/IND780_.html#overviewpm
- https://nvd.nist.gov/vuln/detail/CVE-2021-40661
classification: classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5 cvss-score: 7.5
@ -38,3 +39,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2023/01/15

View File

@ -1,15 +1,15 @@
id: CVE-2021-43421 id: CVE-2021-43421
info: info:
name: Studio-42 elFinder < 2.1.60 - Arbitrary File Upload name: Studio-42 elFinder <2.1.60 - Arbitrary File Upload
author: akincibor author: akincibor
severity: critical severity: critical
description: | description: |
A File Upload vulnerability exists in Studio-42 elFinder 2.0.4 to 2.1.59 via connector.minimal.php, which allows a remote malicious user to upload arbitrary files and execute PHP code. Studio-42 elFinder 2.0.4 to 2.1.59 is vulnerable to unauthenticated file upload via connector.minimal.php which could allow a remote user to upload arbitrary files and execute PHP code.
reference: reference:
- https://github.com/Studio-42/elFinder/issues/3429 - https://github.com/Studio-42/elFinder/issues/3429
- https://nvd.nist.gov/vuln/detail/CVE-2021-43421
- https://twitter.com/infosec_90/status/1455180286354919425 - https://twitter.com/infosec_90/status/1455180286354919425
- https://nvd.nist.gov/vuln/detail/CVE-2021-43421
classification: classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8 cvss-score: 9.8
@ -50,3 +50,5 @@ requests:
regex: regex:
- '"hash"\:"(.*?)"\,' - '"hash"\:"(.*?)"\,'
internal: true internal: true
# Enhanced by mp on 2023/01/15

View File

@ -1,11 +1,11 @@
id: CVE-2021-43734 id: CVE-2021-43734
info: info:
name: kkFileview v4.0.0 - Directory Traversal name: kkFileview v4.0.0 - Local File Inclusion
author: arafatansari author: arafatansari
severity: high severity: high
description: | description: |
kkFileview v4.0.0 has arbitrary file read through a directory traversal vulnerability which may lead to sensitive file leak on related host. kkFileview v4.0.0 is vulnerable to local file inclusion which may lead to a sensitive file leak on a related host.
reference: reference:
- https://github.com/kekingcn/kkFileView/issues/304 - https://github.com/kekingcn/kkFileView/issues/304
- https://nvd.nist.gov/vuln/detail/CVE-2021-43734 - https://nvd.nist.gov/vuln/detail/CVE-2021-43734
@ -37,3 +37,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2023/01/15

View File

@ -1,11 +1,12 @@
id: CVE-2021-44451 id: CVE-2021-44451
info: info:
name: Apache Superset - Default Login name: Apache Superset <=1.3.2 - Default Login
author: dhiyaneshDK author: dhiyaneshDK
severity: medium severity: medium
description: | description: |
Apache Superset up to and including 1.3.2 allowed for registered database connections password leak for authenticated users. This information could be accessed in a non-trivial way. Apache Superset through 1.3.2 contains a default login vulnerability via registered database connections for authenticated users. An attacker can obtain access to user accounts and thereby obtain sensitive information, modify data, and/or execute unauthorized operations.
remediation: Upgrade to Apache Superset 1.4.0 or higher.
reference: reference:
- https://github.com/detectify/ugly-duckling/blob/master/modules/crowdsourced/apache-superset-default-credentials.json - https://github.com/detectify/ugly-duckling/blob/master/modules/crowdsourced/apache-superset-default-credentials.json
- https://lists.apache.org/thread/xww1pccs2ckb5506wrf1v4lmxg198vkb - https://lists.apache.org/thread/xww1pccs2ckb5506wrf1v4lmxg198vkb
@ -66,3 +67,5 @@ requests:
regex: regex:
- 'name="csrf_token" type="hidden" value="(.*)"' - 'name="csrf_token" type="hidden" value="(.*)"'
internal: true internal: true
# Enhanced by md on 2023/01/06

View File

@ -1,11 +1,11 @@
id: CVE-2022-0784 id: CVE-2022-0784
info: info:
name: Title Experiments Free < 9.0.1 - Unauthenticated SQLi name: WordPress Title Experiments Free <9.0.1 - SQL Injection
author: theamanrawat author: theamanrawat
severity: critical severity: critical
description: | description: |
The Title Experiments Free WordPress plugin before 9.0.1 does not sanitise and escape the id parameter before using it in a SQL statement via the wpex_titles AJAX action (available to unauthenticated users), leading to an unauthenticated SQL injection. WordPress Title Experiments Free plugin before 9.0.1 contains a SQL injection vulnerability. The plugin does not sanitize and escape the id parameter before using it in a SQL statement via the wpex_titles AJAX action, available to unauthenticated users. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
reference: reference:
- https://wpscan.com/vulnerability/6672b59f-14bc-4a22-9e0b-fcab4e01d97f - https://wpscan.com/vulnerability/6672b59f-14bc-4a22-9e0b-fcab4e01d97f
- https://wordpress.org/plugins/wp-experiments-free/ - https://wordpress.org/plugins/wp-experiments-free/
@ -37,3 +37,5 @@ requests:
- 'contains(content_type, "text/html")' - 'contains(content_type, "text/html")'
- 'contains(body, "{\"images\":")' - 'contains(body, "{\"images\":")'
condition: and condition: and
# Enhanced by md on 2023/01/06

View File

@ -1,11 +1,11 @@
id: CVE-2022-0786 id: CVE-2022-0786
info: info:
name: KiviCare < 2.3.9 - Unauthenticated SQLi name: WordPress KiviCare <2.3.9 - SQL Injection
author: theamanrawat author: theamanrawat
severity: critical severity: critical
description: | description: |
The plugin does not sanitise and escape some parameters before using them in SQL statements via the ajax_post AJAX action with the get_doctor_details route, leading to SQL Injections exploitable by unauthenticated users. WordPress KiviCare plugin before 2.3.9 contains a SQL injection vulnerability. The plugin does not sanitize and escape some parameters before using them in SQL statements via the ajax_post AJAX action with the get_doctor_details route. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
reference: reference:
- https://wpscan.com/vulnerability/53f493e9-273b-4349-8a59-f2207e8f8f30 - https://wpscan.com/vulnerability/53f493e9-273b-4349-8a59-f2207e8f8f30
- https://wordpress.org/plugins/kivicare-clinic-management-system/ - https://wordpress.org/plugins/kivicare-clinic-management-system/
@ -34,3 +34,5 @@ requests:
- 'contains(content_type, "text/html")' - 'contains(content_type, "text/html")'
- 'contains(body, "Doctor details")' - 'contains(body, "Doctor details")'
condition: and condition: and
# Enhanced by md on 2023/01/06

View File

@ -1,11 +1,11 @@
id: CVE-2022-0826 id: CVE-2022-0826
info: info:
name: WP Video Gallery <= 1.7.1 - Unauthenticated SQLi name: WordPress WP Video Gallery <=1.7.1 - SQL Injection
author: theamanrawat author: theamanrawat
severity: critical severity: critical
description: | description: |
The WP Video Gallery WordPress plugin through 1.7.1 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users. WordPress WP Video Gallery plugin through 1.7.1 contains a SQL injection vulnerability. The plugin does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
reference: reference:
- https://wpscan.com/vulnerability/7a3eed3b-c643-4e24-b833-eba60ab631c5 - https://wpscan.com/vulnerability/7a3eed3b-c643-4e24-b833-eba60ab631c5
- https://wordpress.org/plugins/wp-video-gallery-free/ - https://wordpress.org/plugins/wp-video-gallery-free/
@ -37,3 +37,5 @@ requests:
- 'contains(content_type, "text/html")' - 'contains(content_type, "text/html")'
- 'contains(body, "Registred videos :")' - 'contains(body, "Registred videos :")'
condition: and condition: and
# Enhanced by md on 2023/01/06

View File

@ -1,16 +1,16 @@
id: CVE-2022-0948 id: CVE-2022-0948
info: info:
name: Order Listener for WooCommerce < 3.2.2 - Unauthenticated SQLi name: WordPress Order Listener for WooCommerce <3.2.2 - SQL Injection
author: theamanrawat author: theamanrawat
severity: critical severity: critical
description: | description: |
The Order Listener for WooCommerce WordPress plugin before 3.2.2 does not sanitise and escape the id parameter before using it in a SQL statement via a REST route available to unauthenticated users, leading to an SQL injection. WordPress Order Listener for WooCommerce plugin before 3.2.2 contains a SQL injection vulnerability. The plugin does not sanitize and escape the id parameter before using it in a SQL statement via a REST route. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
reference: reference:
- https://wpscan.com/vulnerability/daad48df-6a25-493f-9d1d-17b897462576 - https://wpscan.com/vulnerability/daad48df-6a25-493f-9d1d-17b897462576
- https://wordpress.org/plugins/woc-order-alert/ - https://wordpress.org/plugins/woc-order-alert/
- https://nvd.nist.gov/vuln/detail/CVE-2022-0948
- https://plugins.trac.wordpress.org/changeset/2707223 - https://plugins.trac.wordpress.org/changeset/2707223
- https://nvd.nist.gov/vuln/detail/CVE-2022-0948
classification: classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8 cvss-score: 9.8
@ -43,3 +43,5 @@ requests:
- 'contains(content_type_1, "application/json")' - 'contains(content_type_1, "application/json")'
- 'contains(body_2, "olistener-action.olistener-controller")' - 'contains(body_2, "olistener-action.olistener-controller")'
condition: and condition: and
# Enhanced by md on 2023/01/06

View File

@ -1,11 +1,11 @@
id: CVE-2022-1595 id: CVE-2022-1595
info: info:
name: HC Custom WP-Admin URL - 1.4 - Unauthenticated Secret URL Disclosure name: WordPress HC Custom WP-Admin URL <=1.4 - Admin Login URL Disclosure
author: theamanrawat author: theamanrawat
severity: medium severity: medium
description: | description: |
The HC Custom WP-Admin URL WordPress plugin through 1.4 leaks the secret login URL when sending a specific crafted request. WordPress HC Custom WP-Admin URL plugin through 1.4 leaks the secret login URL when sending a specially crafted request, thereby allowing an attacker to discover the administrative login URL.
reference: reference:
- https://wpscan.com/vulnerability/0218c90c-8f79-4f37-9a6f-60cf2f47d47b - https://wpscan.com/vulnerability/0218c90c-8f79-4f37-9a6f-60cf2f47d47b
- https://wordpress.org/plugins/hc-custom-wp-admin-url/ - https://wordpress.org/plugins/hc-custom-wp-admin-url/
@ -38,3 +38,5 @@ requests:
- type: status - type: status
status: status:
- 302 - 302
# Enhanced by md on 2023/01/06

View File

@ -1,13 +1,14 @@
id: CVE-2022-23854 id: CVE-2022-23854
info: info:
name: AVEVA InTouch Access Anywhere Secure Gateway - Path Traversal name: AVEVA InTouch Access Anywhere Secure Gateway - Local File Inclusion
author: For3stCo1d author: For3stCo1d
severity: high severity: high
description: | description: |
AVEVA Group plc is a marine and plant engineering IT company headquartered in Cambridge, England. AVEVA software is used in many sectors, including on- and off-shore oil and gas processing, chemicals, pharmaceuticals, nuclear and conventional power generation, nuclear fuel reprocessing, recycling and shipbuilding (https://www.aveva.com). AVEVA InTouch Access Anywhere Secure Gateway is vulnerable to local file inclusion.
reference: reference:
- https://packetstormsecurity.com/files/cve/CVE-2022-23854 - https://packetstormsecurity.com/files/cve/CVE-2022-23854
- https://www.aveva.com
- https://crisec.de/advisory-aveva-intouch-access-anywhere-secure-gateway-path-traversal - https://crisec.de/advisory-aveva-intouch-access-anywhere-secure-gateway-path-traversal
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23854 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23854
- https://www.cisa.gov/uscert/ics/advisories/icsa-22-342-02 - https://www.cisa.gov/uscert/ics/advisories/icsa-22-342-02
@ -42,3 +43,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2023/01/15

View File

@ -1,16 +1,16 @@
id: CVE-2022-26138 id: CVE-2022-26138
info: info:
name: Questions For Confluence - Hardcoded Credentials name: Atlassian Questions For Confluence - Hardcoded Credentials
author: HTTPVoid author: HTTPVoid
severity: critical severity: critical
description: | description: |
A remote, unauthenticated attacker with knowledge of the hardcoded password could exploit this to log into Confluence and access all content accessible to users in the confluence-users group. Atlassian Questions For Confluence contains a hardcoded credentials vulnerability. When installing versions 2.7.34, 2.7.35, and 3.0.2, a Confluence user account is created in the confluence-users group with the username disabledsystemuser and a hardcoded password. A remote, unauthenticated attacker with knowledge of the hardcoded password can exploit this vulnerability to log into Confluence and access all content accessible to users in the confluence-users group.
reference: reference:
- https://twitter.com/fluepke/status/1549892089181257729 - https://twitter.com/fluepke/status/1549892089181257729
- https://confluence.atlassian.com/doc/questions-for-confluence-security-advisory-2022-07-20-1142446709.html - https://confluence.atlassian.com/doc/questions-for-confluence-security-advisory-2022-07-20-1142446709.html
- https://nvd.nist.gov/vuln/detail/CVE-2022-26138
- https://confluence.atlassian.com/doc/confluence-security-advisory-2022-07-20-1142446709.html - https://confluence.atlassian.com/doc/confluence-security-advisory-2022-07-20-1142446709.html
- https://nvd.nist.gov/vuln/detail/CVE-2022-26138
classification: classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8 cvss-score: 9.8
@ -39,4 +39,6 @@ requests:
matchers: matchers:
- type: dsl - type: dsl
dsl: dsl:
- 'location == "/httpvoid.action"' - 'location == "/httpvoid.action"'
# Enhanced by md on 2023/01/06

View File

@ -1,16 +1,15 @@
id: CVE-2022-27593 id: CVE-2022-27593
info: info:
name: QNAP QTS Photo Station External Reference name: QNAP QTS Photo Station External Reference - Local File Inclusion
author: allenwest24 author: allenwest24
severity: critical severity: critical
description: | description: |
An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, This could allow an attacker to modify system files. We have already fixed the vulnerability in the following versions: QTS 5.0.1: Photo Station 6.1.2 and later QTS 5.0.0/4.5.x: Photo Station 6.0.22 and later QTS 4.3.6: Photo Station 5.7.18 and later QTS 4.3.3: Photo Station 5.4.15 and later QTS 4.2.6: Photo Station 5.2.14 and later QNAP QTS Photo Station External Reference is vulnerable to local file inclusion via an externally controlled reference to a resource vulnerability. If exploited, this could allow an attacker to modify system files. The vulnerability is fixed in the following versions: QTS 5.0.1: Photo Station 6.1.2 and later QTS 5.0.0/4.5.x: Photo Station 6.0.22 and later QTS 4.3.6: Photo Station 5.7.18 and later QTS 4.3.3: Photo Station 5.4.15 and later QTS 4.2.6: Photo Station 5.2.14 and later.
reference: reference:
- https://attackerkb.com/topics/7We3SjEYVo/cve-2022-27593 - https://attackerkb.com/topics/7We3SjEYVo/cve-2022-27593
- https://www.qnap.com/en/security-advisory/qsa-22-24 - https://www.qnap.com/en/security-advisory/qsa-22-24
- https://nvd.nist.gov/vuln/detail/CVE-2022-27593 - https://nvd.nist.gov/vuln/detail/CVE-2022-27593
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27593
classification: classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
cvss-score: 9.1 cvss-score: 9.1
@ -38,4 +37,6 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2023/01/15

View File

@ -1,15 +1,15 @@
id: CVE-2022-2863 id: CVE-2022-2863
info: info:
name: WordPress WPvivid Backup < 0.9.76 - Local File Inclusion name: WordPress WPvivid Backup <0.9.76 - Local File Inclusion
author: tehtbl author: tehtbl
severity: medium severity: medium
description: The plugin does not sanitise and validate a parameter before using it to read the content of a file, allowing high privilege users to read any file from the web server via a Traversal attack. description: WordPress WPvivid Backup version 0.9.76 is vulnerable to local file inclusion because the plugin does not sanitize and validate a parameter before using it to read the content of a file, allowing high privilege users to read any file from the web server.
reference: reference:
- https://seclists.org/fulldisclosure/2022/Oct/0 - https://seclists.org/fulldisclosure/2022/Oct/0
- https://wpscan.com/vulnerability/cb6a3304-2166-47a0-a011-4dcacaa133e5 - https://wpscan.com/vulnerability/cb6a3304-2166-47a0-a011-4dcacaa133e5
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2863
- http://packetstormsecurity.com/files/168616/WordPress-WPvivid-Backup-Path-Traversal.html - http://packetstormsecurity.com/files/168616/WordPress-WPvivid-Backup-Path-Traversal.html
- https://nvd.nist.gov/vuln/detail/CVE-2022-2863
remediation: Upgrade to version 0.9.76 or later. remediation: Upgrade to version 0.9.76 or later.
classification: classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
@ -56,3 +56,5 @@ requests:
regex: regex:
- '"_ajax_nonce":"([0-9a-z]+)"' - '"_ajax_nonce":"([0-9a-z]+)"'
internal: true internal: true
# Enhanced by mp on 2023/01/15

View File

@ -1,15 +1,14 @@
id: CVE-2022-31656 id: CVE-2022-31656
info: info:
name: VMware - Authentication Bypass name: VMware - Local File Inclusion
author: DhiyaneshDk author: DhiyaneshDk
severity: critical severity: critical
description: | description: |
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate. VMware Workspace ONE Access, Identity Manager, and Realize Automation are vulnerable to local file inclusion because they contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.
reference: reference:
- https://petrusviet.medium.com/dancing-on-the-architecture-of-vmware-workspace-one-access-eng-ad592ae1b6dd - https://petrusviet.medium.com/dancing-on-the-architecture-of-vmware-workspace-one-access-eng-ad592ae1b6dd
- https://www.vmware.com/security/advisories/VMSA-2022-0021.html - https://www.vmware.com/security/advisories/VMSA-2022-0021.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31656
- https://nvd.nist.gov/vuln/detail/CVE-2022-31656 - https://nvd.nist.gov/vuln/detail/CVE-2022-31656
classification: classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
@ -43,3 +42,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2023/01/15

View File

@ -1,16 +1,14 @@
id: CVE-2022-31793 id: CVE-2022-31793
info: info:
name: muhttpd <= 1.1.5 - Path traversal name: muhttpd <=1.1.5 - Local Inclusion
author: scent2d author: scent2d
severity: high severity: high
description: | description: |
A Path traversal vulnerability exists in versions muhttpd 1.1.5 and earlier. The vulnerability is directly requestable to files within the file system. muhttpd 1.1.5 and before are vulnerable to unauthenticated local file inclusion. The vulnerability allows retrieval of files from the file system.
reference: reference:
- https://derekabdine.com/blog/2022-arris-advisory.html - https://derekabdine.com/blog/2022-arris-advisory.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31793
- https://nvd.nist.gov/vuln/detail/CVE-2022-31793 - https://nvd.nist.gov/vuln/detail/CVE-2022-31793
- https://derekabdine.com/blog/2022-arris-advisory
classification: classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5 cvss-score: 7.5
@ -36,3 +34,5 @@ network:
encoding: hex encoding: hex
words: words:
- "726f6f743a" - "726f6f743a"
# Enhanced by mp on 2023/01/15

View File

@ -5,11 +5,11 @@ info:
author: edoardottt author: edoardottt
severity: high severity: high
description: | description: |
Cuppa CMS v1.0 was discovered to contain a local file inclusion (LFI) vulnerability via the component /templates/default/html/windows/right.php. Cuppa CMS v1.0 is vulnerable to local file inclusion via the component /templates/default/html/windows/right.php.
reference: reference:
- https://github.com/hansmach1ne/MyExploits/tree/main/LFI_in_CuppaCMS_templates - https://github.com/hansmach1ne/MyExploits/tree/main/LFI_in_CuppaCMS_templates
- https://nvd.nist.gov/vuln/detail/CVE-2022-34121
- https://github.com/CuppaCMS/CuppaCMS/issues/18 - https://github.com/CuppaCMS/CuppaCMS/issues/18
- https://nvd.nist.gov/vuln/detail/CVE-2022-34121
classification: classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5 cvss-score: 7.5
@ -37,3 +37,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2023/01/15

View File

@ -1,15 +1,16 @@
id: CVE-2022-35413 id: CVE-2022-35413
info: info:
name: Wapples Web Application Firewall - Hardcoded credentials name: WAPPLES Web Application Firewall <=6.0 - Hardcoded Credentials
author: For3stCo1d author: For3stCo1d
severity: critical severity: critical
description: | description: |
WAPPLES through 6.0 has a hardcoded systemi account accessible via db/wp.no1 (as configured in the /opt/penta/wapples/script/wcc_auto_scaling.py file). A threat actor could use this account to access the system configuration and confidential information (such as SSL keys) via an HTTPS request to the /webapi/ URI on port 443 or 5001. WAPPLES Web Application Firewall through 6.0 contains a hardcoded credentials vulnerability. It contains a hardcoded system account accessible via db/wp.no1, as configured in the /opt/penta/wapples/script/wcc_auto_scaling.py file. An attacker can use this account to access system configuration and confidential information, such as SSL keys, via an HTTPS request to the /webapi/ URI on port 443 or 5001.
reference: reference:
- https://medium.com/@_sadshade/wapples-web-application-firewall-multiple-vulnerabilities-35bdee52c8fb - https://medium.com/@_sadshade/wapples-web-application-firewall-multiple-vulnerabilities-35bdee52c8fb
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35413 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35413
- https://azuremarketplace.microsoft.com/en/marketplace/apps/penta-security-systems-inc.wapples_sa_v6?tab=Overview - https://azuremarketplace.microsoft.com/en/marketplace/apps/penta-security-systems-inc.wapples_sa_v6?tab=Overview
- https://nvd.nist.gov/vuln/detail/CVE-2022-35413
classification: classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8 cvss-score: 9.8
@ -53,3 +54,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by md on 2023/01/06

View File

@ -1,15 +1,15 @@
id: CVE-2022-36642 id: CVE-2022-36642
info: info:
name: Omnia MPX 1.5.0+r1 - Path Traversal name: Omnia MPX 1.5.0+r1 - Local File Inclusion
author: arafatansari,ritikchaddha,For3stCo1d author: arafatansari,ritikchaddha,For3stCo1d
severity: critical severity: critical
description: | description: |
A local file disclosure vulnerability in /appConfig/userDB.json of Telos Alliance Omnia MPX Node through 1.5.0+r1 allows attackers to escalate privileges to root and execute arbitrary commands. Telos Alliance Omnia MPX Node through 1.5.0+r1 is vulnerable to local file inclusion via logs/downloadMainLog. By retrieving userDB.json allows an attacker to retrieve cleartext credentials and escalate privileges via the control panel.
reference: reference:
- https://www.exploit-db.com/exploits/50996 - https://www.exploit-db.com/exploits/50996
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36642
- https://cyber-guy.gitbook.io/cyber-guy/pocs/omnia-node-mpx-auth-bypass-via-lfd - https://cyber-guy.gitbook.io/cyber-guy/pocs/omnia-node-mpx-auth-bypass-via-lfd
- https://nvd.nist.gov/vuln/detail/CVE-2022-36642
classification: classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8 cvss-score: 9.8
@ -41,3 +41,5 @@ requests:
- '"mustChangePwd":' - '"mustChangePwd":'
- '"roleUser":' - '"roleUser":'
condition: and condition: and
# Enhanced by mp on 2023/01/15

View File

@ -1,14 +1,14 @@
id: CVE-2022-37299 id: CVE-2022-37299
info: info:
name: Shirne CMS 1.2.0. - Path Traversal name: Shirne CMS 1.2.0 - Local File Inclusion
author: pikpikcu author: pikpikcu
severity: medium severity: medium
description: Shirne CMS 1.2.0 There is a Path Traversal vulnerability which could cause arbitrary file read via /static/ueditor/php/controller.php description: Shirne CMS 1.2.0 is vulnerable to local file inclusion which could cause arbitrary file read via /static/ueditor/php/controller.php.
reference: reference:
- https://twitter.com/pikpikcu/status/1568316864690028544 - https://twitter.com/pikpikcu/status/1568316864690028544
- https://nvd.nist.gov/vuln/detail/CVE-2022-37299
- https://gitee.com/shirnecn/ShirneCMS/issues/I5JRHJ?from=project-issue - https://gitee.com/shirnecn/ShirneCMS/issues/I5JRHJ?from=project-issue
- https://nvd.nist.gov/vuln/detail/CVE-2022-37299
classification: classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
cvss-score: 6.5 cvss-score: 6.5
@ -38,3 +38,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2023/01/15

View File

@ -1,17 +1,17 @@
id: CVE-2022-3768 id: CVE-2022-3768
info: info:
name: WPSmartContracts < 1.3.12 - Author SQLi name: WordPress WPSmartContracts <1.3.12 - SQL Injection
author: Hardik-Solanki author: Hardik-Solanki
severity: high severity: high
description: | description: |
The WPSmartContracts WordPress plugin before 1.3.12 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as author WordPress WPSmartContracts plugin before 1.3.12 contains a SQL injection vulnerability. The plugin does not properly sanitize and escape a parameter before using it in a SQL statement. An attacker with a role as low as author can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations.
reference: reference:
- https://wpscan.com/vulnerability/1d8bf5bb-5a17-49b7-a5ba-5f2866e1f8a3 - https://wpscan.com/vulnerability/1d8bf5bb-5a17-49b7-a5ba-5f2866e1f8a3
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3768 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3768
- https://nvd.nist.gov/vuln/detail/CVE-2022-3768
- https://cve.report/CVE-2022-3768 - https://cve.report/CVE-2022-3768
remediation: Fixed in version 1.3.12 - https://nvd.nist.gov/vuln/detail/CVE-2022-3768
remediation: Fixed in version 1.3.12.
classification: classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.8 cvss-score: 8.8
@ -45,3 +45,5 @@ requests:
- 'contains(content_type_2, "text/html")' - 'contains(content_type_2, "text/html")'
- 'contains(body_2, "Batch Mint NFTs")' - 'contains(body_2, "Batch Mint NFTs")'
condition: and condition: and
# Enhanced by md on 2023/01/06

View File

@ -5,10 +5,9 @@ info:
author: pikpikcu author: pikpikcu
severity: high severity: high
description: | description: |
Zaver through 2020-12-15 allows directory traversal via the GET /.. substring. Zaver through 2020-12-15 is vulnerable to local file inclusion via the GET /.. substring.
reference: reference:
- https://github.com/zyearn/zaver/issues/22 - https://github.com/zyearn/zaver/issues/22
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38794
- https://nvd.nist.gov/vuln/detail/CVE-2022-38794 - https://nvd.nist.gov/vuln/detail/CVE-2022-38794
classification: classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
@ -32,3 +31,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2023/01/15

View File

@ -1,11 +1,11 @@
id: CVE-2022-4050 id: CVE-2022-4050
info: info:
name: JoomSport < 5.2.8 - Unauthenticated SQLi name: WordPress JoomSport <5.2.8 - SQL Injection
author: theamanrawat author: theamanrawat
severity: critical severity: critical
description: | description: |
The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users. WordPress JoomSport plugin before 5.2.8 contains a SQL injection vulnerability. The plugin does not properly sanitize and escape a parameter before using it in a SQL statement. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations.
reference: reference:
- https://wpscan.com/vulnerability/5c96bb40-4c2d-4e91-8339-e0ddce25912f - https://wpscan.com/vulnerability/5c96bb40-4c2d-4e91-8339-e0ddce25912f
- https://wordpress.org/plugins/joomsport-sports-league-results-management/ - https://wordpress.org/plugins/joomsport-sports-league-results-management/
@ -37,3 +37,5 @@ requests:
- 'contains(content_type, "text/html")' - 'contains(content_type, "text/html")'
- 'contains(body, "jscaruselcont jsview2")' - 'contains(body, "jscaruselcont jsview2")'
condition: and condition: and
# Enhanced by md on 2023/01/06

View File

@ -1,11 +1,11 @@
id: CVE-2022-40734 id: CVE-2022-40734
info: info:
name: UniSharp aka Laravel Filemanager v2.5.1 - Directory Traversal name: Laravel Filemanager v2.5.1 - Local File Inclusion
author: arafatansari author: arafatansari
severity: medium severity: medium
description: | description: |
UniSharp laravel-filemanager (aka Laravel Filemanager) through 2.5.1 allows download?working_dir=%2F.. directory traversal to read arbitrary files. Laravel Filemanager (aka UniSharp) through version 2.5.1 is vulnerable to local file inclusion via download?working_dir=%2F.
reference: reference:
- https://github.com/UniSharp/laravel-filemanager/issues/1150 - https://github.com/UniSharp/laravel-filemanager/issues/1150
- https://nvd.nist.gov/vuln/detail/CVE-2022-40734 - https://nvd.nist.gov/vuln/detail/CVE-2022-40734
@ -30,3 +30,5 @@ requests:
- type: regex - type: regex
regex: regex:
- "root:[x*]:0:0" - "root:[x*]:0:0"
# Enhanced by mp on 2023/01/15

View File

@ -5,7 +5,7 @@ info:
author: For3stCo1d author: For3stCo1d
severity: critical severity: critical
description: | description: |
SolarView Compact 6.00 was discovered to contain a command injection vulnerability via network_test.php SolarView Compact 6.00 is vulnerable to a command injection via network_test.php.
reference: reference:
- https://github.com/Timorlover/SolarView_Compact_6.0_rce_via_network_test.php - https://github.com/Timorlover/SolarView_Compact_6.0_rce_via_network_test.php
- https://github.com/advisories/GHSA-wx3r-88rg-whxq - https://github.com/advisories/GHSA-wx3r-88rg-whxq
@ -42,3 +42,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2023/01/15

View File

@ -1,16 +1,16 @@
id: CVE-2022-41840 id: CVE-2022-41840
info: info:
name: Welcart eCommerce <= 2.7.7 - Unauth Directory Traversal name: Welcart eCommerce <=2.7.7 - Local File Inclusion
author: theamanrawat author: theamanrawat
severity: critical severity: critical
description: | description: |
Unauth. Directory Traversal vulnerability in Welcart eCommerce plugin <= 2.7.7 on WordPress. Welcart eCommerce 2.7.7 and before are vulnerable to unauthenticated local file inclusion.
reference: reference:
- https://patchstack.com/database/vulnerability/usc-e-shop/wordpress-welcart-e-commerce-plugin-2-7-7-unauth-directory-traversal-vulnerability - https://patchstack.com/database/vulnerability/usc-e-shop/wordpress-welcart-e-commerce-plugin-2-7-7-unauth-directory-traversal-vulnerability
- https://wordpress.org/plugins/usc-e-shop/ - https://wordpress.org/plugins/usc-e-shop/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41840
- https://patchstack.com/database/vulnerability/usc-e-shop/wordpress-welcart-e-commerce-plugin-2-7-7-unauth-directory-traversal-vulnerability?_s_id=cve - https://patchstack.com/database/vulnerability/usc-e-shop/wordpress-welcart-e-commerce-plugin-2-7-7-unauth-directory-traversal-vulnerability?_s_id=cve
- https://nvd.nist.gov/vuln/detail/CVE-2022-41840
classification: classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8 cvss-score: 9.8
@ -40,3 +40,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2023/01/15

View File

@ -1,16 +1,16 @@
id: CVE-2022-4260 id: CVE-2022-4260
info: info:
name: WP-Ban < 1.69.1 - Admin Stored XSS name: WordPress WP-Ban <1.69.1 - Stored Cross-Site Scripting
author: Hardik-Solanki author: Hardik-Solanki
severity: medium severity: medium
description: | description: |
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). WordPress WP-Ban plugin before 1.69.1 contains a stored cross-site scripting vulnerability. The plugin does not sanitize and escape some of its settings, which can allow high-privilege users to steal cookie-based authentication credentials and launch other attacks. This vulnerability can be exploited even when the unfiltered_html capability is disallowed, for example in multisite setup.
remediation: Fixed in version 1.69.1.
reference: reference:
- https://wpscan.com/vulnerability/d0cf24be-df87-4e1f-aae7-e9684c88e7db - https://wpscan.com/vulnerability/d0cf24be-df87-4e1f-aae7-e9684c88e7db
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4260 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4260
- https://drive.google.com/file/d/11nQ21cQ9irajYqNqsQtNrLJOkeRcwCXn/view?usp=drivesdk - https://drive.google.com/file/d/11nQ21cQ9irajYqNqsQtNrLJOkeRcwCXn/view?usp=drivesdk
remediation: Fixed in version 1.69.1
classification: classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
cvss-score: 4.8 cvss-score: 4.8
@ -66,3 +66,5 @@ requests:
regex: regex:
- '_wpnonce=([0-9a-z]+)' - '_wpnonce=([0-9a-z]+)'
internal: true internal: true
# Enhanced by md on 2023/01/06

View File

@ -1,14 +1,15 @@
id: CVE-2022-46381 id: CVE-2022-46381
info: info:
name: Certain Linear eMerge E3-Series - Cross Site Scripting name: Linear eMerge E3-Series - Cross-Site Scripting
author: arafatansari author: arafatansari
severity: medium severity: medium
description: | description: |
Certain Linear eMerge E3-Series devices are vulnerable to XSS via the type parameter (e.g., to the badging/badge_template_v0.php component). This affects 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e. Linear eMerge E3-Series devices contain a cross-site scripting vulnerability via the type parameter, e.g., to the badging/badge_template_v0.php component. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site and thus steal cookie-based authentication credentials and launch other attacks. This affects versions 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e.
reference: reference:
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46381 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46381
- https://github.com/omarhashem123/Security-Research/blob/main/CVE-2022-46381/CVE-2022-46381.txt - https://github.com/omarhashem123/Security-Research/blob/main/CVE-2022-46381/CVE-2022-46381.txt
- https://nvd.nist.gov/vuln/detail/CVE-2022-46381
classification: classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1 cvss-score: 6.1
@ -35,3 +36,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by md on 2023/01/06

View File

@ -1,12 +1,16 @@
id: 3com-nj2000-default-login id: 3com-nj2000-default-login
info: info:
name: 3COM NJ2000 Default Login name: 3COM NJ2000 - Default Login
author: daffainfo author: daffainfo
severity: high severity: high
description: 3COM NJ2000 default admin credentials were discovered. description: 3COM NJ2000 contains a default login vulnerability. Default admin login password of 'password' was found. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
reference: reference:
- https://www.manualslib.com/manual/204158/3com-Intellijack-Nj2000.html?page=12 - https://www.manualslib.com/manual/204158/3com-Intellijack-Nj2000.html?page=12
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
cvss-score: 8.3
cwe-id: CWE-522
metadata: metadata:
verified: true verified: true
shodan-query: http.title:"ManageEngine Password" shodan-query: http.title:"ManageEngine Password"
@ -34,3 +38,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by md on 2023/01/06

View File

@ -1,13 +1,17 @@
id: aem-felix-console id: aem-felix-console
info: info:
name: AEM Felix Console name: Adobe Experience Manager Felix Console - Default Login
author: DhiyaneshDk author: DhiyaneshDk
severity: high severity: high
description: Felix Console is exposed, you may get RCE by installing OSGI bundle. description: Adobe Experience Manager Felix Console contains a default admin login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations. Remote code execution may also be possible via installation of OSGI bundle.
reference: reference:
- https://github.com/0ang3el/aem-hacker/blob/master/aem_hacker.py - https://github.com/0ang3el/aem-hacker/blob/master/aem_hacker.py
- https://github.com/0ang3el/aem-rce-bundle - https://github.com/0ang3el/aem-rce-bundle
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
cvss-score: 8.3
cwe-id: CWE-522
metadata: metadata:
shodan-query: shodan-query:
- http.title:"AEM Sign In" - http.title:"AEM Sign In"
@ -45,3 +49,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by md on 2023/01/06

View File

@ -1,12 +1,16 @@
id: karaf-default-login id: karaf-default-login
info: info:
name: Apache Karaf Default Login name: Apache Karaf - Default Login
author: s0obi author: s0obi
severity: high severity: high
description: Apache Karaf default login credentials were discovered. description: Apache Karaf contains a default login vulnerability. Default login credentials were detected. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
reference: reference:
- https://karaf.apache.org/manual/latest/webconsole - https://karaf.apache.org/manual/latest/webconsole
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
cvss-score: 8.3
cwe-id: CWE-522
metadata: metadata:
verified: true verified: true
shodan-query: realm="karaf" shodan-query: realm="karaf"
@ -34,3 +38,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by md on 2023/01/06

View File

@ -1,10 +1,16 @@
id: ranger-default-login id: ranger-default-login
info: info:
name: Apache Ranger Default Login name: Apache Ranger - Default Login
author: For3stCo1d author: For3stCo1d
severity: high severity: high
reference: https://github.com/apache/ranger description: Apache Ranger contains a default login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
reference:
- https://github.com/apache/ranger
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
cvss-score: 8.3
cwe-id: CWE-522
metadata: metadata:
shodan-query: http.title:"Ranger - Sign In" shodan-query: http.title:"Ranger - Sign In"
tags: apache,ranger,default-login tags: apache,ranger,default-login
@ -37,3 +43,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by md on 2023/01/06

View File

@ -1,10 +1,10 @@
id: audiocodes-default-login id: audiocodes-default-login
info: info:
name: Audiocodes 310HD, 320HD, 420HD, 430HD & 440HD Default Login name: AudioCodes 310HD, 320HD, 420HD, 430HD & 440HD - Default Login
author: d4vy author: d4vy
severity: high severity: high
description: Audiocodes 310HD, 320HD, 420HD, 430HD & 440HD default login credentials were discovered. description: AudioCodes devices 310HD, 320HD, 420HD, 430HD & 440HD contain a default login vulnerability. Default login credentials were discovered. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
reference: reference:
- https://wiki.freepbx.org/display/FPG/Supported+Devices-Audio+Codes#:~:text=Reset%20to%20Factory%20Defaults,-Press%20the%20Menu&text=Then%2C%20enter%20the%20Admin%20password,is%20%221234%22%20by%20default - https://wiki.freepbx.org/display/FPG/Supported+Devices-Audio+Codes#:~:text=Reset%20to%20Factory%20Defaults,-Press%20the%20Menu&text=Then%2C%20enter%20the%20Admin%20password,is%20%221234%22%20by%20default
classification: classification:
@ -43,3 +43,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by md on 2023/01/06

View File

@ -1,11 +1,16 @@
id: datahub-metadata-default-login id: datahub-metadata-default-login
info: info:
name: DataHub Metadata Default Login name: DataHub Metadata - Default Login
author: queencitycyber author: queencitycyber
severity: high severity: high
description: DataHub Metadata contains a default login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
reference: reference:
- https://github.com/datahub-project/datahub/blob/master/docs/rfc/active/access-control/access-control.md - https://github.com/datahub-project/datahub/blob/master/docs/rfc/active/access-control/access-control.md
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
cvss-score: 8.3
cwe-id: CWE-522
metadata: metadata:
verified: true verified: true
shodan-query: http.title:"DataHub" shodan-query: http.title:"DataHub"
@ -37,3 +42,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by md on 2023/01/06

View File

@ -1,12 +1,16 @@
id: dataiku-default-login id: dataiku-default-login
info: info:
name: Dataiku Default Login name: Dataiku - Default Login
author: random-robbie author: random-robbie
severity: high severity: high
description: Dataiku default login which allows SSRF/RCE etc. description: Dataiku contains a default login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations. This vulnerability may also lead to server-side request forgery and/or remote code execution.
reference: reference:
- https://www.dataiku.com - https://www.dataiku.com
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
cvss-score: 8.3
cwe-id: CWE-522
metadata: metadata:
verified: true verified: true
shodan-query: title:"dataiku" shodan-query: title:"dataiku"
@ -31,3 +35,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by md on 2023/01/06

View File

@ -1,9 +1,10 @@
id: hybris-default-login id: hybris-default-login
info: info:
name: Hybris Default Login name: Hybris - Default Login
author: princechaddha author: princechaddha
severity: high severity: high
description: Hybris contains a default login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
classification: classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
cvss-score: 8.3 cvss-score: 8.3
@ -60,3 +61,5 @@ requests:
group: 1 group: 1
regex: regex:
- '<meta name="_csrf" content="([a-z0-9-]+)" \/>' - '<meta name="_csrf" content="([a-z0-9-]+)" \/>'
# Enhanced by md on 2023/01/06

View File

@ -1,14 +1,18 @@
id: kanboard-default-login id: kanboard-default-login
info: info:
name: Kanboard Default Login name: Kanboard - Default Login
author: shelled author: shelled
severity: high severity: high
description: Kanboard default login was discovered. description: Kanboard contains a default login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
reference: reference:
- https://twitter.com/0x_rood/status/1607068644634157059 - https://twitter.com/0x_rood/status/1607068644634157059
- https://github.com/kanboard/kanboard - https://github.com/kanboard/kanboard
- https://docs.kanboard.org/v1/admin/installation/ - https://docs.kanboard.org/v1/admin/installation/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
cvss-score: 8.3
cwe-id: CWE-522
metadata: metadata:
verified: true verified: true
shodan-query: http.favicon.hash:2056442365 shodan-query: http.favicon.hash:2056442365
@ -58,3 +62,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by md on 2023/01/06

View File

@ -1,9 +1,14 @@
id: kettle-default-login id: kettle-default-login
info: info:
name: Kettle Default Login name: Kettle - Default Login
author: For3stCo1d author: For3stCo1d
severity: medium severity: medium
description: Kettle contains a default login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
cvss-score: 5.8
cwe-id: CWE-522
metadata: metadata:
verified: true verified: true
shodan-query: basic realm="Kettle" shodan-query: basic realm="Kettle"
@ -33,3 +38,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by md on 2023/01/06

View File

@ -1,12 +1,17 @@
id: lutron-default-login id: lutron-default-login
info: info:
name: Lutron Device Default Login name: Lutron - Default Login
author: geeknik author: geeknik
severity: high severity: high
description: Multiple Lutron devices contain a default login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
reference: reference:
- https://www.lutron.com - https://www.lutron.com
- https://vulners.com/openvas/OPENVAS:1361412562310113206 - https://vulners.com/openvas/OPENVAS:1361412562310113206
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
cvss-score: 5.8
cwe-id: CWE-522
tags: default-login,lutron,iot tags: default-login,lutron,iot
requests: requests:
@ -39,3 +44,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by md on 2023/01/06

View File

@ -1,10 +1,10 @@
id: mobotix-default-credentials id: mobotix-default-credentials
info: info:
name: Mobotix Webcam Default Admin Credentials name: Mobotix - Default Login
author: robotshell author: robotshell
severity: high severity: high
description: Mobotix Camera default admin login credentials. description: Mobotix contains a default admin login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
reference: reference:
- https://www.mobotix.com/sites/default/files/2020-01/mx_RM_CameraSoftwareManual_en_200131.pdf - https://www.mobotix.com/sites/default/files/2020-01/mx_RM_CameraSoftwareManual_en_200131.pdf
classification: classification:
@ -40,3 +40,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by md on 2023/01/06

View File

@ -1,13 +1,17 @@
id: nsicg-default-login id: nsicg-default-login
info: info:
name: Ns-icg Default Login name: Netentsec NS-ICG - Default Login
author: pikpikcu author: pikpikcu
severity: high severity: high
description: | description: |
There is a weak password vulnerability in NetentSec Internet Control Gateway ns-icg of Beijing NetentScience and Technology Co., Ltd., which allows attackers to successfully log in to the system and obtain sensitive information by exploiting this loophole. Netentsec NS-ICG contains a default login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
reference: | reference: |
- https://www.cnvd.org.cn/flaw/show/CNVD-2016-08603 - https://www.cnvd.org.cn/flaw/show/CNVD-2016-08603
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
cvss-score: 8.3
cwe-id: CWE-522
metadata: metadata:
verified: true verified: true
fofa-query: "NS-ICG" fofa-query: "NS-ICG"
@ -46,3 +50,5 @@ requests:
- 'status_code_2 == 200' - 'status_code_2 == 200'
- contains(body_2, "var loguser = \'ns25000") - contains(body_2, "var loguser = \'ns25000")
condition: and condition: and
# Enhanced by md on 2023/01/09

View File

@ -1,10 +1,10 @@
id: peoplesoft-default-login id: peoplesoft-default-login
info: info:
name: Oracle PeopleSoft Default Login name: Oracle PeopleSoft - Default Login
author: LogicalHunter author: LogicalHunter
severity: high severity: high
description: Oracle peoplesoft default admin credentials were discovered. description: Oracle PeopleSoft contains a default admin login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
reference: reference:
- https://www.oracle.com/applications/peoplesoft/ - https://www.oracle.com/applications/peoplesoft/
- https://erpscan.io/press-center/blog/peoplesoft-default-accounts/ - https://erpscan.io/press-center/blog/peoplesoft-default-accounts/
@ -81,3 +81,5 @@ requests:
- type: status - type: status
status: status:
- 302 - 302
# Enhanced by md on 2023/01/09

View File

@ -1,11 +1,16 @@
id: kingsoft-v8-default-login id: kingsoft-v8-default-login
info: info:
name: Kingsoft V8 Default Login name: Kingsoft 8 - Default Login
author: ritikchaddha author: ritikchaddha
severity: high severity: high
description: Kingsoft version 8 contains a default login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
reference: reference:
- https://idc.wanyunshuju.com/aqld/2123.html - https://idc.wanyunshuju.com/aqld/2123.html
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
cvss-score: 8.3
cwe-id: CWE-522
tags: kingsoft,default-login tags: kingsoft,default-login
requests: requests:
@ -37,3 +42,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by md on 2023/01/09

View File

@ -1,10 +1,10 @@
id: opencats-default-login id: opencats-default-login
info: info:
name: OpenCATS Default Login name: OpenCATS - Default Login
author: arafatansari author: arafatansari
severity: high severity: high
description: OpenCATS default admin login information was discovered. description: OpenCATS contains a default admin login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
classification: classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
cvss-score: 8.3 cvss-score: 8.3
@ -52,3 +52,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by md on 2023/01/09

View File

@ -1,18 +1,21 @@
id: phpmyadmin-default-login id: phpmyadmin-default-login
info: info:
name: phpMyAdmin Default Login name: phpMyAdmin - Default Login
author: Natto97 author: Natto97
severity: high severity: high
description: phpMyAdmin default admin credentials were discovered description: phpMyAdmin contains a default login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
reference: reference:
- https://www.phpmyadmin.net - https://www.phpmyadmin.net
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
cvss-score: 8.3
cwe-id: CWE-522
metadata: metadata:
verified: true verified: true
shodan-query: http.title:phpMyAdmin shodan-query: http.title:phpMyAdmin
tags: default-login,phpmyadmin tags: default-login,phpmyadmin
requests: requests:
- raw: - raw:
- | - |
@ -71,3 +74,5 @@ requests:
- status_code_2 == 302 - status_code_2 == 302
- contains(all_headers_2, 'index.php?collation_connection=utf8mb4_unicode_ci') || contains(all_headers_2, '/index.php?route=/&route=%2F') - contains(all_headers_2, 'index.php?collation_connection=utf8mb4_unicode_ci') || contains(all_headers_2, '/index.php?route=/&route=%2F')
condition: and condition: and
# Enhanced by md on 2023/01/09

View File

@ -1,10 +1,10 @@
id: prtg-default-login id: prtg-default-login
info: info:
name: PRTG Network Monitor Default Login name: PRTG Network Monitor - Hardcoded Credentials
author: johnk3r author: johnk3r
severity: high severity: high
description: PRTG default admin credentials were discovered. description: PRTG Network Monitor contains a hardcoded credential vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
reference: reference:
- https://www.paessler.com/manuals/prtg/login - https://www.paessler.com/manuals/prtg/login
classification: classification:
@ -41,3 +41,5 @@ requests:
- type: status - type: status
status: status:
- 302 - 302
# Enhanced by md on 2023/01/09

View File

@ -1,14 +1,19 @@
id: ruckus-wireless-default-login id: ruckus-wireless-default-login
info: info:
name: Ruckus Wireless Admin Default Login Credential name: Ruckus Wireless - Default Login
author: pussycat0x author: pussycat0x
severity: critical severity: critical
description: Ruckus Wireless router contains a default admin login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
reference:
- https://docs.commscope.com/bundle/fastiron-08092-securityguide/page/GUID-32D3BB01-E600-4FBE-B555-7570B5024D34.html
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
cvss-score: 8.3
cwe-id: CWE-522
metadata: metadata:
verified: true verified: true
shodan-query: title:"ruckus" shodan-query: title:"ruckus"
reference:
- https://docs.commscope.com/bundle/fastiron-08092-securityguide/page/GUID-32D3BB01-E600-4FBE-B555-7570B5024D34.html
tags: default-login,router,ruckus tags: default-login,router,ruckus
requests: requests:
@ -42,3 +47,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by md on 2023/01/09

View File

@ -1,13 +1,17 @@
id: samsung-printer-default-login id: samsung-printer-default-login
info: info:
name: Samsung Printer Default Login name: Samsung Printer - Default Login
author: gy741 author: gy741
severity: high severity: high
description: | description: |
Samsung Printer default login credentials were discovered. Samsung printers contain a default admin login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
reference: reference:
- https://support.hp.com/gb-en/document/c05591673 - https://support.hp.com/gb-en/document/c05591673
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
cvss-score: 8.3
cwe-id: CWE-522
metadata: metadata:
verified: true verified: true
shodan-query: title:"SyncThru Web Service" shodan-query: title:"SyncThru Web Service"
@ -45,3 +49,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by md on 2023/01/09

View File

@ -1,13 +1,17 @@
id: tiny-filemanager-default-login id: tiny-filemanager-default-login
info: info:
name: Tiny File Manager Default Login name: Tiny File Manager - Default Login
author: shelled author: shelled
severity: high severity: high
description: Tiny File Manager default login was discovered. description: Tiny File Manager contains a default login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
reference: reference:
- https://github.com/prasathmani/tinyfilemanager - https://github.com/prasathmani/tinyfilemanager
- https://tinyfilemanager.github.io/docs/ - https://tinyfilemanager.github.io/docs/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
cvss-score: 8.3
cwe-id: CWE-522
metadata: metadata:
verified: true verified: true
shodan-query: html:"Tiny File Manager" shodan-query: html:"Tiny File Manager"
@ -61,3 +65,5 @@ requests:
regex: regex:
- '([a-f0-9]{64})' - '([a-f0-9]{64})'
internal: true internal: true
# Enhanced by md on 2023/01/09

View File

@ -1,13 +1,17 @@
id: tooljet-default-login id: tooljet-default-login
info: info:
name: ToolJet Default Login Credential name: ToolJet - Default Login
author: random-robbie author: random-robbie
severity: high severity: high
description: | description: |
toolJet is an open-source low-code framework to build and deploy custom internal tools. ToolJet can connect to your data sources such as databases ( PostgreSQL, MongoDB, MS SQL Server, Snowflake, , BigQuery, etc ), API/GraphQL endpoints, SaaS tools ( Airtable, Stripe, Google Sheets, etc ) and cloud object storage services ( AWS S3, Google Cloud Storage and Minio ) ToolJet contains a default login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
reference: reference:
- https://docs.tooljet.com/docs/contributing-guide/setup/docker/ - https://docs.tooljet.com/docs/contributing-guide/setup/docker/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
cvss-score: 8.3
cwe-id: CWE-522
metadata: metadata:
verified: true verified: true
shodan-query: title:"tooljet" shodan-query: title:"tooljet"
@ -46,3 +50,5 @@ requests:
- type: status - type: status
status: status:
- 201 - 201
# Enhanced by md on 2023/01/09

View File

@ -1,11 +1,16 @@
id: versa-flexvnf-default-login id: versa-flexvnf-default-login
info: info:
name: Versa FlexVNF Web-UI - Default Login name: Versa FlexVNF - Default Login
author: c-sh0 author: c-sh0
severity: high severity: high
description: Versa FlexVNF contains a default login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
reference: reference:
- https://versa-networks.com/products/ - https://versa-networks.com/products/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
cvss-score: 8.3
cwe-id: CWE-522
metadata: metadata:
verified: true verified: true
shodan-query: title:"Flex VNF Web-UI" shodan-query: title:"Flex VNF Web-UI"
@ -55,3 +60,5 @@ requests:
part: header part: header
regex: regex:
- '(?i)Set-Cookie: XSRF-TOKEN=([A-Za-z0-9_.-]+)' - '(?i)Set-Cookie: XSRF-TOKEN=([A-Za-z0-9_.-]+)'
# Enhanced by md on 2023/01/09

View File

@ -1,12 +1,16 @@
id: xnat-default-login id: xnat-default-login
info: info:
name: XNAT Default Login name: XNAT - Default Login
author: 0x_Akoko author: 0x_Akoko
severity: high severity: high
description: XNAT default login information (admin/admin) was discovered. description: XNAT contains an admin default login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
reference: reference:
- https://wiki.xnat.org/documentation/xnat-administration/xnat-setup-first-time-configuration#:~:text=Log%20in%20with%20the%20username%20admin%20and%20password%20admin - https://wiki.xnat.org/documentation/xnat-administration/xnat-setup-first-time-configuration#:~:text=Log%20in%20with%20the%20username%20admin%20and%20password%20admin
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
cvss-score: 8.3
cwe-id: CWE-522
metadata: metadata:
verified: true verified: true
shodan-query: http.title:"XNAT" shodan-query: http.title:"XNAT"
@ -40,3 +44,5 @@ requests:
- type: status - type: status
status: status:
- 302 - 302
# Enhanced by md on 2023/01/09

View File

@ -1,11 +1,11 @@
id: xui-weak-login id: xui-weak-login
info: info:
name: X-UI Login Default Login name: X-UI - Default Login
author: dali author: dali
severity: high severity: high
description: | description: |
X-UI Default Login Credentials. X-UI contains default credentials. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
reference: reference:
- https://github.com/vaxilu/x-ui - https://github.com/vaxilu/x-ui
- https://seakfind.github.io/2021/10/10/X-UI/#:~:text=By%20default%2C%20the%20login%20user,the%20password%20is%20also%20admin%20. - https://seakfind.github.io/2021/10/10/X-UI/#:~:text=By%20default%2C%20the%20login%20user,the%20password%20is%20also%20admin%20.
@ -46,3 +46,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by md on 2023/01/09

View File

@ -1,11 +1,16 @@
id: atlantis-detect id: atlantis-detect
info: info:
name: Atlantis Detect name: Atlantis Panel - Detect
author: jonathanwalker author: jonathanwalker
severity: info severity: info
description: Atlantis panel was detected.
reference: reference:
- https://github.com/runatlantis/atlantis - https://github.com/runatlantis/atlantis
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata: metadata:
verified: true verified: true
shodan-query: http.favicon.hash:-1706783005 shodan-query: http.favicon.hash:-1706783005
@ -28,3 +33,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by md on 2023/01/09

View File

@ -1,10 +1,16 @@
id: cacti-panel id: cacti-panel
info: info:
name: Cacti Login Panel name: Cacti Login Panel - Detect
author: geeknik,daffainfo author: geeknik,daffainfo
severity: info severity: info
description: Cacti is a complete network graphing solution -- https://www.cacti.net/ description: Cacti login panel was detected.
reference:
- https://www.cacti.net/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: tech,cacti,login tags: tech,cacti,login
requests: requests:
@ -38,3 +44,5 @@ requests:
group: 1 group: 1
regex: regex:
- "<div class='versionInfo'>Version (.*) |" - "<div class='versionInfo'>Version (.*) |"
# Enhanced by md on 2023/01/09

View File

@ -1,9 +1,14 @@
id: checkmk-login id: checkmk-login
info: info:
name: Check MK Login Detect name: Checkmk Login Panel - Detect
author: princechaddha author: princechaddha
severity: info severity: info
description: Checkmk login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: login,tech,synology,rackstation tags: login,tech,synology,rackstation
requests: requests:
@ -30,3 +35,5 @@ requests:
regex: regex:
- '<div id="version">([0-9.a-z]+)<\/div>' - '<div id="version">([0-9.a-z]+)<\/div>'
- '<div id="foot">Version: ([0-9.a-z]+)' - '<div id="foot">Version: ([0-9.a-z]+)'
# Enhanced by md on 2023/01/09

View File

@ -1,12 +1,17 @@
id: e-mobile-panel id: e-mobile-panel
info: info:
name: E-mobile Panel Detect name: E-mobile Panel - Detect
author: ritikchaddha author: ritikchaddha
severity: info severity: info
description: E-mobile panel was detected.
metadata: metadata:
verified: true verified: true
shodan-query: http.html:"E-Mobile&nbsp" shodan-query: http.html:"E-Mobile&nbsp"
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: panel,e-mobile tags: panel,e-mobile
requests: requests:
@ -36,3 +41,5 @@ requests:
group: 1 group: 1
regex: regex:
- 'E-Mobile&nbsp;([0-9.]+)' - 'E-Mobile&nbsp;([0-9.]+)'
# Enhanced by cs 2023/01/09

View File

@ -1,9 +1,14 @@
id: edgeos-login id: edgeos-login
info: info:
name: EdgeOS login Detect name: EdgeOS Login Panel - Detect
author: princechaddha author: princechaddha
severity: info severity: info
description: EdgeOS login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: login,tech,edgeos,edgemax tags: login,tech,edgeos,edgemax
requests: requests:
@ -21,3 +26,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by md on 2023/01/09

View File

@ -1,11 +1,15 @@
id: fatpipe-ipvpn-panel id: fatpipe-ipvpn-panel
info: info:
name: FatPipe IPVPN® Panel Detect name: FatPipe IPVPN® Panel - Detect
author: dwisiswant0 author: dwisiswant0
severity: info severity: info
reference: reference:
- https://www.fatpipeinc.com/products/index.php - https://www.fatpipeinc.com/products/index.php
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: panel,ipvpn,fatpipe tags: panel,ipvpn,fatpipe
requests: requests:
@ -29,3 +33,5 @@ requests:
group: 1 group: 1
regex: regex:
- '<h5>([0-9.a-z]+)<\/h5>' - '<h5>([0-9.a-z]+)<\/h5>'
# Enhanced by cs 2023/01/09

View File

@ -1,12 +1,16 @@
id: ictprotege-login-panel id: ictprotege-login-panel
info: info:
name: ICT Protege WX Login Panel name: ICT Protege WX Login Panel - Detect
author: ritikchaddha author: ritikchaddha
severity: info severity: info
metadata: metadata:
verified: true verified: true
shodan-query: title:"ICT Protege WX&reg;" shodan-query: title:"ICT Protege WX&reg;"
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: panel,ictprotege tags: panel,ictprotege
requests: requests:
@ -24,3 +28,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by cs 2023/01/09

View File

@ -1,11 +1,13 @@
id: kanboard-login id: kanboard-login
info: info:
name: Kanboard Login Panel name: Kanboard Login Panel - Detect
author: DhiyaneshDK author: DhiyaneshDK
severity: info severity: info
description: A Kanboard login panel was detected. description: Kanboard login panel was detected.
classification: classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200 cwe-id: CWE-200
metadata: metadata:
verified: true verified: true
@ -28,3 +30,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by md on 2023/01/09

View File

@ -1,9 +1,14 @@
id: lenovo-fp-panel id: lenovo-fp-panel
info: info:
name: Lenovo Fan and Power Controller Panel name: Lenovo Fan Power Controller Login Panel - Detect
author: megamansec author: megamansec
severity: info severity: info
description: Lenovo Fan Power Controller login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata: metadata:
verified: true verified: true
shodan-query: http.html:"Avocent Corporation and its affiliates" shodan-query: http.html:"Avocent Corporation and its affiliates"
@ -28,3 +33,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by md on 2023/01/09

View File

@ -1,10 +1,14 @@
id: luci-login-detection id: luci-login-detection
info: info:
name: LuCi Login Detector name: LuCi Login Panel - Detect
author: aashiq author: aashiq
severity: info severity: info
description: Searches for LuCi Login pages by attempting to query the cgi-bin endpoint description: LuCi login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: login tags: login
requests: requests:
@ -21,3 +25,5 @@ requests:
- type: word - type: word
words: words:
- "Authorization Required" - "Authorization Required"
# Enhanced by md on 2023/01/09

View File

@ -1,9 +1,14 @@
id: mpftvc-admin-panel id: mpftvc-admin-panel
info: info:
name: MPFTVC Admin Login Panel name: MPFTVC Admin Login Panel - Detect
author: Hardik-Solanki author: Hardik-Solanki
severity: info severity: info
description: MPFTVC admin login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata: metadata:
verified: true verified: true
shodan-query: title:"AdminLogin - MPFTVC" shodan-query: title:"AdminLogin - MPFTVC"
@ -23,3 +28,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by md on 2023/01/09

View File

@ -1,13 +1,17 @@
id: netsparker-panel id: netsparker-panel
info: info:
name: Netsparker Panel name: Netsparker Login Panel - Detect
author: pussycat0x author: pussycat0x
severity: info severity: info
description: | description: |
Netsparker is a fully configurable Enterprise Dynamic Application Security Testing (DAST) tool. A DAST tool communicates with a web application using the web front-end in order to identify potential security vulnerabilities in the web application. Netsparker login panel was detected.
reference: reference:
- https://www.invicti.com/ - https://www.invicti.com/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata: metadata:
verified: true verified: true
shodan-query: http.title:"Sign in to Netsparker Enterprise" shodan-query: http.title:"Sign in to Netsparker Enterprise"
@ -30,3 +34,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by md on 2023/01/09

View File

@ -1,7 +1,7 @@
id: ocomon-panel id: ocomon-panel
info: info:
name: OcoMon Login Panel name: OcoMon Login Panel - Detect
author: dogasantos author: dogasantos
severity: info severity: info
description: a tiny helpdesk system written in php description: a tiny helpdesk system written in php
@ -10,6 +10,10 @@ info:
metadata: metadata:
verified: true verified: true
shodan-query: http.html:"OcoMon" shodan-query: http.html:"OcoMon"
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: panel,ocomon,oss tags: panel,ocomon,oss
requests: requests:
@ -37,3 +41,5 @@ requests:
regex: regex:
- 'Versão: ([0-9.]+)' - 'Versão: ([0-9.]+)'
- 'Versão:&nbsp;([0-9.]+)' - 'Versão:&nbsp;([0-9.]+)'
# Enhanced by cs 2023/01/09

View File

@ -1,10 +1,14 @@
id: opengear-panel id: opengear-panel
info: info:
name: Opengear Management Console Login Panel name: Opengear Management Console Login Panel - Detect
author: ffffffff0x,daffainfo author: ffffffff0x,daffainfo
severity: info severity: info
reference: https://opengear.com/ reference: https://opengear.com/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata: metadata:
verified: true verified: true
fofa-query: app="opengear-Management-Console" fofa-query: app="opengear-Management-Console"
@ -28,3 +32,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhnanced by cs 2023/01/09

View File

@ -1,9 +1,13 @@
id: redhat-satellite-panel id: redhat-satellite-panel
info: info:
name: Red Hat Satellite Panel name: Red Hat Satellite Panel - Detect
author: princechaddha author: princechaddha
severity: info severity: info
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata: metadata:
verified: true verified: true
shodan-query: http.html:"redhat" "Satellite" shodan-query: http.html:"redhat" "Satellite"
@ -35,3 +39,5 @@ requests:
group: 1 group: 1
regex: regex:
- '&quot;version&quot;:&quot;([0-9.]+)&quot;,' - '&quot;version&quot;:&quot;([0-9.]+)&quot;,'
# Enhanced by cs 2023/01/09

View File

@ -1,9 +1,13 @@
id: remedy-axis-login id: remedy-axis-login
info: info:
name: Remedy Axis Login name: Remedy Axis Login Panel - Detect
author: tess author: tess
severity: info severity: info
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata: metadata:
shodan-query: http.html:"BMC Remedy" shodan-query: http.html:"BMC Remedy"
verified: true verified: true
@ -28,3 +32,5 @@ requests:
- "BMC Remedy" - "BMC Remedy"
- "BMC Smart Reporting" - "BMC Smart Reporting"
condition: or condition: or
# Enhanced by cs 2023/01/09

View File

@ -1,12 +1,16 @@
id: ruckus-unleashed-panel id: ruckus-unleashed-panel
info: info:
name: Ruckus Wireless Unleashed Login Panel name: Ruckus Wireless Unleashed Login Panel - Detect
author: idealphase author: idealphase
severity: info severity: info
description: RUCKUS builds and delivers purpose-driven networks that perform in the tough environments of the industries we serve. Together with our trusted go-to-market partners, we empower our customers to deliver exceptional experiences to the guests, students, residents, citizens and employees who are counting on them. description: Ruckus Wireless Unleashed login panel was detected.
reference: reference:
- https://www.commscope.com/ruckus/ - https://www.commscope.com/ruckus/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata: metadata:
shodan-query: http.title:"Unleashed Login" shodan-query: http.title:"Unleashed Login"
google-query: intitle:"Unleashed Login" google-query: intitle:"Unleashed Login"
@ -33,3 +37,5 @@ requests:
group: 1 group: 1
regex: regex:
- '<link href="css\/font-awesome\.min\.css\?(.+)" rel="stylesheet">' - '<link href="css\/font-awesome\.min\.css\?(.+)" rel="stylesheet">'
# Enhanced by md on 2023/01/09

View File

@ -1,11 +1,17 @@
id: sap-netweaver-portal id: sap-netweaver-portal
# SAP Netweaver default creds - SAP*/06071992 or TMSADM/$1Pawd2&
info: info:
name: SAP NetWeaver Portal name: SAP NetWeaver Portal - Detect
author: organiccrap author: organiccrap
severity: info severity: info
description: SAP NetWeaver Portal login has been detected. Note that NetWeaver has multiple default passwords as listed in the references.
reference:
- https://www.sap.com/products/technology-platform/netweaver.html
- https://www.cisoplatform.com/profiles/blogs/sap-netweaver-abap-security-configuration-part-2-default
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: panel,sap tags: panel,sap
requests: requests:
@ -17,3 +23,5 @@ requests:
words: words:
- "<title>SAP&#x20;NetWeaver&#x20;Portal</title>" - "<title>SAP&#x20;NetWeaver&#x20;Portal</title>"
part: body part: body
# Enhanced by cs 2023/01/09

View File

@ -1,10 +1,14 @@
id: sapfiori-panel id: sapfiori-panel
info: info:
name: SAP Fiori Instance Detection Template name: SAP Fiori Login Panel - Detect
author: righettod author: righettod
severity: info severity: info
description: Try to detect the presence of a SAP Fiori instance via the login page description: SAP Fiori login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: panel,sap,fiori tags: panel,sap,fiori
requests: requests:
@ -27,4 +31,6 @@ requests:
- "UIPPortalPath" - "UIPPortalPath"
- "/irj/portal/fiori" - "/irj/portal/fiori"
part: body part: body
condition: and condition: and
# Enhanced by md on 2023/01/09

View File

@ -1,9 +1,14 @@
id: sas-login-panel id: sas-login-panel
info: info:
name: SAS Login Panel name: SAS Login Panel - Detect
author: ritikchaddha author: ritikchaddha
severity: info severity: info
description: SAS login panel has been detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata: metadata:
verified: true verified: true
shodan-query: http.favicon.hash:957255151 shodan-query: http.favicon.hash:957255151
@ -24,3 +29,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by cs 2023/01/09

View File

@ -1,11 +1,16 @@
id: sauter-login id: sauter-login
info: info:
name: Sauter moduWeb - Login name: Sauter moduWeb Login Panel - Detect
author: DhiyaneshDk author: DhiyaneshDk
severity: info severity: info
description: Sauter moduWeb login panel was detected.
reference: reference:
- https://www.exploit-db.com/ghdb/6883 - https://www.exploit-db.com/ghdb/6883
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: panel,sauter,edb tags: panel,sauter,edb
requests: requests:
@ -23,3 +28,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by md on 2023/01/09

View File

@ -1,12 +1,16 @@
id: scs-landfill-control id: scs-landfill-control
info: info:
name: SCS Landfill Remote Monitoring Control name: SCS Remote Monitoring and Control Login Panel - Detect
author: geeknik author: geeknik
severity: info severity: info
description: SCS RMC is the IoT for landfills, manufacturing, and industrial facilities that provides real-time viewing, analysis, and control of equipment and systems critical to production and safe operations remotely. description: SCS Remote Monitoring and Control login panel was detected.
reference: reference:
- https://www.scsengineers.com/services/remote-monitoring-control/ - https://www.scsengineers.com/services/remote-monitoring-control/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: panel,scs,rmc,iot tags: panel,scs,rmc,iot
requests: requests:
@ -25,3 +29,5 @@ requests:
- "<title>Log in to SCS RMC®</title>" - "<title>Log in to SCS RMC®</title>"
- "SCS RMC®</div>" - "SCS RMC®</div>"
condition: and condition: and
# Enhanced by md on 2023/01/09

View File

@ -1,14 +1,19 @@
id: seafile-panel id: seafile-panel
info: info:
name: Seafile Panel name: Seafile Panel - Detect
author: TechbrunchFR author: TechbrunchFR
severity: info severity: info
description: Seafile panel was detected.
metadata: metadata:
shodan-query: http.favicon.hash:1552322396 shodan-query: http.favicon.hash:1552322396
reference: reference:
- https://www.seafile.com/en/home/ - https://www.seafile.com/en/home/
- https://github.com/haiwen/seafile - https://github.com/haiwen/seafile
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: sefile,panel tags: sefile,panel
requests: requests:
@ -21,3 +26,5 @@ requests:
- type: dsl - type: dsl
dsl: dsl:
- "status_code==200 && (\"1552322396\" == mmh3(base64_py(body)))" - "status_code==200 && (\"1552322396\" == mmh3(base64_py(body)))"
# Enhanced by md on 2023/01/09

View File

@ -1,9 +1,14 @@
id: seats-login id: seats-login
info: info:
name: Seats login name: Seats Login Panel - Detect
author: dhiyaneshDK author: dhiyaneshDK
severity: info severity: info
description: Seats login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: panel tags: panel
requests: requests:
@ -19,3 +24,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by md on 2023/01/09

View File

@ -1,9 +1,14 @@
id: secmail-detect id: secmail-detect
info: info:
name: SecMail - secure email Detect name: SecMail Login Panel - Detect
author: johnk3r author: johnk3r
severity: info severity: info
description: SecMail login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata: metadata:
shodan-query: secmail shodan-query: secmail
tags: secmail,panel tags: secmail,panel
@ -23,3 +28,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by md on 2023/01/09

View File

@ -1,9 +1,14 @@
id: secnet-ac-panel id: secnet-ac-panel
info: info:
name: Secnet ac Panel Detect name: SecNet Login Panel - Detect
author: ritikchaddha author: ritikchaddha
severity: info severity: info
description: SecNet login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: secnet-ac,panel tags: secnet-ac,panel
requests: requests:
@ -21,3 +26,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by md on 2023/01/09

View File

@ -1,9 +1,14 @@
id: secure-login-panel id: secure-login-panel
info: info:
name: Secure Login Service Detector name: Secure Login Service Login Panel - Detect
author: dhiyaneshDK author: dhiyaneshDK
severity: info severity: info
description: Secure Login Service login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata: metadata:
shodan-query: http.title:"Secure Login Service" shodan-query: http.title:"Secure Login Service"
tags: panel,sls,login,service tags: panel,sls,login,service
@ -22,3 +27,5 @@ requests:
- type: word - type: word
words: words:
- "<title>Secure Login Service</title>" - "<title>Secure Login Service</title>"
# Enhanced by md on 2023/01/09

View File

@ -1,9 +1,14 @@
id: securenvoy-panel id: securenvoy-panel
info: info:
name: SecurEnvoy Admin Login name: SecurEnvoy Admin Login Panel - Detect
author: 0xrod author: 0xrod
severity: info severity: info
description: SecurEnvoy admin login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: panel,securenvoy tags: panel,securenvoy
requests: requests:
@ -21,3 +26,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by md on 2023/01/09

View File

@ -1,9 +1,14 @@
id: securepoint-utm id: securepoint-utm
info: info:
name: Securepoint UTM Admin Panel name: Securepoint UTM Admin Panel - Detect
author: pussycat0x author: pussycat0x
severity: info severity: info
description: Securepoint UTM admin panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata: metadata:
fofa-dork: 'app="Securepoint-UTM-v11-Admin-Interface-11.8.8.8"' fofa-dork: 'app="Securepoint-UTM-v11-Admin-Interface-11.8.8.8"'
tags: securepoint,panel tags: securepoint,panel
@ -30,3 +35,5 @@ requests:
group: 1 group: 1
regex: regex:
- '\- Admin Interface \- ([0-9. (a-z)]+)<\/title>' - '\- Admin Interface \- ([0-9. (a-z)]+)<\/title>'
# Enhanced by md on 2023/01/09

View File

@ -1,9 +1,14 @@
id: securityspy-detect id: securityspy-detect
info: info:
name: SecuritySpy Camera Detect name: SecuritySpy Camera Panel - Detect
author: pussycat0x author: pussycat0x
severity: medium severity: medium
description: SecuritySpy Camera panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata: metadata:
shodan-dork: 'title:SecuritySpy' shodan-dork: 'title:SecuritySpy'
tags: unauth,iot,securityspy,panel,camera tags: unauth,iot,securityspy,panel,camera
@ -23,3 +28,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by md on 2023/01/09

View File

@ -1,9 +1,14 @@
id: sitecore-login-panel id: sitecore-login-panel
info: info:
name: Sitecore Login Panel name: Sitecore Admin Login Panel - Detect
author: b4uh0lz author: b4uh0lz
severity: info severity: info
description: Sitecore admin login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: panel,sitecore,login tags: panel,sitecore,login
requests: requests:
@ -21,3 +26,5 @@ requests:
words: words:
- "Sitecore Login" - "Sitecore Login"
part: body part: body
# Enhanced by md on 2023/01/15

View File

@ -1,9 +1,14 @@
id: sitecore-login id: sitecore-login
info: info:
name: SiteCore Login name: Sitecore Login Panel - Detect
author: dhiyaneshDK author: dhiyaneshDK
severity: info severity: info
description: Sitecore login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata: metadata:
shodan-query: http.title:"Welcome to Sitecore" shodan-query: http.title:"Welcome to Sitecore"
tags: panel,sitecore tags: panel,sitecore
@ -22,3 +27,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by md on 2023/01/15

View File

@ -1,11 +1,16 @@
id: siteomat-loader id: siteomat-loader
info: info:
name: Orpak SiteOmat login portals name: Orpak SiteOmat Login Panel - Detect
author: dhiyaneshDK author: dhiyaneshDK
severity: info severity: info
description: Orpak SiteOmat login panel was detected.
reference: reference:
- https://www.exploit-db.com/ghdb/6624 - https://www.exploit-db.com/ghdb/6624
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: siteomat,login,edb,panel tags: siteomat,login,edb,panel
requests: requests:
@ -21,3 +26,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by md on 2023/01/15

View File

@ -1,9 +1,14 @@
id: skycaiji-admin-panel id: skycaiji-admin-panel
info: info:
name: SkyCaiji Admin Panel name: SkyCaiji Admin Panel - Detect
author: princechaddha author: princechaddha
severity: info severity: info
description: SkyCaiji admin panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: panel,tech,skycaiji tags: panel,tech,skycaiji
requests: requests:
@ -31,3 +36,5 @@ requests:
group: 1 group: 1
regex: regex:
- 'com">SkyCaiji<\/a> ([A-Z0-9.]+) 后台管理<\/p>' - 'com">SkyCaiji<\/a> ([A-Z0-9.]+) 后台管理<\/p>'
# Enhanced by md on 2023/01/15

View File

@ -1,9 +1,14 @@
id: slocum-login id: slocum-login
info: info:
name: Slocum Fleet Mission Control Login name: Slocum Fleet Mission Control Login Panel - Detect
author: pussycat0x author: pussycat0x
severity: info severity: info
description: Slocum Fleet Mission Control login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: panel,tech,slocum tags: panel,tech,slocum
requests: requests:
@ -20,3 +25,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by md on 2023/01/15

Some files were not shown because too many files have changed in this diff Show More