parent
986d78fe6a
commit
643700ca28
|
@ -1,10 +1,10 @@
|
|||
id: CVE-2016-6601
|
||||
|
||||
info:
|
||||
name: ZOHO WebNMS Framework 5.2 and 5.2 SP1 - Directory Traversal
|
||||
name: ZOHO WebNMS Framework <5.2 SP1 - Local File Inclusion
|
||||
author: 0x_Akoko
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parameter to servlets/FetchFile
|
||||
description: ZOHO WebNMS Framework before version 5.2 SP1 is vulnerable local file inclusion which allows an attacker to read arbitrary files via a .. (dot dot) in the fileName parameter to servlets/FetchFile.
|
||||
reference:
|
||||
- https://github.com/pedrib/PoC/blob/master/advisories/webnms-5.2-sp1-pwn.txt
|
||||
- https://www.exploit-db.com/exploits/40229/
|
||||
|
@ -30,3 +30,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2023/01/15
|
||||
|
|
|
@ -1,16 +1,16 @@
|
|||
id: CVE-2017-14186
|
||||
|
||||
info:
|
||||
name: FortiGate SSL VPN Web Portal - Cross Site Scripting
|
||||
name: FortiGate FortiOS SSL VPN Web Portal - Cross-Site Scripting
|
||||
author: johnk3r
|
||||
severity: medium
|
||||
description: |
|
||||
Failure to sanitize the login redir parameter in the SSL-VPN web portal may allow an attacker to perform a Cross-site Scripting (XSS) or an URL Redirection attack.
|
||||
FortiGate FortiOS through SSL VPN Web Portal contains a cross-site scripting vulnerability. The login redir parameter is not santized, so an attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks such as a URL redirect. Affected versions are 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, and 5.4 and below.
|
||||
reference:
|
||||
- https://www.fortiguard.com/psirt/FG-IR-17-242
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2017-14186
|
||||
- https://fortiguard.com/advisory/FG-IR-17-242
|
||||
- https://web.archive.org/web/20210801135714/http://www.securitytracker.com/id/1039891
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2017-14186
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 5.4
|
||||
|
@ -40,3 +40,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by md on 2023/01/11
|
||||
|
|
|
@ -7,9 +7,9 @@ info:
|
|||
description: Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request that will attempt to execute JavaScript which could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.
|
||||
reference:
|
||||
- https://github.com/vulhub/vulhub/blob/master/kibana/CVE-2018-17246/README.md
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-17246
|
||||
- https://www.elastic.co/community/security
|
||||
- https://discuss.elastic.co/t/elastic-stack-6-4-3-and-5-6-13-security-update/155594
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-17246
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
|
@ -41,3 +41,5 @@ requests:
|
|||
part: header
|
||||
words:
|
||||
- "application/json"
|
||||
|
||||
# Enhanced by mp on 2023/01/15
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
id: CVE-2019-12616
|
||||
|
||||
info:
|
||||
name: phpMyAdmin < 4.9.0 - CSRF
|
||||
name: phpMyAdmin <4.9.0 - Cross-Site Request Forgery
|
||||
author: Mohammedsaneem,philippedelteil,daffainfo
|
||||
severity: medium
|
||||
description: A vulnerability was found that allows an attacker to trigger a CSRF attack against a phpMyAdmin user. The attacker can trick the user, for instance through a broken <img> tag pointing at the victim's phpMyAdmin database, and the attacker can potentially deliver a payload (such as a specific INSERT or DELETE statement) through the victim.
|
||||
description: phpMyAdmin before 4.9.0 is susceptible to cross-site request forgery. An attacker can utilize a broken <img> tag which points at the victim's phpMyAdmin database, thus leading to potential delivery of a payload, such as a specific INSERT or DELETE statement.
|
||||
reference:
|
||||
- https://www.phpmyadmin.net/security/PMASA-2019-4/
|
||||
- https://www.exploit-db.com/exploits/46982
|
||||
|
@ -50,3 +50,5 @@ requests:
|
|||
group: 1
|
||||
regex:
|
||||
- '\?v=([0-9.]+)'
|
||||
|
||||
# Enhanced by md on 2023/01/11
|
||||
|
|
|
@ -1,16 +1,16 @@
|
|||
id: CVE-2019-14530
|
||||
|
||||
info:
|
||||
name: OpenEMR < 5.0.2 - Path Traversal
|
||||
name: OpenEMR <5.0.2 - Local File Inclusion
|
||||
author: TenBird
|
||||
severity: high
|
||||
description: |
|
||||
An issue was discovered in custom/ajax_download.php in OpenEMR before 5.0.2 via the fileName parameter. An attacker can download any file (that is readable by the user www-data) from server storage. If the requested file is writable for the www-data user and the directory /var/www/openemr/sites/default/documents/cqm_qrda/ exists, it will be deleted from server.
|
||||
OpenEMR before 5.0.2 is vulnerable to local file inclusion via the fileName parameter in custom/ajax_download.php. An attacker can download any file (that is readable by the web server user) from server storage. If the requested file is writable for the web server user and the directory /var/www/openemr/sites/default/documents/cqm_qrda/ exists, the file will be deleted from server.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/50037
|
||||
- https://github.com/openemr/openemr/archive/refs/tags/v5_0_1_7.zip
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-14530
|
||||
- https://github.com/openemr/openemr/pull/2592
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-14530
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 8.8
|
||||
|
@ -50,3 +50,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2023/01/15
|
||||
|
|
|
@ -1,11 +1,11 @@
|
|||
id: CVE-2021-20323
|
||||
|
||||
info:
|
||||
name: Keycloak < 18.0.0 - Cross Site Scripting
|
||||
name: Keycloak 10.0.0 - 18.0.0 - Cross-Site Scripting
|
||||
author: ndmalc
|
||||
severity: medium
|
||||
description: |
|
||||
Keycloak before 18.0.0 and after 10.0.0 allows a reflected XSS on client-registrations endpoint. On POST request, when a request is submitted, the application does not sanitize unknown attribute name before including it in the error response with a 'Content-Type' of text/hml. Once reflected, the response is interpreted as html. This can be performed on any realm present on the Keycloak instance. Currently, due to the bug requiring Content-Type application/json and is submitted via a POST, there is no common path to exploit that have a user impact.
|
||||
Keycloak 10.0.0 to 18.0.0 contains a cross-site scripting vulnerability via the client-registrations endpoint. On a POST request, the application does not sanitize an unknown attribute name before including it in the error response with a 'Content-Type' of text/hml. Once reflected, the response is interpreted as HTML. This can be performed on any realm present on the Keycloak instance. Since the bug requires Content-Type application/json and is submitted via a POST, there is no common path to exploit that has a user impact.
|
||||
reference:
|
||||
- https://github.com/keycloak/keycloak/security/advisories/GHSA-m98g-63qj-fp8j
|
||||
- https://bugzilla.redhat.com/show_bug.cgi?id=2013577
|
||||
|
@ -52,3 +52,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 400
|
||||
|
||||
# Enhanced by md on 2023/01/06
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
id: unpatched-coldfusion
|
||||
id: CVE-2021-21087
|
||||
|
||||
info:
|
||||
name: Adobe ColdFusion - Remote Code Execution
|
|
@ -1,18 +1,15 @@
|
|||
id: CVE-2021-24227
|
||||
|
||||
info:
|
||||
name: Patreon WordPress < 1.7.0 - Unauthenticated Local File Disclosure
|
||||
name: Patreon WordPress <1.7.0 - Unauthenticated Local File Inclusion
|
||||
author: theamanrawat
|
||||
severity: high
|
||||
description: The Jetpack Scan team identified a Local File Disclosure vulnerability
|
||||
in the Patreon WordPress plugin before 1.7.0 that could be abused by anyone visiting
|
||||
the site. Using this attack vector, an attacker could leak important internal
|
||||
files like wp-config.php, which contains database credentials and cryptographic
|
||||
keys used in the generation of nonces and cookies.
|
||||
description: Patreon WordPress before version 1.7.0 is vulnerable to unauthenticated local file inclusion that could be abused by anyone visiting the site. Exploitation by an attacker could leak important internal files like wp-config.php, which contains database credentials and cryptographic keys used in the generation of nonces and cookies.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/f62df02d-7678-440f-84a1-ddbf09364016
|
||||
- https://wordpress.org/plugins/patreon-connect/
|
||||
- https://jetpack.com/2021/03/26/vulnerabilities-found-in-patreon-wordpress-plugin/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-24227
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
|
@ -34,3 +31,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2023/01/15
|
||||
|
|
|
@ -1,16 +1,16 @@
|
|||
id: CVE-2021-24827
|
||||
|
||||
info:
|
||||
name: Asgaros Forum < 1.15.13 - Unauthenticated SQL Injection
|
||||
name: WordPress Asgaros Forum <1.15.13 - SQL Injection
|
||||
author: theamanrawat
|
||||
severity: critical
|
||||
description: |
|
||||
The Asgaros Forum WordPress plugin before 1.15.13 does not validate and escape user input when subscribing to a topic before using it in a SQL statement, leading to an unauthenticated SQL injection issue.
|
||||
WordPress Asgaros Forum plugin before 1.15.13 is susceptible to SQL injection. The plugin does not validate and escape user input when subscribing to a topic before using it in a SQL statement. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/36cc5151-1d5e-4874-bcec-3b6326235db1
|
||||
- https://wordpress.org/plugins/asgaros-forum/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-24827
|
||||
- https://plugins.trac.wordpress.org/changeset/2611560/asgaros-forum
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-24827
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
|
@ -35,3 +35,5 @@ requests:
|
|||
- 'contains(content_type, "text/html")'
|
||||
- 'contains(body, "asgarosforum")'
|
||||
condition: and
|
||||
|
||||
# Enhanced by md on 2023/01/06
|
||||
|
|
|
@ -1,11 +1,11 @@
|
|||
id: CVE-2021-24946
|
||||
|
||||
info:
|
||||
name: Modern Events Calendar < 6.1.5 - Blind SQL Injection
|
||||
name: WordPress Modern Events Calendar <6.1.5 - Blind SQL Injection
|
||||
author: theamanrawat
|
||||
severity: critical
|
||||
description: |
|
||||
The plugin does not sanitise and escape the time parameter before using it in a SQL statement in the mec_load_single_page AJAX action, available to unauthenticated users, leading to an unauthenticated SQL injection issue.
|
||||
WordPress Modern Events Calendar plugin before 6.1.5 is susceptible to blind SQL injection. The plugin does not sanitize and escape the time parameter before using it in a SQL statement in the mec_load_single_page AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/09871847-1d6a-4dfe-8a8c-f2f53ff87445
|
||||
- https://wordpress.org/plugins/modern-events-calendar-lite/
|
||||
|
@ -34,3 +34,5 @@ requests:
|
|||
- 'contains(content_type, "text/html")'
|
||||
- 'contains(body, "The event is finished") || contains(body, "been a critical error")'
|
||||
condition: and
|
||||
|
||||
# Enhanced by md on 2023/01/06
|
||||
|
|
|
@ -1,11 +1,11 @@
|
|||
id: CVE-2021-25099
|
||||
|
||||
info:
|
||||
name: Give < 2.17.3 - Cross-Site Scripting
|
||||
name: WordPress GiveWP <2.17.3 - Cross-Site Scripting
|
||||
author: theamanrawat
|
||||
severity: medium
|
||||
description: |
|
||||
The GiveWP WordPress plugin before 2.17.3 does not sanitise and escape the form_id parameter before outputting it back in the response of an unauthenticated request via the give_checkout_login AJAX action, leading to a Reflected Cross-Site Scripting.
|
||||
WordPress GiveWP plugin before 2.17.3 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape the form_id parameter before returning it in the response of an unauthenticated request via the give_checkout_login AJAX action. An attacker can inject arbitrary script in the browser of a user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/87a64b27-23a3-40f5-a3d8-0650975fee6f
|
||||
- https://wordpress.org/plugins/give/
|
||||
|
@ -36,3 +36,5 @@ requests:
|
|||
- 'contains(body, "<script>alert(document.domain)</script>")'
|
||||
- 'contains(body, "give_user_login")'
|
||||
condition: and
|
||||
|
||||
# Enhanced by md on 2023/01/06
|
||||
|
|
|
@ -1,11 +1,11 @@
|
|||
id: CVE-2021-35380
|
||||
|
||||
info:
|
||||
name: TermTalk Server 3.24.0.2 - Unauthenticated Arbitrary File Read
|
||||
name: TermTalk Server 3.24.0.2 - Local File Inclusion
|
||||
author: fxploit
|
||||
severity: high
|
||||
description: |
|
||||
A Directory Traversal vulnerability exists in Solari di Udine TermTalk Server (TTServer) 3.24.0.2, which lets an unauthenticated malicious user gain access to the files on the remote system by gaining access to the relative path of the file they want to download.
|
||||
TermTalk Server (TTServer) 3.24.0.2 is vulnerable to file inclusion which allows unauthenticated malicious user to gain access to the files on the remote system by providing the relative path of the file they want to retrieve.
|
||||
reference:
|
||||
- https://www.swascan.com/solari-di-udine/
|
||||
- https://www.exploit-db.com/exploits/50638
|
||||
|
@ -30,3 +30,5 @@ requests:
|
|||
- "fonts"
|
||||
- "extensions"
|
||||
condition: and
|
||||
|
||||
# Enhanced by mp on 2023/01/15
|
||||
|
|
|
@ -1,15 +1,16 @@
|
|||
id: CVE-2021-40661
|
||||
|
||||
info:
|
||||
name: IND780 - Directory Traversal
|
||||
name: IND780 - Local File Inclusion
|
||||
author: For3stCo1d
|
||||
severity: high
|
||||
description: |
|
||||
A remote, unauthenticated, directory traversal vulnerability was identified within the web interface used by IND780 Advanced Weighing Terminals Build 8.0.07 March 19, 2018 (SS Label 'IND780_8.0.07'), Version 7.2.10 June 18, 2012 (SS Label 'IND780_7.2.10'). It was possible to traverse the folders of the affected host by providing a traversal path to the 'webpage' parameter in AutoCE.ini This could allow a remote unauthenticated adversary to access additional files on the affected system. This could also allow the adversary to perform further enumeration against the affected host to identify the versions of the systems in use, in order to launch further attacks in future.
|
||||
IND780 Advanced Weighing Terminals Build 8.0.07 March 19, 2018 (SS Label 'IND780_8.0.07'), Version 7.2.10 June 18, 2012 (SS Label 'IND780_7.2.10') is vulnerable to unauthenticated local file inclusion. It is possible to traverse the folders of the affected host by providing a relative path to the 'webpage' parameter in AutoCE.ini. This could allow a remote attacker to access additional files on the affected system.
|
||||
reference:
|
||||
- https://sidsecure.au/blog/cve-2021-40661/?_sm_pdc=1&_sm_rid=MRRqb4KBDnjBMJk24b40LMS3SKqPMqb4KVn32Kr
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40661
|
||||
- https://www.mt.com/au/en/home/products/Industrial_Weighing_Solutions/Terminals-and-Controllers/terminals-bench-floor-scales/advanced-bench-floor-applications/IND780/IND780_.html#overviewpm
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-40661
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
|
@ -38,3 +39,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2023/01/15
|
||||
|
|
|
@ -1,15 +1,15 @@
|
|||
id: CVE-2021-43421
|
||||
|
||||
info:
|
||||
name: Studio-42 elFinder < 2.1.60 - Arbitrary File Upload
|
||||
name: Studio-42 elFinder <2.1.60 - Arbitrary File Upload
|
||||
author: akincibor
|
||||
severity: critical
|
||||
description: |
|
||||
A File Upload vulnerability exists in Studio-42 elFinder 2.0.4 to 2.1.59 via connector.minimal.php, which allows a remote malicious user to upload arbitrary files and execute PHP code.
|
||||
Studio-42 elFinder 2.0.4 to 2.1.59 is vulnerable to unauthenticated file upload via connector.minimal.php which could allow a remote user to upload arbitrary files and execute PHP code.
|
||||
reference:
|
||||
- https://github.com/Studio-42/elFinder/issues/3429
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-43421
|
||||
- https://twitter.com/infosec_90/status/1455180286354919425
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-43421
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
|
@ -50,3 +50,5 @@ requests:
|
|||
regex:
|
||||
- '"hash"\:"(.*?)"\,'
|
||||
internal: true
|
||||
|
||||
# Enhanced by mp on 2023/01/15
|
||||
|
|
|
@ -1,11 +1,11 @@
|
|||
id: CVE-2021-43734
|
||||
|
||||
info:
|
||||
name: kkFileview v4.0.0 - Directory Traversal
|
||||
name: kkFileview v4.0.0 - Local File Inclusion
|
||||
author: arafatansari
|
||||
severity: high
|
||||
description: |
|
||||
kkFileview v4.0.0 has arbitrary file read through a directory traversal vulnerability which may lead to sensitive file leak on related host.
|
||||
kkFileview v4.0.0 is vulnerable to local file inclusion which may lead to a sensitive file leak on a related host.
|
||||
reference:
|
||||
- https://github.com/kekingcn/kkFileView/issues/304
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-43734
|
||||
|
@ -37,3 +37,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2023/01/15
|
||||
|
|
|
@ -1,11 +1,12 @@
|
|||
id: CVE-2021-44451
|
||||
|
||||
info:
|
||||
name: Apache Superset - Default Login
|
||||
name: Apache Superset <=1.3.2 - Default Login
|
||||
author: dhiyaneshDK
|
||||
severity: medium
|
||||
description: |
|
||||
Apache Superset up to and including 1.3.2 allowed for registered database connections password leak for authenticated users. This information could be accessed in a non-trivial way.
|
||||
Apache Superset through 1.3.2 contains a default login vulnerability via registered database connections for authenticated users. An attacker can obtain access to user accounts and thereby obtain sensitive information, modify data, and/or execute unauthorized operations.
|
||||
remediation: Upgrade to Apache Superset 1.4.0 or higher.
|
||||
reference:
|
||||
- https://github.com/detectify/ugly-duckling/blob/master/modules/crowdsourced/apache-superset-default-credentials.json
|
||||
- https://lists.apache.org/thread/xww1pccs2ckb5506wrf1v4lmxg198vkb
|
||||
|
@ -66,3 +67,5 @@ requests:
|
|||
regex:
|
||||
- 'name="csrf_token" type="hidden" value="(.*)"'
|
||||
internal: true
|
||||
|
||||
# Enhanced by md on 2023/01/06
|
||||
|
|
|
@ -1,11 +1,11 @@
|
|||
id: CVE-2022-0784
|
||||
|
||||
info:
|
||||
name: Title Experiments Free < 9.0.1 - Unauthenticated SQLi
|
||||
name: WordPress Title Experiments Free <9.0.1 - SQL Injection
|
||||
author: theamanrawat
|
||||
severity: critical
|
||||
description: |
|
||||
The Title Experiments Free WordPress plugin before 9.0.1 does not sanitise and escape the id parameter before using it in a SQL statement via the wpex_titles AJAX action (available to unauthenticated users), leading to an unauthenticated SQL injection.
|
||||
WordPress Title Experiments Free plugin before 9.0.1 contains a SQL injection vulnerability. The plugin does not sanitize and escape the id parameter before using it in a SQL statement via the wpex_titles AJAX action, available to unauthenticated users. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/6672b59f-14bc-4a22-9e0b-fcab4e01d97f
|
||||
- https://wordpress.org/plugins/wp-experiments-free/
|
||||
|
@ -37,3 +37,5 @@ requests:
|
|||
- 'contains(content_type, "text/html")'
|
||||
- 'contains(body, "{\"images\":")'
|
||||
condition: and
|
||||
|
||||
# Enhanced by md on 2023/01/06
|
||||
|
|
|
@ -1,11 +1,11 @@
|
|||
id: CVE-2022-0786
|
||||
|
||||
info:
|
||||
name: KiviCare < 2.3.9 - Unauthenticated SQLi
|
||||
name: WordPress KiviCare <2.3.9 - SQL Injection
|
||||
author: theamanrawat
|
||||
severity: critical
|
||||
description: |
|
||||
The plugin does not sanitise and escape some parameters before using them in SQL statements via the ajax_post AJAX action with the get_doctor_details route, leading to SQL Injections exploitable by unauthenticated users.
|
||||
WordPress KiviCare plugin before 2.3.9 contains a SQL injection vulnerability. The plugin does not sanitize and escape some parameters before using them in SQL statements via the ajax_post AJAX action with the get_doctor_details route. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/53f493e9-273b-4349-8a59-f2207e8f8f30
|
||||
- https://wordpress.org/plugins/kivicare-clinic-management-system/
|
||||
|
@ -34,3 +34,5 @@ requests:
|
|||
- 'contains(content_type, "text/html")'
|
||||
- 'contains(body, "Doctor details")'
|
||||
condition: and
|
||||
|
||||
# Enhanced by md on 2023/01/06
|
||||
|
|
|
@ -1,11 +1,11 @@
|
|||
id: CVE-2022-0826
|
||||
|
||||
info:
|
||||
name: WP Video Gallery <= 1.7.1 - Unauthenticated SQLi
|
||||
name: WordPress WP Video Gallery <=1.7.1 - SQL Injection
|
||||
author: theamanrawat
|
||||
severity: critical
|
||||
description: |
|
||||
The WP Video Gallery WordPress plugin through 1.7.1 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users.
|
||||
WordPress WP Video Gallery plugin through 1.7.1 contains a SQL injection vulnerability. The plugin does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/7a3eed3b-c643-4e24-b833-eba60ab631c5
|
||||
- https://wordpress.org/plugins/wp-video-gallery-free/
|
||||
|
@ -37,3 +37,5 @@ requests:
|
|||
- 'contains(content_type, "text/html")'
|
||||
- 'contains(body, "Registred videos :")'
|
||||
condition: and
|
||||
|
||||
# Enhanced by md on 2023/01/06
|
||||
|
|
|
@ -1,16 +1,16 @@
|
|||
id: CVE-2022-0948
|
||||
|
||||
info:
|
||||
name: Order Listener for WooCommerce < 3.2.2 - Unauthenticated SQLi
|
||||
name: WordPress Order Listener for WooCommerce <3.2.2 - SQL Injection
|
||||
author: theamanrawat
|
||||
severity: critical
|
||||
description: |
|
||||
The Order Listener for WooCommerce WordPress plugin before 3.2.2 does not sanitise and escape the id parameter before using it in a SQL statement via a REST route available to unauthenticated users, leading to an SQL injection.
|
||||
WordPress Order Listener for WooCommerce plugin before 3.2.2 contains a SQL injection vulnerability. The plugin does not sanitize and escape the id parameter before using it in a SQL statement via a REST route. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/daad48df-6a25-493f-9d1d-17b897462576
|
||||
- https://wordpress.org/plugins/woc-order-alert/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-0948
|
||||
- https://plugins.trac.wordpress.org/changeset/2707223
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-0948
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
|
@ -43,3 +43,5 @@ requests:
|
|||
- 'contains(content_type_1, "application/json")'
|
||||
- 'contains(body_2, "olistener-action.olistener-controller")'
|
||||
condition: and
|
||||
|
||||
# Enhanced by md on 2023/01/06
|
||||
|
|
|
@ -1,11 +1,11 @@
|
|||
id: CVE-2022-1595
|
||||
|
||||
info:
|
||||
name: HC Custom WP-Admin URL - 1.4 - Unauthenticated Secret URL Disclosure
|
||||
name: WordPress HC Custom WP-Admin URL <=1.4 - Admin Login URL Disclosure
|
||||
author: theamanrawat
|
||||
severity: medium
|
||||
description: |
|
||||
The HC Custom WP-Admin URL WordPress plugin through 1.4 leaks the secret login URL when sending a specific crafted request.
|
||||
WordPress HC Custom WP-Admin URL plugin through 1.4 leaks the secret login URL when sending a specially crafted request, thereby allowing an attacker to discover the administrative login URL.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/0218c90c-8f79-4f37-9a6f-60cf2f47d47b
|
||||
- https://wordpress.org/plugins/hc-custom-wp-admin-url/
|
||||
|
@ -38,3 +38,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 302
|
||||
|
||||
# Enhanced by md on 2023/01/06
|
||||
|
|
|
@ -1,13 +1,14 @@
|
|||
id: CVE-2022-23854
|
||||
|
||||
info:
|
||||
name: AVEVA InTouch Access Anywhere Secure Gateway - Path Traversal
|
||||
name: AVEVA InTouch Access Anywhere Secure Gateway - Local File Inclusion
|
||||
author: For3stCo1d
|
||||
severity: high
|
||||
description: |
|
||||
AVEVA Group plc is a marine and plant engineering IT company headquartered in Cambridge, England. AVEVA software is used in many sectors, including on- and off-shore oil and gas processing, chemicals, pharmaceuticals, nuclear and conventional power generation, nuclear fuel reprocessing, recycling and shipbuilding (https://www.aveva.com).
|
||||
AVEVA InTouch Access Anywhere Secure Gateway is vulnerable to local file inclusion.
|
||||
reference:
|
||||
- https://packetstormsecurity.com/files/cve/CVE-2022-23854
|
||||
- https://www.aveva.com
|
||||
- https://crisec.de/advisory-aveva-intouch-access-anywhere-secure-gateway-path-traversal
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23854
|
||||
- https://www.cisa.gov/uscert/ics/advisories/icsa-22-342-02
|
||||
|
@ -42,3 +43,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2023/01/15
|
||||
|
|
|
@ -1,16 +1,16 @@
|
|||
id: CVE-2022-26138
|
||||
|
||||
info:
|
||||
name: Questions For Confluence - Hardcoded Credentials
|
||||
name: Atlassian Questions For Confluence - Hardcoded Credentials
|
||||
author: HTTPVoid
|
||||
severity: critical
|
||||
description: |
|
||||
A remote, unauthenticated attacker with knowledge of the hardcoded password could exploit this to log into Confluence and access all content accessible to users in the confluence-users group.
|
||||
Atlassian Questions For Confluence contains a hardcoded credentials vulnerability. When installing versions 2.7.34, 2.7.35, and 3.0.2, a Confluence user account is created in the confluence-users group with the username disabledsystemuser and a hardcoded password. A remote, unauthenticated attacker with knowledge of the hardcoded password can exploit this vulnerability to log into Confluence and access all content accessible to users in the confluence-users group.
|
||||
reference:
|
||||
- https://twitter.com/fluepke/status/1549892089181257729
|
||||
- https://confluence.atlassian.com/doc/questions-for-confluence-security-advisory-2022-07-20-1142446709.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-26138
|
||||
- https://confluence.atlassian.com/doc/confluence-security-advisory-2022-07-20-1142446709.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-26138
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
|
@ -40,3 +40,5 @@ requests:
|
|||
- type: dsl
|
||||
dsl:
|
||||
- 'location == "/httpvoid.action"'
|
||||
|
||||
# Enhanced by md on 2023/01/06
|
||||
|
|
|
@ -1,16 +1,15 @@
|
|||
id: CVE-2022-27593
|
||||
|
||||
info:
|
||||
name: QNAP QTS Photo Station External Reference
|
||||
name: QNAP QTS Photo Station External Reference - Local File Inclusion
|
||||
author: allenwest24
|
||||
severity: critical
|
||||
description: |
|
||||
An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, This could allow an attacker to modify system files. We have already fixed the vulnerability in the following versions: QTS 5.0.1: Photo Station 6.1.2 and later QTS 5.0.0/4.5.x: Photo Station 6.0.22 and later QTS 4.3.6: Photo Station 5.7.18 and later QTS 4.3.3: Photo Station 5.4.15 and later QTS 4.2.6: Photo Station 5.2.14 and later
|
||||
QNAP QTS Photo Station External Reference is vulnerable to local file inclusion via an externally controlled reference to a resource vulnerability. If exploited, this could allow an attacker to modify system files. The vulnerability is fixed in the following versions: QTS 5.0.1: Photo Station 6.1.2 and later QTS 5.0.0/4.5.x: Photo Station 6.0.22 and later QTS 4.3.6: Photo Station 5.7.18 and later QTS 4.3.3: Photo Station 5.4.15 and later QTS 4.2.6: Photo Station 5.2.14 and later.
|
||||
reference:
|
||||
- https://attackerkb.com/topics/7We3SjEYVo/cve-2022-27593
|
||||
- https://www.qnap.com/en/security-advisory/qsa-22-24
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-27593
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27593
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
|
||||
cvss-score: 9.1
|
||||
|
@ -39,3 +38,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2023/01/15
|
||||
|
|
|
@ -1,15 +1,15 @@
|
|||
id: CVE-2022-2863
|
||||
|
||||
info:
|
||||
name: WordPress WPvivid Backup < 0.9.76 - Local File Inclusion
|
||||
name: WordPress WPvivid Backup <0.9.76 - Local File Inclusion
|
||||
author: tehtbl
|
||||
severity: medium
|
||||
description: The plugin does not sanitise and validate a parameter before using it to read the content of a file, allowing high privilege users to read any file from the web server via a Traversal attack.
|
||||
description: WordPress WPvivid Backup version 0.9.76 is vulnerable to local file inclusion because the plugin does not sanitize and validate a parameter before using it to read the content of a file, allowing high privilege users to read any file from the web server.
|
||||
reference:
|
||||
- https://seclists.org/fulldisclosure/2022/Oct/0
|
||||
- https://wpscan.com/vulnerability/cb6a3304-2166-47a0-a011-4dcacaa133e5
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2863
|
||||
- http://packetstormsecurity.com/files/168616/WordPress-WPvivid-Backup-Path-Traversal.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-2863
|
||||
remediation: Upgrade to version 0.9.76 or later.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
|
||||
|
@ -56,3 +56,5 @@ requests:
|
|||
regex:
|
||||
- '"_ajax_nonce":"([0-9a-z]+)"'
|
||||
internal: true
|
||||
|
||||
# Enhanced by mp on 2023/01/15
|
||||
|
|
|
@ -1,15 +1,14 @@
|
|||
id: CVE-2022-31656
|
||||
|
||||
info:
|
||||
name: VMware - Authentication Bypass
|
||||
name: VMware - Local File Inclusion
|
||||
author: DhiyaneshDk
|
||||
severity: critical
|
||||
description: |
|
||||
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.
|
||||
VMware Workspace ONE Access, Identity Manager, and Realize Automation are vulnerable to local file inclusion because they contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.
|
||||
reference:
|
||||
- https://petrusviet.medium.com/dancing-on-the-architecture-of-vmware-workspace-one-access-eng-ad592ae1b6dd
|
||||
- https://www.vmware.com/security/advisories/VMSA-2022-0021.html
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31656
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-31656
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
|
@ -43,3 +42,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2023/01/15
|
||||
|
|
|
@ -1,16 +1,14 @@
|
|||
id: CVE-2022-31793
|
||||
|
||||
info:
|
||||
name: muhttpd <= 1.1.5 - Path traversal
|
||||
name: muhttpd <=1.1.5 - Local Inclusion
|
||||
author: scent2d
|
||||
severity: high
|
||||
description: |
|
||||
A Path traversal vulnerability exists in versions muhttpd 1.1.5 and earlier. The vulnerability is directly requestable to files within the file system.
|
||||
muhttpd 1.1.5 and before are vulnerable to unauthenticated local file inclusion. The vulnerability allows retrieval of files from the file system.
|
||||
reference:
|
||||
- https://derekabdine.com/blog/2022-arris-advisory.html
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31793
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-31793
|
||||
- https://derekabdine.com/blog/2022-arris-advisory
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
|
@ -36,3 +34,5 @@ network:
|
|||
encoding: hex
|
||||
words:
|
||||
- "726f6f743a"
|
||||
|
||||
# Enhanced by mp on 2023/01/15
|
||||
|
|
|
@ -5,11 +5,11 @@ info:
|
|||
author: edoardottt
|
||||
severity: high
|
||||
description: |
|
||||
Cuppa CMS v1.0 was discovered to contain a local file inclusion (LFI) vulnerability via the component /templates/default/html/windows/right.php.
|
||||
Cuppa CMS v1.0 is vulnerable to local file inclusion via the component /templates/default/html/windows/right.php.
|
||||
reference:
|
||||
- https://github.com/hansmach1ne/MyExploits/tree/main/LFI_in_CuppaCMS_templates
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-34121
|
||||
- https://github.com/CuppaCMS/CuppaCMS/issues/18
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-34121
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
|
@ -37,3 +37,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2023/01/15
|
||||
|
|
|
@ -1,15 +1,16 @@
|
|||
id: CVE-2022-35413
|
||||
|
||||
info:
|
||||
name: Wapples Web Application Firewall - Hardcoded credentials
|
||||
name: WAPPLES Web Application Firewall <=6.0 - Hardcoded Credentials
|
||||
author: For3stCo1d
|
||||
severity: critical
|
||||
description: |
|
||||
WAPPLES through 6.0 has a hardcoded systemi account accessible via db/wp.no1 (as configured in the /opt/penta/wapples/script/wcc_auto_scaling.py file). A threat actor could use this account to access the system configuration and confidential information (such as SSL keys) via an HTTPS request to the /webapi/ URI on port 443 or 5001.
|
||||
WAPPLES Web Application Firewall through 6.0 contains a hardcoded credentials vulnerability. It contains a hardcoded system account accessible via db/wp.no1, as configured in the /opt/penta/wapples/script/wcc_auto_scaling.py file. An attacker can use this account to access system configuration and confidential information, such as SSL keys, via an HTTPS request to the /webapi/ URI on port 443 or 5001.
|
||||
reference:
|
||||
- https://medium.com/@_sadshade/wapples-web-application-firewall-multiple-vulnerabilities-35bdee52c8fb
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35413
|
||||
- https://azuremarketplace.microsoft.com/en/marketplace/apps/penta-security-systems-inc.wapples_sa_v6?tab=Overview
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-35413
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
|
@ -53,3 +54,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by md on 2023/01/06
|
||||
|
|
|
@ -1,15 +1,15 @@
|
|||
id: CVE-2022-36642
|
||||
|
||||
info:
|
||||
name: Omnia MPX 1.5.0+r1 - Path Traversal
|
||||
name: Omnia MPX 1.5.0+r1 - Local File Inclusion
|
||||
author: arafatansari,ritikchaddha,For3stCo1d
|
||||
severity: critical
|
||||
description: |
|
||||
A local file disclosure vulnerability in /appConfig/userDB.json of Telos Alliance Omnia MPX Node through 1.5.0+r1 allows attackers to escalate privileges to root and execute arbitrary commands.
|
||||
Telos Alliance Omnia MPX Node through 1.5.0+r1 is vulnerable to local file inclusion via logs/downloadMainLog. By retrieving userDB.json allows an attacker to retrieve cleartext credentials and escalate privileges via the control panel.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/50996
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36642
|
||||
- https://cyber-guy.gitbook.io/cyber-guy/pocs/omnia-node-mpx-auth-bypass-via-lfd
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-36642
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
|
@ -41,3 +41,5 @@ requests:
|
|||
- '"mustChangePwd":'
|
||||
- '"roleUser":'
|
||||
condition: and
|
||||
|
||||
# Enhanced by mp on 2023/01/15
|
||||
|
|
|
@ -1,14 +1,14 @@
|
|||
id: CVE-2022-37299
|
||||
|
||||
info:
|
||||
name: Shirne CMS 1.2.0. - Path Traversal
|
||||
name: Shirne CMS 1.2.0 - Local File Inclusion
|
||||
author: pikpikcu
|
||||
severity: medium
|
||||
description: Shirne CMS 1.2.0 There is a Path Traversal vulnerability which could cause arbitrary file read via /static/ueditor/php/controller.php
|
||||
description: Shirne CMS 1.2.0 is vulnerable to local file inclusion which could cause arbitrary file read via /static/ueditor/php/controller.php.
|
||||
reference:
|
||||
- https://twitter.com/pikpikcu/status/1568316864690028544
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-37299
|
||||
- https://gitee.com/shirnecn/ShirneCMS/issues/I5JRHJ?from=project-issue
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-37299
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 6.5
|
||||
|
@ -38,3 +38,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2023/01/15
|
||||
|
|
|
@ -1,17 +1,17 @@
|
|||
id: CVE-2022-3768
|
||||
|
||||
info:
|
||||
name: WPSmartContracts < 1.3.12 - Author SQLi
|
||||
name: WordPress WPSmartContracts <1.3.12 - SQL Injection
|
||||
author: Hardik-Solanki
|
||||
severity: high
|
||||
description: |
|
||||
The WPSmartContracts WordPress plugin before 1.3.12 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as author
|
||||
WordPress WPSmartContracts plugin before 1.3.12 contains a SQL injection vulnerability. The plugin does not properly sanitize and escape a parameter before using it in a SQL statement. An attacker with a role as low as author can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/1d8bf5bb-5a17-49b7-a5ba-5f2866e1f8a3
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3768
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-3768
|
||||
- https://cve.report/CVE-2022-3768
|
||||
remediation: Fixed in version 1.3.12
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-3768
|
||||
remediation: Fixed in version 1.3.12.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 8.8
|
||||
|
@ -45,3 +45,5 @@ requests:
|
|||
- 'contains(content_type_2, "text/html")'
|
||||
- 'contains(body_2, "Batch Mint NFTs")'
|
||||
condition: and
|
||||
|
||||
# Enhanced by md on 2023/01/06
|
||||
|
|
|
@ -5,10 +5,9 @@ info:
|
|||
author: pikpikcu
|
||||
severity: high
|
||||
description: |
|
||||
Zaver through 2020-12-15 allows directory traversal via the GET /.. substring.
|
||||
Zaver through 2020-12-15 is vulnerable to local file inclusion via the GET /.. substring.
|
||||
reference:
|
||||
- https://github.com/zyearn/zaver/issues/22
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38794
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-38794
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
|
@ -32,3 +31,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2023/01/15
|
||||
|
|
|
@ -1,11 +1,11 @@
|
|||
id: CVE-2022-4050
|
||||
|
||||
info:
|
||||
name: JoomSport < 5.2.8 - Unauthenticated SQLi
|
||||
name: WordPress JoomSport <5.2.8 - SQL Injection
|
||||
author: theamanrawat
|
||||
severity: critical
|
||||
description: |
|
||||
The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users.
|
||||
WordPress JoomSport plugin before 5.2.8 contains a SQL injection vulnerability. The plugin does not properly sanitize and escape a parameter before using it in a SQL statement. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/5c96bb40-4c2d-4e91-8339-e0ddce25912f
|
||||
- https://wordpress.org/plugins/joomsport-sports-league-results-management/
|
||||
|
@ -37,3 +37,5 @@ requests:
|
|||
- 'contains(content_type, "text/html")'
|
||||
- 'contains(body, "jscaruselcont jsview2")'
|
||||
condition: and
|
||||
|
||||
# Enhanced by md on 2023/01/06
|
||||
|
|
|
@ -1,11 +1,11 @@
|
|||
id: CVE-2022-40734
|
||||
|
||||
info:
|
||||
name: UniSharp aka Laravel Filemanager v2.5.1 - Directory Traversal
|
||||
name: Laravel Filemanager v2.5.1 - Local File Inclusion
|
||||
author: arafatansari
|
||||
severity: medium
|
||||
description: |
|
||||
UniSharp laravel-filemanager (aka Laravel Filemanager) through 2.5.1 allows download?working_dir=%2F.. directory traversal to read arbitrary files.
|
||||
Laravel Filemanager (aka UniSharp) through version 2.5.1 is vulnerable to local file inclusion via download?working_dir=%2F.
|
||||
reference:
|
||||
- https://github.com/UniSharp/laravel-filemanager/issues/1150
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-40734
|
||||
|
@ -30,3 +30,5 @@ requests:
|
|||
- type: regex
|
||||
regex:
|
||||
- "root:[x*]:0:0"
|
||||
|
||||
# Enhanced by mp on 2023/01/15
|
||||
|
|
|
@ -5,7 +5,7 @@ info:
|
|||
author: For3stCo1d
|
||||
severity: critical
|
||||
description: |
|
||||
SolarView Compact 6.00 was discovered to contain a command injection vulnerability via network_test.php
|
||||
SolarView Compact 6.00 is vulnerable to a command injection via network_test.php.
|
||||
reference:
|
||||
- https://github.com/Timorlover/SolarView_Compact_6.0_rce_via_network_test.php
|
||||
- https://github.com/advisories/GHSA-wx3r-88rg-whxq
|
||||
|
@ -42,3 +42,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2023/01/15
|
||||
|
|
|
@ -1,16 +1,16 @@
|
|||
id: CVE-2022-41840
|
||||
|
||||
info:
|
||||
name: Welcart eCommerce <= 2.7.7 - Unauth Directory Traversal
|
||||
name: Welcart eCommerce <=2.7.7 - Local File Inclusion
|
||||
author: theamanrawat
|
||||
severity: critical
|
||||
description: |
|
||||
Unauth. Directory Traversal vulnerability in Welcart eCommerce plugin <= 2.7.7 on WordPress.
|
||||
Welcart eCommerce 2.7.7 and before are vulnerable to unauthenticated local file inclusion.
|
||||
reference:
|
||||
- https://patchstack.com/database/vulnerability/usc-e-shop/wordpress-welcart-e-commerce-plugin-2-7-7-unauth-directory-traversal-vulnerability
|
||||
- https://wordpress.org/plugins/usc-e-shop/
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41840
|
||||
- https://patchstack.com/database/vulnerability/usc-e-shop/wordpress-welcart-e-commerce-plugin-2-7-7-unauth-directory-traversal-vulnerability?_s_id=cve
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-41840
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
|
@ -40,3 +40,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2023/01/15
|
||||
|
|
|
@ -1,16 +1,16 @@
|
|||
id: CVE-2022-4260
|
||||
|
||||
info:
|
||||
name: WP-Ban < 1.69.1 - Admin Stored XSS
|
||||
name: WordPress WP-Ban <1.69.1 - Stored Cross-Site Scripting
|
||||
author: Hardik-Solanki
|
||||
severity: medium
|
||||
description: |
|
||||
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
|
||||
WordPress WP-Ban plugin before 1.69.1 contains a stored cross-site scripting vulnerability. The plugin does not sanitize and escape some of its settings, which can allow high-privilege users to steal cookie-based authentication credentials and launch other attacks. This vulnerability can be exploited even when the unfiltered_html capability is disallowed, for example in multisite setup.
|
||||
remediation: Fixed in version 1.69.1.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/d0cf24be-df87-4e1f-aae7-e9684c88e7db
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4260
|
||||
- https://drive.google.com/file/d/11nQ21cQ9irajYqNqsQtNrLJOkeRcwCXn/view?usp=drivesdk
|
||||
remediation: Fixed in version 1.69.1
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 4.8
|
||||
|
@ -66,3 +66,5 @@ requests:
|
|||
regex:
|
||||
- '_wpnonce=([0-9a-z]+)'
|
||||
internal: true
|
||||
|
||||
# Enhanced by md on 2023/01/06
|
||||
|
|
|
@ -1,14 +1,15 @@
|
|||
id: CVE-2022-46381
|
||||
|
||||
info:
|
||||
name: Certain Linear eMerge E3-Series - Cross Site Scripting
|
||||
name: Linear eMerge E3-Series - Cross-Site Scripting
|
||||
author: arafatansari
|
||||
severity: medium
|
||||
description: |
|
||||
Certain Linear eMerge E3-Series devices are vulnerable to XSS via the type parameter (e.g., to the badging/badge_template_v0.php component). This affects 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e.
|
||||
Linear eMerge E3-Series devices contain a cross-site scripting vulnerability via the type parameter, e.g., to the badging/badge_template_v0.php component. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site and thus steal cookie-based authentication credentials and launch other attacks. This affects versions 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e.
|
||||
reference:
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46381
|
||||
- https://github.com/omarhashem123/Security-Research/blob/main/CVE-2022-46381/CVE-2022-46381.txt
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-46381
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -35,3 +36,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by md on 2023/01/06
|
||||
|
|
|
@ -1,12 +1,16 @@
|
|||
id: 3com-nj2000-default-login
|
||||
|
||||
info:
|
||||
name: 3COM NJ2000 Default Login
|
||||
name: 3COM NJ2000 - Default Login
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: 3COM NJ2000 default admin credentials were discovered.
|
||||
description: 3COM NJ2000 contains a default login vulnerability. Default admin login password of 'password' was found. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
|
||||
reference:
|
||||
- https://www.manualslib.com/manual/204158/3com-Intellijack-Nj2000.html?page=12
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
|
||||
cvss-score: 8.3
|
||||
cwe-id: CWE-522
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.title:"ManageEngine Password"
|
||||
|
@ -34,3 +38,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by md on 2023/01/06
|
||||
|
|
|
@ -1,13 +1,17 @@
|
|||
id: aem-felix-console
|
||||
|
||||
info:
|
||||
name: AEM Felix Console
|
||||
name: Adobe Experience Manager Felix Console - Default Login
|
||||
author: DhiyaneshDk
|
||||
severity: high
|
||||
description: Felix Console is exposed, you may get RCE by installing OSGI bundle.
|
||||
description: Adobe Experience Manager Felix Console contains a default admin login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations. Remote code execution may also be possible via installation of OSGI bundle.
|
||||
reference:
|
||||
- https://github.com/0ang3el/aem-hacker/blob/master/aem_hacker.py
|
||||
- https://github.com/0ang3el/aem-rce-bundle
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
|
||||
cvss-score: 8.3
|
||||
cwe-id: CWE-522
|
||||
metadata:
|
||||
shodan-query:
|
||||
- http.title:"AEM Sign In"
|
||||
|
@ -45,3 +49,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by md on 2023/01/06
|
||||
|
|
|
@ -1,12 +1,16 @@
|
|||
id: karaf-default-login
|
||||
|
||||
info:
|
||||
name: Apache Karaf Default Login
|
||||
name: Apache Karaf - Default Login
|
||||
author: s0obi
|
||||
severity: high
|
||||
description: Apache Karaf default login credentials were discovered.
|
||||
description: Apache Karaf contains a default login vulnerability. Default login credentials were detected. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
|
||||
reference:
|
||||
- https://karaf.apache.org/manual/latest/webconsole
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
|
||||
cvss-score: 8.3
|
||||
cwe-id: CWE-522
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: realm="karaf"
|
||||
|
@ -34,3 +38,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by md on 2023/01/06
|
||||
|
|
|
@ -1,10 +1,16 @@
|
|||
id: ranger-default-login
|
||||
|
||||
info:
|
||||
name: Apache Ranger Default Login
|
||||
name: Apache Ranger - Default Login
|
||||
author: For3stCo1d
|
||||
severity: high
|
||||
reference: https://github.com/apache/ranger
|
||||
description: Apache Ranger contains a default login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
|
||||
reference:
|
||||
- https://github.com/apache/ranger
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
|
||||
cvss-score: 8.3
|
||||
cwe-id: CWE-522
|
||||
metadata:
|
||||
shodan-query: http.title:"Ranger - Sign In"
|
||||
tags: apache,ranger,default-login
|
||||
|
@ -37,3 +43,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by md on 2023/01/06
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
id: audiocodes-default-login
|
||||
|
||||
info:
|
||||
name: Audiocodes 310HD, 320HD, 420HD, 430HD & 440HD Default Login
|
||||
name: AudioCodes 310HD, 320HD, 420HD, 430HD & 440HD - Default Login
|
||||
author: d4vy
|
||||
severity: high
|
||||
description: Audiocodes 310HD, 320HD, 420HD, 430HD & 440HD default login credentials were discovered.
|
||||
description: AudioCodes devices 310HD, 320HD, 420HD, 430HD & 440HD contain a default login vulnerability. Default login credentials were discovered. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
|
||||
reference:
|
||||
- https://wiki.freepbx.org/display/FPG/Supported+Devices-Audio+Codes#:~:text=Reset%20to%20Factory%20Defaults,-Press%20the%20Menu&text=Then%2C%20enter%20the%20Admin%20password,is%20%221234%22%20by%20default
|
||||
classification:
|
||||
|
@ -43,3 +43,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by md on 2023/01/06
|
||||
|
|
|
@ -1,11 +1,16 @@
|
|||
id: datahub-metadata-default-login
|
||||
|
||||
info:
|
||||
name: DataHub Metadata Default Login
|
||||
name: DataHub Metadata - Default Login
|
||||
author: queencitycyber
|
||||
severity: high
|
||||
description: DataHub Metadata contains a default login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
|
||||
reference:
|
||||
- https://github.com/datahub-project/datahub/blob/master/docs/rfc/active/access-control/access-control.md
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
|
||||
cvss-score: 8.3
|
||||
cwe-id: CWE-522
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.title:"DataHub"
|
||||
|
@ -37,3 +42,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by md on 2023/01/06
|
||||
|
|
|
@ -1,12 +1,16 @@
|
|||
id: dataiku-default-login
|
||||
|
||||
info:
|
||||
name: Dataiku Default Login
|
||||
name: Dataiku - Default Login
|
||||
author: random-robbie
|
||||
severity: high
|
||||
description: Dataiku default login which allows SSRF/RCE etc.
|
||||
description: Dataiku contains a default login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations. This vulnerability may also lead to server-side request forgery and/or remote code execution.
|
||||
reference:
|
||||
- https://www.dataiku.com
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
|
||||
cvss-score: 8.3
|
||||
cwe-id: CWE-522
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: title:"dataiku"
|
||||
|
@ -31,3 +35,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by md on 2023/01/06
|
||||
|
|
|
@ -1,9 +1,10 @@
|
|||
id: hybris-default-login
|
||||
|
||||
info:
|
||||
name: Hybris Default Login
|
||||
name: Hybris - Default Login
|
||||
author: princechaddha
|
||||
severity: high
|
||||
description: Hybris contains a default login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
|
||||
cvss-score: 8.3
|
||||
|
@ -60,3 +61,5 @@ requests:
|
|||
group: 1
|
||||
regex:
|
||||
- '<meta name="_csrf" content="([a-z0-9-]+)" \/>'
|
||||
|
||||
# Enhanced by md on 2023/01/06
|
||||
|
|
|
@ -1,14 +1,18 @@
|
|||
id: kanboard-default-login
|
||||
|
||||
info:
|
||||
name: Kanboard Default Login
|
||||
name: Kanboard - Default Login
|
||||
author: shelled
|
||||
severity: high
|
||||
description: Kanboard default login was discovered.
|
||||
description: Kanboard contains a default login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
|
||||
reference:
|
||||
- https://twitter.com/0x_rood/status/1607068644634157059
|
||||
- https://github.com/kanboard/kanboard
|
||||
- https://docs.kanboard.org/v1/admin/installation/
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
|
||||
cvss-score: 8.3
|
||||
cwe-id: CWE-522
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.favicon.hash:2056442365
|
||||
|
@ -58,3 +62,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by md on 2023/01/06
|
||||
|
|
|
@ -1,9 +1,14 @@
|
|||
id: kettle-default-login
|
||||
|
||||
info:
|
||||
name: Kettle Default Login
|
||||
name: Kettle - Default Login
|
||||
author: For3stCo1d
|
||||
severity: medium
|
||||
description: Kettle contains a default login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
|
||||
cvss-score: 5.8
|
||||
cwe-id: CWE-522
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: basic realm="Kettle"
|
||||
|
@ -33,3 +38,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by md on 2023/01/06
|
||||
|
|
|
@ -1,12 +1,17 @@
|
|||
id: lutron-default-login
|
||||
|
||||
info:
|
||||
name: Lutron Device Default Login
|
||||
name: Lutron - Default Login
|
||||
author: geeknik
|
||||
severity: high
|
||||
description: Multiple Lutron devices contain a default login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
|
||||
reference:
|
||||
- https://www.lutron.com
|
||||
- https://vulners.com/openvas/OPENVAS:1361412562310113206
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
|
||||
cvss-score: 5.8
|
||||
cwe-id: CWE-522
|
||||
tags: default-login,lutron,iot
|
||||
|
||||
requests:
|
||||
|
@ -39,3 +44,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by md on 2023/01/06
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
id: mobotix-default-credentials
|
||||
|
||||
info:
|
||||
name: Mobotix Webcam Default Admin Credentials
|
||||
name: Mobotix - Default Login
|
||||
author: robotshell
|
||||
severity: high
|
||||
description: Mobotix Camera default admin login credentials.
|
||||
description: Mobotix contains a default admin login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
|
||||
reference:
|
||||
- https://www.mobotix.com/sites/default/files/2020-01/mx_RM_CameraSoftwareManual_en_200131.pdf
|
||||
classification:
|
||||
|
@ -40,3 +40,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by md on 2023/01/06
|
||||
|
|
|
@ -1,13 +1,17 @@
|
|||
id: nsicg-default-login
|
||||
|
||||
info:
|
||||
name: Ns-icg Default Login
|
||||
name: Netentsec NS-ICG - Default Login
|
||||
author: pikpikcu
|
||||
severity: high
|
||||
description: |
|
||||
There is a weak password vulnerability in NetentSec Internet Control Gateway ns-icg of Beijing NetentScience and Technology Co., Ltd., which allows attackers to successfully log in to the system and obtain sensitive information by exploiting this loophole.
|
||||
Netentsec NS-ICG contains a default login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
|
||||
reference: |
|
||||
- https://www.cnvd.org.cn/flaw/show/CNVD-2016-08603
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
|
||||
cvss-score: 8.3
|
||||
cwe-id: CWE-522
|
||||
metadata:
|
||||
verified: true
|
||||
fofa-query: "NS-ICG"
|
||||
|
@ -46,3 +50,5 @@ requests:
|
|||
- 'status_code_2 == 200'
|
||||
- contains(body_2, "var loguser = \'ns25000")
|
||||
condition: and
|
||||
|
||||
# Enhanced by md on 2023/01/09
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
id: peoplesoft-default-login
|
||||
|
||||
info:
|
||||
name: Oracle PeopleSoft Default Login
|
||||
name: Oracle PeopleSoft - Default Login
|
||||
author: LogicalHunter
|
||||
severity: high
|
||||
description: Oracle peoplesoft default admin credentials were discovered.
|
||||
description: Oracle PeopleSoft contains a default admin login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
|
||||
reference:
|
||||
- https://www.oracle.com/applications/peoplesoft/
|
||||
- https://erpscan.io/press-center/blog/peoplesoft-default-accounts/
|
||||
|
@ -81,3 +81,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 302
|
||||
|
||||
# Enhanced by md on 2023/01/09
|
||||
|
|
|
@ -1,11 +1,16 @@
|
|||
id: kingsoft-v8-default-login
|
||||
|
||||
info:
|
||||
name: Kingsoft V8 Default Login
|
||||
name: Kingsoft 8 - Default Login
|
||||
author: ritikchaddha
|
||||
severity: high
|
||||
description: Kingsoft version 8 contains a default login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
|
||||
reference:
|
||||
- https://idc.wanyunshuju.com/aqld/2123.html
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
|
||||
cvss-score: 8.3
|
||||
cwe-id: CWE-522
|
||||
tags: kingsoft,default-login
|
||||
|
||||
requests:
|
||||
|
@ -37,3 +42,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by md on 2023/01/09
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
id: opencats-default-login
|
||||
|
||||
info:
|
||||
name: OpenCATS Default Login
|
||||
name: OpenCATS - Default Login
|
||||
author: arafatansari
|
||||
severity: high
|
||||
description: OpenCATS default admin login information was discovered.
|
||||
description: OpenCATS contains a default admin login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
|
||||
cvss-score: 8.3
|
||||
|
@ -52,3 +52,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by md on 2023/01/09
|
||||
|
|
|
@ -1,18 +1,21 @@
|
|||
id: phpmyadmin-default-login
|
||||
|
||||
info:
|
||||
name: phpMyAdmin Default Login
|
||||
name: phpMyAdmin - Default Login
|
||||
author: Natto97
|
||||
severity: high
|
||||
description: phpMyAdmin default admin credentials were discovered
|
||||
description: phpMyAdmin contains a default login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
|
||||
reference:
|
||||
- https://www.phpmyadmin.net
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
|
||||
cvss-score: 8.3
|
||||
cwe-id: CWE-522
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.title:phpMyAdmin
|
||||
tags: default-login,phpmyadmin
|
||||
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
- |
|
||||
|
@ -71,3 +74,5 @@ requests:
|
|||
- status_code_2 == 302
|
||||
- contains(all_headers_2, 'index.php?collation_connection=utf8mb4_unicode_ci') || contains(all_headers_2, '/index.php?route=/&route=%2F')
|
||||
condition: and
|
||||
|
||||
# Enhanced by md on 2023/01/09
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
id: prtg-default-login
|
||||
|
||||
info:
|
||||
name: PRTG Network Monitor Default Login
|
||||
name: PRTG Network Monitor - Hardcoded Credentials
|
||||
author: johnk3r
|
||||
severity: high
|
||||
description: PRTG default admin credentials were discovered.
|
||||
description: PRTG Network Monitor contains a hardcoded credential vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
|
||||
reference:
|
||||
- https://www.paessler.com/manuals/prtg/login
|
||||
classification:
|
||||
|
@ -41,3 +41,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 302
|
||||
|
||||
# Enhanced by md on 2023/01/09
|
||||
|
|
|
@ -1,14 +1,19 @@
|
|||
id: ruckus-wireless-default-login
|
||||
|
||||
info:
|
||||
name: Ruckus Wireless Admin Default Login Credential
|
||||
name: Ruckus Wireless - Default Login
|
||||
author: pussycat0x
|
||||
severity: critical
|
||||
description: Ruckus Wireless router contains a default admin login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
|
||||
reference:
|
||||
- https://docs.commscope.com/bundle/fastiron-08092-securityguide/page/GUID-32D3BB01-E600-4FBE-B555-7570B5024D34.html
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
|
||||
cvss-score: 8.3
|
||||
cwe-id: CWE-522
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: title:"ruckus"
|
||||
reference:
|
||||
- https://docs.commscope.com/bundle/fastiron-08092-securityguide/page/GUID-32D3BB01-E600-4FBE-B555-7570B5024D34.html
|
||||
tags: default-login,router,ruckus
|
||||
|
||||
requests:
|
||||
|
@ -42,3 +47,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by md on 2023/01/09
|
||||
|
|
|
@ -1,13 +1,17 @@
|
|||
id: samsung-printer-default-login
|
||||
|
||||
info:
|
||||
name: Samsung Printer Default Login
|
||||
name: Samsung Printer - Default Login
|
||||
author: gy741
|
||||
severity: high
|
||||
description: |
|
||||
Samsung Printer default login credentials were discovered.
|
||||
Samsung printers contain a default admin login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
|
||||
reference:
|
||||
- https://support.hp.com/gb-en/document/c05591673
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
|
||||
cvss-score: 8.3
|
||||
cwe-id: CWE-522
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: title:"SyncThru Web Service"
|
||||
|
@ -45,3 +49,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by md on 2023/01/09
|
||||
|
|
|
@ -1,13 +1,17 @@
|
|||
id: tiny-filemanager-default-login
|
||||
|
||||
info:
|
||||
name: Tiny File Manager Default Login
|
||||
name: Tiny File Manager - Default Login
|
||||
author: shelled
|
||||
severity: high
|
||||
description: Tiny File Manager default login was discovered.
|
||||
description: Tiny File Manager contains a default login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
|
||||
reference:
|
||||
- https://github.com/prasathmani/tinyfilemanager
|
||||
- https://tinyfilemanager.github.io/docs/
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
|
||||
cvss-score: 8.3
|
||||
cwe-id: CWE-522
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: html:"Tiny File Manager"
|
||||
|
@ -61,3 +65,5 @@ requests:
|
|||
regex:
|
||||
- '([a-f0-9]{64})'
|
||||
internal: true
|
||||
|
||||
# Enhanced by md on 2023/01/09
|
||||
|
|
|
@ -1,13 +1,17 @@
|
|||
id: tooljet-default-login
|
||||
|
||||
info:
|
||||
name: ToolJet Default Login Credential
|
||||
name: ToolJet - Default Login
|
||||
author: random-robbie
|
||||
severity: high
|
||||
description: |
|
||||
toolJet is an open-source low-code framework to build and deploy custom internal tools. ToolJet can connect to your data sources such as databases ( PostgreSQL, MongoDB, MS SQL Server, Snowflake, , BigQuery, etc ), API/GraphQL endpoints, SaaS tools ( Airtable, Stripe, Google Sheets, etc ) and cloud object storage services ( AWS S3, Google Cloud Storage and Minio )
|
||||
ToolJet contains a default login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
|
||||
reference:
|
||||
- https://docs.tooljet.com/docs/contributing-guide/setup/docker/
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
|
||||
cvss-score: 8.3
|
||||
cwe-id: CWE-522
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: title:"tooljet"
|
||||
|
@ -46,3 +50,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 201
|
||||
|
||||
# Enhanced by md on 2023/01/09
|
||||
|
|
|
@ -1,11 +1,16 @@
|
|||
id: versa-flexvnf-default-login
|
||||
|
||||
info:
|
||||
name: Versa FlexVNF Web-UI - Default Login
|
||||
name: Versa FlexVNF - Default Login
|
||||
author: c-sh0
|
||||
severity: high
|
||||
description: Versa FlexVNF contains a default login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
|
||||
reference:
|
||||
- https://versa-networks.com/products/
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
|
||||
cvss-score: 8.3
|
||||
cwe-id: CWE-522
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: title:"Flex VNF Web-UI"
|
||||
|
@ -55,3 +60,5 @@ requests:
|
|||
part: header
|
||||
regex:
|
||||
- '(?i)Set-Cookie: XSRF-TOKEN=([A-Za-z0-9_.-]+)'
|
||||
|
||||
# Enhanced by md on 2023/01/09
|
||||
|
|
|
@ -1,12 +1,16 @@
|
|||
id: xnat-default-login
|
||||
|
||||
info:
|
||||
name: XNAT Default Login
|
||||
name: XNAT - Default Login
|
||||
author: 0x_Akoko
|
||||
severity: high
|
||||
description: XNAT default login information (admin/admin) was discovered.
|
||||
description: XNAT contains an admin default login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
|
||||
reference:
|
||||
- https://wiki.xnat.org/documentation/xnat-administration/xnat-setup-first-time-configuration#:~:text=Log%20in%20with%20the%20username%20admin%20and%20password%20admin
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
|
||||
cvss-score: 8.3
|
||||
cwe-id: CWE-522
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.title:"XNAT"
|
||||
|
@ -40,3 +44,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 302
|
||||
|
||||
# Enhanced by md on 2023/01/09
|
||||
|
|
|
@ -1,11 +1,11 @@
|
|||
id: xui-weak-login
|
||||
|
||||
info:
|
||||
name: X-UI Login Default Login
|
||||
name: X-UI - Default Login
|
||||
author: dali
|
||||
severity: high
|
||||
description: |
|
||||
X-UI Default Login Credentials.
|
||||
X-UI contains default credentials. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
|
||||
reference:
|
||||
- https://github.com/vaxilu/x-ui
|
||||
- https://seakfind.github.io/2021/10/10/X-UI/#:~:text=By%20default%2C%20the%20login%20user,the%20password%20is%20also%20admin%20.
|
||||
|
@ -46,3 +46,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by md on 2023/01/09
|
||||
|
|
|
@ -1,11 +1,16 @@
|
|||
id: atlantis-detect
|
||||
|
||||
info:
|
||||
name: Atlantis Detect
|
||||
name: Atlantis Panel - Detect
|
||||
author: jonathanwalker
|
||||
severity: info
|
||||
description: Atlantis panel was detected.
|
||||
reference:
|
||||
- https://github.com/runatlantis/atlantis
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.favicon.hash:-1706783005
|
||||
|
@ -28,3 +33,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by md on 2023/01/09
|
||||
|
|
|
@ -1,10 +1,16 @@
|
|||
id: cacti-panel
|
||||
|
||||
info:
|
||||
name: Cacti Login Panel
|
||||
name: Cacti Login Panel - Detect
|
||||
author: geeknik,daffainfo
|
||||
severity: info
|
||||
description: Cacti is a complete network graphing solution -- https://www.cacti.net/
|
||||
description: Cacti login panel was detected.
|
||||
reference:
|
||||
- https://www.cacti.net/
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
tags: tech,cacti,login
|
||||
|
||||
requests:
|
||||
|
@ -38,3 +44,5 @@ requests:
|
|||
group: 1
|
||||
regex:
|
||||
- "<div class='versionInfo'>Version (.*) |"
|
||||
|
||||
# Enhanced by md on 2023/01/09
|
||||
|
|
|
@ -1,9 +1,14 @@
|
|||
id: checkmk-login
|
||||
|
||||
info:
|
||||
name: Check MK Login Detect
|
||||
name: Checkmk Login Panel - Detect
|
||||
author: princechaddha
|
||||
severity: info
|
||||
description: Checkmk login panel was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
tags: login,tech,synology,rackstation
|
||||
|
||||
requests:
|
||||
|
@ -30,3 +35,5 @@ requests:
|
|||
regex:
|
||||
- '<div id="version">([0-9.a-z]+)<\/div>'
|
||||
- '<div id="foot">Version: ([0-9.a-z]+)'
|
||||
|
||||
# Enhanced by md on 2023/01/09
|
||||
|
|
|
@ -1,12 +1,17 @@
|
|||
id: e-mobile-panel
|
||||
|
||||
info:
|
||||
name: E-mobile Panel Detect
|
||||
name: E-mobile Panel - Detect
|
||||
author: ritikchaddha
|
||||
severity: info
|
||||
description: E-mobile panel was detected.
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.html:"E-Mobile "
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
tags: panel,e-mobile
|
||||
|
||||
requests:
|
||||
|
@ -36,3 +41,5 @@ requests:
|
|||
group: 1
|
||||
regex:
|
||||
- 'E-Mobile ([0-9.]+)'
|
||||
|
||||
# Enhanced by cs 2023/01/09
|
||||
|
|
|
@ -1,9 +1,14 @@
|
|||
id: edgeos-login
|
||||
|
||||
info:
|
||||
name: EdgeOS login Detect
|
||||
name: EdgeOS Login Panel - Detect
|
||||
author: princechaddha
|
||||
severity: info
|
||||
description: EdgeOS login panel was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
tags: login,tech,edgeos,edgemax
|
||||
|
||||
requests:
|
||||
|
@ -21,3 +26,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by md on 2023/01/09
|
||||
|
|
|
@ -1,11 +1,15 @@
|
|||
id: fatpipe-ipvpn-panel
|
||||
|
||||
info:
|
||||
name: FatPipe IPVPN® Panel Detect
|
||||
name: FatPipe IPVPN® Panel - Detect
|
||||
author: dwisiswant0
|
||||
severity: info
|
||||
reference:
|
||||
- https://www.fatpipeinc.com/products/index.php
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
tags: panel,ipvpn,fatpipe
|
||||
|
||||
requests:
|
||||
|
@ -29,3 +33,5 @@ requests:
|
|||
group: 1
|
||||
regex:
|
||||
- '<h5>([0-9.a-z]+)<\/h5>'
|
||||
|
||||
# Enhanced by cs 2023/01/09
|
||||
|
|
|
@ -1,12 +1,16 @@
|
|||
id: ictprotege-login-panel
|
||||
|
||||
info:
|
||||
name: ICT Protege WX Login Panel
|
||||
name: ICT Protege WX Login Panel - Detect
|
||||
author: ritikchaddha
|
||||
severity: info
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: title:"ICT Protege WX®"
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
tags: panel,ictprotege
|
||||
|
||||
requests:
|
||||
|
@ -24,3 +28,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by cs 2023/01/09
|
||||
|
|
|
@ -1,11 +1,13 @@
|
|||
id: kanboard-login
|
||||
|
||||
info:
|
||||
name: Kanboard Login Panel
|
||||
name: Kanboard Login Panel - Detect
|
||||
author: DhiyaneshDK
|
||||
severity: info
|
||||
description: A Kanboard login panel was detected.
|
||||
description: Kanboard login panel was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
verified: true
|
||||
|
@ -28,3 +30,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by md on 2023/01/09
|
||||
|
|
|
@ -1,9 +1,14 @@
|
|||
id: lenovo-fp-panel
|
||||
|
||||
info:
|
||||
name: Lenovo Fan and Power Controller Panel
|
||||
name: Lenovo Fan Power Controller Login Panel - Detect
|
||||
author: megamansec
|
||||
severity: info
|
||||
description: Lenovo Fan Power Controller login panel was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.html:"Avocent Corporation and its affiliates"
|
||||
|
@ -28,3 +33,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by md on 2023/01/09
|
||||
|
|
|
@ -1,10 +1,14 @@
|
|||
id: luci-login-detection
|
||||
|
||||
info:
|
||||
name: LuCi Login Detector
|
||||
name: LuCi Login Panel - Detect
|
||||
author: aashiq
|
||||
severity: info
|
||||
description: Searches for LuCi Login pages by attempting to query the cgi-bin endpoint
|
||||
description: LuCi login panel was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
tags: login
|
||||
|
||||
requests:
|
||||
|
@ -21,3 +25,5 @@ requests:
|
|||
- type: word
|
||||
words:
|
||||
- "Authorization Required"
|
||||
|
||||
# Enhanced by md on 2023/01/09
|
||||
|
|
|
@ -1,9 +1,14 @@
|
|||
id: mpftvc-admin-panel
|
||||
|
||||
info:
|
||||
name: MPFTVC Admin Login Panel
|
||||
name: MPFTVC Admin Login Panel - Detect
|
||||
author: Hardik-Solanki
|
||||
severity: info
|
||||
description: MPFTVC admin login panel was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: title:"AdminLogin - MPFTVC"
|
||||
|
@ -23,3 +28,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by md on 2023/01/09
|
||||
|
|
|
@ -1,13 +1,17 @@
|
|||
id: netsparker-panel
|
||||
|
||||
info:
|
||||
name: Netsparker Panel
|
||||
name: Netsparker Login Panel - Detect
|
||||
author: pussycat0x
|
||||
severity: info
|
||||
description: |
|
||||
Netsparker is a fully configurable Enterprise Dynamic Application Security Testing (DAST) tool. A DAST tool communicates with a web application using the web front-end in order to identify potential security vulnerabilities in the web application.
|
||||
Netsparker login panel was detected.
|
||||
reference:
|
||||
- https://www.invicti.com/
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.title:"Sign in to Netsparker Enterprise"
|
||||
|
@ -30,3 +34,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by md on 2023/01/09
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: ocomon-panel
|
||||
|
||||
info:
|
||||
name: OcoMon Login Panel
|
||||
name: OcoMon Login Panel - Detect
|
||||
author: dogasantos
|
||||
severity: info
|
||||
description: a tiny helpdesk system written in php
|
||||
|
@ -10,6 +10,10 @@ info:
|
|||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.html:"OcoMon"
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
tags: panel,ocomon,oss
|
||||
|
||||
requests:
|
||||
|
@ -37,3 +41,5 @@ requests:
|
|||
regex:
|
||||
- 'Versão: ([0-9.]+)'
|
||||
- 'Versão: ([0-9.]+)'
|
||||
|
||||
# Enhanced by cs 2023/01/09
|
||||
|
|
|
@ -1,10 +1,14 @@
|
|||
id: opengear-panel
|
||||
|
||||
info:
|
||||
name: Opengear Management Console Login Panel
|
||||
name: Opengear Management Console Login Panel - Detect
|
||||
author: ffffffff0x,daffainfo
|
||||
severity: info
|
||||
reference: https://opengear.com/
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
verified: true
|
||||
fofa-query: app="opengear-Management-Console"
|
||||
|
@ -28,3 +32,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhnanced by cs 2023/01/09
|
||||
|
|
|
@ -1,9 +1,13 @@
|
|||
id: redhat-satellite-panel
|
||||
|
||||
info:
|
||||
name: Red Hat Satellite Panel
|
||||
name: Red Hat Satellite Panel - Detect
|
||||
author: princechaddha
|
||||
severity: info
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.html:"redhat" "Satellite"
|
||||
|
@ -35,3 +39,5 @@ requests:
|
|||
group: 1
|
||||
regex:
|
||||
- '"version":"([0-9.]+)",'
|
||||
|
||||
# Enhanced by cs 2023/01/09
|
||||
|
|
|
@ -1,9 +1,13 @@
|
|||
id: remedy-axis-login
|
||||
|
||||
info:
|
||||
name: Remedy Axis Login
|
||||
name: Remedy Axis Login Panel - Detect
|
||||
author: tess
|
||||
severity: info
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
shodan-query: http.html:"BMC Remedy"
|
||||
verified: true
|
||||
|
@ -28,3 +32,5 @@ requests:
|
|||
- "BMC Remedy"
|
||||
- "BMC Smart Reporting"
|
||||
condition: or
|
||||
|
||||
# Enhanced by cs 2023/01/09
|
||||
|
|
|
@ -1,12 +1,16 @@
|
|||
id: ruckus-unleashed-panel
|
||||
|
||||
info:
|
||||
name: Ruckus Wireless Unleashed Login Panel
|
||||
name: Ruckus Wireless Unleashed Login Panel - Detect
|
||||
author: idealphase
|
||||
severity: info
|
||||
description: RUCKUS builds and delivers purpose-driven networks that perform in the tough environments of the industries we serve. Together with our trusted go-to-market partners, we empower our customers to deliver exceptional experiences to the guests, students, residents, citizens and employees who are counting on them.
|
||||
description: Ruckus Wireless Unleashed login panel was detected.
|
||||
reference:
|
||||
- https://www.commscope.com/ruckus/
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
shodan-query: http.title:"Unleashed Login"
|
||||
google-query: intitle:"Unleashed Login"
|
||||
|
@ -33,3 +37,5 @@ requests:
|
|||
group: 1
|
||||
regex:
|
||||
- '<link href="css\/font-awesome\.min\.css\?(.+)" rel="stylesheet">'
|
||||
|
||||
# Enhanced by md on 2023/01/09
|
||||
|
|
|
@ -1,11 +1,17 @@
|
|||
id: sap-netweaver-portal
|
||||
|
||||
# SAP Netweaver default creds - SAP*/06071992 or TMSADM/$1Pawd2&
|
||||
|
||||
info:
|
||||
name: SAP NetWeaver Portal
|
||||
name: SAP NetWeaver Portal - Detect
|
||||
author: organiccrap
|
||||
severity: info
|
||||
description: SAP NetWeaver Portal login has been detected. Note that NetWeaver has multiple default passwords as listed in the references.
|
||||
reference:
|
||||
- https://www.sap.com/products/technology-platform/netweaver.html
|
||||
- https://www.cisoplatform.com/profiles/blogs/sap-netweaver-abap-security-configuration-part-2-default
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
tags: panel,sap
|
||||
|
||||
requests:
|
||||
|
@ -17,3 +23,5 @@ requests:
|
|||
words:
|
||||
- "<title>SAP NetWeaver Portal</title>"
|
||||
part: body
|
||||
|
||||
# Enhanced by cs 2023/01/09
|
||||
|
|
|
@ -1,10 +1,14 @@
|
|||
id: sapfiori-panel
|
||||
|
||||
info:
|
||||
name: SAP Fiori Instance Detection Template
|
||||
name: SAP Fiori Login Panel - Detect
|
||||
author: righettod
|
||||
severity: info
|
||||
description: Try to detect the presence of a SAP Fiori instance via the login page
|
||||
description: SAP Fiori login panel was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
tags: panel,sap,fiori
|
||||
|
||||
requests:
|
||||
|
@ -28,3 +32,5 @@ requests:
|
|||
- "/irj/portal/fiori"
|
||||
part: body
|
||||
condition: and
|
||||
|
||||
# Enhanced by md on 2023/01/09
|
||||
|
|
|
@ -1,9 +1,14 @@
|
|||
id: sas-login-panel
|
||||
|
||||
info:
|
||||
name: SAS Login Panel
|
||||
name: SAS Login Panel - Detect
|
||||
author: ritikchaddha
|
||||
severity: info
|
||||
description: SAS login panel has been detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.favicon.hash:957255151
|
||||
|
@ -24,3 +29,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by cs 2023/01/09
|
||||
|
|
|
@ -1,11 +1,16 @@
|
|||
id: sauter-login
|
||||
|
||||
info:
|
||||
name: Sauter moduWeb - Login
|
||||
name: Sauter moduWeb Login Panel - Detect
|
||||
author: DhiyaneshDk
|
||||
severity: info
|
||||
description: Sauter moduWeb login panel was detected.
|
||||
reference:
|
||||
- https://www.exploit-db.com/ghdb/6883
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
tags: panel,sauter,edb
|
||||
|
||||
requests:
|
||||
|
@ -23,3 +28,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by md on 2023/01/09
|
||||
|
|
|
@ -1,12 +1,16 @@
|
|||
id: scs-landfill-control
|
||||
|
||||
info:
|
||||
name: SCS Landfill Remote Monitoring Control
|
||||
name: SCS Remote Monitoring and Control Login Panel - Detect
|
||||
author: geeknik
|
||||
severity: info
|
||||
description: SCS RMC is the IoT for landfills, manufacturing, and industrial facilities that provides real-time viewing, analysis, and control of equipment and systems critical to production and safe operations remotely.
|
||||
description: SCS Remote Monitoring and Control login panel was detected.
|
||||
reference:
|
||||
- https://www.scsengineers.com/services/remote-monitoring-control/
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
tags: panel,scs,rmc,iot
|
||||
|
||||
requests:
|
||||
|
@ -25,3 +29,5 @@ requests:
|
|||
- "<title>Log in to SCS RMC®</title>"
|
||||
- "SCS RMC®</div>"
|
||||
condition: and
|
||||
|
||||
# Enhanced by md on 2023/01/09
|
||||
|
|
|
@ -1,14 +1,19 @@
|
|||
id: seafile-panel
|
||||
|
||||
info:
|
||||
name: Seafile Panel
|
||||
name: Seafile Panel - Detect
|
||||
author: TechbrunchFR
|
||||
severity: info
|
||||
description: Seafile panel was detected.
|
||||
metadata:
|
||||
shodan-query: http.favicon.hash:1552322396
|
||||
reference:
|
||||
- https://www.seafile.com/en/home/
|
||||
- https://github.com/haiwen/seafile
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
tags: sefile,panel
|
||||
|
||||
requests:
|
||||
|
@ -21,3 +26,5 @@ requests:
|
|||
- type: dsl
|
||||
dsl:
|
||||
- "status_code==200 && (\"1552322396\" == mmh3(base64_py(body)))"
|
||||
|
||||
# Enhanced by md on 2023/01/09
|
||||
|
|
|
@ -1,9 +1,14 @@
|
|||
id: seats-login
|
||||
|
||||
info:
|
||||
name: Seats login
|
||||
name: Seats Login Panel - Detect
|
||||
author: dhiyaneshDK
|
||||
severity: info
|
||||
description: Seats login panel was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
tags: panel
|
||||
|
||||
requests:
|
||||
|
@ -19,3 +24,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by md on 2023/01/09
|
||||
|
|
|
@ -1,9 +1,14 @@
|
|||
id: secmail-detect
|
||||
|
||||
info:
|
||||
name: SecMail - secure email Detect
|
||||
name: SecMail Login Panel - Detect
|
||||
author: johnk3r
|
||||
severity: info
|
||||
description: SecMail login panel was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
shodan-query: secmail
|
||||
tags: secmail,panel
|
||||
|
@ -23,3 +28,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by md on 2023/01/09
|
||||
|
|
|
@ -1,9 +1,14 @@
|
|||
id: secnet-ac-panel
|
||||
|
||||
info:
|
||||
name: Secnet ac Panel Detect
|
||||
name: SecNet Login Panel - Detect
|
||||
author: ritikchaddha
|
||||
severity: info
|
||||
description: SecNet login panel was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
tags: secnet-ac,panel
|
||||
|
||||
requests:
|
||||
|
@ -21,3 +26,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by md on 2023/01/09
|
||||
|
|
|
@ -1,9 +1,14 @@
|
|||
id: secure-login-panel
|
||||
|
||||
info:
|
||||
name: Secure Login Service Detector
|
||||
name: Secure Login Service Login Panel - Detect
|
||||
author: dhiyaneshDK
|
||||
severity: info
|
||||
description: Secure Login Service login panel was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
shodan-query: http.title:"Secure Login Service"
|
||||
tags: panel,sls,login,service
|
||||
|
@ -22,3 +27,5 @@ requests:
|
|||
- type: word
|
||||
words:
|
||||
- "<title>Secure Login Service</title>"
|
||||
|
||||
# Enhanced by md on 2023/01/09
|
||||
|
|
|
@ -1,9 +1,14 @@
|
|||
id: securenvoy-panel
|
||||
|
||||
info:
|
||||
name: SecurEnvoy Admin Login
|
||||
name: SecurEnvoy Admin Login Panel - Detect
|
||||
author: 0xrod
|
||||
severity: info
|
||||
description: SecurEnvoy admin login panel was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
tags: panel,securenvoy
|
||||
|
||||
requests:
|
||||
|
@ -21,3 +26,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by md on 2023/01/09
|
||||
|
|
|
@ -1,9 +1,14 @@
|
|||
id: securepoint-utm
|
||||
|
||||
info:
|
||||
name: Securepoint UTM Admin Panel
|
||||
name: Securepoint UTM Admin Panel - Detect
|
||||
author: pussycat0x
|
||||
severity: info
|
||||
description: Securepoint UTM admin panel was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
fofa-dork: 'app="Securepoint-UTM-v11-Admin-Interface-11.8.8.8"'
|
||||
tags: securepoint,panel
|
||||
|
@ -30,3 +35,5 @@ requests:
|
|||
group: 1
|
||||
regex:
|
||||
- '\- Admin Interface \- ([0-9. (a-z)]+)<\/title>'
|
||||
|
||||
# Enhanced by md on 2023/01/09
|
||||
|
|
|
@ -1,9 +1,14 @@
|
|||
id: securityspy-detect
|
||||
|
||||
info:
|
||||
name: SecuritySpy Camera Detect
|
||||
name: SecuritySpy Camera Panel - Detect
|
||||
author: pussycat0x
|
||||
severity: medium
|
||||
description: SecuritySpy Camera panel was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
shodan-dork: 'title:SecuritySpy'
|
||||
tags: unauth,iot,securityspy,panel,camera
|
||||
|
@ -23,3 +28,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by md on 2023/01/09
|
||||
|
|
|
@ -1,9 +1,14 @@
|
|||
id: sitecore-login-panel
|
||||
|
||||
info:
|
||||
name: Sitecore Login Panel
|
||||
name: Sitecore Admin Login Panel - Detect
|
||||
author: b4uh0lz
|
||||
severity: info
|
||||
description: Sitecore admin login panel was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
tags: panel,sitecore,login
|
||||
|
||||
requests:
|
||||
|
@ -21,3 +26,5 @@ requests:
|
|||
words:
|
||||
- "Sitecore Login"
|
||||
part: body
|
||||
|
||||
# Enhanced by md on 2023/01/15
|
||||
|
|
|
@ -1,9 +1,14 @@
|
|||
id: sitecore-login
|
||||
|
||||
info:
|
||||
name: SiteCore Login
|
||||
name: Sitecore Login Panel - Detect
|
||||
author: dhiyaneshDK
|
||||
severity: info
|
||||
description: Sitecore login panel was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
shodan-query: http.title:"Welcome to Sitecore"
|
||||
tags: panel,sitecore
|
||||
|
@ -22,3 +27,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by md on 2023/01/15
|
||||
|
|
|
@ -1,11 +1,16 @@
|
|||
id: siteomat-loader
|
||||
|
||||
info:
|
||||
name: Orpak SiteOmat login portals
|
||||
name: Orpak SiteOmat Login Panel - Detect
|
||||
author: dhiyaneshDK
|
||||
severity: info
|
||||
description: Orpak SiteOmat login panel was detected.
|
||||
reference:
|
||||
- https://www.exploit-db.com/ghdb/6624
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
tags: siteomat,login,edb,panel
|
||||
|
||||
requests:
|
||||
|
@ -21,3 +26,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by md on 2023/01/15
|
||||
|
|
|
@ -1,9 +1,14 @@
|
|||
id: skycaiji-admin-panel
|
||||
|
||||
info:
|
||||
name: SkyCaiji Admin Panel
|
||||
name: SkyCaiji Admin Panel - Detect
|
||||
author: princechaddha
|
||||
severity: info
|
||||
description: SkyCaiji admin panel was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
tags: panel,tech,skycaiji
|
||||
|
||||
requests:
|
||||
|
@ -31,3 +36,5 @@ requests:
|
|||
group: 1
|
||||
regex:
|
||||
- 'com">SkyCaiji<\/a> ([A-Z0-9.]+) 后台管理<\/p>'
|
||||
|
||||
# Enhanced by md on 2023/01/15
|
||||
|
|
|
@ -1,9 +1,14 @@
|
|||
id: slocum-login
|
||||
|
||||
info:
|
||||
name: Slocum Fleet Mission Control Login
|
||||
name: Slocum Fleet Mission Control Login Panel - Detect
|
||||
author: pussycat0x
|
||||
severity: info
|
||||
description: Slocum Fleet Mission Control login panel was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
tags: panel,tech,slocum
|
||||
|
||||
requests:
|
||||
|
@ -20,3 +25,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by md on 2023/01/15
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue