Merge branch 'main' into fix-wp-FP

.github/workflows/templates-sync.yml

@@ -3,6 +3,9 @@ on:
   push:
     paths:
     - '.new-additions'
+    - 'dns/soa-detect.yaml'
+    - 'dns/spf-record-detect.yaml'
+    - 'dns/txt-service-detect.yaml'
     - 'file/keys/dependency/dependency-track.yaml'
     - 'file/keys/docker/dockerhub-pat.yaml'
     - 'file/keys/doppler/doppler-audit.yaml'
@@ -32,6 +35,7 @@ on:
     - 'http/cves/2023/CVE-2023-49785.yaml'
     - 'http/cves/2023/CVE-2023-5830.yaml'
     - 'http/cves/2023/CVE-2023-5914.yaml'
+    - 'http/cves/2024/CVE-2024-1212.yaml'
     - 'http/cves/2024/CVE-2024-1698.yaml'
     - 'http/exposed-panels/bynder-panel.yaml'
     - 'http/exposed-panels/cisco/cisco-expressway-panel.yaml'
@@ -42,11 +46,13 @@ on:
     - 'http/exposed-panels/osnexus-panel.yaml'
     - 'http/exposed-panels/posteio-admin-panel.yaml'
     - 'http/exposed-panels/skeepers-panel.yaml'
+    - 'http/exposures/files/generic-db.yaml'
     - 'http/misconfiguration/installer/posteio-installer.yaml'
     - 'http/osint/phishing/kakao-login-phish.yaml'
     - 'http/osint/phishing/naver-login-phish.yaml'
     - 'http/technologies/microsoft/aspnet-version-detect.yaml'
     - 'http/technologies/microsoft/aspnetmvc-version-disclosure.yaml'
+    - 'http/technologies/wing-ftp-service-detect.yaml'
     - 'http/vulnerabilities/landray/landray-eis-ws-infoleak.yaml'
     - 'network/detection/wing-ftp-detect.yaml'
   workflow_dispatch:

.new-additions

@@ -1,3 +1,6 @@
+dns/soa-detect.yaml
+dns/spf-record-detect.yaml
+dns/txt-service-detect.yaml
 file/keys/dependency/dependency-track.yaml
 file/keys/docker/dockerhub-pat.yaml
 file/keys/doppler/doppler-audit.yaml
@@ -27,6 +30,7 @@ file/keys/wireguard/wireguard-private.yaml
 http/cves/2023/CVE-2023-49785.yaml
 http/cves/2023/CVE-2023-5830.yaml
 http/cves/2023/CVE-2023-5914.yaml
+http/cves/2024/CVE-2024-1212.yaml
 http/cves/2024/CVE-2024-1698.yaml
 http/exposed-panels/bynder-panel.yaml
 http/exposed-panels/cisco/cisco-expressway-panel.yaml
@@ -37,10 +41,12 @@ http/exposed-panels/neocase-hrportal-panel.yaml
 http/exposed-panels/osnexus-panel.yaml
 http/exposed-panels/posteio-admin-panel.yaml
 http/exposed-panels/skeepers-panel.yaml
+http/exposures/files/generic-db.yaml
 http/misconfiguration/installer/posteio-installer.yaml
 http/osint/phishing/kakao-login-phish.yaml
 http/osint/phishing/naver-login-phish.yaml
 http/technologies/microsoft/aspnet-version-detect.yaml
 http/technologies/microsoft/aspnetmvc-version-disclosure.yaml
+http/technologies/wing-ftp-service-detect.yaml
 http/vulnerabilities/landray/landray-eis-ws-infoleak.yaml
 network/detection/wing-ftp-detect.yaml

cves.json

@@ -1386,7 +1386,7 @@
 {"ID":"CVE-2021-40149","Info":{"Name":"Reolink E1 Zoom Camera \u003c=3.0.0.716 - Private Key Disclosure","Severity":"medium","Description":"Reolink E1 Zoom Camera versions 3.0.0.716 and below suffer from a private key (RSA) disclosure vulnerability.\n","Classification":{"CVSSScore":"5.9"}},"file_path":"http/cves/2021/CVE-2021-40149.yaml"}
 {"ID":"CVE-2021-40150","Info":{"Name":"Reolink E1 Zoom Camera \u003c=3.0.0.716 - Information Disclosure","Severity":"high","Description":"Reolink E1 Zoom camera through 3.0.0.716 is susceptible to information disclosure. The web server discloses its configuration via the /conf/ directory that is mapped to a publicly accessible path. An attacker with network-level access to the camera can can download the entire NGINX/FastCGI configurations by querying the /conf/nginx.conf or /conf/fastcgi.conf URI.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-40150.yaml"}
 {"ID":"CVE-2021-40323","Info":{"Name":"Cobbler \u003c3.3.0 - Remote Code Execution","Severity":"critical","Description":"Cobbler before 3.3.0 allows log poisoning and resultant remote code execution via an XMLRPC method.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-40323.yaml"}
-{"ID":"CVE-2021-40438","Info":{"Name":"Apache \u003c= 2.4.48 - Mod_Proxy SSRF","Severity":"critical","Description":"Apache 2.4.48 and below contain an issue where uri-path can cause mod_proxy to forward the request to an origin server chosen by the remote user.","Classification":{"CVSSScore":"9"}},"file_path":"http/cves/2021/CVE-2021-40438.yaml"}
+{"ID":"CVE-2021-40438","Info":{"Name":"Apache \u003c= 2.4.48 Mod_Proxy - Server-Side Request Forgery","Severity":"critical","Description":"Apache 2.4.48 and below contain an issue where uri-path can cause mod_proxy to forward the request to an origin server chosen by the remote user.","Classification":{"CVSSScore":"9"}},"file_path":"http/cves/2021/CVE-2021-40438.yaml"}
 {"ID":"CVE-2021-40539","Info":{"Name":"Zoho ManageEngine ADSelfService Plus v6113 - Unauthenticated Remote Command Execution","Severity":"critical","Description":"Zoho ManageEngine ADSelfService Plus version 6113 and prior are vulnerable to a REST API authentication bypass vulnerability that can lead to remote code execution.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-40539.yaml"}
 {"ID":"CVE-2021-40542","Info":{"Name":"Opensis-Classic 8.0 - Cross-Site Scripting","Severity":"medium","Description":"Opensis-Classic Version 8.0 is affected by cross-site scripting. An unauthenticated user can inject and execute JavaScript code through the link_url parameter in Ajax_url_encode.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-40542.yaml"}
 {"ID":"CVE-2021-40651","Info":{"Name":"OS4Ed OpenSIS Community 8.0 - Local File Inclusion","Severity":"medium","Description":"OS4Ed OpenSIS Community 8.0 is vulnerable to a local file inclusion vulnerability in Modules.php (modname parameter), which can disclose arbitrary file from the server's filesystem as long as the application has access to the file.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2021/CVE-2021-40651.yaml"}
@@ -2171,7 +2171,7 @@
 {"ID":"CVE-2023-37728","Info":{"Name":"IceWarp Webmail Server v10.2.1 - Cross Site Scripting","Severity":"medium","Description":"Icewarp Icearp v10.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the color parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-37728.yaml"}
 {"ID":"CVE-2023-37979","Info":{"Name":"Ninja Forms \u003c 3.6.26 - Cross-Site Scripting","Severity":"medium","Description":"The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-37979.yaml"}
 {"ID":"CVE-2023-38035","Info":{"Name":"Ivanti Sentry - Authentication Bypass","Severity":"critical","Description":"A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-38035.yaml"}
-{"ID":"CVE-2023-38203","Info":{"Name":"Adobe ColdFusion Deserialization of Untrusted Data","Severity":"critical","Description":"Adobe ColdFusion versions 2018u17 (and earlier), 2021u7 (and earlier) and 2023u1 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-38203.yaml"}
+{"ID":"CVE-2023-38203","Info":{"Name":"Adobe ColdFusion - Deserialization of Untrusted Data","Severity":"critical","Description":"Adobe ColdFusion versions 2018u17 (and earlier), 2021u7 (and earlier) and 2023u1 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-38203.yaml"}
 {"ID":"CVE-2023-38205","Info":{"Name":"Adobe ColdFusion - Access Control Bypass","Severity":"high","Description":"There is an access control bypass vulnerability in Adobe ColdFusion versions 2023 Update 2 and below, 2021 Update 8 and below and 2018 update 18 and below, which allows a remote attacker to bypass the ColdFusion mechanisms that restrict unauthenticated external access to ColdFusion's Administrator.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-38205.yaml"}
 {"ID":"CVE-2023-3836","Info":{"Name":"Dahua Smart Park Management - Arbitrary File Upload","Severity":"critical","Description":"Dahua wisdom park integrated management platform is a comprehensive management platform, a park operations,resource allocation, and intelligence services,and other functions, including/emap/devicePoint_addImgIco?.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-3836.yaml"}
 {"ID":"CVE-2023-3843","Info":{"Name":"mooDating 1.2 - Cross-site scripting","Severity":"medium","Description":"A vulnerability was found in mooSocial mooDating 1.2. It has been classified as problematic. Affected is an unknown function of the file /matchmakings/question of the component URL Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. VDB-235194 is the identifier assigned to this vulnerability. NOTE: We tried to contact the vendor early about the disclosure but the official mail address was not working properly.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-3843.yaml"}
@@ -2227,6 +2227,7 @@
 {"ID":"CVE-2023-42442","Info":{"Name":"JumpServer \u003e 3.6.4 - Information Disclosure","Severity":"medium","Description":"JumpServer is an open source bastion host and a professional operation and maintenance security audit system. Starting in version 3.0.0 and prior to versions 3.5.5 and 3.6.4, session replays can download without authentication. Session replays stored in S3, OSS, or other cloud storage are not affected. The api `/api/v1/terminal/sessions/` permission control is broken and can be accessed anonymously. SessionViewSet permission classes set to `[RBACPermission | IsSessionAssignee]`, relation is or, so any permission matched will be allowed. Versions 3.5.5 and 3.6.4 have a fix. After upgrading, visit the api `$HOST/api/v1/terminal/sessions/?limit=1`. The expected http response code is 401 (`not_authenticated`).\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-42442.yaml"}
 {"ID":"CVE-2023-42793","Info":{"Name":"JetBrains TeamCity \u003c 2023.05.4 - Remote Code Execution","Severity":"critical","Description":"In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-42793.yaml"}
 {"ID":"CVE-2023-43177","Info":{"Name":"CrushFTP \u003c 10.5.1 - Unauthenticated Remote Code Execution","Severity":"critical","Description":"CrushFTP prior to 10.5.1 is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-43177.yaml"}
+{"ID":"CVE-2023-43187","Info":{"Name":"NodeBB XML-RPC Request xmlrpc.php - XML Injection","Severity":"critical","Description":"A remote code execution (RCE) vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum software prior to v1.18.6 allows attackers to execute arbitrary code via crafted XML-RPC requests.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-43187.yaml"}
 {"ID":"CVE-2023-43261","Info":{"Name":"Milesight Routers - Information Disclosure","Severity":"high","Description":"A critical security vulnerability has been identified in Milesight Industrial Cellular Routers, compromising the security of sensitive credentials and permitting unauthorized access. This vulnerability stems from a misconfiguration that results in directory listing being enabled on the router systems, rendering log files publicly accessible. These log files, while containing sensitive information such as admin and other user passwords (encrypted as a security measure), can be exploited by attackers via the router's web interface. The presence of a hardcoded AES secret key and initialization vector (IV) in the JavaScript code further exacerbates the situation, facilitating the decryption of these passwords. This chain of vulnerabilities allows malicious actors to gain unauthorized access to the router.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-43261.yaml"}
 {"ID":"CVE-2023-43325","Info":{"Name":"MooSocial 3.1.8 - Cross-Site Scripting","Severity":"medium","Description":"A reflected cross-site scripting (XSS) vulnerability exisits in the data[redirect_url] parameter on user login function of mooSocial v3.1.8 which allows attackers to steal user's session cookies and impersonate their account via a crafted URL.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-43325.yaml"}
 {"ID":"CVE-2023-43326","Info":{"Name":"MooSocial 3.1.8 - Cross-Site Scripting","Severity":"medium","Description":"A reflected cross-site scripting (XSS) vulnerability exisits in multiple url of mooSocial v3.1.8 which allows attackers to steal user's session cookies and impersonate their account via a crafted URL.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-43326.yaml"}
@@ -2257,8 +2258,10 @@
 {"ID":"CVE-2023-49103","Info":{"Name":"OwnCloud - Phpinfo Configuration","Severity":"high","Description":"An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment (phpinfo). This information includes all the environment variables of the webserver. In containerized deployments, these environment variables may include sensitive data such as the ownCloud admin password, mail server credentials, and license key. Simply disabling the graphapi app does not eliminate the vulnerability. Additionally, phpinfo exposes various other potentially sensitive configuration details that could be exploited by an attacker to gather information about the system.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-49103.yaml"}
 {"ID":"CVE-2023-4966","Info":{"Name":"Citrix Bleed - Leaking Session Tokens","Severity":"high","Description":"Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-4966.yaml"}
 {"ID":"CVE-2023-4974","Info":{"Name":"Academy LMS 6.2 - SQL Injection","Severity":"critical","Description":"A vulnerability was found in Academy LMS 6.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file /academy/tutor/filter of the component GET Parameter Handler. The manipulation of the argument price_min/price_max leads to sql injection. The attack may be launched remotely. VDB-239750 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-4974.yaml"}
+{"ID":"CVE-2023-49785","Info":{"Name":"ChatGPT-Next-Web - SSRF/XSS","Severity":"critical","Description":"Full-Read SSRF/XSS in NextChat, aka ChatGPT-Next-Web\n","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2023/CVE-2023-49785.yaml"}
 {"ID":"CVE-2023-50290","Info":{"Name":"Apache Solr - Host Environment Variables Leak via Metrics API","Severity":"medium","Description":"Exposure of Sensitive Information to an Unauthorized Actor Vulnerability in Apache Solr.\nThe Solr Metrics API publishes all unprotected environment variables available to each Apache Solr instance. Users can specify which environment variables to hide, however, the default list is designed to work for known secret Java system properties. Environment variables cannot be strictly defined in Solr, like Java system properties can be, and may be set for the entire host,unlike Java system properties which are set per-Java-proccess.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2023/CVE-2023-50290.yaml"}
 {"ID":"CVE-2023-5074","Info":{"Name":"D-Link D-View 8 v2.0.1.28 - Authentication Bypass","Severity":"critical","Description":"Use of a static key to protect a JWT token used in user authentication can allow an for an authentication bypass in D-Link D-View 8 v2.0.1.28\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-5074.yaml"}
+{"ID":"CVE-2023-5089","Info":{"Name":"Defender Security \u003c 4.1.0 - Protection Bypass (Hidden Login Page)","Severity":"medium","Description":"The Defender Security WordPress plugin before 4.1.0 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the login page, even when the hide login page functionality of the plugin is enabled.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-5089.yaml"}
 {"ID":"CVE-2023-50917","Info":{"Name":"MajorDoMo thumb.php - OS Command Injection","Severity":"critical","Description":"MajorDoMo (aka Major Domestic Module) before 0662e5e allows command execution via thumb.php shell metacharacters. NOTE: this is unrelated to the Majordomo mailing-list manager.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-50917.yaml"}
 {"ID":"CVE-2023-50968","Info":{"Name":"Apache OFBiz \u003c 18.12.11 - Server Side Request Forgery","Severity":"high","Description":"Arbitrary file properties reading vulnerability in Apache Software Foundation Apache OFBiz when user operates an uri call without authorizations. The same uri can be operated to realize a SSRF attack also without authorizations. Users are recommended to upgrade to version 18.12.11, which fixes this issue.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-50968.yaml"}
 {"ID":"CVE-2023-51467","Info":{"Name":"Apache OFBiz \u003c 18.12.11 - Remote Code Execution","Severity":"critical","Description":"The vulnerability allows attackers to bypass authentication to achieve a simple Server-Side Request Forgery (SSRF)\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-51467.yaml"}
@@ -2267,6 +2270,8 @@
 {"ID":"CVE-2023-5360","Info":{"Name":"WordPress Royal Elementor Addons Plugin \u003c= 1.3.78 - Arbitrary File Upload","Severity":"critical","Description":"Arbitrary File Upload vulnerability in WordPress Royal Elementor Addons Plugin. This could allow a malicious actor to upload any type of file to your website. This can include backdoors which are then executed to gain further access to your website. This vulnerability has been fixed in version 1.3.79\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-5360.yaml"}
 {"ID":"CVE-2023-5375","Info":{"Name":"Mosparo \u003c 1.0.2 - Open Redirect","Severity":"medium","Description":"Open Redirect in GitHub repository mosparo/mosparo prior to 1.0.2.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-5375.yaml"}
 {"ID":"CVE-2023-5556","Info":{"Name":"Structurizr on-premises - Cross Site Scripting","Severity":"medium","Description":"Cross-site Scripting (XSS) - Reflected in GitHub repository structurizr/onpremises prior to 3194.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-5556.yaml"}
+{"ID":"CVE-2023-5830","Info":{"Name":"ColumbiaSoft DocumentLocator - Improper Authentication","Severity":"critical","Description":"Instances of ColumbiaSoft's Document Locator prior to version 7.2 SP4 and 2021.1 are vulnerable to an Improper Authentication/SSRF vulnerability. This template identifies vulnerable instances of the ColumbiaSoft Document Locater application by confirming external DNS interaction/lookups by modifying the value of the client-side SERVER parameter at /api/authentication/login.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-5830.yaml"}
+{"ID":"CVE-2023-5914","Info":{"Name":"Citrix StoreFront - Cross-Site Scripting","Severity":"medium","Description":"Reflected Cross-Site Scripting issue which is exploitable without authentication. This vulnerability was exploitable through coercing an error message during an XML parsing procedure in the SSO flow.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-5914.yaml"}
 {"ID":"CVE-2023-6018","Info":{"Name":"Mlflow - Arbitrary File Write","Severity":"critical","Description":"An attacker can overwrite any file on the server hosting MLflow without any authentication.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-6018.yaml"}
 {"ID":"CVE-2023-6020","Info":{"Name":"Ray Static File - Local File Inclusion","Severity":"high","Description":"LFI in Ray's /static/ directory allows attackers to read any file on the server without authentication.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-6020.yaml"}
 {"ID":"CVE-2023-6021","Info":{"Name":"Ray API - Local File Inclusion","Severity":"high","Description":"LFI in Ray's log API endpoint allows attackers to read any file on the server without authentication.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-6021.yaml"}
@@ -2295,6 +2300,8 @@
 {"ID":"CVE-2024-1208","Info":{"Name":"LearnDash LMS \u003c 4.10.3 - Sensitive Information Exposure","Severity":"medium","Description":"The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.2 via API. This makes it possible for unauthenticated attackers to obtain access to quiz questions.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-1208.yaml"}
 {"ID":"CVE-2024-1209","Info":{"Name":"LearnDash LMS \u003c 4.10.2 - Sensitive Information Exposure via assignments","Severity":"medium","Description":"The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via direct file access due to insufficient protection of uploaded assignments. This makes it possible for unauthenticated attackers to obtain those uploads.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-1209.yaml"}
 {"ID":"CVE-2024-1210","Info":{"Name":"LearnDash LMS \u003c 4.10.2 - Sensitive Information Exposure","Severity":"medium","Description":"The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via API. This makes it possible for unauthenticated attackers to obtain access to quizzes.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-1210.yaml"}
+{"ID":"CVE-2024-1212","Info":{"Name":"Progress Kemp LoadMaster - Command Injection","Severity":"critical","Description":"Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2024/CVE-2024-1212.yaml"}
+{"ID":"CVE-2024-1698","Info":{"Name":"NotificationX \u003c= 2.8.2 - SQL Injection","Severity":"critical","Description":"The NotificationX - Best FOMO, Social Proof, WooCommerce Sales Popup \u0026 Notification Bar Plugin With Elementor plugin for WordPress is vulnerable to SQL Injection via the 'type' parameter in all versions up to, and including, 2.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-1698.yaml"}
 {"ID":"CVE-2024-1709","Info":{"Name":"ConnectWise ScreenConnect 23.9.7 - Authentication Bypass","Severity":"critical","Description":"ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems.\n","Classification":{"CVSSScore":"10.0"}},"file_path":"http/cves/2024/CVE-2024-1709.yaml"}
 {"ID":"CVE-2024-21644","Info":{"Name":"pyLoad Flask Config - Access Control","Severity":"high","Description":"pyLoad is the free and open-source Download Manager written in pure Python. Any unauthenticated user can browse to a specific URL to expose the Flask config, including the `SECRET_KEY` variable. This issue has been patched in version 0.5.0b3.dev77.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-21644.yaml"}
 {"ID":"CVE-2024-21645","Info":{"Name":"pyload - Log Injection","Severity":"medium","Description":"A log injection vulnerability was identified in pyload. This vulnerability allows any unauthenticated actor to inject arbitrary messages into the logs gathered by pyload.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-21645.yaml"}
@@ -2307,6 +2314,9 @@
 {"ID":"CVE-2024-25600","Info":{"Name":"Unauthenticated Remote Code Execution – Bricks \u003c= 1.9.6","Severity":"critical","Description":"Bricks Builder is a popular WordPress development theme with approximately 25,000 active installations. It provides an intuitive drag-and-drop interface for designing and building WordPress websites. Bricks \u003c= 1.9.6 is vulnerable to unauthenticated remote code execution (RCE) which means that anybody can run arbitrary commands and take over the site/server. This can lead to various malicious activities\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-25600.yaml"}
 {"ID":"CVE-2024-25669","Info":{"Name":"CaseAware a360inc - Cross-Site Scripting","Severity":"medium","Description":"a360inc CaseAware contains a reflected cross-site scripting vulnerability via the user parameter transmitted in the login.php query string. This is a bypass of the fix reported in CVE-2017-\u003e\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2024/CVE-2024-25669.yaml"}
 {"ID":"CVE-2024-25735","Info":{"Name":"WyreStorm Apollo VX20 - Information Disclosure","Severity":"high","Description":"An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can discover cleartext credentials for the SoftAP (access point) Router /device/config using an HTTP GET request.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-25735.yaml"}
+{"ID":"CVE-2024-27198","Info":{"Name":"TeamCity \u003c 2023.11.4 - Authentication Bypass","Severity":"critical","Description":"In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-27198.yaml"}
+{"ID":"CVE-2024-27199","Info":{"Name":"TeamCity \u003c 2023.11.4 - Authentication Bypass","Severity":"high","Description":"In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible\n","Classification":{"CVSSScore":"7.3"}},"file_path":"http/cves/2024/CVE-2024-27199.yaml"}
+{"ID":"CVE-2024-27497","Info":{"Name":"Linksys E2000 1.0.06 position.js Improper Authentication","Severity":"high","Description":"Linksys E2000 Ver.1.0.06 build 1 is vulnerable to authentication bypass via the position.js file.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-27497.yaml"}
 {"ID":"CVE-2001-1473","Info":{"Name":"Deprecated SSHv1 Protocol Detection","Severity":"high","Description":"SSHv1 is deprecated and has known cryptographic issues.","Classification":{"CVSSScore":"7.5"}},"file_path":"network/cves/2001/CVE-2001-1473.yaml"}
 {"ID":"CVE-2011-2523","Info":{"Name":"VSFTPD 2.3.4 - Backdoor Command Execution","Severity":"critical","Description":"VSFTPD v2.3.4 had a serious backdoor vulnerability allowing attackers to execute arbitrary commands on the server with root-level access. The backdoor was triggered by a specific string of characters in a user login request, which allowed attackers to execute any command they wanted.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"network/cves/2011/CVE-2011-2523.yaml"}
 {"ID":"CVE-2015-3306","Info":{"Name":"ProFTPd - Remote Code Execution","Severity":"critical","Description":"ProFTPD 1.3.5 contains a remote code execution vulnerability via the mod_copy module which allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands.","Classification":{"CVSSScore":"10"}},"file_path":"network/cves/2015/CVE-2015-3306.yaml"}

cves.json-checksum.txt

@@ -1 +1 @@
-d1c0809e63305403ca431401cfcebe07
+0718093f8377862f2723b488bb15e23a

dns/soa-detect.yaml

@@ -0,0 +1,84 @@
+id: soa-detect
+
+info:
+  name: SOA Record Service - Detection
+  author: rxerium
+  severity: info
+  description: |
+    Detects which domain provider a domain is using, detected through SOA records
+  reference:
+    - https://www.cloudflare.com/learning/dns/dns-records/dns-soa-record/
+  metadata:
+    max-request: 1
+    verified: true
+  tags: dns,soa
+
+dns:
+  - name: "{{FQDN}}"
+
+    type: SOA
+
+    matchers-condition: or
+    matchers:
+      - type: word
+        name: "cloudflare"
+        words:
+          - "dns.cloudflare.com"
+
+      - type: word
+        name: "amazon-web-services"
+        words:
+          - "awsdns"
+
+      - type: word
+        name: "akamai"
+        words:
+          - "hostmaster.akamai.com"
+
+      - type: word
+        name: "azure"
+        words:
+          - "azure-dns.com"
+
+      - type: word
+        name: "ns1"
+        words:
+          - "nsone.net"
+
+      - type: word
+        name: "verizon"
+        words:
+          - "verizon.com"
+
+      - type: word
+        name: "google-cloud-platform"
+        words:
+          - "googledomains.com"
+          - "google.com"
+
+      - type: word
+        name: "alibaba"
+        words:
+          - "alibabadns.com"
+
+      - type: word
+        name: "safeway"
+        words:
+          - "safeway.com"
+
+      - type: word
+        name: "mark-monitor"
+        words:
+          - "markmonitor.com"
+          - "markmonitor.zone"
+
+      - type: word
+        name: "hetznet"
+        words:
+          - "hetzner.com"
+
+      - type: word
+        name: "edge-cast"
+        words:
+          - "edgecastdns.net"
+# digest: 4a0a00473045022052cc795314a697081c68e82277bf2be22ff53410f9a9a69af759ecefcd5b235b022100f94a899ec64709bb1f7d4e648dc091ee40029b754e4cc451882f0ccb68ff4921:922c64590222798bb761d5b6d8e72950

dns/spf-record-detect.yaml

@@ -0,0 +1,25 @@
+id: spf-record-detect
+
+info:
+  name: SPF Record - Detection
+  author: rxerium
+  severity: info
+  description: |
+    An SPF TXT record was detected
+  reference:
+    - https://www.mimecast.com/content/how-to-create-an-spf-txt-record
+  tags: dns,spf
+
+dns:
+  - name: "{{FQDN}}"
+    type: TXT
+    matchers:
+      - type: word
+        words:
+          - "v=spf1"
+
+    extractors:
+      - type: regex
+        regex:
+          - "v=spf1(.+)"
+# digest: 4b0a00483046022100ada13ee531e36c1b45b196bafc39386d03ee223d98f9d0c3d3bd6f0609c6101202210099f776bb4a582a65c321385adc3d8fa9ec6f3047e658c38c6da98c89dd82c7c9:922c64590222798bb761d5b6d8e72950

dns/txt-service-detect.yaml

@@ -0,0 +1,221 @@
+id: txt-service-detect
+
+info:
+  name: DNS TXT Service - Detect
+  author: rxerium
+  severity: info
+  description: |
+    Finding the services companies use via their TXT records.
+  reference:
+    - https://www.abenezer.ca/blog/services-companies-use-txt-records
+  metadata:
+    max-request: 1
+    verified: true
+  tags: dns,txt
+
+dns:
+  - name: "{{FQDN}}"
+    type: TXT
+
+    matchers-condition: or
+    matchers:
+      - type: word
+        name: "keybase"
+        words:
+          - "keybase-site-verification"
+
+      - type: word
+        name: "proton-mail"
+        words:
+          - "protonmail-verification"
+
+      - type: word
+        name: "webex"
+        words:
+          - "webexdomainverification"
+
+      - type: word
+        name: "apple"
+        words:
+          - "apple-domain-verification"
+
+      - type: word
+        name: "facebook"
+        words:
+          - "facebook-domain-verification"
+
+      - type: word
+        name: "autodesk"
+        words:
+          - "autodesk-domain-verification"
+
+      - type: word
+        name: "stripe"
+        words:
+          - "stripe-verification"
+
+      - type: word
+        name: "atlassian"
+        words:
+          - "atlassian-domain-verification"
+
+      - type: word
+        name: "adobe-sign"
+        words:
+          - "adobe-sign-verification"
+
+      - type: word
+        name: "zoho"
+        words:
+          - "zoho-verification"
+
+      - type: word
+        name: "have-i-been-pwned"
+        words:
+          - "have-i-been-pwned-verification"
+
+      - type: word
+        name: "knowbe4"
+        words:
+          - "knowbe4-site-verification"
+
+      - type: word
+        name: "jamf"
+        words:
+          - "jamf-site-verification"
+
+      - type: word
+        name: "parallels"
+        words:
+          - "parallels-domain-verification"
+
+      - type: word
+        name: "dropbox"
+        words:
+          - "dropbox-domain-verification"
+
+      - type: word
+        name: "vmware-cloud"
+        words:
+          - "vmware-cloud-verification"
+
+      - type: word
+        name: "canva"
+        words:
+          - "canva-site-verification"
+
+      - type: word
+        name: "mongodb"
+        words:
+          - "mongodb-site-verification"
+
+      - type: word
+        name: "slack"
+        words:
+          - "slack-domain-verification"
+
+      - type: word
+        name: "teamViewer"
+        words:
+          - "teamviewer-sso-verification"
+
+      - type: word
+        name: "bugcrowd"
+        words:
+          - "bugcrowd-verification"
+
+      - type: word
+        name: "cisco"
+        words:
+          - "cisco-site-verification"
+
+      - type: word
+        name: "palo-alto-networks"
+        words:
+          - "paloaltonetworks-site-verification"
+
+      - type: word
+        name: "twilio"
+        words:
+          - "twilio-domain-verification"
+
+      - type: word
+        name: "dell-technologies"
+        words:
+          - "dell-technologies-domain-verification"
+
+      - type: word
+        name: "1password"
+        words:
+          - "1password-site-verification"
+
+      - type: word
+        name: "duo"
+        words:
+          - "duo_sso_verification"
+
+      - type: word
+        name: "sophos"
+        words:
+          - "sophos-domain-verification"
+
+      - type: word
+        name: "pinterest"
+        words:
+          - "pinterest-site-verification"
+
+      - type: word
+        name: "citrix"
+        words:
+          - "citrix-verification-code"
+
+      - type: word
+        name: "zapier"
+        words:
+          - "zapier-domain-verification-challenge"
+
+      - type: word
+        name: "uber"
+        words:
+          - "uber-domain-verification"
+
+      - type: word
+        name: "zoom"
+        words:
+          - "zoom-domain-verification"
+
+      - type: word
+        name: "lastpass"
+        words:
+          - "lastpass-verification-code"
+
+      - type: word
+        name: "google-workspace"
+        words:
+          - "google-site-verification"
+
+      - type: word
+        name: "flexera"
+        words:
+          - "flexera-domain-verification"
+
+      - type: word
+        name: "yandex"
+        words:
+          - "yandex-verification"
+
+      - type: word
+        name: "calendly"
+        words:
+          - "calendly-site-verification"
+
+      - type: word
+        name: "docusign"
+        words:
+          - "docusign"
+
+      - type: word
+        name: "whimsical"
+        words:
+          - "whimsical"
+# digest: 490a00463044022043132b95ad11ec72665418855d60e0d979abbe9957b18f9170981f4f4af22a72022054d2942e7554851cd1f043f99d5e119ff9e8943a635a891927b1897d270383b9:922c64590222798bb761d5b6d8e72950

http/cves/2012/CVE-2012-4253.yaml

@@ -27,7 +27,7 @@ info:
     max-request: 1
     vendor: mysqldumper
     product: mysqldumper
-  tags: cve2012,cve,packetstorm,lfi,edb,mysqldumper,xss
+  tags: cve2012,cve,packetstorm,lfi,edb,mysqldumper
 
 http:
   - method: GET
@@ -43,4 +43,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100eefa80b385734b0a1e6f33288900b62b779941de6560c529987c9593f998d354022100a78e22cf092547bdbd7693f37f2f5fe8f9d4858b98c6fcfc32c3cf37b6f96274:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a00483046022100de6cb5ae696eb8f0b8837ff02b5e53e8049e806e0253c9933027f7da28634071022100fc1518b608713661374a7f1ebd5ef01b8816925196928a73aa3882adf5bf8192:922c64590222798bb761d5b6d8e72950

http/cves/2024/CVE-2024-1212.yaml

@@ -0,0 +1,47 @@
+id: CVE-2024-1212
+
+info:
+  name: Progress Kemp LoadMaster - Command Injection
+  author: DhiyaneshDK
+  severity: critical
+  description: |
+    Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution.
+  reference:
+    - https://rhinosecuritylabs.com/research/cve-2024-1212unauthenticated-command-injection-in-progress-kemp-loadmaster
+    - https://support.kemptechnologies.com/hc/en-us/articles/23878931058445-LoadMaster-Security-Vulnerability-CVE-2024-1212
+    - https://support.kemptechnologies.com/hc/en-us/articles/24325072850573-Release-Notice-LMOS-7-2-59-2-7-2-54-8-7-2-48-10-CVE-2024-1212
+    - https://nvd.nist.gov/vuln/detail/CVE-2024-1212
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
+    cvss-score: 10
+    cve-id: CVE-2024-1212
+    cwe-id: CWE-78
+    epss-score: 0.00046
+    epss-percentile: 0.13478
+  metadata:
+    verified: true
+    max-request: 1
+    shodan-query: html:"LoadMaster"
+  tags: cve,cve2024,progress,rce,loadmaster
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}/access/set?param=enableapi&value=1"
+    headers:
+      Authorization: "Basic JztsczsnOmRvZXNub3RtYXR0ZXI="
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "bin"
+          - "mnt"
+          - "WWW-Authenticate: Basic"
+        condition: and
+
+      - type: status
+        status:
+          - 200
+# digest: 4a0a004730450220557f3f2f5ab7b8e23925a9acc4979743940842b4936843aaae68876e24ed24a4022100f067f077e0dae8b1aa1264efb248349fdd7e6f95341ca06cbab9c183402f4e99:922c64590222798bb761d5b6d8e72950

http/exposures/files/generic-db.yaml

@@ -0,0 +1,155 @@
+id: generic-db
+
+info:
+  name: Generic Database File - Exposure
+  author: Michal Mikolas (nanuqcz)
+  severity: high
+  description: |
+    This is collection of some web frameworks recommendation or default configuration for SQLite database file location. If this file is publicly accessible due to server misconfiguration, it could result in application data leak including users sensitive data, password hashes etc.
+  reference:
+    - https://laravel.com/docs/11.x/database#sqlite-configuration  # database/database.sqlite
+    - https://laravel.com/docs/5.2/database  # database/database.sqlite
+    - https://github.com/laracasts/larabook/blob/master/app/config/database.php#L51  # app/database/production.sqlite
+    - https://forum.codeigniter.com/post-389846.html  # writable/db.sqlite3
+    - https://github.com/codeigniter4projects/playground/blob/develop/.env.example#L33  # writable/database.db
+    - https://symfony.com/doc/current/doctrine.html#configuring-the-database  # var/app.db
+    - https://symfony.com/doc/4.x/doctrine.html#configuring-the-database  # var/app.db
+    - https://symfony.com/doc/3.x/doctrine.html  # app/sqlite.db
+    - https://symfony.com/doc/2.x/doctrine.html  # sqlite.db
+    - https://openclassrooms.com/forum/sujet/symfony3-sqlite-could-not-create-database  # var/data/db.sqlite
+    - https://symfony.com/doc/current/reference/configuration/doctrine.html#doctrine-dbal-configuration  # var/data/data.sqlite
+    - https://stackoverflow.com/questions/31762878/sqlite-3-database-with-django  # db.sqlite3
+    - https://medium.com/@codewithbushra/using-sqlite-as-a-database-backend-in-django-projects-code-with-bushra-d23e3100686e  # db.sqlite3
+    - https://gist.github.com/jwo/4512764?permalink_comment_id=2235763#gistcomment-2235763  # db/production.sqlite3
+    - https://stackoverflow.com/a/30345819/1632572  # db/production.sqlite3
+    - https://developerhowto.com/2018/12/29/build-a-rest-api-with-node-js-and-express-js/  # db.sqlite
+    - https://sqldocs.org/sqlite/sqlite-nodejs/  # mydb.sqlite
+    - https://stackoverflow.com/questions/41620788/error-database-connection-sqlite-is-missing-or-could-not-be-created-cakephp  # app/data/app_db.sqlite
+    - https://stackoverflow.com/questions/2722383/using-sqlite3-with-cakephp  # app/webroot/database.sqlite, app/database.sqlite
+    - https://levelup.gitconnected.com/how-to-connect-and-use-the-sqlite-database-in-codeigniter-3-48cd50d3e78d  # application/databases/db.sqlite
+    - https://turmanauli.medium.com/how-to-connect-codeigniter-to-sqlite3-database-like-a-pro-2177497a6d30  # application/db/database.sqlite
+    - https://forum.codeigniter.com/thread-74522.html  # application/Database/db1.db
+    - https://stackoverflow.com/a/37088960/1632572  # application/database/data.db
+    - https://docs.laminas.dev/tutorials/getting-started/database-and-models/  # data/*.db
+    - https://phalcon-nucleon.github.io/#!database/getting-started.html  # storage/database/database.sqlite
+    - https://www.yiiframework.com/doc/blog/1.1/en/prototype.database  # protected/data/*.db
+    - https://pusher.com/tutorials/rest-api-slim-part-1/  # db/database.db
+    - https://www.digitalocean.com/community/tutorials/how-to-use-the-fat-free-php-framework  # db/database.sqlite
+    - https://doc.nette.org/en/database/configuration#toc-single-connection  # app/Model/*.db
+    - https://www.sqlite.org/fileformat.html  # SQLite file always starts with "SQLite format {sqlite_version}"
+    - https://en.wikipedia.org/wiki/List_of_file_signatures  # SQLite binary signature: 53 51 4C 69 74 65 20 66 6F 72 6D 61 74 20
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+    cvss-score: 7.5
+  metadata:
+    max-request: 89
+  tags: files,database,exposure,sqlite,sqlite3,fuzz
+
+http:
+  - method: GET
+    path:
+
+      - "{{BaseURL}}/{{path}}"
+
+    payloads:
+      path:
+        - database/database.sqlite
+        - database/production.db
+        - database/production.sqlite
+        - database/production.sqlite3
+        - app/database/production.sqlite
+        - writable/db.sqlite3
+        - writable/database.db
+        - var/app.db
+        - var/data/db.sqlite
+        - var/data/data.sqlite
+        - app/sqlite.db
+        - sqlite.db
+        - db.sqlite3
+        - db/production.sqlite3
+        - db.sqlite
+        - mydb.sqlite
+        - app/data/app_db.sqlite
+        - app/webroot/database.sqlite
+        - app/database.sqlite
+        - application/databases/db.sqlite
+        - application/db/database.sqlite
+        - application/Database/db1.db
+        - application/database/data.db
+        - data/app.db
+        - data/sqlite.db
+        - data/sqlite3.db
+        - data/database.db
+        - data/production.db
+        - storage/database/database.sqlite
+        - protected/data/app.db
+        - protected/data/sqlite.db
+        - protected/data/sqlite3.db
+        - protected/data/database.db
+        - protected/data/production.db
+        - db/database.db
+        - db/database.sqlite
+        - app/Model/app.db
+        - app/Model/sqlite.db
+        - app/Model/sqlite3.db
+        - app/Model/database.db
+        - app/Model/production.db
+        - app.db
+        - sqlite3.db
+        - app.sqlite
+        - app.sqlite3
+        - database.db
+        - database.sqlite
+        - database.sqlite3
+        - production.db
+        - production.sqlite
+        - production.sqlite3
+        - db/db.sqlite
+        - db/db.sqlite3
+        - db/sqlite.db
+        - db/sqlite3.db
+        - db/app.db
+        - db/app.sqlite
+        - db/app.sqlite3
+        - db/database.sqlite3
+        - db/production.db
+        - db/production.sqlite
+        - app/db.sqlite
+        - app/db.sqlite3
+        - app/sqlite3.db
+        - app/app.db
+        - app/app.sqlite
+        - app/app.sqlite3
+        - app/database.db
+        - app/database.sqlite3
+        - app/production.db
+        - app/production.sqlite
+        - app/production.sqlite3
+        - data/db.sqlite
+        - data/db.sqlite3
+        - data/app.sqlite
+        - data/app.sqlite3
+        - data/database.sqlite
+        - data/database.sqlite3
+        - data/production.sqlite
+        - data/production.sqlite3
+        - database/db.sqlite
+        - database/db.sqlite3
+        - database/sqlite.db
+        - database/sqlite3.db
+        - database/app.db
+        - database/app.sqlite
+        - database/app.sqlite3
+        - database/database.db
+        - database/database.sqlite3
+
+    stop-at-first-match: true
+    matchers:
+      - type: dsl
+        dsl:
+          - 'startswith(body, "SQLite")' # SQLite file always starts with "SQLite format {sqlite_version}"
+          - 'contains(body, "CREATE TABLE")' # SQLite file usually contains "CREATE TABLE", meaning there is at least one table
+          - '!contains(body, "<html")'
+          - 'status_code == 200'
+        condition: and
+# digest: 4a0a004730450220774c7ea36d2f6f3cb0c04baa3799540d2f306ccd5bd5c0fac8f19330142bac96022100f7919a4722b5363b5e4bffdb1785d7dbf746fe3dd261e089c46f206ac91e7f12:922c64590222798bb761d5b6d8e72950

http/misconfiguration/installer/drupal-install.yaml

@@ -3,12 +3,12 @@ id: drupal-install
 info:
   name: Drupal Install
   author: NkxxkN
-  severity: low
+  severity: high
   description: Drupal Install panel exposed.
   metadata:
     max-request: 2
     shodan-query: http.component:"drupal"
-  tags: exposure,drupal
+  tags: misconfig,drupal,install,exposure
 
 http:
   - method: GET
@@ -23,4 +23,4 @@ http:
       - type: word
         words:
           - "<title>Choose language | Drupal</title>"
-# digest: 490a0046304402206f6f65e8aa3223ec1f67b0e97780b4bc7d9ddc28af4ba9562d4d52ae06946a82022037c67f1e4b8c5b8bac6369fb8a23830b76a97f8188317b70b7275c284b201b8c:922c64590222798bb761d5b6d8e72950
+# digest: 490a004630440220115cf9e237a9e0e09034a814da536ec254ae826df2023819714ad7677814606102207ecda93edc69d914ee07bed7be0c76fcae80cd410e6a511552cd3686c8e6e785:922c64590222798bb761d5b6d8e72950

http/technologies/fingerprinthub-web-fingerprints.yaml

@@ -11417,6 +11417,7 @@ http:
         name: softether-vpn
         words:
           - <li>manage this vpn server or vpn bridge<ul>
+        case-insensitive: true
 
       - type: word
         name: softnext-spam
@@ -15064,4 +15065,4 @@ http:
         words:
           - "x-dispatcher:"
         case-insensitive: true
-# digest: 4a0a00473045022100e202b5b8367df139a20f5ff3fced4c3ec57f5c5c98c2c42e3079952ccc4cf87502204d5331301337b21ea90535286f9393bc4140b0fde578aef1869201af8fca701e:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a00483046022100bc94744c796eb79eba218d1c041ec0e817654420bfc1a1c188d90dcfc8506dcc0221008763af93a66376ac9b4dbee14f6d8a1db56f84bfc29474faefd0f50ffd68ea6b:922c64590222798bb761d5b6d8e72950

http/technologies/microsoft/microsoft-iis-version.yaml

@@ -9,11 +9,14 @@ info:
     max-request: 1
   tags: tech,microsoft,iis
 
+
 http:
   - method: GET
     path:
       - "{{BaseURL}}"
 
+    host-redirects: true
+    max-redirects: 4
     matchers-condition: and
     matchers:
       - type: word
@@ -21,14 +24,9 @@ http:
         words:
           - "IIS"
 
-      - type: status
-        status:
-          - 200
-
     extractors:
       - type: kval
         part: header
         kval:
           - Server
-
-# digest: 490a0046304402204aec8d1c4678a40a8ca831d952b351c4ca885fb845222a559099426e6a27ba9602204f9487670472a494fcecc37f1ebc08e68f6c3007de6fae438c5f5b7210e66a87:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a0047304502207a63b4fb5117f7f1168ba477b97deaa35e7e38c9355639a7df7c8f6f54fa960c022100e3d3f3c25ecff01f75a723ca2df3e64e5ea725d7cc61f70ef54e41f6899fc359:922c64590222798bb761d5b6d8e72950

http/technologies/wing-ftp-service-detect.yaml

@@ -0,0 +1,25 @@
+id: wing-ftp-service-detect
+
+info:
+  name: Wing FTP Service - Detect
+  author: ritikchaddha
+  severity: info
+  description: |
+    The File Transfer Protocol (FTP) is a standard network protocol used to transfer computer files between a client and server on a computer network.
+  metadata:
+    max-request: 1
+    verified: true
+    shodan-query: "Wing FTP Server"
+  tags: tech,ftp,wing,detect
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+
+    matchers:
+      - type: word
+        part: header
+        words:
+          - "Wing FTP Server"
+# digest: 4b0a00483046022100c80a28fe09665c71ca345c950405518bec7b02defcbed410c0a59c743e24da46022100bc4ae224a03b1cecc0f9646db3ce15f82e26125b2eb0fd647cd0ba7395be4be9:922c64590222798bb761d5b6d8e72950

templates-checksum.txt

@@ -10,7 +10,7 @@ TOP-10.md:06a54531fef2bfc5ec2fa38485a3e30c247a3132
 cloud/enum/aws-app-enum.yaml:26d0dcf57c7ba8003940ed1d53a62971564b2018
 cloud/enum/aws-s3-bucket-enum.yaml:0d101b898bbaebceea4020963d11829f8167029f
 cloud/enum/azure-db-enum.yaml:3d29a3c86288356d862922ef0527de99187bf734
-cloud/enum/azure-vm-cloud-enum.yaml:69ca5c626f0061e4c9bcc922bf9e05f078459bd2
+cloud/enum/azure-vm-cloud-enum.yaml:6d9043c907009b2ff6afc6cd09bd35a6d27f6fe9
 cloud/enum/azure-website-enum.yaml:037397591c799d32eb8abc94a346ff0805d68204
 cloud/enum/gcp-app-engine-enum.yaml:b22ff0601a3f7f6ddc39e39ab9dc34410d213e41
 cloud/enum/gcp-bucket-enum.yaml:896300c26517adf67feb80304f5edb25590a03c4
@@ -105,8 +105,8 @@ config/pentest.yml:e3a9ebe543e9c2d046ead1efc292394b54a55196
 config/privilege-escalation.yml:325607b721fcea55111f8698b10951fd2f0d17b8
 config/recommended.yml:adcd4e1f0ef7b6b8c57fddbdda3ebf2314a8fa9b
 contributors.json:951e2ab8bbae42da01f52da9ef0a14ce7f17e159
-cves.json:51d8ac58d8ffdf6cfd4660d3e19373bb08bb6605
-cves.json-checksum.txt:fdca644f563bcfe217c57881fc5991db50a942e4
+cves.json:3b21f179e553a113562af785def57c341b663071
+cves.json-checksum.txt:e03adc785e821e31dd4936f083dc56fbb0b302df
 dns/azure-takeover-detection.yaml:34e8e8a0db3e2ff7af0bf8df8ee9c54f2ee8e3b4
 dns/caa-fingerprint.yaml:71845ba0a32b1968e23b507166275ee4c1f84b24
 dns/detect-dangling-cname.yaml:0c5204f22465c8ebb8ae31e6265ffa5c0cd4b6e2
@@ -122,8 +122,11 @@ dns/mx-service-detector.yaml:197d6c83e04011fc0ae267e999cad25e85a19d58
 dns/nameserver-fingerprint.yaml:7a9247d4f45a9699418b4afed5cea0388b147735
 dns/ptr-fingerprint.yaml:ecff55b058dba2ad98432eacea8b52ce1d8e7656
 dns/servfail-refused-hosts.yaml:ee2505b5619921a20332494f2281664eaf01fa87
+dns/soa-detect.yaml:5c758030190eea7fc6934a23dd266362ee2a355b
+dns/spf-record-detect.yaml:6aad264acb43bab9f128417e59b116cb7b35868e
 dns/spoofable-spf-records-ptr.yaml:7cb8aa2d5fa1b19224a6ca0b17c5b46377892ee7
 dns/txt-fingerprint.yaml:eca4bcdfb25f2922e233e4801f1beb27893f7e70
+dns/txt-service-detect.yaml:c331256e50faf2211d80f1f973f42c748d86a5d1
 dns/worksites-detection.yaml:c54ce778fe66a138e794b87520392f285c8b6259
 file/android/adb-backup-enabled.yaml:4ca96a12120754577166567e047e6735d1214891
 file/android/biometric-detect.yaml:27a81bc01a126a6923c702d556dac9da857971d8
@@ -973,7 +976,7 @@ http/cves/2012/CVE-2012-2371.yaml:c9b170834b0f6878fbd65a84289f9dde6cdf6edf
 http/cves/2012/CVE-2012-3153.yaml:9632dbed943428a3ce82bd26243e96bb53e0101f
 http/cves/2012/CVE-2012-4032.yaml:c433e79a48badc5d9996e22bcd1939ee98401e92
 http/cves/2012/CVE-2012-4242.yaml:d4acd90297d0e2c72a092b7a02a3cd8d9b532923
-http/cves/2012/CVE-2012-4253.yaml:8191f7e69d1dbec2c0b9ea2f687eafa87eeb2214
+http/cves/2012/CVE-2012-4253.yaml:22bb780ede0f6ee252aa15a98a2b1c8d437494e4
 http/cves/2012/CVE-2012-4273.yaml:d7e6647482c7d87038483b2bc94a26745bb3c841
 http/cves/2012/CVE-2012-4547.yaml:d254026e048515763754a600a75aab80318b79f5
 http/cves/2012/CVE-2012-4768.yaml:61df87600a157bab6ca0ae1244cf87d5dbb36af7
@@ -1199,7 +1202,7 @@ http/cves/2017/CVE-2017-16894.yaml:0c7f7d0bdb16cdff6e7a380ba56208eb1ca9d6e6
 http/cves/2017/CVE-2017-17043.yaml:b45105c0de0d90d61a79191de73976e9cd4fb790
 http/cves/2017/CVE-2017-17059.yaml:d40f8c2b908798457c9b02fa98a480b8bc0a7215
 http/cves/2017/CVE-2017-17451.yaml:04b0b3fec8b256c76cef8ea892836c2e420878b8
-http/cves/2017/CVE-2017-17562.yaml:f73fd69cc36d28c4be6a6747c45f942f857029ef
+http/cves/2017/CVE-2017-17562.yaml:2e22c184cd57f7425fba3827242a122c39dc86e8
 http/cves/2017/CVE-2017-17731.yaml:1666574cd4dfc7a3995867c7c4b621b267b885ff
 http/cves/2017/CVE-2017-17736.yaml:877434782e6a2c5b3095498877a022c3551b6ca8
 http/cves/2017/CVE-2017-18024.yaml:6b154b9615599e11764e703081eca6329935ee5e
@@ -1496,7 +1499,7 @@ http/cves/2019/CVE-2019-16932.yaml:182fef4932dc7931c45cd3d7aebdaeef9ded81e8
 http/cves/2019/CVE-2019-16996.yaml:ad524a9c60b54d610e8c55acaa46e4958a9b8dce
 http/cves/2019/CVE-2019-16997.yaml:e103b4c103866170ecfaef2fcf0e2cf88609b940
 http/cves/2019/CVE-2019-17270.yaml:8f282f5849f13dda11bbb8837079bb223d9687fb
-http/cves/2019/CVE-2019-17382.yaml:2a14f06044507c830b2d10f4a86315439d64f88f
+http/cves/2019/CVE-2019-17382.yaml:f76bdf75f84fdcae6c031cc28c3420d8dc40f808
 http/cves/2019/CVE-2019-17418.yaml:dbeea758a5b8de4c18d2d8790798711113d69195
 http/cves/2019/CVE-2019-17444.yaml:7b94376c34d962236141cba63543376257005654
 http/cves/2019/CVE-2019-17503.yaml:6701aacab1ee79d24acd3cbd1497fb50399ad671
@@ -2398,7 +2401,7 @@ http/cves/2022/CVE-2022-1933.yaml:97c269db3367ffd56494243b090e307b4eb0b586
 http/cves/2022/CVE-2022-1937.yaml:f888a42c920fb30ae5b563bf642af334cd97da95
 http/cves/2022/CVE-2022-1946.yaml:982f4f9519b1a137a8d2f2c71c7f2225cb67da1d
 http/cves/2022/CVE-2022-1952.yaml:4c4d64ceb64295942d0d9c2c1ae79a9bc6a16ee7
-http/cves/2022/CVE-2022-2034.yaml:db07244959fe5aec265a0b9f1e8b398a93a6076c
+http/cves/2022/CVE-2022-2034.yaml:6d1a2c994d2ebda1cdcdc84b36237565c66c592a
 http/cves/2022/CVE-2022-21371.yaml:e9b20049b90afecb519db58387e5922047ef5944
 http/cves/2022/CVE-2022-21500.yaml:7a87435ea2a54ac9c454a344a87fd21e51758b36
 http/cves/2022/CVE-2022-21587.yaml:9e40fc00a04665d81ac142e197d40f1926a521c6
@@ -2480,7 +2483,7 @@ http/cves/2022/CVE-2022-25489.yaml:5c5c7a7388f9e133b0cf380bad27eeaebb0c2a74
 http/cves/2022/CVE-2022-25497.yaml:07424dc06af0ea2d10c5aa1a201ce4d0f2d26848
 http/cves/2022/CVE-2022-2551.yaml:a2dc5d4686710a2e9aeea1bdadf8f7fac2f3766f
 http/cves/2022/CVE-2022-25568.yaml:aabffcf5827e7ee05211b2651ca350e913371665
-http/cves/2022/CVE-2022-2599.yaml:51779e43ad99b49a367ddd03a76fc22508c0c15c
+http/cves/2022/CVE-2022-2599.yaml:f576fefcf8da91a4c868c4b06cad0a2ed36884cb
 http/cves/2022/CVE-2022-26134.yaml:788a7f51e1550cc5770aab979234ac35b54d2505
 http/cves/2022/CVE-2022-26138.yaml:15d0534ab6765d2e536070eda15d020e04f43abc
 http/cves/2022/CVE-2022-26148.yaml:f37f9182974b9dd8d49af32a7ef9841fe7d704ae
@@ -2819,7 +2822,7 @@ http/cves/2023/CVE-2023-24278.yaml:e397c7d647c7517b78e44dbc79c8fcbc80480623
 http/cves/2023/CVE-2023-24322.yaml:c4b5cc0d4d70fa16682f706a954b95c84e0e7896
 http/cves/2023/CVE-2023-24367.yaml:dab63258fffca6b44d754ede551d56eea925a477
 http/cves/2023/CVE-2023-24488.yaml:8a381e70fd0643ed5d1371edb70b40e25e9b5ff8
-http/cves/2023/CVE-2023-24489.yaml:ffcbd0678ae55a267244d0a62703c1756b701aae
+http/cves/2023/CVE-2023-24489.yaml:c895cc71b777b3ada793ebcddd00274157f7927d
 http/cves/2023/CVE-2023-24657.yaml:1efdbfecef2aacf600fb007989d4efc6aa9d7fbe
 http/cves/2023/CVE-2023-24733.yaml:f1b740ac9ba1fc859deb3c69798e1bc3d302ed4e
 http/cves/2023/CVE-2023-24735.yaml:e38322978b1598d32056adb11572c6c401107c40
@@ -3085,6 +3088,7 @@ http/cves/2024/CVE-2024-1071.yaml:672dd1ef0240ede4f06d3b98caf96f2f14bd1e8e
 http/cves/2024/CVE-2024-1208.yaml:6f0363cecc95a2187f9fbca30620a2d39d87eb15
 http/cves/2024/CVE-2024-1209.yaml:36f848394da33f75c2198b8f5b9081f212b3ecd1
 http/cves/2024/CVE-2024-1210.yaml:1333fe26c55e1b4e44bcfdc0e0de5226a053f949
+http/cves/2024/CVE-2024-1212.yaml:5671b80e9ab3c9274bd98bbeb8fe508980393f85
 http/cves/2024/CVE-2024-1698.yaml:86f5580473ce4a829a4279af9ad763b52bfd4983
 http/cves/2024/CVE-2024-1709.yaml:7f5ad668e9c8e5ab56afee96df8907d7ccc71e0b
 http/cves/2024/CVE-2024-21644.yaml:e8d58594c2dc1021f9107eee925f11791e0627e7
@@ -3206,7 +3210,7 @@ http/default-logins/ofbiz/ofbiz-default-login.yaml:2e6eea7863853fca0a5546a479d43
 http/default-logins/openemr/openemr-default-login.yaml:e47d165fc7a306238827e4ea1497307f932890cd
 http/default-logins/openmediavault/openmediavault-default-login.yaml:efb418987e7a7b80b6fc9ea78f883b4dcaa90efe
 http/default-logins/oracle/businessintelligence-default-login.yaml:29309871b052bb3f05de613e838dadb92dd47f79
-http/default-logins/oracle/peoplesoft-default-login.yaml:5da182e00f57e6927f30674cde5f7bae9de6bbd4
+http/default-logins/oracle/peoplesoft-default-login.yaml:21071ffc4b0449f88570d4d604038756ccd18209
 http/default-logins/others/aruba-instant-default-login.yaml:398f77a4e4e01153465c51bdfeb3cf53f670a85b
 http/default-logins/others/ciphertrust-default-login.yaml:9d29315f7fd68f1e4f55dd046bf7c716658ef13e
 http/default-logins/others/cnzxsoft-default-login.yaml:71898b0928c2f380612addb0350fb686dd84e025
@@ -3292,7 +3296,7 @@ http/exposed-panels/acunetix-panel.yaml:b10cd9d4a29dea26e161ddeb85b6b920efd69870
 http/exposed-panels/addonfinance-portal.yaml:38506f2dd6a3a69108a50fe67a2686af99398590
 http/exposed-panels/adhoc-transfer-panel.yaml:dcce7565c43f4ea78e2a3ad9fc8216f301f05c94
 http/exposed-panels/adiscon-loganalyzer.yaml:fc2432f93a3fd7724c3f0d2814d41c065e0b8b21
-http/exposed-panels/adminer-panel-detect.yaml:89f3dfcb1a75493cc7d806df52ee64b3e65450fa
+http/exposed-panels/adminer-panel-detect.yaml:2c1c41366071aef22dcd3f0fb77608e8ba4d18d8
 http/exposed-panels/adminer-panel.yaml:b266fbab664e4ee130429e725409cf78000739e0
 http/exposed-panels/adminset-panel.yaml:2be3fbb1ec0fe028405fdb0353163d1352a14d65
 http/exposed-panels/adobe/adobe-component-login.yaml:ca846d96566ad14a055b85c15bd2b61e3a786d8d
@@ -4340,7 +4344,7 @@ http/exposures/apis/wadl-api.yaml:7a728eb7a4cb779218d582661a7fb2978abedc03
 http/exposures/apis/wsdl-api.yaml:e28378d37cb724e50ad74e13158210a704a2d9df
 http/exposures/backups/exposed-mysql-initial.yaml:546b26c48697aa27b99c9d385c509b1af10e8907
 http/exposures/backups/froxlor-database-backup.yaml:a8296d723d545dea6b9d898766db58cc8f06c984
-http/exposures/backups/php-backup-files.yaml:505b1da333d78f3266443cab2fa4f9a6e57d6635
+http/exposures/backups/php-backup-files.yaml:2c05d22cc231014da2a5964eee452bf96706b391
 http/exposures/backups/settings-php-files.yaml:4deb7ac78c1f7df72c6efad11c7ce77373c3ba7b
 http/exposures/backups/sql-dump.yaml:e989e8b4ad56b0ed996c7dc9cec7eab2210c223c
 http/exposures/backups/zip-backup-files.yaml:0b4309555d6a4f0fee56b49d302d209baccb808e
@@ -4524,7 +4528,6 @@ http/exposures/files/desktop-ini-exposure.yaml:e1f2848de5e29a1d1f0069c15a5451d38
 http/exposures/files/django-secret-key.yaml:9a9152c6627c7d1bb85923caedf61303f26e78b9
 http/exposures/files/docker-cloud.yaml:1cd831e6d009b49e120b14206b7a19b825fd5272
 http/exposures/files/domcfg-page.yaml:28b2f74eed60f6bf047db658ffcf8ccbacfb90a4
-http/exposures/files/drupal-install.yaml:becf211637e4dbbe6b1f0fa018d53f4ea23de648
 http/exposures/files/ds-store-file.yaml:679fb351af4567e417c0697f8d3298ddc14767b4
 http/exposures/files/dwsync-exposure.yaml:811dc04f9ef973b6d48e8b007590508b61230b4b
 http/exposures/files/environment-rb.yaml:cfd936dc5174ec7eee345830477ad8ee013d5eb4
@@ -4533,6 +4536,7 @@ http/exposures/files/filezilla.yaml:a04a2de7145d42c6cc63a59edf5c13c9660218b5
 http/exposures/files/ftpconfig.yaml:37d46a4726edffd9d686224d0a3be7df6ec2780d
 http/exposures/files/gcloud-access-token.yaml:62d8288a11a5350a01d3e0041ac28c92b7889910
 http/exposures/files/gcloud-credentials.yaml:2343f7b00527e9831a765ea61960df72176b1bf1
+http/exposures/files/generic-db.yaml:36dc57f7db3eac512d56d7d54f0bb767cbb7fe88
 http/exposures/files/get-access-token-json.yaml:81c5d4a38a413cda6fbf584f3a955d89dc48a28d
 http/exposures/files/git-mailmap.yaml:456e18f1c474d4628acc7356b1f816f1fee19fcf
 http/exposures/files/github-gemfile-files.yaml:451504bab87de4abd36fd46ad03629bdc24ffe5e
@@ -4822,19 +4826,19 @@ http/exposures/tokens/zendesk/zendesk-key.yaml:002e66de48b921b1485a90c9ee0b8202d
 http/exposures/tokens/zenserp/zenscrape-api-key.yaml:a8b850b2efaae638efc02b5d207fe6bc855610e9
 http/exposures/tokens/zenserp/zenserp-api-key.yaml:dc1d18779abf2831c2b624b8cebad22f57bad735
 http/exposures/tokens/zoho/zoho-webhook-token.yaml:213408cbf1610741f4f31da89e8dba8f3d5b20eb
-http/fuzzing/cache-poisoning-fuzz.yaml:55b0174b93ae85bcd2a5bd8dae8d5f2ee6dc183c
-http/fuzzing/header-command-injection.yaml:531a6bae6185a29c431f42e8f2d0e4931ec82d05
-http/fuzzing/iis-shortname.yaml:3b02c03dfa0000145db4e569e9894ae9f9bfe4e0
-http/fuzzing/linux-lfi-fuzzing.yaml:98fb1f938fadd7dbef664b4fb90f70340998090d
-http/fuzzing/mdb-database-file.yaml:f10257c4e4200709619934b82ad68db7c8ddf918
-http/fuzzing/prestashop-module-fuzz.yaml:7dad3e5599c90ca0dd227bebde42d56d3dc4fe8d
-http/fuzzing/ssrf-via-proxy.yaml:61406c0b18b887b8b0820c01ccb006f25a8febf2
-http/fuzzing/valid-gmail-check.yaml:a9ddd0375c3160a61a5f2387c1113b9b64df8879
-http/fuzzing/waf-fuzz.yaml:d748d662ef552cee252b45d68017a09286c6eb93
-http/fuzzing/wordpress-plugins-detect.yaml:6a6a62082132ee13694282e8b77818db20ae5e64
-http/fuzzing/wordpress-themes-detect.yaml:bac6070c72b0db61adc5945ec1b14326c766cd14
-http/fuzzing/wordpress-weak-credentials.yaml:31dff20ca524cae856476baac860a09fd9a536ed
-http/fuzzing/xff-403-bypass.yaml:debf58b69daf4676a60aba8af99fd6dc99df1d7d
+http/fuzzing/cache-poisoning-fuzz.yaml:f98fed523a1e8b80a6c5c12183c6f072bb81cf5e
+http/fuzzing/header-command-injection.yaml:bf0af66d12ef68c553a7a0d496f469788f3d03c3
+http/fuzzing/iis-shortname.yaml:aafbc44fc50e604004bf52f14b83354e24163827
+http/fuzzing/linux-lfi-fuzzing.yaml:a92bbc9f1c966c3f909279c49e2dee0a2bfffac9
+http/fuzzing/mdb-database-file.yaml:f6bb4e9e482516e6a861cc1efc68063e61778d13
+http/fuzzing/prestashop-module-fuzz.yaml:8e7f0e0bd609549e38f8eadc603360e8a56f2a02
+http/fuzzing/ssrf-via-proxy.yaml:8b57f45fe9d33268b5ae1dcd1a73301a47dfee62
+http/fuzzing/valid-gmail-check.yaml:a91c4df030cbeb5d163df9a3150cb146eb495412
+http/fuzzing/waf-fuzz.yaml:0bf3b44516d1eab46bbc11fb2eada0293c76a2ad
+http/fuzzing/wordpress-plugins-detect.yaml:4bd980e6a9b9246896b0961dbff25a199038bcf0
+http/fuzzing/wordpress-themes-detect.yaml:86b90c67fd9c7fb48a6eff67fdb63a185f402ea8
+http/fuzzing/wordpress-weak-credentials.yaml:13dbc34b62167f75f802b83a3e71d89387ba54a6
+http/fuzzing/xff-403-bypass.yaml:23f78013ddcc53b07fbc3a114f0eaa45f90001d5
 http/honeypot/citrix-honeypot-detect.yaml:a632cb08a12e2d3dfe69f8b4e8d0cbd4d44cbbc5
 http/honeypot/dionaea-http-honeypot-detect.yaml:7830d2af83e16b50c0a4b647defe89c9ac5efe25
 http/honeypot/elasticpot-honeypot-detect.yaml:73cb47452335d2c4e95f07bdbaabcb7800b634aa
@@ -4895,7 +4899,7 @@ http/miscellaneous/balada-injector-malware.yaml:46e26d3735f737c251df9a46d7091f3d
 http/miscellaneous/clientaccesspolicy.yaml:f1ce4622fb979da2754ffba7bf52cdfe3fc470d0
 http/miscellaneous/crypto-mining-malware.yaml:10c82a94c2cf226eb22b8ac8e10dc88d8aa24387
 http/miscellaneous/defaced-website-detect.yaml:045ede38b93611039e21dc0f249ddebf3a5499e5
-http/miscellaneous/defacement-detect.yaml:4bb02fec3ec11dcb407a956be1fc2f0a6bcc9897
+http/miscellaneous/defacement-detect.yaml:0636060c6c434c29a127d7cac1a29f86167d420e
 http/miscellaneous/detect-dns-over-https.yaml:46b316a9632c17d9cf75cbb27de9c706c9a14b0b
 http/miscellaneous/dir-listing.yaml:dad3bf5aa871745ab62bf6f4b61909bde637e326
 http/miscellaneous/email-extractor.yaml:5815f093718b70c0b64c4c423cd1ec8ab94f1281
@@ -4912,7 +4916,7 @@ http/miscellaneous/maxforwards-headers-detect.yaml:9d69555c1fc58f644b5ccf2644e0a
 http/miscellaneous/microsoft-azure-error.yaml:bfa3c53d4023d524a09ba3565bd3bf63204ac58a
 http/miscellaneous/moodle-changelog.yaml:9dbf59caabecc08967456fa3986046e33f4dbf43
 http/miscellaneous/netflix-conductor-version.yaml:31ad2c649ff4aa0703a5c7cd4e36d2245a8993e0
-http/miscellaneous/ntlm-directories.yaml:8d2b0ffc05206f993712a9bbd94071107bcda074
+http/miscellaneous/ntlm-directories.yaml:8d52b0df9375267f6ba7840037a48a96cb971dda
 http/miscellaneous/old-copyright.yaml:de816764aefeaf59f75201740f4f82fb31071194
 http/miscellaneous/options-method.yaml:2e0edc5993baa53c6fb7e8307c80ea26254bc3e4
 http/miscellaneous/rdap-whois.yaml:c25cfe8b61f82c032de77398cf1aed94f56f0004
@@ -4958,7 +4962,7 @@ http/misconfiguration/aem/aem-secrets.yaml:346f23f7070fdf59c2c76fddd12a5eb4f31c7
 http/misconfiguration/aem/aem-security-users.yaml:ff974be49aaee03897db4a6d40117b9e5d02598d
 http/misconfiguration/aem/aem-setpreferences-xss.yaml:dd08fc188a7ad278c8ee3082b66d9d2282d1c9e8
 http/misconfiguration/aem/aem-sling-userinfo.yaml:f38274749b0668275a6b8cdddc2707bbde9eb1a0
-http/misconfiguration/aem/aem-userinfo-servlet.yaml:47c5ab71db4a7fde4c72b30d1c273f2dc2e637b9
+http/misconfiguration/aem/aem-userinfo-servlet.yaml:4e42c3fd5d4ae21b1e0a686a35c69394d1d9d32b
 http/misconfiguration/aem/aem-wcm-suggestions-servlet.yaml:cc07ee10590df2dd7de1d03c73167bbd4d81b95b
 http/misconfiguration/aem/aem-xss-childlist-selector.yaml:a9ecdb229a17db9192821a583549813a1bb1fc3c
 http/misconfiguration/airflow/airflow-debug.yaml:c18746cecd6f440d9367f6ebe1ce70ff34e508af
@@ -5073,7 +5077,7 @@ http/misconfiguration/gitlab/gitlab-public-repos.yaml:1a2b426983d0ca449461a9ece3
 http/misconfiguration/gitlab/gitlab-public-signup.yaml:f604c8044baffdf63ed2215ccec5b5721202144b
 http/misconfiguration/gitlab/gitlab-public-snippets.yaml:64aa47f34d185b8bbbc04b242eb0a76886d641ec
 http/misconfiguration/gitlab/gitlab-uninitialized-password.yaml:d9959b940359896de41142fe765303a3627c7ae5
-http/misconfiguration/gitlab/gitlab-user-enum.yaml:899a8a3e6898f4898986bb1bda5e248b360bd427
+http/misconfiguration/gitlab/gitlab-user-enum.yaml:09ffd851b3108524029e04ca4f1a501e1c580757
 http/misconfiguration/gitlist-disclosure.yaml:8111ac3c10bc09b42d9c2bc565cd5758cb6a220e
 http/misconfiguration/global-traffic-statistics.yaml:f5ab7750ae4d32d8b857b8290bcd98ac1358fa0d
 http/misconfiguration/glpi-directory-listing.yaml:29bb88890e78f83428d00799224679dfd993e1bc
@@ -5129,6 +5133,7 @@ http/misconfiguration/installer/discourse-installer.yaml:cf9bf85966145a193efedf3
 http/misconfiguration/installer/dokuwiki-installer.yaml:a572ea8dd4751008cd46b4319fe478d147173ac7
 http/misconfiguration/installer/dolibarr-installer.yaml:6c971d39c8f61247ee422817192d8d1af5918a3f
 http/misconfiguration/installer/dolphin-installer.yaml:66ccbdc0d810c8fb5876d46e8c7780da1efd6057
+http/misconfiguration/installer/drupal-install.yaml:8935c0e57b3677226b50338b8495600390d3e8b0
 http/misconfiguration/installer/easyscripts-installer.yaml:4cb8db53f08ed1bf8172866766c33878f579fda9
 http/misconfiguration/installer/eshop-installer.yaml:c83244265e0cd9499cee6ecfd6fda805b6475251
 http/misconfiguration/installer/espeasy-installer.yaml:051a8d1869f34a42c6d6a287ff2668c3b07c2b99
@@ -5320,9 +5325,9 @@ http/misconfiguration/proxy/metadata-hetzner.yaml:99b85a4199e83eff23ec416b6b6fff
 http/misconfiguration/proxy/metadata-openstack.yaml:6e1984d2e3aa87e07e6b7db80dbd7c9d10c9d417
 http/misconfiguration/proxy/metadata-oracle.yaml:93d94888c382735e755c96a1908859778f1308ef
 http/misconfiguration/proxy/open-proxy-external.yaml:e05b7e6f0744ee250192e9167a89b4d6c7dfdee1
-http/misconfiguration/proxy/open-proxy-internal.yaml:5de892d38ee34977924d4eb2cbd644b4b51fe567
-http/misconfiguration/proxy/open-proxy-localhost.yaml:4cd4b2b6c999578dff79a1d9d0aab65b759db464
-http/misconfiguration/proxy/open-proxy-portscan.yaml:e4806af440f78fced0b1239e83f9a5b440c4b4ee
+http/misconfiguration/proxy/open-proxy-internal.yaml:231fecdb37f031eb304aba2267a8ba6ad16641ec
+http/misconfiguration/proxy/open-proxy-localhost.yaml:583e013ed1b8deaaa42735861dc5201a8285afc6
+http/misconfiguration/proxy/open-proxy-portscan.yaml:790b7ea770648cb312cb5c103951c3c7254cb0c2
 http/misconfiguration/puppetdb-dashboard.yaml:5b1f354f5ab9343e46a20bd7c76a8ee044cf71b4
 http/misconfiguration/put-method-enabled.yaml:4cbb1715aeb73cf6e638b02c9951ff02c7a67756
 http/misconfiguration/python-metrics.yaml:0b1d1102e4329ebf75ae5cc259898f1cb1cd9670
@@ -6426,7 +6431,7 @@ http/technologies/fanruanoa-detect.yaml:e7b2e01057d3be79d3ddbcc64b33f9af7a33bbb1
 http/technologies/fanruanoa2012-detect.yaml:f9a6f78d0d2e34d49a10f73f592bd87169259bac
 http/technologies/fastjson-version.yaml:50f165d16a31d441a597695102e983ebbaa1857a
 http/technologies/favicon-detect.yaml:10cb70dd76719f7850249d0b9184054205fd47f5
-http/technologies/fingerprinthub-web-fingerprints.yaml:27e666a6c70080629b106d8a7549a69b04e80292
+http/technologies/fingerprinthub-web-fingerprints.yaml:4dbe54eb11797d8ee2acfbafbf269363102734bd
 http/technologies/froxlor-detect.yaml:67aaf702a20981d17394938929f1835d6b48e6b2
 http/technologies/geo-webserver-detect.yaml:53e3388afdaa4abc6d221db435f0c3ee78dfe3e9
 http/technologies/geth-server-detect.yaml:caf614fcafdfca5f044916adf9dde2abb41b46a9
@@ -6447,7 +6452,7 @@ http/technologies/google-frontend-httpserver.yaml:de094bfafe3b5aea16e1bffb3ab80c
 http/technologies/graphiql-detect.yaml:a50e33498f73c5c27694fdad64d7d5f06dc1fe29
 http/technologies/graphql-detect.yaml:a0566e15058b3aeb2d4dae77cc99d23355938dac
 http/technologies/grav-cms-detect.yaml:f353a0fa76204ccd1c894aa850f977fef8c769f1
-http/technologies/graylog/graylog-api-exposure.yaml:c669347801d0d2a1ec1f100228f4f48e99f28dd9
+http/technologies/graylog/graylog-api-exposure.yaml:d101cae7fd923dd7f233bf27e3a9b3628b8c3d5e
 http/technologies/graylog-api-browser.yaml:5aaa8bff99b57cf700d0923b48778048789f2389
 http/technologies/gunicorn-detect.yaml:4e32fda7d9483af8c21fd3ea7fa6669266e23d0d
 http/technologies/hanwang-detect.yaml:4866144f96b1fbc18567e10ad7732b8a1a8dfc5f
@@ -6532,7 +6537,7 @@ http/technologies/microsoft/aspnetmvc-version-disclosure.yaml:341d9ec2d4e676c7d0
 http/technologies/microsoft/default-iis7-page.yaml:c4e22ee6e9c969c526ea2609a510a8e23150963d
 http/technologies/microsoft/default-microsoft-azure-page.yaml:edf6bd39671cbd1eeda217a1956965a66e368d06
 http/technologies/microsoft/default-windows-server-page.yaml:eddc0c09081a8fdfdd579671ba67816b49e8bb81
-http/technologies/microsoft/microsoft-iis-version.yaml:879e7e413c5a14c9f8d60c781d1a2d6e14082a0c
+http/technologies/microsoft/microsoft-iis-version.yaml:dcf1fea08a8e195fb4fb800bddc0355619141c06
 http/technologies/microsoft/microsoft-sharepoint-detect.yaml:dabe925d2623a1e643cc36887c63daa6079a51d7
 http/technologies/microsoft/ms-exchange-server.yaml:ac56edde8f4b9be40add08dffaa028504eeedd69
 http/technologies/microsoft/sql-server-reporting.yaml:f09e2468fe44fbccafc12b034f080bee81f7c7e8
@@ -6677,6 +6682,7 @@ http/technologies/web-ftp-detect.yaml:ceaf8743ca94c6fbf3e7d380d0ed9be6f3796120
 http/technologies/web-suite-detect.yaml:94ce185f9aee3a32ab9391218413ba5b4efd408f
 http/technologies/weblogic-detect.yaml:57acbd03a2cd58cd94f92843578359a5b479ac5d
 http/technologies/werkzeug-debugger-detect.yaml:af81a25156ac286ceb63a2599e8b8ddfc6a34542
+http/technologies/wing-ftp-service-detect.yaml:0df5cbc14e688f4a21fb88751550ed2dc27e5497
 http/technologies/wms-server-detect.yaml:a12dcf5c63bb483cadc2179824ea7bc811565a9d
 http/technologies/wondercms-detect.yaml:940ebbd50bb93299d72b2cc4712da95f4dcb24e8
 http/technologies/wordpress/plugins/ad-inserter.yaml:e1496850b2a8ebec1b470544d5bb38e52760d900
@@ -7702,7 +7708,7 @@ http/vulnerabilities/thinkphp/thinkphp-509-information-disclosure.yaml:63ec56f7d
 http/vulnerabilities/tongda/tongda-action-uploadfile.yaml:26127f055c9c3ffa79366002ca95ea0c80a9c1dc
 http/vulnerabilities/tongda/tongda-api-file-upload.yaml:868bdf72215e96c1c0b2f2a4e68ecefa98bf453c
 http/vulnerabilities/tongda/tongda-arbitrary-login.yaml:813a5228a57a292be77d48351f979e9b4ce4bdcc
-http/vulnerabilities/tongda/tongda-auth-bypass.yaml:f661e567e8d9b51bdf29cc07155b552b92beab20
+http/vulnerabilities/tongda/tongda-auth-bypass.yaml:99626945f8fb206ae2046e9f22cebadaef9eef0e
 http/vulnerabilities/tongda/tongda-contact-list-exposure.yaml:d1d9be064a074860683581a4e84f8e85a3abfc27
 http/vulnerabilities/tongda/tongda-getdata-rce.yaml:b4452e0abc9faa89378a2d6b14c6ef99eddbb56d
 http/vulnerabilities/tongda/tongda-getway-rfi.yaml:02cae92f443ca026546155a79f51aab073d2a0dd
@@ -7944,7 +7950,7 @@ http/vulnerabilities/wordpress/wp-vault-lfi.yaml:12ee639ae8dd7fb66560ac713aab3a4
 http/vulnerabilities/wordpress/wp-woocommerce-email-verification.yaml:d36b1dafca4c01fbc15d17c4e884144f36974304
 http/vulnerabilities/wordpress/wp-woocommerce-file-download.yaml:9cd53ef3a743e970ff37c36b2c9640781d578878
 http/vulnerabilities/wordpress/wp-woocommerce-pdf-invoice-listing.yaml:0e1c6d447132c374e620d553de2cd8a8468f917e
-http/vulnerabilities/wordpress/wp-xmlrpc-brute-force.yaml:9d1201fd282d799868a36ce2c49476f8c146711e
+http/vulnerabilities/wordpress/wp-xmlrpc-brute-force.yaml:a9c485aef2957f73eec1ea22a2b851f98284f9c9
 http/vulnerabilities/wordpress/wp-xmlrpc-pingback-detection.yaml:f72f913987c22ad251d6b4b09e10fe57f20f0727
 http/vulnerabilities/wordpress/wp-xmlrpc.yaml:b55a9ba158dc74c9797ce3cddb6464bf48106074
 http/vulnerabilities/wordpress/wp-yoast-user-enumeration.yaml:ec8dd93cf0c3f663465b7191136013def01f5d0f
@@ -7985,13 +7991,13 @@ http/vulnerabilities/zzzcms/zzzcms-info-disclosure.yaml:daa2040c8238fbe51311e7ac
 http/vulnerabilities/zzzcms/zzzcms-ssrf.yaml:80348e0fda22d428224a9a62afae01b8380694a0
 http/vulnerabilities/zzzcms/zzzcms-xss.yaml:61a6fd65556054e8e2a631080388aff7aed42f6b
 javascript/cves/2016/CVE-2016-8706.yaml:823829801f090b3c8aa0b65a21f506da440cb2a0
-javascript/cves/2023/CVE-2023-34039.yaml:15973462461926ddb4e6991f45579aa54ae7fc29
+javascript/cves/2023/CVE-2023-34039.yaml:d24071fd6387e212e60bd6503d2611015bea58cb
 javascript/cves/2023/CVE-2023-46604.yaml:5f4409197ba9dd7f86ae5de4beb6409ce7f1bfb8
 javascript/cves/2024/CVE-2024-23897.yaml:2de4bb803c9ebd5e8a989cc1760102ea53ee95d3
 javascript/default-logins/mssql-default-logins.yaml:b95502ea9632648bc430c61995e3d80d0c46f161
 javascript/default-logins/postgres-default-logins.yaml:0b960d1c695d009536b0846c5a393731d3fac7ad
 javascript/default-logins/redis-default-logins.yaml:f9a03987fac4e8150d9b8d5ab80779c6f41d8b7f
-javascript/default-logins/ssh-default-logins.yaml:63a239d5a020912bf1e33b4ff59606e25181afe3
+javascript/default-logins/ssh-default-logins.yaml:7e0cd6f7e1cd9ff4473f9c0d9061f056234cbb62
 javascript/detection/mssql-detect.yaml:3dad2c227b904cc228247a86bf0372c5b2544b94
 javascript/detection/oracle-tns-listener.yaml:3d274f668de183b62c79c04782bf0740150b4423
 javascript/detection/ssh-auth-methods.yaml:7240dac7d7ee80f4aebf95f7ddf7a540874adf04
@@ -8136,10 +8142,10 @@ network/misconfig/erlang-daemon.yaml:5360cef90f48dc3c6bdab6df6e44245f243f423c
 network/misconfig/ganglia-xml-grid-monitor.yaml:dac3b1babe27265e34d19b1bac7388d65f89281b
 network/misconfig/memcached-stats.yaml:18844aac24b0279e3bb974baccf32256d5482109
 network/misconfig/mongodb-unauth.yaml:0a25bf55d5fedd1b56c397ae27e93483018ae16a
-network/misconfig/mysql-native-password.yaml:a9f7b3791ec021bec37c88303be460decc98069f
+network/misconfig/mysql-native-password.yaml:610a602de84dc589c5f48b133d27f6b77f3cc422
 network/misconfig/printers-info-leak.yaml:3eaf0fc4e07c21308b3bd7f387f2f6765979ad15
 network/misconfig/sap-router-info-leak.yaml:a7ebbd8a06f5add2a3ded6259da9b3b3b5e0f005
-network/misconfig/tidb-native-password.yaml:cee939c1ed6cf22fbd0fc3d2d6b4047ab02a5fa0
+network/misconfig/tidb-native-password.yaml:e59b6ae7f999845de1660e740e99c300175f2845
 network/misconfig/tidb-unauth.yaml:5c00fa571b47b099a046afc2a7ff5aba4bfd20fd
 network/misconfig/unauth-psql.yaml:4234beb83e518739f430de109340c402c96a3740
 network/vulnerabilities/clockwatch-enterprise-rce.yaml:3b34549e3d1b3ddcddab7a8cdfd7b9c57c8f2d37
@@ -8170,7 +8176,7 @@ ssl/tls-version.yaml:4e40f08efbb39172b9280ea9e26ca5f0a14a575a
 ssl/untrusted-root-certificate.yaml:a91d36990a1d052f5ee64d170ad8f084d38dab19
 ssl/weak-cipher-suites.yaml:62fe808d9dfafda67c410e6cb9445fdc70257e89
 ssl/wildcard-tls.yaml:d244f62c7bd22d3868fc6fc7cb9550af6b261210
-templates-checksum.txt:59b8ce63bd6dd7ced361b025574c2da600135edb
+templates-checksum.txt:128d6f230562518d7dd61144f475986ae8d2e63c
 wappalyzer-mapping.yml:7f03bd65baacac20c1dc6bbf35ff2407959574f1
 workflows/74cms-workflow.yaml:bb010e767ad32b906153e36ea618be545b4e22d0
 workflows/acrolinx-workflow.yaml:8434089bb55dec3d7b2ebc6a6f340e73382dd0c4