Dashboard Content Enhancement (#4020)

* Enhancement: cnvd/2021/CNVD-2021-15822.yaml by mp

* Enhancement: exposed-panels/apache/tomcat-pathnormalization.yaml by mp

* Enhancement: cves/2021/CVE-2021-40542.yaml by mp

* Enhancement: misconfiguration/horde-unauthenticated.yaml by mp

* Enhancement: misconfiguration/horde-unauthenticated.yaml by mp

* Enhancement: misconfiguration/horde-unauthenticated.yaml by mp

* Enhancement: cves/2021/CVE-2021-40542.yaml by mp

* Enhancement: exposed-panels/apiman-panel.yaml by mp

* Enhancement: cves/2010/CVE-2010-1873.yaml by mp

* Enhancement: exposed-panels/arcgis/arcgis-panel.yaml by mp

* Enhancement: exposed-panels/arcgis/arcgis-rest-api.yaml by mp

* Enhancement: exposed-panels/argocd-login.yaml by mp

* Enhancement: exposed-panels/atlassian-crowd-panel.yaml by mp

* Enhancement: exposed-panels/atvise-login.yaml by mp

* Enhancement: exposed-panels/avantfax-panel.yaml by mp

* Enhancement: exposed-panels/avatier-password-management.yaml by mp

* Enhancement: exposed-panels/axigen-webadmin.yaml by mp

* Enhancement: exposed-panels/axigen-webmail.yaml by mp

* Enhancement: exposed-panels/azkaban-web-client.yaml by mp

* Enhancement: exposed-panels/acunetix-panel.yaml by mp

* Enhancement: exposed-panels/adiscon-loganalyzer.yaml by mp

* Enhancement: exposed-panels/adminer-panel.yaml by mp

* Enhancement: cves/2010/CVE-2010-1870.yaml by mp

* Enhancement: exposed-panels/adminset-panel.yaml by mp

* Enhancement: exposed-panels/adobe/adobe-component-login.yaml by mp

* Enhancement: exposed-panels/adobe/adobe-connect-central-login.yaml by mp

* Enhancement: exposed-panels/adobe/adobe-experience-manager-login.yaml by mp

* Enhancement: exposed-panels/adobe/adobe-media-server.yaml by mp

* Enhancement: exposed-panels/advance-setup.yaml by mp

* Enhancement: exposed-panels/aerohive-netconfig-ui.yaml by mp

* Enhancement: exposed-panels/aims-password-mgmt-client.yaml by mp

* Enhancement: exposed-panels/aims-password-mgmt-client.yaml by mp

* Enhancement: exposed-panels/aims-password-portal.yaml by mp

* Enhancement: exposed-panels/airflow-panel.yaml by mp

* Enhancement: exposed-panels/airflow-panel.yaml by mp

* spacing issues

* Spacing

* HTML codes improperly interpreted
Relocate horde-unauthenticated.yaml to CVE-2005-3344.yaml

* Relocate horde-unauthenticated.yaml to CVE-2005-3344.yaml

* Enhancement: technologies/waf-detect.yaml by mp

* Enhancement: vulnerabilities/wordpress/wordpress-wpcourses-info-disclosure.yaml by mp

* Enhancement: vulnerabilities/wordpress/wordpress-wpcourses-info-disclosure.yaml by mp

* Enhancement: network/sap-router-info-leak.yaml by mp

* Enhancement: vulnerabilities/wordpress/wordpress-wpcourses-info-disclosure.yaml by mp

* Enhancement: network/sap-router-info-leak.yaml by mp

* Enhancement: network/exposed-adb.yaml by mp

* Enhancement: vulnerabilities/vmware/vrealize-operations-log4j-rce.yaml by mp

* Enhancement: vulnerabilities/vmware/vrealize-operations-log4j-rce.yaml by mp

* Enhancement: vulnerabilities/vmware/vrealize-operations-log4j-rce.yaml by mp

* Enhancement: vulnerabilities/vmware/vrealize-operations-log4j-rce.yaml by mp

* Enhancement: vulnerabilities/wordpress/wordpress-woocommerce-sqli.yaml by mp

* Enhancement: exposures/tokens/digitalocean/tugboat-config-exposure.yaml by mp

* Enhancement: exposed-panels/concrete5/concrete5-install.yaml by mp

* Enhancement: vulnerabilities/wordpress/wordpress-infinitewp-auth-bypass.yaml by mp

* indentation issue

* Character encoding issue fix

* Enhancement: default-logins/alibaba/canal-default-login.yaml by mp

* Enhancement: default-logins/alphaweb/alphaweb-default-login.yaml by mp

* Enhancement: default-logins/ambari/ambari-default-login.yaml by mp

* Enhancement: default-logins/apache/airflow-default-login.yaml by mp

* Enhancement: default-logins/apache/apisix-default-login.yaml by mp

* Enhancement: default-logins/apollo/apollo-default-login.yaml by mp

* Enhancement: default-logins/arl/arl-default-login.yaml by mp

* Enhancement: default-logins/digitalrebar/digitalrebar-default-login.yaml by mp

* Enhancement: default-logins/mantisbt/mantisbt-default-credential.yaml by mp

* Enhancement: default-logins/stackstorm/stackstorm-default-login.yaml by mp

* Enhancement: dns/caa-fingerprint.yaml by mp

* Enhancement: exposed-panels/active-admin-exposure.yaml by mp

* Enhancement: exposed-panels/activemq-panel.yaml by mp

* Enhancement: default-logins/ambari/ambari-default-login.yaml by mp

* Restore & stomped by dashboard

* Enhancement: cves/2010/CVE-2010-1653.yaml by mp

* Enhancement: cves/2021/CVE-2021-38751.yaml by mp

* Enhancement: cves/2021/CVE-2021-39320.yaml by mp

* Enhancement: cves/2021/CVE-2021-39322.yaml by mp

* Enhancement: cves/2021/CVE-2021-39327.yaml by mp

* Enhancement: cves/2021/CVE-2021-39350.yaml by mp

* Enhancement: cves/2021/CVE-2021-39433.yaml by mp

* Enhancement: cves/2021/CVE-2021-41192.yaml by mp

* Enhancement: cnvd/2021/CNVD-2021-15824.yaml by mp

* Enhancement: exposed-panels/ansible-semaphore-panel.yaml by mp

* Enhancement: exposed-panels/aviatrix-panel.yaml by mp

* Enhancement: cves/2022/CVE-2022-24288.yaml by mp

* Enhancement: cves/2022/CVE-2022-24990.yaml by mp

* Enhancement: cves/2022/CVE-2022-26159.yaml by mp

* Enhancement: default-logins/aem/aem-default-login.yaml by mp

* Enhancement: exposed-panels/blue-iris-login.yaml by mp

* Enhancement: exposed-panels/bigbluebutton-login.yaml by mp

* Enhancement: cves/2022/CVE-2022-24288.yaml by mp

* Enhancement: cves/2022/CVE-2022-24990.yaml by mp

* Enhancement: cves/2022/CVE-2022-26159.yaml by mp

* Enhancement: default-logins/aem/aem-default-login.yaml by mp

* Spacing issues
Add cve-id field

* fix & stomping

* Enhancement: cves/2016/CVE-2016-1000141.yaml by mp

* Enhancement: cves/2020/CVE-2020-24912.yaml by mp

* Enhancement: cves/2021/CVE-2021-35265.yaml by mp

* Enhancement: cves/2022/CVE-2022-0437.yaml by mp

* Enhancement: cves/2010/CVE-2010-1601.yaml by mp

* Enhancement: technologies/teradici-pcoip.yaml by mp

* Enhancement: vulnerabilities/other/unauth-hoteldruid-panel.yaml by mp

* Enhancement: cves/2010/CVE-2010-1475.yaml by mp

* Enhancement: cves/2010/CVE-2010-1535.yaml by mp

* Enhancement: exposed-panels/epson-web-control-detect.yaml by mp

* Enhancement: exposed-panels/epson-access-detect.yaml by mp

* Enhancement: cves/2020/CVE-2020-29453.yaml by mp

* Fix spacing

* Remove empty cve lines and relocate tags

* Remove blank cve lines & move tags

* Fix merge errors

* Enhancement: cves/2020/CVE-2020-21224.yaml by mp

* Enhancement: cves/2020/CVE-2020-24148.yaml by mp

* Enhancement: cves/2020/CVE-2020-24391.yaml by mp

* Enhancement: cves/2020/CVE-2020-24589.yaml by mp

* Enhancement: cves/2020/CVE-2020-25213.yaml by mp

* Enhancement: cves/2020/CVE-2020-25223.yaml by mp

* Enhancement: cves/2020/CVE-2020-25506.yaml by mp

* Enhancement: cves/2020/CVE-2020-2551.yaml by mp

* Enhancement: cves/2020/CVE-2020-28871.yaml by mp

* Enhancement: cves/2020/CVE-2020-28188.yaml by mp

* Enhancement: cves/2020/CVE-2020-26948.yaml by mp

* Enhancement: cves/2020/CVE-2020-26919.yaml by mp

* Enhancement: cves/2020/CVE-2020-26214.yaml by mp

* Enhancement: cves/2020/CVE-2020-25223.yaml by mp

* Enhancement: cves/2020/CVE-2020-21224.yaml by mp

* Enhancement: cves/2020/CVE-2020-24148.yaml by mp

* Enhancement: cves/2020/CVE-2020-24186.yaml by mp

* Enhancement: cves/2020/CVE-2020-24186.yaml by mp

* Enhancement: cves/2020/CVE-2020-24391.yaml by mp

* Enhancement: cves/2020/CVE-2020-24589.yaml by mp

* Enhancement: cves/2020/CVE-2020-25213.yaml by mp

* Enhancement: cves/2020/CVE-2020-25223.yaml by mp

* Enhancement: cves/2020/CVE-2020-25506.yaml by mp

* Enhancement: cves/2020/CVE-2020-28871.yaml by mp

* Enhancement: cves/2020/CVE-2020-28188.yaml by mp

* Enhancement: cves/2020/CVE-2020-26948.yaml by mp

* Enhancement: cves/2020/CVE-2020-26919.yaml by mp

* Enhancement: cves/2020/CVE-2020-26214.yaml by mp

* Syntax cleanup

* Enhancement: cves/2021/CVE-2021-38647.yaml by mp

* Syntax and a title change

* Enhancement: cves/2021/CVE-2021-38702.yaml by mp

* Fix references

* Enhancement: cves/2021/CVE-2021-38704.yaml by mp

* Enhancement: cves/2021/CVE-2021-41691.yaml by mp

* Enhancement: cves/2021/CVE-2021-41691.yaml by mp

* Enhancement: cves/2021/CVE-2021-41691.yaml by mp

* Enhancement: cves/2021/CVE-2021-44529.yaml by mp

* Conflicts resolved

* Fix quoting

* Enhancement: cves/2021/CVE-2021-45967.yaml by mp

* Enhancement: cves/2022/CVE-2022-0189.yaml by mp

* Enhancement: cves/2022/CVE-2022-0189.yaml by mp

* Enhancement: cves/2022/CVE-2022-23779.yaml by mp

* Enhancement: default-logins/apache/dolphinscheduler-default-login.yaml by mp

* Enhancement: default-logins/cobbler/hue-default-credential.yaml by mp

* Enhancement: default-logins/emqx/emqx-default-login.yaml by mp

* Enhancement: default-logins/geoserver/geoserver-default-login.yaml by mp

* Enhancement: cves/2021/CVE-2021-38647.yaml by mp

* Enhancement: cves/2021/CVE-2021-41691.yaml by mp

* Enhancement: cves/2021/CVE-2021-45967.yaml by mp

* Enhancement: cves/2022/CVE-2022-0189.yaml by mp

* Enhancement: cnvd/2021/CNVD-2021-14536.yaml by mp

* Enhancement: default-logins/apache/dolphinscheduler-default-login.yaml by mp

* Enhancement: default-logins/geoserver/geoserver-default-login.yaml by mp

* Update CVE-2020-25223.yaml

* Update CVE-2020-26214.yaml

* Update CVE-2020-25506.yaml

* Update CVE-2020-2551.yaml

* Update CVE-2020-26919.yaml

* Update CVE-2021-44529.yaml

* Update CVE-2020-28871.yaml

* Update CVE-2020-28188.yaml

* Update CVE-2021-45967.yaml

* Update hue-default-credential.yaml

* Update CVE-2021-44529.yaml

* misc syntax update

* Syntax  restore some characters

* Spacing

* Enhancement: vulnerabilities/wordpress/hide-security-enhancer-lfi.yaml by mp

* Enhancement: vulnerabilities/wordpress/issuu-panel-lfi.yaml by mp

* Enhancement: cves/2019/CVE-2019-10068.yaml by mp

* Enhancement: cves/2019/CVE-2019-10232.yaml by mp

* Enhancement: cves/2019/CVE-2019-10758.yaml by mp

* Enhancement: cves/2019/CVE-2019-11510.yaml by mp

* Enhancement: cves/2019/CVE-2019-11580.yaml by mp

* Enhancement: cves/2019/CVE-2019-11581.yaml by mp

* Enhancement: cves/2019/CVE-2019-12314.yaml by mp

* Enhancement: cves/2019/CVE-2019-13101.yaml by mp

* Link wrapping issue

* Enhancement: cves/2019/CVE-2019-13462.yaml by mp

* Enhancement: cves/2019/CVE-2019-15107.yaml by mp

* Enhancement: cves/2019/CVE-2019-15859.yaml by mp

* Enhancement: cves/2019/CVE-2019-16759.yaml by mp

* Enhancement: cves/2019/CVE-2019-16662.yaml by mp

* Enhancement: cves/2019/CVE-2019-16278.yaml by mp

* Enhancement: cves/2019/CVE-2019-10232.yaml by mp

* Enhancement: cves/2019/CVE-2019-10758.yaml by mp

* Enhancement: cves/2019/CVE-2019-11510.yaml by mp

* Enhancement: cves/2019/CVE-2019-12725.yaml by mp

* Enhancement: cves/2019/CVE-2019-13101.yaml by mp

* Enhancement: cves/2019/CVE-2019-15107.yaml by mp

* Enhancement: cves/2019/CVE-2019-15859.yaml by mp

* Enhancement: cves/2019/CVE-2019-16662.yaml by mp

* Enhancement: cnvd/2021/CNVD-2021-10543.yaml by cs

* Enhancement: cves/2021/CVE-2021-33807.yaml by mp

* Enhancement: cves/2010/CVE-2010-0943.yaml by mp

* Enhancement: cves/2008/CVE-2008-6172.yaml by mp

* Enhancement: vulnerabilities/simplecrm/simple-crm-sql-injection.yaml by mp

* Enhancement: vulnerabilities/oracle/oracle-siebel-xss.yaml by mp

* Enhancement: cves/2010/CVE-2010-1602.yaml by mp

* Enhancement: cves/2010/CVE-2010-1474.yaml by mp

* Enhancement: network/cisco-smi-exposure.yaml by mp

* Enhancement: cves/2021/CVE-2021-37704.yaml by mp

* Enhancement: vulnerabilities/other/microweber-xss.yaml by mp

* Enhancement: cves/2019/CVE-2019-16313.yaml by mp

* Enhancement: cves/2021/CVE-2021-3017.yaml by mp

* Enhancement: cves/2010/CVE-2010-1353.yaml by mp

* Enhancement: cves/2010/CVE-2010-5278.yaml by mp

* Enhancement: cves/2021/CVE-2021-37573.yaml by mp

* Enhancement: vulnerabilities/oracle/oracle-siebel-xss.yaml by mp

* Enhancement: cves/2010/CVE-2010-1602.yaml by mp

* Enhancement: cves/2010/CVE-2010-1474.yaml by mp

* Enhancement: vulnerabilities/other/microweber-xss.yaml by mp

* Enhancement: cves/2018/CVE-2018-11709.yaml by mp

* Enhancement: cves/2014/CVE-2014-2321.yaml by mp

* Enhancement: vulnerabilities/other/visual-tools-dvr-rce.yaml by mp

* Enhancement: vulnerabilities/other/visual-tools-dvr-rce.yaml by mp

* Manual enhancement

* Manual enhancement push due to dashboard failure

* Testing of dashboard accidentally commited to dashboard branch

* Spacing
Put some CVEs in the classification

* Add missing cve-id fields to templates in cve/

Co-authored-by: sullo <sullo@cirt.net>
Co-authored-by: Prince Chaddha <prince@projectdiscovery.io>
Co-authored-by: sandeep <sandeep@projectdiscovery.io>

cves/2002/CVE-2002-1131.yaml

@@ -6,6 +6,8 @@ info:
   severity: medium
   description: The Virtual Keyboard plugin for SquirrelMail is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
   reference: https://www.exploit-db.com/exploits/21811
+  classification:
+    cve-id: CVE-2002-1131
   tags: xss,squirrelmail,cve,cve2002
 
 requests:

cves/2005/CVE-2005-4385.yaml

@@ -8,6 +8,8 @@ info:
     - https://nvd.nist.gov/vuln/detail/CVE-2005-4385
   author: geeknik
   severity: medium
+  classification:
+    cve-id: CVE-2005-4385
   tags: cofax,xss,cve,cve2005
 
 requests:

cves/2006/CVE-2006-1681.yaml

@@ -8,6 +8,8 @@ info:
     - https://nvd.nist.gov/vuln/detail/CVE-2006-1681
   author: geeknik
   severity: medium
+  classification:
+    cve-id: CVE-2006-1681
   tags: cherokee,httpd,xss,cve,cve2006
 
 requests:

cves/2006/CVE-2006-2842.yaml

@@ -6,6 +6,8 @@ info:
   severity: high
   description: "PHP remote file inclusion vulnerability in functions/plugin.php in SquirrelMail 1.4.6 and earlier, if register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter.  NOTE: this issue has been disputed by third parties, who state that Squirrelmail provides prominent warnings to the administrator when register_globals is enabled.  Since the varieties of administrator negligence are uncountable, perhaps this type of issue should not be included in CVE.  However, the original developer has posted a security advisory, so there might be relevant real-world environments under which this vulnerability is applicable."
   reference: https://www.exploit-db.com/exploits/27948
+  classification:
+    cve-id: CVE-2006-2842
   tags: cve2006,lfi,squirrelmail,cve
 
 requests:

cves/2007/CVE-2007-0885.yaml

@@ -6,6 +6,8 @@ info:
   reference: https://www.securityfocus.com/archive/1/459590/100/0/threaded
   author: geeknik
   severity: medium
+  classification:
+    cve-id: CVE-2007-0885
   tags: cve,cve2007,jira,xss
 
 requests:

cves/2007/CVE-2007-4504.yaml

@@ -8,6 +8,8 @@ info:
   reference:
     - https://www.exploit-db.com/exploits/4307
     - https://www.cvedetails.com/cve/CVE-2007-4504
+  classification:
+    cve-id: CVE-2007-4504
   tags: cve,cve2007,joomla,lfi
 
 requests:

cves/2007/CVE-2007-4556.yaml

@@ -6,6 +6,8 @@ info:
   severity: critical
   description: Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
   reference: https://www.guildhab.top/?p=2326
+  classification:
+    cve-id: CVE-2007-4556
   tags: cve,cve2007,apache,rce,struts
 
 requests:

cves/2007/CVE-2007-5728.yaml

@@ -5,10 +5,12 @@ info:
   author: dhiyaneshDK
   severity: medium
   description: Cross-site scripting (XSS) vulnerability in phpPgAdmin 3.5 to 4.1.1, and possibly 4.1.2, allows remote attackers to inject arbitrary web script or HTML via certain input available in PHP_SELF in (1) redirect.php, possibly related to (2) login.php, different vectors than CVE-2007-2865.
-  tags: cve,cve2007,xss,pgadmin,phppgadmin
   reference: https://www.exploit-db.com/exploits/30090
   metadata:
     shodan-query: 'http.title:"phpPgAdmin"'
+  classification:
+    cve-id: CVE-2007-5728
+  tags: cve,cve2007,xss,pgadmin,phppgadmin
 
 requests:
   - method: GET

cves/2008/CVE-2008-2398.yaml

@@ -6,6 +6,8 @@ info:
   severity: medium
   description: Cross-site scripting (XSS) vulnerability in index.php in AppServ Open Project 2.5.10 and earlier allows remote attackers to inject arbitrary web script or HTML via the appservlang parameter.
   reference: https://exchange.xforce.ibmcloud.com/vulnerabilities/42546
+  classification:
+    cve-id: CVE-2008-2398
   tags: cve,cve2008,xss
 
 requests:

cves/2008/CVE-2008-2650.yaml

@@ -6,7 +6,10 @@ info:
   description: |
     Directory traversal vulnerability in cmsimple/cms.php in CMSimple 3.1, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sl parameter to index.php. NOTE: this can be leveraged for remote file execution by including adm.php and then invoking the upload action. NOTE: on 20080601, the vendor patched 3.1 without changing the version number.
   reference: https://www.exploit-db.com/exploits/5700
+  classification:
+    cve-id: CVE-2008-2650
   tags: cve,cve2008,lfi
+
 requests:
   - raw:
       - |

cves/2008/CVE-2008-4668.yaml

@@ -8,6 +8,8 @@ info:
   reference:
     - https://www.exploit-db.com/exploits/6618
     - https://www.cvedetails.com/cve/CVE-2008-4668
+  classification:
+    cve-id: CVE-2008-4668
   tags: cve,cve2008,joomla,lfi
 
 requests:

cves/2008/CVE-2008-4764.yaml

@@ -8,6 +8,8 @@ info:
   reference:
     - https://www.exploit-db.com/exploits/5435
     - https://www.cvedetails.com/cve/CVE-2008-4764
+  classification:
+    cve-id: CVE-2008-4764
   tags: cve,cve2008,joomla,lfi
 
 requests:

cves/2008/CVE-2008-5587.yaml

@@ -4,11 +4,13 @@ info:
   name: phpPgAdmin 4.2.1 - '_language' Local File Inclusion
   author: dhiyaneshDK
   severity: medium
+  description: "Directory traversal vulnerability in libraries/lib.inc.php in phpPgAdmin 4.2.1 and earlier, when register_globals is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the _language parameter to index.php."
   reference: https://www.exploit-db.com/exploits/7363
-  tags: cve2008,lfi,phppgadmin
+  classification:
+    cve-id: CVE-2008-5587
   metadata:
     shodan-query: 'http.title:"phpPgAdmin"'
-  description: "Directory traversal vulnerability in libraries/lib.inc.php in phpPgAdmin 4.2.1 and earlier, when register_globals is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the _language parameter to index.php."
+  tags: cve2008,lfi,phppgadmin
 
 requests:
   - method: GET

cves/2008/CVE-2008-6080.yaml

@@ -8,6 +8,8 @@ info:
   reference:
     - https://www.exploit-db.com/exploits/6809
     - https://www.cvedetails.com/cve/CVE-2008-6080
+  classification:
+    cve-id: CVE-2008-6080
   tags: cve,cve2008,joomla,lfi
 
 requests:

cves/2008/CVE-2008-6172.yaml

@@ -4,14 +4,13 @@ info:
   name: Joomla! Component RWCards 3.0.11 - Local File Inclusion
   author: daffainfo
   severity: high
-  description: A directory traversal vulnerability in captcha/captcha_image.php in the RWCards (com_rwcards) 3.0.11 component for Joomla! when magic_quotes_gpc is disabled allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the img parameter.
+  description: "A directory traversal vulnerability in captcha/captcha_image.php in the RWCards (com_rwcards) 3.0.11 component for Joomla! when magic_quotes_gpc is disabled allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the img parameter."
-  remediation: Upgrade to the latest version.
   reference:
     - https://www.exploit-db.com/exploits/6817
     - https://www.cvedetails.com/cve/CVE-2008-6172
-  tags: cve,cve2008,joomla,lfi
   classification:
     cve-id: CVE-2008-6172
+  tags: cve,cve2008,joomla,lfi
 
 requests:
   - method: GET
@@ -29,4 +28,4 @@ requests:
         status:
           - 200
 
-# Enhanced by mp on 2022/01/27
+# Enhanced by mp on 2022/03/30

cves/2008/CVE-2008-6222.yaml

@@ -8,6 +8,8 @@ info:
   reference:
     - https://www.exploit-db.com/exploits/6980
     - https://www.cvedetails.com/cve/CVE-2008-6222
+  classification:
+    cve-id: CVE-2008-6222
   tags: cve,cve2008,joomla,lfi
 
 requests:

cves/2008/CVE-2008-6668.yaml

@@ -8,6 +8,8 @@ info:
     - https://nvd.nist.gov/vuln/detail/CVE-2008-6668
   author: geeknik
   severity: high
+  classification:
+    cve-id: CVE-2008-6668
   tags: nweb2fax,lfi,cve,cve2008,traversal
 
 requests:

cves/2009/CVE-2009-0545.yaml

@@ -6,6 +6,8 @@ info:
   description: cgi-bin/kerbynet in ZeroShell 1.0beta11 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the type parameter in a NoAuthREQ x509List action.
   reference: https://www.exploit-db.com/exploits/8023
   severity: critical
+  classification:
+    cve-id: CVE-2009-0545
   tags: cve,cve2009,zeroshell,kerbynet,rce
 
 requests:

cves/2009/CVE-2009-0932.yaml

@@ -4,11 +4,12 @@ info:
   name: Horde - Horde_Image::factory driver Argument LFI
   author: pikpikcu
   severity: high
-  description: |
+  description: Directory traversal vulnerability in framework/Image/Image.php in Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Horde_Image driver name.
-    Directory traversal vulnerability in framework/Image/Image.php in Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Horde_Image driver name.
   reference:
     - https://www.exploit-db.com/exploits/16154
     - https://nvd.nist.gov/vuln/detail/CVE-2009-0932?cpeVersion=2.2
+  classification:
+    cve-id: CVE-2009-0932
   tags: cve,cve2009,horde,lfi,traversal
 
 requests:

cves/2009/CVE-2009-1151.yaml

@@ -8,6 +8,8 @@ info:
   reference:
     - https://www.phpmyadmin.net/security/PMASA-2009-3/
     - https://github.com/vulhub/vulhub/tree/master/phpmyadmin/WooYun-2016-199433
+  classification:
+    cve-id: CVE-2009-1151
   tags: cve,cve2009,phpmyadmin,rce,deserialization
 
 requests:

cves/2009/CVE-2009-1496.yaml

@@ -8,6 +8,8 @@ info:
   reference:
     - https://www.exploit-db.com/exploits/8367
     - https://www.cvedetails.com/cve/CVE-2009-1496
+  classification:
+    cve-id: CVE-2009-1496
   tags: cve,cve2009,joomla,lfi
 
 requests:

cves/2009/CVE-2009-1558.yaml

@@ -6,6 +6,8 @@ info:
   severity: high
   description: Directory traversal vulnerability in adm/file.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allows remote attackers to read arbitrary files via a %2e. (encoded dot dot) or an absolute pathname in the next_file parameter.
   reference: https://www.exploit-db.com/exploits/32954
+  classification:
+    cve-id: CVE-2009-1558
   tags: cve,cve2009,iot,lfi,linksys,camera,cisco,firmware,traversal
 
 requests:

cves/2009/CVE-2009-1872.yaml

@@ -8,6 +8,8 @@ info:
   reference:
     - https://www.securityfocus.com/archive/1/505803/100/0/threaded
     - https://www.tenable.com/cve/CVE-2009-1872
+  classification:
+    cve-id: CVE-2009-1872
   tags: cve,cve2009,adobe,xss,coldfusion
 
 requests:

cves/2009/CVE-2009-2015.yaml

@@ -8,6 +8,8 @@ info:
   reference:
     - https://www.exploit-db.com/exploits/8898
     - https://www.cvedetails.com/cve/CVE-2009-2015
+  classification:
+    cve-id: CVE-2009-2015
   tags: cve,cve2009,joomla,lfi
 
 requests:

cves/2009/CVE-2009-2100.yaml

@@ -8,6 +8,8 @@ info:
   reference:
     - https://www.exploit-db.com/exploits/8946
     - https://www.cvedetails.com/cve/CVE-2009-2100
+  classification:
+    cve-id: CVE-2009-2100
   tags: cve,cve2009,joomla,lfi
 
 requests:

cves/2009/CVE-2009-3053.yaml

@@ -8,6 +8,8 @@ info:
   reference:
     - https://www.exploit-db.com/exploits/9564
     - https://www.cvedetails.com/cve/CVE-2009-3053
+  classification:
+    cve-id: CVE-2009-3053
   tags: cve,cve2009,joomla,lfi
 
 requests:

cves/2009/CVE-2009-3318.yaml

@@ -8,6 +8,8 @@ info:
   reference:
     - https://www.exploit-db.com/exploits/9706
     - https://www.cvedetails.com/cve/CVE-2009-3318
+  classification:
+    cve-id: CVE-2009-3318
   tags: cve,cve2009,joomla,lfi
 
 requests:

cves/2009/CVE-2009-4202.yaml

@@ -8,6 +8,8 @@ info:
   reference:
     - https://www.exploit-db.com/exploits/8870
     - https://www.cvedetails.com/cve/CVE-2009-4202
+  classification:
+    cve-id: CVE-2009-4202
   tags: cve,cve2009,joomla,lfi,photo
 
 requests:

cves/2009/CVE-2009-4223.yaml

@@ -8,6 +8,8 @@ info:
     - https://www.exploit-db.com/exploits/10216
   author: geeknik
   severity: high
+  classification:
+    cve-id: CVE-2009-4223
   tags: cve,cve2009,krweb,rfi
 
 requests:

cves/2009/CVE-2009-4679.yaml

@@ -8,6 +8,8 @@ info:
   reference: |
     - https://www.exploit-db.com/exploits/33440
     - https://www.cvedetails.com/cve/CVE-2009-4679
+  classification:
+    cve-id: CVE-2009-4679
   tags: cve,cve2009,joomla,lfi,nexus
 
 requests:

cves/2010/CVE-2010-0943.yaml

@@ -1,16 +1,17 @@
 id: CVE-2010-0943
+
 info:
   name: Joomla! Component com_jashowcase - Directory Traversal
   author: daffainfo
   severity: high
   description: A directory traversal vulnerability in the JA Showcase (com_jashowcase) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a jashowcase action to index.php.
-  remediation: Apply all relevant security patches and product upgrades.
   reference:
     - https://www.exploit-db.com/exploits/11090
     - https://www.cvedetails.com/cve/CVE-2010-0943
-  tags: cve,cve2010,joomla,lfi
   classification:
     cve-id: CVE-2010-0943
+  tags: cve,cve2010,joomla,lfi
+
 requests:
   - method: GET
     path:
@@ -23,4 +24,5 @@ requests:
       - type: status
         status:
           - 200
-# Enhanced by mp on 2022/02/13
+
+# Enhanced by mp on 2022/03/30

cves/2010/CVE-2010-1353.yaml

@@ -1,16 +1,17 @@
 id: CVE-2010-1353
+
 info:
   name: Joomla! Component LoginBox - Local File Inclusion
   author: daffainfo
   severity: high
-  description: A directory traversal vulnerability in the LoginBox Pro (com_loginbox) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.
+  description: "A directory traversal vulnerability in the LoginBox Pro (com_loginbox) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php."
-  remediation: Upgrade to a supported version.
   reference:
     - https://www.exploit-db.com/exploits/12068
     - https://www.cvedetails.com/cve/CVE-2010-1353
-  tags: cve,cve2010,joomla,lfi
   classification:
     cve-id: CVE-2010-1353
+  tags: cve,cve2010,joomla,lfi
+
 requests:
   - method: GET
     path:
@@ -23,4 +24,5 @@ requests:
       - type: status
         status:
           - 200
-# Enhanced by mp on 2022/02/14
+
+# Enhanced by mp on 2022/03/30

cves/2010/CVE-2010-1474.yaml

@@ -4,14 +4,13 @@ info:
   name: Joomla! Component Sweetykeeper 1.5 - Local File Inclusion
   author: daffainfo
   severity: high
-  description: A directory traversal vulnerability in the Sweety Keeper (com_sweetykeeper) component 1.5.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
+  description: "A directory traversal vulnerability in the Sweety Keeper (com_sweetykeeper) component 1.5.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php."
-  remediation: Upgrade to a supported version.
   reference:
     - https://www.exploit-db.com/exploits/12182
     - https://www.cvedetails.com/cve/CVE-2010-1474
-  tags: cve,cve2010,joomla,lfi
   classification:
     cve-id: CVE-2010-1474
+  tags: cve,cve2010,joomla,lfi
 
 requests:
   - method: GET
@@ -25,4 +24,5 @@ requests:
       - type: status
         status:
           - 200
-# Enhanced by mp on 2022/02/14
+
+# Enhanced by mp on 2022/03/30

cves/2010/CVE-2010-1602.yaml

@@ -4,13 +4,13 @@ info:
   name: Joomla! Component ZiMB Comment 0.8.1 - Local File Inclusion
   author: daffainfo
   severity: high
-  description: A directory traversal vulnerability in the ZiMB Comment (com_zimbcomment) component 0.8.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
+  description: "A directory traversal vulnerability in the ZiMB Comment (com_zimbcomment) component 0.8.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php."
   reference:
     - https://www.exploit-db.com/exploits/12283
     - https://www.cvedetails.com/cve/CVE-2010-1602
-  tags: cve,cve2010,joomla,lfi
   classification:
     cve-id: CVE-2010-1602
+  tags: cve,cve2010,joomla,lfi
 
 requests:
   - method: GET
@@ -25,4 +25,4 @@ requests:
         status:
           - 200
 
-# Enhanced by mp on 2022/03/07
+# Enhanced by mp on 2022/03/30

cves/2010/CVE-2010-5278.yaml

@@ -4,14 +4,13 @@ info:
   name: MODx manager - Local File Inclusion
   author: daffainfo
   severity: high
-  description: A directory traversal vulnerability in manager/controllers/default/resource/tvs.php in MODx Revolution 2.0.2-pl and possibly earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the class_key parameter when magic_quotes_gpc is disabled.
+  description: "A directory traversal vulnerability in manager/controllers/default/resource/tvs.php in MODx Revolution 2.0.2-pl and possibly earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the class_key parameter when magic_quotes_gpc is disabled."
-  remediation: Upgrade to a supported version.
   reference:
     - https://www.exploit-db.com/exploits/34788
     - https://www.cvedetails.com/cve/CVE-2010-5278
-  tags: cve,cve2010,lfi
   classification:
     cve-id: CVE-2010-5278
+  tags: cve,cve2010,lfi
 
 requests:
   - method: GET
@@ -31,4 +30,4 @@ requests:
         condition: and
         part: body
 
-# Enhanced by mp on 2022/02/18
+# Enhanced by mp on 2022/03/30

cves/2014/CVE-2014-2321.yaml

@@ -8,9 +8,9 @@ info:
     - https://yosmelvin.wordpress.com/2017/09/21/f660-modem-hack/
     - https://jalalsela.com/zxhn-h108n-router-web-shell-secrets/
   severity: high
-  tags: iot,cve,cve2014,zte
   classification:
     cve-id: CVE-2014-2321
+  tags: iot,cve,cve2014,zte
 
 requests:
   - method: GET
@@ -30,4 +30,4 @@ requests:
         status:
           - 200
 
-# Enhanced by mp on 2022/02/23
+# Enhanced by mp on 2022/03/31

cves/2015/CVE-2015-0554.yaml

@@ -8,6 +8,8 @@ info:
   reference:
     - https://www.exploit-db.com/exploits/35721
     - https://nvd.nist.gov/vuln/detail/CVE-2015-0554
+  classification:
+    cve-id: CVE-2015-0554
   tags: cve,cve2015,pirelli,router,disclosure
 
 requests:

cves/2015/CVE-2015-1427.yaml

@@ -8,6 +8,8 @@ info:
   reference:
     - https://blog.csdn.net/JiangBuLiu/article/details/94457980
     - http://www.elasticsearch.com/blog/elasticsearch-1-4-3-1-3-8-released/
+  classification:
+    cve-id: CVE-2015-1427
   tags: cve,cve2015,elastic,rce,elasticsearch
 
 requests:

cves/2015/CVE-2015-1880.yaml

@@ -8,6 +8,8 @@ info:
   reference:
     - https://nvd.nist.gov/vuln/detail/CVE-2015-1880
     - https://www.c2.lol/articles/xss-in-fortigates-ssl-vpn-login-page
+  classification:
+    cve-id: CVE-2015-1880
   tags: cve,cve2015,xss,fortigates,ssl
 
 requests:

cves/2015/CVE-2015-2067.yaml

@@ -8,6 +8,8 @@ info:
   reference:
     - https://www.exploit-db.com/exploits/35996
     - https://nvd.nist.gov/vuln/detail/CVE-2015-2067
+  classification:
+    cve-id: CVE-2015-2067
   tags: cve,cve2015,lfi,magento,magmi,plugin
 
 requests:

cves/2015/CVE-2015-2068.yaml

@@ -8,6 +8,8 @@ info:
   reference:
     - https://www.exploit-db.com/exploits/35996
     - https://nvd.nist.gov/vuln/detail/CVE-2015-2068
+  classification:
+    cve-id: CVE-2015-2068
   tags: cve,cve2015,magento,magmi,xss,plugin
 
 requests:

cves/2015/CVE-2015-2807.yaml

@@ -4,11 +4,13 @@ info:
   name: Navis DocumentCloud 0.1 - Unauthenticated Reflected Cross-Site Scripting (XSS)
   author: daffainfo
   severity: medium
+  description: "Cross-site scripting (XSS) vulnerability in js/window.php in the Navis DocumentCloud plugin before 0.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wpbase parameter."
   reference:
     - https://advisories.dxw.com/advisories/publicly-exploitable-xss-in-wordpress-plugin-navis-documentcloud/
     - https://nvd.nist.gov/vuln/detail/CVE-2015-2807
+  classification:
+    cve-id: CVE-2015-2807
   tags: cve,cve2015,wordpress,wp-plugin,xss
-  description: "Cross-site scripting (XSS) vulnerability in js/window.php in the Navis DocumentCloud plugin before 0.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wpbase parameter."
 
 requests:
   - method: GET

cves/2015/CVE-2015-3306.yaml

@@ -6,6 +6,8 @@ info:
   severity: high
   reference: https://github.com/t0kx/exploit-CVE-2015-3306
   description: The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands.
+  classification:
+    cve-id: CVE-2015-3306
   tags: cve,cve2015,ftp,rce,network,proftpd
 
 network:

cves/2015/CVE-2015-3337.yaml

@@ -6,6 +6,8 @@ info:
   severity: high
   description: Directory traversal vulnerability in Elasticsearch before 1.4.5 and 1.5.x before 1.5.2, when a site plugin is enabled, allows remote attackers to read arbitrary files via unspecified vectors.
   reference: https://www.exploit-db.com/exploits/37054/
+  classification:
+    cve-id: CVE-2015-3337
   tags: cve,cve2015,elastic,lfi,elasticsearch,plugin
 
 requests:

cves/2015/CVE-2015-3648.yaml

@@ -8,6 +8,8 @@ info:
   reference:
     - https://vulners.com/cve/CVE-2015-3648/
     - https://www.securityfocus.com/bid/75019
+  classification:
+    cve-id: CVE-2015-3648
   tags: cve,cve2015,lfi,resourcespace
 
 requests:

cves/2015/CVE-2015-4050.yaml

@@ -5,10 +5,12 @@ info:
   author: ELSFA7110,meme-lord
   severity: high
   description: FragmentListener in the HttpKernel component in Symfony 2.3.19 through 2.3.28, 2.4.9 through 2.4.10, 2.5.4 through 2.5.11, and 2.6.0 through 2.6.7, when ESI or SSI support enabled, does not check if the _controller attribute is set, which allows remote attackers to bypass URL signing and security rules by including (1) no hash or (2) an invalid hash in a request to /_fragment.
-  tags: cve,cve2015,symfony,rce
   reference:
     - https://symfony.com/blog/cve-2015-4050-esi-unauthorized-access
     - https://nvd.nist.gov/vuln/detail/CVE-2015-4050
+  classification:
+    cve-id: CVE-2015-4050
+  tags: cve,cve2015,symfony,rce
 
 requests:
   - method: GET

cves/2015/CVE-2015-4414.yaml

@@ -8,6 +8,8 @@ info:
   reference:
     - https://www.exploit-db.com/exploits/37274
     - https://www.cvedetails.com/cve/CVE-2015-4414
+  classification:
+    cve-id: CVE-2015-4414
   tags: cve,cve2015,wordpress,wp-plugin,lfi
 
 requests:

cves/2015/CVE-2015-5461.yaml

@@ -8,6 +8,8 @@ info:
   reference:
     - https://wpscan.com/vulnerability/afc0d5b5-280f-424f-bc3e-d04452e56e16
     - https://nvd.nist.gov/vuln/detail/CVE-2015-5461
+  classification:
+    cve-id: CVE-2015-5461
   tags: redirect,cve,cve2015,wordpress,wp-plugin
 
 requests:

cves/2015/CVE-2015-5531.yaml

@@ -7,6 +7,8 @@ info:
   reference:
     - https://github.com/vulhub/vulhub/tree/master/elasticsearch/CVE-2015-5531
     - https://nvd.nist.gov/vuln/detail/CVE-2015-5531
+  classification:
+    cve-id: CVE-2015-5531
   tags: cve,cve2015,elasticsearch
 
 requests:

cves/2015/CVE-2015-5688.yaml

@@ -8,6 +8,8 @@ info:
   reference:
     - https://nodesecurity.io/advisories/geddy-directory-traversal
     - https://github.com/geddy/geddy/issues/697
+  classification:
+    cve-id: CVE-2015-5688
   tags: cve,cve2015,geddy,lfi
 
 requests:

cves/2015/CVE-2015-6477.yaml

@@ -7,9 +7,10 @@ info:
     - https://seclists.org/fulldisclosure/2015/Dec/117
     - https://ics-cert.us-cert.gov/advisories/ICSA-15-286-01
     - https://nvd.nist.gov/vuln/detail/CVE-2015-6477
-
   author: geeknik
   severity: medium
+  classification:
+    cve-id: CVE-2015-6477
   tags: cve,cve2015,xss,iot,nordex,nc2
 
 requests:

cves/2015/CVE-2015-6920.yaml

@@ -8,6 +8,8 @@ info:
   reference:
     - https://packetstormsecurity.com/files/133371/
     - https://nvd.nist.gov/vuln/detail/CVE-2015-6920
+  classification:
+    cve-id: CVE-2015-6920
   tags: cve,cve2015,wordpress,wp-plugin,xss
 
 requests:

cves/2015/CVE-2015-7377.yaml

@@ -4,11 +4,13 @@ info:
   name: Pie-Register <= 2.0.18 - Unauthenticated Reflected Cross-Site Scripting (XSS)
   author: daffainfo
   severity: medium
+  description: "Cross-site scripting (XSS) vulnerability in pie-register/pie-register.php in the Pie Register plugin before 2.0.19 for WordPress allows remote attackers to inject arbitrary web script or HTML via the invitaion_code parameter in a pie-register page to the default URI."
   reference:
     - https://packetstormsecurity.com/files/133928/WordPress-Pie-Register-2.0.18-Cross-Site-Scripting.html
     - https://nvd.nist.gov/vuln/detail/CVE-2015-7377
+  classification:
+    cve-id: CVE-2015-7377
   tags: cve,cve2015,wordpress,wp-plugin,xss
-  description: "Cross-site scripting (XSS) vulnerability in pie-register/pie-register.php in the Pie Register plugin before 2.0.19 for WordPress allows remote attackers to inject arbitrary web script or HTML via the invitaion_code parameter in a pie-register page to the default URI."
 
 requests:
   - method: GET

cves/2015/CVE-2015-7823.yaml

@@ -8,6 +8,8 @@ info:
     - https://packetstormsecurity.com/files/133981/Kentico-CMS-8.2-Cross-Site-Scripting-Open-Redirect.html
     - https://nvd.nist.gov/vuln/detail/CVE-2015-7823
   severity: low
+  classification:
+    cve-id: CVE-2015-7823
   tags: cve,cve2015,kentico,redirect
 
 requests:

cves/2017/CVE-2017-5487.yaml

@@ -1,46 +1,42 @@
 id: CVE-2017-5487
-
 info:
   name: WordPress Core < 4.7.1 - Username Enumeration
   author: Manas_Harsh,daffainfo,geeknik
   severity: medium
-  description: wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request.
+  description: "WordPress Core < 4.7.1 is susceptible to user enumeration because it does not properly restrict listings of post authors via wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request."
-  tags: cve,cve2017,wordpress
   reference:
-    - https://nvd.nist.gov/vuln/detail/CVE-2017-5487
     - https://www.exploit-db.com/exploits/41497
+    - https://nvd.nist.gov/vuln/detail/CVE-2017-5487
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
     cvss-score: 5.30
     cve-id: CVE-2017-5487
     cwe-id: CWE-200
-
+  tags: cve,cve2017,wordpress
 requests:
   - method: GET
     path:
       - "{{BaseURL}}/wp-json/wp/v2/users/"
       - "{{BaseURL}}/?rest_route=/wp/v2/users/"
-
     stop-at-first-match: true
     matchers-condition: and
     matchers:
       - type: status
         status:
           - 200
-
       - type: word
         part: header
         words:
           - "application/json"
-
       - type: word
         words:
           - '"id":'
           - '"name":'
           - '"avatar_urls":'
         condition: and
-
     extractors:
       - type: json
         json:
           - '.[].name'
+
+# Enahnced by mp 03/31/2022

cves/2018/CVE-2018-10818.yaml

@@ -8,6 +8,8 @@ info:
   reference:
     - https://www.vpnmentor.com/blog/critical-vulnerability-found-majority-lg-nas-devices/
     - https://medium.com/@0x616163/lg-n1a1-unauthenticated-remote-command-injection-cve-2018-14839-9d2cf760e247
+  classification:
+    cve-id: CVE-2018-10818
   tags: cve,cve2018,lg-nas,rce,oast,injection
 
 requests:

cves/2018/CVE-2018-11709.yaml

@@ -1,17 +1,19 @@
 id: CVE-2018-11709
 
 info:
-  name: wpForo Forum <= 1.4.11 - Reflected Cross-Site Scripting (XSS)
+  name: WordPress wpForo Forum <= 1.4.11 - Reflected Cross-Site Scripting
   author: daffainfo
   severity: medium
-  description: wpforo_get_request_uri in wpf-includes/functions.php in the wpForo Forum plugin before 1.4.12 for WordPress allows Unauthenticated Reflected Cross-Site Scripting (XSS) via the URI.
+  description: WordPress wpForo Forum plugin before 1.4.12 for WordPress allows unauthenticated reflected cross-site scripting via the URI.
-  reference: https://nvd.nist.gov/vuln/detail/CVE-2018-11709
+  reference:
-  tags: cve,cve2018,wordpress,xss,wp-plugin
+    - https://nvd.nist.gov/vuln/detail/CVE-2018-11709
+    - https://wordpress.org/plugins/wpforo/#developers
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.10
     cve-id: CVE-2018-11709
     cwe-id: CWE-79
+  tags: cve,cve2018,wordpress,xss,wp-plugin
 
 requests:
   - method: GET
@@ -33,3 +35,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/03/31

cves/2018/CVE-2018-16341.yaml

@@ -5,6 +5,8 @@ info:
   author: madrobot
   severity: high
   description: Nuxeo Authentication Bypass Remote Code Execution < 10.3 using a SSTI
+  classification:
+    cve-id: CVE-2018-16341
   tags: cve,cve2018,nuxeo,ssti,rce,bypass
 
 requests:

cves/2019/CVE-2019-10068.yaml

@@ -1,12 +1,10 @@
 id: CVE-2019-10068
 
 info:
-  name: Kentico CMS Insecure Deserialization RCE
+  name: Kentico CMS Insecure Deserialization Remote Code Execution
   author: davidmckennirey
   severity: critical
-  description: |
+  description: Kentico CMS is susceptible to remote code execution via a .NET deserialization vulnerability.
-    Searches for Kentico CMS installations that are vulnerable to a .NET deserialization vulnerability that could be exploited to achieve remote command execution. Credit to Manoj Cherukuri and Justin LeMay from Aon Cyber Solutions for discovery of the vulnerability.
-  tags: cve,cve2019,rce,deserialization,kentico,iis
   reference:
     - https://www.aon.com/cyber-solutions/aon_cyber_labs/unauthenticated-remote-code-execution-in-kentico-cms/
     - https://packetstormsecurity.com/files/157588/Kentico-CMS-12.0.14-Remote-Command-Execution.html
@@ -17,6 +15,7 @@ info:
     cvss-score: 9.80
     cve-id: CVE-2019-10068
     cwe-id: CWE-502
+  tags: cve,cve2019,rce,deserialization,kentico,iis
 
 requests:
   - method: POST
@@ -38,3 +37,5 @@ requests:
           - 'System.Web.Services.Protocols.SoapException'
         part: body
         condition: and
+
+# Enhanced by mp on 2022/03/29

cves/2019/CVE-2019-10232.yaml

@@ -1,19 +1,20 @@
 id: CVE-2019-10232
 
 info:
-  name: Pre-authenticated SQL injection in GLPI <= 9.3.3
+  name: Teclib GLPI <= 9.3.3 Unauthenticated SQL Injection
   author: RedTeamBrasil
   severity: critical
-  description: Synacktiv discovered that GLPI exposes a script (/scripts/unlock_tasks.php) that not correctly sanitize usercontrolled data before using it in SQL queries. Thus, an attacker could abuse the affected feature to alter the semantic original SQL query and retrieve database records. This script is reachable without authentication.
+  description: "Teclib GLPI <= 9.3.3 exposes a script (/scripts/unlock_tasks.php) that incorrectly sanitizes user controlled data before using it in SQL queries. Thus, an attacker could abuse the affected feature to alter the semantic original SQL query and retrieve database records."
   reference:
     - https://www.synacktiv.com/ressources/advisories/GLPI_9.3.3_SQL_Injection.pdf
     - https://github.com/glpi-project/glpi/commit/684d4fc423652ec7dde21cac4d41c2df53f56b3c
-  tags: cve,cve2019,glpi,sqli,injection
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-10232
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.80
     cve-id: CVE-2019-10232
     cwe-id: CWE-89
+  tags: cve,cve2019,glpi,sqli,injection
 
 requests:
   - method: GET
@@ -35,3 +36,5 @@ requests:
         part: body
         regex:
           - "[0-9]{1,2}.[0-9]{1,2}.[0-9]{1,2}-MariaDB"
+
+# Enhanced by mp on 2022/03/29

cves/2019/CVE-2019-10758.yaml

@@ -1,20 +1,21 @@
 id: CVE-2019-10758
+
 info:
-  name: Mongo-Express Remote Code Execution - CVE-2019-10758
+  name: mongo-express Remote Code Execution
   author: princechaddha
   severity: critical
-  description: mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the `toBSON` method. A misuse of the `vm` dependency to perform `exec` commands in a non-safe environment.
+  description: "mongo-express before 0.54.0 is vulnerable to remote code execution via endpoints that uses the `toBSON` method and misuse the `vm` dependency to perform `exec` commands in a non-safe environment."
   reference:
     - https://github.com/vulhub/vulhub/tree/master/mongo-express/CVE-2019-10758
     - https://nvd.nist.gov/vuln/detail/CVE-2019-10758
-  remediation: This issue will be fixed by updating to the latest version of mongo-express
+  remediation: Upgrade mongo-express to version 0.54.0 or higher.
   metadata:
     shodan-query: http.title:"Mongo Express"
-  tags: cve,cve2019,mongo,mongo-express
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
     cvss-score: 9.90
     cve-id: CVE-2019-10758
+  tags: cve,cve2019,mongo,mongo-express
 
 requests:
   - raw:
@@ -30,3 +31,5 @@ requests:
         part: interactsh_protocol  # Confirms the HTTP Interaction
         words:
           - "http"
+
+# Enhanced by mp on 2022/03/29

cves/2019/CVE-2019-11510.yaml

@@ -1,17 +1,20 @@
 id: CVE-2019-11510
 
 info:
-  name: Pulse Connect Secure SSL VPN arbitrary file read vulnerability
+  name: Pulse Connect Secure SSL VPN Arbitrary File Read
   author: organiccrap
   severity: critical
-  reference: https://blog.orange.tw/2019/09/attacking-ssl-vpn-part-3-golden-pulse-secure-rce-chain.html
+  description: "Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4 all contain an arbitrary file reading vulnerability that could allow unauthenticated remote attackers to send a specially crafted URI to gain improper access."
-  tags: cve,cve2019,pulsesecure,lfi
+  reference:
+    - https://blog.orange.tw/2019/09/attacking-ssl-vpn-part-3-golden-pulse-secure-rce-chain.html
+    - https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-11510
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
     cvss-score: 10.00
     cve-id: CVE-2019-11510
     cwe-id: CWE-22
-  description: "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability ."
+  tags: cve,cve2019,pulsesecure,lfi
 
 requests:
   - method: GET
@@ -26,3 +29,6 @@ requests:
         regex:
           - "root:.*:0:0:"
         part: body
+
+
+# Enhanced by mp on 2022/03/29

cves/2019/CVE-2019-11580.yaml

@@ -1,30 +1,19 @@
 id: CVE-2019-11580
 
 info:
-  name: Atlassian Crowd & Crowd Data Center - Unauthenticated RCE
+  name: Atlassian Crowd and Crowd Data Center Unauthenticated Remote Code Execution
   author: dwisiswant0
   severity: critical
-  tags: cve,cve2019,atlassian,rce
+  description: "Atlassian Crowd and Crowd Data Center is susceptible to a remote code execution vulnerability because the pdkinstall development plugin is incorrectly enabled in release builds.    Attackers who can send unauthenticated or authenticated requests to a Crowd or Crowd Data Center instance can exploit this vulnerability to install arbitrary plugins, which permits remote code execution on systems running a vulnerable version of Crowd or Crowd Data Center. All versions of Crowd from version 2.1.0 before 3.0.5 (the fixed version for 3.0.x), from version 3.1.0 before 3.1.6 (the fixed version for 3.1.x),from version 3.2.0 before 3.2.8 (the fixed version for 3.2.x), from version 3.3.0 before 3.3.5 (the fixed version for 3.3.x), and from version 3.4.0 before 3.4.4 (the fixed version for 3.4.x) are affected by this vulnerability."
-
-  description: |
-    Atlassian Crowd and Crowd Data Center
-    had the pdkinstall development plugin incorrectly enabled in release builds.
-    Attackers who can send unauthenticated or authenticated requests
-    to a Crowd or Crowd Data Center instance can exploit this vulnerability
-    to install arbitrary plugins, which permits remote code execution on
-    systems running a vulnerable version of Crowd or Crowd Data Center.
-    All versions of Crowd from version 2.1.0 before 3.0.5 (the fixed version for 3.0.x),
-    from version 3.1.0 before 3.1.6 (the fixed version for 3.1.x),
-    from version 3.2.0 before 3.2.8 (the fixed version for 3.2.x),
-    from version 3.3.0 before 3.3.5 (the fixed version for 3.3.x),
-    and from version 3.4.0 before 3.4.4 (the fixed version for 3.4.x) are affected by this vulnerability.
   reference:
     - https://github.com/jas502n/CVE-2019-11580
     - https://jira.atlassian.com/browse/CWD-5388
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-11580
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.80
     cve-id: CVE-2019-11580
+  tags: cve,cve2019,atlassian,rce
 
 requests:
   - method: GET
@@ -41,3 +30,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/03/29

cves/2019/CVE-2019-11581.yaml

@@ -1,17 +1,20 @@
 id: CVE-2019-11581
 
 info:
-  name: Atlassian Jira template injection
+  name: Atlassian Jira Server-Side Template Injection
-  description: There was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail actions. An attacker is able to remotely execute code on systems that run a vulnerable version of Jira Server or Data Center. All versions of Jira Server and Data Center from 4.4.0 before 7.6.14, from 7.7.0 before 7.13.5, from 8.0.0 before 8.0.3, from 8.1.0 before 8.1.2, and from 8.2.0 before 8.2.3 are affected by this vulnerability.
+  description: Jira Server and Data Center is susceptible to a server-side template injection vulnerability via the ContactAdministrators and SendBulkMail actions. An attacker is able to remotely execute code on systems that run a vulnerable version of Jira Server or Data Center. All versions of Jira Server and Data Center from 4.4.0 before 7.6.14, from 7.7.0 before 7.13.5, from 8.0.0 before 8.0.3, from 8.1.0 before 8.1.2, and from 8.2.0 before 8.2.3 are affected by this vulnerability.
   author: ree4pwn
   severity: critical
-  reference: https://github.com/jas502n/CVE-2019-11581
+  reference:
-  tags: cve,cve2019,atlassian,jira,ssti,rce
+    - https://github.com/jas502n/CVE-2019-11581
+    - https://jira.atlassian.com/browse/JRASERVER-69532
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-11581
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.80
     cve-id: CVE-2019-11581
     cwe-id: CWE-74
+  tags: cve,cve2019,atlassian,jira,ssti,rce
 
 requests:
   - method: GET
@@ -45,3 +48,5 @@ requests:
           - "has not yet configured this contact form"
         part: body
         negative: true
+
+# Enhanced by mp on 2022/03/29

cves/2019/CVE-2019-12314.yaml

@@ -1,20 +1,20 @@
 id: CVE-2019-12314
 
 info:
-  name: Deltek Maconomy 2.2.5 LFIl
+  name: Deltek Maconomy 2.2.5 Local File Inclusion
   author: madrobot
   severity: critical
-  tags: cve,cve2019,lfi
+  description: "Deltek Maconomy 2.2.5 is prone to local file inclusion via absolute path traversal in the WS.macx1.W_MCS/ PATH_INFO, as demonstrated by a cgi-bin/Maconomy/MaconomyWS.macx1.W_MCS/etc/passwd URI."
-  description: Deltek Maconomy 2.2.5 is prone to local file inclusion via absolute path traversal in the WS.macx1.W_MCS/ PATH_INFO, as demonstrated by a cgi-bin/Maconomy/MaconomyWS.macx1.W_MCS/etc/passwd URI.
   reference:
-    http://packetstormsecurity.com/files/153079/Deltek-Maconomy-2.2.5-Local-File-Inclusion.html
+    - http://packetstormsecurity.com/files/153079/Deltek-Maconomy-2.2.5-Local-File-Inclusion.html
-    https://github.com/JameelNabbo/exploits/blob/master/Maconomy%20Erp%20local%20file%20include.txt
+    - https://github.com/ras313/CVE-2019-12314/security/advisories/GHSA-8762-rf4g-23xm
-    https://github.com/ras313/CVE-2019-12314/security/advisories/GHSA-8762-rf4g-23xm
+    - https://github.com/JameelNabbo/exploits/blob/master/Maconomy%20Erp%20local%20file%20include.txt
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.80
     cve-id: CVE-2019-12314
     cwe-id: CWE-22
+  tags: cve,cve2019,lfi
 
 requests:
   - method: GET
@@ -29,3 +29,5 @@ requests:
         regex:
           - "root:.*:0:0:"
         part: body
+
+# Enhanced by mp on 2022/03/29

cves/2019/CVE-2019-12725.yaml

@@ -10,12 +10,12 @@ info:
     - https://www.zeroshell.org/new-release-and-critical-vulnerability/
     - https://www.tarlogic.com/advisories/zeroshell-rce-root.txt
     - https://github.com/X-C3LL/PoC-CVEs/blob/master/CVE-2019-12725/ZeroShell-RCE-EoP.py
-  tags: cve,cve2019,rce,zeroshell
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.80
     cve-id: CVE-2019-12725
     cwe-id: CWE-78
+  tags: cve,cve2019,rce,zeroshell
 
 requests:
   - method: GET
@@ -33,4 +33,4 @@ requests:
         regex:
           - "root:.*:0:0:"
 
-# Enhanced by mp on 2022/02/04
+# Enhanced by mp on 2022/03/29

cves/2019/CVE-2019-13101.yaml

@@ -2,19 +2,19 @@ id: CVE-2019-13101
 
 info:
   author: Suman_Kar
-  name: D-Link DIR-600M - Authentication Bypass
+  name: D-Link DIR-600M Authentication Bypass
-  description: An issue was discovered on D-Link DIR-600M 3.02, 3.03, 3.04, and 3.06 devices. wan.htm can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be leveraged by an attacker to modify the data fields of the page.
+  description: D-Link DIR-600M 3.02, 3.03, 3.04, and 3.06 devices can be accessed directly without authentication and lead to disclosure of information about the WAN, which can then be leveraged by an attacker to modify the data fields of the page.
   severity: critical
-  tags: cve,cve2019,dlink,router,iot
   reference:
-    - https://nvd.nist.gov/vuln/detail/CVE-2019-13101
     - https://github.com/d0x0/D-Link-DIR-600M
     - https://www.exploit-db.com/exploits/47250
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-13101
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.80
     cve-id: CVE-2019-13101
     cwe-id: CWE-306
+  tags: cve,cve2019,dlink,router,iot
 
 requests:
   - raw:
@@ -33,3 +33,5 @@ requests:
         words:
           - "/PPPoE/"
         part: body
+
+# Enhanced by mp on 2022/03/29

cves/2019/CVE-2019-13462.yaml

@@ -4,15 +4,16 @@ info:
   name: Lansweeper Unauthenticated SQL Injection
   author: divya_mudgal
   severity: critical
-  reference: https://www.nccgroup.com/ae/our-research/technical-advisory-unauthenticated-sql-injection-in-lansweeper/
+  reference:
+    - https://www.nccgroup.com/ae/our-research/technical-advisory-unauthenticated-sql-injection-in-lansweeper/
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-13462
   description: Lansweeper before 7.1.117.4 allows unauthenticated SQL injection.
-  remediation: Upgrade to the latest version.
-  tags: cve,cve2019,sqli,lansweeper
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
     cvss-score: 9.10
     cve-id: CVE-2019-13462
     cwe-id: CWE-89
+  tags: cve,cve2019,sqli,lansweeper
 
 requests:
   - method: GET
@@ -36,4 +37,4 @@ requests:
         status:
           - 500
 
-# Enhanced by mp on 2022/02/04
+# Enhanced by mp on 2022/03/29

cves/2019/CVE-2019-15107.yaml

@@ -4,14 +4,16 @@ info:
   name: Webmin <= 1.920 Unauthenticated Remote Command Execution
   author: bp0lr
   severity: critical
-  description: An issue was discovered in Webmin <=1.920. The 'old' parameter in password_change.cgi contains a command injection vulnerability.
+  description: "Webmin <=1.920. is vulnerable to an unauthenticated remote command execution via the parameter 'old' in password_change.cgi."
-  reference: https://pentest.com.tr/exploits/DEFCON-Webmin-1920-Unauthenticated-Remote-Command-Execution.html
+  reference:
-  tags: cve,cve2019,webmin,rce
+    - https://pentest.com.tr/exploits/DEFCON-Webmin-1920-Unauthenticated-Remote-Command-Execution.html
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-15107
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.80
     cve-id: CVE-2019-15107
     cwe-id: CWE-78
+  tags: cve,cve2019,webmin,rce
 
 requests:
   - raw: #
@@ -29,3 +31,5 @@ requests:
       - type: regex
         regex:
           - "root:.*:0:0:"
+
+# Enhanced by mp on 2022/03/29

cves/2019/CVE-2019-15859.yaml

@@ -1,17 +1,19 @@
 id: CVE-2019-15859
 
 info:
-  name: Socomec DIRIS Password Disclosure
+  name: Socomec DIRIS A-40 Devices Password Disclosure
   author: geeknik
-  description: Password disclosure in the web interface on socomec DIRIS A-40 devices before 48250501 allows a remote attacker to get full access to a device via the /password.jsn URI.
+  description: "Socomec DIRIS A-40 devices before 48250501 are susceptible to a password disclosure vulnerability in the web interface that could allow remote attackers to get full access to a device via the /password.jsn URI."
-  reference: https://seclists.org/fulldisclosure/2019/Oct/10
+  reference:
+    - https://seclists.org/fulldisclosure/2019/Oct/10
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-15859
   severity: critical
-  tags: cve,cve2019,disclosure,socomec,diris,iot
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.80
     cve-id: CVE-2019-15859
     cwe-id: CWE-200
+  tags: cve,cve2019,disclosure,socomec,diris,iot
 
 requests:
   - method: GET
@@ -33,3 +35,5 @@ requests:
           - "password"
         part: body
         condition: and
+
+# Enhanced by mp on 2022/03/29

cves/2019/CVE-2019-16278.yaml

@@ -4,14 +4,17 @@ info:
   author: pikpikcu
   name: nostromo 1.9.6 - Remote Code Execution
   severity: critical
-  reference: https://www.exploit-db.com/raw/47837
+  description: "nostromo nhttpd through 1.9.6 allows an attacker to achieve remote code execution via  directory traversal in the function http_verify."
-  tags: cve,cve2019,rce
+  reference:
+    - https://packetstormsecurity.com/files/155802/nostromo-1.9.6-Remote-Code-Execution.html
+    - https://www.exploit-db.com/raw/47837
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-16278
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.80
     cve-id: CVE-2019-16278
     cwe-id: CWE-22
-  description: "Directory Traversal in the function http_verify in nostromo nhttpd through 1.9.6 allows an attacker to achieve remote code execution via a crafted HTTP request."
+  tags: cve,cve2019,rce
 
 requests:
   - raw:
@@ -27,3 +30,5 @@ requests:
       - type: regex
         regex:
           - "root:.*:0:0:"
+
+# Enhanced by mp on 2022/03/29

cves/2019/CVE-2019-16313.yaml

@@ -1,19 +1,19 @@
 id: CVE-2019-16313
 
 info:
-  name: ifw8 Router ROM v4.31 allows credential disclosure
+  name: ifw8 Router ROM v4.31 Credential Discovery
   author: pikpikcu
   severity: high
-  description: ifw8 Router ROM v4.31 allows credential disclosure by reading the action/usermanager.htm HTML source code.
+  description: "ifw8 Router ROM v4.31 is vulnerable to credential disclosure via action/usermanager.htm HTML source code."
   reference:
     - https://github.com/Mr-xn/Penetration_Testing_POC/blob/master/CVE-2019-16313%20%E8%9C%82%E7%BD%91%E4%BA%92%E8%81%94%E4%BC%81%E4%B8%9A%E7%BA%A7%E8%B7%AF%E7%94%B1%E5%99%A8v4.31%E5%AF%86%E7%A0%81%E6%B3%84%E9%9C%B2%E6%BC%8F%E6%B4%9E.md
     - https://nvd.nist.gov/vuln/detail/CVE-2019-16313
-  tags: cve,cve2019,exposure,router,iot
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
     cvss-score: 7.50
     cve-id: CVE-2019-16313
     cwe-id: CWE-798
+  tags: cve,cve2019,exposure,router,iot
 
 requests:
   - method: GET
@@ -37,3 +37,5 @@ requests:
         group: 1
         regex:
           - '<td class="pwd" data="([a-z]+)">\*\*\*\*\*\*<\/td>'
+
+# Enhanced by mp on 2022/03/30

cves/2019/CVE-2019-16662.yaml

@@ -1,17 +1,19 @@
 id: CVE-2019-16662
 
 info:
-  name: rConfig 3.9.2 - Remote Code Execution
+  name: rConfig 3.9.2 Remote Code Execution
   author: pikpikcu
   severity: critical
-  reference: https://shells.systems/rconfig-v3-9-2-authenticated-and-unauthenticated-rce-cve-2019-16663-and-cve-2019-16662/
+  description: "rConfig 3.9.2 is susceptible to a remote code execution vulnerability. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php because the rootUname parameter is passed to the exec function without filtering, which can lead to command execution."
-  tags: cve,cve2019,rce,intrusive,rconfig
+  reference:
+    - https://shells.systems/rconfig-v3-9-2-authenticated-and-unauthenticated-rce-cve-2019-16663-and-cve-2019-16662/
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-16662
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.80
     cve-id: CVE-2019-16662
     cwe-id: CWE-78
-  description: "An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php because the rootUname parameter is passed to the exec function without filtering, which can lead to command execution."
+  tags: cve,cve2019,rce,intrusive,rconfig
 
 requests:
   - method: GET
@@ -26,3 +28,5 @@ requests:
       - type: regex
         regex:
           - "root:.*:0:0:"
+
+# Enhanced by mp on 2022/03/29

cves/2019/CVE-2019-16759.yaml

@@ -1,17 +1,19 @@
 id: CVE-2019-16759
 
 info:
-  name: RCE in vBulletin v5.0.0-v5.5.4 fix bypass
+  name: vBulletin v5.0.0-v5.5.4 Remote Command Execution
   author: madrobot
   severity: critical
-  reference: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/vbulletin-remote-code-execution-cve-2020-7373/
+  description: "vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request."
-  tags: cve,cve2019,vbulletin,rce
+  reference:
+    - https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/vbulletin-remote-code-execution-cve-2020-7373/
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-16759
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.80
     cve-id: CVE-2019-16759
     cwe-id: CWE-94
-  description: "vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request."
+  tags: cve,cve2019,vbulletin,rce
 
 requests:
   - raw:
@@ -30,3 +32,5 @@ requests:
       - type: word
         words:
           - "PHP Version"
+
+# Enhanced by mp on 2022/03/29

cves/2020/CVE-2020-26073.yaml

@@ -7,6 +7,8 @@ info:
     A vulnerability in the application data endpoints of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to gain access to sensitive information.
   reference:
     - https://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-vman-traversal-hQh24tmk.html
+  classification:
+    cve-id: CVE-2020-26073
   tags: cve,cve2020,cisco,lfi
 
 requests:

cves/2021/CVE-2021-28854.yaml

@@ -6,6 +6,8 @@ info:
   severity: high
   description: VICIdial's Web Client contains many sensitive files that can be accessed from the client side. These files contain mysqli logs, auth logs, debug information, successful and unsuccessful login attempts with their corresponding IP's, User-Agents, credentials and much more. This information can be leveraged by an attacker to gain further access to VICIdial systems. This vulnerability affects all versions as of 20/5/2021.
   reference: https://github.com/JHHAX/VICIdial
+  classification:
+    cve-id: CVE-2021-28854
   tags: cve,cve2021
 
 requests:

cves/2021/CVE-2021-3017.yaml

@@ -1,18 +1,18 @@
 id: CVE-2021-3017
 
 info:
-  name: Intelbras WIN 300/WRN 342 Disclosure
+  name: Intelbras WIN 300/WRN 342 Credential Disclosure
   author: pikpikcu
   severity: high
-  description: The web interface on Intelbras WIN 300 and WRN 342 devices through 2021-01-04 allows remote attackers to discover credentials by reading the def_wirelesspassword line in the HTML source code.
+  description: "Intelbras WIN 300 and WRN 342 devices through 2021-01-04 allows remote attackers to discover credentials by reading the def_wirelesspassword line in the HTML source code."
   reference:
     - https://poc.wgpsec.org/PeiQi_Wiki/%E7%BD%91%E7%BB%9C%E8%AE%BE%E5%A4%87%E6%BC%8F%E6%B4%9E/Intelbras/Intelbras%20Wireless%20%E6%9C%AA%E6%8E%88%E6%9D%83%E4%B8%8E%E5%AF%86%E7%A0%81%E6%B3%84%E9%9C%B2%20CVE-2021-3017.html
     - https://nvd.nist.gov/vuln/detail/CVE-2021-3017
-  tags: cve,cve2021,exposure,router
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
     cvss-score: 7.50
     cve-id: CVE-2021-3017
+  tags: cve,cve2021,exposure,router
 
 requests:
   - method: GET
@@ -37,3 +37,5 @@ requests:
         part: body
         regex:
           - 'def_wirelesspassword = "([A-Za-z0-9=]+)";'
+
+# Enhanced by mp on 2022/03/30

cves/2021/CVE-2021-30497.yaml

@@ -6,6 +6,8 @@ info:
   severity: high
   description: A directory traversal vulnerability in Ivanti Avalanche allows remote unauthenticated user to access files that reside outside the 'image' folder
   reference: https://ssd-disclosure.com/ssd-advisory-ivanti-avalanche-directory-traversal/
+  classification:
+    cve-id: CVE-2021-30497
   tags: cve,cve2021,avalanche,traversal
 
 requests:

cves/2021/CVE-2021-32853.yaml

@@ -10,6 +10,8 @@ info:
     - https://nvd.nist.gov/vuln/detail/CVE-2021-3285
   metadata:
     shodan-query: http.title:"erxes"
+  classification:
+    cve-id: CVE-2021-32853
   tags: cve,cve2021,xss,erxes,oss
 
 requests:

cves/2021/CVE-2021-33807.yaml

@@ -4,16 +4,17 @@ info:
   name: Cartadis Gespage 8.2.1 - Directory Traversal
   author: daffainfo
   severity: high
-  description: Cartadis Gespage through 8.2.1 allows Directory Traversal in gespage/doDownloadData and gespage/webapp/doDownloadData.
+  description: "Cartadis Gespage through 8.2.1 allows Directory Traversal in gespage/doDownloadData and gespage/webapp/doDownloadData."
   reference:
     - https://www.on-x.com/sites/default/files/on-x_-_security_advisory_-_gespage_-_cve-2021-33807.pdf
     - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33807
-  tags: cve,cve2021,lfi,gespage
+    - https://www.gespage.com/cartadis-db/
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
     cvss-score: 7.50
     cve-id: CVE-2021-33807
     cwe-id: CWE-22
+  tags: cve,cve2021,lfi,gespage
 
 requests:
   - method: GET
@@ -36,3 +37,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/03/30

cves/2021/CVE-2021-37573.yaml

@@ -1,18 +1,19 @@
 id: CVE-2021-37573
 
 info:
-  name: Tiny Java Web Server - Reflected XSS
+  name: Tiny Java Web Server - Reflected Cross-Site Scripting
   author: geeknik
   severity: medium
+  description: "A reflected cross-site scripting vulnerability in the web server TTiny Java Web Server and Servlet Container (TJWS) <=1.115 allows an adversary to inject malicious code on the server's \"404 Page not Found\" error page."
   reference:
     - https://seclists.org/fulldisclosure/2021/Aug/13
-  tags: cve,cve2021,xss,tjws,java
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-37573
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.10
     cve-id: CVE-2021-37573
     cwe-id: CWE-79
-  description: "A reflected cross-site scripting (XSS) vulnerability in the web server TTiny Java Web Server and Servlet Container (TJWS) <=1.115 allows an adversary to inject malicious code on the server's \"404 Page not Found\" error page"
+  tags: cve,cve2021,xss,tjws,java
 
 requests:
   - method: GET
@@ -34,3 +35,5 @@ requests:
         part: header
         words:
           - text/html
+
+# Enhanced by mp on 2022/03/30

cves/2021/CVE-2021-37704.yaml

@@ -1,11 +1,10 @@
 id: CVE-2021-37704
 
 info:
-  name: phpfastcache phpinfo exposure
+  name: phpinfo Resource Exposure
   author: whoever
   severity: medium
-  description: phpinfo() exposure in unprotected composer vendor folder via phpfastcache/phpfastcache.
+  description: "phpinfo() is susceptible to resource exposure in unprotected composer vendor folders via phpfastcache/phpfastcache."
-  tags: cve,cve2021,exposure,phpfastcache,phpinfo
   reference:
     https://github.com/PHPSocialNetwork/phpfastcache/pull/813
     https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37704
@@ -14,6 +13,7 @@ info:
     cvss-score: 4.30
     cve-id: CVE-2021-37704
     cwe-id: CWE-668
+  tags: cve,cve2021,exposure,phpfastcache,phpinfo
 
 requests:
   - method: GET
@@ -39,3 +39,5 @@ requests:
         group: 1
         regex:
           - '>PHP Version <\/td><td class="v">([0-9.]+)'
+
+# Enhanced by mp on 2022/03/30

cves/2022/CVE-2022-22963.yaml

@@ -10,6 +10,8 @@ info:
     - https://tanzu.vmware.com/security/cve-2022-22963
     - https://nsfocusglobal.com/spring-cloud-function-spel-expression-injection-vulnerability-alert/
     - https://github.com/vulhub/vulhub/tree/scf-spel/spring/spring-cloud-function-spel-injection
+  classification:
+    cve-id: CVE-2022-22963
   tags: cve,cve2022,springcloud,rce
 
 requests:

network/cisco-smi-exposure.yaml

@@ -4,17 +4,18 @@ info:
   name: Cisco Smart Install Endpoints Exposure
   author: dwisiswant0
   severity: info
-  description: |
+  description: Cisco Smart Install endpoints were discovered. Exposure of SMI to untrusted networks could allow complete compromise of the switch.
-    This template attempts & supports the detection part only by
-    connecting to the specified Cisco Smart Install port and determines
-    if it speaks the Smart Install Protocol. Exposure of SMI to
-    untrusted networks can allow complete compromise of the switch.
   reference:
     - https://blog.talosintelligence.com/2017/02/cisco-coverage-for-smart-install-client.html
     - https://blogs.cisco.com/security/cisco-psirt-mitigating-and-detecting-potential-abuse-of-cisco-smart-install-feature
     - https://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20170214-smi
     - https://github.com/Cisco-Talos/smi_check/blob/master/smi_check.py#L52-L53
     - https://github.com/Sab0tag3d/SIET
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+    cvss-score: 5.3
+    cve-id:
+    cwe-id: CWE-200
   tags: network,cisco,smi,exposure
 
 network:
@@ -31,3 +32,5 @@ network:
         encoding: hex
         words:
           - "000000040000000000000003000000080000000100000000"
+
+# Enhanced by mp on 2022/03/30

vulnerabilities/oracle/oracle-siebel-xss.yaml

@@ -3,17 +3,18 @@ id: oracle-siebel-xss
 info:
   name: Oracle Siebel Loyalty 8.1 - Cross-Site Scripting
   author: dhiyaneshDK
-  severity: medium
+  severity: high
-  description: A vulnerability in Oracle Siebel Loyalty allows remote unauthenticated attackers to inject arbitrary Javascript code into the responses returned by the '/loyalty_enu/start.swe/' endpoint.
+  description: "A vulnerability in Oracle Siebel Loyalty allows remote unauthenticated attackers to inject arbitrary Javascript code into the responses returned by the '/loyalty_enu/start.swe/' endpoint."
   remediation: Upgrade to Siebel Loyalty version 8.2 or later.
   reference:
     - https://packetstormsecurity.com/files/86721/Oracle-Siebel-Loyalty-8.1-Cross-Site-Scripting.html
     - https://exploit-db.com/exploits/47762
-  tags: xss,oracle
+    - https://docs.oracle.com/cd/E95904_01/books/Secur/siebel-security-hardening.html
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
     cvss-score: 7.2
     cwe-id: CWE-79
+  tags: xss,oracle,siebel
 
 requests:
   - method: GET
@@ -35,4 +36,4 @@ requests:
         status:
           - 200
 
-# Enhanced by cs on 2022/02/28
+# Enhanced by mp on 2022/03/30

vulnerabilities/other/antsword-backdoor.yaml

@@ -1,12 +1,17 @@
 id: antsword-backdoor
 
 info:
-  name: Antsword backdook
+  name: Antsword Backdoor Identified
   author: ffffffff0x
   severity: critical
-  description: 蚁剑「绕过 disable_functions」插件生成的 shell
+  description: The Antsword application contains a backdoor shell.
+  remediation: Reinstall Anstsword on a new system due to the target system's compromise. Follow best practices for securing PHP servers/applications via the php.ini and other mechanisms.
   reference: https://github.com/AntSwordProject/AntSword-Labs/tree/master/bypass_disable_functions/9
   tags: backdoor,antsword
+  classification:
+    cwe-id: CWE-553
+    cvss-score: 10.0
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
 
 requests:
   - method: POST
@@ -26,3 +31,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by cs 2022/03/31

vulnerabilities/other/microweber-xss.yaml

@@ -1,15 +1,20 @@
 id: microweber-xss
 
 info:
-  name: Microweber XSS
+  name: Microweber Cross-Site Scripting
   author: gy741
-  severity: medium
+  severity: high
-  description: Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11.
+  description: "Microweber prior to 1.2.11 is susceptible to reflected cross-site Scripting via Packagist microweber/microweber."
   reference:
     - https://github.com/microweber/microweber/issues/809
     - https://github.com/microweber/microweber
   metadata:
     shodan-query: 'http.favicon.hash:780351152'
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+    cvss-score: 7.2
+    cve-id:
+    cwe-id: CWE-79
   tags: microweber,xss,oss
 
 requests:
@@ -32,3 +37,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/03/30

vulnerabilities/other/visual-tools-dvr-rce.yaml

@@ -26,3 +26,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/03/31

vulnerabilities/simplecrm/simple-crm-sql-injection.yaml

@@ -1,10 +1,17 @@
 id: simple-crm-sql-injection
 
 info:
-  name: Simple CRM 3.0 - 'email' SQL injection & Authentication Bypass
+  name: Simple CRM 3.0 SQL Injection and Authentication Bypass
   author: geeknik
   severity: high
-  reference: https://packetstormsecurity.com/files/163254/simplecrm30-sql.txt
+  description: Simple CRM 3.0 is susceptible to SQL injection and authentication bypass vulnerabilities.
+  reference:
+    - https://packetstormsecurity.com/files/163254/simplecrm30-sql.txt
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
+    cvss-score: 10.0
+    cve-id:
+    cwe-id: CWE-89
   tags: sqli,simplecrm,auth-bypass,injection
 
 requests:
@@ -28,3 +35,5 @@ requests:
         words:
           - "text/html"
         part: header
+
+# Enhanced by mp on 2022/03/30

vulnerabilities/wordpress/hide-security-enhancer-lfi.yaml

@@ -1,11 +1,17 @@
 id: hide-security-enhancer-lfi
 
 info:
-  name: WP Hide Security Enhancer 1.3.9.2 - Arbitrary File Download Vulnerability
+  name: WordPress Hide Security Enhancer 1.3.9.2 Local File Inclusion
   author: dhiyaneshDK
   severity: high
-  description: WP Hide Security Enhancer version 1.3.9.2 or less is victim of an Arbitrary File Download vulnerability. This allows any visitor to download any file in our installation
+  description: WordPress Hide Security Enhancer version 1.3.9.2 or less is susceptible to a local file inclusion vulnerability which could allow malicious visitors to download any file in the installation.
+  remediation: Upgrade to version 1.4 or later.
   reference: https://secupress.me/blog/arbitrary-file-download-vulnerability-in-wp-hide-security-enhancer-1-3-9-2/
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
+    cvss-score: 8.6
+    cve-id:
+    cwe-id: CWE-22
   tags: wordpress,wp-plugin,lfi,wp
 
 requests:
@@ -25,3 +31,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/03/29

vulnerabilities/wordpress/issuu-panel-lfi.yaml

@@ -1,11 +1,18 @@
 id: issuu-panel-lfi
 
 info:
-  name: Wordpress Plugin Issuu Panel - RFI & LFI
+  name: Wordpress Plugin Issuu Panel Remote/Local File Inclusion
   author: 0x_Akoko
   severity: high
   description: The WordPress Issuu Plugin includes an arbitrary file disclosure vulnerability that allows unauthenticated attackers to disclose the content of local and remote files.
-  reference: https://cxsecurity.com/issue/WLB-2016030131
+  reference:
+    - https://cxsecurity.com/issue/WLB-2016030131
+    - https://wordpress.org/plugins/issuu-panel/
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
+    cvss-score: 8.6
+    cve-id:
+    cwe-id: CWE-22
   tags: wp-plugin,wordpress,lfi,rfi
 
 requests:
@@ -23,3 +30,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/03/29