daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Dashboard Content Enhancements (#3961) 

* Enhancement: default-logins/viewpoint/trilithic-viewpoint-login.yaml by mp

* Enhancement: default-logins/visionhub/visionhub-default-login.yaml by mp

* Enhancement: default-logins/weblogic/weblogic-weak-login.yaml by mp

* Enhancement: default-logins/wifisky/wifisky-default-login.yaml by mp

* Enhancement: default-logins/wso2/wso2-default-login.yaml by mp

* Enhancement: default-logins/xerox/xerox7-default-login.yaml by mp

* Enhancement: default-logins/xxljob/xxljob-default-login.yaml by mp

* Enhancement: default-logins/zabbix/zabbix-default-login.yaml by mp

* Enhancement: default-logins/zmanda/zmanda-default-login.yaml by mp

* Enhancement: dns/azure-takeover-detection.yaml by mp

* Enhancement: dns/cname-fingerprint.yaml by mp

* Enhancement: dns/cname-service-detection.yaml by mp

* Enhancement: dns/detect-dangling-cname.yaml by mp

* Enhancement: dns/dns-waf-detect.yaml by mp

* Enhancement: default-logins/weblogic/weblogic-weak-login.yaml by mp

* Enhancement: default-logins/xxljob/xxljob-default-login.yaml by mp

* Enhancement: dns/dnssec-detection.yaml by mp

* Enhancement: dns/ec2-detection.yaml by mp

* Add CVSS/CWE

* Trailing space

* Linting error on comment indentation

* Typo

* Enhancement: dns/elasticbeantalk-takeover.yaml by mp

* Enhancement: cves/2020/CVE-2020-23517.yaml by mp

* Enhancement: dns/elasticbeantalk-takeover.yaml by mp

* Enhancement: dns/mx-fingerprint.yaml by mp

* Enhancement: dns/mx-service-detector.yaml by mp

* Enhancement: dns/nameserver-fingerprint.yaml by mp

* Enhancement: dns/ptr-fingerprint.yaml by mp

* Enhancement: dns/servfail-refused-hosts.yaml by mp

* Enhancement: dns/spoofable-spf-records-ptr.yaml by mp

* Enhancement: dns/txt-fingerprint.yaml by mp

* Enhancement: dns/worksites-detection.yaml by mp

* Enhancement: exposed-panels/3g-wireless-gateway.yaml by mp

* Enhancement: exposed-panels/acemanager-login.yaml by mp

* Enhancement: exposed-panels/acrolinx-dashboard.yaml by mp

* Enhancement: dns/mx-fingerprint.yaml by mp

* Enhancement: dns/mx-service-detector.yaml by mp

* Enhancement: dns/ptr-fingerprint.yaml by mp

* Enhancement: dns/servfail-refused-hosts.yaml by mp

* Enhancement: dns/spoofable-spf-records-ptr.yaml by mp

* Enhancement: cves/2021/CVE-2021-39501.yaml by mp

* Enhancement: cves/2021/CVE-2021-40323.yaml by mp

* Enhancement: cves/2021/CVE-2021-40539.yaml by mp

* Enhancement: cves/2021/CVE-2021-40542.yaml by mp

* Enhancement: cves/2021/CVE-2021-40856.yaml by mp

* Enhancement: cves/2021/CVE-2021-40859.yaml by mp

* Enhancement: cves/2021/CVE-2021-40323.yaml by mp

* Enhancement: cves/2021/CVE-2021-40539.yaml by mp

* Enhancement: cves/2010/CVE-2010-1875.yaml by mp

* Enhancement: exposed-panels/aims-password-portal.yaml by mp

* Enhancement: exposed-panels/airflow-panel.yaml by mp

* Enhancement: exposed-panels/akamai-cloudtest.yaml by mp

* Enhancement: exposed-panels/alfresco-detect.yaml by mp

* Enhancement: exposed-panels/alienvault-usm.yaml by mp

* Enhancement: exposed-panels/ambari-exposure.yaml by mp

* Enhancement: exposed-panels/amcrest-login.yaml by mp

* Enhancement: exposed-panels/ametys-admin-login.yaml by mp

* Enhancement: exposed-panels/ametys-admin-login.yaml by mp

* Enhancement: exposed-panels/alienvault-usm.yaml by mp

* Enhancement: exposed-panels/airflow-panel.yaml by mp

* Enhancement: exposed-panels/aims-password-portal.yaml by mp

* Enhancement: exposed-panels/ambari-exposure.yaml by mp

* Enhancement: cnvd/2021/CNVD-2021-17369.yaml by mp

* Enhancement: exposed-panels/apache/public-tomcat-manager.yaml by mp

* Enhancement: exposed-panels/apache/apache-apisix-panel.yaml by mp

* Enhancement: exposed-panels/ansible-tower-exposure.yaml by mp

* Enhancement: exposed-panels/ampps-panel.yaml by mp

* Enhancement: exposed-panels/ampps-admin-panel.yaml by mp

* Enhancement: exposed-panels/ametys-admin-login.yaml by mp

* Enhancement: cves/2010/CVE-2010-1878.yaml by mp

* Fix encoded chars

* trailing space

* Enhancement: cnvd/2021/CNVD-2021-15822.yaml by mp

* Enhancement: cnvd/2021/CNVD-2021-15822.yaml by mp

* Enhancement: cnvd/2021/CNVD-2021-15822.yaml by mp

* Enhancement: exposed-panels/apache/tomcat-pathnormalization.yaml by mp

* Enhancement: cves/2021/CVE-2021-40542.yaml by mp

* Enhancement: misconfiguration/horde-unauthenticated.yaml by mp

* Enhancement: misconfiguration/horde-unauthenticated.yaml by mp

* Enhancement: misconfiguration/horde-unauthenticated.yaml by mp

* Enhancement: cves/2021/CVE-2021-40542.yaml by mp

* Enhancement: exposed-panels/apiman-panel.yaml by mp

* Enhancement: cves/2010/CVE-2010-1873.yaml by mp

* Enhancement: exposed-panels/arcgis/arcgis-panel.yaml by mp

* Enhancement: exposed-panels/arcgis/arcgis-rest-api.yaml by mp

* Enhancement: exposed-panels/argocd-login.yaml by mp

* Enhancement: exposed-panels/atlassian-crowd-panel.yaml by mp

* Enhancement: exposed-panels/atvise-login.yaml by mp

* Enhancement: exposed-panels/avantfax-panel.yaml by mp

* Enhancement: exposed-panels/avatier-password-management.yaml by mp

* Enhancement: exposed-panels/axigen-webadmin.yaml by mp

* Enhancement: exposed-panels/axigen-webmail.yaml by mp

* Enhancement: exposed-panels/azkaban-web-client.yaml by mp

* Enhancement: exposed-panels/acunetix-panel.yaml by mp

* Enhancement: exposed-panels/adiscon-loganalyzer.yaml by mp

* Enhancement: exposed-panels/adminer-panel.yaml by mp

* Enhancement: cves/2010/CVE-2010-1870.yaml by mp

* Enhancement: exposed-panels/adminset-panel.yaml by mp

* Enhancement: exposed-panels/adobe/adobe-component-login.yaml by mp

* Enhancement: exposed-panels/adobe/adobe-connect-central-login.yaml by mp

* Enhancement: exposed-panels/adobe/adobe-experience-manager-login.yaml by mp

* Enhancement: exposed-panels/adobe/adobe-media-server.yaml by mp

* Enhancement: exposed-panels/advance-setup.yaml by mp

* Enhancement: exposed-panels/aerohive-netconfig-ui.yaml by mp

* Enhancement: exposed-panels/aims-password-mgmt-client.yaml by mp

* Enhancement: exposed-panels/aims-password-mgmt-client.yaml by mp

* Enhancement: exposed-panels/aims-password-portal.yaml by mp

* Enhancement: exposed-panels/airflow-panel.yaml by mp

* Enhancement: exposed-panels/airflow-panel.yaml by mp

* spacing issues

* Spacing

* HTML codes improperly interpreted
Relocate horde-unauthenticated.yaml to CVE-2005-3344.yaml

* Relocate horde-unauthenticated.yaml to CVE-2005-3344.yaml

* Enhancement: technologies/waf-detect.yaml by mp

* Enhancement: vulnerabilities/wordpress/wordpress-wpcourses-info-disclosure.yaml by mp

* Enhancement: vulnerabilities/wordpress/wordpress-wpcourses-info-disclosure.yaml by mp

* Enhancement: network/sap-router-info-leak.yaml by mp

* Enhancement: vulnerabilities/wordpress/wordpress-wpcourses-info-disclosure.yaml by mp

* Enhancement: network/sap-router-info-leak.yaml by mp

* Enhancement: network/exposed-adb.yaml by mp

* Enhancement: vulnerabilities/vmware/vrealize-operations-log4j-rce.yaml by mp

* Enhancement: vulnerabilities/vmware/vrealize-operations-log4j-rce.yaml by mp

* Enhancement: vulnerabilities/vmware/vrealize-operations-log4j-rce.yaml by mp

* Enhancement: vulnerabilities/vmware/vrealize-operations-log4j-rce.yaml by mp

* Enhancement: vulnerabilities/wordpress/wordpress-woocommerce-sqli.yaml by mp

* Enhancement: exposures/tokens/digitalocean/tugboat-config-exposure.yaml by mp

* Enhancement: exposed-panels/concrete5/concrete5-install.yaml by mp

* Enhancement: vulnerabilities/wordpress/wordpress-infinitewp-auth-bypass.yaml by mp

* indentation issue

* Character encoding issue fix

* Enhancement: default-logins/alibaba/canal-default-login.yaml by mp

* Enhancement: default-logins/alphaweb/alphaweb-default-login.yaml by mp

* Enhancement: default-logins/ambari/ambari-default-login.yaml by mp

* Enhancement: default-logins/apache/airflow-default-login.yaml by mp

* Enhancement: default-logins/apache/apisix-default-login.yaml by mp

* Enhancement: default-logins/apollo/apollo-default-login.yaml by mp

* Enhancement: default-logins/arl/arl-default-login.yaml by mp

* Enhancement: default-logins/digitalrebar/digitalrebar-default-login.yaml by mp

* Enhancement: default-logins/mantisbt/mantisbt-default-credential.yaml by mp

* Enhancement: default-logins/stackstorm/stackstorm-default-login.yaml by mp

* Enhancement: dns/caa-fingerprint.yaml by mp

* Enhancement: exposed-panels/active-admin-exposure.yaml by mp

* Enhancement: exposed-panels/activemq-panel.yaml by mp

* Enhancement: default-logins/ambari/ambari-default-login.yaml by mp

* Restore & stomped by dashboard

* Enhancement: cves/2010/CVE-2010-1653.yaml by mp

* Enhancement: cves/2021/CVE-2021-38751.yaml by mp

* Enhancement: cves/2021/CVE-2021-39320.yaml by mp

* Enhancement: cves/2021/CVE-2021-39322.yaml by mp

* Enhancement: cves/2021/CVE-2021-39327.yaml by mp

* Enhancement: cves/2021/CVE-2021-39350.yaml by mp

* Enhancement: cves/2021/CVE-2021-39433.yaml by mp

* Enhancement: cves/2021/CVE-2021-41192.yaml by mp

* Enhancement: cnvd/2021/CNVD-2021-15824.yaml by mp

* Enhancement: exposed-panels/ansible-semaphore-panel.yaml by mp

* Enhancement: exposed-panels/aviatrix-panel.yaml by mp

* Enhancement: cves/2022/CVE-2022-24288.yaml by mp

* Enhancement: cves/2022/CVE-2022-24990.yaml by mp

* Enhancement: cves/2022/CVE-2022-26159.yaml by mp

* Enhancement: default-logins/aem/aem-default-login.yaml by mp

* Enhancement: exposed-panels/blue-iris-login.yaml by mp

* Enhancement: exposed-panels/bigbluebutton-login.yaml by mp

* Enhancement: cves/2022/CVE-2022-24288.yaml by mp

* Enhancement: cves/2022/CVE-2022-24990.yaml by mp

* Enhancement: cves/2022/CVE-2022-26159.yaml by mp

* Enhancement: default-logins/aem/aem-default-login.yaml by mp

* Spacing issues
Add cve-id field

* fix & stomping

* Enhancement: cves/2016/CVE-2016-1000141.yaml by mp

* Enhancement: cves/2020/CVE-2020-24912.yaml by mp

* Enhancement: cves/2021/CVE-2021-35265.yaml by mp

* Enhancement: cves/2022/CVE-2022-0437.yaml by mp

* Enhancement: cves/2010/CVE-2010-1601.yaml by mp

* Enhancement: technologies/teradici-pcoip.yaml by mp

* Enhancement: vulnerabilities/other/unauth-hoteldruid-panel.yaml by mp

* Enhancement: cves/2010/CVE-2010-1475.yaml by mp

* Enhancement: cves/2010/CVE-2010-1535.yaml by mp

* Enhancement: exposed-panels/epson-web-control-detect.yaml by mp

* Enhancement: exposed-panels/epson-access-detect.yaml by mp

* Enhancement: cves/2020/CVE-2020-29453.yaml by mp

* Fix spacing

Co-authored-by: sullo <sullo@cirt.net>
patch-1
MostInterestingBotInTheWorld 2022-03-25 07:45:10 -04:00 committed by GitHub
parent 845093dcf7
commit 814d07fb7d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
30 changed files with 258 additions and 122 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
cnvd/2021/CNVD-2021-15824.yaml
View File

@ -3,11 +3,18 @@ id: CNVD-2021-15824
info:
name: EmpireCMS DOM Cross Site-Scripting
author: daffainfo
severity: medium
severity: high
description: EmpireCMS is vulnerable to a DOM based cross-site scripting attack.
reference:
- https://sourceforge.net/projects/empirecms/
- https://www.bilibili.com/read/cv10441910
- https://vul.wangan.com/a/CNVD-2021-15824
tags: empirecms,cnvd,cnvd2021,xss,domxss
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cve-id:
cwe-id: CWE-79
requests:
- method: GET
@ -26,3 +33,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/03/23

6
cves/2010/CVE-2010-1475.yaml
View File

@ -5,13 +5,12 @@ info:
author: daffainfo
severity: high
description: A directory traversal vulnerability in the Preventive & Reservation (com_preventive) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
remediation: Upgrade to a supported version.
reference:
- https://www.exploit-db.com/exploits/12147
- https://www.cvedetails.com/cve/CVE-2010-1475
tags: cve,cve2010,joomla,lfi
classification:
cve-id: CVE-2010-1475
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
@ -25,4 +24,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/02/14
# Enhanced by mp on 2022/03/24

8
cves/2010/CVE-2010-1535.yaml
View File

@ -1,16 +1,17 @@
id: CVE-2010-1535
info:
name: Joomla! Component TRAVELbook 1.0.1 - Local File Inclusion
author: daffainfo
severity: high
description: A directory traversal vulnerability in the TRAVELbook (com_travelbook) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
remediation: Upgrade to a supported version.
reference:
- https://www.exploit-db.com/exploits/12151
- https://www.cvedetails.com/cve/CVE-2010-1535
tags: cve,cve2010,joomla,lfi
classification:
cve-id: CVE-2010-1535
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
path:
@ -23,4 +24,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/02/15
# Enhanced by mp on 2022/03/24

4
cves/2010/CVE-2010-1601.yaml
View File

@ -8,9 +8,9 @@ info:
reference:
- https://www.exploit-db.com/exploits/12236
- https://www.cvedetails.com/cve/CVE-2010-1601
tags: cve,cve2010,joomla,lfi
classification:
cve-id: CVE-2010-1601
tags: cve,cve2010,joomla,lfi
requests:
- method: GET
@ -25,4 +25,4 @@ requests:
status:
- 200
# Enhanced by mp on 2022/03/06
# Enhanced by mp on 2022/03/24

6
cves/2010/CVE-2010-1653.yaml
View File

@ -1,16 +1,17 @@
id: CVE-2010-1653
info:
name: Joomla! Component Graphics 1.0.6 - Local File Inclusion
author: daffainfo
severity: high
description: A directory traversal vulnerability in graphics.php in the Graphics (com_graphics) component 1.0.6 and 1.5.0 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
remediation: Upgrade to a supported version.
reference:
- https://www.exploit-db.com/exploits/12430
- https://www.cvedetails.com/cve/CVE-2010-1653
tags: cve,cve2010,joomla,lfi
classification:
cve-id: CVE-2010-1653
requests:
- method: GET
path:
@ -23,4 +24,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/02/15
# Enhanced by mp on 2022/03/23

2
cves/2015/CVE-2015-2166.yaml
View File

@ -9,6 +9,8 @@ info:
- https://www.exploit-db.com/exploits/36619
- https://nvd.nist.gov/vuln/detail/CVE-2015-2166
tags: cve,cve2015,lfi,ericsson
classification:
cve-id: CVE-2015-2166
requests:
- method: GET

11
cves/2016/CVE-2016-1000141.yaml
View File

@ -1,11 +1,14 @@
id: CVE-2016-1000141
info:
name: Page Layout builder v1.9.3 - Reflected Cross-Site Scripting (XSS)
name: WordPress Page Layout builder v1.9.3 - Reflected Cross-Site Scripting
author: daffainfo
severity: medium
description: Reflected XSS in wordpress plugin page-layout-builder v1.9.3
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000141
description: WordPress plugin Page-layout-builder v1.9.3 contains a cross-site scripting vulnerability.
remediation: Upgrade to version 2.0 or higher.
reference:
- http://www.vapidlabs.com/wp/wp_advisory.php?v=358
- https://nvd.nist.gov/vuln/detail/CVE-2016-1000141
tags: cve,cve2016,wordpress,xss,wp-plugin
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
@ -33,3 +36,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/03/24

7
cves/2020/CVE-2020-24912.yaml
View File

@ -4,17 +4,18 @@ info:
name: QCube Cross-Site-Scripting
author: pikpikcu
severity: medium
description: A reflected cross-site scripting (XSS) vulnerability in qcubed (all versions including 3.1.1) in profile.php via the stQuery-parameter allows unauthenticated attackers to steal sessions of authenticated users.
description: A reflected cross-site scripting vulnerability in qcubed (all versions including 3.1.1) in profile.php via the stQuery-parameter allows unauthenticated attackers to steal sessions of authenticated users.
reference:
- https://www.ait.ac.at/themen/cyber-security/pentesting/security-advisories/ait-sa-20210215-03
- https://github.com/qcubed/qcubed/pull/1320/files
- https://nvd.nist.gov/vuln/detail/CVE-2020-24912
- http://seclists.org/fulldisclosure/2021/Mar/30
tags: cve,cve2020,qcubed,xss
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2020-24912
cwe-id: CWE-79
tags: cve,cve2020,qcubed,xss
requests:
- method: POST
@ -38,3 +39,5 @@ requests:
words:
- 'Content-Type: text/html'
part: header
# Enhanced by mp on 2022/03/24

10
cves/2020/CVE-2020-29453.yaml
View File

@ -1,17 +1,19 @@
id: CVE-2020-29453
info:
name: Pre-Auth Limited Arbitrary File Read in Jira Server
name: Jira Server Pre-Auth Limited Arbitrary File Read
author: dwisiswant0
severity: medium
description: The CachingResourceDownloadRewriteRule class in Jira Server and Jira Data Center allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check.
reference: https://jira.atlassian.com/browse/JRASERVER-72014
tags: cve,cve2020,atlassian,jira,lfi
reference:
- https://jira.atlassian.com/browse/JRASERVER-72014
- https://nvd.nist.gov/vuln/detail/CVE-2020-29453
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.30
cve-id: CVE-2020-29453
cwe-id: CWE-22
tags: cve,cve2020,atlassian,jira,lfi
requests:
- method: GET
@ -29,3 +31,5 @@ requests:
words:
- '<groupId>com.atlassian.jira</groupId>'
part: body
# Enhanced by mp on 2022/03/24

6
cves/2021/CVE-2021-35265.yaml
View File

@ -4,16 +4,16 @@ info:
name: MaxSite CMS XSS
author: pikpikcu
severity: medium
description: Reflected cross-site scripting (XSS) vulnerability in MaxSite CMS before V106 via product/page/* allows remote attackers to inject arbitrary web script to a page.
description: A reflected cross-site scripting vulnerability in MaxSite CMS before V106 via product/page/* allows remote attackers to inject arbitrary web script to a page."
reference:
- https://github.com/maxsite/cms/issues/414#issue-726249183
- https://nvd.nist.gov/vuln/detail/CVE-2021-35265
tags: cve,cve2021,maxsite,xss
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2021-35265
cwe-id: CWE-79
tags: cve,cve2021,maxsite,xss
requests:
- method: GET
@ -37,3 +37,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/03/24

11
cves/2021/CVE-2021-38751.yaml
View File

@ -4,12 +4,9 @@ info:
name: ExponentCMS <= 2.6 Host Header Injection
author: dwisiswant0
severity: medium
description: |
A HTTP Host header attack exists in ExponentCMS 2.6
and below in /exponent_constants.php. A modified HTTP
header can change links on the webpage to an arbitrary value,
leading to a possible attack vector for MITM.
description: "An HTTP Host header attack exists in ExponentCMS 2.6 and below in /exponent_constants.php. A modified HTTP header can change links on the webpage to an arbitrary value,leading to a possible attack vector for MITM."
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2021-38751
- https://github.com/exponentcms/exponent-cms/issues/1544
- https://github.com/exponentcms/exponent-cms/blob/a9fa9358c5e8dc2ce7ad61d7d5bea38505b8515c/exponent_constants.php#L56-L64
tags: cve,cve2021,exponentcms
@ -39,4 +36,6 @@ requests:
- type: status
status:
- 200
- 200
# Enhanced by mp on 2022/03/23

6
cves/2021/CVE-2021-39320.yaml
View File

@ -1,10 +1,10 @@
id: CVE-2021-39320
info:
name: underConstruction < 1.19 - Reflected Cross-Site Scripting
name: WordPress underConstruction Plugin< 1.19 - Reflected Cross-Site Scripting
author: dhiyaneshDK
severity: medium
description: The underConstruction plugin <= 1.18 for WordPress echoes out the raw value of `$GLOBALS['PHP_SELF']` in the ucOptions.php file. On certain configurations including Apache+modPHP, this makes it possible to use it to perform a reflected Cross-Site Scripting attack by injecting malicious code in the request path.
description: "The underConstruction plugin <= 1.18 for WordPress echoes out the raw value of `$GLOBALS['PHP_SELF']` in the ucOptions.php file. On certain configurations including Apache+modPHP, this makes it possible to use it to perform a reflected cross-site scripting attack by injecting malicious code in the request path."
reference:
- https://wpscan.com/vulnerability/49ae1df0-d6d2-4cbb-9a9d-bf3599429875
- https://nvd.nist.gov/vuln/detail/CVE-2021-39320
@ -35,3 +35,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/03/23

6
cves/2021/CVE-2021-39322.yaml
View File

@ -1,10 +1,10 @@
id: CVE-2021-39322
info:
name: Easy Social Icons < 3.0.9 - Reflected Cross-Site Scripting
name: WordPress Easy Social Icons Plugin < 3.0.9 - Reflected Cross-Site Scripting
author: dhiyaneshDK
severity: medium
description: The Easy Social Icons plugin <= 3.0.8 for WordPress echoes out the raw value of `$_SERVER['PHP_SELF']` in its main file. On certain configurations including Apache+modPHP this makes it possible to use it to perform a reflected Cross-Site Scripting attack by injecting malicious code in the request path.
description: "The Easy Social Icons plugin <= 3.0.8 for WordPress echoes out the raw value of `$_SERVER['PHP_SELF']` in its main file. On certain configurations including Apache+modPHP this makes it possible to use it to perform a reflected cross-site scripting attack by injecting malicious code in the request path."
reference:
- https://wpscan.com/vulnerability/5e0bf0b6-9809-426b-b1d4-1fb653083b58
- https://nvd.nist.gov/vuln/detail/CVE-2021-39322
@ -46,3 +46,5 @@ requests:
part: header
words:
- "text/html"
# Enhanced by mp on 2022/03/23

4
cves/2021/CVE-2021-39327.yaml
View File

@ -4,7 +4,7 @@ info:
name: WordPress BulletProof Security 5.1 Information Disclosure
author: geeknik
severity: medium
description: The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible ~/db_backup_log.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up to, and including, 5.1.
description: "The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible ~/db_backup_log.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up to, and including, 5.1."
reference:
- https://packetstormsecurity.com/files/164420/wpbulletproofsecurity51-disclose.txt
- https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39327
@ -39,3 +39,5 @@ requests:
part: header
words:
- 'text/plain'
# Enhanced by mp on 2022/03/23

6
cves/2021/CVE-2021-39350.yaml
View File

@ -1,10 +1,10 @@
id: CVE-2021-39350
info:
name: FV Flowplayer Video Player WordPress plugin - Authenticated Reflected XSS
name: FV Flowplayer Video Player WordPress plugin - Authenticated Reflected Cross-Site Scripting
author: gy741
severity: medium
description: The FV Flowplayer Video Player WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the player_id parameter found in the ~/view/stats.php file which allows attackers to inject arbitrary web scripts, in versions 7.5.0.727 - 7.5.2.727.
description: "The FV Flowplayer Video Player WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the player_id parameter found in the ~/view/stats.php file which allows attackers to inject arbitrary web scripts in versions 7.5.0.727 - 7.5.2.727."
reference:
- https://wpscan.com/vulnerability/e9adc166-be7f-4066-a2c1-7926c6304fc9
- https://nvd.nist.gov/vuln/detail/CVE-2021-39350
@ -46,3 +46,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/03/23

6
cves/2021/CVE-2021-39433.yaml
View File

@ -1,10 +1,10 @@
id: CVE-2021-39433
info:
name: BIQS IT Biqs-drive v1.83 LFI
name: BIQS IT Biqs-drive v1.83 Local File Inclusion
author: Veshraj
severity: high
description: A local file inclusion (LFI) vulnerability exists in version BIQS IT Biqs-drive v1.83 and below when sending a specific payload as the file parameter to download/index.php. This allows the attacker to read arbitrary files from the server with the permissions of the configured web-user.
description: "A local file inclusion vulnerability exists in version BIQS IT Biqs-drive v1.83 and below when sending a specific payload as the file parameter to download/index.php. This allows the attacker to read arbitrary files from the server with the permissions of the configured web-user."
reference:
- https://github.com/PinkDraconian/CVE-2021-39433/blob/main/README.md
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39433
@ -28,3 +28,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/03/23

6
cves/2021/CVE-2021-41192.yaml
View File

@ -1,10 +1,10 @@
id: CVE-2021-41192
info:
name: Redash Setup Configuration - Default secrets
name: Redash Setup Configuration - Default Secrets Disclosure
author: bananabr
severity: medium
description: If an admin sets up Redash versions <=10.0 and prior without explicitly specifying the `REDASH_COOKIE_SECRET` or `REDASH_SECRET_KEY` environment variables, a default value is used for both that is the same across all installations. In such cases, the instance is vulnerable to attackers being able to forge sessions using the known default value.
description: "Redash Setup Configuration is vulnerable to default secrets disclosure (Insecure Default Initialization of Resource). If an admin sets up Redash versions <=10.0 and prior without explicitly specifying the `REDASH_COOKIE_SECRET` or `REDASH_SECRET_KEY` environment variables, a default value is used for both that is the same across all installations. In such cases, the instance is vulnerable to attackers being able to forge sessions using the known default value."
reference:
- https://hackerone.com/reports/1380121
- https://github.com/getredash/redash/security/advisories/GHSA-g8xr-f424-h2rv
@ -37,3 +37,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/03/23

16
cves/2022/CVE-2022-0437.yaml
View File

@ -1,22 +1,22 @@
id: CVE-2022-0437
info:
name: Cross-site Scripting (XSS) - DOM in karma-runner
name: karma-runner DOM-based Cross-Site Scripting
author: pikpikcu
severity: medium
description: Cross-site Scripting (XSS) - DOM in NPM karma prior to 6.3.14.
description: NPM karma prior to 6.3.14. contains a DOM-based cross-site Scripting vulnerability.
reference:
- https://huntr.dev/bounties/64b67ea1-5487-4382-a5f6-e8a95f798885
- https://github.com/karma-runner/karma/commit/839578c45a8ac42fbc1d72105f97eab77dd3eb8a
- https://nvd.nist.gov/vuln/detail/CVE-2022-0437
- https://huntr.dev/bounties/64b67ea1-5487-4382-a5f6-e8a95f798885
- https://github.com/karma-runner/karma
tags: cve,cve2022,karma,xss,oss
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2022-0437
cwe-id: CWE-79
reference:
- https://huntr.dev/bounties/64b67ea1-5487-4382-a5f6-e8a95f798885
- https://github.com/karma-runner/karma/commit/839578c45a8ac42fbc1d72105f97eab77dd3eb8a
tags: cve,cve2022,karma,xss,oss
requests:
- method: GET
@ -46,4 +46,6 @@ requests:
- type: dsl
dsl:
- 'to_string(version) <= "6.3.13"'
- 'to_string(version) <= "6.3.13"'
# Enhanced by mp on 2022/03/24

12
cves/2022/CVE-2022-24288.yaml
View File

@ -1,11 +1,13 @@
id: CVE-2022-24288
info:
name: Apache Airflow CVE-2022-24288 OS Command Injection
name: Apache Airflow OS Command Injection
author: xeldax
severity: critical
description: In Apache Airflow, prior to version 2.2.4, some example DAGs did not properly sanitize user-provided params, making them susceptible to OS Command Injection from the web UI.
reference: https://github.com/advisories/GHSA-3v7g-4pg3-7r6j
description: Apache Airflow prior to version 2.2.4 is vulnerable to OS command injection attacks because some example DAGs do not properly sanitize user-provided parameters, making them susceptible to OS Command Injection from the web UI.
reference:
- https://github.com/advisories/GHSA-3v7g-4pg3-7r6j
- https://nvd.nist.gov/vuln/detail/CVE-2022-24288
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.8
@ -25,4 +27,6 @@ requests:
matchers:
- type: word
words:
- 'foo was passed in via Airflow CLI Test command with value {{ params.foo }}' # Works with unauthenticated airflow instance
- 'foo was passed in via Airflow CLI Test command with value {{ params.foo }}' # Works with unauthenticated airflow instance
# Enhanced by mp on 2022/03/23

16
cves/2022/CVE-2022-24990.yaml
View File

@ -1,16 +1,18 @@
id: CVE-2022-24990
info:
name: TerraMaster TOS < 4.2.30 - Server Information Disclosure
name: TerraMaster TOS < 4.2.30 Server Information Disclosure
author: dwisiswant0
severity: medium
description: |
TerraMaster NAS devices running TOS prior to version
4.2.30 is vulnerable to information disclosure
reference: https://octagon.net/blog/2022/03/07/cve-2022-24990-terrmaster-tos-unauthenticated-remote-command-execution-via-php-object-instantiation/
description: "TerraMaster NAS devices running TOS prior to version 4.2.30 are vulnerable to information disclosure."
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2022-23990
- https://octagon.net/blog/2022/03/07/cve-2022-24990-terrmaster-tos-unauthenticated-remote-command-execution-via-php-object-instantiation/
metadata:
shodan-query: TerraMaster
tags: cve,cve2022,terramaster,exposure
classification:
cve-id: CVE-2022-24990
requests:
- method: GET
@ -38,4 +40,6 @@ requests:
- "webNasIPS successful"
- "(ADDR|(IFC|PWD|[DS]AT)):"
- "\"((firmware|(version|ma(sk|c)|port|url|ip))|hostname)\":" # cherry pick
condition: or
condition: or
# Enhanced by mp on 2022/03/23

6
cves/2022/CVE-2022-26159.yaml
View File

@ -1,10 +1,10 @@
id: CVE-2022-26159
info:
name: Ametys CMS - Unauthenticated information disclosure
name: Ametys CMS Information Disclosure
author: Remi Gascou (podalirius)
severity: medium
description: The auto-completion plugin in Ametys CMS before 4.5.0 allows a remote unauthenticated attacker to read documents such as plugins/web/service/search/auto-completion/domain/en.xml (and similar pathnames for other languages), which contain all characters typed by all users, including the content of private pages. For example, a private page may contain usernames, e-mail addresses, and possibly passwords.
description: "Ametys CMS before 4.5.0 allows a remote unauthenticated attacker to read documents such as plugins/web/service/search/auto-completion/domain/en.xml (and similar pathnames for other languages) via the auto-completion plugin, which contain all characters typed by all users, including the content of private pages. For example, a private page may contain usernames, e-mail addresses, and possibly passwords."
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2022-26159
- https://podalirius.net/en/cves/2022-26159/
@ -35,3 +35,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/03/23

12
default-logins/aem/aem-default-login.yaml
View File

@ -3,8 +3,16 @@ id: aem-default-login
info:
name: Adobe AEM Default Login
author: random-robbie
severity: critical
severity: high
description: Adobe AEM default login credentials were discovered.
reference:
- https://experienceleague.adobe.com/docs/experience-manager-64/administering/security/security-checklist.html?lang=en
tags: aem,default-login,adobe
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
cvss-score: 8.3
cve-id:
cwe-id: CWE-522
requests:
- raw:
@ -44,3 +52,5 @@ requests:
words:
- login-token
- crx.default
# Enhanced by mp on 2022/03/23

8
exposed-panels/ansible-semaphore-panel.yaml
View File

@ -3,6 +3,7 @@ id: ansible-semaphore-panel
info:
name: Ansible Semaphore Panel Detect
author: Yuzhe-zhang-0
description: An Ansible Semaphore login panel was detected.
severity: info
reference:
- https://ansible-semaphore.com/
@ -10,6 +11,11 @@ info:
metadata:
shodan-query: http.html:"Semaphore</title>"
tags: panel,ansible,semaphore,cicd,oss
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cve-id:
cwe-id: CWE-200
requests:
- method: GET
@ -25,3 +31,5 @@ requests:
- type: regex
regex:
- '<title(.*)>Semaphore</title>'
# Enhanced by mp on 2022/03/23

12
exposed-panels/aviatrix-panel.yaml
View File

@ -1,12 +1,20 @@
id: aviatrix-panel
info:
name: Aviatrix Panel Login
name: Aviatrix Cloud Controller Panel Login
author: pikpikcu,philippedelteil,daffainfo
severity: info
description: An Aviatrix Cloud Controller login panel was detected.
reference:
- https://docs.aviatrix.com/HowTos/controller_config.html
metadata:
shodan-query: http.title:"Aviatrix Cloud Controller"
tags: panel,aviatrix
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cve-id:
cwe-id: CWE-200
requests:
- method: GET
@ -29,3 +37,5 @@ requests:
name: "favicon"
dsl:
- "status_code==200 && (\"7c1c26856345cd7edbf250ead0dc9332\" == md5(body))"
# Enhanced by mp on 2022/03/23

11
exposed-panels/bigbluebutton-login.yaml
View File

@ -3,9 +3,16 @@ id: bigbluebutton-login
info:
name: BigBlueButton Login Panel
author: myztique
description: A BigBlueButton login panel was detected.
severity: info
reference: https://github.com/bigbluebutton/greenlight
reference:
- https://github.com/bigbluebutton/greenlight
tags: panel,bigbluebutton
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cve-id:
cwe-id: CWE-200
requests:
- method: GET
@ -26,3 +33,5 @@ requests:
group: 1
regex:
- 'Greenlight<\/a>\. (.*)'
# Enhanced by mp on 2022/03/23

14
exposed-panels/blue-iris-login.yaml
View File

@ -4,8 +4,16 @@ info:
name: Blue Iris Login
author: dhiyaneshDK
severity: info
reference: https://www.exploit-db.com/ghdb/6814
tags: panel
description: A Blue Iris login panel was detected.
reference:
- https://www.exploit-db.com/ghdb/6814
- https://blueirissoftware.com/
tags: panel,blue-iris
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cve-id:
cwe-id: CWE-200
requests:
- method: GET
@ -20,3 +28,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/03/23

72
exposed-panels/epson-access-detect.yaml
View File

@ -1,32 +1,40 @@
id: epson-access-detect
info:
name: Epson Printer Unauthorized Access Detect
author: pussycat0x
severity: medium
reference: https://www.exploit-db.com/ghdb/6922
tags: iot,printer,panel,unauth,epson
requests:
- method: GET
path:
- "{{BaseURL}}/PRESENTATION/EPSONCONNECT"
matchers-condition: and
matchers:
- type: word
words:
- "Epson Connect"
- "/IMAGE/EPSONLOGO.PNG"
condition: and
- type: status
status:
- 200
extractors:
- type: regex
part: body
group: 1
regex:
- "<title>([A-Z-0-9]+) Series</title>"
id: epson-access-detect
info:
name: Epson Device Unauthorized Access Detect
author: pussycat0x
severity: medium
description: A publicly available Epson device panel (printer, scanner, etc.) was detected.
reference: https://www.exploit-db.com/ghdb/6922
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
cvss-score: 5.8
cve-id:
cwe-id: CWE-522
tags: iot,printer,panel,unauth,epson
requests:
- method: GET
path:
- "{{BaseURL}}/PRESENTATION/EPSONCONNECT"
matchers-condition: and
matchers:
- type: word
words:
- "Epson Connect"
- "/IMAGE/EPSONLOGO.PNG"
condition: and
- type: status
status:
- 200
extractors:
- type: regex
part: body
group: 1
regex:
- "<title>([A-Z-0-9]+) Series</title>"
# Enhanced by mp on 2022/03/24

59
exposed-panels/epson-web-control-detect.yaml
View File

@ -1,25 +1,34 @@
id: epson-web-control-detect
info:
name: Epson Printer
author: pussycat0x
severity: info
reference: https://www.exploit-db.com/ghdb/6873
tags: iot,printer,panel,unauth,epson
requests:
- method: GET
path:
- "{{BaseURL}}/cgi-bin/home"
matchers-condition: and
matchers:
- type: word
words:
- "Epson Web Control"
- "Basic Control"
- "Advanced"
condition: and
- type: status
status:
- 200
id: epson-web-control-detect
info:
name: Epson Printer
author: pussycat0x
severity: info
description: An Epson printer web panel was discovered.
reference: https://www.exploit-db.com/ghdb/6873
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cve-id:
cwe-id: CWE-200
tags: iot,printer,panel,unauth,epson
requests:
- method: GET
path:
- "{{BaseURL}}/cgi-bin/home"
matchers-condition: and
matchers:
- type: word
words:
- "Epson Web Control"
- "Basic Control"
- "Advanced"
condition: and
- type: status
status:
- 200
# Enhanced by mp on 2022/03/24

12
technologies/teradici-pcoip.yaml
View File

@ -4,6 +4,14 @@ info:
name: Teradici PCoIP Detection
author: pdteam
severity: info
description: Teradici PColP was detected.
reference:
- https://www.teradici.com/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cve-id:
cwe-id: CWE-200
tags: tech,pcoip
requests:
@ -20,4 +28,6 @@ requests:
- type: regex
group: 1
regex:
- 'PCoIP Connection Manager\/([0-9.]+)\.'
- 'PCoIP Connection Manager\/([0-9.]+)\.'
# Enhanced by mp on 2022/03/24

14
vulnerabilities/other/unauth-hoteldruid-panel.yaml
View File

@ -1,10 +1,18 @@
id: unauth-hoteldruid-panel
info:
name: Unauthenticated Hoteldruid Panel
name: Hoteldruid Management Panel Access
author: princechaddha
severity: high
description: A vulnerability in Hoteldruid Panel allows remote unauthenticated users access to the management portal without authentication.
reference: https://www.hoteldruid.com/
reference:
- https://github.com/nomi-sec/PoC-in-GitHub/blob/master/2021/CVE-2021-42949.json
- https://www.hoteldruid.com/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
cvss-score: 8.3
cve-id:
cwe-id: CWE-522
tags: hoteldruid,panel,unauth
requests:
@ -26,3 +34,5 @@ requests:
- "<b>INSERT:</b>"
- "<b>TABLES:</b>"
condition: and
# Enhanced by mp on 2022/03/24