Merge pull request #2893 from nrathaus/master

Missing description

cves/2021/CVE-2021-41291.yaml

@@ -1,12 +1,19 @@
-id: ecoa-building-lfi
+id: CVE-2021-41291
 
 info:
   name: ECOA Building Automation System - Directory Traversal Content Disclosure
   author: gy741
   severity: high
   description: The BAS controller suffers from a directory traversal content disclosure vulnerability. Using the GET parameter cpath in File Manager (fmangersub), attackers can disclose directory content on the affected device
-  reference: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5670.php
-  tags: ecoa,lfi
+  reference:
+    - https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5670.php
+    - https://www.twcert.org.tw/en/cp-139-5140-6343c-2.html
+  tags: cve,cve2021,ecoa,lfi
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+    cvss-score: 7.50
+    cve-id: CVE-2021-41291
+    cwe-id: CWE-22
 
 requests:
   - raw:
@@ -18,4 +25,3 @@ requests:
       - type: regex
         regex:
           - "root:.*:0:0:"
-        part: body

cves/2021/CVE-2021-41293.yaml

@@ -0,0 +1,35 @@
+id: CVE-2021-41293
+
+info:
+  name: ECOA Building Automation System - LFD
+  author: 0x_Akoko
+  severity: high
+  description: The BAS controller suffers from an arbitrary file disclosure vulnerability. Using the 'fname' POST parameter in viewlog.jsp, attackers can disclose arbitrary files on the affected device and disclose sensitive and system information.
+  reference:
+    - https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5679.php
+    - https://www.twcert.org.tw/tw/cp-132-5129-7e623-1.html
+  tags: cve,cve2021,ecoa,lfi
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+    cvss-score: 7.50
+    cve-id: CVE-2021-41293
+    cwe-id: CWE-22
+
+requests:
+  - raw:
+      - |
+        POST /viewlog.jsp HTTP/1.1
+        Host: {{Hostname}}
+
+        yr=2021&mh=6&fname=../../../../../../../../etc/passwd
+
+    matchers-condition: and
+    matchers:
+
+      - type: regex
+        regex:
+          - "root:.*:0:0"
+
+      - type: status
+        status:
+          - 200

vulnerabilities/other/bitrix-open-redirect.yaml

@@ -4,12 +4,12 @@ info:
   name: Bitrix Open URL redirect detection
   author: pikpikcu
   severity: low
+  description: The Bitrix Russia Site Management 2.0 accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect.
   reference: https://packetstormsecurity.com/files/151955/1C-Bitrix-Site-Management-Russia-2.0-Open-Redirection.html
   tags: redirect,bitrix
 
 requests:
   - method: GET
-
     path:
       - '{{BaseURL}}/bitrix/rk.php?goto=https://example.com'
       - '{{BaseURL}}/bitrix/redirect.php?event1=&event2=&event3=&goto=https://example.com'
@@ -33,7 +33,7 @@ requests:
         part: header
 
       - type: status
+        condition: or
         status:
           - 302
           - 301
-        condition: or

vulnerabilities/other/commax-biometric-auth-bypass.yaml

@@ -4,7 +4,7 @@ info:
   name: COMMAX Biometric Access Control System 1.0.0 - Authentication Bypass
   author: gy741
   severity: critical
-  description: The application suffers from an authentication bypass vulnerability. An unauthenticated attacker through cookie poisoning can bypass authentication and disclose sensitive information and circumvent physical controls in smart homes and buildings.
+  description: The COMMAX Biometric Access Control System suffers from an authentication bypass vulnerability. An unauthenticated attacker through cookie poisoning can bypass authentication and disclose sensitive information and circumvent physical controls in smart homes and buildings.
   reference:
     - https://www.exploit-db.com/exploits/50206
     - https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5661.php

vulnerabilities/other/dedecms-carbuyaction-fileinclude.yaml

@@ -4,6 +4,7 @@ info:
   name: DedeCmsV5.6 Carbuyaction Fileinclude
   author: pikpikcu
   severity: high
+  description: A vulnerability in DedeCMS's 'carbuyaction.php' endpoint allows remote attackers to return the content of locally stored files via a vulnerability in the 'code' parameter.
   reference: https://www.cnblogs.com/milantgh/p/3615986.html
   tags: dedecms
 

vulnerabilities/other/dedecms-membergroup-sqli.yaml

@@ -4,6 +4,7 @@ info:
   name: DedeCMS Membergroup SQLI
   author: pikpikcu
   severity: medium
+  description: A vulnerability in the DedeCMS product allows remote unauthenticated users to inject arbitrary SQL statements via the 'ajax_membergroup.php' endpoint and the 'membergroup' parameter.
   reference: http://www.dedeyuan.com/xueyuan/wenti/1244.html
   tags: sqli,dedecms
 

vulnerabilities/other/ecoa-building-automation-lfd.yaml

@@ -1,27 +0,0 @@
-id: ecoa-building-automation-lfd
-info:
-  name: ECOA Building Automation System - LFD
-  author: 0x_Akoko
-  severity: high
-  reference: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5679.php
-  tags: ecoa,lfi
-
-requests:
-  - raw:
-      - |
-        POST /viewlog.jsp HTTP/1.1
-        Host: {{Hostname}}
-
-        yr=2021&mh=6&fname=../../../../../../../../etc/passwd
-
-    matchers-condition: and
-    matchers:
-
-      - type: regex
-        regex:
-          - "root:.*:0:0"
-        condition: and
-
-      - type: status
-        status:
-          - 200

vulnerabilities/other/fatpipe-backdoor.yaml

@@ -4,7 +4,7 @@ info:
   name: FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Hidden Backdoor Account
   author: gy741
   severity: high
-  description: The application has a hidden administrative account cmuser that has no password and has write access permissions to the device. The user cmuser is not visible in Users menu list of the application.
+  description: FatPipe Networks has a hidden administrative account cmuser that has no password and has write access permissions to the device. The user cmuser is not visible in Users menu list of the application.
   reference:
     - https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5684.php
     - https://www.fatpipeinc.com/support/advisories.php

vulnerabilities/other/geovision-geowebserver-lfi.yaml

@@ -4,7 +4,8 @@ info:
   name: GeoVision Geowebserver 5.3.3 - LFI
   author: madrobot
   severity: high
-  reference: https://www.exploit-db.com/exploits/50211
+  description: A vulnerability in GeoVision Geowebserver allows remote unauthenticated attackers to disclose the content of locally stored files.
+  reference: https://packetstormsecurity.com/files/163860/geovisiongws533-lfixssxsrfexec.txt
   tags: geowebserver,lfi
 
 requests:

vulnerabilities/other/geovision-geowebserver-xss.yaml

@@ -4,7 +4,8 @@ info:
   name: GeoVision Geowebserver 5.3.3 - XSS
   author: madrobot
   severity: medium
-  reference: https://www.exploit-db.com/exploits/50211
+  description: GEOVISION GEOWEBSERVER =< 5.3.3 are vulnerable to several XSS / HTML Injection / Local File Include / XML Injection / Code execution vectors. The application fails to properly sanitize user requests.
+  reference: https://packetstormsecurity.com/files/163860/geovisiongws533-lfixssxsrfexec.txt
   tags: geowebserver,xss
 
 requests:

vulnerabilities/other/h3c-imc-rce.yaml

@@ -1,9 +1,10 @@
 id: h3c-imc-rce
 
 info:
-  name: H3c IMC Rce
+  name: H3c IMC RCE
   author: pikpikcu
   severity: critical
+  description: A vulnerability in H3C IMC allows remote unauthenticated attackers to cause the remote web application to execute arbitrary commands via the 'dynamiccontent.properties.xhtml' endpoint
   reference: https://mp.weixin.qq.com/s/BP9_H3lpluqIwL5OMIJlIw
   tags: rce,h3c-imc
 

vulnerabilities/other/hasura-graphql-psql-exec.yaml

@@ -4,6 +4,7 @@ info:
   author: Udyz
   name: Hasura GraphQL Engine - postgresql query exec
   severity: critical
+  description: A vulnerability in Hasura GraphQL Engine allows remote unauthenticated users to execute arbitrary SQL statements via the '/v2/query' endpoint.
   reference: https://www.exploit-db.com/exploits/49802
   tags: hasura,rce
 

vulnerabilities/other/hiboss-rce.yaml

@@ -4,6 +4,7 @@ info:
   name: Hiboss RCE
   author: pikpikcu
   severity: critical
+  description: A vulnerability in HiBoss allows remote unauthenticated attackers to cause the server to execute arbitrary code via the 'server_ping.php' endpoint and the 'ip' parameter.
   reference: http://wiki.xypbk.com/Web%E5%AE%89%E5%85%A8/%E5%AE%89%E7%BE%8E%E6%95%B0%E5%AD%97/%E5%AE%89%E7%BE%8E%E6%95%B0%E5%AD%97%20%E9%85%92%E5%BA%97%E5%AE%BD%E5%B8%A6%E8%BF%90%E8%90%A5%E7%B3%BB%E7%BB%9F%20server_ping.php%20%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E.md?btwaf=40088994
   tags: hiboss,rce
 

vulnerabilities/other/karel-ip-phone-lfi.yaml

@@ -4,6 +4,7 @@ info:
   name: Karel IP Phone IP1211 Web Management Panel - Directory Traversal
   author: 0x_Akoko
   severity: high
+  description: A vulnerability in the Karel IP Phone IP1211 Web Management Panel allows remote attackers to access arbitrary files stored on the remote device via the 'cgiServer.exx' endpoint and the 'page' parameter.
   reference:
     - https://cxsecurity.com/issue/WLB-2020100038
     - https://www.karel.com.tr/urun-cozum/ip1211-ip-telefon

vulnerabilities/wordpress/attitude-theme-open-redirect.yaml

@@ -4,6 +4,7 @@ info:
   name: WordPress Attitude Themes 1.1.1 Open Redirection
   author: 0x_Akoko
   severity: low
+  description: A vulnerability in WordPress Attitude Themes allows remote attackers to inject an arbitrary URL into the 'goto.php' endpoint which will redirect the victim to it.
   reference: https://cxsecurity.com/issue/WLB-2020030185
   tags: wordpress,wp-theme,redirect
 

vulnerabilities/wordpress/brandfolder-lfi.yaml

@@ -4,6 +4,7 @@ info:
   name: Wordpress brandfolder plugin - RFI & LFI
   author: 0x_Akoko
   severity: high
+  description: A vulnerability in WordPress Brandfolder allows remote attackers to access arbitrary files that reside on the local and remote server and disclose their content.
   reference:
     - https://www.exploit-db.com/exploits/39591
     - https://cxsecurity.com/issue/WLB-2016030120

vulnerabilities/wordpress/brandfolder-open-redirect.yaml

@@ -1,9 +1,10 @@
 id: brandfolder-open-redirect
 
 info:
-  name: Wordpress brandfolder plugin Open Redirect
+  name: WordPress Brandfolder Plugin Open Redirect
   author: 0x_Akoko
   severity: low
+  description: A vulnerability in WordPress Brandfolder allows remote attackers to inject an arbitrary URL into the 'callback.php' endpoint via the 'wp_abspath' parameter which will redirect the victim to it.
   reference: https://www.exploit-db.com/exploits/39591
   tags: wordpress,wp-plugin,lfi,rfi
 

vulnerabilities/wordpress/issuu-panel-lfi.yaml

@@ -4,6 +4,7 @@ info:
   name: Wordpress Plugin Issuu Panel - RFI & LFI
   author: 0x_Akoko
   severity: high
+  description: The WordPress Issuu Plugin includes an arbitrary file disclosure vulnerability that allows unauthenticated attackers to disclose the content of local and remote files.
   reference: https://cxsecurity.com/issue/WLB-2016030131
   tags: wp-plugin,wordpress,lfi,rfi