diff --git a/cves/2015/CVE-2015-3306.yaml b/cves/2015/CVE-2015-3306.yaml index 3218bf50c6..3b9592c8fb 100644 --- a/cves/2015/CVE-2015-3306.yaml +++ b/cves/2015/CVE-2015-3306.yaml @@ -2,7 +2,7 @@ id: CVE-2015-3306 info: name: ProFTPd RCE - author: pd-team + author: pdteam severity: high reference: https://github.com/t0kx/exploit-CVE-2015-3306 description: The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands. diff --git a/cves/2017/CVE-2017-9506.yaml b/cves/2017/CVE-2017-9506.yaml index c448f43761..9b4bbaa8b2 100644 --- a/cves/2017/CVE-2017-9506.yaml +++ b/cves/2017/CVE-2017-9506.yaml @@ -2,7 +2,7 @@ id: CVE-2017-9506 info: name: Jira IconURIServlet SSRF - author: pd-team + author: pdteam severity: high description: The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF). tags: cve,cve2017,atlassian,jira,ssrf diff --git a/cves/2018/CVE-2018-7251.yaml b/cves/2018/CVE-2018-7251.yaml index 2dea00643f..f9994ccfb5 100644 --- a/cves/2018/CVE-2018-7251.yaml +++ b/cves/2018/CVE-2018-7251.yaml @@ -2,7 +2,7 @@ id: CVE-2018-7251 info: name: AnchorCMS Error Log Exposure - author: pd-team + author: pdteam severity: medium tags: cve,cve2018,anchorcms,logs diff --git a/cves/2018/CVE-2018-8006.yaml b/cves/2018/CVE-2018-8006.yaml index 112045fbb1..e49839a2e0 100644 --- a/cves/2018/CVE-2018-8006.yaml +++ b/cves/2018/CVE-2018-8006.yaml @@ -2,7 +2,7 @@ id: CVE-2018-8006 info: name: Apache ActiveMQ XSS - author: pd-team + author: pdteam severity: medium tags: cve,cve2018,apache,activemq,xss diff --git a/cves/2019/CVE-2019-10092.yaml b/cves/2019/CVE-2019-10092.yaml index b2bea3cd94..50919f7ab1 100644 --- a/cves/2019/CVE-2019-10092.yaml +++ b/cves/2019/CVE-2019-10092.yaml @@ -2,7 +2,7 @@ id: CVE-2019-10092 info: name: Apache mod_proxy HTML Injection / Partial XSS - author: pd-team + author: pdteam severity: medium description: In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed. reference: | diff --git a/cves/2019/CVE-2019-14223.yaml b/cves/2019/CVE-2019-14223.yaml index 19209d3b4c..a18f760750 100644 --- a/cves/2019/CVE-2019-14223.yaml +++ b/cves/2019/CVE-2019-14223.yaml @@ -2,7 +2,7 @@ id: CVE-2019-14223 info: name: Alfresco Share Open Redirect - author: pd-team + author: pdteam severity: low description: An issue was discovered in Alfresco Community Edition versions below 5.2.6, 6.0.N and 6.1.N. The Alfresco Share application is vulnerable to an Open Redirect attack via a crafted POST request. By manipulating the POST parameters, an attacker can redirect a victim to a malicious website over any protocol the attacker desires (e.g.,http, https, ftp, smb, etc.). reference: | diff --git a/cves/2019/CVE-2019-7219.yaml b/cves/2019/CVE-2019-7219.yaml index e9dd5e8da0..4412e644c6 100644 --- a/cves/2019/CVE-2019-7219.yaml +++ b/cves/2019/CVE-2019-7219.yaml @@ -2,7 +2,7 @@ id: CVE-2019-7219 info: name: Zarafa WebApp Reflected XSS - author: pd-team + author: pdteam severity: low description: | Unauthenticated reflected cross-site scripting (XSS) exists in Zarafa Webapp 2.0.1.47791 and earlier. NOTE: this is a discontinued product. The issue was fixed in later Zarafa Webapp versions; however, some former Zarafa Webapp customers use the related Kopano product instead. diff --git a/cves/2019/CVE-2019-9955.yaml b/cves/2019/CVE-2019-9955.yaml index f2b9534531..343916a8fc 100644 --- a/cves/2019/CVE-2019-9955.yaml +++ b/cves/2019/CVE-2019-9955.yaml @@ -2,7 +2,7 @@ id: CVE-2019-9955 info: name: CVE-2019-9955 Zyxel XSS - author: pd-team + author: pdteam severity: low tags: cve,cve2019,xss description: On Zyxel ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, USG2200-VPN, ZyWALL 110, ZyWALL 310, ZyWALL 1100 devices, the security firewall login page is vulnerable to Reflected XSS via the unsanitized 'mp_idx' parameter. diff --git a/cves/2020/CVE-2020-17518.yaml b/cves/2020/CVE-2020-17518.yaml index b219a24a35..c0d3c87ab1 100644 --- a/cves/2020/CVE-2020-17518.yaml +++ b/cves/2020/CVE-2020-17518.yaml @@ -2,7 +2,7 @@ id: CVE-2020-17518 info: name: Apache Flink Upload Path Traversal - author: pd-team + author: pdteam severity: critical reference: https://github.com/vulhub/vulhub/tree/master/flink/CVE-2020-17518 description: | diff --git a/cves/2020/CVE-2020-17519.yaml b/cves/2020/CVE-2020-17519.yaml index fa6e164caf..3a20497453 100644 --- a/cves/2020/CVE-2020-17519.yaml +++ b/cves/2020/CVE-2020-17519.yaml @@ -2,7 +2,7 @@ id: CVE-2020-17519 info: name: Apache Flink directory traversal - author: pd-team + author: pdteam severity: high description: A change introduced in Apache Flink 1.11.0 (and released in 1.11.1 and 1.11.2 as well) allows attackers to read any file on the local filesystem of the JobManager through the REST interface of the JobManager process. reference: https://github.com/B1anda0/CVE-2020-17519 diff --git a/cves/2020/CVE-2020-1943.yaml b/cves/2020/CVE-2020-1943.yaml index 37bdd57da3..021fb3e887 100644 --- a/cves/2020/CVE-2020-1943.yaml +++ b/cves/2020/CVE-2020-1943.yaml @@ -2,7 +2,7 @@ id: CVE-2020-1943 info: name: Apache OFBiz Reflected XSS - author: pd-team + author: pdteam description: Data sent with contentId to /control/stream is not sanitized, allowing XSS attacks in Apache OFBiz 16.11.01 to 16.11.07. severity: medium tags: cve,cve2020,apache,xss diff --git a/default-logins/activemq/activemq-default-login.yaml b/default-logins/activemq/activemq-default-login.yaml index 57c4cf1819..e733865974 100644 --- a/default-logins/activemq/activemq-default-login.yaml +++ b/default-logins/activemq/activemq-default-login.yaml @@ -2,7 +2,7 @@ id: activemq-default-login info: name: Apache ActiveMQ Default Credentials - author: pd-team + author: pdteam severity: medium tags: apache,activemq,dlogin diff --git a/default-logins/ambari/ambari-default-credentials.yaml b/default-logins/ambari/ambari-default-credentials.yaml index e3f68b2f1c..6a450eea1b 100644 --- a/default-logins/ambari/ambari-default-credentials.yaml +++ b/default-logins/ambari/ambari-default-credentials.yaml @@ -2,7 +2,7 @@ id: ambari-default-credentials info: name: Apache Ambari Default Credentials - author: pd-team + author: pdteam severity: medium tags: ambari,dlogin diff --git a/default-logins/ofbiz/ofbiz-default-credentials.yaml b/default-logins/ofbiz/ofbiz-default-credentials.yaml index 5d7ebfe61b..4d0c7e54b4 100644 --- a/default-logins/ofbiz/ofbiz-default-credentials.yaml +++ b/default-logins/ofbiz/ofbiz-default-credentials.yaml @@ -2,7 +2,7 @@ id: ofbiz-default-credentials info: name: Apache OfBiz Default Credentials - author: pd-team + author: pdteam severity: medium tags: ofbiz,dlogin diff --git a/default-logins/zabbix/zabbix-default-credentials.yaml b/default-logins/zabbix/zabbix-default-credentials.yaml index 1f49eb7496..d79ff01e6c 100644 --- a/default-logins/zabbix/zabbix-default-credentials.yaml +++ b/default-logins/zabbix/zabbix-default-credentials.yaml @@ -2,7 +2,7 @@ id: zabbix-default-credentials info: name: Zabbix Default Credentials - author: pd-team + author: pdteam severity: critical tags: zabbix,dlogin diff --git a/dns/cname-service-detector.yaml b/dns/cname-service-detector.yaml index 60874e5f04..fe586cd0ce 100644 --- a/dns/cname-service-detector.yaml +++ b/dns/cname-service-detector.yaml @@ -2,7 +2,7 @@ id: cname-service-detector info: name: 3rd party service checker - author: pd-team + author: pdteam severity: info tags: dns diff --git a/dns/servfail-refused-hosts.yaml b/dns/servfail-refused-hosts.yaml index d6148de6d9..99fabbc4f5 100644 --- a/dns/servfail-refused-hosts.yaml +++ b/dns/servfail-refused-hosts.yaml @@ -2,7 +2,7 @@ id: servfail-refused-hosts info: name: Servfail Host Finder - author: pd-team + author: pdteam severity: info tags: dns diff --git a/exposed-panels/active-admin-exposure.yaml b/exposed-panels/active-admin-exposure.yaml index 5584c76461..cac175f040 100644 --- a/exposed-panels/active-admin-exposure.yaml +++ b/exposed-panels/active-admin-exposure.yaml @@ -2,7 +2,7 @@ id: active-admin-exposure info: name: ActiveAdmin Admin Dasboard Exposure - author: pd-team + author: pdteam severity: info requests: diff --git a/exposed-panels/activemq-panel.yaml b/exposed-panels/activemq-panel.yaml index 8d5ad08cb3..b7e3ee94bf 100644 --- a/exposed-panels/activemq-panel.yaml +++ b/exposed-panels/activemq-panel.yaml @@ -2,7 +2,7 @@ id: activemq-panel info: name: Apache ActiveMQ Exposure - author: pd-team + author: pdteam severity: info requests: diff --git a/exposed-panels/airflow-exposure.yaml b/exposed-panels/airflow-exposure.yaml index 33d01d09c8..8a2292d662 100644 --- a/exposed-panels/airflow-exposure.yaml +++ b/exposed-panels/airflow-exposure.yaml @@ -2,7 +2,7 @@ id: airflow-exposure info: name: Apache Airflow Exposure / Unauthenticated Access - author: pd-team + author: pdteam severity: medium requests: diff --git a/exposed-panels/ambari-exposure.yaml b/exposed-panels/ambari-exposure.yaml index a55efd2371..e0f9747126 100644 --- a/exposed-panels/ambari-exposure.yaml +++ b/exposed-panels/ambari-exposure.yaml @@ -2,7 +2,7 @@ id: ambari-exposure info: name: Apache Ambari Exposure / Unauthenticated Access - author: pd-team + author: pdteam severity: medium requests: diff --git a/exposed-panels/ansible-tower-exposure.yaml b/exposed-panels/ansible-tower-exposure.yaml index b5e5ab05fb..c1ea658b24 100644 --- a/exposed-panels/ansible-tower-exposure.yaml +++ b/exposed-panels/ansible-tower-exposure.yaml @@ -2,7 +2,7 @@ id: ansible-tower-exposure info: name: Ansible Tower Exposure - author: pd-team + author: pdteam severity: low requests: diff --git a/exposed-panels/citrix-vpn-detect.yaml b/exposed-panels/citrix-vpn-detect.yaml index 7ce6621e15..d8ed3de3dc 100644 --- a/exposed-panels/citrix-vpn-detect.yaml +++ b/exposed-panels/citrix-vpn-detect.yaml @@ -2,7 +2,7 @@ id: citrix-vpn-detect info: name: Citrix VPN Detection - author: pd-team + author: pdteam severity: info requests: diff --git a/exposed-panels/couchdb-fauxton.yaml b/exposed-panels/couchdb-fauxton.yaml index 7afd969b7f..9e9694ab06 100644 --- a/exposed-panels/couchdb-fauxton.yaml +++ b/exposed-panels/couchdb-fauxton.yaml @@ -2,7 +2,7 @@ id: couchdb-fauxton info: name: Apache CouchDB Fauxton Exposure - author: pd-team + author: pdteam severity: low requests: diff --git a/exposed-panels/django-admin-panel.yaml b/exposed-panels/django-admin-panel.yaml index 17d2cbf5b8..583cb0abfc 100644 --- a/exposed-panels/django-admin-panel.yaml +++ b/exposed-panels/django-admin-panel.yaml @@ -2,7 +2,7 @@ id: django-admin-panel info: name: Python Django Admin Panel - author: pd-team + author: pdteam severity: low requests: diff --git a/exposed-panels/druid-console-exposure.yaml b/exposed-panels/druid-console-exposure.yaml index 218b432e50..785be117bd 100644 --- a/exposed-panels/druid-console-exposure.yaml +++ b/exposed-panels/druid-console-exposure.yaml @@ -2,7 +2,7 @@ id: druid-console-exposure info: name: Alibaba Druid Console Exposure - author: pd-team + author: pdteam severity: medium requests: diff --git a/exposed-panels/exposed-pagespeed-global-admin.yaml b/exposed-panels/exposed-pagespeed-global-admin.yaml index 827b030430..07da9c5477 100644 --- a/exposed-panels/exposed-pagespeed-global-admin.yaml +++ b/exposed-panels/exposed-pagespeed-global-admin.yaml @@ -2,7 +2,7 @@ id: exposed-pagespeed-global-admin info: name: Apache PageSpeed Global Admin Dashboard Exposure - author: pd-team + author: pdteam severity: medium requests: diff --git a/exposed-panels/exposed-webalizer.yaml b/exposed-panels/exposed-webalizer.yaml index e7cbd72b58..3f39a7874f 100644 --- a/exposed-panels/exposed-webalizer.yaml +++ b/exposed-panels/exposed-webalizer.yaml @@ -2,7 +2,7 @@ id: exposed-webalizer info: name: Publicly exposed Webalizer Interface - author: pd-team + author: pdteam severity: low requests: diff --git a/exposed-panels/flink-exposure.yaml b/exposed-panels/flink-exposure.yaml index e2a4c4cb21..f2814aa802 100644 --- a/exposed-panels/flink-exposure.yaml +++ b/exposed-panels/flink-exposure.yaml @@ -2,7 +2,7 @@ id: flink-exposure info: name: Apache Flink Exposure - author: pd-team + author: pdteam severity: low requests: diff --git a/exposed-panels/hadoop-exposure.yaml b/exposed-panels/hadoop-exposure.yaml index 83df2717f3..470ebed082 100644 --- a/exposed-panels/hadoop-exposure.yaml +++ b/exposed-panels/hadoop-exposure.yaml @@ -2,7 +2,7 @@ id: hadoop-exposure info: name: Apache Hadoop Exposure - author: pd-team + author: pdteam severity: low requests: diff --git a/exposed-panels/kafka-connect-ui.yaml b/exposed-panels/kafka-connect-ui.yaml index a3a54516fa..6c2872e0f1 100644 --- a/exposed-panels/kafka-connect-ui.yaml +++ b/exposed-panels/kafka-connect-ui.yaml @@ -2,7 +2,7 @@ id: kafka-connect-ui info: name: Apache Kafka Connect UI Exposure - author: pd-team + author: pdteam severity: low requests: diff --git a/exposed-panels/kafka-monitoring.yaml b/exposed-panels/kafka-monitoring.yaml index 3468f21397..22693d1761 100644 --- a/exposed-panels/kafka-monitoring.yaml +++ b/exposed-panels/kafka-monitoring.yaml @@ -2,7 +2,7 @@ id: kafka-monitoring info: name: Apache Kafka Monitor Exposure - author: pd-team + author: pdteam severity: low requests: diff --git a/exposed-panels/kafka-topics-ui.yaml b/exposed-panels/kafka-topics-ui.yaml index d54d091f33..4af694953e 100644 --- a/exposed-panels/kafka-topics-ui.yaml +++ b/exposed-panels/kafka-topics-ui.yaml @@ -2,7 +2,7 @@ id: kafka-topics-ui info: name: Apache Kafka Topics UI Exposure - author: pd-team + author: pdteam severity: low requests: diff --git a/exposed-panels/kubernetes-dashboard.yaml b/exposed-panels/kubernetes-dashboard.yaml index 1aa0892365..a688a8d498 100644 --- a/exposed-panels/kubernetes-dashboard.yaml +++ b/exposed-panels/kubernetes-dashboard.yaml @@ -2,7 +2,7 @@ id: kubernetes-dashboard info: name: Kubernetes Console Exposure - author: pd-team + author: pdteam severity: low requests: diff --git a/exposed-panels/parallels-html-client.yaml b/exposed-panels/parallels-html-client.yaml index 4602cc5ce4..a27145fc6b 100644 --- a/exposed-panels/parallels-html-client.yaml +++ b/exposed-panels/parallels-html-client.yaml @@ -2,7 +2,7 @@ id: parallels-html-client info: name: Parallels HTML5 Client - author: pd-team + author: pdteam severity: info requests: diff --git a/exposed-panels/phpmyadmin-panel.yaml b/exposed-panels/phpmyadmin-panel.yaml index f8ce001dc1..0263c0e1ec 100644 --- a/exposed-panels/phpmyadmin-panel.yaml +++ b/exposed-panels/phpmyadmin-panel.yaml @@ -2,7 +2,7 @@ id: phpmyadmin-panel info: name: phpMyAdmin Panel - author: pd-team + author: pdteam severity: info requests: diff --git a/exposed-panels/rocketmq-console-exposure.yaml b/exposed-panels/rocketmq-console-exposure.yaml index 896022430f..913802330b 100644 --- a/exposed-panels/rocketmq-console-exposure.yaml +++ b/exposed-panels/rocketmq-console-exposure.yaml @@ -2,7 +2,7 @@ id: rocketmq-console-exposure info: name: Apache RocketMQ Console Exposure - author: pd-team + author: pdteam severity: medium requests: diff --git a/exposed-panels/selenoid-ui-exposure.yaml b/exposed-panels/selenoid-ui-exposure.yaml index 69752f1412..7b3aed102b 100644 --- a/exposed-panels/selenoid-ui-exposure.yaml +++ b/exposed-panels/selenoid-ui-exposure.yaml @@ -2,7 +2,7 @@ id: selenoid-ui-exposure info: name: Selenoid UI Dashboard Exposure - author: pd-team + author: pdteam severity: medium requests: diff --git a/exposed-panels/setup-page-exposure.yaml b/exposed-panels/setup-page-exposure.yaml index 8263823b24..0269b6d074 100644 --- a/exposed-panels/setup-page-exposure.yaml +++ b/exposed-panels/setup-page-exposure.yaml @@ -2,7 +2,7 @@ id: setup-page-exposure info: name: Zenphoto Setup Page Exposure - author: pd-team + author: pdteam severity: medium description: Misconfiguration on Zenphoto version < 1.5.X which lead to sensitive information disclosure diff --git a/exposed-panels/solr-exposure.yaml b/exposed-panels/solr-exposure.yaml index eeb98e2544..22785ac640 100644 --- a/exposed-panels/solr-exposure.yaml +++ b/exposed-panels/solr-exposure.yaml @@ -2,7 +2,7 @@ id: solr-exposure info: name: Apache Solr Exposure - author: pd-team + author: pdteam severity: medium requests: diff --git a/exposed-panels/yarn-manager-exposure.yaml b/exposed-panels/yarn-manager-exposure.yaml index dfa85796e6..fea9eca13a 100644 --- a/exposed-panels/yarn-manager-exposure.yaml +++ b/exposed-panels/yarn-manager-exposure.yaml @@ -2,7 +2,7 @@ id: yarn-manager-exposure info: name: Apache Yarn ResourceManager Exposure / Unauthenticated Access - author: pd-team + author: pdteam severity: low requests: diff --git a/exposed-panels/zipkin-exposure.yaml b/exposed-panels/zipkin-exposure.yaml index 2ab6e07ca9..36c4f95cd6 100644 --- a/exposed-panels/zipkin-exposure.yaml +++ b/exposed-panels/zipkin-exposure.yaml @@ -2,7 +2,7 @@ id: zipkin-exposure info: name: Zipkin Exposure - author: pd-team + author: pdteam severity: low requests: diff --git a/exposures/apis/openapi.yaml b/exposures/apis/openapi.yaml index 6f3d7c7c13..3b4952d152 100644 --- a/exposures/apis/openapi.yaml +++ b/exposures/apis/openapi.yaml @@ -4,7 +4,7 @@ info: name: OpenAPI author: pdteam severity: info - tags: exposures,api + tags: exposure,api requests: - method: GET diff --git a/exposures/apis/swagger-api.yaml b/exposures/apis/swagger-api.yaml index a36dc13f24..21a008ec6c 100644 --- a/exposures/apis/swagger-api.yaml +++ b/exposures/apis/swagger-api.yaml @@ -4,7 +4,7 @@ info: name: Public Swagger API author: pdteam severity: info - tags: exposures,api,swagger + tags: exposure,api,swagger requests: - method: GET diff --git a/exposures/apis/wadl-api.yaml b/exposures/apis/wadl-api.yaml index 6a2a063e35..3b0dcf77a0 100644 --- a/exposures/apis/wadl-api.yaml +++ b/exposures/apis/wadl-api.yaml @@ -4,7 +4,7 @@ info: name: wadl file disclosure author: 0xrudra & manuelbua severity: info - tags: exposures,api + tags: exposure,api reference: | - https://github.com/dwisiswant0/wadl-dumper - https://www.nopsec.com/leveraging-exposed-wadl-xml-in-burp-suite/ diff --git a/exposures/apis/wsdl-api.yaml b/exposures/apis/wsdl-api.yaml index b51a327013..c5e1606c15 100644 --- a/exposures/apis/wsdl-api.yaml +++ b/exposures/apis/wsdl-api.yaml @@ -4,7 +4,7 @@ info: name: wsdl-detect author: jarijaas severity: info - tags: exposures,api + tags: exposure,api description: Detects web services that have WSDL (https://www.w3.org/TR/wsdl/) requests: diff --git a/exposures/backups/settings-php-files.yaml b/exposures/backups/settings-php-files.yaml index 8e65d6b503..6209d9fd70 100644 --- a/exposures/backups/settings-php-files.yaml +++ b/exposures/backups/settings-php-files.yaml @@ -4,7 +4,7 @@ info: name: settings.php information disclosure author: sheikhrishad severity: medium - tags: exposures,backup + tags: exposure,backup requests: - method: GET diff --git a/exposures/backups/sql-dump.yaml b/exposures/backups/sql-dump.yaml index f5dc51a6f7..d6a967bb24 100644 --- a/exposures/backups/sql-dump.yaml +++ b/exposures/backups/sql-dump.yaml @@ -4,7 +4,7 @@ info: name: MySQL Dump Files author: geeknik & @dwisiswant0 severity: medium - tags: exposures,backup + tags: exposure,backup requests: - method: GET diff --git a/exposures/backups/zip-backup-files.yaml b/exposures/backups/zip-backup-files.yaml index 10da560cca..3a768423d0 100644 --- a/exposures/backups/zip-backup-files.yaml +++ b/exposures/backups/zip-backup-files.yaml @@ -4,7 +4,7 @@ info: name: Compressed Web File author: Toufik Airane & @dwisiswant0 severity: medium - tags: exposures,backup + tags: exposure,backup requests: - method: GET diff --git a/exposures/configs/airflow-configuration-exposure.yaml b/exposures/configs/airflow-configuration-exposure.yaml index 1091b2dbb2..cf59dd669c 100644 --- a/exposures/configs/airflow-configuration-exposure.yaml +++ b/exposures/configs/airflow-configuration-exposure.yaml @@ -2,9 +2,9 @@ id: airflow-configuration-exposure info: name: Apache Airflow Configuration Exposure - author: pd-team + author: pdteam severity: medium - tags: exposures,config + tags: exposure,config requests: - method: GET diff --git a/exposures/configs/alibaba-canal-info-leak.yaml b/exposures/configs/alibaba-canal-info-leak.yaml index 7fc98c57ba..69fa26a672 100644 --- a/exposures/configs/alibaba-canal-info-leak.yaml +++ b/exposures/configs/alibaba-canal-info-leak.yaml @@ -4,7 +4,7 @@ info: name: Alibaba Canal Info Leak author: pikpikcu severity: info - tags: config,exposures + tags: config,exposure # https://github.com/alibaba/canal/issues/632 # https://netty.io/wiki/reference-counted-objects.html diff --git a/exposures/configs/amazon-docker-config-disclosure.yaml b/exposures/configs/amazon-docker-config-disclosure.yaml index efc8861e95..943d81f7df 100644 --- a/exposures/configs/amazon-docker-config-disclosure.yaml +++ b/exposures/configs/amazon-docker-config-disclosure.yaml @@ -2,9 +2,9 @@ id: amazon-docker-config-disclosure info: name: Dockerrun AWS Configuration Exposure - author: pd-team + author: pdteam severity: medium - tags: config,exposures + tags: config,exposure requests: - method: GET diff --git a/exposures/configs/ansible-config-disclosure.yaml b/exposures/configs/ansible-config-disclosure.yaml index 5b5635c764..92a9879206 100644 --- a/exposures/configs/ansible-config-disclosure.yaml +++ b/exposures/configs/ansible-config-disclosure.yaml @@ -2,9 +2,9 @@ id: ansible-config-disclosure info: name: Ansible Configuration Exposure - author: pd-team + author: pdteam severity: medium - tags: config,exposures + tags: config,exposure requests: - method: GET diff --git a/exposures/configs/awstats-config.yaml b/exposures/configs/awstats-config.yaml index cb4233f373..adbb192728 100644 --- a/exposures/configs/awstats-config.yaml +++ b/exposures/configs/awstats-config.yaml @@ -4,7 +4,7 @@ info: name: AWStats config author: sheikhrishad severity: info - tags: config,exposures + tags: config,exposure requests: - method: GET diff --git a/exposures/configs/awstats-script.yaml b/exposures/configs/awstats-script.yaml index 0e68c74d96..9a81b722f3 100644 --- a/exposures/configs/awstats-script.yaml +++ b/exposures/configs/awstats-script.yaml @@ -4,7 +4,7 @@ info: name: AWStats script author: sheikhrishad severity: info - tags: config,exposures + tags: config,exposure requests: - method: GET diff --git a/exposures/configs/circleci-config.yaml b/exposures/configs/circleci-config.yaml index aae48bac90..98cf8b37cf 100644 --- a/exposures/configs/circleci-config.yaml +++ b/exposures/configs/circleci-config.yaml @@ -5,7 +5,7 @@ info: author: geeknik severity: low reference: https://circleci.com/docs/2.0/sample-config/ - tags: config,exposures + tags: config,exposure requests: - method: GET diff --git a/exposures/configs/circleci-ssh-config.yaml b/exposures/configs/circleci-ssh-config.yaml index 1cda91b802..3c3d245991 100644 --- a/exposures/configs/circleci-ssh-config.yaml +++ b/exposures/configs/circleci-ssh-config.yaml @@ -4,7 +4,7 @@ info: name: circleci ssh-config exposure author: geeknik severity: low - tags: config,exposures + tags: config,exposure requests: - method: GET diff --git a/exposures/configs/composer-config.yaml b/exposures/configs/composer-config.yaml index 2fbfcd9a33..f7142fdc59 100644 --- a/exposures/configs/composer-config.yaml +++ b/exposures/configs/composer-config.yaml @@ -4,7 +4,7 @@ info: name: composer-config-file author: Mahendra Purbia (Mah3Sec_) severity: info - tags: config,exposures + tags: config,exposure requests: - method: GET diff --git a/exposures/configs/docker-compose-config.yml b/exposures/configs/docker-compose-config.yml index 7fc9b193ff..501a5ac469 100644 --- a/exposures/configs/docker-compose-config.yml +++ b/exposures/configs/docker-compose-config.yml @@ -4,7 +4,7 @@ info: name: docker-compose.yml exposure author: meme-lord & blckraven & geeknik severity: medium - tags: config,exposures + tags: config,exposure requests: - method: GET diff --git a/exposures/configs/eea-disclosure.yaml b/exposures/configs/eea-disclosure.yaml index 74608efde1..459b5ea63a 100644 --- a/exposures/configs/eea-disclosure.yaml +++ b/exposures/configs/eea-disclosure.yaml @@ -5,7 +5,7 @@ info: author: pikpikcu severity: high reference: https://www.cnvd.org.cn/flaw/show/CNVD-2021-10543 - tags: config,exposures + tags: config,exposure requests: - method: GET diff --git a/exposures/configs/exposed-bitkeeper.yaml b/exposures/configs/exposed-bitkeeper.yaml index 50f829b617..dded5880b8 100644 --- a/exposures/configs/exposed-bitkeeper.yaml +++ b/exposures/configs/exposed-bitkeeper.yaml @@ -5,7 +5,7 @@ info: author: daffainfo severity: low reference: https://www.bitkeeper.org/man/config-etc.html - tags: config,exposures + tags: config,exposure requests: - method: GET diff --git a/exposures/configs/exposed-bzr.yaml b/exposures/configs/exposed-bzr.yaml index d7c7c52f39..5f00619d9e 100644 --- a/exposures/configs/exposed-bzr.yaml +++ b/exposures/configs/exposed-bzr.yaml @@ -5,7 +5,7 @@ info: author: daffainfo severity: low reference: http://doc.bazaar.canonical.com/beta/en/user-reference/configuration-help.html - tags: config,exposures + tags: config,exposure requests: - method: GET diff --git a/exposures/configs/exposed-darcs.yaml b/exposures/configs/exposed-darcs.yaml index 08e25a782b..002d61e91b 100644 --- a/exposures/configs/exposed-darcs.yaml +++ b/exposures/configs/exposed-darcs.yaml @@ -5,7 +5,7 @@ info: author: daffainfo severity: low reference: http://darcs.net/Using/Configuration#sources - tags: config,exposures + tags: config,exposure requests: - method: GET diff --git a/exposures/configs/exposed-hg.yaml b/exposures/configs/exposed-hg.yaml index be8da7711d..62ba7daeef 100644 --- a/exposures/configs/exposed-hg.yaml +++ b/exposures/configs/exposed-hg.yaml @@ -4,7 +4,7 @@ info: name: Exposed HG Directory author: daffainfo severity: low - tags: config,exposures + tags: config,exposure requests: - method: GET diff --git a/exposures/configs/exposed-svn.yaml b/exposures/configs/exposed-svn.yaml index fc7a21b74c..b88ce042e1 100644 --- a/exposures/configs/exposed-svn.yaml +++ b/exposures/configs/exposed-svn.yaml @@ -4,7 +4,7 @@ info: name: Exposed SVN Directory author: udit_thakkur & dwisiswant0 severity: medium - tags: config,exposures + tags: config,exposure requests: - method: GET diff --git a/exposures/configs/ftp-credentials-exposure.yaml b/exposures/configs/ftp-credentials-exposure.yaml index 5776a71d78..2144e34389 100644 --- a/exposures/configs/ftp-credentials-exposure.yaml +++ b/exposures/configs/ftp-credentials-exposure.yaml @@ -4,7 +4,7 @@ info: name: FTP credentials exposure author: pikpikcu severity: medium - tags: config,ftp,exposures + tags: config,ftp,exposure requests: - method: GET diff --git a/exposures/configs/git-config-nginxoffbyslash.yaml b/exposures/configs/git-config-nginxoffbyslash.yaml index 6a6c5609eb..ceca05ecec 100644 --- a/exposures/configs/git-config-nginxoffbyslash.yaml +++ b/exposures/configs/git-config-nginxoffbyslash.yaml @@ -4,7 +4,7 @@ info: author: organiccrap severity: medium description: Nginx off-by-slash vulnerability exposes Git configuration. - tags: config,exposures + tags: config,exposure reference: https://twitter.com/Random_Robbie/status/1262676628167110656 requests: diff --git a/exposures/configs/git-config.yaml b/exposures/configs/git-config.yaml index 7133296722..53766846a5 100644 --- a/exposures/configs/git-config.yaml +++ b/exposures/configs/git-config.yaml @@ -2,10 +2,10 @@ id: git-config info: name: Git Config Disclosure - author: pd-team & pikpikcu + author: pdteam & pikpikcu severity: medium description: Searches for the pattern /.git/config on passed URLs. - tags: config,git,exposures + tags: config,git,exposure requests: - raw: diff --git a/exposures/configs/gmail-api-client-secrets.yaml b/exposures/configs/gmail-api-client-secrets.yaml index 533092aea7..022ee71a97 100644 --- a/exposures/configs/gmail-api-client-secrets.yaml +++ b/exposures/configs/gmail-api-client-secrets.yaml @@ -5,7 +5,7 @@ info: author: geeknik severity: info description: https://developers.google.com/gmail/api/auth/web-server - tags: config,exposures + tags: config,exposure requests: - method: GET diff --git a/exposures/configs/golang-metrics.yaml b/exposures/configs/golang-metrics.yaml index bdf9dd6687..124ecb8430 100644 --- a/exposures/configs/golang-metrics.yaml +++ b/exposures/configs/golang-metrics.yaml @@ -5,7 +5,7 @@ info: author: dhiyaneshDK severity: low reference: https://hackerone.com/reports/1026196 - tags: config,exposures + tags: config,exposure requests: - method: GET diff --git a/exposures/configs/honeywell-scada-config.yaml b/exposures/configs/honeywell-scada-config.yaml index 5f16b499b7..632d1ac944 100644 --- a/exposures/configs/honeywell-scada-config.yaml +++ b/exposures/configs/honeywell-scada-config.yaml @@ -5,7 +5,7 @@ info: author: alperenkesk severity: low reference: https://www.exploit-db.com/exploits/44734 - tags: scada,config,exposures + tags: scada,config,exposure requests: - method: GET diff --git a/exposures/configs/htpasswd-detection.yaml b/exposures/configs/htpasswd-detection.yaml index 18866c9e2f..26212fd26e 100644 --- a/exposures/configs/htpasswd-detection.yaml +++ b/exposures/configs/htpasswd-detection.yaml @@ -4,7 +4,7 @@ info: name: Detect exposed .htpasswd files author: geeknik severity: info - tags: config,exposures + tags: config,exposure requests: - method: GET diff --git a/exposures/configs/joomla-config-file.yaml b/exposures/configs/joomla-config-file.yaml index ca443106bc..04f75c426a 100644 --- a/exposures/configs/joomla-config-file.yaml +++ b/exposures/configs/joomla-config-file.yaml @@ -5,7 +5,7 @@ info: author: oppsec severity: low description: configuration.php-dist is a file created by Joomla to save Joomla settings. - tags: config,exposures + tags: config,exposure requests: - method: GET diff --git a/exposures/configs/laravel-env.yaml b/exposures/configs/laravel-env.yaml index 19042eac78..7d775e8148 100644 --- a/exposures/configs/laravel-env.yaml +++ b/exposures/configs/laravel-env.yaml @@ -4,7 +4,7 @@ info: name: Laravel .env file author: pxmme1337 & dwisiswant0 & geeknik & emenalf severity: medium - tags: config,exposures + tags: config,exposure requests: - method: GET diff --git a/exposures/configs/lvmeng-uts-disclosure.yaml b/exposures/configs/lvmeng-uts-disclosure.yaml index 874a8b14ee..0e644455dd 100644 --- a/exposures/configs/lvmeng-uts-disclosure.yaml +++ b/exposures/configs/lvmeng-uts-disclosure.yaml @@ -4,7 +4,7 @@ info: name: Lvmeng UTS Disclosure author: pikpikcu severity: high - tags: config,exposures + tags: config,exposure requests: - method: GET diff --git a/exposures/configs/magento-config.yaml b/exposures/configs/magento-config.yaml index 7104bc3008..abf80cc0fe 100644 --- a/exposures/configs/magento-config.yaml +++ b/exposures/configs/magento-config.yaml @@ -3,7 +3,7 @@ info: name: Magento Config Disclosure author: geeknik severity: medium - tags: config,exposures + tags: config,exposure requests: - method: GET diff --git a/exposures/configs/netrc.yaml b/exposures/configs/netrc.yaml index 2f543d9a94..af49bb37fa 100644 --- a/exposures/configs/netrc.yaml +++ b/exposures/configs/netrc.yaml @@ -6,7 +6,7 @@ info: description: The .netrc file contains login and initialization information used by the auto-login process. reference: https://www.gnu.org/software/inetutils/manual/html_node/The-_002enetrc-file.html severity: high - tags: netrc,config,exposures + tags: netrc,config,exposure requests: - method: GET diff --git a/exposures/configs/opcache-status-exposure.yaml b/exposures/configs/opcache-status-exposure.yaml index 5f21b902a1..de7cba5078 100644 --- a/exposures/configs/opcache-status-exposure.yaml +++ b/exposures/configs/opcache-status-exposure.yaml @@ -2,9 +2,9 @@ id: opcache-status-exposure info: name: OPcache Status Exposure - author: pd-team + author: pdteam severity: low - tags: config,exposures + tags: config,exposure requests: - method: GET diff --git a/exposures/configs/owncloud-config.yaml b/exposures/configs/owncloud-config.yaml index ac0b027541..523c4d6c6f 100644 --- a/exposures/configs/owncloud-config.yaml +++ b/exposures/configs/owncloud-config.yaml @@ -4,7 +4,7 @@ info: name: owncloud config Disclosure author: Mahendra Purbia (Mah3Sec_) severity: info - tags: config,exposures + tags: config,exposure requests: - method: GET diff --git a/exposures/configs/package-json.yaml b/exposures/configs/package-json.yaml index 9240f0f418..ee4a0c8cb2 100644 --- a/exposures/configs/package-json.yaml +++ b/exposures/configs/package-json.yaml @@ -5,7 +5,7 @@ info: author: geeknik & afaq severity: info description: All npm packages contain a file, usually in the project root, called package.json - this file holds various metadata relevant to the project. - tags: config,exposures + tags: config,exposure requests: - method: GET diff --git a/exposures/configs/perl-status.yaml b/exposures/configs/perl-status.yaml index f480acc6d1..805f1b124f 100644 --- a/exposures/configs/perl-status.yaml +++ b/exposures/configs/perl-status.yaml @@ -2,9 +2,9 @@ id: perl-status info: name: Apache mod_perl Status Page Exposure - author: pd-team + author: pdteam severity: medium - tags: config,exposures + tags: config,exposure requests: - method: GET diff --git a/exposures/configs/phpinfo.yaml b/exposures/configs/phpinfo.yaml index 7fa016854d..7b00715cbb 100644 --- a/exposures/configs/phpinfo.yaml +++ b/exposures/configs/phpinfo.yaml @@ -2,9 +2,9 @@ id: phpinfo-files info: name: phpinfo Disclosure - author: pd-team & daffainfo & meme-lord + author: pdteam & daffainfo & meme-lord severity: low - tags: config,exposures + tags: config,exposure requests: - method: GET diff --git a/exposures/configs/rails-database-config.yaml b/exposures/configs/rails-database-config.yaml index 90150b0fa9..d72b4afed0 100644 --- a/exposures/configs/rails-database-config.yaml +++ b/exposures/configs/rails-database-config.yaml @@ -2,9 +2,9 @@ id: rails-database-config info: name: Ruby-on-Rails Database Configuration Exposure - author: pd-team + author: pdteam severity: low - tags: config,exposures + tags: config,exposure requests: - method: GET diff --git a/exposures/configs/redmine-db-config.yaml b/exposures/configs/redmine-db-config.yaml index 8f11ef0f5e..9d22cc3961 100644 --- a/exposures/configs/redmine-db-config.yaml +++ b/exposures/configs/redmine-db-config.yaml @@ -4,7 +4,7 @@ info: author: geeknik description: Redmine is a flexible project management web application written using Ruby on Rails framework - https://redmine.org/projects/redmine severity: medium - tags: config,exposures + tags: config,exposure requests: - method: GET diff --git a/exposures/configs/ruijie-information-disclosure.yaml b/exposures/configs/ruijie-information-disclosure.yaml index 89b44a9129..8776f3ffb8 100644 --- a/exposures/configs/ruijie-information-disclosure.yaml +++ b/exposures/configs/ruijie-information-disclosure.yaml @@ -5,7 +5,7 @@ info: author: pikpikcu severity: high reference: https://www.cnblogs.com/cHr1s/p/14499858.html - tags: ruijie,config,exposures + tags: ruijie,config,exposure requests: - method: GET diff --git a/exposures/configs/server-private-keys.yaml b/exposures/configs/server-private-keys.yaml index 2711fac3a3..6ce75dead1 100644 --- a/exposures/configs/server-private-keys.yaml +++ b/exposures/configs/server-private-keys.yaml @@ -4,7 +4,7 @@ info: name: Detect Private SSH and TLS Keys author: geeknik severity: high - tags: config,exposures + tags: config,exposure requests: - method: GET diff --git a/exposures/configs/sftp-credentials-exposure.yaml b/exposures/configs/sftp-credentials-exposure.yaml index 83d0b8639d..f95a5785fb 100644 --- a/exposures/configs/sftp-credentials-exposure.yaml +++ b/exposures/configs/sftp-credentials-exposure.yaml @@ -4,7 +4,7 @@ info: name: SFTP credentials exposure author: sheikhrishad severity: medium - tags: config,ftp,exposures + tags: config,ftp,exposure requests: - method: GET diff --git a/exposures/configs/syfmony-profiler.yaml b/exposures/configs/syfmony-profiler.yaml index 961bd2e9c9..aa0e11aa5d 100644 --- a/exposures/configs/syfmony-profiler.yaml +++ b/exposures/configs/syfmony-profiler.yaml @@ -4,7 +4,7 @@ info: name: SymfonyProfiler information leakage author: wabafet severity: medium - tags: config,exposures + tags: config,exposure requests: - method: GET diff --git a/exposures/configs/symfony-database-config.yaml b/exposures/configs/symfony-database-config.yaml index 460b7996b5..0ff2466aa1 100644 --- a/exposures/configs/symfony-database-config.yaml +++ b/exposures/configs/symfony-database-config.yaml @@ -2,9 +2,9 @@ id: symfony-database-config info: name: Symfony Database Configuration Exposure - author: pd-team + author: pdteam severity: high - tags: config,exposures + tags: config,exposure requests: - method: GET diff --git a/exposures/configs/symfony-profiler.yaml b/exposures/configs/symfony-profiler.yaml index 545290b397..8ce750b449 100644 --- a/exposures/configs/symfony-profiler.yaml +++ b/exposures/configs/symfony-profiler.yaml @@ -2,9 +2,9 @@ id: symfony-profiler info: name: Symfony Profiler - author: pd-team + author: pdteam severity: high - tags: config,exposures + tags: config,exposure requests: - method: GET diff --git a/exposures/configs/web-config.yaml b/exposures/configs/web-config.yaml index ec220ca2fa..6847e65983 100644 --- a/exposures/configs/web-config.yaml +++ b/exposures/configs/web-config.yaml @@ -3,7 +3,7 @@ info: name: Web Config file author: Yash Anand @yashanand155 severity: info - tags: config,exposures + tags: config,exposure requests: - method: GET diff --git a/exposures/configs/xprober-service.yaml b/exposures/configs/xprober-service.yaml index ea3d1c947e..ca1f311d99 100644 --- a/exposures/configs/xprober-service.yaml +++ b/exposures/configs/xprober-service.yaml @@ -4,7 +4,7 @@ info: name: X Prober server information leakage author: pdteam severity: low - tags: config,exposures + tags: config,exposure reference: https://twitter.com/bugbounty_tips/status/1339984643517423616 requests: diff --git a/exposures/files/bower-json.yaml b/exposures/files/bower-json.yaml index c6d5a3da41..8514fc3de8 100644 --- a/exposures/files/bower-json.yaml +++ b/exposures/files/bower-json.yaml @@ -5,7 +5,7 @@ info: author: oppsec severity: info description: Bower is a package manager which stores packages informations in bower.json file - tags: file,exposures + tags: file,exposure requests: - method: GET diff --git a/exposures/files/domcfg-page.yaml b/exposures/files/domcfg-page.yaml index 89799e3d7f..3d489748ce 100644 --- a/exposures/files/domcfg-page.yaml +++ b/exposures/files/domcfg-page.yaml @@ -4,7 +4,7 @@ info: author: gevakun severity: low reference: https://twitter.com/Wh11teW0lf/status/1295594085445709824 - tags: file,exposures + tags: file,exposure requests: - method: GET diff --git a/exposures/files/drupal-install.yaml b/exposures/files/drupal-install.yaml index 30aa6bb935..cbb9a6751f 100644 --- a/exposures/files/drupal-install.yaml +++ b/exposures/files/drupal-install.yaml @@ -4,7 +4,7 @@ info: name: Drupal Install author: NkxxkN severity: low - tags: file,exposures + tags: file,exposure requests: - method: GET diff --git a/exposures/files/ds_store.yaml b/exposures/files/ds_store.yaml index 0aace932fa..9117861fc3 100644 --- a/exposures/files/ds_store.yaml +++ b/exposures/files/ds_store.yaml @@ -4,7 +4,7 @@ info: name: Directory Listing via DS_Store author: 0w4ys severity: info - tags: file,exposures + tags: file,exposure requests: - method: GET diff --git a/exposures/files/exposed-alps-spring.yaml b/exposures/files/exposed-alps-spring.yaml index c167fc4077..165e4039b2 100644 --- a/exposures/files/exposed-alps-spring.yaml +++ b/exposures/files/exposed-alps-spring.yaml @@ -4,7 +4,7 @@ info: name: Exposed Spring Data REST Application-Level Profile Semantics (ALPS) author: dwisiswant0 severity: medium - tags: file,exposures + tags: file,exposure reference: https://niemand.com.ar/2021/01/08/exploiting-application-level-profile-semantics-apls-from-spring-data-rest/ requests: diff --git a/exposures/files/filezilla.yaml b/exposures/files/filezilla.yaml index 740d51caf8..d3d0d0d878 100644 --- a/exposures/files/filezilla.yaml +++ b/exposures/files/filezilla.yaml @@ -4,7 +4,7 @@ info: name: Filezilla author: amsda severity: medium - tags: file,exposures + tags: file,exposure requests: - method: GET diff --git a/exposures/files/keycloak-json.yaml b/exposures/files/keycloak-json.yaml index 098d8f3d60..b1b2c349f3 100644 --- a/exposures/files/keycloak-json.yaml +++ b/exposures/files/keycloak-json.yaml @@ -3,7 +3,7 @@ info: name: Keycloak Json File author: oppsec severity: info - tags: file,exposures + tags: file,exposure requests: - method: GET diff --git a/exposures/files/lazy-file.yaml b/exposures/files/lazy-file.yaml index c12c0c751e..6ef4a50f0e 100644 --- a/exposures/files/lazy-file.yaml +++ b/exposures/files/lazy-file.yaml @@ -4,7 +4,7 @@ info: name: Lazy File Manager author: amsda severity: medium - tags: file,exposures + tags: file,exposure requests: - method: GET diff --git a/exposures/files/yarn-lock.yaml b/exposures/files/yarn-lock.yaml index 29cc72cc8f..31bcc2cbaa 100644 --- a/exposures/files/yarn-lock.yaml +++ b/exposures/files/yarn-lock.yaml @@ -5,7 +5,7 @@ info: author: oppsec severity: info description: yarn.lock is a file which store all exactly versions of each dependency were installed. - tags: file,exposures + tags: file,exposure requests: - method: GET diff --git a/exposures/logs/elmah-log-file.yaml b/exposures/logs/elmah-log-file.yaml index aa681f4538..a1b7841969 100644 --- a/exposures/logs/elmah-log-file.yaml +++ b/exposures/logs/elmah-log-file.yaml @@ -4,7 +4,7 @@ info: name: elmah.axd Disclosure author: shine severity: medium - tags: log,exposures + tags: log,exposure requests: - method: GET diff --git a/exposures/logs/error-logs.yaml b/exposures/logs/error-logs.yaml index f5ded5c5d2..e61e7b1452 100644 --- a/exposures/logs/error-logs.yaml +++ b/exposures/logs/error-logs.yaml @@ -3,7 +3,7 @@ info: name: common error log files author: geeknik & daffainfo severity: low - tags: log,exposures + tags: log,exposure requests: - method: GET diff --git a/exposures/logs/laravel-log-file.yaml b/exposures/logs/laravel-log-file.yaml index c8a338a063..917a56a4ac 100644 --- a/exposures/logs/laravel-log-file.yaml +++ b/exposures/logs/laravel-log-file.yaml @@ -4,7 +4,7 @@ info: name: Laravel log file publicly accessible author: sheikhrishad severity: low - tags: laravel,log,exposures + tags: laravel,log,exposure requests: - method: GET diff --git a/exposures/logs/npm-log-file.yaml b/exposures/logs/npm-log-file.yaml index 040098bc34..b93991f83a 100644 --- a/exposures/logs/npm-log-file.yaml +++ b/exposures/logs/npm-log-file.yaml @@ -4,7 +4,7 @@ info: name: Publicly accessible NPM Log file author: sheikhrishad severity: low - tags: npm,log,exposures + tags: npm,log,exposure requests: - method: GET diff --git a/exposures/logs/rails-debug-mode.yaml b/exposures/logs/rails-debug-mode.yaml index 8659ab00c1..6e7e2494cf 100644 --- a/exposures/logs/rails-debug-mode.yaml +++ b/exposures/logs/rails-debug-mode.yaml @@ -2,9 +2,9 @@ id: rails-debug-mode info: name: Rails Debug Mode Enabled - author: pd-team + author: pdteam severity: medium - tags: log,rails,exposures + tags: log,rails,exposure requests: - method: GET diff --git a/exposures/logs/struts-debug-mode.yaml b/exposures/logs/struts-debug-mode.yaml index bd073b6a82..e95c21541c 100644 --- a/exposures/logs/struts-debug-mode.yaml +++ b/exposures/logs/struts-debug-mode.yaml @@ -2,9 +2,9 @@ id: struts-debug-mode info: name: Apache Struts setup in Debug-Mode - author: pd-team + author: pdteam severity: low - tags: log,struts,apache,exposures + tags: log,struts,apache,exposure requests: - method: GET diff --git a/exposures/logs/trace-axd-detect.yaml b/exposures/logs/trace-axd-detect.yaml index f682894c93..5b41abc997 100644 --- a/exposures/logs/trace-axd-detect.yaml +++ b/exposures/logs/trace-axd-detect.yaml @@ -5,7 +5,7 @@ info: author: dhiyaneshDK severity: low reference: https://www.rapid7.com/db/vulnerabilities/spider-asp-dot-net-trace-axd/ - tags: log,asp,exposures + tags: log,asp,exposure requests: - method: GET diff --git a/headless/postmessage-tracker.yaml b/headless/postmessage-tracker.yaml index 4b2f3b1b2c..e57ca76fa2 100644 --- a/headless/postmessage-tracker.yaml +++ b/headless/postmessage-tracker.yaml @@ -2,7 +2,7 @@ id: postmessage-tracker info: name: Postmessage Tracker - author: pd-team + author: pdteam severity: info reference: https://github.com/vinothsparrow/iframe-broker/blob/main/static/script.js tags: headless,postmessage diff --git a/headless/prototype-pollution-check.yaml b/headless/prototype-pollution-check.yaml index 0e219f5eac..1e0d7ae586 100644 --- a/headless/prototype-pollution-check.yaml +++ b/headless/prototype-pollution-check.yaml @@ -2,7 +2,7 @@ id: prototype-pollution-check info: name: Prototype Pollution Check - author: pd-team + author: pdteam severity: medium reference: https://github.com/msrkp/PPScan tags: headless diff --git a/headless/window-name-domxss.yaml b/headless/window-name-domxss.yaml index f7c356fc2d..98bbe26a84 100644 --- a/headless/window-name-domxss.yaml +++ b/headless/window-name-domxss.yaml @@ -2,7 +2,7 @@ id: window-name-domxss info: name: window.name DOM XSS - author: pd-team + author: pdteam severity: medium reference: https://public-firing-range.appspot.com/dom/index.html tags: headless,xss,domxss diff --git a/misconfiguration/airflow-api-exposure.yaml b/misconfiguration/airflow-api-exposure.yaml index 3a5986bb55..2d73efdfce 100644 --- a/misconfiguration/airflow-api-exposure.yaml +++ b/misconfiguration/airflow-api-exposure.yaml @@ -2,7 +2,7 @@ id: airflow-api-exposure info: name: Apache Airflow API Exposure / Unauthenticated Access - author: pd-team + author: pdteam severity: medium tags: apache,airflow,unauth diff --git a/misconfiguration/jkstatus-manager.yaml b/misconfiguration/jkstatus-manager.yaml index 56f0197e6b..8b01538324 100644 --- a/misconfiguration/jkstatus-manager.yaml +++ b/misconfiguration/jkstatus-manager.yaml @@ -2,7 +2,7 @@ id: jkstatus-manager info: name: JK Status Manager - author: pd-team + author: pdteam severity: low tags: config diff --git a/misconfiguration/server-status-localhost.yaml b/misconfiguration/server-status-localhost.yaml index a27ec06873..64dd8a6f24 100644 --- a/misconfiguration/server-status-localhost.yaml +++ b/misconfiguration/server-status-localhost.yaml @@ -2,7 +2,7 @@ id: server-status-localhost info: name: Server Status Disclosure - author: pd-team & geeknik + author: pdteam & geeknik severity: low tags: config diff --git a/network/exposed-redis.yaml b/network/exposed-redis.yaml index ee683481cd..12ec2926da 100644 --- a/network/exposed-redis.yaml +++ b/network/exposed-redis.yaml @@ -2,7 +2,7 @@ id: exposed-redis info: name: Redis Unauth Server - author: pd-team + author: pdteam severity: high reference: https://redis.io/topics/security tags: network,redis diff --git a/network/exposed-zookeeper.yaml b/network/exposed-zookeeper.yaml index 027a490123..c531fd85e5 100644 --- a/network/exposed-zookeeper.yaml +++ b/network/exposed-zookeeper.yaml @@ -2,7 +2,7 @@ id: exposed-zookeeper info: name: ZooKeeper Unauth Server - author: pd-team + author: pdteam severity: high reference: https://zookeeper.apache.org/security.html tags: network,zookeeper diff --git a/network/memcached-stats.yaml b/network/memcached-stats.yaml index 62f8e25bae..78f65c7e75 100644 --- a/network/memcached-stats.yaml +++ b/network/memcached-stats.yaml @@ -2,7 +2,7 @@ id: memcached-stats info: name: Memcached stats disclosure - author: pd-team + author: pdteam severity: low tags: network,memcached diff --git a/network/mongodb-detect.yaml b/network/mongodb-detect.yaml index 55716383b9..88928bafde 100644 --- a/network/mongodb-detect.yaml +++ b/network/mongodb-detect.yaml @@ -2,7 +2,7 @@ id: mongodb-detect info: name: MongoDB Detection - author: pd-team + author: pdteam severity: info reference: https://github.com/orleven/Tentacle tags: network,mongodb diff --git a/network/mongodb-unauth.yaml b/network/mongodb-unauth.yaml index 6d8c522a1d..4348e90446 100644 --- a/network/mongodb-unauth.yaml +++ b/network/mongodb-unauth.yaml @@ -2,7 +2,7 @@ id: mongodb-unauth info: name: Unauth MongoDB Disclosure - author: pd-team + author: pdteam severity: high reference: https://github.com/orleven/Tentacle tags: network,mongodb diff --git a/vulnerabilities/other/acme-xss.yaml b/vulnerabilities/other/acme-xss.yaml index 3bf6e916ee..e6e5af1c0d 100644 --- a/vulnerabilities/other/acme-xss.yaml +++ b/vulnerabilities/other/acme-xss.yaml @@ -2,7 +2,7 @@ id: acme-xss info: name: ACME / Let's Encrypt Reflected XSS - author: pd-team + author: pdteam severity: low tags: xss,acme diff --git a/vulnerabilities/other/aspnuke-openredirect.yaml b/vulnerabilities/other/aspnuke-openredirect.yaml index 338f74687e..ca498927f1 100644 --- a/vulnerabilities/other/aspnuke-openredirect.yaml +++ b/vulnerabilities/other/aspnuke-openredirect.yaml @@ -2,7 +2,7 @@ id: aspnuke-openredirect info: name: ASP-Nuke Open Redirect - author: pd-team + author: pdteam severity: low tags: aspnuke,redirect diff --git a/vulnerabilities/other/yarn-resourcemanager-rce.yaml b/vulnerabilities/other/yarn-resourcemanager-rce.yaml index adfeb35d55..2cd230f11f 100644 --- a/vulnerabilities/other/yarn-resourcemanager-rce.yaml +++ b/vulnerabilities/other/yarn-resourcemanager-rce.yaml @@ -2,7 +2,7 @@ id: yarn-resourcemanager-rce info: name: Apache Yarn ResourceManager RCE - author: pd-team + author: pdteam severity: low tags: apache,rce reference: https://neerajsabharwal.medium.com/hadoop-yarn-hack-9a72cc1328b6