Remove:

- various nonstandard ascii chars in favor of the standard ones (mostly quotes)
 - spaces after : in some files

cves/2014/CVE-2014-4535.yaml

@@ -18,7 +18,7 @@ info:
 requests:
   - method: GET
     path:
-      - "{{BaseURL}}/wp-content/plugins/import–legacy–media/getid3/demos/demo.mimeonly.php?filename=filename%27%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
+      - "{{BaseURL}}/wp-content/plugins/import-legacy-media/getid3/demos/demo.mimeonly.php?filename=filename%27%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
 
     matchers-condition: and
     matchers:

cves/2014/CVE-2014-4544.yaml

@@ -18,7 +18,7 @@ info:
 requests:
   - method: GET
     path:
-      - "{{BaseURL}}/wp-content/plugins/podcast–channels/getid3/demos/demo.write.php?Filename=Filename%27%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&"
+      - "{{BaseURL}}/wp-content/plugins/podcast-channels/getid3/demos/demo.write.php?Filename=Filename%27%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&"
 
     matchers-condition: and
     matchers:

cves/2014/CVE-2014-4550.yaml

@@ -18,7 +18,7 @@ info:
 requests:
   - method: GET
     path:
-      - "{{BaseURL}}/wp-content/plugins/shortcode–ninja/preview-shortcode-external.php?shortcode=shortcode%27%3E%3Cscript%3Ealert%28document.domain%29%3C/script%3e"
+      - "{{BaseURL}}/wp-content/plugins/shortcode-ninja/preview-shortcode-external.php?shortcode=shortcode%27%3E%3Cscript%3Ealert%28document.domain%29%3C/script%3e"
 
     matchers-condition: and
     matchers:

cves/2014/CVE-2014-4558.yaml

@@ -18,7 +18,7 @@ info:
 requests:
   - method: GET
     path:
-      - "{{BaseURL}}/wp-content/plugins/swipehq–payment–gateway–woocommerce/test-plugin.php?api_url=api_url%27%3E%3Cscript%3Ealert%28document.domain%29%3C/script%3E "
+      - "{{BaseURL}}/wp-content/plugins/swipehq-payment-gateway-woocommerce/test-plugin.php?api_url=api_url%27%3E%3Cscript%3Ealert%28document.domain%29%3C/script%3E "
 
     matchers-condition: and
     matchers:

cves/2014/CVE-2014-4561.yaml

@@ -18,7 +18,7 @@ info:
 requests:
   - method: GET
     path:
-      - "{{BaseURL}}/wp-content/plugins/ultimate–weather–plugin/magpierss/scripts/magpie_debug.php?url=%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
+      - "{{BaseURL}}/wp-content/plugins/ultimate-weather-plugin/magpierss/scripts/magpie_debug.php?url=%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
 
     matchers-condition: and
     matchers:

cves/2014/CVE-2014-4592.yaml

@@ -18,7 +18,7 @@ info:
 requests:
   - method: GET
     path:
-      - "{{BaseURL}}/wp-content/plugins/wp–planet/rss.class/scripts/magpie_debug.php?url=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
+      - "{{BaseURL}}/wp-content/plugins/wp-planet/rss.class/scripts/magpie_debug.php?url=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
 
     matchers-condition: and
     matchers:

cves/2017/CVE-2017-5638.yaml

@@ -3,7 +3,7 @@ info:
   author: Random_Robbie
   name: Apache Struts2 RCE
   severity: critical
-  description: Struts is vulnerable to remote command injection attacks through incorrectly parsing an attacker’s invalid Content-Type HTTP header. The Struts vulnerability allows these commands to be executed under the privileges of the Web server.
+  description: Struts is vulnerable to remote command injection attacks through incorrectly parsing an attacker's invalid Content-Type HTTP header. The Struts vulnerability allows these commands to be executed under the privileges of the Web server.
   tags: cve,cve2017,struts,rce,apache
   reference: https://github.com/mazen160/struts-pwn
   classification:

cves/2017/CVE-2017-7391.yaml

@@ -1,7 +1,7 @@
 id: CVE-2017-7391
 
 info:
-  name: Magmi – Cross-Site Scripting v.0.7.22
+  name: Magmi Cross-Site Scripting v.0.7.22
   author: pikpikcu
   severity: medium
   description: A Cross-Site Scripting (XSS) was discovered in 'Magmi 0.7.22'. The vulnerability exists due to insufficient filtration of user-supplied data (prefix) passed to the 'magmi-git-master/magmi/web/ajax_gettime.php' URL.
@@ -34,3 +34,4 @@ requests:
         words:
           - "text/html"
         part: header
+

cves/2018/CVE-2018-10818.yaml

@@ -4,7 +4,7 @@ info:
   name: LG NAS Devices - Remote Code Execution (Unauthenticated)
   author: gy741
   severity: critical
-  description: The vulnerability (CVE-2018-10818) is a pre-auth remote command injection vulnerability found in the majority of LG NAS devices. You cannot simply log in with any random username and password. However, there lies a command injection vulnerability in the “password” parameter.
+  description: The vulnerability (CVE-2018-10818) is a pre-auth remote command injection vulnerability found in the majority of LG NAS devices. You cannot simply log in with any random username and password. However, there lies a command injection vulnerability in the "password" parameter.
   reference:
     - https://www.vpnmentor.com/blog/critical-vulnerability-found-majority-lg-nas-devices/
     - https://medium.com/@0x616163/lg-n1a1-unauthenticated-remote-command-injection-cve-2018-14839-9d2cf760e247

cves/2018/CVE-2018-10822.yaml

@@ -4,7 +4,7 @@ info:
   name: D-Link Routers - Directory Traversal
   author: daffainfo
   severity: high
-  description: Directory traversal vulnerability in the web interface on D-Link routers DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02,DWR-512 through 2.02,DWR-712 through 2.02,DWR-912 through 2.02, DWR-921 through 2.02, DWR-111 through 1.01, and probably others with the same type of firmware allows remote attackers to read arbitrary files via a /.. or // after “GET /uir” in an HTTP request.
+  description: Directory traversal vulnerability in the web interface on D-Link routers DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02,DWR-512 through 2.02,DWR-712 through 2.02,DWR-912 through 2.02, DWR-921 through 2.02, DWR-111 through 1.01, and probably others with the same type of firmware allows remote attackers to read arbitrary files via a /.. or // after "GET /uir" in an HTTP request.
   reference:
     - https://www.exploit-db.com/exploits/45678
     - https://nvd.nist.gov/vuln/detail/CVE-2018-10822

cves/2018/CVE-2018-1273.yaml

@@ -10,7 +10,7 @@ info:
     caused by improper neutralization of special elements.
     An unauthenticated remote malicious user (or attacker) can supply
     specially crafted request parameters against Spring Data REST backed HTTP resources
-    or using Spring Data’s projection-based request payload binding hat can lead to a remote code execution attack.
+    or using Spring Data's projection-based request payload binding hat can lead to a remote code execution attack.
   reference: https://nvd.nist.gov/vuln/detail/CVE-2018-1273
   tags: cve,cve2018,vmware,rce,spring
   classification:

cves/2020/CVE-2020-24186.yaml

@@ -4,7 +4,7 @@ info:
   name: Unauthenticated File upload wpDiscuz WordPress plugin RCE
   author: Ganofins
   severity: critical
-  description: WordPress wpDiscuz plugin version 7.0.4. This flaw gave unauthenticated attackers the ability to upload arbitrary files, including PHP files, and achieve remote code execution on a vulnerable site’s server.
+  description: WordPress wpDiscuz plugin version 7.0.4. This flaw gave unauthenticated attackers the ability to upload arbitrary files, including PHP files, and achieve remote code execution on a vulnerable site's server.
   reference: https://github.com/suncsr/wpDiscuz_unauthenticated_arbitrary_file_upload/blob/main/README.md
   tags: cve,cve2020,wordpress,wp-plugin,rce,upload
   classification:

cves/2020/CVE-2020-8813.yaml

@@ -4,7 +4,7 @@ info:
   name: Cacti v1.2.8 - Unauthenticated Remote Code Execution
   author: gy741
   severity: high
-  description: This vulnerability could be exploited without authentication if Cacti is enabling “Guest Realtime Graphs” privilege, So in this case no need for the authentication part and you can just use the following code to exploit the vulnerability
+  description: This vulnerability could be exploited without authentication if Cacti is enabling "Guest Realtime Graphs" privilege, So in this case no need for the authentication part and you can just use the following code to exploit the vulnerability.
   reference:
     - https://shells.systems/cacti-v1-2-8-authenticated-remote-code-execution-cve-2020-8813/
   tags: cve,cve2020,cacti,rce,oast

cves/2021/CVE-2021-26084.yaml

@@ -4,7 +4,7 @@ info:
   author: dhiyaneshDk,philippedelteil
   severity: critical
   name: Confluence Server OGNL injection - RCE
-  description: In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an authenticated user, and in some instances an unauthenticated user, to execute arbitrary code on a Confluence Server or Data Center instance. The vulnerable endpoints can be accessed by a non-administrator user or unauthenticated user if ‘Allow people to sign up to create their account’ is enabled. To check whether this is enabled go to COG > User Management > User Signup Options. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.
+  description: In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an authenticated user, and in some instances an unauthenticated user, to execute arbitrary code on a Confluence Server or Data Center instance. The vulnerable endpoints can be accessed by a non-administrator user or unauthenticated user if 'Allow people to sign up to create their account' is enabled. To check whether this is enabled go to COG > User Management > User Signup Options. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.
   tags: cve,cve2021,rce,confluence,injection,ognl
   reference:
     - https://jira.atlassian.com/browse/CONFSERVER-67940

cves/2021/CVE-2021-38314.yaml

@@ -13,7 +13,7 @@ info:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
     cvss-score: 5.30
     cve-id: CVE-2021-38314
-  description: "The Gutenberg Template Library & Redux Framework plugin <= 4.2.11 for WordPress registered several AJAX actions available to unauthenticated users in the `includes` function in `redux-core/class-redux-core.php` that were unique to a given site but deterministic and predictable given that they were based on an md5 hash of the site URL with a known salt value of '-redux' and an md5 hash of the previous hash with a known salt value of '-support'. These AJAX actions could be used to retrieve a list of active plugins and their versions, the site's PHP version, and an unsalted md5 hash of site’s `AUTH_KEY` concatenated with the `SECURE_AUTH_KEY`."
+  description: "The Gutenberg Template Library & Redux Framework plugin <= 4.2.11 for WordPress registered several AJAX actions available to unauthenticated users in the `includes` function in `redux-core/class-redux-core.php` that were unique to a given site but deterministic and predictable given that they were based on an md5 hash of the site URL with a known salt value of '-redux' and an md5 hash of the previous hash with a known salt value of '-support'. These AJAX actions could be used to retrieve a list of active plugins and their versions, the site's PHP version, and an unsalted md5 hash of site's `AUTH_KEY` concatenated with the `SECURE_AUTH_KEY`."
 
 requests:
   - raw:

cves/2021/CVE-2021-40960.yaml

@@ -1,7 +1,7 @@
 id: CVE-2021-40960
 
 info:
-  name: Galera WebTemplate 1.0 – Directory Traversal
+  name: Galera WebTemplate 1.0 Directory Traversal
   author: daffainfo
   severity: critical
   description: Galera WebTemplate 1.0 is affected by a directory traversal vulnerability that could reveal information from /etc/passwd and /etc/shadow.

cves/2022/CVE-2022-0218.yaml

@@ -4,7 +4,7 @@ info:
   name: HTML Email Template Designer < 3.1 - Stored Cross-Site Scripting (XSS)
   author: hexcat
   severity: high
-  description: WordPress Email Template Designer – WP HTML Mail allows stored XSS through an unprotected REST-API endpoint (CVE-2022-0218).
+  description: WordPress Email Template Designer WP HTML Mail allows stored XSS through an unprotected REST-API endpoint (CVE-2022-0218).
   reference:
     - https://www.wordfence.com/blog/2022/01/unauthenticated-xss-vulnerability-patched-in-html-email-template-designer-plugin/
     - https://wordpress.org/plugins/wp-html-mail/

exposures/configs/honeywell-scada-config.yaml

@@ -1,7 +1,7 @@
 id: honeywell-scada-config
 
 info:
-  name: Honeywell Scada System – Information Disclosure
+  name: Honeywell Scada System Information Disclosure
   author: alperenkesk
   severity: low
   reference: https://www.exploit-db.com/exploits/44734

file/php/php-scanner.yaml

@@ -27,7 +27,7 @@ file:
       - type: regex
         # Investigate for possible SQL Injection
         # Likely vulnerable: $dbConn->GetRow("SELECT * FROM users WHERE id = $user_id");
-        # Likely not Vulnerable: $dbConn->GetRow("SELECT * FROM users WHERE id = ?", array(‘$user_id’));
+        # Likely not Vulnerable: $dbConn->GetRow("SELECT * FROM users WHERE id = ?", array('$user_id'));
         regex:
           - '(?i)getone|getrow|getall|getcol|getassoc|execute|replace'
       - type: regex

misconfiguration/java-melody-exposed.yaml

@@ -4,7 +4,7 @@ info:
   name: JavaMelody Monitoring Exposed
   author: dhiyaneshDK,thomas_from_offensity
   severity: medium
-  description: JavaMelody is a tool used to monitor Java or Java EE applications in QA and production environments. JavaMelody was detected on this web application. One option in the dashboard is to “View http sessions”. This can be used by an attacker to steal a user’s session.
+  description: JavaMelody is a tool used to monitor Java or Java EE applications in QA and production environments. JavaMelody was detected on this web application. One option in the dashboard is to "View http sessions". This can be used by an attacker to steal a user's session.
   reference:
     - https://www.acunetix.com/vulnerabilities/web/javamelody-publicly-accessible/
     - https://github.com/javamelody/javamelody/wiki/UserGuide#16-security

misconfiguration/prometheus/prometheus-targets.yaml

@@ -4,7 +4,7 @@ info:
   name: Prometheus targets API endpoint
   author: geeknik
   severity: info
-  description: The targets endpoint exposes services belonging to the infrastructure, including their roles and labels. In addition to showing the target machine addresses, the endpoint also exposes metadata labels that are added by the target provider. These labels are intended to contain non-sensitive values, like the name of the server or its description, but various cloud platforms may automatically expose sensitive data in these labels, oftentimes without the developer’s knowledge.
+  description: The targets endpoint exposes services belonging to the infrastructure, including their roles and labels. In addition to showing the target machine addresses, the endpoint also exposes metadata labels that are added by the target provider. These labels are intended to contain non-sensitive values, like the name of the server or its description, but various cloud platforms may automatically expose sensitive data in these labels, oftentimes without the developer's knowledge.
   reference: https://jfrog.com/blog/dont-let-prometheus-steal-your-fire/
   tags: prometheus
 

misconfiguration/springboot/springboot-threaddump.yaml

@@ -4,7 +4,7 @@ info:
   name: Detect Springboot Thread Dump page
   author: philippedelteil
   severity: low
-  description: The threaddump endpoint provides a thread dump from the application’s JVM.
+  description: The threaddump endpoint provides a thread dump from the application's JVM.
   reference: https://docs.spring.io/spring-boot/docs/2.4.11-SNAPSHOT/actuator-api/htmlsingle/#threaddump
   tags: springboot
 

takeovers/intercom-takeover.yaml

@@ -16,5 +16,5 @@ requests:
       - type: word
         words:
           - 'This page is reserved for artistic dogs.'
-          - '<h1 class="headline">Uh oh. That page doesn’t exist.</h1>'
+          - '<h1 class="headline">Uh oh. That page doesn't exist.</h1>'
         condition: and

vulnerabilities/other/netgear-router-auth-bypass.yaml

@@ -4,7 +4,7 @@ info:
   name: NETGEAR DGN2200v1 Router Authentication Bypass
   author: gy741
   severity: high
-  description: NETGEAR DGN2200v1 Router does not require authentication if a page has “.jpg”, “.gif”, or “ess_” substrings, however matches the entire URL. Any page on the device can therefore be accessed, including those that require authentication, by appending a GET variable with the relevant substring (e.g., “?.gif”).
+  description: NETGEAR DGN2200v1 Router does not require authentication if a page has ".jpg", ".gif", or "ess_" substrings, however matches the entire URL. Any page on the device can therefore be accessed, including those that require authentication, by appending a GET variable with the relevant substring (e.g., "?.gif").
   reference:
     - https://www.microsoft.com/security/blog/2021/06/30/microsoft-finds-new-netgear-firmware-vulnerabilities-that-could-lead-to-identity-theft-and-full-system-compromise/
     - https://kb.netgear.com/000062646/Security-Advisory-for-Multiple-HTTPd-Authentication-Vulnerabilities-on-DGN2200v1

vulnerabilities/wordpress/wordpress-affiliatewp-log.yaml

@@ -1,7 +1,7 @@
 id: wordpress-affiliatewp-log
 
 info:
-  name: WordPress Plugin "AffiliateWP – Allowed Products" Log Disclosure
+  name: WordPress Plugin "AffiliateWP -- Allowed Products" Log Disclosure
   author: dhiyaneshDK
   severity: low
   tags: wordpress,log,plugin

vulnerabilities/wordpress/wp-vault-lfi.yaml

@@ -1,7 +1,7 @@
 id: wp-vault-local-file-inclusion
 
 info:
-  name: WP Vault 0.8.6.6 – Local File Inclusion
+  name: WP Vault 0.8.6.6 Local File Inclusion
   author: 0x_Akoko
   severity: high
   reference: https://www.exploit-db.com/exploits/40850