Merge pull request #4686 from MostInterestingBotInTheWorld/dashboard

Dashboard Content Enhancements
2022-07-02 17:28:11 +05:30 · 2022-07-02 17:28:11 +05:30 · a359b681e1
parent 3dbd1364b3 d8fe1dae5c
commit a359b681e1
38 changed files with 261 additions and 158 deletions
--- a/cves/2020/CVE-2020-35580.yaml
+++ b/cves/2020/CVE-2020-35580.yaml
@ -1,13 +1,14 @@
 id: CVE-2020-35580
 info:
-  name: SearchBlox < 9.2.2 - Local File Inclusion (LFI)
+  name: SearchBlox <9.2.2 - Local File Inclusion
  author: daffainfo
  severity: high
-  description: Local File Inclusion vulnerability in the FileServlet in all SearchBlox before 9.2.2 allows remote, unauthenticated users to read arbitrary files from the operating system via a /searchblox/servlet/FileServlet?col=url= request. Additionally, this may be used to read the contents of the SearchBlox configuration file (e.g., searchblox/WEB-INF/config.xml), which contains both the Super Admin API key and the base64 encoded SHA1 password hashes of other SearchBlox users.
+  description: SearchBlox prior to version 9.2.2 is susceptible to local file inclusion in  FileServlet that allows remote, unauthenticated users to read arbitrary files from the operating system via a /searchblox/servlet/FileServlet?col=url= request. Additionally, this may be used to read the contents of the SearchBlox configuration file (e.g., searchblox/WEB-INF/config.xml), which contains both the Super Admin API key and the base64 encoded SHA1 password hashes of other SearchBlox users.
  reference:
    - https://hateshape.github.io/general/2021/05/11/CVE-2020-35580.html
    - https://developer.searchblox.com/docs/getting-started-with-searchblox
    - https://nvd.nist.gov/vuln/detail/CVE-2020-35580
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
@ -22,6 +23,8 @@ requests:
    matchers:
      - type: regex
        part: body
        regex:
          - "root:.*:0:0:"
-        part: body
+
 # Enhanced by mp on 2022/06/28
--- a/cves/2020/CVE-2020-35598.yaml
+++ b/cves/2020/CVE-2020-35598.yaml
@ -1,20 +1,20 @@
 id: CVE-2020-35598
 info:
-  name: Advanced Comment System 1.0 - Path Traversal
+  name: Advanced Comment System 1.0 - Local File Inclusion
  author: daffainfo
  severity: high
-  description: ACS Advanced Comment System 1.0 is affected by Directory Traversal via an advanced_component_system/index.php?ACS_path=..%2f URI.
+  description: ACS Advanced Comment System 1.0 is affected by local file inclusion via an advanced_component_system/index.php?ACS_path=..%2f URI.
  reference:
    - https://www.exploit-db.com/exploits/49343
    - https://www.cvedetails.com/cve/CVE-2020-35598
    - https://seclists.org/fulldisclosure/2020/Dec/13
    - https://nvd.nist.gov/vuln/detail/CVE-2020-35598
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2020-35598
    cwe-id: CWE-22
-  tags: cve,cve2020,lfi
+  tags: cve,cve2020,lfi,acs
 requests:
  - method: GET
@ -31,3 +31,5 @@ requests:
      - type: status
        status:
          - 200
 # Enhanced by mp on 2022/06/28
--- a/cves/2020/CVE-2020-35736.yaml
+++ b/cves/2020/CVE-2020-35736.yaml
@ -1,10 +1,10 @@
 id: CVE-2020-35736
 info:
-  name: GateOne 1.1 - Arbitrary File Retrieval
+  name: GateOne 1.1 - Local File Inclusion
  author: pikpikcu
  severity: high
-  description: GateOne 1.1 allows arbitrary file retrieval without authentication via /downloads/.. directory traversal because os.path.join is incorrectly used.
+  description: GateOne 1.1 allows arbitrary file retrieval without authentication via /downloads/.. local file inclusion because os.path.join is incorrectly used.
  reference:
    - https://github.com/liftoff/GateOne/issues/747
    - https://nvd.nist.gov/vuln/detail/CVE-2020-35736
@ -30,3 +30,5 @@ requests:
      - type: status
        status:
          - 200
 # Enhanced by mp on 2022/06/28
--- a/cves/2020/CVE-2020-35749.yaml
+++ b/cves/2020/CVE-2020-35749.yaml
@ -1,10 +1,10 @@
 id: CVE-2020-35749
 info:
-  name: Simple Job Board < 2.9.4 -Arbitrary File Retrieval (Authenticated)
+  name: WordPress Simple Job Board <2.9.4 - Local File Inclusion
  author: cckuailong
  severity: high
-  description: The plugin does not validate the sjb_file parameter when viewing a resume, allowing authenticated user with the download_resume capability (such as HR users) to download arbitrary files from the web-server via a path traversal attack.
+  description: WordPress Simple Job Board prior to version 2.9.4 is vulnerable to arbitrary file retrieval vulnerabilities because it does not validate the sjb_file parameter when viewing a resume, allowing an authenticated user with the download_resume capability (such as HR users) to download arbitrary files from the web-server via local file inclusion.
  reference:
    - https://wpscan.com/vulnerability/eed3bd69-2faf-4bc9-915c-c36211ef9e2d
    - https://nvd.nist.gov/vuln/detail/CVE-2020-35749
@ -27,9 +27,11 @@ requests:
        Cookie: wordpress_test_cookie=WP%20Cookie%20check
        log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1
      - |
        GET /wp-admin/post.php?post=372&action=edit&sjb_file=../../../../etc/passwd HTTP/1.1
        Host: {{Hostname}}
    cookie-reuse: true
    matchers-condition: and
    matchers:
@ -40,3 +42,5 @@ requests:
      - type: status
        status:
          - 200
 # Enhanced by mp on 2022/06/28
--- a/cves/2020/CVE-2020-4463.yaml
+++ b/cves/2020/CVE-2020-4463.yaml
@ -1,12 +1,12 @@
 id: CVE-2020-4463
 info:
-  name: IBM Maximo Asset Management Information Disclosure via XXE
+  name: IBM Maximo Asset Management Information Disclosure - XML External Entity Injection
  author: dwisiswant0
  severity: high
  description: |
    IBM Maximo Asset Management is vulnerable to an
-    XML External Entity Injection (XXE) attack when processing XML data.
+    XML external entity injection (XXE) attack when processing XML data.
    A remote attacker could exploit this vulnerability to expose
    sensitive information or consume memory resources.
  reference:
@ -14,6 +14,7 @@ info:
    - https://github.com/Ibonok/CVE-2020-4463
    - https://exchange.xforce.ibmcloud.com/vulnerabilities/181484
    - https://www.ibm.com/support/pages/node/6253953
    - https://nvd.nist.gov/vuln/detail/CVE-2020-4463
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
    cvss-score: 8.2
@ -33,14 +34,19 @@ requests:
      </max:QueryMXPERSON>
    headers:
      Content-Type: application/xml
    matchers-condition: and
    matchers:
      - type: word
-        words:
+        part: body
          - "application/xml"
        part: header
      - type: word
        words:
          - "QueryMXPERSONResponse"
          - "MXPERSONSet"
-        part: body
+
      - type: word
        part: header
        words:
          - "application/xml"
 # Enhanced by mp on 2022/06/28
--- a/cves/2020/CVE-2020-5410.yaml
+++ b/cves/2020/CVE-2020-5410.yaml
@ -1,13 +1,13 @@
 id: CVE-2020-5410
 info:
-  name: Directory Traversal in Spring Cloud Config Server
+  name: Spring Cloud Config Server - Local File Inclusion
  author: mavericknerd
  severity: high
-  description: Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server
+  description: Spring Cloud Config Server versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user or attacker can send a request using a specially crafted URL that can lead to a local file inclusion attack.
    module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory traversal attack.
  reference:
    - https://tanzu.vmware.com/security/cve-2020-5410
    - https://nvd.nist.gov/vuln/detail/CVE-2020-5410
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
@ -19,12 +19,17 @@ requests:
  - method: GET
    path:
      - "{{BaseURL}}/..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252Fetc%252Fpasswd%23foo/development"
    matchers-condition: and
    matchers:
      - type: regex
        part: body
        regex:
          - "root:.*:0:0:"
      - type: status
        status:
          - 200
-      - type: regex
+
-        regex:
+# Enhanced by mp on 2022/06/28
          - "root:.*:0:0:"
        part: body
--- a/cves/2020/CVE-2020-5776.yaml
+++ b/cves/2020/CVE-2020-5776.yaml
@ -1,12 +1,13 @@
 id: CVE-2020-5776
 info:
-  name: Cross Site Request Forgery (CSRF) in MAGMI (Magento Mass Importer) Plugin
+  name: MAGMI - Cross-Site Request Forgery
  author: dwisiswant0
  severity: high
-  description: Currently, all versions of MAGMI are vulnerable to CSRF due to the lack of CSRF tokens. RCE (via phpcli command) is possible in the event that a CSRF is leveraged against an existing admin session for MAGMI.
+  description: MAGMI (Magento Mass Importer) is vulnerable to cross-site request forgery (CSRF) due to a lack of CSRF tokens. Remote code execution (via phpcli command) is also possible in the event that CSRF is leveraged against an existing admin session.
  reference:
    - https://www.tenable.com/security/research/tra-2020-51
    - https://nvd.nist.gov/vuln/detail/CVE-2020-5776
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
    cvss-score: 8.8
@ -45,4 +46,6 @@ requests:
        condition: and
      - type: status
        status:
-          - 200
+          - 200
 # Enhanced by mp on 2022/06/28
--- a/cves/2020/CVE-2020-7943.yaml
+++ b/cves/2020/CVE-2020-7943.yaml
@ -1,21 +1,21 @@
 id: CVE-2020-7943
 info:
-  name: Puppet Server and PuppetDB sensitive information disclosure
+  name: Puppet Server/PuppetDB - Sensitive Information Disclosure
  author: c-sh0
  severity: high
-  description: Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints, which may contain sensitive information
+  description: Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints, which may contain sensitive information when left exposed.
  reference:
    - https://puppet.com/security/cve/CVE-2020-7943
    - https://nvd.nist.gov/vuln/detail/CVE-2020-7943
    - https://tickets.puppetlabs.com/browse/PDB-4876
    - https://puppet.com/security/cve/CVE-2020-7943/
    - https://nvd.nist.gov/vuln/detail/CVE-2020-7943
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2020-7943
    cwe-id: CWE-276
-  tags: cve,cve2020,puppet,exposure
+  tags: cve,cve2020,puppet,exposure,puppetdb
 requests:
  - method: GET
@ -24,16 +24,18 @@ requests:
    matchers-condition: and
    matchers:
-      - type: status
+
-        status:
+      - type: word
-          - 200
+        part: body
        words:
          - "trapperkeeper"
      - type: word
        part: header
        words:
          - "application/json"
-      - type: word
+      - type: status
-        part: body
+        status:
-        words:
+          - 200
-          - "trapperkeeper"
+# Enhanced by mp on 2022/06/28
--- a/cves/2020/CVE-2020-8163.yaml
+++ b/cves/2020/CVE-2020-8163.yaml
@ -1,15 +1,16 @@
 id: CVE-2020-8163
 info:
-  name: Potential Remote Code Execution on Rails
+  name: Ruby on Rails <5.0.1 - Remote Code Execution
  author: tim_koopmans
  severity: high
-  description: Tests for ability to pass user parameters as local variables into partials
+  description: Ruby on Rails before version 5.0.1 is susceptible to remote code execution because it passes user parameters as local variables into partials.
  reference:
    - https://web.archive.org/web/20201029105442/https://correkt.horse/ruby/2020/08/22/CVE-2020-8163/
    - https://hackerone.com/reports/304805
    - https://groups.google.com/g/rubyonrails-security/c/hWuKcHyoKh0
    - https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html
    - https://nvd.nist.gov/vuln/detail/CVE-2020-8163
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 8.8
@ -21,12 +22,17 @@ requests:
  - method: GET
    path:
      - "{{BaseURL}}?IO.popen(%27cat%20%2Fetc%2Fpasswd%27).read%0A%23"
    matchers-condition: and
    matchers:
      - type: regex
        part: body
        regex:
          - "root:.*:0:0:"
      - type: status
        status:
          - 200
-      - type: regex
+
-        regex:
+# Enhanced by mp on 2022/06/28
          - "root:.*:0:0:"
        part: body
--- a/cves/2020/CVE-2020-8209.yaml
+++ b/cves/2020/CVE-2020-8209.yaml
@ -1,39 +1,40 @@
 id: CVE-2020-8209
 info:
-  name: Citrix XenMobile Server Path Traversal
+  name: Citrix XenMobile Server - Local File Inclusion
  author: dwisiswant0
  severity: high
  description: |
-    Improper access control in Citrix XenMobile Server 10.12 before RP2,
+    Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6, and Citrix XenMobile Server before 10.9 RP5 are susceptible to local file inclusion vulnerabilities.
    Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10
    before RP6 and Citrix XenMobile Server before 10.9 RP5 and leads to the ability to read arbitrary files.
    reference:
    - https://swarm.ptsecurity.com/path-traversal-on-citrix-xenmobile-server/
  reference:
    - https://support.citrix.com/article/CTX277457
    - https://nvd.nist.gov/vuln/detail/CVE-2020-8209
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2020-8209
    cwe-id: CWE-22
-  tags: cve,cve2020,citrix,lfi
+  tags: cve,cve2020,citrix,lfi,xenmobile
 requests:
  - method: GET
    path:
      - "{{BaseURL}}/jsp/help-sb-download.jsp?sbFileName=../../../etc/passwd"
    matchers-condition: and
    matchers:
      - type: regex
        part: body
        regex:
          - "root:.*:0:0:"
-        part: body
+
      - type: word
        part: header
        words:
          - "fileDownload=true"
          - "application/octet-stream"
          - "attachment;"
        condition: and
-        part: header
+
 # Enhanced by mp on 2022/06/28
--- a/cves/2020/CVE-2020-8641.yaml
+++ b/cves/2020/CVE-2020-8641.yaml
@ -4,17 +4,17 @@ info:
  name: Lotus Core CMS 1.0.1 - Local File Inclusion
  author: 0x_Akoko
  severity: high
-  description: Lotus Core CMS 1.0.1 allows authenticated Local File Inclusion of .php files via directory traversal in the index.php page_slug parameter.
+  description: Lotus Core CMS 1.0.1 allows authenticated local file inclusion of .php files via directory traversal in the index.php page_slug parameter.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2020-8641
    - https://cxsecurity.com/issue/WLB-2020010234
    - https://www.exploit-db.com/exploits/47985
    - https://nvd.nist.gov/vuln/detail/CVE-2020-8641
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 8.8
    cve-id: CVE-2020-8641
    cwe-id: CWE-22
-  tags: cve,cve2020,lfi,lotus
+  tags: cve,cve2020,lfi,lotus,cms
 requests:
  - method: GET
@ -31,3 +31,5 @@ requests:
      - type: status
        status:
          - 200
 # Enhanced by mp on 2022/06/28
--- a/cves/2021/CVE-2021-21311.yaml
+++ b/cves/2021/CVE-2021-21311.yaml
@ -31,7 +31,7 @@ requests:
      - type: word
        part: body
        words:
-          - "<title>400 - Bad Request</title>"
+          - "&lt;title&gt;400 - Bad Request&lt;/title&gt;"
      - type: status
        status:
--- a/cves/2021/CVE-2021-32819.yaml
+++ b/cves/2021/CVE-2021-32819.yaml
@ -1,17 +1,16 @@
 id: CVE-2021-32819
 info:
-  name: Nodejs squirrelly template engine RCE
+  name: Nodejs Squirrelly - Remote Code Execution
  author: pikpikcu
  severity: high
  description: |
-    Squirrelly is a template engine implemented in JavaScript that works out of the box with ExpressJS. Squirrelly mixes pure template data with engine configuration
+    Nodejs Squirrelly is susceptible to remote code execution. Squirrelly is a template engine implemented in JavaScript that works out of the box with ExpressJS. Squirrelly mixes pure template data with engine configuration options through the Express render API. By overwriting internal configuration options remote code execution may be triggered in downstream applications. There is currently no fix for these issues as of the publication of this CVE. The latest version of squirrelly is currently 8.0.8. For complete details refer to the referenced GHSL-2021-023.
    options through the Express render API. By overwriting internal configuration options remote code execution may be triggered in downstream applications. There is
    currently no fix for these issues as of the publication of this CVE. The latest version of squirrelly is currently 8.0.8. For complete details refer to the referenced GHSL-2021-023.
  reference:
    - https://securitylab.github.com/advisories/GHSL-2021-023-squirrelly/
    - https://www.linuxlz.com/aqld/2331.html
    - https://blog.diefunction.io/vulnerabilities/ghsl-2021-023
    - https://nvd.nist.gov/vuln/detail/CVE-2021-32819
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
    cvss-score: 8.8
@ -27,4 +26,6 @@ requests:
      - type: word
        part: interactsh_protocol # Confirms the HTTP Interaction
        words:
-          - "http"
+          - "http"
 # Enhanced by mp on 2022/06/30
--- a/cves/2021/CVE-2021-32820.yaml
+++ b/cves/2021/CVE-2021-32820.yaml
@ -1,14 +1,15 @@
 id: CVE-2021-32820
 info:
-  name: Express-handlebars Path Traversal
+  name: Express-handlebars - Local File Inclusion
  author: dhiyaneshDk
  severity: high
-  description: Express-handlebars is a Handlebars view engine for Express. Express-handlebars mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file disclosure vulnerabilities in downstream applications. This potential vulnerability is somewhat restricted in that only files with existing extensions (i.e., file.extension) can be included. Files that lack an extension will have .handlebars appended to them. For complete details refer to the referenced GHSL-2021-018 report. Notes in documentation have been added to help users avoid this potential information exposure vulnerability.
+  description: Express-handlebars is susceptible to local file inclusion because it mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file disclosure vulnerabilities in downstream applications. This potential vulnerability is somewhat restricted in that only files with existing extensions (i.e., file.extension) can be included. Files that lack an extension will have .handlebars appended to them. For complete details refer to the referenced GHSL-2021-018 report. Notes in documentation have been added to help users avoid this potential information exposure vulnerability.
  reference:
    - https://securitylab.github.com/advisories/GHSL-2021-018-express-handlebars/
    - https://github.com/detectify/ugly-duckling/blob/master/modules/crowdsourced/CVE-2021-32820.json
    - https://github.com/express-handlebars/express-handlebars/pull/163
    - https://nvd.nist.gov/vuln/detail/CVE-2021-32820
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
    cvss-score: 8.6
@ -23,14 +24,16 @@ requests:
    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200
      - type: regex
        part: body
        regex:
          - "root:.*:0:0:"
          - "daemon:[x*]:0:0:"
          - "operator:[x*]:0:0:"
        part: body
        condition: or
      - type: status
        status:
          - 200
 # Enhanced by mp on 2022/06/30
--- a/cves/2021/CVE-2021-3297.yaml
+++ b/cves/2021/CVE-2021-3297.yaml
@ -4,12 +4,12 @@ info:
  name: Zyxel NBG2105 V1.00(AAGU.2)C0 - Authentication Bypass
  author: gy741
  severity: high
-  description: On Zyxel NBG2105 V1.00(AAGU.2)C0 devices, setting the login cookie to 1 provides administrator access.
+  description: Zyxel NBG2105 V1.00(AAGU.2)C0 devices are susceptible to authentication bypass vulnerabilities because setting the login cookie to 1 provides administrator access.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2021-3297
    - https://github.com/nieldk/vulnerabilities/blob/main/zyxel%20nbg2105/Admin%20bypass
    - https://www.zyxel.com/us/en/support/security_advisories.shtml
    - https://www.zyxel.com/support/SupportLandingSR.shtml?c=gb&l=en&kbid=M-01490&md=NBG2105
    - https://nvd.nist.gov/vuln/detail/CVE-2021-3297
  classification:
    cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 7.8
@ -26,9 +26,6 @@ requests:
    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200
      - type: word
        words:
@ -36,3 +33,9 @@ requests:
          - "Firmware Version"
          - "Firmware Build Time"
        condition: and
      - type: status
        status:
          - 200
 # Enhanced by mp on 2022/06/30
--- a/cves/2021/CVE-2021-33544.yaml
+++ b/cves/2021/CVE-2021-33544.yaml
@ -1,14 +1,15 @@
 id: CVE-2021-33544
 info:
-  name: Geutebruck RCE
+  name: Geutebruck - Remote Command Injection
  author: gy741
  severity: high
-  description: Multiple vulnerabilities in the web-based management interface of Geutebruck could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device.
+  description: Geutebruck is susceptible to multiple vulnerabilities its web-based management interface that could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device.
  reference:
    - https://www.randorisec.fr/udp-technology-ip-camera-vulnerabilities/
    - https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/
    - https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03
    - https://nvd.nist.gov/vuln/detail/CVE-2021-33544
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 7.2
@ -28,3 +29,5 @@ requests:
        part: interactsh_protocol # Confirms the HTTP Interaction
        words:
          - "http"
 # Enhanced by mp on 2022/06/30
--- a/cves/2021/CVE-2021-34805.yaml
+++ b/cves/2021/CVE-2021-34805.yaml
@ -4,12 +4,12 @@ info:
  name: FAUST iServer 9.0.018.018.4 - Local File Inclusion
  author: 0x_Akoko
  severity: high
-  description: An issue was discovered in FAUST iServer before 9.0.019.019.7. For each URL request, it accesses the corresponding .fau file on the operating system without preventing %2e%2e%5c directory traversal.
+  description: FAUST iServer before 9.0.019.019.7 is susceptible to local file inclusion because for each URL request it accesses the corresponding .fau file on the operating system without preventing %2e%2e%5c directory traversal.
  reference:
    - https://cxsecurity.com/issue/WLB-2022010120
    - https://www.cvedetails.com/cve/CVE-2021-34805
    - http://packetstormsecurity.com/files/165701/FAUST-iServer-9.0.018.018.4-Local-File-Inclusion.html
    - http://www.land-software.de/lfs.fau?prj=iweb&dn=faust+iserver
    - https://nvd.nist.gov/vuln/detail/CVE-2021-34805
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
@ -34,4 +34,6 @@ requests:
      - type: status
        status:
-          - 200
+          - 200
 # Enhanced by mp on 2022/06/30
--- a/cves/2021/CVE-2021-36748.yaml
+++ b/cves/2021/CVE-2021-36748.yaml
@ -1,15 +1,15 @@
 id: CVE-2021-36748
 info:
-  name: PrestaHome Blog for PrestaShop - SQL Injection
+  name: PrestaHome Blog for PrestaShop <1.7.8 - SQL Injection
  author: whoever
  severity: high
-  description: Blog for PrestaShop by PrestaHome < 1.7.8 is vulnerable to a SQL injection (blind) via sb_category parameter.
+  description: PrestaHome Blog for PrestaShop prior to version 1.7.8 is vulnerable to a SQL injection (blind) via the sb_category parameter.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2021-36748
    - https://blog.sorcery.ie/posts/ph_simpleblog_sqli/
    - https://alysum5.promokit.eu/promokit/documentation/blog/
    - https://blog.sorcery.ie
    - https://nvd.nist.gov/vuln/detail/CVE-2021-36748
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
@ -36,4 +36,6 @@ requests:
          - 'contains(body_1, "prestashop")'
          - "contains(tolower(all_headers_2), 'index.php?controller=404')"
          - "len(body_2) == 0"
-        condition: and
+        condition: and
 # Enhanced by mp on 2022/06/30
--- a/cves/2021/CVE-2021-37589.yaml
+++ b/cves/2021/CVE-2021-37589.yaml
@ -1,23 +1,23 @@
 id: CVE-2021-37589
 info:
-  name: Virtua Software Cobrança - Firebird Blind SQL Injection
+  name: Virtua Software Cobranca <12R - Blind SQL Injection
  author: princechaddha
  severity: high
  description: |
-    Virtua Cobranca before 12R allows SQL Injection on the login page.
+    Virtua Cobranca before 12R allows blind SQL injection on the login page.
  reference:
    - https://github.com/luca-regne/my-cves/tree/main/CVE-2021-37589
    - https://www.virtuasoftware.com.br/
    - https://nvd.nist.gov/vuln/detail/CVE-2021-37589
    - https://www.virtuasoftware.com.br/conteudo.php?content=downloads&lang=pt-br
    - https://nvd.nist.gov/vuln/detail/CVE-2021-37589
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2021-37589
    cwe-id: CWE-89
  metadata:
    verified: true
    shodan-query: http.favicon.hash:876876147
    verified: "true"
  tags: cve,cve2021,virtua,sqli
 requests:
@ -47,12 +47,15 @@ requests:
    req-condition: true
    matchers-condition: and
    matchers:
      - type: dsl
        dsl:
          - "status_code_2 == 500 && status_code_3 == 200"
      - type: dsl
        dsl:
          - 'contains(body_3, "Os parametros não estão informados corretamente")'
          - 'contains(body_3, "O CNPJ dos parametro não está informado corretamente")'
        condition: or
      - type: dsl
        dsl:
          - "status_code_2 == 500 && status_code_3 == 200"
 # Enhanced by mp on 2022/06/30
--- a/cves/2021/CVE-2021-39312.yaml
+++ b/cves/2021/CVE-2021-39312.yaml
@ -1,22 +1,22 @@
 id: CVE-2021-39312
 info:
-  name: True Ranker < 2.2.4 - Unauthenticated Arbitrary File Access via Path Traversal
+  name: WordPress True Ranker <2.2.4 - Local File Inclusion
  author: DhiyaneshDK
  severity: high
-  description: The plugin allows arbitrary files, including sensitive configuration files such as wp-config.php, to be accessed via the src parameter found in the ~/admin/vendor/datatables/examples/resources/examples.php file.
+  description: WordPress True Ranker before version 2.2.4 allows sensitive configuration files such as wp-config.php, to be accessed via the src parameter found in the ~/admin/vendor/datatables/examples/resources/examples.php file via local file inclusion.
  reference:
    - https://wpscan.com/vulnerability/d48e723c-e3d1-411e-ab8e-629fe1606c79
    - https://nvd.nist.gov/vuln/detail/CVE-2021-39312
    - https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39312
    - https://plugins.trac.wordpress.org/browser/seo-local-rank/tags/2.2.2/admin/vendor/datatables/examples/resources/examples.php
    - https://nvd.nist.gov/vuln/detail/CVE-2021-39312
  remediation: Fixed in version 2.2.4
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2021-39312
    cwe-id: CWE-22,CWE-22
-  tags: lfi,wp,wordpress,wp-plugin,unauth,lfr,cve,cve2021
+  tags: cve,cve2021,lfi,wp,wordpress,wp-plugin,unauth,lfr
 requests:
  - raw:
@ -40,3 +40,5 @@ requests:
      - type: status
        status:
          - 200
 # Enhanced by mp on 2022/06/30
--- a/cves/2021/CVE-2021-39316.yaml
+++ b/cves/2021/CVE-2021-39316.yaml
@ -1,21 +1,22 @@
 id: CVE-2021-39316
 info:
-  name: Wordpress DZS Zoomsounds <= 6.50 - Arbitrary File Retrieval
+  name: WordPress DZS Zoomsounds <=6.50 - Local File Inclusion
  author: daffainfo
  severity: high
-  description: The Zoomsounds plugin <= 6.45 for WordPress allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the `dzsap_download` action using a directory traversal in the `link` parameter.
+  description: WordPress Zoomsounds plugin 6.45 and earlier allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the `dzsap_download` action using directory traversal in the `link` parameter.
  reference:
    - https://wpscan.com/vulnerability/d2d60cf7-e4d3-42b6-8dfe-7809f87547bd
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39316
    - https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39316
    - http://packetstormsecurity.com/files/165146/WordPress-DZS-Zoomsounds-6.45-Arbitrary-File-Read.html
    - https://nvd.nist.gov/vuln/detail/CVE-2021-39316
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2021-39316
    cwe-id: CWE-22
-  tags: wordpress,cve2021,cve,lfi,wp-plugin,zoomsounds
+  tags: cve,cve2021,wp,wordpress,lfi,wp-plugin,zoomsounds
 requests:
  - method: GET
@ -32,3 +33,5 @@ requests:
      - type: status
        status:
          - 200
 # Enhanced by mp on 2022/06/30
--- a/cves/2021/CVE-2021-40149.yaml
+++ b/cves/2021/CVE-2021-40149.yaml
@ -1,11 +1,11 @@
 id: CVE-2021-40149
 info:
-  name: Reolink E1 Zoom Camera - Rsa Key Information Disclosure
+  name: Reolink E1 Zoom Camera <=3.0.0.716 - Private Key Disclosure
  author: For3stCo1d
  severity: high
  description: |
-    Reolink E1 Zoom Camera versions 3.0.0.716 and below suffer from a private key disclosure vulnerability.
+    Reolink E1 Zoom Camera versions 3.0.0.716 and below suffer from a private key (RSA) disclosure vulnerability.
  reference:
    - https://dl.packetstormsecurity.net/2206-exploits/reolinke1key-disclose.txt
    - https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2021-40149.txt
@ -33,3 +33,5 @@ requests:
      - type: status
        status:
          - 200
 # Enhanced by mp on 2022/06/30
--- a/cves/2021/CVE-2021-40822.yaml
+++ b/cves/2021/CVE-2021-40822.yaml
@ -1,15 +1,15 @@
 id: CVE-2021-40822
 info:
-  name: Geoserver - SSRF
+  name: Geoserver - Server-Side Request Forgery
  author: For3stCo1d
  severity: high
-  description: GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via the option for setting a proxy host.
+  description: GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows server-side request forgery via the option for setting a proxy host.
  reference:
    - https://gccybermonks.com/posts/cve-2021-40822/
    - https://github.com/geoserver/geoserver/compare/2.19.2...2.19.3
    - https://nvd.nist.gov/vuln/detail/CVE-2021-40822
    - https://github.com/geoserver/geoserver/releases
    - https://nvd.nist.gov/vuln/detail/CVE-2021-40822
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
@ -18,7 +18,7 @@ info:
  metadata:
    fofa-query: app="GeoServer"
    verified: "true"
-  tags: cve2021,ssrf,geoserver,cve
+  tags: cve,cve2021,ssrf,geoserver
 requests:
  - raw:
@ -43,3 +43,5 @@ requests:
      - type: status
        status:
          - 200
 # Enhanced by mp on 2022/06/30
--- a/cves/2021/CVE-2021-41282.yaml
+++ b/cves/2021/CVE-2021-41282.yaml
@ -1,13 +1,17 @@
 id: CVE-2021-41282
 info:
-  name: pfSense Arbitrary File Write to RCE
+  name: pfSense - Arbitrary File Write
  author: cckuailong
  severity: high
-  description: diag_routes.php in pfSense 2.5.2 allows sed data injection. Authenticated users are intended to be able to view data about the routes set in the firewall. The data is retrieved by executing the netstat utility, and then its output is parsed via the sed utility. Although the common protection mechanisms against command injection (i.e., the usage of the escapeshellarg function for the arguments) are used, it is still possible to inject sed-specific code and write an arbitrary file in an arbitrary location.
+  description: |
    diag_routes.php in pfSense 2.5.2 allows sed data injection. Authenticated users are intended to be able to view data about the routes set in the firewall. The data is retrieved by executing the netstat utility, and then its output is parsed via the sed utility. Although the common protection mechanisms against command injection (e.g., the usage of the escapeshellarg function for the arguments) are used, it is still possible to inject sed-specific code and write an arbitrary file in an arbitrary location.
  remediation: |
    Upgrade to pfSense CE software version 2.6.0 or later, or pfSense Plus software version 22.01 or later.
  reference:
    - https://www.shielder.it/advisories/pfsense-remote-command-execution/
    - https://www.rapid7.com/db/modules/exploit/unix/http/pfsense_diag_routes_webshell/
    - https://docs.netgate.com/downloads/pfSense-SA-22_02.webgui.asc
    - https://nvd.nist.gov/vuln/detail/CVE-2021-41282
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
@ -52,4 +56,6 @@ requests:
        dsl:
          - "contains(body, 'c3959e8a43f1b39b0d1255961685a238')"
          - "status_code==200"
-        condition: and
+        condition: and
 # Enhanced by cs 06/30/2022
--- a/cves/2021/CVE-2021-42192.yaml
+++ b/cves/2021/CVE-2021-42192.yaml
@ -1,18 +1,18 @@
-id: CVE-2021-44103
+id: CVE-2021-42192
 info:
-  name: KOGA 0.14.9 - Privilege Escalation
+  name: KONGA 0.14.9 - Privilege Escalation
  author: rschio
  severity: high
-  description: Vertical Privilege Escalation in KONGA 0.14.9 allows attackers to higher privilege users to full administration access. The attack vector is a crafted condition, as demonstrated by the /api/user/{ID} at ADMIN parameter.
+  description: KONGA 0.14.9 allows attackers to set higher privilege users to full administration access. The attack vector is a crafted condition, as demonstrated by the /api/user/{ID} at ADMIN parameter.
  reference:
    - http://n0hat.blogspot.com/2021/11/konga-0149-privilege-escalation-exploit.html
    - https://www.exploit-db.com/exploits/50521
-    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-44103
+    - hhttps://nvd.nist.gov/vuln/detail/CVE-2021-42192
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 8.8
-    cve-id: CVE-2021-44103
+    cve-id: CVE-2021-42192
    cwe-id: CWE-269
  tags: cve,cve2021,konga,authenticated
@ -77,3 +77,5 @@ requests:
        group: 1
        regex:
          - '"token":"(.*)"'
 # Enhanced by mp on 2022/06/30
--- a/cves/2021/CVE-2021-45968.yaml
+++ b/cves/2021/CVE-2021-45968.yaml
@ -1,16 +1,16 @@
 id: CVE-2021-45968
 info:
-  name: Pascom CPS Path Traversal
+  name: Pascom CPS  - Local File Inclusion
  author: dwisiswant0
  severity: high
  description: |
-    Pascom version packaged with Cloud Phone System (CPS)
+    Pascom packaged with Cloud Phone System (CPS) versions before 7.20 contain a known local file inclusion vulnerability.
    versions before 7.20 contains a known path traversal issue
  reference:
    - https://kerbit.io/research/read/blog/4
    - https://www.pascom.net/doc/en/release-notes/
    - https://tutorialboy24.blogspot.com/2022/03/the-story-of-3-bugs-that-lead-to.html
    - https://nvd.nist.gov/vuln/detail/CVE-2021-45968
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
@ -37,5 +37,7 @@ requests:
      - type: dsl
        dsl:
          - "status_code_2 != status_code_1"
-          - "contains(body_2, 'pascom GmbH &amp; Co KG') || contains(body_3, 'pascom GmbH &amp; Co KG')" # Verifying CMS
+          - "contains(body_2, 'pascom GmbH & Co KG') || contains(body_3, 'pascom GmbH & Co KG')" # Verifying CMS
-        condition: and
+        condition: and
 # Enhanced by mp on 2022/06/29
--- a/cves/2021/CVE-2021-46381.yaml
+++ b/cves/2021/CVE-2021-46381.yaml
@ -4,17 +4,17 @@ info:
  name: D-Link DAP-1620 - Local File Inclusion
  author: 0x_Akoko
  severity: high
-  description: Local File Inclusion due to path traversal in D-Link DAP-1620 leads to unauthorized internal files reading [/etc/passwd] and [/etc/shadow].
+  description: D-Link DAP-1620 is susceptible to local file Inclusion due to path traversal that can  lead to unauthorized internal files reading [/etc/passwd] and [/etc/shadow].
  reference:
    - https://drive.google.com/drive/folders/19OP09msw8l7CJ622nkvnvnt7EKun1eCG?usp=sharing
    - https://www.cvedetails.com/cve/CVE-2021-46381/
    - https://www.dlink.com/en/security-bulletin/
    - https://nvd.nist.gov/vuln/detail/CVE-2021-46381
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2021-46381
    cwe-id: CWE-22
-  tags: cve,cve2021,dlink,lfi
+  tags: cve,cve2021,dlink,lfi,router
 requests:
  - method: POST
@ -28,3 +28,5 @@ requests:
        part: body
        regex:
          - "root:.*:0:0:"
 # Enhanced by mp on 2022/06/29
--- a/cves/2021/CVE-2021-46417.yaml
+++ b/cves/2021/CVE-2021-46417.yaml
@ -1,22 +1,23 @@
 id: CVE-2021-46417
 info:
-  name: Franklin Fueling Systems Colibri Controller Module - Local File Inclusion
+  name: Franklin Fueling Systems Colibri Controller Module 1.8.19.8580 - Local File Inclusion
  author: For3stCo1d
  severity: high
  description: |
-    Insecure handling of a download function leads to disclosure of internal files due to path traversal with root privileges in Franklin Fueling Systems Colibri Controller Module 1.8.19.8580.
+    Franklin Fueling Systems Colibri Controller Module 1.8.19.8580 is susceptible to local file inclusion because of insecure handling of a download function that leads to disclosure of internal files due to path traversal with root privileges.
  reference:
    - https://packetstormsecurity.com/files/166671/Franklin-Fueling-Systems-Colibri-Controller-Module-1.8.19.8580-Local-File-Inclusion.html
    - https://nvd.nist.gov/vuln/detail/CVE-2021-46417
    - https://drive.google.com/drive/folders/1Yu4aVDdrgvs-F9jP3R8Cw7qo_TC7VB-R
    - http://packetstormsecurity.com/files/166610/FFS-Colibri-Controller-Module-1.8.19.8580-Directory-Traversal.html
    - https://nvd.nist.gov/vuln/detail/CVE-2021-46417
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2021-46417
    cwe-id: CWE-22
  metadata:
    verified: true
    shodan-query: http.html:"Franklin Fueling Systems"
  tags: cve,cve2021,franklinfueling,lfi
@ -30,3 +31,5 @@ requests:
        part: body
        regex:
          - "root:.*:0:0:"
 # Enhanced by mp on 2022/06/29
--- a/cves/2022/CVE-2022-0165.yaml
+++ b/cves/2022/CVE-2022-0165.yaml
@ -1,18 +1,19 @@
 id: CVE-2022-0165
 info:
-  name: WordPress Page Builder KingComposer <= 2.9.6 - Open Redirect
+  name: WordPress Page Builder KingComposer <=2.9.6 - Open Redirect
  author: akincibor
  severity: high
-  description: The plugin does not validate the id parameter before redirecting the user to it via the kc_get_thumbn AJAX action available to both unauthenticated and authenticated users.
+  description: WordPress Page Builder KingComposer 2.9.6 and prior does not validate the id parameter before redirecting the user to it via the kc_get_thumbn AJAX action (which is available to both unauthenticated and authenticated users).
  reference:
    - https://wpscan.com/vulnerability/906d0c31-370e-46b4-af1f-e52fbddd00cb
-  tags: cve,cve2022,wp-plugin,redirect,wordpress
+    - https://nvd.nist.gov/vuln/detail/CVE-2022-0165
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
    cvss-score: 8.80
    cve-id: CVE-2022-0165
    cwe-id: CWE-601
  tags: cve,cve2022,wp-plugin,redirect,wordpress,wp
 requests:
  - method: GET
@ -23,4 +24,6 @@ requests:
      - type: regex
        part: header
        regex:
-          - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$'
+          - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$'
 # Enhanced by mp on 2022/06/29
--- a/cves/2022/CVE-2022-1119.yaml
+++ b/cves/2022/CVE-2022-1119.yaml
@ -1,22 +1,22 @@
 id: CVE-2022-1119
 info:
-  name: WordPress Simple File List < 3.2.8 - Arbitrary File Retrieval
+  name: WordPress Simple File List <3.2.8 - Local File Inclusion
  author: random-robbie
  severity: high
  description: |
-    The Wordpress plugin is vulnerable to arbitrary file retrieval via the eeFile parameter found in the ~/includes/ee-downloader.php file due to missing controls which make it possible for unauthenticated attackers retrieve arbitrary files.
+    WordPress Simple File List before 3.2.8 is vulnerable to local file inclusion via the eeFile parameter in the ~/includes/ee-downloader.php due to missing controls which make it possible for unauthenticated attackers retrieve arbitrary files.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2022-1119
    - https://wpscan.com/vulnerability/5551038f-64fb-44d8-bea0-d2f00f04877e
    - https://wpscan.com/vulnerability/075a3cc5-1970-4b64-a16f-3ec97e22b606
    - https://plugins.trac.wordpress.org/browser/simple-file-list/trunk/includes/ee-downloader.php?rev=2071880
    - https://nvd.nist.gov/vuln/detail/CVE-2022-1119
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2022-1119
    cwe-id: CWE-22
-  tags: cve,cve2022,lfi,wordpress
+  tags: cve,cve2022,lfi,wordpress,wp,wp-plugin
 requests:
  - method: GET
@ -25,6 +25,7 @@ requests:
    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
@ -35,3 +36,5 @@ requests:
      - type: status
        status:
          - 200
 # Enhanced by mp on 2022/06/29
--- a/cves/2022/CVE-2022-1392.yaml
+++ b/cves/2022/CVE-2022-1392.yaml
@ -1,21 +1,21 @@
 id: CVE-2022-1392
 info:
-  name: Videos sync PDF <= 1.7.4 - Unauthenticated LFI
+  name: WordPress Videos sync PDF <=1.7.4 - Local File Inclusion
  author: Veshraj
  severity: high
-  description: The plugin does not validate the p parameter before using it in an include statement, which could lead to Local File Inclusion issues.
+  description: WordPress Videos sync PDF 1.7.4 and prior does not validate the p parameter before using it in an include statement, which could lead to local file inclusion.
  reference:
    - https://wpscan.com/vulnerability/fe3da8c1-ae21-4b70-b3f5-a7d014aa3815
    - https://packetstormsecurity.com/files/166534/
-    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1392
+    - https://nvd.nist.gov/vuln/detail/CVE-2022-1392
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2022-1392
  metadata:
    verified: true
-  tags: lfi,wp-plugin,cve,cve2022,wp,wordpress,unauth
+  tags: cve,cve2022,lfi,wp-plugin,wp,wordpress,unauth
 requests:
  - method: GET
@ -34,3 +34,5 @@ requests:
      - type: status
        status:
          - 200
 # Enhanced by mp on 2022/06/29
--- a/cves/2022/CVE-2022-1713.yaml
+++ b/cves/2022/CVE-2022-1713.yaml
@ -1,23 +1,23 @@
 id: CVE-2022-1713
 info:
-  name: Drawio - SSRF on /proxy endpoint
+  name: Drawio <18.0.4 - Server-Side Request Forgery
  author: pikpikcu
  severity: high
  description: |
-    SSRF on /proxy in GitHub repository jgraph/drawio prior to 18.0.4. An attacker can make a request as the server and read its contents. This can lead to a leak of sensitive information.
+    Drawio prior to 18.0.4 is vulnerable to server-side request forgery. An attacker can make a request as the server and read its contents. This can lead to a leak of sensitive information.
  reference:
    - https://huntr.dev/bounties/cad3902f-3afb-4ed2-abd0-9f96a248de11
    - https://nvd.nist.gov/vuln/detail/CVE-2022-1713
    - https://github.com/jgraph/drawio/commit/283d41ec80ad410d68634245cf56114bc19331ee
    - https://nvd.nist.gov/vuln/detail/CVE-2022-1713
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2022-1713
    cwe-id: CWE-918
  metadata:
    verified: true
    shodan-query: http.title:"Flowchart Maker"
    verified: "true"
  tags: cve,cve2022,drawio,ssrf,oss
 requests:
@ -31,9 +31,11 @@ requests:
      - type: word
        part: body
        words:
-          - "<title>Flowchart Maker &amp; Online Diagram Software</title>"
+          - "<title>Flowchart Maker & Online Diagram Software</title>"
      - type: word
        part: header
        words:
          - "application/octet-stream"
 # Enhanced by mp on 2022/06/29
--- a/cves/2022/CVE-2022-21500.yaml
+++ b/cves/2022/CVE-2022-21500.yaml
@ -1,24 +1,24 @@
 id: CVE-2022-21500
 info:
-  name: Oracle E-Business - Login Panel Registration Accessible
+  name: Oracle E-Business Suite <=12.2 - Authentication Bypass
  author: 3th1c_yuk1,tess
  severity: high
  description: |
-    Vulnerability in Oracle E-Business Suite (component: Manage Proxies). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle E-Business Suite. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle E-Business Suite accessible data. Note: Authentication is required for successful attack, however the user may be self-registered.
+    Oracle E-Business Suite (component: Manage Proxies) 12.1 and 12.2 are susceptible to an easily exploitable vulnerability that allows an unauthenticated attacker with network access via HTTP to compromise it by self-registering for an account. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle E-Business Suite accessible data.
  reference:
    - https://orwaatyat.medium.com/my-new-discovery-in-oracle-e-business-login-panel-that-allowed-to-access-for-all-employees-ed0ec4cad7ac
    - https://twitter.com/GodfatherOrwa/status/1514720677173026816
    - https://nvd.nist.gov/vuln/detail/CVE-2022-21500
    - https://www.oracle.com/security-alerts/alert-cve-2022-21500.html
    - https://nvd.nist.gov/vuln/detail/CVE-2022-21500
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2022-21500
  metadata:
    verified: true
    shodan-query: http.title:"Login" "X-ORACLE-DMS-ECID" 200
-    verified: "true"
+  tags: cve,cve2022,oracle,misconfig,auth-bypass
  tags: oracle,misconfig,cve,cve2022
 requests:
  - method: GET
@ -37,3 +37,5 @@ requests:
      - type: status
        status:
          - 200
 # Enhanced by mp on 2022/06/29
--- a/cves/2022/CVE-2022-23347.yaml
+++ b/cves/2022/CVE-2022-23347.yaml
@ -1,13 +1,13 @@
 id: CVE-2022-23347
 info:
-  name: BigAnt Software BigAnt Server v5.6.06 - Directory Traversal
+  name: BigAnt Server v5.6.06 - Local File Inclusion
  author: 0x_Akoko
  severity: high
-  description: BigAnt Software BigAnt Server v5.6.06 was discovered to be vulnerable to directory traversal attacks.
+  description: BigAnt Server v5.6.06 is vulnerable to local file inclusion.
  reference:
    - https://github.com/bzyo/cve-pocs/tree/master/CVE-2022-23347
-    - https://www.cvedetails.com/cve/CVE-2022-23347
+    - https://nvd.nist.gov/vuln/detail/CVE-2022-23347
    - http://bigant.com
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
@ -15,6 +15,7 @@ info:
    cve-id: CVE-2022-23347
    cwe-id: CWE-22
  metadata:
    verified: true
    shodan-query: http.html:"BigAnt"
  tags: cve,cve2022,bigant,lfi
@ -36,3 +37,5 @@ requests:
      - type: status
        status:
          - 200
 # Enhanced by mp on 2022/06/29
--- a/cves/2022/CVE-2022-24856.yaml
+++ b/cves/2022/CVE-2022-24856.yaml
@ -1,16 +1,18 @@
 id: CVE-2022-24856
 info:
-  name: Flyte Console < 0.52.0 - Server Side Request Forgery (SSRF)
+  name: Flyte Console <0.52.0 - Server-Side Request Forgery
  author: pdteam
  severity: high
  description: |
-    FlyteConsole is the web user interface for the Flyte platform. FlyteConsole prior to version 0.52.0 is vulnerable to server-side request forgery (SSRF) when FlyteConsole is open to the general internet. An attacker can exploit any user of a vulnerable instance to access the internal metadata server or other unauthenticated URLs. Passing of headers to an unauthorized actor may occur. The patch for this issue deletes the entire `cors_proxy`, as this is not required for console anymore. A patch is available in FlyteConsole version 0.52.0. Disable FlyteConsole availability on the internet as a workaround.
+    FlyteConsole is the web user interface for the Flyte platform. FlyteConsole prior to version 0.52.0 is vulnerable to server-side request forgery when FlyteConsole is open to the general internet. An attacker can exploit any user of a vulnerable instance to access the internal metadata server or other unauthenticated URLs. Passing of headers to an unauthorized actor may occur.
  remediation: |
    The patch for this issue deletes the entire cors_proxy, as this is no longer required for the console. A patch is available in FlyteConsole version 0.52.0, or as a work-around disable FlyteConsole.
  reference:
    - https://github.com/flyteorg/flyteconsole/security/advisories/GHSA-www6-hf2v-v9m9
    - https://github.com/flyteorg/flyteconsole/pull/389
    - https://nvd.nist.gov/vuln/detail/CVE-2022-24856
    - https://hackerone.com/reports/1540906
    - https://nvd.nist.gov/vuln/detail/CVE-2022-24856
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
@ -27,3 +29,5 @@ requests:
      - type: word
        words:
          - "Interactsh Server"
 # Enhanced by mp on 2022/06/29
--- a/cves/2022/CVE-2022-24900.yaml
+++ b/cves/2022/CVE-2022-24900.yaml
@ -1,11 +1,11 @@
 id: CVE-2022-24900
 info:
-  name: Piano LED Visualizer 1.3 - Directory traversal
+  name: Piano LED Visualizer 1.3 - Local File Inclusion
  author: 0x_Akoko
  severity: high
  description: |
-    Piano LED Visualizer is software that allows LED lights to light up as a person plays a piano connected to a computer. Version 1.3 and prior are vulnerable to a path traversal attack.
+    Piano LED Visualizer 1.3 and prior are vulnerable to local file inclusion.
  reference:
    - https://github.com/onlaj/Piano-LED-Visualizer/issues/350
    - https://vuldb.com/?id.198714
@ -16,7 +16,7 @@ info:
    cvss-score: 8.6
    cve-id: CVE-2022-24900
    cwe-id: CWE-610
-  tags: lfi,cve2022,cve,piano,iot,oss
+  tags: cve,cve2022,lfi,piano,iot,oss
 requests:
  - method: GET
@ -33,3 +33,5 @@ requests:
      - type: status
        status:
          - 200
 # Enhanced by mp on 2022/06/29
--- a/cves/2022/CVE-2022-25216.yaml
+++ b/cves/2022/CVE-2022-25216.yaml
@ -1,13 +1,13 @@
 id: CVE-2022-25216
 info:
-  name: DVDFab 12 Player/PlayerFab - Arbitrary File Read
+  name: DVDFab 12 Player/PlayerFab - Local File Inclusion
  author: 0x_Akoko
  severity: high
-  description: An absolute path traversal vulnerability allows a remote attacker to download any file on the Windows file system for which the user account running DVDFab 12 Player (recently renamed PlayerFab) has read-access
+  description: DVDFab 12 Player/PlayerFab is susceptible to local file inclusion which allows a remote attacker to download any file on the Windows file system for which the user account running DVDFab 12 Player (recently renamed PlayerFab) has read-access.
  reference:
    - https://www.tenable.com/security/research/tra-2022-07
-    - https://www.cvedetails.com/cve/CVE-2022-25216
+    - https://nvd.nist.gov/vuln/detail/CVE-2022-25216
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
@ -33,3 +33,5 @@ requests:
      - type: status
        status:
          - 200
 # Enhanced by mp on 2022/06/29
--- a/cves/2022/CVE-2022-32444.yaml
+++ b/cves/2022/CVE-2022-32444.yaml
@ -4,10 +4,11 @@ info:
  name: u5cms v8.3.5 - Open Redirect
  author: 0x_Akoko
  severity: medium
-  description: An issue was discovered in u5cms verion 8.3.5 There is a URL redirection vulnerability that can cause a user's browser to be redirected to another site via /loginsave.php.
+  description: |
    u5cms version 8.3.5 contains a URL redirection vulnerability that can cause a user's browser to be redirected to another site via /loginsave.php.
  reference:
    - https://github.com/u5cms/u5cms/issues/50
-    - https://www.cvedetails.com/cve/CVE-2022-32444
+    - https://nvd.nist.gov/vuln/detail/CVE-2022-32444
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
@ -25,3 +26,5 @@ requests:
        part: header
        regex:
          - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1
 # Enhanced by cs 05/30/2022