fixes and updates

2021-01-10 19:45:36 +05:30 · 2021-01-10 19:45:36 +05:30 · a52ffe5c4e
parent a90d047991
commit a52ffe5c4e
53 changed files with 59 additions and 54 deletions
--- a/cves/2017/CVE-2017-9506.yaml
+++ b/cves/2017/CVE-2017-9506.yaml
@ -2,7 +2,7 @@ id: CVE-2017-9506

 info:
  name: Jira IconURIServlet SSRF
-  author: Ice3man
+  author: pd-team
  severity: high
  description: The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF).

--- a/cves/2018/CVE-2018-7251.yaml
+++ b/cves/2018/CVE-2018-7251.yaml
@ -2,7 +2,7 @@ id: CVE-2018-7251

 info:
  name: AnchorCMS Error Log Exposure
-  author: Ice3man
+  author: pd-team
  severity: medium

 requests:
--- a/cves/2018/CVE-2018-8006.yaml
+++ b/cves/2018/CVE-2018-8006.yaml
@ -2,7 +2,7 @@ id: CVE-2018-8006

 info:
  name: Apache ActiveMQ XSS
-  author: Ice3man
+  author: pd-team
  severity: medium

 requests:
--- a/cves/2019/CVE-2019-10092.yaml
+++ b/cves/2019/CVE-2019-10092.yaml
@ -2,7 +2,7 @@ id: CVE-2019-10092

 info:
  name: Apache mod_proxy HTML Injection / Partial XSS
-  author: Ice3man
+  author: pd-team
  severity: medium

 requests:
--- a/cves/2019/CVE-2019-14223.yaml
+++ b/cves/2019/CVE-2019-14223.yaml
@ -1,7 +1,8 @@
 id: CVE-2019-14223
+
 info:
  name: Alfresco Share Open Redirect
-  author: Ice3man
+  author: pd-team
  severity: low

 requests:
--- a/cves/2019/CVE-2019-7219.yaml
+++ b/cves/2019/CVE-2019-7219.yaml
@ -2,7 +2,7 @@ id: CVE-2019-7219

 info:
  name: Zarafa WebApp Reflected XSS
-  author: Ice3man
+  author: pd-team
  severity: low

 requests:
--- a/cves/2019/CVE-2019-9955.yaml
+++ b/cves/2019/CVE-2019-9955.yaml
@ -2,7 +2,7 @@ id: CVE-2019-9955

 info:
  name: CVE-2019-9955 Zyxel XSS
-  author: Ice3man
+  author: pd-team
  severity: low

 requests:
--- a/cves/2020/CVE-2020-1943.yaml
+++ b/cves/2020/CVE-2020-1943.yaml
@ -2,7 +2,7 @@ id: CVE-2020-1943

 info:
  name: Apache OFBiz Reflected XSS
-  author: Ice3man
+  author: pd-team
  severity: medium

 requests:
--- a/default-logins/activemq/activemq-default-login.yaml
+++ b/default-logins/activemq/activemq-default-login.yaml
@ -2,7 +2,7 @@ id: activemq-default-login

 info:
  name: Apache ActiveMQ Default Credentials
-  author: Ice3man
+  author: pd-team
  severity: medium

 requests:
--- a/default-logins/ambari-default-credentials.yaml
+++ b/default-logins/ambari-default-credentials.yaml
@ -2,7 +2,7 @@ id: ambari-default-credentials

 info:
  name: Apache Ambari Default Credentials
-  author: Ice3man
+  author: pd-team
  severity: medium

 requests:
--- a/default-logins/ofbiz-default-credentials.yaml
+++ b/default-logins/ofbiz-default-credentials.yaml
@ -2,7 +2,7 @@ id: ofbiz-default-credentials

 info:
  name: Apache OfBiz Default Credentials
-  author: Ice3man
+  author: pd-team
  severity: medium

 requests:
--- a/default-logins/zabbix-default-credentials.yaml
+++ b/default-logins/zabbix-default-credentials.yaml
@ -2,7 +2,7 @@ id: zabbix-default-credentials

 info:
  name: Zabbix Default Credentials
-  author: Ice3man
+  author: pd-team
  severity: critical

 requests:
@ -13,10 +13,13 @@ requests:
      - Content-Type: application/x-www-form-urlencoded; charset=UTF-8
      - X-Requested-With: XMLHttpRequest
    body: name=Admin&password=zabbix&autologin=1&enter=Sign+in
+
    matchers-condition: and
    matchers:
      - type: word
        words:
          - "zabbix.php?action=dashboard.view"
+
      - type: status
-        status: 302
+        status:
+          - 302
--- a/exposed-panels/active-admin-exposure.yaml
+++ b/exposed-panels/active-admin-exposure.yaml
@ -2,7 +2,7 @@ id: active-admin-exposure

 info:
  name: ActiveAdmin Admin Dasboard Exposure
-  author: Ice3man
+  author: pd-team
  severity: medium

 requests:
--- a/exposed-panels/activemq-panel.yaml
+++ b/exposed-panels/activemq-panel.yaml
@ -2,7 +2,7 @@ id: activemq-panel

 info:
  name: Apache ActiveMQ Exposure
-  author: Ice3man
+  author: pd-team
  severity: info

 requests:
--- a/exposed-panels/adminer-exposure.yaml
+++ b/exposed-panels/adminer-exposure.yaml
@ -2,7 +2,7 @@ id: adminer-exposure

 info:
  name: Adminer Exposure
-  author: Ice3man
+  author: pd-team
  severity: medium

 requests:
--- a/exposed-panels/airflow-exposure.yaml
+++ b/exposed-panels/airflow-exposure.yaml
@ -2,7 +2,7 @@ id: airflow-exposure

 info:
  name: Apache Airflow Exposure / Unauthenticated Access
-  author: Ice3man
+  author: pd-team
  severity: medium

 requests:
--- a/exposed-panels/ambari-exposure.yaml
+++ b/exposed-panels/ambari-exposure.yaml
@ -2,7 +2,7 @@ id: ambari-exposure

 info:
  name: Apache Ambari Exposure / Unauthenticated Access
-  author: Ice3man
+  author: pd-team
  severity: medium

 requests:
--- a/exposed-panels/ansible-tower-exposure.yaml
+++ b/exposed-panels/ansible-tower-exposure.yaml
@ -2,7 +2,7 @@ id: ansible-tower-exposure

 info:
  name: Ansible Tower Exposure
-  author: Ice3man
+  author: pd-team
  severity: low

 requests:
--- a/exposed-panels/couchdb-exposure.yaml
+++ b/exposed-panels/couchdb-exposure.yaml
@ -2,7 +2,7 @@ id: couchdb-exposure

 info:
  name: Apache CouchDB Exposure
-  author: Ice3man
+  author: pd-team
  severity: low

 requests:
--- a/exposed-panels/couchdb-fauxton.yaml
+++ b/exposed-panels/couchdb-fauxton.yaml
@ -2,7 +2,7 @@ id: couchdb-fauxton

 info:
  name: Apache CouchDB Fauxton Exposure
-  author: Ice3man
+  author: pd-team
  severity: low

 requests:
--- a/exposed-panels/django-admin-panel.yaml
+++ b/exposed-panels/django-admin-panel.yaml
@ -2,7 +2,7 @@ id: django-admin-panel

 info:
  name: Python Django Admin Panel
-  author: Ice3man
+  author: pd-team
  severity: low

 requests:
--- a/exposed-panels/druid-console-exposure.yaml
+++ b/exposed-panels/druid-console-exposure.yaml
@ -2,7 +2,7 @@ id: druid-console-exposure

 info:
  name: Alibaba Druid Console Exposure
-  author: Ice3man
+  author: pd-team
  severity: medium

 requests:
--- a/exposed-panels/exposed-pagespeed-global-admin.yaml
+++ b/exposed-panels/exposed-pagespeed-global-admin.yaml
@ -2,7 +2,7 @@ id: exposed-pagespeed-global-admin

 info:
  name: Apache PageSpeed Global Admin Dashboard Exposure
-  author: Ice3man
+  author: pd-team
  severity: medium

 requests:
--- a/exposed-panels/exposed-webalizer.yaml
+++ b/exposed-panels/exposed-webalizer.yaml
@ -2,7 +2,7 @@ id: exposed-webalizer

 info:
  name: Publicly exposed Webalizer Interface
-  author: Ice3man
+  author: pd-team
  severity: low

 requests:
--- a/exposed-panels/flink-exposure.yaml
+++ b/exposed-panels/flink-exposure.yaml
@ -2,7 +2,7 @@ id: flink-exposure

 info:
  name: Apache Flink Exposure
-  author: Ice3man
+  author: pd-team
  severity: low

 requests:
--- a/exposed-panels/hadoop-exposure.yaml
+++ b/exposed-panels/hadoop-exposure.yaml
@ -2,7 +2,7 @@ id: hadoop-exposure

 info:
  name: Apache Hadoop Exposure
-  author: Ice3man
+  author: pd-team
  severity: low

 requests:
--- a/exposed-panels/kafka-connect-ui.yaml
+++ b/exposed-panels/kafka-connect-ui.yaml
@ -2,7 +2,7 @@ id: kafka-connect-ui

 info:
  name: Apache Kafka Connect UI Exposure
-  author: Ice3man
+  author: pd-team
  severity: low

 requests:
--- a/exposed-panels/kafka-monitoring.yaml
+++ b/exposed-panels/kafka-monitoring.yaml
@ -2,7 +2,7 @@ id: kafka-monitoring

 info:
  name: Apache Kafka Monitor Exposure
-  author: Ice3man
+  author: pd-team
  severity: low

 requests:
--- a/exposed-panels/kafka-topics-ui.yaml
+++ b/exposed-panels/kafka-topics-ui.yaml
@ -2,7 +2,7 @@ id: kafka-topics-ui

 info:
  name: Apache Kafka Topics UI Exposure
-  author: Ice3man
+  author: pd-team
  severity: low

 requests:
--- a/exposed-panels/kubernetes-dashboard.yaml
+++ b/exposed-panels/kubernetes-dashboard.yaml
@ -2,7 +2,7 @@ id: kubernetes-dashboard

 info:
  name: Kubernetes Console Exposure
-  author: Ice3man
+  author: pd-team
  severity: low

 requests:
--- a/exposed-panels/rocketmq-console-exposure.yaml
+++ b/exposed-panels/rocketmq-console-exposure.yaml
@ -2,7 +2,7 @@ id: rocketmq-console-exposure

 info:
  name: Apache RocketMQ Console Exposure
-  author: Ice3man
+  author: pd-team
  severity: medium

 requests:
--- a/exposed-panels/selenoid-ui-exposure.yaml
+++ b/exposed-panels/selenoid-ui-exposure.yaml
@ -2,7 +2,7 @@ id: selenoid-ui-exposure

 info:
  name: Selenoid UI Dashboard Exposure
-  author: Ice3man
+  author: pd-team
  severity: medium

 requests:
--- a/exposed-panels/setup-page-exposure.yaml
+++ b/exposed-panels/setup-page-exposure.yaml
@ -2,7 +2,7 @@ id: setup-page-exposure

 info:
  name: Zenphoto Setup Page Exposure
-  author: Ice3man
+  author: pd-team
  severity: medium
  description: Misconfiguration on Zenphoto version < 1.5.X which lead to sensitive information disclosure

--- a/exposed-panels/solr-exposure.yaml
+++ b/exposed-panels/solr-exposure.yaml
@ -2,7 +2,7 @@ id: solr-exposure

 info:
  name: Apache Solr Exposure
-  author: Ice3man
+  author: pd-team
  severity: medium

 requests:
--- a/exposed-panels/yarn-manager-exposure.yaml
+++ b/exposed-panels/yarn-manager-exposure.yaml
@ -2,7 +2,7 @@ id: yarn-manager-exposure

 info:
  name: Apache Yarn ResourceManager Exposure / Unauthenticated Access
-  author: Ice3man
+  author: pd-team
  severity: low

 requests:
--- a/exposed-panels/zipkin-exposure.yaml
+++ b/exposed-panels/zipkin-exposure.yaml
@ -2,7 +2,7 @@ id: zipkin-exposure

 info:
  name: Zipkin Exposure
-  author: Ice3man
+  author: pd-team
  severity: low

 requests:
--- a/exposures/apis/swagger-api.yaml
+++ b/exposures/apis/swagger-api.yaml
@ -2,7 +2,7 @@ id: swagger-apis

 info:
  name: Swagger API Panel
-  author: Ice3man
+  author: pd-team
  severity: info

 requests:
--- a/exposures/configs/airflow-configuration-exposure.yaml
+++ b/exposures/configs/airflow-configuration-exposure.yaml
@ -2,7 +2,7 @@ id: airflow-configuration-exposure

 info:
  name: Apache Airflow Configuration Exposure
-  author: Ice3man
+  author: pd-team
  severity: medium

 requests:
--- a/exposures/configs/amazon-docker-config-disclosure.yaml
+++ b/exposures/configs/amazon-docker-config-disclosure.yaml
@ -2,7 +2,7 @@ id: amazon-docker-config-disclosure

 info:
  name: Dockerrun AWS Configuration Exposure
-  author: Ice3man
+  author: pd-team
  severity: medium

 requests:
--- a/exposures/configs/ansible-config-disclosure.yaml
+++ b/exposures/configs/ansible-config-disclosure.yaml
@ -2,7 +2,7 @@ id: ansible-config-disclosure

 info:
  name: Ansible Configuration Exposure
-  author: Ice3man
+  author: pd-team
  severity: medium

 requests:
--- a/exposures/configs/git-config.yaml
+++ b/exposures/configs/git-config.yaml
@ -2,7 +2,7 @@ id: git-config

 info:
  name: Git Config Disclosure
-  author: Ice3man & pikpikcu
+  author: pd-team & pikpikcu
  severity: medium
  description: Searches for the pattern /.git/config on passed URLs.

--- a/exposures/configs/opcache-status-exposure.yaml
+++ b/exposures/configs/opcache-status-exposure.yaml
@ -2,7 +2,7 @@ id: opcache-status-exposure

 info:
  name: OPcache Status Exposure
-  author: Ice3man
+  author: pd-team
  severity: low

 requests:
--- a/exposures/configs/perl-status.yaml
+++ b/exposures/configs/perl-status.yaml
@ -2,7 +2,7 @@ id: perl-status

 info:
  name: Apache mod_perl Status Page Exposure
-  author: Ice3man
+  author: pd-team
  severity: medium

 requests:
--- a/exposures/configs/rails-database-config.yaml
+++ b/exposures/configs/rails-database-config.yaml
@ -2,7 +2,7 @@ id: rails-database-config

 info:
  name: Ruby-on-Rails Database Configuration Exposure
-  author: Ice3man
+  author: pd-team
  severity: low

 requests:
--- a/exposures/configs/symfony-database-config.yaml
+++ b/exposures/configs/symfony-database-config.yaml
@ -2,7 +2,7 @@ id: symfony-database-config

 info:
  name: Symfony Database Configuration Exposure
-  author: Ice3man
+  author: pd-team
  severity: high

 requests:
--- a/exposures/configs/symfony-profiler.yaml
+++ b/exposures/configs/symfony-profiler.yaml
@ -2,7 +2,7 @@ id: symfony-profiler

 info:
  name: Symfony Profiler
-  author: ice3man
+  author: pd-team
  severity: high

 requests:
--- a/exposures/logs/rails-debug-mode.yaml
+++ b/exposures/logs/rails-debug-mode.yaml
@ -2,7 +2,7 @@ id: rails-debug-mode

 info:
  name: Rails Debug Mode Enabled
-  author: ice3man
+  author: pd-team
  severity: medium

 requests:
--- a/exposures/logs/struts-debug-mode.yaml
+++ b/exposures/logs/struts-debug-mode.yaml
@ -2,7 +2,7 @@ id: struts-debug-mode

 info:
  name: Apache Struts setup in Debug-Mode
-  author: Ice3man
+  author: pd-team
  severity: low

 requests:
--- a/misconfiguration/airflow-api-exposure.yaml
+++ b/misconfiguration/airflow-api-exposure.yaml
@ -2,7 +2,7 @@ id: airflow-api-exposure

 info:
  name: Apache Airflow API Exposure / Unauthenticated Access
-  author: Ice3man
+  author: pd-team
  severity: medium

 requests:
--- a/misconfiguration/hadoop-unauth.yaml
+++ b/misconfiguration/hadoop-unauth.yaml
@ -2,7 +2,7 @@ id: hadoop-unauth

 info:
  name: Apache Hadoop Unauth
-  author: Ice3man
+  author: pd-team
  severity: low

 requests:
--- a/vulnerabilities/other/acme-xss.yaml
+++ b/vulnerabilities/other/acme-xss.yaml
@ -2,7 +2,7 @@ id: acme-xss

 info:
  name: ACME / Let's Encrypt Reflected XSS
-  author: Ice3man
+  author: pd-team
  severity: low

 requests:
--- a/vulnerabilities/other/aspnuke-openredirect.yaml
+++ b/vulnerabilities/other/aspnuke-openredirect.yaml
@ -1,7 +1,8 @@
 id: aspnuke-openredirect
+
 info:
  name: ASP-Nuke Open Redirect
-  author: Ice3man
+  author: pd-team
  severity: low

 requests:
--- a/vulnerabilities/other/yarn-resourcemanager-rce.yaml
+++ b/vulnerabilities/other/yarn-resourcemanager-rce.yaml
@ -2,7 +2,7 @@ id: yarn-resourcemanager-rce

 info:
  name: Apache Yarn ResourceManager RCE
-  author: Ice3man
+  author: pd-team
  severity: low

 requests: